2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/lib/algorithms/publickey.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/lib/algorithms/publickey.c
|
|
|
|
|
+++ gnutls-3.2.4/lib/algorithms/publickey.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -49,8 +49,10 @@ static const gnutls_pk_map pk_mappings[]
|
|
|
|
|
{GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
|
|
|
|
|
{GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
|
|
|
|
|
{GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
{GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
|
|
|
|
|
{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
|
|
|
|
|
+#endif
|
|
|
|
|
{GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
|
|
|
|
|
{GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
|
2013-09-04 13:48:45 +02:00
|
|
|
{GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
|
|
|
|
|
@@ -97,7 +99,9 @@ static const gnutls_pk_entry pk_algorith
|
2013-07-01 15:54:42 +02:00
|
|
|
{"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
|
|
|
|
|
{"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
|
|
|
|
|
{"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
{"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
|
|
|
|
|
+#endif
|
|
|
|
|
{0, 0, 0}
|
|
|
|
|
};
|
|
|
|
|
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/lib/auth/cert.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/lib/auth/cert.c
|
|
|
|
|
+++ gnutls-3.2.4/lib/auth/cert.c
|
|
|
|
|
@@ -63,7 +63,12 @@ static gnutls_privkey_t alloc_and_load_p
|
2013-07-01 15:54:42 +02:00
|
|
|
key, int deinit);
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-09-04 13:48:45 +02:00
|
|
|
+
|
2013-07-01 15:54:42 +02:00
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
#define MAX_CLIENT_SIGN_ALGOS 3
|
|
|
|
|
+#else
|
|
|
|
|
+#define MAX_CLIENT_SIGN_ALGOS 2
|
|
|
|
|
+#endif
|
|
|
|
|
#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
|
|
|
|
|
typedef enum CertificateSigType
|
|
|
|
|
{ RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
|
2013-09-04 13:48:45 +02:00
|
|
|
@@ -1438,8 +1443,10 @@ _gnutls_check_supported_sign_algo (Certi
|
2013-07-01 15:54:42 +02:00
|
|
|
return GNUTLS_PK_RSA;
|
|
|
|
|
case DSA_SIGN:
|
|
|
|
|
return GNUTLS_PK_DSA;
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
case ECDSA_SIGN:
|
|
|
|
|
return GNUTLS_PK_EC;
|
|
|
|
|
+#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -1;
|
2013-09-04 13:48:45 +02:00
|
|
|
@@ -1735,7 +1742,9 @@ _gnutls_gen_cert_server_cert_req (gnutls
|
2013-07-01 15:54:42 +02:00
|
|
|
tmp_data[0] = CERTTYPE_SIZE - 1;
|
|
|
|
|
tmp_data[1] = RSA_SIGN;
|
|
|
|
|
tmp_data[2] = DSA_SIGN;
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
tmp_data[3] = ECDSA_SIGN; /* only these for now */
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE);
|
|
|
|
|
if (ret < 0)
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/lib/auth/dhe_psk.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/lib/auth/dhe_psk.c
|
|
|
|
|
+++ gnutls-3.2.4/lib/auth/dhe_psk.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -92,6 +92,7 @@ const mod_auth_st ecdhe_psk_auth_struct
|
|
|
|
|
};
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
+#ifdef ENABLE_ECDHE
|
|
|
|
|
static int
|
|
|
|
|
gen_ecdhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
|
|
|
|
|
{
|
|
|
|
|
@@ -135,6 +136,7 @@ cleanup:
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
gen_dhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
|
|
|
|
|
@@ -230,6 +232,7 @@ gen_dhe_psk_server_kx (gnutls_session_t
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+#ifdef ENABLE_ECDHE
|
|
|
|
|
static int
|
|
|
|
|
gen_ecdhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
|
|
|
|
|
{
|
|
|
|
|
@@ -254,7 +257,7 @@ gen_ecdhe_psk_server_kx (gnutls_session_
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
-
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
proc_dhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
|
|
|
|
|
@@ -335,6 +338,7 @@ proc_dhe_psk_client_kx (gnutls_session_t
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+#ifdef ENABLE_ECDHE
|
|
|
|
|
static int
|
|
|
|
|
proc_ecdhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
