rpm/gnutls
SHA256
1
0
Fork 0
forked from pool/gnutls
Code Pull Requests Activity

Accepting request 211992 from Base:System

Browse Source 
Upgrade to GNUTLS-3.2.8 (forwarded request 211991 from shawn2012)

OBS-URL: https://build.opensuse.org/request/show/211992
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnutls?expand=0&rev=68
This commit is contained in:
Tomáš Chvátal 2013-12-23 11:33:44 +00:00 committed by Git OBS Bridge
parent fbbe0b4946
commit f088877e49
9 changed files with 972 additions and 900 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

837
gnutls-3.2.6-noecc.patch
View File

@ -1,837 +0,0 @@
Index: gnutls-3.2.6/lib/algorithms/publickey.c
===================================================================
--- gnutls-3.2.6.orig/lib/algorithms/publickey.c
+++ gnutls-3.2.6/lib/algorithms/publickey.c
@@ -49,8 +49,10 @@ static const gnutls_pk_map pk_mappings[]
{GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
{GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
{GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+#ifdef ENABLE_ECC
{GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
+#endif
{GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
{GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
{GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
@@ -98,7 +100,9 @@ static const gnutls_pk_entry pk_algorith
{"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
{"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
{"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
+#ifdef ENABLE_ECC
{"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
+#endif
{0, 0, 0}
};
Index: gnutls-3.2.6/lib/auth/cert.c
===================================================================
--- gnutls-3.2.6.orig/lib/auth/cert.c
+++ gnutls-3.2.6/lib/auth/cert.c
@@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p
key, int deinit);
#endif
+#ifdef ENABLE_ECC
#define MAX_CLIENT_SIGN_ALGOS 3
+#else
+#define MAX_CLIENT_SIGN_ALGOS 2
+#endif
#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
typedef enum CertificateSigType
{ RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
@@ -1438,8 +1442,10 @@ _gnutls_check_supported_sign_algo (Certi
return GNUTLS_PK_RSA;
case DSA_SIGN:
return GNUTLS_PK_DSA;
+#ifdef ENABLE_ECC
case ECDSA_SIGN:
return GNUTLS_PK_EC;
+#endif
}
return -1;
@@ -1735,7 +1741,9 @@ _gnutls_gen_cert_server_cert_req (gnutls
tmp_data[0] = CERTTYPE_SIZE - 1;
tmp_data[1] = RSA_SIGN;
tmp_data[2] = DSA_SIGN;
+#ifdef ENABLE_ECC
tmp_data[3] = ECDSA_SIGN; /* only these for now */
+#endif
ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE);
if (ret < 0)
Index: gnutls-3.2.6/lib/auth/dhe_psk.c
===================================================================
--- gnutls-3.2.6.orig/lib/auth/dhe_psk.c
+++ gnutls-3.2.6/lib/auth/dhe_psk.c
@@ -92,6 +92,7 @@ const mod_auth_st ecdhe_psk_auth_struct
};
#endif
+#ifdef ENABLE_ECDHE
static int
gen_ecdhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
{
@@ -135,6 +136,7 @@ cleanup:
return ret;
}
+#endif
static int
gen_dhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
@@ -230,6 +232,7 @@ gen_dhe_psk_server_kx (gnutls_session_t
return ret;
}
+#ifdef ENABLE_ECDHE
static int
gen_ecdhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
{
@@ -254,7 +257,7 @@ gen_ecdhe_psk_server_kx (gnutls_session_
return ret;
}
-
+#endif
static int
proc_dhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
@@ -335,6 +338,7 @@ proc_dhe_psk_client_kx (gnutls_session_t
}
+#ifdef ENABLE_ECDHE
static int
proc_ecdhe_psk_client_kx (gnutls_session_t session, uint8_t * data,
size_t _data_size)
@@ -399,6 +403,7 @@ proc_ecdhe_psk_client_kx (gnutls_session
return ret;
}
+#endif
static int
proc_dhe_psk_server_kx (gnutls_session_t session, uint8_t * data,
@@ -432,6 +437,7 @@ proc_dhe_psk_server_kx (gnutls_session_t
return 0;
}
+#ifdef ENABLE_ECDHE
static int
proc_ecdhe_psk_server_kx (gnutls_session_t session, uint8_t * data,
size_t _data_size)
@@ -463,5 +469,6 @@ proc_ecdhe_psk_server_kx (gnutls_session
return 0;
}
+#endif
#endif /* ENABLE_PSK */
Index: gnutls-3.2.6/lib/ext/ecc.c
===================================================================
--- gnutls-3.2.6.orig/lib/ext/ecc.c
+++ gnutls-3.2.6/lib/ext/ecc.c
@@ -35,7 +35,7 @@
/* Maps record size to numbers according to the
* extensions draft.
*/
-
+#ifdef ENABLE_ECC
static int _gnutls_supported_ecc_recv_params (gnutls_session_t session,
const uint8_t * data,
size_t data_size);
@@ -269,3 +269,4 @@ _gnutls_session_supports_ecc_curve (gnut
return GNUTLS_E_ECC_UNSUPPORTED_CURVE;
}
+#endif
Index: gnutls-3.2.6/lib/gnutls_extensions.c
===================================================================
--- gnutls-3.2.6.orig/lib/gnutls_extensions.c
+++ gnutls-3.2.6/lib/gnutls_extensions.c
@@ -351,6 +351,7 @@ _gnutls_ext_init (void)
if (ret != GNUTLS_E_SUCCESS)
return ret;
+#ifdef ENABLE_ECC
ret = _gnutls_ext_register (&ext_mod_supported_ecc);
if (ret != GNUTLS_E_SUCCESS)
return ret;
@@ -358,6 +359,7 @@ _gnutls_ext_init (void)
ret = _gnutls_ext_register (&ext_mod_supported_ecc_pf);
if (ret != GNUTLS_E_SUCCESS)
return ret;
+#endif
ret = _gnutls_ext_register (&ext_mod_sig);
if (ret != GNUTLS_E_SUCCESS)
Index: gnutls-3.2.6/lib/gnutls_priority.c
===================================================================
--- gnutls-3.2.6.orig/lib/gnutls_priority.c
+++ gnutls-3.2.6/lib/gnutls_priority.c
@@ -245,35 +245,45 @@ gnutls_certificate_type_set_priority (gn
}
static const int supported_ecc_normal[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP192R1,
GNUTLS_ECC_CURVE_SECP224R1,
GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1,
+#endif
0
};
static const int supported_ecc_secure128[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1,
+#endif
0
};
static const int supported_ecc_suiteb128[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1,
+#endif
0
};
static const int supported_ecc_suiteb192[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP384R1,
+#endif
0
};
static const int supported_ecc_secure192[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1,
+#endif
0
};
@@ -423,51 +433,74 @@ static const int comp_priority[] = {
static const int sign_priority_default[] = {
GNUTLS_SIGN_RSA_SHA256,
GNUTLS_SIGN_DSA_SHA256,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA256,
+#endif
GNUTLS_SIGN_RSA_SHA384,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
GNUTLS_SIGN_RSA_SHA512,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA512,
-
+#endif
GNUTLS_SIGN_RSA_SHA224,
GNUTLS_SIGN_DSA_SHA224,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA224,
+#endif
GNUTLS_SIGN_RSA_SHA1,
GNUTLS_SIGN_DSA_SHA1,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA1,
+#endif
0
};
static const int sign_priority_suiteb128[] = {
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA256,
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
0
};
static const int sign_priority_suiteb192[] = {
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
0
};
