From 93d9bb65585fa87e29be27cfd0e4ad984bf60e1f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 26 Feb 2013 12:50:52 +0100 Subject: [PATCH] don't send ECC algos as supported (#913797) --- ....7-noecc.patch => gnutls-3.1.8-noecc.patch | 333 +++++++++++++----- gnutls.spec | 7 +- 2 files changed, 254 insertions(+), 86 deletions(-) rename gnutls-3.1.7-noecc.patch => gnutls-3.1.8-noecc.patch (60%) diff --git a/gnutls-3.1.7-noecc.patch b/gnutls-3.1.8-noecc.patch similarity index 60% rename from gnutls-3.1.7-noecc.patch rename to gnutls-3.1.8-noecc.patch index cb8d5ba..bd57a71 100644 --- a/gnutls-3.1.7-noecc.patch +++ b/gnutls-3.1.8-noecc.patch @@ -1,6 +1,6 @@ -diff -up gnutls-3.1.7/lib/algorithms/kx.c.noecc gnutls-3.1.7/lib/algorithms/kx.c ---- gnutls-3.1.7/lib/algorithms/kx.c.noecc 2013-02-01 20:02:07.000000000 +0100 -+++ gnutls-3.1.7/lib/algorithms/kx.c 2013-02-05 21:13:08.700750694 +0100 +diff -up gnutls-3.1.8/lib/algorithms/kx.c.noecc gnutls-3.1.8/lib/algorithms/kx.c +--- gnutls-3.1.8/lib/algorithms/kx.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/algorithms/kx.c 2013-02-21 09:39:26.000000000 +0100 @@ -29,9 +29,11 @@ extern mod_auth_st rsa_auth_struct; extern mod_auth_st rsa_export_auth_struct; @@ -43,9 +43,9 @@ diff -up gnutls-3.1.7/lib/algorithms/kx.c.noecc gnutls-3.1.7/lib/algorithms/kx.c {0, 0, 0, 0, 0} }; -diff -up gnutls-3.1.7/lib/algorithms/publickey.c.noecc gnutls-3.1.7/lib/algorithms/publickey.c ---- gnutls-3.1.7/lib/algorithms/publickey.c.noecc 2013-02-01 20:02:07.000000000 +0100 -+++ gnutls-3.1.7/lib/algorithms/publickey.c 2013-02-05 21:13:08.701750716 +0100 +diff -up gnutls-3.1.8/lib/algorithms/publickey.c.noecc gnutls-3.1.8/lib/algorithms/publickey.c +--- gnutls-3.1.8/lib/algorithms/publickey.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/algorithms/publickey.c 2013-02-21 09:39:26.000000000 +0100 @@ -50,8 +50,10 @@ static const gnutls_pk_map pk_mappings[] {GNUTLS_KX_RSA_EXPORT, GNUTLS_PK_RSA, CIPHER_SIGN}, {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, @@ -67,9 +67,9 @@ diff -up gnutls-3.1.7/lib/algorithms/publickey.c.noecc gnutls-3.1.7/lib/algorith {0, 0, 0} }; -diff -up gnutls-3.1.7/lib/algorithms/sign.c.noecc gnutls-3.1.7/lib/algorithms/sign.c ---- gnutls-3.1.7/lib/algorithms/sign.c.noecc 2013-02-01 20:02:07.000000000 +0100 -+++ gnutls-3.1.7/lib/algorithms/sign.c 2013-02-05 21:13:08.701750716 +0100 +diff -up gnutls-3.1.8/lib/algorithms/sign.c.noecc gnutls-3.1.8/lib/algorithms/sign.c +--- gnutls-3.1.8/lib/algorithms/sign.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/algorithms/sign.c 2013-02-21 09:39:26.000000000 +0100 @@ -43,6 +43,14 @@ typedef struct gnutls_sign_entry gnutls_ #define TLS_SIGN_AID_UNKNOWN {255, 255} static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN; @@ -85,9 +85,9 @@ diff -up gnutls-3.1.7/lib/algorithms/sign.c.noecc gnutls-3.1.7/lib/algorithms/si static const gnutls_sign_entry sign_algorithms[] = { {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, GNUTLS_DIG_SHA1, {2, 1}}, -diff -up gnutls-3.1.7/lib/auth/anon_ecdh.c.noecc gnutls-3.1.7/lib/auth/anon_ecdh.c ---- gnutls-3.1.7/lib/auth/anon_ecdh.c.noecc 2013-02-01 20:02:07.000000000 +0100 -+++ gnutls-3.1.7/lib/auth/anon_ecdh.c 2013-02-05 21:13:08.701750716 +0100 +diff -up gnutls-3.1.8/lib/auth/anon_ecdh.c.noecc gnutls-3.1.8/lib/auth/anon_ecdh.c +--- gnutls-3.1.8/lib/auth/anon_ecdh.