|
|
|
|
|
size_t _data_size)
|
|
|
|
|
@@ -399,6 +403,7 @@ proc_ecdhe_psk_client_kx (gnutls_session
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
proc_dhe_psk_server_kx (gnutls_session_t session, uint8_t * data,
|
|
|
|
|
@@ -432,6 +437,7 @@ proc_dhe_psk_server_kx (gnutls_session_t
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+#ifdef ENABLE_ECDHE
|
|
|
|
|
static int
|
|
|
|
|
proc_ecdhe_psk_server_kx (gnutls_session_t session, uint8_t * data,
|
|
|
|
|
size_t _data_size)
|
|
|
|
|
@@ -463,5 +469,6 @@ proc_ecdhe_psk_server_kx (gnutls_session
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
#endif /* ENABLE_PSK */
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/lib/ext/ecc.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/lib/ext/ecc.c
|
|
|
|
|
+++ gnutls-3.2.4/lib/ext/ecc.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -35,6 +35,7 @@
|
|
|
|
|
/* Maps record size to numbers according to the
|
|
|
|
|
* extensions draft.
|
|
|
|
|
*/
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
|
|
|
|
|
static int _gnutls_supported_ecc_recv_params (gnutls_session_t session,
|
|
|
|
|
const uint8_t * data,
|
|
|
|
|
@@ -269,3 +270,5 @@ _gnutls_session_supports_ecc_curve (gnut
|
|
|
|
|
|
|
|
|
|
return GNUTLS_E_ECC_UNSUPPORTED_CURVE;
|
|
|
|
|
}
|
|
|
|
|
+
|
|
|
|
|
+#endif
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/lib/gnutls_extensions.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/lib/gnutls_extensions.c
|
|
|
|
|
+++ gnutls-3.2.4/lib/gnutls_extensions.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -351,6 +351,7 @@ _gnutls_ext_init (void)
|
|
|
|
|
if (ret != GNUTLS_E_SUCCESS)
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
ret = _gnutls_ext_register (&ext_mod_supported_ecc);
|
|
|
|
|
if (ret != GNUTLS_E_SUCCESS)
|
|
|
|
|
return ret;
|
|
|
|
|
@@ -358,6 +359,7 @@ _gnutls_ext_init (void)
|
|
|
|
|
ret = _gnutls_ext_register (&ext_mod_supported_ecc_pf);
|
|
|
|
|
if (ret != GNUTLS_E_SUCCESS)
|
|
|
|
|
return ret;
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
ret = _gnutls_ext_register (&ext_mod_sig);
|
|
|
|
|
if (ret != GNUTLS_E_SUCCESS)
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/lib/gnutls_priority.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/lib/gnutls_priority.c
|
|
|
|
|
+++ gnutls-3.2.4/lib/gnutls_priority.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -245,35 +245,45 @@ gnutls_certificate_type_set_priority (gn
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const int supported_ecc_normal[] = {
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP192R1,
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP224R1,
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP256R1,
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP384R1,
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP521R1,
|
|
|
|
|
+#endif
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const int supported_ecc_secure128[] = {
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP256R1,
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP384R1,
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP521R1,
|
|
|
|
|
+#endif
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const int supported_ecc_suiteb128[] = {
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP256R1,
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP384R1,
|
|
|
|
|
+#endif
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const int supported_ecc_suiteb192[] = {
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP384R1,
|
|
|
|
|
+#endif
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const int supported_ecc_secure192[] = {
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP384R1,
|
|
|
|
|
GNUTLS_ECC_CURVE_SECP521R1,
|
|
|
|
|
+#endif
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
|
2013-09-04 13:48:45 +02:00
|
|
|
@@ -416,51 +426,75 @@ static const int comp_priority[] = {
|
2013-07-01 15:54:42 +02:00
|
|
|
static const int sign_priority_default[] = {
|
|
|
|
|
GNUTLS_SIGN_RSA_SHA256,
|
|
|
|
|
GNUTLS_SIGN_DSA_SHA256,
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA256,
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
GNUTLS_SIGN_RSA_SHA384,