static const int sign_priority_secure128[] = {
GNUTLS_SIGN_RSA_SHA256,
GNUTLS_SIGN_DSA_SHA256,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA256,
+#endif
GNUTLS_SIGN_RSA_SHA384,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
GNUTLS_SIGN_RSA_SHA512,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA512,
+#endif
0
};
static const int sign_priority_secure192[] = {
GNUTLS_SIGN_RSA_SHA384,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
GNUTLS_SIGN_RSA_SHA512,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA512,
+#endif
0
};
Index: gnutls-3.2.6/lib/nettle/pk.c
===================================================================
--- gnutls-3.2.6.orig/lib/nettle/pk.c
+++ gnutls-3.2.6/lib/nettle/pk.c
@@ -146,6 +146,7 @@ static int _wrap_nettle_pk_derive(gnutls
switch (algo)
{
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC:
{
struct ecc_scalar ecc_priv;
@@ -186,6 +187,7 @@ ecc_cleanup:
if (ret < 0) goto cleanup;
break;
}
+#endif
default:
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
@@ -330,6 +332,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
switch (algo)
{
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC: /* we do ECDSA */
{
struct ecc_scalar priv;
@@ -370,6 +373,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
}
break;
}
+#endif
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
@@ -472,6 +476,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
switch (algo)
{
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC: /* ECDSA */
{
struct ecc_point pub;
@@ -514,6 +519,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
ecc_point_clear( &pub);
break;
}
+#endif
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
@@ -721,6 +727,7 @@ rsa_fail:
break;
}
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC:
{
struct ecc_scalar key;
@@ -761,6 +768,7 @@ ecc_cleanup:
break;
}
+#endif
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
@@ -877,6 +885,7 @@ dsa_cleanup:
}
break;
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC:
{
struct ecc_point r, pub;
@@ -938,6 +947,7 @@ ecc_cleanup:
ecc_point_clear(&pub);
}
break;
+#endif
default:
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
Index: gnutls-3.2.6/tests/cert-tests/dane
===================================================================
--- gnutls-3.2.6.orig/tests/cert-tests/dane
+++ gnutls-3.2.6/tests/cert-tests/dane
@@ -22,6 +22,8 @@
set -e
+exit 77
+
srcdir=${srcdir:-.}
DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT}
DIFF=${DIFF:-diff}
Index: gnutls-3.2.6/tests/dtls/dtls-nb
===================================================================
--- gnutls-3.2.6.orig/tests/dtls/dtls-nb
+++ gnutls-3.2.6/tests/dtls/dtls-nb
@@ -22,9 +22,7 @@
set -e
-if test "${WINDIR}" != "";then
- exit 77
-fi
+exit 77
./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
Index: gnutls-3.2.6/tests/dtls/dtls
===================================================================
--- gnutls-3.2.6.orig/tests/dtls/dtls
+++ gnutls-3.2.6/tests/dtls/dtls
@@ -22,9 +22,7 @@
set -e
-if test "${WINDIR}" != "";then
- exit 77
-fi
+exit 77
./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
Index: gnutls-3.2.6/tests/ecdsa/ecdsa
===================================================================
--- gnutls-3.2.6.orig/tests/ecdsa/ecdsa
+++ gnutls-3.2.6/tests/ecdsa/ecdsa
@@ -22,6 +22,8 @@
#set -e
+exit 77
+
srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
Index: gnutls-3.2.6/tests/mini-dtls-heartbeat.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-dtls-heartbeat.c
+++ gnutls-3.2.6/tests/mini-dtls-heartbeat.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
+#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
int
main ()
Index: gnutls-3.2.6/tests/mini-dtls-record.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-dtls-record.c
+++ gnutls-3.2.6/tests/mini-dtls-record.c
@@ -29,7 +29,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int
main ()
Index: gnutls-3.2.6/tests/mini-dtls-rehandshake.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-dtls-rehandshake.c
+++ gnutls-3.2.6/tests/mini-dtls-rehandshake.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.6/tests/mini-dtls-srtp.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-dtls-srtp.c
+++ gnutls-3.2.6/tests/mini-dtls-srtp.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP)
+#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) || !defined(ENABLE_ECC)
int
main (int argc, char** argv)
Index: gnutls-3.2.6/tests/mini-handshake-timeout.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-handshake-timeout.c
+++ gnutls-3.2.6/tests/mini-handshake-timeout.c
@@ -28,7 +28,7 @@
#include <stdlib.h>
#include <string.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
@@ -144,7 +144,11 @@ initialize_tls_session (gnutls_session_t
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
- gnutls_priority_set_direct (*session, "NORMAL:+ANON-ECDH", NULL);
+#ifdef ENABLE_ECC
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL);
+#else
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-DH", NULL);
+#endif
}
static void
Index: gnutls-3.2.6/tests/mini-loss-time.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-loss-time.c
+++ gnutls-3.2.6/tests/mini-loss-time.c
@@ -28,7 +28,7 @@
#include <stdlib.h>
#include <string.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.6/tests/mini-record.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-record.c
+++ gnutls-3.2.6/tests/mini-record.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.6/tests/mini-record-range.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-record-range.c
+++ gnutls-3.2.6/tests/mini-record-range.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.6/tests/mini-xssl.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-xssl.c
+++ gnutls-3.2.6/tests/mini-xssl.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.6/tests/pkcs12_simple.c
===================================================================
--- gnutls-3.2.6.orig/tests/pkcs12_simple.c
+++ gnutls-3.2.6/tests/pkcs12_simple.c
@@ -50,6 +50,10 @@ doit (void)
gnutls_x509_privkey_t pkey;
int ret;
+#ifndef ENABLE_ECC
+ exit(77);
+#endif
+
ret = global_init ();
if (ret < 0)
fail ("global_init failed %d\n", ret);
Index: gnutls-3.2.6/tests/slow/keygen.c
===================================================================
--- gnutls-3.2.6.orig/tests/slow/keygen.c
+++ gnutls-3.2.6/tests/slow/keygen.c
@@ -65,6 +65,11 @@ doit (void)
if (algorithm == GNUTLS_PK_DH)
continue;
+#ifndef ENABLE_ECC
+ if (algorithm == GNUTLS_PK_EC)
+ continue;
+#endif
+
ret = gnutls_x509_privkey_init (&pkey);
if (ret < 0)
{
Index: gnutls-3.2.6/tests/srp/mini-srp.c
===================================================================
--- gnutls-3.2.6.orig/tests/srp/mini-srp.c
+++ gnutls-3.2.6/tests/srp/mini-srp.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_SRP)
int main()
{
Index: gnutls-3.2.6/lib/auth/ecdhe.c
===================================================================
--- gnutls-3.2.6.orig/lib/auth/ecdhe.c
