diff --git a/gnutls-3.2.6-noecc.patch b/gnutls-3.2.6-noecc.patch deleted file mode 100644 index d2c24b8..0000000 --- a/gnutls-3.2.6-noecc.patch +++ /dev/null @@ -1,837 +0,0 @@ -Index: gnutls-3.2.6/lib/algorithms/publickey.c -=================================================================== ---- gnutls-3.2.6.orig/lib/algorithms/publickey.c -+++ gnutls-3.2.6/lib/algorithms/publickey.c -@@ -49,8 +49,10 @@ static const gnutls_pk_map pk_mappings[] - {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT}, - {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, - {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, -+#ifdef ENABLE_ECC - {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, - {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN}, -+#endif - {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, - {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, - {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT}, -@@ -98,7 +100,9 @@ static const gnutls_pk_entry pk_algorith - {"DSA", PK_DSA_OID, GNUTLS_PK_DSA}, - {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN}, - {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN}, -+#ifdef ENABLE_ECC - {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC}, -+#endif - {0, 0, 0} - }; - -Index: gnutls-3.2.6/lib/auth/cert.c -=================================================================== ---- gnutls-3.2.6.orig/lib/auth/cert.c -+++ gnutls-3.2.6/lib/auth/cert.c -@@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p - key, int deinit); - #endif - -+#ifdef ENABLE_ECC - #define MAX_CLIENT_SIGN_ALGOS 3 -+#else -+#define MAX_CLIENT_SIGN_ALGOS 2 -+#endif - #define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1) - typedef enum CertificateSigType - { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64 -@@ -1438,8 +1442,10 @@ _gnutls_check_supported_sign_algo (Certi - return GNUTLS_PK_RSA; - case DSA_SIGN: - return GNUTLS_PK_DSA; -+#ifdef ENABLE_ECC - case ECDSA_SIGN: - return GNUTLS_PK_EC; -+#endif - } - - return -1; -@@ -1735,7 +1741,9 @@ _gnutls_gen_cert_server_cert_req (gnutls - tmp_data[0] = CERTTYPE_SIZE - 1; - tmp_data[1] = RSA_SIGN; - tmp_data[2] = DSA_SIGN; -+#ifdef ENABLE_ECC - tmp_data[3] = ECDSA_SIGN; /* only these for now */ -+#endif - - ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE); - if (ret < 0) -Index: gnutls-3.2.6/lib/auth/dhe_psk.c -=================================================================== ---- gnutls-3.2.6.orig/lib/auth/dhe_psk.c -+++ gnutls-3.2.6/lib/auth/dhe_psk.c -@@ -92,6 +92,7 @@ const mod_auth_st ecdhe_psk_auth_struct - }; - #endif - -+#ifdef ENABLE_ECDHE - static int - gen_ecdhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data) - { -@@ -135,6 +136,7 @@ cleanup: - - return ret; - } -+#endif - - static int - gen_dhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data) -@@ -230,6 +232,7 @@ gen_dhe_psk_server_kx (gnutls_session_t - return ret; - } - -+#ifdef ENABLE_ECDHE - static int - gen_ecdhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data) - { -@@ -254,7 +257,7 @@ gen_ecdhe_psk_server_kx (gnutls_session_ - - return ret; - } -- -+#endif - - static int - proc_dhe_psk_client_kx (gnutls_session_t session, uint8_t * data, -@@ -335,6 +338,7 @@ proc_dhe_psk_client_kx (gnutls_session_t - - } - -+#ifdef ENABLE_ECDHE - static int - proc_ecdhe_psk_client_kx (gnutls_session_t session, uint8_t * data, - size_t _data_size) -@@ -399,6 +403,7 @@ proc_ecdhe_psk_client_kx (gnutls_session - - return ret; - } -+#endif - - static int - proc_dhe_psk_server_kx (gnutls_session_t session, uint8_t * data, -@@ -432,6 +437,7 @@ proc_dhe_psk_server_kx (gnutls_session_t - return 0; - } - -+#ifdef ENABLE_ECDHE - static int - proc_ecdhe_psk_server_kx (gnutls_session_t session, uint8_t * data, - size_t _data_size) -@@ -463,5 +469,6 @@ proc_ecdhe_psk_server_kx (gnutls_session - - return 0; - } -+#endif - - #endif /* ENABLE_PSK */ -Index: gnutls-3.2.6/lib/ext/ecc.c -=================================================================== ---- gnutls-3.2.6.orig/lib/ext/ecc.c -+++ gnutls-3.2.6/lib/ext/ecc.c -@@ -35,7 +35,7 @@ - /* Maps record size to numbers according to the - * extensions draft. - */ -- -+#ifdef ENABLE_ECC - static int _gnutls_supported_ecc_recv_params (gnutls_session_t session, - const uint8_t * data, - size_t data_size); -@@ -269,3 +269,4 @@ _gnutls_session_supports_ecc_curve (gnut - - return GNUTLS_E_ECC_UNSUPPORTED_CURVE; - } -+#endif -Index: gnutls-3.2.6/lib/gnutls_extensions.c -=================================================================== ---- gnutls-3.2.6.orig/lib/gnutls_extensions.c -+++ gnutls-3.2.6/lib/gnutls_extensions.c -@@ -351,6 +351,7 @@ _gnutls_ext_init (void) - if (ret != GNUTLS_E_SUCCESS) - return ret; - -+#ifdef ENABLE_ECC - ret = _gnutls_ext_register (&ext_mod_supported_ecc); - if (ret != GNUTLS_E_SUCCESS) - return ret; -@@ -358,6 +359,7 @@ _gnutls_ext_init (void) - ret = _gnutls_ext_register (&ext_mod_supported_ecc_pf); - if (ret != GNUTLS_E_SUCCESS) - return ret; -+#endif - - ret = _gnutls_ext_register (&ext_mod_sig); - if (ret != GNUTLS_E_SUCCESS) -Index: gnutls-3.2.6/lib/gnutls_priority.c -=================================================================== ---- gnutls-3.2.6.orig/lib/gnutls_priority.c -+++ gnutls-3.2.6/lib/gnutls_priority.c -@@ -245,35 +245,45 @@ gnutls_certificate_type_set_priority (gn - } - - static const int supported_ecc_normal[] = { -+#ifdef ENABLE_ECC - GNUTLS_ECC_CURVE_SECP192R1, - GNUTLS_ECC_CURVE_SECP224R1, - GNUTLS_ECC_CURVE_SECP256R1, - GNUTLS_ECC_CURVE_SECP384R1, - GNUTLS_ECC_CURVE_SECP521R1, -+#endif - 0 - }; - - static const int supported_ecc_secure128[] = { -+#ifdef ENABLE_ECC - GNUTLS_ECC_CURVE_SECP256R1, - GNUTLS_ECC_CURVE_SECP384R1, - GNUTLS_ECC_CURVE_SECP521R1, -+#endif - 0 - }; - - static const int supported_ecc_suiteb128[] = { -+#ifdef ENABLE_ECC - GNUTLS_ECC_CURVE_SECP256R1, - GNUTLS_ECC_CURVE_SECP384R1, -+#endif - 0 - }; - - static const int supported_ecc_suiteb192[] = { -+#ifdef ENABLE_ECC - GNUTLS_ECC_CURVE_SECP384R1, -+#endif - 0 - }; - - static const int supported_ecc_secure192[] = { -+#ifdef ENABLE_ECC - GNUTLS_ECC_CURVE_SECP384R1, - GNUTLS_ECC_CURVE_SECP521R1, -+#endif - 0 - }; - -@@ -423,51 +433,74 @@ static const int comp_priority[] = { - static const int sign_priority_default[] = { - GNUTLS_SIGN_RSA_SHA256, - GNUTLS_SIGN_DSA_SHA256, -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA256, -+#endif - - GNUTLS_SIGN_RSA_SHA384, -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA384, -+#endif - - GNUTLS_SIGN_RSA_SHA512, -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA512, -- -+#endif - GNUTLS_SIGN_RSA_SHA224, - GNUTLS_SIGN_DSA_SHA224, -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA224, -+#endif - - GNUTLS_SIGN_RSA_SHA1, - GNUTLS_SIGN_DSA_SHA1, -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA1, -+#endif - 0 - }; - - static const int sign_priority_suiteb128[] = { -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA256, - GNUTLS_SIGN_ECDSA_SHA384, -+#endif - 0 - }; - - static const int sign_priority_suiteb192[] = { -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA384, -+#endif - 0 - }; - - static const int sign_priority_secure128[] = { - GNUTLS_SIGN_RSA_SHA256, - GNUTLS_SIGN_DSA_SHA256, -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA256, -+#endif - GNUTLS_SIGN_RSA_SHA384, -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA384, -+#endif - GNUTLS_SIGN_RSA_SHA512, -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA512, -+#endif - 0 - }; - - static const int sign_priority_secure192[] = { - GNUTLS_SIGN_RSA_SHA384, -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA384, -+#endif - GNUTLS_SIGN_RSA_SHA512, -+#ifdef ENABLE_ECC - GNUTLS_SIGN_ECDSA_SHA512, -+#endif - 0 - }; - -Index: gnutls-3.2.6/lib/nettle/pk.c -=================================================================== ---- gnutls-3.2.6.orig/lib/nettle/pk.c -+++ gnutls-3.2.6/lib/nettle/pk.c -@@ -146,6 +146,7 @@ static int _wrap_nettle_pk_derive(gnutls - - switch (algo) - { -+#ifdef ENABLE_ECC - case GNUTLS_PK_EC: - { - struct ecc_scalar ecc_priv; -@@ -186,6 +187,7 @@ ecc_cleanup: - if (ret < 0) goto cleanup; - break; - } -+#endif - default: - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; -@@ -330,6 +332,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith - - switch (algo) - { -+#ifdef ENABLE_ECC - case GNUTLS_PK_EC: /* we do ECDSA */ - { - struct ecc_scalar priv; -@@ -370,6 +373,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith - } - break; - } -+#endif - case GNUTLS_PK_DSA: - { - struct dsa_public_key pub; -@@ -472,6 +476,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori - - switch (algo) - { -+#ifdef ENABLE_ECC - case GNUTLS_PK_EC: /* ECDSA */ - { - struct ecc_point pub; -@@ -514,6 +519,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori - ecc_point_clear( &pub); - break; - } -+#endif - case GNUTLS_PK_DSA: - { - struct dsa_public_key pub; -@@ -721,6 +727,7 @@ rsa_fail: - - break; - } -+#ifdef ENABLE_ECC - case GNUTLS_PK_EC: - { - struct ecc_scalar key; -@@ -761,6 +768,7 @@ ecc_cleanup: - - break; - } -+#endif - default: - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; -@@ -877,6 +885,7 @@ dsa_cleanup: - } - - break; -+#ifdef ENABLE_ECC - case GNUTLS_PK_EC: - { - struct ecc_point r, pub; -@@ -938,6 +947,7 @@ ecc_cleanup: - ecc_point_clear(&pub); - } - break; -+#endif - default: - ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - } -Index: gnutls-3.2.6/tests/cert-tests/dane -=================================================================== ---- gnutls-3.2.6.orig/tests/cert-tests/dane -+++ gnutls-3.2.6/tests/cert-tests/dane -@@ -22,6 +22,8 @@ - - set -e - -+exit 77 -+ - srcdir=${srcdir:-.} - DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT} - DIFF=${DIFF:-diff} -Index: gnutls-3.2.6/tests/dtls/dtls-nb -=================================================================== ---- gnutls-3.2.6.orig/tests/dtls/dtls-nb -+++ gnutls-3.2.6/tests/dtls/dtls-nb -@@ -22,9 +22,7 @@ - - set -e - --if test "${WINDIR}" != "";then -- exit 77 --fi -+exit 77 - - ./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished - ./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone -Index: gnutls-3.2.6/tests/dtls/dtls -=================================================================== ---- gnutls-3.2.6.orig/tests/dtls/dtls -+++ gnutls-3.2.6/tests/dtls/dtls -@@ -22,9 +22,7 @@ - - set -e - --if test "${WINDIR}" != "";then -- exit 77 --fi -+exit 77 - - ./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished - ./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone -Index: gnutls-3.2.6/tests/ecdsa/ecdsa -=================================================================== ---- gnutls-3.2.6.orig/tests/ecdsa/ecdsa -+++ gnutls-3.2.6/tests/ecdsa/ecdsa -@@ -22,6 +22,8 @@ - - #set -e - -+exit 77 -+ - srcdir=${srcdir:-.} - CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} - -Index: gnutls-3.2.6/tests/mini-dtls-heartbeat.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-dtls-heartbeat.c -+++ gnutls-3.2.6/tests/mini-dtls-heartbeat.c -@@ -27,7 +27,7 @@ - #include - #include - --#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) -+#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC) - - int - main () -Index: gnutls-3.2.6/tests/mini-dtls-record.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-dtls-record.c -+++ gnutls-3.2.6/tests/mini-dtls-record.c -@@ -29,7 +29,7 @@ - #include - #include - --#if defined(_WIN32) -+#if defined(_WIN32) || !defined(ENABLE_ECC) - - int - main () -Index: gnutls-3.2.6/tests/mini-dtls-rehandshake.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-dtls-rehandshake.c -+++ gnutls-3.2.6/tests/mini-dtls-rehandshake.c -@@ -27,7 +27,7 @@ - #include - #include - --#if defined(_WIN32) -+#if defined(_WIN32) || !defined(ENABLE_ECC) - - int main() - { -Index: gnutls-3.2.6/tests/mini-dtls-srtp.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-dtls-srtp.c -+++ gnutls-3.2.6/tests/mini-dtls-srtp.c -@@ -27,7 +27,7 @@ - #include - #include - --#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) -+#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) || !defined(ENABLE_ECC) - - int - main (int argc, char** argv) -Index: gnutls-3.2.6/tests/mini-handshake-timeout.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-handshake-timeout.c -+++ gnutls-3.2.6/tests/mini-handshake-timeout.c -@@ -28,7 +28,7 @@ - #include - #include - --#if defined(_WIN32) -+#if defined(_WIN32) || !defined(ENABLE_ECC) - - int main() - { -@@ -144,7 +144,11 @@ initialize_tls_session (gnutls_session_t - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ -- gnutls_priority_set_direct (*session, "NORMAL:+ANON-ECDH", NULL); -+#ifdef ENABLE_ECC -+ gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL); -+#else -+ gnutls_priority_set_direct (session, "NORMAL:+ANON-DH", NULL); -+#endif - } - - static void -Index: gnutls-3.2.6/tests/mini-loss-time.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-loss-time.c -+++ gnutls-3.2.6/tests/mini-loss-time.c -@@ -28,7 +28,7 @@ - #include - #include - --#if defined(_WIN32) -+#if defined(_WIN32) || !defined(ENABLE_ECC) - - int main() - { -Index: gnutls-3.2.6/tests/mini-record.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-record.c -+++ gnutls-3.2.6/tests/mini-record.c -@@ -27,7 +27,7 @@ - #include - #include - --#if defined(_WIN32) -+#if defined(_WIN32) || !defined(ENABLE_ECC) - - int main() - { -Index: gnutls-3.2.6/tests/mini-record-range.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-record-range.c -+++ gnutls-3.2.6/tests/mini-record-range.c -@@ -27,7 +27,7 @@ - #include - #include - --#if defined(_WIN32) -+#if defined(_WIN32) || !defined(ENABLE_ECC) - - int main() - { -Index: gnutls-3.2.6/tests/mini-xssl.