bug#32446: Configure-time requirement for gnutls is too old

[Noam Postavsky <npostavs@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 681 bytes --]

tags 32446 + patch
quit

Eli Zaretskii <eliz@gnu.org> writes:

>> I'd guess that the required version in 'configure' needs to be increased.
>
> The problem is not with the minimum required version, because we have
> additional version-dependent cpp conditions in gnutls.c.  The problem
> is that we assumed these functions were available since GnuTLS 3.0.0,
> which is false.
>
> Ted, what would you propose to do with this issue?  Disable the
> relevant functionality for versions of GnuTLS that don't have these
> APIs?

I think we can keep most of the functionality: the missing APIs only
make a difference for AEAD ciphers, which are already disabled for
versions before 3.5.


[-- Attachment #2: patch --]
[-- Type: text/plain, Size: 5372 bytes --]

From 14efb9e7826e06c25e495f9d17d3b3179f380c6a Mon Sep 17 00:00:00 2001
From: Noam Postavsky <npostavs@gmail.com>
Date: Sat, 15 Sep 2018 10:25:11 -0400
Subject: [PATCH v1] Fix build with gnutls versions 3.0 to 3.2 (Bug#32446)

We previously used functions available only in 3.2+ for all 3.x
versions.
* src/gnutls.c [! GNUTLS_VERSION_NUMBER >= 0x030501]: Replace calls to
gnutls_cipher_get_tag_size with 0.
[! GNUTLS_VERSION_NUMBER >= 0x030200]: Alias gnutls_cipher_get_iv_size
to gnutls_cipher_get_block_size, gnutls_digest_list to
gnutls_mac_list, and gnutls_digest_get_name to gnutls_mac_get_name.
[WINDOWSNT]: Adjust DLL function definitions and declarations
accordingly.
---
 src/gnutls.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 51 insertions(+), 4 deletions(-)

diff --git a/src/gnutls.c b/src/gnutls.c
index 461260e27f..83c3e79cbf 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -38,6 +38,29 @@ your option) any later version.
    So, require 3.5.1.  */
 #if GNUTLS_VERSION_NUMBER >= 0x030501
 # define HAVE_GNUTLS_AEAD
+/* gnutls_cipher_get_tag_size was introduced in 3.2.0, but it's only
+   relevant for AEAD ciphers.  */
+# define HAVE_GNUTLS_CIPHER_GET_TAG_SIZE
+#else
+# define gnutls_cipher_get_tag_size(cipher) 0
+#endif
+
+/* gnutls_cipher_get_iv_size was introduced in 3.2.0.  */
+#if GNUTLS_VERSION_NUMBER >= 0x030200
+# define HAVE_GNUTLS_CIPHER_GET_IV_SIZE
+#else
+/* For the ciphers available in previous versions, block size is equivalent.  */
+#define gnutls_cipher_get_iv_size(cipher) gnutls_cipher_get_block_size (cipher)
+#endif
+
+/* gnutls_digest_list and gnutls_digest_get_name were added in 3.2.2.  */
+#if GNUTLS_VERSION_NUMBER >= 0x030202
+# define HAVE_GNUTLS_DIGEST_LIST
+# define HAVE_GNUTLS_DIGEST_GET_NAME
+#else
+/* For previous versions, the mac algorithms are equivalent.  */
+# define gnutls_digest_list() ((const gnutls_digest_algorithm_t *) gnutls_mac_list ())
+# define gnutls_digest_get_name(id) gnutls_mac_get_name ((gnutls_mac_algorithm_t) id)
 #endif
 