+++ gnutls-3.2.6/lib/auth/ecdhe.c
@@ -50,7 +50,7 @@ static int
proc_ecdhe_client_kx (gnutls_session_t session,
uint8_t * data, size_t _data_size);
-#if defined(ENABLE_ECDHE)
+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
const mod_auth_st ecdhe_ecdsa_auth_struct = {
"ECDHE_ECDSA",
_gnutls_gen_cert_server_crt,
Index: gnutls-3.2.6/tests/mini-dtls-hello-verify.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-dtls-hello-verify.c
+++ gnutls-3.2.6/tests/mini-dtls-hello-verify.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECDH)
int main()
{
Index: gnutls-3.2.6/tests/mini-alpn.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-alpn.c
+++ gnutls-3.2.6/tests/mini-alpn.c
@@ -25,7 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_ALPN)
+#if defined(_WIN32) || !defined(ENABLE_ALPN) || !defined(ENABLE_ECDH)
int
main (int argc, char** argv)
Index: gnutls-3.2.6/tests/mini-dtls-large.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-dtls-large.c
+++ gnutls-3.2.6/tests/mini-dtls-large.c
@@ -25,7 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
+#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
int
main ()
@@ -194,7 +194,11 @@ server (int fd)
* are adequate.
*/
gnutls_priority_set_direct (session,
+#ifdef ENABLE_ECDH
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+#else
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+#endif
NULL);
gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred);
Index: gnutls-3.2.6/tests/mini-x509-callbacks.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-x509-callbacks.c
+++ gnutls-3.2.6/tests/mini-x509-callbacks.c
@@ -58,8 +58,13 @@ unsigned int msg_order[] = {
GNUTLS_HANDSHAKE_CLIENT_HELLO,
GNUTLS_HANDSHAKE_SERVER_HELLO,
GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
+#ifndef ENABLE_ECC
+ /*Sent: CERTIFICATE REQUEST, expected SERVER KEY EXCHANGE*/
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
+#else
GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
+#endif
GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
Index: gnutls-3.2.6/lib/algorithms/kx.c
===================================================================
--- gnutls-3.2.6.orig/lib/algorithms/kx.c
+++ gnutls-3.2.6/lib/algorithms/kx.c
@@ -28,9 +28,11 @@
extern mod_auth_st rsa_auth_struct;
extern mod_auth_st dhe_rsa_auth_struct;
+#ifdef ENABLE_ECC
extern mod_auth_st ecdhe_rsa_auth_struct;
extern mod_auth_st ecdhe_psk_auth_struct;
extern mod_auth_st ecdhe_ecdsa_auth_struct;
+#endif
extern mod_auth_st dhe_dss_auth_struct;
extern mod_auth_st anon_auth_struct;
extern mod_auth_st anon_ecdh_auth_struct;
@@ -58,14 +60,18 @@ static const gnutls_cred_map cred_mappin
{GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
{GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
{GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+#ifdef ENABLE_ECDHE
{GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+#endif
{GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
{GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
{GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
+#ifdef ENABLE_ECDHE
{GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+#endif
{GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
{GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
@@ -100,7 +106,7 @@ static const gnutls_kx_algo_entry _gnutl
{"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
{"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
#endif
-#ifdef ENABLE_ECDHE
+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
{"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
{"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0},
#endif
@@ -116,7 +122,7 @@ static const gnutls_kx_algo_entry _gnutl
{"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
1 /* needs DHE params */},
# endif
-# ifdef ENABLE_ECDHE
+# if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
{"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
# endif
#endif
Index: gnutls-3.2.6/tests/priorities.c
===================================================================
--- gnutls-3.2.6.orig/tests/priorities.c
+++ gnutls-3.2.6/tests/priorities.c
@@ -73,7 +73,7 @@ unsigned i, si, count = 0;
for (i=0;i<ret;i++)
fprintf(stderr, "%s\n", gnutls_cipher_get_name(t[i]));
#endif
- fail("expected %d ciphers, found %d\n", expected_ciphers, ret);
+ fail("%s: expected %d ciphers, found %d\n", prio, expected_ciphers, ret);
exit(1);
}
@@ -86,7 +86,7 @@ for (i=0;i<ret;i++)
if (count != expected_cs)
{
- fail("expected %d ciphersuites, found %d\n", expected_cs, count);
+ fail("%s: expected %d ciphersuites, found %d\n", prio, expected_cs, count);
exit(1);
}
}
@@ -94,21 +94,37 @@ for (i=0;i<ret;i++)
void
doit (void)
{
+#ifdef ENABLE_ECC
const int normal = 66;
const int null = 5;
const int sec128 = 56;
+#else
+ const int normal = 42;
+ const int null = 3;
+ const int sec128 = 36;
+#endif
try_prio("NORMAL", normal, 10);
try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 10);
try_prio("NORMAL:+CIPHER-ALL", normal, 10); /* all (except null) */
try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */
try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal+null, 11); /* should be null + all */
+#ifdef ENABLE_ECC
try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1); /* should be null + all */
+#else
+ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 6, 1); /* should be null + all */
+#endif
try_prio("PERFORMANCE", normal, 10);
+#ifdef ENABLE_ECC
try_prio("SECURE256", 20, 4);
+#else
+ try_prio("SECURE256", 12, 4);
+#endif
try_prio("SECURE128", sec128, 8);
try_prio("SECURE128:+SECURE256", sec128, 8); /* should be the same as SECURE128 */
try_prio("SECURE128:+SECURE256:+NORMAL", normal, 10); /* should be the same as NORMAL */
+#ifdef ENABLE_ECC
try_prio("SUITEB192", 1, 1);
+#endif
}
Index: gnutls-3.2.6/tests/mini-record-2.c
===================================================================
--- gnutls-3.2.6.orig/tests/mini-record-2.c
+++ gnutls-3.2.6/tests/mini-record-2.c
@@ -359,19 +359,19 @@ static void start (const char* prio, int
}
}
-#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
+#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
-#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:+RSA"
+#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:+RSA"
-#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+RSA:+CURVE-ALL"
+#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
-#define NEW_AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
-#define NEW_ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
-#define NEW_AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
-#define NEW_AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
+#define NEW_AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
+#define NEW_ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
+#define NEW_AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
+#define NEW_AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
static void ch_handler(int sig)
{