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/auth/anon_ecdh.c 2013-02-21 09:39:26.000000000 +0100 @@ -28,6 +28,7 @@ #include @@ -102,9 +102,9 @@ diff -up gnutls-3.1.7/lib/auth/anon_ecdh.c.noecc gnutls-3.1.7/lib/auth/anon_ecdh +#endif #endif /* ENABLE_ANON */ -diff -up gnutls-3.1.7/lib/auth/cert.c.noecc gnutls-3.1.7/lib/auth/cert.c ---- gnutls-3.1.7/lib/auth/cert.c.noecc 2013-02-01 20:02:07.000000000 +0100 -+++ gnutls-3.1.7/lib/auth/cert.c 2013-02-05 21:13:08.701750716 +0100 +diff -up gnutls-3.1.8/lib/auth/cert.c.noecc gnutls-3.1.8/lib/auth/cert.c +--- gnutls-3.1.8/lib/auth/cert.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/auth/cert.c 2013-02-21 09:39:26.000000000 +0100 @@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p key, int deinit); #endif @@ -138,9 +138,9 @@ diff -up gnutls-3.1.7/lib/auth/cert.c.noecc gnutls-3.1.7/lib/auth/cert.c ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE); if (ret < 0) -diff -up gnutls-3.1.7/lib/auth/dhe.c.noecc gnutls-3.1.7/lib/auth/dhe.c ---- gnutls-3.1.7/lib/auth/dhe.c.noecc 2013-02-01 20:02:07.000000000 +0100 -+++ gnutls-3.1.7/lib/auth/dhe.c 2013-02-05 21:13:08.702750739 +0100 +diff -up gnutls-3.1.8/lib/auth/dhe.c.noecc gnutls-3.1.8/lib/auth/dhe.c +--- gnutls-3.1.8/lib/auth/dhe.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/auth/dhe.c 2013-02-21 09:39:26.000000000 +0100 @@ -43,6 +43,7 @@ static int gen_dhe_server_kx (gnutls_ses static int proc_dhe_server_kx (gnutls_session_t, uint8_t *, size_t); static int proc_dhe_client_kx (gnutls_session_t, uint8_t *, size_t); @@ -157,9 +157,9 @@ diff -up gnutls-3.1.7/lib/auth/dhe.c.noecc gnutls-3.1.7/lib/auth/dhe.c const mod_auth_st dhe_rsa_auth_struct = { "DHE_RSA", -diff -up gnutls-3.1.7/lib/auth/dhe_psk.c.noecc gnutls-3.1.7/lib/auth/dhe_psk.c ---- gnutls-3.1.7/lib/auth/dhe_psk.c.noecc 2013-02-01 20:02:07.000000000 +0100 -+++ gnutls-3.1.7/lib/auth/dhe_psk.c 2013-02-05 21:13:08.702750739 +0100 +diff -up gnutls-3.1.8/lib/auth/dhe_psk.c.noecc gnutls-3.1.8/lib/auth/dhe_psk.c +--- gnutls-3.1.8/lib/auth/dhe_psk.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/auth/dhe_psk.c 2013-02-21 09:39:26.000000000 +0100 @@ -68,6 +68,7 @@ const mod_auth_st dhe_psk_auth_struct = NULL }; @@ -209,9 +209,9 @@ diff -up gnutls-3.1.7/lib/auth/dhe_psk.c.noecc gnutls-3.1.7/lib/auth/dhe_psk.c int proc_psk_server_kx (gnutls_session_t session, uint8_t * data, -diff -up gnutls-3.1.7/lib/auth/ecdh_common.c.noecc gnutls-3.1.7/lib/auth/ecdh_common.c ---- gnutls-3.1.7/lib/auth/ecdh_common.c.noecc 2013-02-01 20:02:07.000000000 +0100 -+++ gnutls-3.1.7/lib/auth/ecdh_common.c 2013-02-05 21:13:08.702750739 +0100 +diff -up gnutls-3.1.8/lib/auth/ecdh_common.c.noecc gnutls-3.1.8/lib/auth/ecdh_common.c +--- gnutls-3.1.8/lib/auth/ecdh_common.