enable ECC NIST Suite B curves
Conflicts: gnutls.spec
This commit is contained in:
		
							parent
							
								
									80b24a34ea
								
							
						
					
					
						commit
						aaa40d934c
					
				
							
								
								
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										1
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -25,3 +25,4 @@ gnutls-2.10.1-nosrp.tar.bz2 | |||||||
| /gnutls-3.1.10-hobbled.tar.xz | /gnutls-3.1.10-hobbled.tar.xz | ||||||
| /gnutls-3.1.11-hobbled.tar.xz | /gnutls-3.1.11-hobbled.tar.xz | ||||||
| /gnutls-3.1.13-hobbled.tar.xz | /gnutls-3.1.13-hobbled.tar.xz | ||||||
|  | /gnutls-3.1.13-hobbled-el.tar.xz | ||||||
|  | |||||||
							
								
								
									
										301
									
								
								ecc.c
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										301
									
								
								ecc.c
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,301 @@ | |||||||
|  | /*
 | ||||||
|  |  * Copyright (C) 2011-2012 Free Software Foundation, Inc. | ||||||
|  |  * | ||||||
|  |  * Author: Nikos Mavrogiannopoulos | ||||||
|  |  * | ||||||
|  |  * This file is part of GnuTLS. | ||||||
|  |  * | ||||||
|  |  * The GnuTLS is free software; you can redistribute it and/or | ||||||
|  |  * modify it under the terms of the GNU Lesser General Public License | ||||||
|  |  * as published by the Free Software Foundation; either version 2.1 of | ||||||
|  |  * the License, or (at your option) any later version. | ||||||
|  |  * | ||||||
|  |  * This library is distributed in the hope that it will be useful, but | ||||||
|  |  * WITHOUT ANY WARRANTY; without even the implied warranty of | ||||||
|  |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU | ||||||
|  |  * Lesser General Public License for more details. | ||||||
|  |  * | ||||||
|  |  * You should have received a copy of the GNU Lesser General Public License | ||||||
|  |  * along with this program.  If not, see <http://www.gnu.org/licenses/>
 | ||||||
|  |  * | ||||||
|  |  */ | ||||||
|  | 
 | ||||||
|  | #include <gnutls_int.h> | ||||||
|  | #include <algorithms.h> | ||||||
|  | #include <gnutls_errors.h> | ||||||
|  | #include <x509/common.h> | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | /* Supported ECC curves
 | ||||||
|  |  */ | ||||||
|  | 
 | ||||||
|  | static const gnutls_ecc_curve_entry_st ecc_curves[] = { | ||||||
|  |   { | ||||||
|  |     .name = "SECP256R1",  | ||||||
|  |     .oid = "1.2.840.10045.3.1.7", | ||||||
|  |     .id = GNUTLS_ECC_CURVE_SECP256R1, | ||||||
|  |     .tls_id = 23, | ||||||
|  |     .size = 32, | ||||||
|  |     .prime = "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", | ||||||
|  |     .A = "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", | ||||||
|  |     .B = "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", | ||||||
|  |     .order = "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", | ||||||
|  |     .Gx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", | ||||||
|  |     .Gy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     .name = "SECP384R1", | ||||||
|  |     .oid = "1.3.132.0.34", | ||||||
|  |     .id = GNUTLS_ECC_CURVE_SECP384R1, | ||||||
|  |     .tls_id = 24, | ||||||
|  |     .size = 48, | ||||||
|  |     .prime = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", | ||||||
|  |     .A = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", | ||||||
|  |     .B = "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", | ||||||
|  |     .order = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", | ||||||
|  |     .Gx = "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", | ||||||
|  |     .Gy = "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F" | ||||||
|  |   }, | ||||||
|  |   {0, 0, 0} | ||||||
|  | }; | ||||||
|  | 
 | ||||||
|  | #define GNUTLS_ECC_CURVE_LOOP(b) \ | ||||||
|  | 	{ const gnutls_ecc_curve_entry_st *p; \ | ||||||
|  |                 for(p = ecc_curves; p->name != NULL; p++) { b ; } } | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | /* Returns the TLS id of the given curve
 | ||||||
|  |  */ | ||||||
|  | int | ||||||
|  | _gnutls_tls_id_to_ecc_curve (int num) | ||||||
|  | { | ||||||
|  |   gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; | ||||||
|  | 
 | ||||||
|  |   GNUTLS_ECC_CURVE_LOOP ( | ||||||
|  |   if (p->tls_id == num)  | ||||||
|  |     { | ||||||
|  |       ret = p->id; | ||||||
|  |       break; | ||||||
|  |     } | ||||||
|  |   ); | ||||||
|  |    | ||||||
|  |   return ret; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /**
 | ||||||
|  |  * gnutls_ecc_curve_list: | ||||||
|  |  * | ||||||
|  |  * Get the list of supported elliptic curves. | ||||||
|  |  * | ||||||
|  |  * This function is not thread safe. | ||||||
|  |  * | ||||||
|  |  * Returns: Return a (0)-terminated list of #gnutls_ecc_curve_t | ||||||
|  |  *   integers indicating the available curves. | ||||||
|  |  **/ | ||||||
|  | const gnutls_ecc_curve_t * | ||||||
|  | gnutls_ecc_curve_list (void) | ||||||
|  | { | ||||||
|  | static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 }; | ||||||
|  | 
 | ||||||
|  |   if (supported_curves[0] == 0) | ||||||
|  |     { | ||||||
|  |       int i = 0; | ||||||
|  | 
 | ||||||
|  |       GNUTLS_ECC_CURVE_LOOP (  | ||||||
|  |         supported_curves[i++]=p->id; | ||||||
|  |       ); | ||||||
|  |       supported_curves[i++]=0; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |   return supported_curves; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /* Maps numbers to TLS NamedCurve IDs (RFC4492).