3
gnutls-3.2.6.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0a45dfa50edc8091ca1c25f7bae9d9c780b8a09c58ceb3e256264d2dc49338f4
size 4992204

BIN
gnutls-3.2.6.tar.xz.sig
View File

Binary file not shown.

862
gnutls-3.2.8-noecc.patch Normal file
View File

@ -0,0 +1,862 @@
Index: gnutls-3.2.8/lib/algorithms/publickey.c
===================================================================
--- gnutls-3.2.8.orig/lib/algorithms/publickey.c
+++ gnutls-3.2.8/lib/algorithms/publickey.c
@@ -48,8 +48,10 @@ static const gnutls_pk_map pk_mappings[]
{GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
{GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
{GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+#ifdef ENABLE_ECC
{GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
+#endif
{GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
{GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
{GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
@@ -96,7 +98,9 @@ static const gnutls_pk_entry pk_algorith
{"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
{"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
{"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
+#ifdef ENABLE_ECC
{"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
+#endif
{0, 0, 0}
};
Index: gnutls-3.2.8/lib/auth/cert.c
===================================================================
--- gnutls-3.2.8.orig/lib/auth/cert.c
+++ gnutls-3.2.8/lib/auth/cert.c
@@ -65,7 +65,12 @@ static gnutls_privkey_t alloc_and_load_p
key, int deinit);
#endif
+#ifdef ENABLE_ECC
#define MAX_CLIENT_SIGN_ALGOS 3
+#else
+#define MAX_CLIENT_SIGN_ALGOS 2
+#endif
+
#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1)
typedef enum CertificateSigType
{ RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64
@@ -1397,8 +1402,10 @@ _gnutls_check_supported_sign_algo(Certif
return GNUTLS_PK_RSA;
case DSA_SIGN:
return GNUTLS_PK_DSA;
+#ifdef ENABLE_ECC
case ECDSA_SIGN:
return GNUTLS_PK_EC;
+#endif
}
return -1;
@@ -1675,7 +1682,9 @@ _gnutls_gen_cert_server_cert_req(gnutls_
tmp_data[0] = CERTTYPE_SIZE - 1;
tmp_data[1] = RSA_SIGN;
tmp_data[2] = DSA_SIGN;
+#ifdef ENABLE_ECC
tmp_data[3] = ECDSA_SIGN; /* only these for now */
+#endif
ret = _gnutls_buffer_append_data(data, tmp_data, CERTTYPE_SIZE);
if (ret < 0)
Index: gnutls-3.2.8/lib/auth/dhe_psk.c
===================================================================
--- gnutls-3.2.8.orig/lib/auth/dhe_psk.c
+++ gnutls-3.2.8/lib/auth/dhe_psk.c
@@ -93,6 +93,7 @@ const mod_auth_st ecdhe_psk_auth_struct
};
#endif
+#ifdef ENABLE_ECDHE
static int
gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
@@ -136,6 +137,7 @@ gen_ecdhe_psk_client_kx(gnutls_session_t
return ret;
}
+#endif
static int
gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data)
@@ -231,6 +233,7 @@ gen_dhe_psk_server_kx(gnutls_session_t s
return ret;
}
+#ifdef ENABLE_ECDHE
static int
gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
@@ -255,7 +258,7 @@ gen_ecdhe_psk_server_kx(gnutls_session_t
return ret;
}
-
+#endif
static int
proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
@@ -333,7 +336,7 @@ proc_dhe_psk_client_kx(gnutls_session_t
return ret;
}
-
+#ifdef ENABLE_ECDHE
static int
proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data,
size_t _data_size)
@@ -397,6 +400,7 @@ proc_ecdhe_psk_client_kx(gnutls_session_
return ret;
}
+#endif
static int
proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
@@ -428,6 +432,7 @@ proc_dhe_psk_server_kx(gnutls_session_t
return 0;
}
+#ifdef ENABLE_ECDHE
static int
proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data,
size_t _data_size)
@@ -457,5 +462,6 @@ proc_ecdhe_psk_server_kx(gnutls_session_
return 0;
}
+#endif
#endif /* ENABLE_PSK */
Index: gnutls-3.2.8/lib/ext/ecc.c
===================================================================
--- gnutls-3.2.8.orig/lib/ext/ecc.c
+++ gnutls-3.2.8/lib/ext/ecc.c
@@ -36,6 +36,7 @@
* extensions draft.
*/
+#ifdef ENABLE_ECC
static int _gnutls_supported_ecc_recv_params(gnutls_session_t session,
const uint8_t * data,
size_t data_size);
@@ -285,3 +286,4 @@ _gnutls_session_supports_ecc_curve(gnutl
return GNUTLS_E_ECC_UNSUPPORTED_CURVE;
}
+#endif
Index: gnutls-3.2.8/lib/gnutls_extensions.c
===================================================================
--- gnutls-3.2.8.orig/lib/gnutls_extensions.c
+++ gnutls-3.2.8/lib/gnutls_extensions.c
@@ -345,6 +345,7 @@ int _gnutls_ext_init(void)
if (ret != GNUTLS_E_SUCCESS)
return ret;
+#ifdef ENABLE_ECC
ret = _gnutls_ext_register(&ext_mod_supported_ecc);
if (ret != GNUTLS_E_SUCCESS)
return ret;
@@ -352,6 +353,7 @@ int _gnutls_ext_init(void)
ret = _gnutls_ext_register(&ext_mod_supported_ecc_pf);
if (ret != GNUTLS_E_SUCCESS)
return ret;
+#endif
ret = _gnutls_ext_register(&ext_mod_sig);
if (ret != GNUTLS_E_SUCCESS)
Index: gnutls-3.2.8/lib/gnutls_priority.c
===================================================================
--- gnutls-3.2.8.orig/lib/gnutls_priority.c
+++ gnutls-3.2.8/lib/gnutls_priority.c
@@ -231,6 +231,7 @@ gnutls_certificate_type_set_priority(gnu
}
static const int supported_ecc_normal[] = {
+#ifdef ENABLE_ECC
#ifdef ENABLE_NON_SUITEB_CURVES
GNUTLS_ECC_CURVE_SECP192R1,
GNUTLS_ECC_CURVE_SECP224R1,
@@ -238,30 +239,39 @@ static const int supported_ecc_normal[]
GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1,
+#endif
0
};
static const int supported_ecc_secure128[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1,
+#endif
0
};
static const int supported_ecc_suiteb128[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1,