 /* gnutls_mac_get_nonce_size was added in GnuTLS 3.2.0, but was
@@ -205,13 +228,21 @@ DEF_DLL_FN (const gnutls_mac_algorithm_t *, gnutls_mac_list, (void));
 DEF_DLL_FN (size_t, gnutls_mac_get_nonce_size, (gnutls_mac_algorithm_t));
 #   endif
 DEF_DLL_FN (size_t, gnutls_mac_get_key_size, (gnutls_mac_algorithm_t));
+#   ifdef HAVE_GNUTLS_DIGEST_LIST
 DEF_DLL_FN (const gnutls_digest_algorithm_t *, gnutls_digest_list, (void));
+#   endif
+#   ifdef HAVE_GNUTLS_DIGEST_GET_NAME
 DEF_DLL_FN (const char *, gnutls_digest_get_name, (gnutls_digest_algorithm_t));
+#   endif
 DEF_DLL_FN (gnutls_cipher_algorithm_t *, gnutls_cipher_list, (void));
+#   ifdef HAVE_GNUTLS_CIPHER_GET_IV_SIZE
 DEF_DLL_FN (int, gnutls_cipher_get_iv_size, (gnutls_cipher_algorithm_t));
+#   endif
 DEF_DLL_FN (size_t, gnutls_cipher_get_key_size, (gnutls_cipher_algorithm_t));
 DEF_DLL_FN (int, gnutls_cipher_get_block_size, (gnutls_cipher_algorithm_t));
+#   ifdef HAVE_GNUTLS_CIPHER_GET_TAG_SIZE
 DEF_DLL_FN (int, gnutls_cipher_get_tag_size, (gnutls_cipher_algorithm_t));
+#   endif
 DEF_DLL_FN (int, gnutls_cipher_init,
 	    (gnutls_cipher_hd_t *, gnutls_cipher_algorithm_t,
 	     const gnutls_datum_t *, const gnutls_datum_t *));
@@ -339,13 +370,21 @@ init_gnutls_functions (void)
   LOAD_DLL_FN (library, gnutls_mac_get_nonce_size);
 #   endif
   LOAD_DLL_FN (library, gnutls_mac_get_key_size);
+#   ifdef HAVE_GNUTLS_DIGEST_LIST
   LOAD_DLL_FN (library, gnutls_digest_list);
+#   endif
+#   ifdef HAVE_GNUTLS_DIGEST_GET_NAME
   LOAD_DLL_FN (library, gnutls_digest_get_name);
+#   endif
   LOAD_DLL_FN (library, gnutls_cipher_list);
+#   ifdef HAVE_GNUTLS_CIPHER_GET_IV_SIZE
   LOAD_DLL_FN (library, gnutls_cipher_get_iv_size);
+#   endif
   LOAD_DLL_FN (library, gnutls_cipher_get_key_size);
   LOAD_DLL_FN (library, gnutls_cipher_get_block_size);
+#   ifdef HAVE_GNUTLS_CIPHER_GET_TAG_SIZE
   LOAD_DLL_FN (library, gnutls_cipher_get_tag_size);
+#   endif
   LOAD_DLL_FN (library, gnutls_cipher_init);
   LOAD_DLL_FN (library, gnutls_cipher_set_iv);
   LOAD_DLL_FN (library, gnutls_cipher_encrypt2);
@@ -455,13 +494,21 @@ init_gnutls_functions (void)
 #    define gnutls_mac_get_nonce_size fn_gnutls_mac_get_nonce_size
 #   endif
 #  define gnutls_mac_get_key_size fn_gnutls_mac_get_key_size
-#  define gnutls_digest_list fn_gnutls_digest_list
-#  define gnutls_digest_get_name fn_gnutls_digest_get_name
+#  ifdef HAVE_GNUTLS_DIGEST_LIST
+#   define gnutls_digest_list fn_gnutls_digest_list
+#  endif
+#  ifdef HAVE_GNUTLS_DIGEST_GET_NAME
+#   define gnutls_digest_get_name fn_gnutls_digest_get_name
+#  endif
 #  define gnutls_cipher_list fn_gnutls_cipher_list
-#  define gnutls_cipher_get_iv_size fn_gnutls_cipher_get_iv_size
+#  ifdef HAVE_GNUTLS_CIPHER_GET_IV_SIZE
+#   define gnutls_cipher_get_iv_size fn_gnutls_cipher_get_iv_size
+#  endif
 #  define gnutls_cipher_get_key_size fn_gnutls_cipher_get_key_size
 #  define gnutls_cipher_get_block_size fn_gnutls_cipher_get_block_size
-#  define gnutls_cipher_get_tag_size fn_gnutls_cipher_get_tag_size
+#  ifdef HAVE_GNUTLS_CIPHER_GET_TAG_SIZE
+#   define gnutls_cipher_get_tag_size fn_gnutls_cipher_get_tag_size
+#  endif
 #  define gnutls_cipher_init fn_gnutls_cipher_init
 #  define gnutls_cipher_set_iv fn_gnutls_cipher_set_iv
 #  define gnutls_cipher_encrypt2 fn_gnutls_cipher_encrypt2
-- 
2.11.0