 | ||||||
|  |  * Returns a negative number on error. | ||||||
|  |  */ | ||||||
|  | int | ||||||
|  | _gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc) | ||||||
|  | { | ||||||
|  |   int ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | ||||||
|  | 
 | ||||||
|  |   GNUTLS_ECC_CURVE_LOOP ( | ||||||
|  |   if (p->id == supported_ecc)  | ||||||
|  |     { | ||||||
|  |       ret = p->tls_id; | ||||||
|  |       break; | ||||||
|  |     } | ||||||
|  |   ); | ||||||
|  |    | ||||||
|  |   return ret; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /*-
 | ||||||
|  |  * _gnutls_oid_to_ecc_curve: | ||||||
|  |  * @oid: is a curve's OID | ||||||
|  |  * | ||||||
|  |  * Returns: return a #gnutls_ecc_curve_t value corresponding to | ||||||
|  |  *   the specified OID, or %GNUTLS_ECC_CURVE_INVALID on error. | ||||||
|  |  -*/ | ||||||
|  | gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid) | ||||||
|  | { | ||||||
|  |   gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; | ||||||
|  | 
 | ||||||
|  |   GNUTLS_ECC_CURVE_LOOP ( | ||||||
|  |   if (strcasecmp (p->oid, oid) == 0)  | ||||||
|  |     { | ||||||
|  |       ret = p->id; | ||||||
|  |       break; | ||||||
|  |     } | ||||||
|  |   ); | ||||||
|  | 
 | ||||||
|  |   return ret; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /*-
 | ||||||
|  |  * _gnutls_ecc_curve_get_id: | ||||||
|  |  * @name: is a curve name | ||||||
|  |  * | ||||||
|  |  * The names are compared in a case insensitive way. | ||||||
|  |  * | ||||||
|  |  * Returns: return a #gnutls_ecc_curve_t value corresponding to | ||||||
|  |  *   the specified curve, or %GNUTLS_ECC_CURVE_INVALID on error. | ||||||
|  |  -*/ | ||||||
|  | gnutls_ecc_curve_t | ||||||
|  | _gnutls_ecc_curve_get_id (const char *name) | ||||||
|  | { | ||||||
|  |   gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; | ||||||
|  | 
 | ||||||
|  |   GNUTLS_ECC_CURVE_LOOP ( | ||||||
|  |   if (strcasecmp (p->name, name) == 0)  | ||||||
|  |     { | ||||||
|  |       ret = p->id; | ||||||
|  |       break; | ||||||
|  |     } | ||||||
|  |   ); | ||||||
|  | 
 | ||||||
|  |   return ret; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /*-
 | ||||||
|  |  * _gnutls_ecc_bits_to_curve: | ||||||
|  |  * @bits: is a security parameter in bits | ||||||
|  |  * | ||||||
|  |  * Returns: return a #gnutls_ecc_curve_t value corresponding to | ||||||
|  |  *   the specified bit length, or %GNUTLS_ECC_CURVE_INVALID on error. | ||||||
|  |  -*/ | ||||||
|  | gnutls_ecc_curve_t | ||||||
|  | _gnutls_ecc_bits_to_curve (int bits) | ||||||
|  | { | ||||||
|  |   gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP224R1; | ||||||
|  | 
 | ||||||
|  |   GNUTLS_ECC_CURVE_LOOP ( | ||||||
|  |     if (8*p->size >= bits) | ||||||
|  |       { | ||||||
|  |         ret = p->id; | ||||||
|  |         break; | ||||||
|  |       } | ||||||
|  |   ); | ||||||
|  | 
 | ||||||
|  |   return ret; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /**
 | ||||||
|  |  * gnutls_ecc_curve_get_name: | ||||||
|  |  * @curve: is an ECC curve | ||||||
|  |  * | ||||||
|  |  * Convert a #gnutls_ecc_curve_t value to a string. | ||||||
|  |  * | ||||||
|  |  * Returns: a string that contains the name of the specified | ||||||
|  |  *   curve or %NULL. | ||||||
|  |  * | ||||||
|  |  * Since: 3.0 | ||||||
|  |  **/ | ||||||
|  | const char * | ||||||
|  | gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve) | ||||||
|  | { | ||||||
|  |   const char *ret = NULL; | ||||||
|  | 
 | ||||||
|  |   GNUTLS_ECC_CURVE_LOOP( | ||||||
|  |     if (p->id == curve) | ||||||
|  |       { | ||||||
|  |         ret = p->name; | ||||||
|  |         break; | ||||||
|  |       } | ||||||
|  |   ); | ||||||
|  | 
 | ||||||
|  |   return ret; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /*-
 | ||||||
|  |  * _gnutls_ecc_curve_get_oid: | ||||||
|  |  * @curve: is an ECC curve | ||||||
|  |  * | ||||||
|  |  * Convert a #gnutls_ecc_curve_t value to a string. | ||||||
|  |  * | ||||||
|  |  * Returns: a string that contains the name of the specified | ||||||
|  |  *   curve or %NULL. | ||||||
|  |  -*/ | ||||||
|  | const char * | ||||||
|  | _gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve) | ||||||
|  | { | ||||||
|  |   const char *ret = NULL; | ||||||
|  | 
 | ||||||
|  |   GNUTLS_ECC_CURVE_LOOP( | ||||||
|  |     if (p->id == curve) | ||||||
|  |       { | ||||||
|  |         ret = p->oid; | ||||||
|  |         break; | ||||||
|  |       } | ||||||
|  |   ); | ||||||
|  | 
 | ||||||
|  |   return ret; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /*-
 | ||||||
|  |  * _gnutls_ecc_curve_get_params: | ||||||
|  |  * @curve: is an ECC curve | ||||||