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/auth/ecdh_common.c 2013-02-21 09:39:26.000000000 +0100 @@ -41,6 +41,8 @@ #include #include @@ -226,9 +226,9 @@ diff -up gnutls-3.1.7/lib/auth/ecdh_common.c.noecc gnutls-3.1.7/lib/auth/ecdh_co return data->length; } +#endif -diff -up gnutls-3.1.7/lib/auth/ecdh_common.h.noecc gnutls-3.1.7/lib/auth/ecdh_common.h ---- gnutls-3.1.7/lib/auth/ecdh_common.h.noecc 2013-02-01 20:02:07.000000000 +0100 -+++ gnutls-3.1.7/lib/auth/ecdh_common.h 2013-02-05 21:13:08.702750739 +0100 +diff -up gnutls-3.1.8/lib/auth/ecdh_common.h.noecc gnutls-3.1.8/lib/auth/ecdh_common.h +--- gnutls-3.1.8/lib/auth/ecdh_common.h.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/auth/ecdh_common.h 2013-02-21 09:39:26.000000000 +0100 @@ -25,6 +25,8 @@ #include @@ -253,9 +253,9 @@ diff -up gnutls-3.1.7/lib/auth/ecdh_common.h.noecc gnutls-3.1.7/lib/auth/ecdh_co #endif -diff -up gnutls-3.1.7/lib/ext/ecc.c.noecc gnutls-3.1.7/lib/ext/ecc.c ---- gnutls-3.1.7/lib/ext/ecc.c.noecc 2013-02-01 20:02:07.000000000 +0100 -+++ gnutls-3.1.7/lib/ext/ecc.c 2013-02-05 21:13:08.702750739 +0100 +diff -up gnutls-3.1.8/lib/ext/ecc.c.noecc gnutls-3.1.8/lib/ext/ecc.c +--- gnutls-3.1.8/lib/ext/ecc.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/ext/ecc.c 2013-02-21 09:39:26.000000000 +0100 @@ -35,6 +35,7 @@ /* Maps record size to numbers according to the * extensions draft. @@ -270,9 +270,9 @@ diff -up gnutls-3.1.7/lib/ext/ecc.c.noecc gnutls-3.1.7/lib/ext/ecc.c } + +#endif -diff -up gnutls-3.1.7/lib/gnutls_extensions.c.noecc gnutls-3.1.7/lib/gnutls_extensions.c ---- gnutls-3.1.7/lib/gnutls_extensions.c.noecc 2013-02-04 02:50:34.000000000 +0100 -+++ gnutls-3.1.7/lib/gnutls_extensions.c 2013-02-05 21:13:08.702750739 +0100 +diff -up gnutls-3.1.8/lib/gnutls_extensions.c.noecc gnutls-3.1.8/lib/gnutls_extensions.c +--- gnutls-3.1.8/lib/gnutls_extensions.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/gnutls_extensions.c 2013-02-21 09:39:26.000000000 +0100 @@ -350,6 +350,7 @@ _gnutls_ext_init (void) if (ret != GNUTLS_E_SUCCESS) return ret; @@ -289,9 +289,174 @@ diff -up gnutls-3.1.7/lib/gnutls_extensions.c.noecc gnutls-3.1.7/lib/gnutls_exte ret = _gnutls_ext_register (&ext_mod_sig); if (ret != GNUTLS_E_SUCCESS) -diff -up gnutls-3.1.7/lib/nettle/init.c.noecc gnutls-3.1.7/lib/nettle/init.c ---- gnutls-3.1.7/lib/nettle/init.c.noecc 2013-02-01 20:02:09.000000000 +0100 -+++ gnutls-3.1.7/lib/nettle/init.c 2013-02-05 21:13:08.703750762 +0100 +diff -up gnutls-3.1.8/lib/gnutls_priority.c.noecc gnutls-3.1.8/lib/gnutls_priority.c +--- gnutls-3.1.8/lib/gnutls_priority.c.noecc 2013-02-10 11:46:05.000000000 +0100 ++++ gnutls-3.1.8/lib/gnutls_priority.c 2013-02-26 12:39:45.905638260 +0100 +@@ -245,35 +245,45 @@ gnutls_certificate_type_set_priority (gn + } + + static const int supported_ecc_normal[] = { ++#ifdef ENABLE_ECC + GNUTLS_ECC_CURVE_SECP192R1, + GNUTLS_ECC_CURVE_SECP224R1, + GNUTLS_ECC_CURVE_SECP256R1, + GNUTLS_ECC_CURVE_SECP384R1, + GNUTLS_ECC_CURVE_SECP521R1, ++#endif + 0 + }; + + static const int supported_ecc_secure128[] = { ++#ifdef ENABLE_ECC + GNUTLS_ECC_CURVE_SECP256R1, + GNUTLS_ECC_CURVE_SECP384R1, + GNUTLS_ECC_CURVE_SECP521R1, ++#endif + 0 + }; + + static const int supported_ecc_suiteb128[] = { ++#ifdef ENABLE_ECC + GNUTLS_ECC_CURVE_SECP256R1, + GNUTLS_ECC_CURVE_SECP384R1, ++#endif + 0 + }; + + static const int supported_ecc_suiteb192[] = { ++#ifdef ENABLE_ECC + GNUTLS_ECC_CURVE_SECP384R1, ++#endif + 0 + }; + + static const int supported_ecc_secure192[] = { ++#ifdef ENABLE_ECC + GNUTLS_ECC_CURVE_SECP384R1, + GNUTLS_ECC_CURVE_SECP521R1, ++#endif + 0 + }; + +@@ -293,22 +303,28 @@ static const int protocol_priority_suite + + static const int kx_priority_performance[] = { + GNUTLS_KX_RSA, ++#ifdef ENABLE_ECC + GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_KX_ECDHE_RSA, ++#endif + GNUTLS_KX_DHE_RSA, + GNUTLS_KX_DHE_DSS, + 0 + }; + + static const int kx_priority_suiteb[] = { ++#ifdef ENABLE_ECC + GNUTLS_KX_ECDHE_ECDSA, ++#endif + 0 + }; + + static const int kx_priority_export[] = { + GNUTLS_KX_RSA, ++#ifdef ENABLE_ECC + GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_KX_ECDHE_RSA, ++#endif + GNUTLS_KX_DHE_RSA, + GNUTLS_KX_DHE_DSS, + GNUTLS_KX_RSA_EXPORT, +@@ -319,8 +335,10 @@ static const int kx_priority_secure[] = + /* The ciphersuites that offer forward secrecy take + * precedence + */ ++#ifdef ENABLE_ECC + GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_KX_ECDHE_RSA, ++#endif + GNUTLS_KX_DHE_RSA, + GNUTLS_KX_DHE_DSS, + GNUTLS_KX_RSA, +@@ -437,51 +455,75 @@ static const int comp_priority[] = { + static const int sign_priority_default[] = { + GNUTLS_SIGN_RSA_SHA256, + GNUTLS_SIGN_DSA_SHA256, ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA256, ++#endif + + GNUTLS_SIGN_RSA_SHA384, ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA384, ++#endif + + GNUTLS_SIGN_RSA_SHA512, ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA512, ++#endif + + GNUTLS_SIGN_RSA_SHA224, + GNUTLS_SIGN_DSA_SHA224, ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA224, ++#endif + + GNUTLS_SIGN_RSA_SHA1, + GNUTLS_SIGN_DSA_SHA1, ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA1, ++#endif + 0 + }; + + static const int sign_priority_suiteb128[] = { ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA256, + GNUTLS_SIGN_ECDSA_SHA384, ++#endif + 0 + }; + + static const int sign_priority_suiteb192[] = { ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA384, ++#endif + 0 + }; + + static const int sign_priority_secure128[] = { + GNUTLS_SIGN_RSA_SHA256, + GNUTLS_SIGN_DSA_SHA256, ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA256, ++#endif + GNUTLS_SIGN_RSA_SHA384, ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA384, ++#endif + GNUTLS_SIGN_RSA_SHA512, ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA512, ++#endif + 0 + }; + + static const int sign_priority_secure192[] = { + GNUTLS_SIGN_RSA_SHA384, ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA384, ++#endif + GNUTLS_SIGN_RSA_SHA512, ++#ifdef