libcli:smb: Improve check for gnutls_aead_cipher_(en|de)cryptv2

This is available since version 3.6.10, but 3.6.10 has a bug which got fixed
in 3.6.11, see:

    https://gitlab.com/gnutls/gnutls/-/merge_requests/1085

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14250

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb  4 06:44:00 UTC 2020 on sn-devel-184

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 7561a7a858db38723a578a7aecfc6480e6ecfc09..7b33a42526ef57470ebb398b38e9eed3e1c6e854 100644 (file)
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -478,9 +478,7 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
               0,
               16 - iv_size);
 
-/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
-#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \
-    GNUTLS_VERSION_NUMBER > 0x03060a
+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2)
        {
                uint8_t tag[tag_size];
                giovec_t auth_iov[1];
@@ -682,8 +680,7 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
        }
 
 /* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
-#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \
-    GNUTLS_VERSION_NUMBER > 0x03060a
+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2)
        {
                giovec_t auth_iov[1];
 

diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls
index f6d9ac3c65ef7cd98a25dcf412440aad12ce0072..b2b955f3c90e45953aa4aa1ffb81c48f84fc0349 100644 (file)
--- a/wscript_configure_system_gnutls
+++ b/wscript_configure_system_gnutls
@@ -1,5 +1,8 @@
 from waflib import Options
 
+def parse_version(v):
+    return tuple(map(int, (v.split("."))))
+
 gnutls_min_required_version = "3.4.7"
 
 gnutls_required_version = gnutls_min_required_version
@@ -9,14 +12,22 @@ conf.CHECK_CFG(package='gnutls',
                      msg='Checking for GnuTLS >= %s' % gnutls_required_version,
                      mandatory=True)
 
+gnutls_version = conf.cmd_and_log(conf.env.PKGCONFIG + ['--modversion', 'gnutls']).strip()
+
 # Define gnutls as a system library
 conf.SET_TARGET_TYPE('gnutls', 'SYSLIB')
 
 # Check for gnutls_pkcs7_get_embedded_data_oid (>= 3.5.5) required by libmscat
 conf.CHECK_FUNCS_IN('gnutls_pkcs7_get_embedded_data_oid', 'gnutls')
 
-# Check for gnutls_aead_cipher_encryptv2 (>= 3.6.10)
-conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls')
+# Check for gnutls_aead_cipher_encryptv2
+#
+# This is available since version 3.6.10, but 3.6.10 has a bug which got fixed
+# in 3.6.11, see:
+#
+#     https://gitlab.com/gnutls/gnutls/-/merge_requests/1085
+if (parse_version('3.6.10') != parse_version(gnutls_version)):
+    conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls')
 
 if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'):
     conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1)