|  |  * | ||||||
|  |  * Returns the information on a curve. | ||||||
|  |  * | ||||||
|  |  * Returns: a pointer to #gnutls_ecc_curve_entry_st or %NULL. | ||||||
|  |  -*/ | ||||||
|  | const gnutls_ecc_curve_entry_st * | ||||||
|  | _gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve) | ||||||
|  | { | ||||||
|  |   const gnutls_ecc_curve_entry_st *ret = NULL; | ||||||
|  | 
 | ||||||
|  |   GNUTLS_ECC_CURVE_LOOP( | ||||||
|  |     if (p->id == curve) | ||||||
|  |       { | ||||||
|  |         ret = p; | ||||||
|  |         break; | ||||||
|  |       } | ||||||
|  |   ); | ||||||
|  | 
 | ||||||
|  |   return ret; | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | /**
 | ||||||
|  |  * gnutls_ecc_curve_get_size: | ||||||
|  |  * @curve: is an ECC curve | ||||||
|  |  * | ||||||
|  |  * Returns the size in bytes of the curve. | ||||||
|  |  * | ||||||
|  |  * Returns: a the size or (0). | ||||||
|  |  * | ||||||
|  |  * Since: 3.0 | ||||||
|  |  **/ | ||||||
|  | int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve) | ||||||
|  | { | ||||||
|  |   int ret = 0; | ||||||
|  | 
 | ||||||
|  |   GNUTLS_ECC_CURVE_LOOP( | ||||||
|  |     if (p->id == curve) | ||||||
|  |       { | ||||||
|  |         ret = p->size; | ||||||
|  |         break; | ||||||
|  |       } | ||||||
|  |   ); | ||||||
|  | 
 | ||||||
|  |   return ret; | ||||||
|  | } | ||||||
| @ -1,663 +0,0 @@ | |||||||
| diff -up gnutls-3.1.11/lib/algorithms/kx.c.noecc gnutls-3.1.11/lib/algorithms/kx.c
 |  | ||||||
| --- gnutls-3.1.11/lib/algorithms/kx.c.noecc	2013-04-27 10:04:48.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/algorithms/kx.c	2013-05-13 11:08:41.411446861 +0200
 |  | ||||||
| @@ -29,9 +29,11 @@
 |  | ||||||
|  extern mod_auth_st rsa_auth_struct; |  | ||||||
|  extern mod_auth_st rsa_export_auth_struct; |  | ||||||
|  extern mod_auth_st dhe_rsa_auth_struct; |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|  extern mod_auth_st ecdhe_rsa_auth_struct; |  | ||||||
|  extern mod_auth_st ecdhe_psk_auth_struct; |  | ||||||
|  extern mod_auth_st ecdhe_ecdsa_auth_struct; |  | ||||||
| +#endif
 |  | ||||||
|  extern mod_auth_st dhe_dss_auth_struct; |  | ||||||
|  extern mod_auth_st anon_auth_struct; |  | ||||||
|  extern mod_auth_st anon_ecdh_auth_struct; |  | ||||||
| diff -up gnutls-3.1.11/lib/algorithms/publickey.c.noecc gnutls-3.1.11/lib/algorithms/publickey.c
 |  | ||||||
| --- gnutls-3.1.11/lib/algorithms/publickey.c.noecc	2013-04-27 10:04:48.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/algorithms/publickey.c	2013-05-13 11:08:41.411446861 +0200
 |  | ||||||
| @@ -50,8 +50,10 @@ static const gnutls_pk_map pk_mappings[]
 |  | ||||||
|    {GNUTLS_KX_RSA_EXPORT, GNUTLS_PK_RSA, CIPHER_SIGN}, |  | ||||||
|    {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, |  | ||||||
|    {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, |  | ||||||
|    {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN}, |  | ||||||
| +#endif
 |  | ||||||
|    {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, |  | ||||||
|    {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, |  | ||||||
|    {0, 0, 0} |  | ||||||
| @@ -97,7 +99,9 @@ static const gnutls_pk_entry pk_algorith
 |  | ||||||
|    {"DSA", PK_DSA_OID, GNUTLS_PK_DSA}, |  | ||||||
|    {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN}, |  | ||||||
|    {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN}, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC}, |  | ||||||
| +#endif
 |  | ||||||
|    {0, 0, 0} |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
| diff -up gnutls-3.1.11/lib/algorithms/sign.c.noecc gnutls-3.1.11/lib/algorithms/sign.c
 |  | ||||||
| --- gnutls-3.1.11/lib/algorithms/sign.c.noecc	2013-04-24 10:34:02.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/algorithms/sign.c	2013-05-13 11:08:41.412446883 +0200
 |  | ||||||
| @@ -43,6 +43,14 @@ typedef struct gnutls_sign_entry gnutls_
 |  | ||||||
|  #define TLS_SIGN_AID_UNKNOWN {255, 255} |  | ||||||
|  static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN; |  | ||||||
|   |  | ||||||
| +#ifndef ENABLE_ECC
 |  | ||||||
| +#define GNUTLS_SIGN_ECDSA_SHA1 0
 |  | ||||||
| +#define GNUTLS_SIGN_ECDSA_SHA224 0
 |  | ||||||
| +#define GNUTLS_SIGN_ECDSA_SHA256 0
 |  | ||||||
| +#define GNUTLS_SIGN_ECDSA_SHA384 0
 |  | ||||||
| +#define GNUTLS_SIGN_ECDSA_SHA512 0
 |  | ||||||
| +#endif
 |  | ||||||
| +
 |  | ||||||
|  static const gnutls_sign_entry sign_algorithms[] = { |  | ||||||
|    {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, |  | ||||||
|     GNUTLS_DIG_SHA1, {2, 1}}, |  | ||||||
| diff -up gnutls-3.1.11/lib/auth/cert.c.noecc gnutls-3.1.11/lib/auth/cert.c
 |  | ||||||