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-xssl.c -+++ gnutls-3.2.6/tests/mini-xssl.c -@@ -27,7 +27,7 @@ - #include - #include - --#if defined(_WIN32) -+#if defined(_WIN32) || !defined(ENABLE_ECC) - - int main() - { -Index: gnutls-3.2.6/tests/pkcs12_simple.c -=================================================================== ---- gnutls-3.2.6.orig/tests/pkcs12_simple.c -+++ gnutls-3.2.6/tests/pkcs12_simple.c -@@ -50,6 +50,10 @@ doit (void) - gnutls_x509_privkey_t pkey; - int ret; - -+#ifndef ENABLE_ECC -+ exit(77); -+#endif -+ - ret = global_init (); - if (ret < 0) - fail ("global_init failed %d\n", ret); -Index: gnutls-3.2.6/tests/slow/keygen.c -=================================================================== ---- gnutls-3.2.6.orig/tests/slow/keygen.c -+++ gnutls-3.2.6/tests/slow/keygen.c -@@ -65,6 +65,11 @@ doit (void) - if (algorithm == GNUTLS_PK_DH) - continue; - -+#ifndef ENABLE_ECC -+ if (algorithm == GNUTLS_PK_EC) -+ continue; -+#endif -+ - ret = gnutls_x509_privkey_init (&pkey); - if (ret < 0) - { -Index: gnutls-3.2.6/tests/srp/mini-srp.c -=================================================================== ---- gnutls-3.2.6.orig/tests/srp/mini-srp.c -+++ gnutls-3.2.6/tests/srp/mini-srp.c -@@ -27,7 +27,7 @@ - #include - #include - --#if defined(_WIN32) -+#if defined(_WIN32) || !defined(ENABLE_SRP) - - int main() - { -Index: gnutls-3.2.6/lib/auth/ecdhe.c -=================================================================== ---- gnutls-3.2.6.orig/lib/auth/ecdhe.c -+++ gnutls-3.2.6/lib/auth/ecdhe.c -@@ -50,7 +50,7 @@ static int - proc_ecdhe_client_kx (gnutls_session_t session, - uint8_t * data, size_t _data_size); - --#if defined(ENABLE_ECDHE) -+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC) - const mod_auth_st ecdhe_ecdsa_auth_struct = { - "ECDHE_ECDSA", - _gnutls_gen_cert_server_crt, -Index: gnutls-3.2.6/tests/mini-dtls-hello-verify.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-dtls-hello-verify.c -+++ gnutls-3.2.6/tests/mini-dtls-hello-verify.c -@@ -27,7 +27,7 @@ - #include - #include - --#if defined(_WIN32) -+#if defined(_WIN32) || !defined(ENABLE_ECDH) - - int main() - { -Index: gnutls-3.2.6/tests/mini-alpn.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-alpn.c -+++ gnutls-3.2.6/tests/mini-alpn.c -@@ -25,7 +25,7 @@ - #include - #include - --#if defined(_WIN32) || !defined(ENABLE_ALPN) -+#if defined(_WIN32) || !defined(ENABLE_ALPN) || !defined(ENABLE_ECDH) - - int - main (int argc, char** argv) -Index: gnutls-3.2.6/tests/mini-dtls-large.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-dtls-large.c -+++ gnutls-3.2.6/tests/mini-dtls-large.c -@@ -25,7 +25,7 @@ - #include - #include - --#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) -+#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC) - - int - main () -@@ -194,7 +194,11 @@ server (int fd) - * are adequate. - */ - gnutls_priority_set_direct (session, -+#ifdef ENABLE_ECDH - "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", -+#else -+ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", -+#endif - NULL); - - gnutls_credentials_set (session, GNUTLS_CRD_ANON, anoncred); -Index: gnutls-3.2.6/tests/mini-x509-callbacks.c -=================================================================== ---- gnutls-3.2.6.orig/tests/mini-x509-callbacks.c -+++ gnutls-3.2.6/tests/mini-x509-callbacks.c -@@ -58,8 +58,13 @@ unsigned int msg_order[] = { - GNUTLS_HANDSHAKE_CLIENT_HELLO, - GNUTLS_HANDSHAKE_SERVER_HELLO, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT, -+#ifndef ENABLE_ECC -+ /*Sent: CERTIFICATE REQUEST, expected SERVER KEY EXCHANGE*/ -+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, -+#else - GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, - GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, -+#endif - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, -Index: gnutls-3.2.6/lib/algorithms/kx.c -=================================================================== ---- gnutls-3.2.6.orig/lib/algorithms/kx.c -+++ gnutls-3.2.6/lib/algorithms/kx.c -@@ -28,9 +28,11 @@ - - extern mod_auth_st rsa_auth_struct; - extern mod_auth_st dhe_rsa_auth_struct; -+#ifdef ENABLE_ECC - extern mod_auth_st ecdhe_rsa_auth_struct; - extern mod_auth_st ecdhe_psk_auth_struct; - extern mod_auth_st ecdhe_ecdsa_auth_struct; -+#endif - extern mod_auth_st dhe_dss_auth_struct; - extern mod_auth_st anon_auth_struct; - extern mod_auth_st anon_ecdh_auth_struct; -@@ -58,14 +60,18 @@ static const gnutls_cred_map cred_mappin - {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON}, - {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON}, - {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, -+#ifdef ENABLE_ECDHE - {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, -+#endif - {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, - {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, - {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE}, -+#ifdef ENABLE_ECDHE - {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, -+#endif - {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP}, - {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, -@@ -100,7 +106,7 @@ static const gnutls_kx_algo_entry _gnutl - {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1}, - {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1}, - #endif --#ifdef ENABLE_ECDHE -+#if defined(ENABLE_ECDHE) && defined(ENABLE_ECC) - {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0}, - {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0}, - #endif -@@ -116,7 +122,7 @@ static const gnutls_kx_algo_entry _gnutl - {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct, - 1 /* needs DHE params */}, - # endif --# ifdef ENABLE_ECDHE -+# if defined(ENABLE_ECDHE) && defined(ENABLE_ECC) - {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0}, - # endif - #endif -Index: gnutls-3.2.6/tests/priorities.c -=================================================================== ---- gnutls-3.2.6.orig/tests/priorities.c -+++ gnutls-3.2.6/tests/priorities.c -@@ -73,7 +73,7 @@ unsigned i, si, count = 0; - for (i=0;i + #include + +-#if defined(_WIN32) || !defined(ENABLE_ALPN) ++#if defined(_WIN32) || !defined(ENABLE_ALPN) || !defined(ENABLE_ECDH) + + int main(int argc, char **argv) + { +Index: gnutls-3.2.8/tests/mini-dtls-heartbeat.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-dtls-heartbeat.c ++++ gnutls-3.2.8/tests/mini-dtls-heartbeat.c +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) ++#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC) + + int main() + { +Index: gnutls-3.2.8/tests/mini-dtls-hello-verify.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-dtls-hello-verify.c ++++ gnutls-3.2.8/tests/mini-dtls-hello-verify.c +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECDH) + + int main() + { +Index: gnutls-3.2.8/tests/mini-dtls-large.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-dtls-large.c ++++ gnutls-3.2.8/tests/mini-dtls-large.c +@@ -25,7 +25,7 @@ + #include + #include + +-#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) ++#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC) + + int main() + { +@@ -179,8 +179,12 @@ static void server(int fd) + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ ++#ifdef ENABLE_ECDH + gnutls_priority_set_direct(session, + "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL", ++#else ++ "NONE:+VERS-DTLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-DH", ++#endif + NULL); + + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); +Index: gnutls-3.2.8/tests/mini-dtls-record.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-dtls-record.c ++++ gnutls-3.2.8/tests/mini-dtls-record.c +@@ -29,7 +29,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +Index: gnutls-3.2.8/tests/mini-dtls-rehandshake.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-dtls-rehandshake.c ++++ gnutls-3.2.8/tests/mini-dtls-rehandshake.c +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +Index: gnutls-3.2.8/tests/mini-dtls-srtp.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-dtls-srtp.c ++++ gnutls-3.2.8/tests/mini-dtls-srtp.c +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) ++#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) || !defined(ENABLE_ECC) + + int main(int argc, char **argv) + { +Index: gnutls-3.2.8/tests/mini-handshake-timeout.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-handshake-timeout.c ++++ gnutls-3.2.8/tests/mini-handshake-timeout.c +@@ -28,7 +28,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +@@ -136,7 +136,11 @@ static void initialize_tls_session(gnutl + /* avoid calling all the priority functions, since the defaults + * are adequate. + */ +- gnutls_priority_set_direct(*session, "NORMAL:+ANON-ECDH", NULL); ++#ifdef ENABLE_ECC ++ gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL); ++#else ++ gnutls_priority_set_direct (session, "NORMAL:+ANON-DH", NULL); ++#endif + } + + static void server(int fd, int wait) +Index: gnutls-3.2.8/tests/mini-loss-time.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-loss-time.c ++++ gnutls-3.2.8/tests/mini-loss-time.c +@@ -28,7 +28,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +Index: gnutls-3.2.8/tests/mini-record-2.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-record-2.c ++++ gnutls-3.2.8/tests/mini-record-2.c +@@ -340,22 +340,22 @@ static void start(const char *prio, int + } + } + +-#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +-#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +-#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +- +-#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL" +-#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:+RSA" +- +-#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+RSA:+CURVE-ALL" +- +-#define NEW_AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING" +-#define NEW_ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING" +-#define NEW_AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING" +-#define