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA384,
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
GNUTLS_SIGN_RSA_SHA512,
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA512,
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
GNUTLS_SIGN_RSA_SHA224,
|
|
|
|
|
GNUTLS_SIGN_DSA_SHA224,
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA224,
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
GNUTLS_SIGN_RSA_SHA1,
|
|
|
|
|
GNUTLS_SIGN_DSA_SHA1,
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA1,
|
|
|
|
|
+#endif
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const int sign_priority_suiteb128[] = {
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA256,
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA384,
|
|
|
|
|
+#endif
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const int sign_priority_suiteb192[] = {
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA384,
|
|
|
|
|
+#endif
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const int sign_priority_secure128[] = {
|
|
|
|
|
GNUTLS_SIGN_RSA_SHA256,
|
|
|
|
|
GNUTLS_SIGN_DSA_SHA256,
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA256,
|
|
|
|
|
+#endif
|
|
|
|
|
GNUTLS_SIGN_RSA_SHA384,
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA384,
|
|
|
|
|
+#endif
|
|
|
|
|
GNUTLS_SIGN_RSA_SHA512,
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA512,
|
|
|
|
|
+#endif
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const int sign_priority_secure192[] = {
|
|
|
|
|
GNUTLS_SIGN_RSA_SHA384,
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA384,
|
|
|
|
|
+#endif
|
|
|
|
|
GNUTLS_SIGN_RSA_SHA512,
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
GNUTLS_SIGN_ECDSA_SHA512,
|
|
|
|
|
+#endif
|
|
|
|
|
0
|
|
|
|
|
};
|
|
|
|
|
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/lib/nettle/pk.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/lib/nettle/pk.c
|
|
|
|
|
+++ gnutls-3.2.4/lib/nettle/pk.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -146,6 +146,7 @@ static int _wrap_nettle_pk_derive(gnutls
|
|
|
|
|
|
|
|
|
|
switch (algo)
|
|
|
|
|
{
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
case GNUTLS_PK_EC:
|
|
|
|
|
{
|
|
|
|
|
struct ecc_scalar ecc_priv;
|
|
|
|
|
@@ -186,6 +187,7 @@ ecc_cleanup:
|
|
|
|
|
if (ret < 0) goto cleanup;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
+#endif
|
|
|
|
|
default:
|
|
|
|
|
gnutls_assert ();
|
|
|
|
|
ret = GNUTLS_E_INTERNAL_ERROR;
|
|
|
|
|
@@ -330,6 +332,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
|
|
|
|
|
|
|
|
|
|
switch (algo)
|
|
|
|
|
{
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
case GNUTLS_PK_EC: /* we do ECDSA */
|
|
|
|
|
{
|
|
|
|
|
struct ecc_scalar priv;
|
2013-08-01 17:15:14 +02:00
|
|
|
@@ -370,6 +373,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
|
2013-07-01 15:54:42 +02:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
+#endif
|
|
|
|
|
case GNUTLS_PK_DSA:
|
|
|
|
|
{
|
|
|
|
|
struct dsa_public_key pub;
|
2013-08-01 17:15:14 +02:00
|
|
|
@@ -472,6 +476,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
|
2013-07-01 15:54:42 +02:00
|
|
|
|
|
|
|
|
switch (algo)
|
|
|
|
|
{
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
case GNUTLS_PK_EC: /* ECDSA */
|
|
|
|
|
{
|
|
|
|
|
struct ecc_point pub;
|
2013-08-01 17:15:14 +02:00
|
|
|
@@ -514,6 +519,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
|
2013-07-01 15:54:42 +02:00
|
|
|
ecc_point_clear( &pub);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
+#endif
|
|
|
|
|
case GNUTLS_PK_DSA:
|
|
|
|
|
{
|
|
|
|
|
struct dsa_public_key pub;
|
2013-08-01 17:15:14 +02:00
|
|
|
@@ -721,6 +727,7 @@ rsa_fail:
|
2013-07-01 15:54:42 +02:00
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
case GNUTLS_PK_EC:
|
|
|
|
|
{
|
|
|
|
|
struct ecc_scalar key;
|
2013-08-01 17:15:14 +02:00
|
|
|
@@ -761,6 +768,7 @@ ecc_cleanup:
|
2013-07-01 15:54:42 +02:00
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
+#endif
|
|
|
|
|
default:
|
|
|
|
|
gnutls_assert ();
|
|
|
|
|
return GNUTLS_E_INVALID_REQUEST;
|
2013-08-01 17:15:14 +02:00
|
|
|
@@ -877,6 +885,7 @@ dsa_cleanup:
|
2013-07-01 15:54:42 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
case GNUTLS_PK_EC:
|
|
|
|
|
{
|
|
|
|
|
struct ecc_point r, pub;
|
2013-08-01 17:15:14 +02:00
|
|
|
@@ -938,6 +947,7 @@ ecc_cleanup:
|
2013-07-01 15:54:42 +02:00
|
|
|
ecc_point_clear(&pub);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
+#endif
|
|
|
|
|
default:
|
|
|
|
|
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
|
|
|
}
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/cert-tests/dane
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/cert-tests/dane
|
|
|
|
|
+++ gnutls-3.2.4/tests/cert-tests/dane
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -22,6 +22,8 @@
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
+exit 77
|
|
|
|
|
+
|
|
|
|
|
srcdir=${srcdir:-.}
|
|
|
|
|
DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT}
|
|
|
|
|
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/dtls/dtls-nb
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/dtls/dtls-nb
|
|
|
|
|
+++ gnutls-3.2.4/tests/dtls/dtls-nb
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -22,9 +22,7 @@
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
-if test "${WINDIR}" != "";then
|
|
|
|
|
- exit 77
|
|
|
|
|
-fi
|
|
|
|
|
+exit 77
|
|
|
|
|
|
|
|
|
|
./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
|
|
|
|
|
./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/dtls/dtls
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/dtls/dtls
|
|
|
|
|
+++ gnutls-3.2.4/tests/dtls/dtls
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -22,9 +22,7 @@
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
-if test "${WINDIR}" != "";then
|
|
|
|
|
- exit 77
|
|
|
|
|
-fi
|
|
|
|
|
+exit 77
|
|
|
|
|
|
|
|
|
|
./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
|
|
|
|
|
./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/ecdsa/ecdsa
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/ecdsa/ecdsa
|
|
|
|
|
+++ gnutls-3.2.4/tests/ecdsa/ecdsa
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -22,6 +22,8 @@
|
|
|
|
|
|
|
|
|
|
#set -e
|
|
|
|
|
|
|
|
|
|
+exit 77
|
|
|
|
|
+
|
|
|
|
|
srcdir=${srcdir:-.}
|
|
|
|
|
CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
|
|
|
|
|
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-dtls-heartbeat.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-dtls-heartbeat.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-dtls-heartbeat.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -27,7 +27,7 @@
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main ()
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-dtls-record.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-dtls-record.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-dtls-record.c
|
2013-08-01 17:15:14 +02:00
|
|
|
@@ -29,7 +29,7 @@
|
2013-07-01 15:54:42 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_ECC)
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main ()
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-dtls-rehandshake.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-dtls-rehandshake.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-dtls-rehandshake.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -27,7 +27,7 @@
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_ECC)
|
|
|
|
|
|
|
|
|
|
int main()
|
|
|
|
|
{
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-dtls-srtp.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-dtls-srtp.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-dtls-srtp.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -27,7 +27,7 @@
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) || !defined(ENABLE_ECC)
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main (int argc, char** argv)
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-handshake-timeout.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-handshake-timeout.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-handshake-timeout.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -28,7 +28,7 @@
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_ECC)
|
|
|
|
|
|
|
|
|
|
int main()
|
|
|
|
|
{
|
|
|
|
|
@@ -142,7 +142,11 @@ initialize_tls_session (gnutls_session_t
|
|
|
|
|
/* avoid calling all the priority functions, since the defaults
|
|
|
|
|
* are adequate.