+#endif
0
};
static const int supported_ecc_suiteb192[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP384R1,
+#endif
0
};
static const int supported_ecc_secure192[] = {
+#ifdef ENABLE_ECC
GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1,
+#endif
0
};
@@ -412,51 +422,75 @@ static const int comp_priority[] = {
static const int sign_priority_default[] = {
GNUTLS_SIGN_RSA_SHA256,
GNUTLS_SIGN_DSA_SHA256,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA256,
+#endif
GNUTLS_SIGN_RSA_SHA384,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
GNUTLS_SIGN_RSA_SHA512,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA512,
+#endif
GNUTLS_SIGN_RSA_SHA224,
GNUTLS_SIGN_DSA_SHA224,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA224,
+#endif
GNUTLS_SIGN_RSA_SHA1,
GNUTLS_SIGN_DSA_SHA1,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA1,
+#endif
0
};
static const int sign_priority_suiteb128[] = {
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA256,
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
0
};
static const int sign_priority_suiteb192[] = {
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
0
};
static const int sign_priority_secure128[] = {
GNUTLS_SIGN_RSA_SHA256,
GNUTLS_SIGN_DSA_SHA256,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA256,
+#endif
GNUTLS_SIGN_RSA_SHA384,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
GNUTLS_SIGN_RSA_SHA512,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA512,
+#endif
0
};
static const int sign_priority_secure192[] = {
GNUTLS_SIGN_RSA_SHA384,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA384,
+#endif
GNUTLS_SIGN_RSA_SHA512,
+#ifdef ENABLE_ECC
GNUTLS_SIGN_ECDSA_SHA512,
+#endif
0
};
Index: gnutls-3.2.8/lib/nettle/pk.c
===================================================================
--- gnutls-3.2.8.orig/lib/nettle/pk.c
+++ gnutls-3.2.8/lib/nettle/pk.c
@@ -148,6 +148,7 @@ static int _wrap_nettle_pk_derive(gnutls
int ret;
switch (algo) {
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC:
{
struct ecc_scalar ecc_priv;
@@ -193,6 +194,7 @@ static int _wrap_nettle_pk_derive(gnutls
goto cleanup;
break;
}
+#endif
default:
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
@@ -348,6 +350,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm
const mac_entry_st *me;
switch (algo) {
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC: /* we do ECDSA */
{
struct ecc_scalar priv;
@@ -396,6 +399,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm
}
break;
}
+#endif
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
@@ -500,6 +504,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorit
bigint_t tmp[2] = { NULL, NULL };
switch (algo) {
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC: /* ECDSA */
{
struct ecc_point pub;
@@ -546,6 +551,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorit
ecc_point_clear(&pub);
break;
}
+#endif
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
@@ -759,6 +765,7 @@ wrap_nettle_pk_generate_params(gnutls_pk
break;
}
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC:
{
struct ecc_scalar key;
@@ -805,6 +812,7 @@ wrap_nettle_pk_generate_params(gnutls_pk
break;
}
+#endif
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
@@ -946,6 +954,7 @@ wrap_nettle_pk_verify_params(gnutls_pk_a
}
break;
+#ifdef ENABLE_ECC
case GNUTLS_PK_EC:
{
struct ecc_point r, pub;
@@ -1014,6 +1023,7 @@ wrap_nettle_pk_verify_params(gnutls_pk_a
ecc_point_clear(&pub);
}
break;
+#endif
default:
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
}
@@ -1173,6 +1183,7 @@ static int wrap_nettle_hash_algorithm(gn
ret = 0;
break;
+
case GNUTLS_PK_RSA:
if (sig == NULL) { /* return a sensible algorithm */
if (hash_algo)
Index: gnutls-3.2.8/lib/algorithms/kx.c
===================================================================
--- gnutls-3.2.8.orig/lib/algorithms/kx.c
+++ gnutls-3.2.8/lib/algorithms/kx.c
@@ -28,9 +28,11 @@
extern mod_auth_st rsa_auth_struct;
extern mod_auth_st dhe_rsa_auth_struct;
+#ifdef ENABLE_ECC
extern mod_auth_st ecdhe_rsa_auth_struct;
extern mod_auth_st ecdhe_psk_auth_struct;
extern mod_auth_st ecdhe_ecdsa_auth_struct;
+#endif
extern mod_auth_st dhe_dss_auth_struct;
extern mod_auth_st anon_auth_struct;
extern mod_auth_st anon_ecdh_auth_struct;
@@ -57,10 +59,12 @@ static const gnutls_cred_map cred_mappin
{GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
{GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
{GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+#ifdef ENABLE_ECDHE
{GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE,
GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE,
GNUTLS_CRD_CERTIFICATE},
+#endif
{GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE,
GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE,
@@ -68,7 +72,9 @@ static const gnutls_cred_map cred_mappin
{GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
{GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
{GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
+#ifdef ENABLE_ECDHE
{GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+#endif
{GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
{GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
@@ -102,7 +108,7 @@ static const gnutls_kx_algo_entry _gnutl
{"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
{"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
#endif
-#ifdef ENABLE_ECDHE
+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
{"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