| --- gnutls-3.1.11/lib/auth/cert.c.noecc	2013-04-24 10:34:02.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/auth/cert.c	2013-05-13 11:08:41.412446883 +0200
 |  | ||||||
| @@ -63,7 +63,11 @@ static gnutls_privkey_t alloc_and_load_p
 |  | ||||||
|                                                     key, int deinit); |  | ||||||
|  #endif |  | ||||||
|   |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|  #define MAX_CLIENT_SIGN_ALGOS 3 |  | ||||||
| +#else
 |  | ||||||
| +#define MAX_CLIENT_SIGN_ALGOS 2
 |  | ||||||
| +#endif
 |  | ||||||
|  #define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1) |  | ||||||
|  typedef enum CertificateSigType |  | ||||||
|  { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64 |  | ||||||
| @@ -1438,8 +1442,10 @@ _gnutls_check_supported_sign_algo (Certi
 |  | ||||||
|        return GNUTLS_PK_RSA; |  | ||||||
|      case DSA_SIGN: |  | ||||||
|        return GNUTLS_PK_DSA; |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|      case ECDSA_SIGN: |  | ||||||
|        return GNUTLS_PK_EC; |  | ||||||
| +#endif
 |  | ||||||
|      } |  | ||||||
|   |  | ||||||
|    return -1; |  | ||||||
| @@ -1726,7 +1732,9 @@ _gnutls_gen_cert_server_cert_req (gnutls
 |  | ||||||
|    tmp_data[0] = CERTTYPE_SIZE - 1; |  | ||||||
|    tmp_data[1] = RSA_SIGN; |  | ||||||
|    tmp_data[2] = DSA_SIGN; |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    tmp_data[3] = ECDSA_SIGN;     /* only these for now */ |  | ||||||
| +#endif
 |  | ||||||
|   |  | ||||||
|    ret = _gnutls_buffer_append_data (data, tmp_data, CERTTYPE_SIZE); |  | ||||||
|    if (ret < 0) |  | ||||||
| diff -up gnutls-3.1.11/lib/auth/dhe_psk.c.noecc gnutls-3.1.11/lib/auth/dhe_psk.c
 |  | ||||||
| --- gnutls-3.1.11/lib/auth/dhe_psk.c.noecc	2013-04-24 10:34:02.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/auth/dhe_psk.c	2013-05-13 11:08:41.413446905 +0200
 |  | ||||||
| @@ -92,6 +92,7 @@ const mod_auth_st ecdhe_psk_auth_struct
 |  | ||||||
|  }; |  | ||||||
|  #endif |  | ||||||
|   |  | ||||||
| +#ifdef ENABLE_ECDHE
 |  | ||||||
|  static int |  | ||||||
|  gen_ecdhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data) |  | ||||||
|  { |  | ||||||
| @@ -135,6 +136,7 @@ cleanup:
 |  | ||||||
|   |  | ||||||
|    return ret; |  | ||||||
|  } |  | ||||||
| +#endif
 |  | ||||||
|   |  | ||||||
|  static int |  | ||||||
|  gen_dhe_psk_client_kx (gnutls_session_t session, gnutls_buffer_st* data) |  | ||||||
| @@ -230,6 +232,7 @@ gen_dhe_psk_server_kx (gnutls_session_t
 |  | ||||||
|    return ret; |  | ||||||
|  } |  | ||||||
|   |  | ||||||
| +#ifdef ENABLE_ECDHE
 |  | ||||||
|  static int |  | ||||||
|  gen_ecdhe_psk_server_kx (gnutls_session_t session, gnutls_buffer_st* data) |  | ||||||
|  { |  | ||||||
| @@ -254,7 +257,7 @@ gen_ecdhe_psk_server_kx (gnutls_session_
 |  | ||||||
|   |  | ||||||
|    return ret; |  | ||||||
|  } |  | ||||||
| -
 |  | ||||||
| +#endif
 |  | ||||||
|   |  | ||||||
|  static int |  | ||||||
|  proc_dhe_psk_client_kx (gnutls_session_t session, uint8_t * data, |  | ||||||
| @@ -335,6 +338,7 @@ proc_dhe_psk_client_kx (gnutls_session_t
 |  | ||||||
|   |  | ||||||
|  } |  | ||||||
|   |  | ||||||
| +#ifdef ENABLE_ECDHE
 |  | ||||||
|  static int |  | ||||||
|  proc_ecdhe_psk_client_kx (gnutls_session_t session, uint8_t * data, |  | ||||||
|                      size_t _data_size) |  | ||||||
| @@ -399,6 +403,7 @@ proc_ecdhe_psk_client_kx (gnutls_session
 |  | ||||||
|     |  | ||||||
|    return ret; |  | ||||||
|  } |  | ||||||
| +#endif
 |  | ||||||
|   |  | ||||||
|  static int |  | ||||||
|  proc_dhe_psk_server_kx (gnutls_session_t session, uint8_t * data, |  | ||||||
| @@ -432,6 +437,7 @@ proc_dhe_psk_server_kx (gnutls_session_t
 |  | ||||||
|    return 0; |  | ||||||
|  } |  | ||||||
|   |  | ||||||
| +#ifdef ENABLE_ECDHE
 |  | ||||||
|  static int |  | ||||||
|  proc_ecdhe_psk_server_kx (gnutls_session_t session, uint8_t * data, |  | ||||||
|                      size_t _data_size) |  | ||||||
| @@ -463,5 +469,6 @@ proc_ecdhe_psk_server_kx (gnutls_session
 |  | ||||||
|   |  | ||||||
|    return 0; |  | ||||||
|  } |  | ||||||
| +#endif
 |  | ||||||
|   |  | ||||||
|  #endif /* ENABLE_PSK */ |  | ||||||
| diff -up gnutls-3.1.11/lib/ext/ecc.c.noecc gnutls-3.1.11/lib/ext/ecc.c
 |  | ||||||
| --- gnutls-3.1.11/lib/ext/ecc.c.noecc	2013-04-24 10:34:02.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/ext/ecc.c	2013-05-13 11:08:41.413446905 +0200
 |  | ||||||
| @@ -35,6 +35,7 @@
 |  | ||||||
|  /* Maps record size to numbers according to the |  | ||||||
|   * extensions draft. |  | ||||||
|   */ |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|   |  | ||||||
|  static int _gnutls_supported_ecc_recv_params (gnutls_session_t session, |  | ||||||