ENABLE_ECC + GNUTLS_SIGN_ECDSA_SHA512, ++#endif + 0 + }; + +diff -up gnutls-3.1.8/lib/nettle/init.c.noecc gnutls-3.1.8/lib/nettle/init.c +--- gnutls-3.1.8/lib/nettle/init.c.noecc 2013-02-10 11:29:54.000000000 +0100 ++++ gnutls-3.1.8/lib/nettle/init.c 2013-02-21 09:39:26.000000000 +0100 @@ -32,7 +32,11 @@ int gnutls_crypto_init (void) @@ -312,9 +477,9 @@ diff -up gnutls-3.1.7/lib/nettle/init.c.noecc gnutls-3.1.7/lib/nettle/init.c ecc_wmnaf_cache_free(); +#endif } -diff -up gnutls-3.1.7/lib/nettle/Makefile.am.noecc gnutls-3.1.7/lib/nettle/Makefile.am ---- gnutls-3.1.7/lib/nettle/Makefile.am.noecc 2012-12-03 20:36:50.000000000 +0100 -+++ gnutls-3.1.7/lib/nettle/Makefile.am 2013-02-05 21:13:08.703750762 +0100 +diff -up gnutls-3.1.8/lib/nettle/Makefile.am.noecc gnutls-3.1.8/lib/nettle/Makefile.am +--- gnutls-3.1.8/lib/nettle/Makefile.am.noecc 2012-12-03 20:36:50.000000000 +0100 ++++ gnutls-3.1.8/lib/nettle/Makefile.am 2013-02-21 09:39:26.000000000 +0100 @@ -33,9 +33,13 @@ endif noinst_LTLIBRARIES = libcrypto.la @@ -334,9 +499,9 @@ diff -up gnutls-3.1.7/lib/nettle/Makefile.am.noecc gnutls-3.1.7/lib/nettle/Makef - ecc_projective_check_point.c ecc_projective_negate_point.c \ - ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c gnettle.h + multi.c wmnaf.c $(ECC_SOURCES) gnettle.h -diff -up gnutls-3.1.7/lib/nettle/pk.c.noecc gnutls-3.1.7/lib/nettle/pk.c ---- gnutls-3.1.7/lib/nettle/pk.c.noecc 2013-02-01 20:02:09.000000000 +0100 -+++ gnutls-3.1.7/lib/nettle/pk.c 2013-02-05 21:13:08.704750784 +0100 +diff -up gnutls-3.1.8/lib/nettle/pk.c.noecc gnutls-3.1.8/lib/nettle/pk.c +--- gnutls-3.1.8/lib/nettle/pk.c.noecc 2013-02-10 12:01:25.000000000 +0100 ++++ gnutls-3.1.8/lib/nettle/pk.c 2013-02-21 09:39:26.000000000 +0100 @@ -137,6 +137,7 @@ static int _wrap_nettle_pk_derive(gnutls switch (algo) @@ -417,9 +582,9 @@ diff -up gnutls-3.1.7/lib/nettle/pk.c.noecc gnutls-3.1.7/lib/nettle/pk.c default: ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } -diff -up gnutls-3.1.7/tests/cert-tests/dane.noecc gnutls-3.1.7/tests/cert-tests/dane ---- gnutls-3.1.7/tests/cert-tests/dane.noecc 2013-01-25 20:24:10.000000000 +0100 -+++ gnutls-3.1.7/tests/cert-tests/dane 2013-02-06 18:32:53.381803965 +0100 +diff -up gnutls-3.1.8/tests/cert-tests/dane.noecc gnutls-3.1.8/tests/cert-tests/dane +--- gnutls-3.1.8/tests/cert-tests/dane.noecc 2013-01-25 20:24:10.000000000 +0100 ++++ gnutls-3.1.8/tests/cert-tests/dane 2013-02-21 09:39:26.000000000 +0100 @@ -22,6 +22,8 @@ set -e @@ -429,9 +594,9 @@ diff -up gnutls-3.1.7/tests/cert-tests/dane.noecc gnutls-3.1.7/tests/cert-tests/ srcdir=${srcdir:-.} DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT} -diff -up gnutls-3.1.7/tests/dtls/dtls-nb.noecc gnutls-3.1.7/tests/dtls/dtls-nb ---- gnutls-3.1.7/tests/dtls/dtls-nb.noecc 2012-12-03 20:36:51.000000000 +0100 -+++ gnutls-3.1.7/tests/dtls/dtls-nb 2013-02-06 17:30:21.148616598 +0100 +diff -up gnutls-3.1.8/tests/dtls/dtls-nb.noecc gnutls-3.1.8/tests/dtls/dtls-nb +--- gnutls-3.1.8/tests/dtls/dtls-nb.