NEW_AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING" ++#define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL" ++#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL" ++#define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL" ++ ++#define ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL" ++#define ARCFOUR_MD5 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+MD5:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:+RSA" ++ ++#define NULL_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+NULL:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL" ++ ++#define NEW_AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING" ++#define NEW_ARCFOUR_SHA1 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING" ++#define NEW_AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING" ++#define NEW_AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-NULL:+RSA:+CURVE-ALL:%NEW_PADDING" + +-#define ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+ANON-ECDH:+CURVE-ALL" +-#define NEW_ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING" ++#define ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+RSA:+CURVE-ALL" ++#define NEW_ARCFOUR_SHA1_ZLIB "NONE:+VERS-TLS1.0:-CIPHER-ALL:+ARCFOUR-128:+SHA1:+SIGN-ALL:+COMP-DEFLATE:+RSA:+CURVE-ALL:%NEW_PADDING" + + static void ch_handler(int sig) + { +Index: gnutls-3.2.8/tests/mini-record-range.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-record-range.c ++++ gnutls-3.2.8/tests/mini-record-range.c +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +Index: gnutls-3.2.8/tests/mini-record.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-record.c ++++ gnutls-3.2.8/tests/mini-record.c +@@ -27,8 +27,7 @@ + #include + #include + +-#if defined(_WIN32) +- ++#if defined(_WIN32) || !defined(ENABLE_ECC) + int main() + { + exit(77); +Index: gnutls-3.2.8/tests/mini-x509-callbacks.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-x509-callbacks.c ++++ gnutls-3.2.8/tests/mini-x509-callbacks.c +@@ -57,8 +57,13 @@ unsigned int msg_order[] = { + GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HANDSHAKE_SERVER_HELLO, + GNUTLS_HANDSHAKE_CERTIFICATE_PKT, ++#ifndef ENABLE_ECC ++ /*Sent: CERTIFICATE REQUEST, expected SERVER KEY EXCHANGE*/ ++ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, ++#else + GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, + GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, ++#endif + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, + GNUTLS_HANDSHAKE_CERTIFICATE_PKT, + GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, +Index: gnutls-3.2.8/tests/mini-xssl.c +=================================================================== +--- gnutls-3.2.8.orig/tests/mini-xssl.c ++++ gnutls-3.2.8/tests/mini-xssl.c +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) || !defined(ENABLE_NON_SUITEB_CURVES) ++#if defined(_WIN32) || !defined(ENABLE_ECC) + + int main() + { +Index: gnutls-3.2.8/tests/pkcs12_simple.c +=================================================================== +--- gnutls-3.2.8.orig/tests/pkcs12_simple.c ++++ gnutls-3.2.8/tests/pkcs12_simple.c +@@ -49,6 +49,10 @@ void doit(void) + gnutls_x509_privkey_t pkey; + int ret; + ++#ifndef ENABLE_ECC ++ exit(77); ++#endif ++ + ret = global_init(); + if (ret < 0) + fail("global_init failed %d\n", ret); +Index: gnutls-3.2.8/tests/priorities.c +=================================================================== +--- gnutls-3.2.8.orig/tests/priorities.c ++++ gnutls-3.2.8/tests/priorities.c +@@ -71,8 +71,7 @@ try_prio(const char *prio, unsigned expe + fprintf(stderr, "%s\n", + gnutls_cipher_get_name(t[i])); + #endif +- fail("expected %d ciphers, found %d\n", expected_ciphers, +- ret); ++ fail("%s: expected %d ciphers, found %d\n", prio, expected_ciphers, ret); + exit(1); + } + +@@ -84,28 +83,42 @@ try_prio(const char *prio, unsigned expe + success("finished: %s\n", prio); + + if (count != expected_cs) { +- fail("expected %d ciphersuites, found %d\n", expected_cs, +- count); ++ fail("%s: expected %d ciphersuites, found %d\n", prio, expected_cs, count); + exit(1); + } + } + + void doit(void) + { ++#ifdef ENABLE_ECC + const int normal = 66; + const int null = 5; + const int sec128 = 56; +- ++#else ++ const int normal = 42; ++ const int null = 3; ++ const int sec128 = 36; ++#endif + try_prio("NORMAL", normal, 10); + try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 10); + try_prio("NORMAL:+CIPHER-ALL", normal, 10); /* all (except null) */ + try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */ + try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 11); /* should be null + all */ ++#ifdef ENABLE_ECC + try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1); /* should be null + all */ ++#else ++ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 6, 1); /* should be null + all */ ++#endif + try_prio("PERFORMANCE", normal, 10); ++#ifdef ENABLE_ECC + try_prio("SECURE256", 20, 4); ++#else ++ try_prio("SECURE256", 12, 4); ++#endif + try_prio("SECURE128", sec128, 8); + try_prio("SECURE128:+SECURE256", sec128, 8); /* should be the same as SECURE128 */ + try_prio("SECURE128:+SECURE256:+NORMAL", normal, 10); /* should be the same as NORMAL */ ++#ifdef ENABLE_ECC + try_prio("SUITEB192", 1, 1); ++#endif + } +Index: gnutls-3.2.8/tests/slow/keygen.c +=================================================================== +--- gnutls-3.2.8.orig/tests/slow/keygen.c ++++ gnutls-3.2.8/tests/slow/keygen.c +@@ -62,6 +62,11 @@ void doit(void) + if (algorithm == GNUTLS_PK_DH) + continue; + ++#ifndef ENABLE_ECC ++ if (algorithm == GNUTLS_PK_EC) ++ continue; ++#endif ++ + ret = gnutls_x509_privkey_init(&pkey); + if (ret < 0) { + fail("gnutls_x509_privkey_init: %d\n", +Index: gnutls-3.2.8/tests/srp/mini-srp.c +=================================================================== +--- gnutls-3.2.8.orig/tests/srp/mini-srp.c ++++ gnutls-3.2.8/tests/srp/mini-srp.c +@@ -27,7 +27,7 @@ + #include + #include + +-#if defined(_WIN32) ++#if defined(_WIN32) || !defined(ENABLE_SRP) + + int main() + { diff --git a/gnutls-3.2.8.tar.xz b/gnutls-3.2.8.tar.xz new file mode 100644 index 0000000..da8e4cd --- /dev/null +++ b/gnutls-3.2.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:144156f4140400df2bd9303dab69f44099113a3b46780737734affe93782d94d +size 5135984 diff --git a/gnutls-3.2.8.tar.xz.sig b/gnutls-3.2.8.tar.xz.sig new file mode 100644 index 0000000..e40d8c1 Binary files /dev/null and b/gnutls-3.2.8.tar.xz.sig differ diff --git a/gnutls-implement-trust-store-dir.diff b/gnutls-implement-trust-store-dir-3.2.8.diff similarity index 61% rename from gnutls-implement-trust-store-dir.diff rename to gnutls-implement-trust-store-dir-3.2.8.diff index 97e8339..4cd9630 100644 --- a/gnutls-implement-trust-store-dir.diff +++ b/gnutls-implement-trust-store-dir-3.2.8.diff @@ -1,8 +1,8 @@ -Index: gnutls-3.2.3/configure.ac +Index: gnutls-3.2.8/configure.ac =================================================================== ---- gnutls-3.2.3.orig/configure.ac -+++ gnutls-3.2.3/configure.ac -@@ -418,6 +418,25 @@ if test "$with_default_trust_store_file" +--- gnutls-3.2.8.orig/configure.ac ++++ gnutls-3.2.8/configure.ac +@@ -457,6 +457,25 @@ if test "$with_default_trust_store_file" with_default_trust_store_file="" fi @@ -28,7 +28,7 @@ Index: gnutls-3.2.3/configure.ac AC_ARG_WITH([default-crl-file], [AS_HELP_STRING([--with-default-crl-file=FILE], [use the given CRL file as default])]) -@@ -427,6 +446,11 @@ if test "x$with_default_trust_store_file +@@ -470,6 +489,11 @@ if test "x$with_default_trust_store_file ["$with_default_trust_store_file"], [use the given file default trust store]) fi @@ -40,20 +40,20 @@ Index: gnutls-3.2.3/configure.ac if test "x$with_default_crl_file" != x; then AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], ["$with_default_crl_file"], [use the given CRL file]) -@@ -704,6 +728,7 @@ AC_MSG_NOTICE([System files: +@@ -761,6 +785,7 @@ AC_MSG_NOTICE([System files: Trust store pkcs: $with_default_trust_store_pkcs11 Trust store file: $with_default_trust_store_file + Trust store dir: $with_default_trust_store_dir + Blacklist file: $with_default_blacklist_file CRL file: $with_default_crl_file DNSSEC root key file: $unbound_root_key_file - ]) -Index: gnutls-3.2.3/lib/system.c +Index: gnutls-3.2.8/lib/system.c =================================================================== ---- gnutls-3.2.3.orig/lib/system.c -+++ gnutls-3.2.3/lib/system.c -@@ -385,7 +385,45 @@ const char *home_dir = getenv ("HOME"); - return 0; +--- gnutls-3.2.8.orig/lib/system.c ++++ gnutls-3.2.8/lib/system.c +@@ -357,7 +357,45 @@ int _gnutls_find_config_path(char *path, + return 0; } -#if defined(DEFAULT_TRUST_STORE_FILE) || (defined(DEFAULT_TRUST_STORE_PKCS11) && defined(ENABLE_PKCS11)) @@ -62,7 +62,7 @@ Index: gnutls-3.2.3/lib/system.c +# include +# include +static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list, -+ unsigned int tl_flags, unsigned int tl_vflags, unsigned type) ++ unsigned int tl_flags, unsigned int tl_vflags, unsigned type) +{ +DIR * dirp; +struct dirent *d; @@ -75,16 +75,16 @@ Index: gnutls-3.2.3/lib/system.c + { + do + { -+ d = readdir(dirp); -+ if (d != NULL && d->d_type == DT_REG) -+ { -+ snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name); ++ d = readdir(dirp); ++ if (d != NULL && d->d_type == DT_REG) ++ { ++ snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name); + + ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags); + if (ret >= 0) + r += ret; -+ } -+ } ++ } ++ } + while(d != NULL); + closedir(dirp); + } @@ -99,9 +99,9 @@ Index: gnutls-3.2.3/lib/system.c static int