|
|
|
|
|
*/
|
|
|
|
|
- gnutls_priority_set_direct (*session, "NORMAL:+ANON-ECDH", NULL);
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL);
|
|
|
|
|
+#else
|
|
|
|
|
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-DH", NULL);
|
|
|
|
|
+#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-loss-time.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-loss-time.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-loss-time.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -28,7 +28,7 @@
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_ECC)
|
|
|
|
|
|
|
|
|
|
int main()
|
|
|
|
|
{
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-record.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-record.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-record.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -27,7 +27,7 @@
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_ECC)
|
|
|
|
|
|
|
|
|
|
int main()
|
|
|
|
|
{
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-record-range.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-record-range.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-record-range.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -27,7 +27,7 @@
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_ECC)
|
|
|
|
|
|
|
|
|
|
int main()
|
|
|
|
|
{
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-xssl.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-xssl.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-xssl.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -27,7 +27,7 @@
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_ECC)
|
|
|
|
|
|
|
|
|
|
int main()
|
|
|
|
|
{
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/pkcs12_simple.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/pkcs12_simple.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/pkcs12_simple.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -50,6 +50,10 @@ doit (void)
|
|
|
|
|
gnutls_x509_privkey_t pkey;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
+#ifndef ENABLE_ECC
|
|
|
|
|
+ exit(77);
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|
ret = global_init ();
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
fail ("global_init failed %d\n", ret);
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/slow/keygen.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/slow/keygen.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/slow/keygen.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -65,6 +65,11 @@ doit (void)
|
|
|
|
|
if (algorithm == GNUTLS_PK_DH)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
+#ifndef ENABLE_ECC
|
|
|
|
|
+ if (algorithm == GNUTLS_PK_EC)
|
|
|
|
|
+ continue;
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|
ret = gnutls_x509_privkey_init (&pkey);
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
{
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/srp/mini-srp.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/srp/mini-srp.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/srp/mini-srp.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -27,7 +27,7 @@
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_SRP)
|
|
|
|
|
|
|
|
|
|
int main()
|
|
|
|
|
{
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/lib/auth/ecdhe.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/lib/auth/ecdhe.c
|
|
|
|
|
+++ gnutls-3.2.4/lib/auth/ecdhe.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -50,7 +50,7 @@ static int
|
|
|
|
|
proc_ecdhe_client_kx (gnutls_session_t session,
|
|
|
|
|
uint8_t * data, size_t _data_size);
|
|
|
|
|
|
|
|
|
|
-#if defined(ENABLE_ECDHE)
|
|
|
|
|
+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
|
|
|
|
|
const mod_auth_st ecdhe_ecdsa_auth_struct = {
|
|
|
|
|
"ECDHE_ECDSA",
|
|
|
|
|
_gnutls_gen_cert_server_crt,
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-dtls-hello-verify.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-dtls-hello-verify.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-dtls-hello-verify.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -27,7 +27,7 @@
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_ECDH)
|
|
|
|
|
|
|
|
|
|
int main()
|
|
|
|
|
{
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-alpn.c
|
2013-07-01 15:54:42 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-alpn.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-alpn.c
|
2013-07-01 15:54:42 +02:00
|
|
|
@@ -25,7 +25,7 @@
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32) || !defined(ENABLE_ALPN)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_ALPN) || !defined(ENABLE_ECDH)
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main (int argc, char** argv)
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-dtls-large.c
|
2013-08-01 17:15:14 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/mini-dtls-large.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-dtls-large.c
|
2013-08-01 17:15:14 +02:00
|
|
|
@@ -25,7 +25,7 @@
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
|
|
-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
|
|
|
|
|
+#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main ()
|
|
|
|
|
@@ -194,7 +194,11 @@ server (int fd)
|
|
|
|
|
* are adequate.