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.8/tests/dtls/dtls-nb 2013-02-21 09:39:26.000000000 +0100 @@ -22,9 +22,7 @@ set -e @@ -443,9 +608,9 @@ diff -up gnutls-3.1.7/tests/dtls/dtls-nb.noecc gnutls-3.1.7/tests/dtls/dtls-nb ./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished ./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone -diff -up gnutls-3.1.7/tests/dtls/dtls.noecc gnutls-3.1.7/tests/dtls/dtls ---- gnutls-3.1.7/tests/dtls/dtls.noecc 2012-12-03 20:36:51.000000000 +0100 -+++ gnutls-3.1.7/tests/dtls/dtls 2013-02-06 17:30:12.732428591 +0100 +diff -up gnutls-3.1.8/tests/dtls/dtls.noecc gnutls-3.1.8/tests/dtls/dtls +--- gnutls-3.1.8/tests/dtls/dtls.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.8/tests/dtls/dtls 2013-02-21 09:39:26.000000000 +0100 @@ -22,9 +22,7 @@ set -e @@ -457,9 +622,9 @@ diff -up gnutls-3.1.7/tests/dtls/dtls.noecc gnutls-3.1.7/tests/dtls/dtls ./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished ./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone -diff -up gnutls-3.1.7/tests/ecdsa/ecdsa.noecc gnutls-3.1.7/tests/ecdsa/ecdsa ---- gnutls-3.1.7/tests/ecdsa/ecdsa.noecc 2012-12-03 20:36:51.000000000 +0100 -+++ gnutls-3.1.7/tests/ecdsa/ecdsa 2013-02-06 17:31:19.991931090 +0100 +diff -up gnutls-3.1.8/tests/ecdsa/ecdsa.noecc gnutls-3.1.8/tests/ecdsa/ecdsa +--- gnutls-3.1.8/tests/ecdsa/ecdsa.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.8/tests/ecdsa/ecdsa 2013-02-21 09:39:26.000000000 +0100 @@ -22,6 +22,8 @@ #set -e @@ -469,9 +634,9 @@ diff -up gnutls-3.1.7/tests/ecdsa/ecdsa.noecc gnutls-3.1.7/tests/ecdsa/ecdsa srcdir=${srcdir:-.} CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} -diff -up gnutls-3.1.7/tests/mini-dtls-record.c.noecc gnutls-3.1.7/tests/mini-dtls-record.c ---- gnutls-3.1.7/tests/mini-dtls-record.c.noecc 2013-01-17 20:07:30.000000000 +0100 -+++ gnutls-3.1.7/tests/mini-dtls-record.c 2013-02-06 16:49:30.236481581 +0100 +diff -up gnutls-3.1.8/tests/mini-dtls-record.c.noecc gnutls-3.1.8/tests/mini-dtls-record.c +--- gnutls-3.1.8/tests/mini-dtls-record.c.noecc 2013-01-17 20:07:30.000000000 +0100 ++++ gnutls-3.1.8/tests/mini-dtls-record.c 2013-02-21 09:39:26.000000000 +0100 @@ -27,7 +27,7 @@ #include #include @@ -481,9 +646,9 @@ diff -up gnutls-3.1.7/tests/mini-dtls-record.c.noecc gnutls-3.1.7/tests/mini-dtl int main () -diff -up gnutls-3.1.7/tests/mini-dtls-rehandshake.c.noecc gnutls-3.1.7/tests/mini-dtls-rehandshake.c ---- gnutls-3.1.7/tests/mini-dtls-rehandshake.c.noecc 2012-12-03 20:36:51.000000000 +0100 -+++ gnutls-3.1.7/tests/mini-dtls-rehandshake.c 2013-02-06 16:50:11.803404151 +0100 +diff -up gnutls-3.1.8/tests/mini-dtls-rehandshake.c.noecc gnutls-3.1.8/tests/mini-dtls-rehandshake.c +--- gnutls-3.1.8/tests/mini-dtls-rehandshake.c.