From d2c3c0ccc6ec7f38b995545d31431d013bd7e047 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 4 Nov 2019 08:40:34 +0100
Subject: [PATCH 138/187] libcli:smb: Do not use gnutls_aead_cipher_encryptv2()
 with GnuTLS 3.6.10

The gnutls_aead_cipher_encryptv2() implementation was released with a
bug. This wont be fixed before 3.6.11.

See https://gitlab.com/gnutls/gnutls/merge_requests/1085

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 176d0f0364bc1deb3c8df2f3bb928e01f89f216b)
---
 libcli/smb/smb2_signing.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 166ab9d83ff..7561a7a858d 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -478,7 +478,9 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
 	       0,
 	       16 - iv_size);
 
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \
+    GNUTLS_VERSION_NUMBER > 0x03060a
 	{
 		uint8_t tag[tag_size];
 		giovec_t auth_iov[1];
@@ -679,7 +681,9 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
 		}
 	}
 
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \
+    GNUTLS_VERSION_NUMBER > 0x03060a
 	{
 		giovec_t auth_iov[1];
 
-- 
2.23.0