add_system_trust(gnutls_x509_trust_list_t list, -@@ -413,6 +451,12 @@ add_system_trust(gnutls_x509_trust_list_ - r += ret; - # endif +@@ -393,6 +431,12 @@ add_system_trust(gnutls_x509_trust_list_ + r += ret; + #endif +# ifdef DEFAULT_TRUST_STORE_DIR + ret = load_dir_certs(DEFAULT_TRUST_STORE_DIR, list, tl_flags, tl_vflags, GNUTLS_X509_FMT_PEM); @@ -109,46 +109,48 @@ Index: gnutls-3.2.3/lib/system.c + r += ret; +# endif + - return r; - } - #elif defined(_WIN32) -@@ -466,39 +510,6 @@ int add_system_trust(gnutls_x509_trust_l - return r; + #ifdef DEFAULT_BLACKLIST_FILE + ret = gnutls_x509_trust_list_remove_trust_file(list, DEFAULT_BLACKLIST_FILE, GNUTLS_X509_FMT_PEM); + if (ret < 0) { +@@ -467,41 +511,6 @@ int add_system_trust(gnutls_x509_trust_l + return r; } #elif defined(ANDROID) || defined(__ANDROID__) --# include --# include --static int load_dir_certs(const char* dirname, gnutls_x509_trust_list_t list, -- unsigned int tl_flags, unsigned int tl_vflags, unsigned type) +-#include +-#include +-static int load_dir_certs(const char *dirname, +- gnutls_x509_trust_list_t list, +- unsigned int tl_flags, unsigned int tl_vflags, +- unsigned type) -{ --DIR * dirp; --struct dirent *d; --int ret; --int r = 0; --char path[GNUTLS_PATH_MAX]; +- DIR *dirp; +- struct dirent *d; +- int ret; +- int r = 0; +- char path[GNUTLS_PATH_MAX]; - -- dirp = opendir(dirname); -- if (dirp != NULL) -- { -- do -- { -- d = readdir(dirp); -- if (d != NULL && d->d_type == DT_REG) -- { -- snprintf(path, sizeof(path), "%s/%s", dirname, d->d_name); +- dirp = opendir(dirname); +- if (dirp != NULL) { +- do { +- d = readdir(dirp); +- if (d != NULL && d->d_type == DT_REG) { +- snprintf(path, sizeof(path), "%s/%s", +- dirname, d->d_name); - -- ret = gnutls_x509_trust_list_add_trust_file(list, path, NULL, type, tl_flags, tl_vflags); -- if (ret >= 0) -- r += ret; -- } -- } -- while(d != NULL); -- closedir(dirp); -- } -- -- return r; +- ret = +- gnutls_x509_trust_list_add_trust_file +- (list, path, NULL, type, tl_flags, +- tl_vflags); +- if (ret >= 0) +- r += ret; +- } +- } +- while (d != NULL); +- closedir(dirp); +- } +- +- return r; -} -- + static int load_revoked_certs(gnutls_x509_trust_list_t list, unsigned type) { - DIR * dirp; diff --git a/gnutls.changes b/gnutls.changes index c6ce028..9ab9e06 100644 --- a/gnutls.changes +++ b/gnutls.changes @@ -1,3 +1,48 @@ +------------------------------------------------------------------- +Sat Dec 21 20:38:19 UTC 2013 - shchang@suse.com + +- Upgrade to 3.2.8 + +* Version 3.2.8 (released 2013-12-20) + +** libgnutls: Updated code for AES-NI. That prevents an uninitialized +variable complaint from valgrind. + +** libgnutls: Enforce a maximum size for DH primes. + +** libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy +Polyakov's code. + +** libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code. + +** libgnutls: It only links to librt if the required functions are not +present in libc. This also prevents an indirect linking to libpthread. + +** libgnutls: Fixed issue with gnulib strerror replacement by adding +the strerror gnulib module. + +** libgnutls: The time provided in the TLS random values is only +precise on its first 3 bytes. That prevents leakage of the precise +system time (at least on the client side when only few connections are +done on a single server). + +** certtool: The --verify option will use the system CAs if the +load-ca-certificate option is not provided. + +** configure: Added option --with-default-blacklist-file to allow +specifying a certificate blacklist file. + +** configure: Added --disable-non-suiteb-curves option. This option +restricts the supported curves to SuiteB curves. + +** API and ABI modifications: gnutls_record_check_corked: Added + +Add files: gnutls-3.2.8.tar.xz, gnutls-3.2.8.tar.xz.sig, gnutls-implement-trust-store-dir-3.2.8.diff, +gnutls-3.2.8-noecc.patch + +Delete files: gnutls-3.2.6.tar.xz, gnutls-3.2.6.tar.xz.sig, gnutls-implement-trust-store-dir, +gnutls-3.2.6-noecc.patch + ------------------------------------------------------------------- Fri Nov 1 14:39:41 UTC 2013 - shchang@suse.com diff --git a/gnutls.spec b/gnutls.spec index b673484..851ed7b 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -21,7 +21,7 @@ %define gnutls_ossl_sover 27 Name: gnutls -Version: 3.2.6 +Version: 3.2.8 Release: 0 Summary: The GNU Transport Layer Security Library License: LGPL-2.1+ and GPL-3.0+ @@ -37,8 +37,8 @@ Source3: baselibs.conf Patch3: gnutls-3.0.26-skip-test-fwrite.patch # Disable elliptic curves for reasons. - meissner&cfarrell -Patch5: gnutls-3.2.6-noecc.patch -Patch6: gnutls-implement-trust-store-dir.diff +Patch5: gnutls-3.2.8-noecc.patch +Patch6: gnutls-implement-trust-store-dir-3.2.8.diff BuildRequires: automake BuildRequires: gcc-c++