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.8/tests/mini-dtls-rehandshake.c 2013-02-21 09:39:26.000000000 +0100 @@ -27,7 +27,7 @@ #include #include @@ -493,9 +658,9 @@ diff -up gnutls-3.1.7/tests/mini-dtls-rehandshake.c.noecc gnutls-3.1.7/tests/min int main() { -diff -up gnutls-3.1.7/tests/mini-dtls-srtp.c.noecc gnutls-3.1.7/tests/mini-dtls-srtp.c ---- gnutls-3.1.7/tests/mini-dtls-srtp.c.noecc 2012-12-03 20:36:51.000000000 +0100 -+++ gnutls-3.1.7/tests/mini-dtls-srtp.c 2013-02-06 16:51:05.009585051 +0100 +diff -up gnutls-3.1.8/tests/mini-dtls-srtp.c.noecc gnutls-3.1.8/tests/mini-dtls-srtp.c +--- gnutls-3.1.8/tests/mini-dtls-srtp.c.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.8/tests/mini-dtls-srtp.c 2013-02-21 09:39:26.000000000 +0100 @@ -27,7 +27,7 @@ #include #include @@ -505,9 +670,9 @@ diff -up gnutls-3.1.7/tests/mini-dtls-srtp.c.noecc gnutls-3.1.7/tests/mini-dtls- int main (int argc, char** argv) -diff -up gnutls-3.1.7/tests/mini-handshake-timeout.c.noecc gnutls-3.1.7/tests/mini-handshake-timeout.c ---- gnutls-3.1.7/tests/mini-handshake-timeout.c.noecc 2012-12-03 20:36:51.000000000 +0100 -+++ gnutls-3.1.7/tests/mini-handshake-timeout.c 2013-02-06 16:51:28.466105661 +0100 +diff -up gnutls-3.1.8/tests/mini-handshake-timeout.c.noecc gnutls-3.1.8/tests/mini-handshake-timeout.c +--- gnutls-3.1.8/tests/mini-handshake-timeout.c.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.8/tests/mini-handshake-timeout.c 2013-02-21 09:39:26.000000000 +0100 @@ -28,7 +28,7 @@ #include #include @@ -530,9 +695,9 @@ diff -up gnutls-3.1.7/tests/mini-handshake-timeout.c.noecc gnutls-3.1.7/tests/mi } static void -diff -up gnutls-3.1.7/tests/mini-loss-time.c.noecc gnutls-3.1.7/tests/mini-loss-time.c ---- gnutls-3.1.7/tests/mini-loss-time.c.noecc 2012-12-03 20:36:51.000000000 +0100 -+++ gnutls-3.1.7/tests/mini-loss-time.c 2013-02-06 16:51:47.254522659 +0100 +diff -up gnutls-3.1.8/tests/mini-loss-time.c.noecc gnutls-3.1.8/tests/mini-loss-time.c +--- gnutls-3.1.8/tests/mini-loss-time.c.noecc 2012-12-03 20:36:51.000000000 +0100 ++++ gnutls-3.1.8/tests/mini-loss-time.c 2013-02-21 09:39:26.000000000 +0100 @@ -28,7 +28,7 @@ #include #include @@ -542,9 +707,9 @@ diff -up gnutls-3.1.7/tests/mini-loss-time.c.noecc gnutls-3.1.7/tests/mini-loss- int main() { -diff -up gnutls-3.1.7/tests/mini-record.c.noecc gnutls-3.1.7/tests/mini-record.c ---- gnutls-3.1.7/tests/mini-record.c.noecc 2013-01-23 20:31:17.000000000 +0100 -+++ gnutls-3.1.7/tests/mini-record.c 2013-02-06 16:52:07.965982266 +0100 +diff -up gnutls-3.1.8/tests/mini-record.c.noecc gnutls-3.1.8/tests/mini-record.c +--- gnutls-3.1.8/tests/mini-record.c.noecc 2013-01-23 20:31:17.000000000 +0100 ++++ gnutls-3.1.8/tests/mini-record.c 2013-02-21 09:39:26.000000000 +0100 @@ -27,7 +27,7 @@ #include #include @@ -554,9 +719,9 @@ diff -up gnutls-3.1.7/tests/mini-record.c.noecc gnutls-3.1.7/tests/mini-record.c int main() { -diff -up gnutls-3.1.7/tests/mini-xssl.c.noecc gnutls-3.1.7/tests/mini-xssl.c ---- gnutls-3.1.7/tests/mini-xssl.c.noecc 2013-01-27 18:16:02.000000000 +0100 -+++ gnutls-3.1.7/tests/mini-xssl.c 2013-02-06 16:29:32.288396176 +0100 +diff -up gnutls-3.1.8/tests/mini-xssl.c.noecc gnutls-3.1.8/tests/mini-xssl.c +--- gnutls-3.1.8/tests/mini-xssl.c.noecc 2013-01-27 18:16:02.000000000 +0100 ++++ gnutls-3.1.8/tests/mini-xssl.c 