{"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct,
0},
@@ -119,7 +125,7 @@ static const gnutls_kx_algo_entry _gnutl
{"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
1 /* needs DHE params */ },
#endif
-#ifdef ENABLE_ECDHE
+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
{"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
#endif
#endif
Index: gnutls-3.2.8/lib/auth/ecdhe.c
===================================================================
--- gnutls-3.2.8.orig/lib/auth/ecdhe.c
+++ gnutls-3.2.8/lib/auth/ecdhe.c
@@ -50,7 +50,7 @@ static int
proc_ecdhe_client_kx(gnutls_session_t session,
uint8_t * data, size_t _data_size);
-#if defined(ENABLE_ECDHE)
+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC)
const mod_auth_st ecdhe_ecdsa_auth_struct = {
"ECDHE_ECDSA",
_gnutls_gen_cert_server_crt,
Index: gnutls-3.2.8/tests/cert-tests/dane
===================================================================
--- gnutls-3.2.8.orig/tests/cert-tests/dane
+++ gnutls-3.2.8/tests/cert-tests/dane
@@ -22,6 +22,8 @@
set -e
+exit 77
+
srcdir=${srcdir:-.}
DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT}
DIFF=${DIFF:-diff}
Index: gnutls-3.2.8/tests/dtls/dtls
===================================================================
--- gnutls-3.2.8.orig/tests/dtls/dtls
+++ gnutls-3.2.8/tests/dtls/dtls
@@ -22,9 +22,7 @@
set -e
-if test "${WINDIR}" != "";then
- exit 77
-fi
+exit 77
./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
Index: gnutls-3.2.8/tests/dtls/dtls-nb
===================================================================
--- gnutls-3.2.8.orig/tests/dtls/dtls-nb
+++ gnutls-3.2.8/tests/dtls/dtls-nb
@@ -22,9 +22,7 @@
set -e
-if test "${WINDIR}" != "";then
- exit 77
-fi
+exit 77
./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished
./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone
Index: gnutls-3.2.8/tests/ecdsa/ecdsa
===================================================================
--- gnutls-3.2.8.orig/tests/ecdsa/ecdsa
+++ gnutls-3.2.8/tests/ecdsa/ecdsa
@@ -22,6 +22,8 @@
#set -e
+exit 77
+
srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
Index: gnutls-3.2.8/tests/mini-alpn.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-alpn.c
+++ gnutls-3.2.8/tests/mini-alpn.c
@@ -25,7 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_ALPN)
+#if defined(_WIN32) || !defined(ENABLE_ALPN) || !defined(ENABLE_ECDH)
int main(int argc, char **argv)
{
Index: gnutls-3.2.8/tests/mini-dtls-heartbeat.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-heartbeat.c
+++ gnutls-3.2.8/tests/mini-dtls-heartbeat.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
+#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/mini-dtls-hello-verify.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-hello-verify.c
+++ gnutls-3.2.8/tests/mini-dtls-hello-verify.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECDH)
int main()
{
Index: gnutls-3.2.8/tests/mini-dtls-large.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-large.c
+++ gnutls-3.2.8/tests/mini-dtls-large.c
@@ -25,7 +25,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
+#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
int main()
{
@@ -179,8 +179,12 @@ static void server(int fd)
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
+#ifdef ENABLE_ECDH
gnutls_priority_set_direct(session,
"NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL",
+#else
+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH",
+#endif
NULL);
gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred);
Index: gnutls-3.2.8/tests/mini-dtls-record.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-record.c
+++ gnutls-3.2.8/tests/mini-dtls-record.c
@@ -29,7 +29,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/mini-dtls-rehandshake.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-rehandshake.c
+++ gnutls-3.2.8/tests/mini-dtls-rehandshake.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/mini-dtls-srtp.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-dtls-srtp.c
+++ gnutls-3.2.8/tests/mini-dtls-srtp.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP)
+#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) || !defined(ENABLE_ECC)
int main(int argc, char **argv)
{
Index: gnutls-3.2.8/tests/mini-handshake-timeout.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-handshake-timeout.c
+++ gnutls-3.2.8/tests/mini-handshake-timeout.c
@@ -28,7 +28,7 @@
#include <stdlib.h>
#include <string.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
@@ -136,7 +136,11 @@ static void initialize_tls_session(gnutl
/* avoid calling all the priority functions, since the defaults
* are adequate.
*/
- gnutls_priority_set_direct(*session, "NORMAL:+ANON-ECDH", NULL);
+#ifdef ENABLE_ECC
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL);
+#else
+ gnutls_priority_set_direct (session, "NORMAL:+ANON-DH", NULL);
+#endif
}
static void server(int fd, int wait)
Index: gnutls-3.2.8/tests/mini-loss-time.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-loss-time.c
+++ gnutls-3.2.8/tests/mini-loss-time.c
@@ -28,7 +28,7 @@
#include <stdlib.h>
#include <string.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/mini-record-2.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-record-2.c
+++ gnutls-3.2.8/tests/mini-record-2.c
@@ -340,22 +340,22 @@ static void start(const char *prio, int
}
}
-#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-
-#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL"
-#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:+RSA"
