CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers
[Samba.git] / wscript_configure_system_gnutls
blob176585c4ce494edc53901b1d566564f0414f842c
1 from waflib import Logs
2 import os
4 def parse_version(v):
5     return tuple(map(int, (v.split("."))))
7 gnutls_min_required_version = "3.4.7"
9 conf.CHECK_FUNCS('getrandom', headers='sys/random.h')
10 if not conf.CONFIG_SET('HAVE_GETRANDOM'):
11    gnutls_min_required_version = "3.7.2"
13 gnutls_required_version = gnutls_min_required_version
15 conf.CHECK_CFG(package='gnutls',
16                args=('"gnutls >= %s" --cflags --libs' % gnutls_required_version),
17                      msg='Checking for GnuTLS >= %s' % gnutls_required_version,
18                      mandatory=True)
20 gnutls_version_str = conf.cmd_and_log(conf.env.PKGCONFIG + ['--modversion', 'gnutls']).strip()
21 gnutls_version = parse_version(gnutls_version_str)
23 # Define gnutls as a system library
24 conf.SET_TARGET_TYPE('gnutls', 'SYSLIB')
26 # Check for gnutls_pkcs7_get_embedded_data_oid (>= 3.5.5) required by libmscat
27 conf.CHECK_FUNCS_IN('gnutls_pkcs7_get_embedded_data_oid', 'gnutls')
29 # Check for gnutls_set_default_priority_append (>= 3.6.3)
30 conf.CHECK_FUNCS_IN('gnutls_set_default_priority_append', 'gnutls')
32 # Check for gnutls_pbkdf2 (>= 3.6.13)
33 conf.CHECK_FUNCS_IN('gnutls_pbkdf2', 'gnutls')
35 # Check for gnutls_aead_cipher_encryptv2
37 # This is available since version 3.6.10, but 3.6.10 has a bug which got fixed
38 # in 3.6.11, see:
40 #     https://gitlab.com/gnutls/gnutls/-/merge_requests/1085
42 # 3.6.10 - 3.6.14 have a severe memory leak with AES-CCM
43 #     https://gitlab.com/gnutls/gnutls/-/merge_requests/1278
44 if (gnutls_version > parse_version('3.6.10')):
45     if conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls'):
46         conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM', 1)
47         if (gnutls_version > parse_version('3.6.14')):
48             conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM', 1)
50 if (gnutls_version < parse_version('3.5.2')):
51     conf.DEFINE('HAVE_GNUTLS_AEAD_CIPHER_DECRYPT_PTEXT_LEN_BUG', 1)
53 # Check if gnutls has fips mode support
54 # gnutls_fips140_mode_enabled() is available since 3.3.0
55 fragment = '''
56 #include <gnutls/gnutls.h>
57 #include <stdlib.h>
59 int main(void)
61     unsigned int ok;
63     ok = gnutls_fips140_mode_enabled();
65     return !ok;
67 '''
69 os.environ['GNUTLS_FORCE_FIPS_MODE'] = '1'
70 conf.CHECK_CODE(fragment,
71                 'HAVE_GNUTLS_FIPS_MODE_SUPPORTED',
72                 execute=True,
73                 addmain=False,
74                 add_headers=False,
75                 lib='gnutls',
76                 msg='Checking for gnutls fips mode support')
77 del os.environ['GNUTLS_FORCE_FIPS_MODE']
79 if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'):
80     conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1)
81 else:
82     Logs.warn('No gnutls support for AES CFB8')
84 if conf.CHECK_VALUEOF('GNUTLS_MAC_AES_CMAC_128', headers='gnutls/gnutls.h'):
85     conf.DEFINE('HAVE_GNUTLS_AES_CMAC', 1)
86 else:
87     Logs.warn('No gnutls support for AES CMAC')