2013-02-21 09:39:26.000000000 +0100 @@ -27,7 +27,7 @@ #include #include @@ -566,9 +731,9 @@ diff -up gnutls-3.1.7/tests/mini-xssl.c.noecc gnutls-3.1.7/tests/mini-xssl.c int main() { -diff -up gnutls-3.1.7/tests/pkcs12_simple.c.noecc gnutls-3.1.7/tests/pkcs12_simple.c ---- gnutls-3.1.7/tests/pkcs12_simple.c.noecc 2012-12-06 09:01:28.000000000 +0100 -+++ gnutls-3.1.7/tests/pkcs12_simple.c 2013-02-06 17:01:39.813123531 +0100 +diff -up gnutls-3.1.8/tests/pkcs12_simple.c.noecc gnutls-3.1.8/tests/pkcs12_simple.c +--- gnutls-3.1.8/tests/pkcs12_simple.c.noecc 2012-12-06 09:01:28.000000000 +0100 ++++ gnutls-3.1.8/tests/pkcs12_simple.c 2013-02-21 09:39:26.000000000 +0100 @@ -50,6 +50,10 @@ doit (void) gnutls_x509_privkey_t pkey; int ret; @@ -580,9 +745,9 @@ diff -up gnutls-3.1.7/tests/pkcs12_simple.c.noecc gnutls-3.1.7/tests/pkcs12_simp ret = gnutls_global_init (); if (ret < 0) fail ("gnutls_global_init failed %d\n", ret); -diff -up gnutls-3.1.7/tests/slow/keygen.c.noecc gnutls-3.1.7/tests/slow/keygen.c ---- gnutls-3.1.7/tests/slow/keygen.c.noecc 2012-12-03 20:36:52.000000000 +0100 -+++ gnutls-3.1.7/tests/slow/keygen.c 2013-02-06 17:23:10.831725585 +0100 +diff -up gnutls-3.1.8/tests/slow/keygen.c.noecc gnutls-3.1.8/tests/slow/keygen.c +--- gnutls-3.1.8/tests/slow/keygen.c.noecc 2012-12-03 20:36:52.000000000 +0100 ++++ gnutls-3.1.8/tests/slow/keygen.c 2013-02-21 09:39:26.000000000 +0100 @@ -65,6 +65,11 @@ doit (void) if (algorithm == GNUTLS_PK_DH) continue; @@ -595,9 +760,9 @@ diff -up gnutls-3.1.7/tests/slow/keygen.c.noecc gnutls-3.1.7/tests/slow/keygen.c ret = gnutls_x509_privkey_init (&pkey); if (ret < 0) { -diff -up gnutls-3.1.7/tests/srp/mini-srp.c.noecc gnutls-3.1.7/tests/srp/mini-srp.c ---- gnutls-3.1.7/tests/srp/mini-srp.c.noecc 2012-12-03 20:36:52.000000000 +0100 -+++ gnutls-3.1.7/tests/srp/mini-srp.c 2013-02-06 17:36:50.419312453 +0100 +diff -up gnutls-3.1.8/tests/srp/mini-srp.c.noecc gnutls-3.1.8/tests/srp/mini-srp.c +--- gnutls-3.1.8/tests/srp/mini-srp.c.noecc 2012-12-03 20:36:52.000000000 +0100 ++++ gnutls-3.1.8/tests/srp/mini-srp.c 2013-02-21 09:39:26.000000000 +0100 @@ -27,7 +27,7 @@ #include #include diff --git a/gnutls.spec b/gnutls.spec index 0f413d4..571a996 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -3,7 +3,7 @@ Summary: A TLS protocol implementation Name: gnutls Version: 3.1.8 -Release: 1%{?dist} +Release: 2%{?dist} # The libgnutls library is LGPLv3+, utilities and remaining libraries are GPLv3+ License: GPLv3+ and LGPLv3+ Group: System Environment/Libraries @@ -30,7 +30,7 @@ Patch1: gnutls-3.1.7-rpath.patch # Use only FIPS approved ciphers in the FIPS mode Patch7: gnutls-2.12.21-fips-algorithms.patch # Make ECC optional as it is now hobbled -Patch8: gnutls-3.1.7-noecc.patch +Patch8: gnutls-3.1.8-noecc.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: libgcrypt >= 1.2.2 @@ -268,6 +268,9 @@ fi %endif %changelog +* Tue Feb 26 2013 Tomas Mraz 3.1.8-2 +- don't send ECC algos as supported (#913797) + * Thu Feb 21 2013 Tomas Mraz 3.1.8-1 - new upstream version