-
-#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+RSA:+CURVE-ALL"
-
-#define NEW_AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
-#define NEW_ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
-#define NEW_AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
-#define NEW_AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
+#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+
+#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:+RSA"
+
+#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL"
+
+#define NEW_AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
+#define NEW_ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
+#define NEW_AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
+#define NEW_AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING"
-#define ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+ANON-ECDH:+CURVE-ALL"
-#define NEW_ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
+#define ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+RSA:+CURVE-ALL"
+#define NEW_ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+RSA:+CURVE-ALL:%NEW_PADDING"
static void ch_handler(int sig)
{
Index: gnutls-3.2.8/tests/mini-record-range.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-record-range.c
+++ gnutls-3.2.8/tests/mini-record-range.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/mini-record.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-record.c
+++ gnutls-3.2.8/tests/mini-record.c
@@ -27,8 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
-
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
exit(77);
Index: gnutls-3.2.8/tests/mini-x509-callbacks.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-x509-callbacks.c
+++ gnutls-3.2.8/tests/mini-x509-callbacks.c
@@ -57,8 +57,13 @@ unsigned int msg_order[] = {
GNUTLS_HANDSHAKE_CLIENT_HELLO,
GNUTLS_HANDSHAKE_SERVER_HELLO,
GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
+#ifndef ENABLE_ECC
+ /*Sent: CERTIFICATE REQUEST, expected SERVER KEY EXCHANGE*/
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
+#else
GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
+#endif
GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
Index: gnutls-3.2.8/tests/mini-xssl.c
===================================================================
--- gnutls-3.2.8.orig/tests/mini-xssl.c
+++ gnutls-3.2.8/tests/mini-xssl.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32) || !defined(ENABLE_NON_SUITEB_CURVES)
+#if defined(_WIN32) || !defined(ENABLE_ECC)
int main()
{
Index: gnutls-3.2.8/tests/pkcs12_simple.c
===================================================================
--- gnutls-3.2.8.orig/tests/pkcs12_simple.c
+++ gnutls-3.2.8/tests/pkcs12_simple.c
@@ -49,6 +49,10 @@ void doit(void)
gnutls_x509_privkey_t pkey;
int ret;
+#ifndef ENABLE_ECC
+ exit(77);
+#endif
+
ret = global_init();
if (ret < 0)
fail("global_init failed %d\n", ret);
Index: gnutls-3.2.8/tests/priorities.c
===================================================================
--- gnutls-3.2.8.orig/tests/priorities.c
+++ gnutls-3.2.8/tests/priorities.c
@@ -71,8 +71,7 @@ try_prio(const char *prio, unsigned expe
fprintf(stderr, "%s\n",
gnutls_cipher_get_name(t[i]));
#endif
- fail("expected %d ciphers, found %d\n", expected_ciphers,
- ret);
+ fail("%s: expected %d ciphers, found %d\n", prio, expected_ciphers, ret);
exit(1);
}
@@ -84,28 +83,42 @@ try_prio(const char *prio, unsigned expe
success("finished: %s\n", prio);
if (count != expected_cs) {
- fail("expected %d ciphersuites, found %d\n", expected_cs,
- count);
+ fail("%s: expected %d ciphersuites, found %d\n", prio, expected_cs, count);
exit(1);
}
}
void doit(void)
{
+#ifdef ENABLE_ECC
const int normal = 66;
const int null = 5;
const int sec128 = 56;
-
+#else
+ const int normal = 42;
+ const int null = 3;
+ const int sec128 = 36;
+#endif
try_prio("NORMAL", normal, 10);
try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 10);
try_prio("NORMAL:+CIPHER-ALL", normal, 10); /* all (except null) */
try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */
try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 11); /* should be null + all */
+#ifdef ENABLE_ECC
try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1); /* should be null + all */
+#else
+ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 6, 1); /* should be null + all */
+#endif
try_prio("PERFORMANCE", normal, 10);
+#ifdef ENABLE_ECC
try_prio("SECURE256", 20, 4);
+#else
+ try_prio("SECURE256", 12, 4);
+#endif
try_prio("SECURE128", sec128, 8);
try_prio("SECURE128:+SECURE256", sec128, 8); /* should be the same as SECURE128 */
try_prio("SECURE128:+SECURE256:+NORMAL", normal, 10); /* should be the same as NORMAL */
+#ifdef ENABLE_ECC
try_prio("SUITEB192", 1, 1);
+#endif
}
Index: gnutls-3.2.8/tests/slow/keygen.c
===================================================================
--- gnutls-3.2.8.orig/tests/slow/keygen.c
+++ gnutls-3.2.8/tests/slow/keygen.c
@@ -62,6 +62,11 @@ void doit(void)
if (algorithm == GNUTLS_PK_DH)
continue;
+#ifndef ENABLE_ECC
+ if (algorithm == GNUTLS_PK_EC)
+ continue;
+#endif
+
ret = gnutls_x509_privkey_init(&pkey);
if (ret < 0) {
fail("gnutls_x509_privkey_init: %d\n",
Index: gnutls-3.2.8/tests/srp/mini-srp.c
===================================================================
--- gnutls-3.2.8.orig/tests/srp/mini-srp.c
+++ gnutls-3.2.8/tests/srp/mini-srp.c
@@ -27,7 +27,7 @@
#include <stdio.h>
#include <stdlib.h>
-#if defined(_WIN32)
+#if defined(_WIN32) || !defined(ENABLE_SRP)
int main()
{