|
|
|
|
|
*/
|
|
|
|
|
gnutls_priority_set_direct (session,
|
|
|
|
|
+#ifdef ENABLE_ECDH
|
|
|
|
|
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
|
|
|
|
|
+#else
|
|
|
|
|
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
|
|
|
|
|
+#endif
|
|
|
|
|
NULL);
|
|
|
|
|
|
|
|
|
|
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
|
2013-09-04 13:48:45 +02:00
|
|
|
Index: gnutls-3.2.4/tests/mini-x509-callbacks.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- gnutls-3.2.4.orig/tests/mini-x509-callbacks.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/mini-x509-callbacks.c
|
|
|
|
|
@@ -56,13 +56,19 @@ unsigned int msg_order[] = {
|
|
|
|
|
GNUTLS_HANDSHAKE_CLIENT_HELLO,
|
|
|
|
|
GNUTLS_HANDSHAKE_SERVER_HELLO,
|
|
|
|
|
GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
|
|
|
|
|
+#ifndef ENABLE_ECC
|
|
|
|
|
+ /*Sent: CERTIFICATE REQUEST, expected SERVER KEY EXCHANGE*/
|
|
|
|
|
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
|
|
|
|
|
+#else
|
|
|
|
|
GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
|
|
|
|
|
GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
|
|
|
|
|
+#endif
|
|
|
|
|
GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
|
|
|
|
|
GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
|
|
|
|
|
GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
|
|
|
|
|
GNUTLS_HANDSHAKE_FINISHED,
|
|
|
|
|
GNUTLS_HANDSHAKE_FINISHED,
|
|
|
|
|
+
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int handshake_callback (gnutls_session_t session, unsigned int htype, unsigned post, unsigned int incoming)
|
|
|
|
|
Index: gnutls-3.2.4/lib/algorithms/kx.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- gnutls-3.2.4.orig/lib/algorithms/kx.c
|
|
|
|
|
+++ gnutls-3.2.4/lib/algorithms/kx.c
|
|
|
|
|
@@ -28,9 +28,11 @@
|
|
|
|
|
|
|
|
|
|
extern mod_auth_st rsa_auth_struct;
|
|
|
|
|
extern mod_auth_st dhe_rsa_auth_struct;
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
extern mod_auth_st ecdhe_rsa_auth_struct;
|
|
|
|
|
extern mod_auth_st ecdhe_psk_auth_struct;
|
|
|
|
|
extern mod_auth_st ecdhe_ecdsa_auth_struct;
|
|
|
|
|
+#endif
|
|
|
|
|
extern mod_auth_st dhe_dss_auth_struct;
|
|
|
|
|
extern mod_auth_st anon_auth_struct;
|
|
|
|
|
extern mod_auth_st anon_ecdh_auth_struct;
|
|
|
|
|
@@ -58,14 +60,18 @@ static const gnutls_cred_map cred_mappin
|
|
|
|
|
{GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
|
|
|
|
|
{GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
|
|
|
|
|
{GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
|
|
|
|
|
+#ifdef ENABLE_ECDHE
|
|
|
|
|
{GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
|
|
|
|
|
{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
|
|
|
|
|
+#endif
|
|
|
|
|
{GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
|
|
|
|
|
{GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
|
|
|
|
|
{GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
|
|
|
|
|
{GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
|
|
|
|
|
{GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
|
|
|
|
|
+#ifdef ENABLE_ECDHE
|
|
|
|
|
{GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
|
|
|
|
|
+#endif
|
|
|
|
|
{GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
|
|
|
|
|
{GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
|
|
|
|
|
{GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
|
|
|
|
|
