libcli:smb: Do not use gnutls_aead_cipher_encryptv2() with GnuTLS 3.6.10

The gnutls_aead_cipher_encryptv2() implementation was released with a
bug. This wont be fixed before 3.6.11.

See https://gitlab.com/gnutls/gnutls/merge_requests/1085

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 166ab9d83ffbee7509caec1245b09013f4b9abc2..7561a7a858db38723a578a7aecfc6480e6ecfc09 100644 (file)
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -478,7 +478,9 @@ NTSTATUS smb2_signing_encrypt_pdu(struct smb2_signing_key *encryption_key,
               0,
               16 - iv_size);
 
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \
+    GNUTLS_VERSION_NUMBER > 0x03060a
        {
                uint8_t tag[tag_size];
                giovec_t auth_iov[1];
@@ -679,7 +681,9 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
                }
        }
 
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2
+/* gnutls_aead_cipher_encryptv2() has a bug in version 3.6.10 */
+#if defined(HAVE_GNUTLS_AEAD_CIPHER_ENCRYPTV2) && \
+    GNUTLS_VERSION_NUMBER > 0x03060a
        {
                giovec_t auth_iov[1];