|                                            const uint8_t * data, |  | ||||||
| @@ -269,3 +270,5 @@ _gnutls_session_supports_ecc_curve (gnut
 |  | ||||||
|   |  | ||||||
|    return GNUTLS_E_ECC_UNSUPPORTED_CURVE; |  | ||||||
|  } |  | ||||||
| +
 |  | ||||||
| +#endif
 |  | ||||||
| diff -up gnutls-3.1.11/lib/gnutls_extensions.c.noecc gnutls-3.1.11/lib/gnutls_extensions.c
 |  | ||||||
| --- gnutls-3.1.11/lib/gnutls_extensions.c.noecc	2013-05-05 12:39:09.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/gnutls_extensions.c	2013-05-13 11:08:41.413446905 +0200
 |  | ||||||
| @@ -350,6 +350,7 @@ _gnutls_ext_init (void)
 |  | ||||||
|    if (ret != GNUTLS_E_SUCCESS) |  | ||||||
|      return ret; |  | ||||||
|   |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    ret = _gnutls_ext_register (&ext_mod_supported_ecc); |  | ||||||
|    if (ret != GNUTLS_E_SUCCESS) |  | ||||||
|      return ret; |  | ||||||
| @@ -357,6 +358,7 @@ _gnutls_ext_init (void)
 |  | ||||||
|    ret = _gnutls_ext_register (&ext_mod_supported_ecc_pf); |  | ||||||
|    if (ret != GNUTLS_E_SUCCESS) |  | ||||||
|      return ret; |  | ||||||
| +#endif
 |  | ||||||
|   |  | ||||||
|    ret = _gnutls_ext_register (&ext_mod_sig); |  | ||||||
|    if (ret != GNUTLS_E_SUCCESS) |  | ||||||
| diff -up gnutls-3.1.11/lib/gnutls_priority.c.noecc gnutls-3.1.11/lib/gnutls_priority.c
 |  | ||||||
| --- gnutls-3.1.11/lib/gnutls_priority.c.noecc	2013-04-27 10:04:48.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/gnutls_priority.c	2013-05-13 11:08:41.414446927 +0200
 |  | ||||||
| @@ -245,35 +245,45 @@ gnutls_certificate_type_set_priority (gn
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  static const int supported_ecc_normal[] = { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_ECC_CURVE_SECP192R1, |  | ||||||
|    GNUTLS_ECC_CURVE_SECP224R1, |  | ||||||
|    GNUTLS_ECC_CURVE_SECP256R1, |  | ||||||
|    GNUTLS_ECC_CURVE_SECP384R1, |  | ||||||
|    GNUTLS_ECC_CURVE_SECP521R1, |  | ||||||
| +#endif
 |  | ||||||
|    0 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  static const int supported_ecc_secure128[] = { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_ECC_CURVE_SECP256R1, |  | ||||||
|    GNUTLS_ECC_CURVE_SECP384R1, |  | ||||||
|    GNUTLS_ECC_CURVE_SECP521R1, |  | ||||||
| +#endif
 |  | ||||||
|    0 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  static const int supported_ecc_suiteb128[] = { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_ECC_CURVE_SECP256R1, |  | ||||||
|    GNUTLS_ECC_CURVE_SECP384R1, |  | ||||||
| +#endif
 |  | ||||||
|    0 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  static const int supported_ecc_suiteb192[] = { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_ECC_CURVE_SECP384R1, |  | ||||||
| +#endif
 |  | ||||||
|    0 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  static const int supported_ecc_secure192[] = { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_ECC_CURVE_SECP384R1, |  | ||||||
|    GNUTLS_ECC_CURVE_SECP521R1, |  | ||||||
| +#endif
 |  | ||||||
|    0 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
| @@ -460,51 +470,75 @@ static const int comp_priority[] = {
 |  | ||||||
|  static const int sign_priority_default[] = { |  | ||||||
|    GNUTLS_SIGN_RSA_SHA256, |  | ||||||
|    GNUTLS_SIGN_DSA_SHA256, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA256, |  | ||||||
| +#endif
 |  | ||||||
|   |  | ||||||
|    GNUTLS_SIGN_RSA_SHA384, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA384, |  | ||||||
| +#endif
 |  | ||||||
|   |  | ||||||
|    GNUTLS_SIGN_RSA_SHA512, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA512, |  | ||||||
| +#endif
 |  | ||||||
|   |  | ||||||
|    GNUTLS_SIGN_RSA_SHA224, |  | ||||||
|    GNUTLS_SIGN_DSA_SHA224, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA224, |  | ||||||
| +#endif
 |  | ||||||
|   |  | ||||||
|    GNUTLS_SIGN_RSA_SHA1, |  | ||||||
|    GNUTLS_SIGN_DSA_SHA1, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA1, |  | ||||||
| +#endif
 |  | ||||||
|    0 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  static const int sign_priority_suiteb128[] = { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA256, |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA384, |  | ||||||
| +#endif
 |  | ||||||
|    0 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  static const int sign_priority_suiteb192[] = { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA384, |  | ||||||
| +#endif
 |  | ||||||
|    0 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  static const int sign_priority_secure128[] = { |  | ||||||
|    GNUTLS_SIGN_RSA_SHA256, |  | ||||||