@@ -100,7 +106,7 @@ static const gnutls_kx_algo_entry _gnutl
|
|
|
|
|
{"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
|
|
|
|
|
{"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
|
|
|
|
|
#endif
|
|
|
|
|
-#ifdef ENABLE_ECDHE
|
|
|
|
|
+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
|
|
|
|
|
{"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
|
|
|
|
|
{"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0},
|
|
|
|
|
#endif
|
|
|
|
|
@@ -116,7 +122,7 @@ static const gnutls_kx_algo_entry _gnutl
|
|
|
|
|
{"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
|
|
|
|
|
1 /* needs DHE params */},
|
|
|
|
|
# endif
|
|
|
|
|
-# ifdef ENABLE_ECDHE
|
|
|
|
|
+# if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
|
|
|
|
|
{"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
|
|
|
|
|
# endif
|
|
|
|
|
#endif
|
|
|
|
|
Index: gnutls-3.2.4/tests/priorities.c
|
2013-08-01 17:15:14 +02:00
|
|
|
===================================================================
|
2013-09-04 13:48:45 +02:00
|
|
|
--- gnutls-3.2.4.orig/tests/priorities.c
|
|
|
|
|
+++ gnutls-3.2.4/tests/priorities.c
|
2013-08-01 17:15:14 +02:00
|
|
|
@@ -73,7 +73,7 @@ unsigned i, si, count = 0;
|
|
|
|
|
for (i=0;i<ret;i++)
|
|
|
|
|
fprintf(stderr, "%s\n", gnutls_cipher_get_name(t[i]));
|
|
|
|
|
#endif
|
|
|
|
|
- fail("expected %d ciphers, found %d\n", expected_ciphers, ret);
|
|
|
|
|
+ fail("%s: expected %d ciphers, found %d\n", prio, expected_ciphers, ret);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -86,7 +86,7 @@ for (i=0;i<ret;i++)
|
|
|
|
|
|
|
|
|
|
if (count != expected_cs)
|
|
|
|
|
{
|
|
|
|
|
- fail("expected %d ciphersuites, found %d\n", expected_cs, count);
|
|
|
|
|
+ fail("%s: expected %d ciphersuites, found %d\n", prio, expected_cs, count);
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
@@ -94,21 +94,37 @@ for (i=0;i<ret;i++)
|
|
|
|
|
void
|
|
|
|
|
doit (void)
|
|
|
|
|
{
|
|
|
|
|
+#ifdef ENABLE_ECC
|
2013-09-04 13:48:45 +02:00
|
|
|
const int normal = 42;
|
2013-08-01 17:15:14 +02:00
|
|
|
const int null = 5;
|
|
|
|
|
const int sec128 = 32;
|
|
|
|
|
+#else
|
|
|
|
|
+const int normal = 27;
|
|
|
|
|
+const int null = 3;
|
|
|
|
|
+const int sec128 = 21;
|
|
|
|
|
+#endif
|
|
|
|
|
|
|
|
|
|
try_prio("NORMAL", normal, 8);
|
|
|
|
|
try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 8);
|
|
|
|
|
try_prio("NORMAL:+CIPHER-ALL", normal, 8); /* all (except null) */
|
|
|
|
|
try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */
|
|
|
|
|
try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal+null, 9); /* should be null + all */
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1); /* should be null + all */
|
|
|
|
|
+#else
|
|
|
|
|
+ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 6, 1); /* should be null + all */
|
|
|
|
|
+#endif
|
|
|
|
|
try_prio("PERFORMANCE", normal, 8);
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
try_prio("SECURE256", 6, 3);
|
|
|
|
|
+#else
|
|
|
|
|
+ try_prio("SECURE256", 3, 3);
|
|
|
|
|
+#endif
|
|
|
|
|
try_prio("SECURE128", sec128, 6);
|
|
|
|
|
try_prio("SECURE128:+SECURE256", sec128, 6); /* should be the same as SECURE128 */
|
|
|
|
|
try_prio("SECURE128:+SECURE256:+NORMAL", normal, 8); /* should be the same as NORMAL */
|
|
|
|
|
+#ifdef ENABLE_ECC
|
|
|
|
|
try_prio("SUITEB192", 1, 1);
|
|
|
|
|
+#endif
|
|
|
|
|
}
|
|
|
|
|
|
