From d2c3c0ccc6ec7f38b995545d31431d013bd7e047 Mon Sep 17 00:00:00 2001

From: Andreas Schneider <asn@samba.org>

Date: Mon, 4 Nov 2019 08:40:34 +0100

Subject: [PATCH 138/187] libcli:smb: Do not use gnutls_aead_cipher_encryptv2()

 with GnuTLS 3.6.10

The gnutls_aead_cipher_encryptv2() implementation was released with a

bug. This wont be fixed before 3.6.11.

See https://gitlab.com/gnutls/gnutls/merge_requests/1085

Signed-off-by: Andreas Schneider <asn@samba.org>

Reviewed-by: Alexander Bokovoy <ab@samba.org>

(cherry picked from commit 176d0f0364bc1deb3c8df2f3bb928e01f89f216b)

---

 libcli/smb/smb2_signing.c | 8 ++++++--

 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c

index 166ab9d83ff..7561a7a858d 100644

--- a/libcli/smb/smb2_signing.c

+++ b/libcli/smb/smb2_signing.c

@@ -478,7 +478,9 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,

 	       0,

 	       16 - iv_size);

-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2

+/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */

+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \

+    GNUTLS_VERSION_NUMBER > 0x03060a

 	{

 		uint8_t tag[tag_size];

 		giovec_t auth_iov[1];

@@ -679,7 +681,9 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,

 		}

 	}

-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2

+/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */

+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \

+    GNUTLS_VERSION_NUMBER > 0x03060a

 	{

 		giovec_t auth_iov[1];

-- 

2.23.0