|    GNUTLS_SIGN_DSA_SHA256, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA256, |  | ||||||
| +#endif
 |  | ||||||
|    GNUTLS_SIGN_RSA_SHA384, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA384, |  | ||||||
| +#endif
 |  | ||||||
|    GNUTLS_SIGN_RSA_SHA512, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA512, |  | ||||||
| +#endif
 |  | ||||||
|    0 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  static const int sign_priority_secure192[] = { |  | ||||||
|    GNUTLS_SIGN_RSA_SHA384, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA384, |  | ||||||
| +#endif
 |  | ||||||
|    GNUTLS_SIGN_RSA_SHA512, |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    GNUTLS_SIGN_ECDSA_SHA512, |  | ||||||
| +#endif
 |  | ||||||
|    0 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
| diff -up gnutls-3.1.11/lib/nettle/init.c.noecc gnutls-3.1.11/lib/nettle/init.c
 |  | ||||||
| --- gnutls-3.1.11/lib/nettle/init.c.noecc	2013-04-27 10:04:48.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/nettle/init.c	2013-05-13 11:08:41.414446927 +0200
 |  | ||||||
| @@ -32,7 +32,11 @@
 |  | ||||||
|  int |  | ||||||
|  gnutls_crypto_init (void) |  | ||||||
|  { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    return ecc_wmnaf_cache_init(); |  | ||||||
| +#else
 |  | ||||||
| +  return 0;
 |  | ||||||
| +#endif
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  /* Functions that refer to the deinitialization of the nettle library. |  | ||||||
| @@ -41,5 +45,7 @@ gnutls_crypto_init (void)
 |  | ||||||
|  void |  | ||||||
|  gnutls_crypto_deinit (void) |  | ||||||
|  { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|    ecc_wmnaf_cache_free(); |  | ||||||
| +#endif
 |  | ||||||
|  } |  | ||||||
| diff -up gnutls-3.1.11/lib/nettle/Makefile.am.noecc gnutls-3.1.11/lib/nettle/Makefile.am
 |  | ||||||
| --- gnutls-3.1.11/lib/nettle/Makefile.am.noecc	2013-04-27 10:04:48.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/nettle/Makefile.am	2013-05-13 11:08:41.415446949 +0200
 |  | ||||||
| @@ -33,9 +33,13 @@ endif
 |  | ||||||
|   |  | ||||||
|  noinst_LTLIBRARIES = libcrypto.la |  | ||||||
|   |  | ||||||
| +#if ENABLE_ECC
 |  | ||||||
| +#ECC_SOURCES = ecc_free.c ecc.h ecc_make_key.c ecc_shared_secret.c \
 |  | ||||||
| +#	ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \
 |  | ||||||
| +#	ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \
 |  | ||||||
| +#	ecc_projective_check_point.c ecc_projective_negate_point.c \
 |  | ||||||
| +#	ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c
 |  | ||||||
| +#endif
 |  | ||||||
| +
 |  | ||||||
|  libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c egd.c egd.h \ |  | ||||||
| -	multi.c wmnaf.c ecc_free.c ecc.h ecc_make_key.c ecc_shared_secret.c \
 |  | ||||||
| -	ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \
 |  | ||||||
| -	ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \
 |  | ||||||
| -	ecc_projective_check_point.c ecc_projective_negate_point.c \
 |  | ||||||
| -	ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c gnettle.h 
 |  | ||||||
| +	multi.c wmnaf.c $(ECC_SOURCES) gnettle.h 
 |  | ||||||
| diff -up gnutls-3.1.11/lib/nettle/pk.c.noecc gnutls-3.1.11/lib/nettle/pk.c
 |  | ||||||
| --- gnutls-3.1.11/lib/nettle/pk.c.noecc	2013-04-27 10:04:48.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/lib/nettle/pk.c	2013-05-13 11:08:41.415446949 +0200
 |  | ||||||
| @@ -137,6 +137,7 @@ static int _wrap_nettle_pk_derive(gnutls
 |  | ||||||
|   |  | ||||||
|    switch (algo) |  | ||||||
|      { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|      case GNUTLS_PK_EC: |  | ||||||
|        { |  | ||||||
|          ecc_key ecc_pub, ecc_priv; |  | ||||||
| @@ -182,6 +183,7 @@ ecc_cleanup:
 |  | ||||||
|          out->size = sz; |  | ||||||
|          break; |  | ||||||
|        } |  | ||||||
| +#endif
 |  | ||||||
|      default: |  | ||||||
|        gnutls_assert (); |  | ||||||
|        ret = GNUTLS_E_INTERNAL_ERROR; |  | ||||||
| @@ -326,6 +328,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
 |  | ||||||
|   |  | ||||||
|    switch (algo) |  | ||||||
|      { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|      case GNUTLS_PK_EC: /* we do ECDSA */ |  | ||||||
|        { |  | ||||||
|          ecc_key priv; |  | ||||||
| @@ -369,6 +372,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorith
 |  | ||||||
|            } |  | ||||||
|          break; |  | ||||||
|        } |  | ||||||
| +#endif
 |  | ||||||
|      case GNUTLS_PK_DSA: |  | ||||||
|        { |  | ||||||
|          struct dsa_public_key pub; |  | ||||||
| @@ -470,6 +474,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
 |  | ||||||
|   |  | ||||||
|    switch (algo) |  | ||||||
