Remove rudundent check/workaround for buggy GnuTLS 3.5.2 as we now require GnuTLS...

author Andrew Bartlett <abartlet@samba.org>

Wed, 26 Oct 2022 21:48:42 +0000 (10:48 +1300)

committer Andreas Schneider <asn@cryptomilk.org>

Fri, 30 Jun 2023 14:00:38 +0000 (14:00 +0000)
author Andrew Bartlett <abartlet@samba.org>
Wed, 26 Oct 2022 21:48:42 +0000 (10:48 +1300)
committer Andreas Schneider <asn@cryptomilk.org>
Fri, 30 Jun 2023 14:00:38 +0000 (14:00 +0000)
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c

index d95274c169294c80afd324e00d543ddc297aea12..5e75b936a292e7e8f0bbd9781406b424af862bbe 100644 (file)
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -1257,21 +1257,6 @@ NTSTATUS smb2_signing_decrypt_pdu(struct smb2_signing_key *decryption_key,
                         status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
                         goto out;
                 }
-#ifdef HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG
-               /*
-                * Note that gnutls before 3.5.2 had a bug and returned
-                * *ptext_len = ctext_len, instead of
-                * *ptext_len = ctext_len - tag_size
-                */
-               if (ptext_size != ctext_size) {
-                       TALLOC_FREE(ptext);
-                       TALLOC_FREE(ctext);
-                       rc = GNUTLS_E_SHORT_MEMORY_BUFFER;
-                       status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
-                       goto out;
-               }
-               ptext_size -= tag_size;
-#endif /* HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG */
                 if (ptext_size != m_total) {
                         TALLOC_FREE(ptext);
                         TALLOC_FREE(ctext);
diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls

index 014e96446f607a2cb887c3e1d7d0b38688d3762d..53c04a2816077c048887c290f5558086998cdd69 100644 (file)
--- a/wscript_configure_system_gnutls
+++ b/wscript_configure_system_gnutls
@@ -38,9 +38,6 @@ if (gnutls_version > parse_version('3.6.10')):
          if (gnutls_version > parse_version('3.6.14')):
              conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM', 1)
  
-if (gnutls_version < parse_version('3.5.2')):
-    conf.DEFINE('HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG', 1)
-
  # Check if gnutls has fips mode support
  # gnutls_fips140_mode_enabled() is available since 3.3.0
  fragment = '''
author	Andrew Bartlett <abartlet@samba.org>
	Wed, 26 Oct 2022 21:48:42 +0000 (10:48 +1300)
committer	Andreas Schneider <asn@cryptomilk.org>
	Fri, 30 Jun 2023 14:00:38 +0000 (14:00 +0000)
libcli/smb/smb2_signing.c		patch \| blob \| blame \| history
wscript_configure_system_gnutls		patch \| blob \| blame \| history