3
gnutls-3.2.8.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:144156f4140400df2bd9303dab69f44099113a3b46780737734affe93782d94d
size 5135984

BIN
gnutls-3.2.8.tar.xz.sig Normal file
View File

Binary file not shown.

116
gnutls-implement-trust-store-dir.diff → gnutls-implement-trust-store-dir-3.2.8.diff
View File

@ -1,8 +1,8 @@
Index: gnutls-3.2.3/configure.ac
Index: gnutls-3.2.8/configure.ac
===================================================================
--- gnutls-3.2.3.orig/configure.ac
+++ gnutls-3.2.3/configure.ac
@@ -418,6 +418,25 @@ if test "$with_default_trust_store_file"
--- gnutls-3.2.8.orig/configure.ac
+++ gnutls-3.2.8/configure.ac
@@ -457,6 +457,25 @@ if test "$with_default_trust_store_file"
with_default_trust_store_file=""
fi
@ -28,7 +28,7 @@ Index: gnutls-3.2.3/configure.ac
AC_ARG_WITH([default-crl-file],
[AS_HELP_STRING([--with-default-crl-file=FILE],
[use the given CRL file as default])])
@@ -427,6 +446,11 @@ if test "x$with_default_trust_store_file
@@ -470,6 +489,11 @@ if test "x$with_default_trust_store_file
["$with_default_trust_store_file"], [use the given file default trust store])
fi
@ -40,20 +40,20 @@ Index: gnutls-3.2.3/configure.ac
if test "x$with_default_crl_file" != x; then
AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE],
["$with_default_crl_file"], [use the given CRL file])
@@ -704,6 +728,7 @@ AC_MSG_NOTICE([System files:
@@ -761,6 +785,7 @@ AC_MSG_NOTICE([System files:
Trust store pkcs: $with_default_trust_store_pkcs11
Trust store file: $with_default_trust_store_file
+ Trust store dir: $with_default_trust_store_dir
Blacklist file: $with_default_blacklist_file
CRL file: $with_default_crl_file
DNSSEC root key file: $unbound_root_key_file
])
Index: gnutls-3.2.3/lib/system.c
Index: gnutls-3.2.8/lib/system.c
===================================================================
--- gnutls-3.2.3.orig/lib/system.c
+++ gnutls-3.2.3/lib/system.c
@@ -385,7 +385,45 @@ const char *home_dir = getenv ("HOME");
return 0;
--- gnutls-3.2.8.orig/lib/system.c
+++ gnutls-3.2.8/lib/system.c
@@ -357,7 +357,45 @@ int _gnutls_find_config_path(char *path,
return 0;
}
-#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11))
@ -62,7 +62,7 @@ Index: gnutls-3.2.3/lib/system.c
+# include <dirent.h>
+# include <unistd.h>
+static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list,
+ unsigned int tl_flags, unsigned int tl_vflags, unsigned type)
+ unsigned int tl_flags, unsigned int tl_vflags, unsigned type)
+{
+DIR * dirp;
+struct dirent *d;
@ -75,16 +75,16 @@ Index: gnutls-3.2.3/lib/system.c
+ {
+ do
+ {
+ d = readdir(dirp);
+ if (d != NULL && d->d_type == DT_REG)
+ {
+ snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name);
+ d = readdir(dirp);
+ if (d != NULL && d->d_type == DT_REG)
+ {
+ snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name);
+
+ ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags);
+ if (ret >= 0)
+ r += ret;
+ }
+ }
+ }
+ }
+ while(d != NULL);
+ closedir(dirp);
+ }
@ -99,9 +99,9 @@ Index: gnutls-3.2.3/lib/system.c
static
int
add_system_trust(gnutls_x509_trust_list_t list,
@@ -413,6 +451,12 @@ add_system_trust(gnutls_x509_trust_list_
r += ret;
# endif
@@ -393,6 +431,12 @@ add_system_trust(gnutls_x509_trust_list_
r += ret;
#endif
+# ifdef DEFAULT_TRUST_STORE_DIR
+ ret = load_dir_certs(DEFAULT_TRUST_STORE_DIR, list, tl_flags, tl_vflags, GNUTLS_X509_FMT_PEM);
@ -109,46 +109,48 @@ Index: gnutls-3.2.3/lib/system.c
+ r += ret;
+# endif
+
return r;
}
#elif defined(_WIN32)
@@ -466,39 +510,6 @@ int add_system_trust(gnutls_x509_trust_l
return r;
#ifdef DEFAULT_BLACKLIST_FILE
ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM);
if (ret < 0) {
@@ -467,41 +511,6 @@ int add_system_trust(gnutls_x509_trust_l
return r;
}
#elif defined(ANDROID) || defined(__ANDROID__)
-# include <dirent.h>
-# include <unistd.h>
-static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags, unsigned type)
-#include <dirent.h>
-#include <unistd.h>
-static int load_dir_certs(const char *dirname,
- gnutls_x509_trust_list_t list,
- unsigned int tl_flags, unsigned int tl_vflags,
- unsigned type)
-{
-DIR * dirp;
-struct dirent *d;
-int ret;
-int r = 0;
-char path[GNUTLS_PATH_MAX];
- DIR *dirp;
- struct dirent *d;
- int ret;
- int r = 0;
- char path[GNUTLS_PATH_MAX];
-
- dirp = opendir(dirname);
- if (dirp != NULL)
- {
- do
- {
- d = readdir(dirp);
- if (d != NULL && d->d_type == DT_REG)
- {
- snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name);
- dirp = opendir(dirname);
- if (dirp != NULL) {
- do {
- d = readdir(dirp);
- if (d != NULL && d->d_type == DT_REG) {
- snprintf(path, sizeof(path), "%s/%s",
- dirname, d->d_name);
-
- ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags);
- if (ret >= 0)
- r += ret;
- }
- }
- while(d != NULL);
- closedir(dirp);
- }
-
- return r;
- ret =
- gnutls_x509_trust_list_add_trust_file
- (list, path, NULL, type, tl_flags,
- tl_vflags);
- if (ret >= 0)
- r += ret;
- }
- }
- while (d != NULL);
- closedir(dirp);
- }
-
- return r;
-}
-
static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type)
{
DIR * dirp;

45
gnutls.changes
View File

@ -1,3 +1,48 @@
-------------------------------------------------------------------
Sat Dec 21 20:38:19 UTC 2013 - shchang@suse.com
- Upgrade to 3.2.8
* Version 3.2.8 (released 2013-12-20)
** libgnutls: Updated code for AES-NI. That prevents an uninitialized
variable complaint from valgrind.
** libgnutls: Enforce a maximum size for DH primes.
** libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy
Polyakov's code.
** libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code.
** libgnutls: It only links to librt if the required functions are not
present in libc. This also prevents an indirect linking to libpthread.
** libgnutls: Fixed issue with gnulib strerror replacement by adding
the strerror gnulib module.
** libgnutls: The time provided in the TLS random values is only
precise on its first 3 bytes. That prevents leakage of the precise
system time (at least on the client side when only few connections are
done on a single server).
** certtool: The --verify option will use the system CAs if the
load-ca-certificate option is not provided.
** configure: Added option --with-default-blacklist-file to allow
specifying a certificate blacklist file.
** configure: Added --disable-non-suiteb-curves option. This option
restricts the supported curves to SuiteB curves.
** API and ABI modifications: gnutls_record_check_corked: Added
Add files: gnutls-3.2.8.tar.xz, gnutls-3.2.8.tar.xz.sig, gnutls-implement-trust-store-dir-3.2.8.diff,
gnutls-3.2.8-noecc.patch
Delete files: gnutls-3.2.6.tar.xz, gnutls-3.2.6.tar.xz.sig, gnutls-implement-trust-store-dir,
gnutls-3.2.6-noecc.patch
-------------------------------------------------------------------
Fri Nov 1 14:39:41 UTC 2013 - shchang@suse.com

6
gnutls.spec
View File

@ -21,7 +21,7 @@
%define gnutls_ossl_sover 27
Name: gnutls
Version: 3.2.6
Version: 3.2.8
Release: 0
Summary: The GNU Transport Layer Security Library
License: LGPL-2.1+ and GPL-3.0+
@ -37,8 +37,8 @@ Source3: baselibs.conf
Patch3: gnutls-3.0.26-skip-test-fwrite.patch
# Disable elliptic curves for reasons. - meissner&cfarrell
Patch5: gnutls-3.2.6-noecc.patch
Patch6: gnutls-implement-trust-store-dir.diff
Patch5: gnutls-3.2.8-noecc.patch
Patch6: gnutls-implement-trust-store-dir-3.2.8.diff
BuildRequires: automake
BuildRequires: gcc-c++