|      { |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|      case GNUTLS_PK_EC: /* ECDSA */ |  | ||||||
|        { |  | ||||||
|          ecc_key pub; |  | ||||||
| @@ -509,6 +514,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algori
 |  | ||||||
|          _ecc_params_clear( &pub); |  | ||||||
|          break; |  | ||||||
|        } |  | ||||||
| +#endif
 |  | ||||||
|      case GNUTLS_PK_DSA: |  | ||||||
|        { |  | ||||||
|          struct dsa_public_key pub; |  | ||||||
| @@ -705,6 +711,7 @@ rsa_fail:
 |  | ||||||
|   |  | ||||||
|          break; |  | ||||||
|        } |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|      case GNUTLS_PK_EC: |  | ||||||
|        { |  | ||||||
|          ecc_key key; |  | ||||||
| @@ -758,6 +765,7 @@ ecc_fail:
 |  | ||||||
|   |  | ||||||
|          break; |  | ||||||
|        } |  | ||||||
| +#endif
 |  | ||||||
|      default: |  | ||||||
|        gnutls_assert (); |  | ||||||
|        return GNUTLS_E_INVALID_REQUEST; |  | ||||||
| @@ -874,6 +882,7 @@ dsa_cleanup:
 |  | ||||||
|        } |  | ||||||
|   |  | ||||||
|        break; |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
|      case GNUTLS_PK_EC: |  | ||||||
|        { |  | ||||||
|          int curve = params->flags; |  | ||||||
| @@ -923,6 +932,7 @@ ecc_cleanup:
 |  | ||||||
|          ecc_del_point(R); |  | ||||||
|        }   |  | ||||||
|        break; |  | ||||||
| +#endif
 |  | ||||||
|      default: |  | ||||||
|        ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |  | ||||||
|      } |  | ||||||
| diff -up gnutls-3.1.11/tests/cert-tests/dane.noecc gnutls-3.1.11/tests/cert-tests/dane
 |  | ||||||
| --- gnutls-3.1.11/tests/cert-tests/dane.noecc	2013-04-24 10:34:02.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/cert-tests/dane	2013-05-13 11:08:41.416446971 +0200
 |  | ||||||
| @@ -22,6 +22,8 @@
 |  | ||||||
|   |  | ||||||
|  set -e |  | ||||||
|   |  | ||||||
| +exit 77
 |  | ||||||
| +
 |  | ||||||
|  srcdir=${srcdir:-.} |  | ||||||
|  DANETOOL=${DANETOOL:-../../src/danetool$EXEEXT} |  | ||||||
|   |  | ||||||
| diff -up gnutls-3.1.11/tests/dtls/dtls-nb.noecc gnutls-3.1.11/tests/dtls/dtls-nb
 |  | ||||||
| --- gnutls-3.1.11/tests/dtls/dtls-nb.noecc	2013-04-24 10:34:02.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/dtls/dtls-nb	2013-05-13 11:08:41.416446971 +0200
 |  | ||||||
| @@ -22,9 +22,7 @@
 |  | ||||||
|   |  | ||||||
|  set -e |  | ||||||
|   |  | ||||||
| -if test "${WINDIR}" != "";then
 |  | ||||||
| -  exit 77
 |  | ||||||
| -fi
 |  | ||||||
| +exit 77
 |  | ||||||
|   |  | ||||||
|  ./dtls-stress -nb -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished |  | ||||||
|  ./dtls-stress -nb -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone |  | ||||||
| diff -up gnutls-3.1.11/tests/dtls/dtls.noecc gnutls-3.1.11/tests/dtls/dtls
 |  | ||||||
| --- gnutls-3.1.11/tests/dtls/dtls.noecc	2013-04-24 10:34:02.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/dtls/dtls	2013-05-13 11:08:41.416446971 +0200
 |  | ||||||
| @@ -22,9 +22,7 @@
 |  | ||||||
|   |  | ||||||
|  set -e |  | ||||||
|   |  | ||||||
| -if test "${WINDIR}" != "";then
 |  | ||||||
| -  exit 77
 |  | ||||||
| -fi
 |  | ||||||
| +exit 77
 |  | ||||||
|   |  | ||||||
|  ./dtls-stress -shello 021 -sfinished 01 -cfinished 012 SKeyExchange CKeyExchange CFinished |  | ||||||
|  ./dtls-stress -shello 012 -sfinished 10 -cfinished 210 SHello SKeyExchange SHelloDone |  | ||||||
| diff -up gnutls-3.1.11/tests/ecdsa/ecdsa.noecc gnutls-3.1.11/tests/ecdsa/ecdsa
 |  | ||||||
| --- gnutls-3.1.11/tests/ecdsa/ecdsa.noecc	2013-04-24 10:34:02.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/ecdsa/ecdsa	2013-05-13 11:08:41.416446971 +0200
 |  | ||||||
| @@ -22,6 +22,8 @@
 |  | ||||||
|   |  | ||||||
|  #set -e |  | ||||||
|   |  | ||||||
| +exit 77
 |  | ||||||
| +
 |  | ||||||
|  srcdir=${srcdir:-.} |  | ||||||
|  CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT} |  | ||||||
|   |  | ||||||
| diff -up gnutls-3.1.11/tests/mini-dtls-heartbeat.c.noecc gnutls-3.1.11/tests/mini-dtls-heartbeat.c
 |  | ||||||
| --- gnutls-3.1.11/tests/mini-dtls-heartbeat.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/mini-dtls-heartbeat.c	2013-05-13 11:16:23.185518179 +0200
 |  | ||||||
| @@ -27,7 +27,7 @@
 |  | ||||||
|  #include <stdio.h> |  | ||||||
|  #include <stdlib.h> |  | ||||||
|   |  | ||||||
| -#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT)
 |  | ||||||
| +#if defined(_WIN32) || !defined(ENABLE_HEARTBEAT) || !defined(ENABLE_ECC)
 |  | ||||||
|   |  | ||||||
|  int |  | ||||||
|  main () |  | ||||||
| diff -up gnutls-3.1.11/tests/mini-dtls-record.c.noecc gnutls-3.1.11/tests/mini-dtls-record.c
 |  | ||||||
