From 08085a1894bffc67079e612ff651348bf6fc56a4 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 7 Aug 2018 15:44:42 +0200
Subject: [PATCH] Fixed ECDSA public key import (#1612803)

---
 gnutls-3.6.3-fix-ecdsa.patch | 27 +++++++++++++++++++++++++++
 gnutls.spec                  |  9 +++++++--
 2 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 gnutls-3.6.3-fix-ecdsa.patch

diff --git a/gnutls-3.6.3-fix-ecdsa.patch b/gnutls-3.6.3-fix-ecdsa.patch
new file mode 100644
index 0000000..d34efa0
--- /dev/null
+++ b/gnutls-3.6.3-fix-ecdsa.patch
@@ -0,0 +1,27 @@
+diff --git a/lib/pubkey.c b/lib/pubkey.c
+index 162ceaa4a..8fc42b95a 100644
+--- a/lib/pubkey.c
++++ b/lib/pubkey.c
+@@ -1072,7 +1072,6 @@ gnutls_pubkey_import(gnutls_pubkey_t key,
+ 	int result = 0, need_free = 0;
+ 	gnutls_datum_t _data;
+ 	ASN1_TYPE spk;
+-	gnutls_ecc_curve_t curve;
+ 
+ 	if (key == NULL) {
+ 		gnutls_assert();
+@@ -1119,14 +1118,7 @@ gnutls_pubkey_import(gnutls_pubkey_t key,
+ 		goto cleanup;
+ 	}
+ 
+-	/* this has already been called by get_asn_mpis() thus it cannot
+-	 * fail.
+-	 */
+-	key->params.algo = _gnutls_x509_get_pk_algorithm(spk, "", &curve, NULL);
+-
+-	key->params.curve = curve;
+ 	key->bits = pubkey_to_bits(&key->params);
+-
+ 	result = 0;
+ 
+       cleanup:
diff --git a/gnutls.spec b/gnutls.spec
index 15d152e..efe9d5d 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -1,10 +1,11 @@
 # This spec file has been automatically updated
 Version:	3.6.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 Patch1:	gnutls-3.2.7-rpath.patch
 Patch2:	gnutls-3.4.2-no-now-guile.patch
 Patch3:	gnutls-3.6.3-skip-new-priority-funcs-err-pos.patch
 Patch4: gnutls-3.6.3-backport-upstream-fixes.patch
+Patch5: gnutls-3.6.3-fix-ecdsa.patch
 %bcond_without dane
 %if 0%{?rhel}
 %bcond_with guile
@@ -154,6 +155,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 
 sed -i -e 's|sys_lib_dlsearch_path_spec="/lib /usr/lib|sys_lib_dlsearch_path_spec="/lib /usr/lib %{_libdir}|g' configure
 rm -f lib/minitasn1/*.c lib/minitasn1/*.h
@@ -309,8 +311,11 @@ fi
 %endif
 
 %changelog
+* Tue Aug 07 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-3
+- Fixed ECDSA public key import (#1612803)
+
 * Thu Jul 26 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-2
-- Backported regression fixed from 3.6.2
+- Backported regression fixes from 3.6.2
 
 * Mon Jul 16 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 3.6.3-1
 - Update to upstream 3.6.3 release