| --- gnutls-3.1.11/tests/mini-dtls-record.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/mini-dtls-record.c	2013-05-13 11:08:41.416446971 +0200
 |  | ||||||
| @@ -27,7 +27,7 @@
 |  | ||||||
|  #include <stdio.h> |  | ||||||
|  #include <stdlib.h> |  | ||||||
|   |  | ||||||
| -#if defined(_WIN32)
 |  | ||||||
| +#if defined(_WIN32) || !defined(ENABLE_ECC)
 |  | ||||||
|   |  | ||||||
|  int |  | ||||||
|  main () |  | ||||||
| diff -up gnutls-3.1.11/tests/mini-dtls-rehandshake.c.noecc gnutls-3.1.11/tests/mini-dtls-rehandshake.c
 |  | ||||||
| --- gnutls-3.1.11/tests/mini-dtls-rehandshake.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/mini-dtls-rehandshake.c	2013-05-13 11:08:41.416446971 +0200
 |  | ||||||
| @@ -27,7 +27,7 @@
 |  | ||||||
|  #include <stdio.h> |  | ||||||
|  #include <stdlib.h> |  | ||||||
|   |  | ||||||
| -#if defined(_WIN32)
 |  | ||||||
| +#if defined(_WIN32) || !defined(ENABLE_ECC)
 |  | ||||||
|   |  | ||||||
|  int main() |  | ||||||
|  { |  | ||||||
| diff -up gnutls-3.1.11/tests/mini-dtls-srtp.c.noecc gnutls-3.1.11/tests/mini-dtls-srtp.c
 |  | ||||||
| --- gnutls-3.1.11/tests/mini-dtls-srtp.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/mini-dtls-srtp.c	2013-05-13 11:08:41.417446993 +0200
 |  | ||||||
| @@ -27,7 +27,7 @@
 |  | ||||||
|  #include <stdio.h> |  | ||||||
|  #include <stdlib.h> |  | ||||||
|   |  | ||||||
| -#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP)
 |  | ||||||
| +#if defined(_WIN32) || !defined(ENABLE_DTLS_SRTP) || !defined(ENABLE_ECC)
 |  | ||||||
|   |  | ||||||
|  int |  | ||||||
|  main (int argc, char** argv) |  | ||||||
| diff -up gnutls-3.1.11/tests/mini-handshake-timeout.c.noecc gnutls-3.1.11/tests/mini-handshake-timeout.c
 |  | ||||||
| --- gnutls-3.1.11/tests/mini-handshake-timeout.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/mini-handshake-timeout.c	2013-05-13 11:08:41.417446993 +0200
 |  | ||||||
| @@ -28,7 +28,7 @@
 |  | ||||||
|  #include <stdlib.h> |  | ||||||
|  #include <string.h> |  | ||||||
|   |  | ||||||
| -#if defined(_WIN32)
 |  | ||||||
| +#if defined(_WIN32) || !defined(ENABLE_ECC)
 |  | ||||||
|   |  | ||||||
|  int main() |  | ||||||
|  { |  | ||||||
| @@ -142,7 +142,11 @@ initialize_tls_session (gnutls_session_t
 |  | ||||||
|    /* avoid calling all the priority functions, since the defaults |  | ||||||
|     * are adequate. |  | ||||||
|     */ |  | ||||||
| -  gnutls_priority_set_direct (*session, "NORMAL:+ANON-ECDH", NULL);
 |  | ||||||
| +#ifdef ENABLE_ECC
 |  | ||||||
| +  gnutls_priority_set_direct (session, "NORMAL:+ANON-ECDH", NULL);
 |  | ||||||
| +#else
 |  | ||||||
| +  gnutls_priority_set_direct (session, "NORMAL:+ANON-DH", NULL);
 |  | ||||||
| +#endif
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  static void |  | ||||||
| diff -up gnutls-3.1.11/tests/mini-loss-time.c.noecc gnutls-3.1.11/tests/mini-loss-time.c
 |  | ||||||
| --- gnutls-3.1.11/tests/mini-loss-time.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/mini-loss-time.c	2013-05-13 11:08:41.417446993 +0200
 |  | ||||||
| @@ -28,7 +28,7 @@
 |  | ||||||
|  #include <stdlib.h> |  | ||||||
|  #include <string.h> |  | ||||||
|   |  | ||||||
| -#if defined(_WIN32)
 |  | ||||||
| +#if defined(_WIN32) || !defined(ENABLE_ECC)
 |  | ||||||
|   |  | ||||||
|  int main() |  | ||||||
|  { |  | ||||||
| diff -up gnutls-3.1.11/tests/mini-record.c.noecc gnutls-3.1.11/tests/mini-record.c
 |  | ||||||
| --- gnutls-3.1.11/tests/mini-record.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/mini-record.c	2013-05-13 11:08:41.417446993 +0200
 |  | ||||||
| @@ -27,7 +27,7 @@
 |  | ||||||
|  #include <stdio.h> |  | ||||||
|  #include <stdlib.h> |  | ||||||
|   |  | ||||||
| -#if defined(_WIN32)
 |  | ||||||
| +#if defined(_WIN32) || !defined(ENABLE_ECC)
 |  | ||||||
|   |  | ||||||
|  int main() |  | ||||||
|  { |  | ||||||
| diff -up gnutls-3.1.11/tests/mini-record-range.c.noecc gnutls-3.1.11/tests/mini-record-range.c
 |  | ||||||
| --- gnutls-3.1.11/tests/mini-record-range.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/mini-record-range.c	2013-05-13 11:17:05.526439771 +0200
 |  | ||||||
| @@ -27,7 +27,7 @@
 |  | ||||||
|  #include <stdio.h> |  | ||||||
|  #include <stdlib.h> |  | ||||||
|   |  | ||||||
| -#if defined(_WIN32)
 |  | ||||||
| +#if defined(_WIN32) || !defined(ENABLE_ECC)
 |  | ||||||
|   |  | ||||||
|  int main() |  | ||||||
|  { |  | ||||||
| diff -up gnutls-3.1.11/tests/mini-xssl.c.noecc gnutls-3.1.11/tests/mini-xssl.c
 |  | ||||||
| --- gnutls-3.1.11/tests/mini-xssl.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/mini-xssl.c	2013-05-13 11:08:41.417446993 +0200
 |  | ||||||
| @@ -27,7 +27,7 @@
 |  | ||||||
|  #include <stdio.h> |  | ||||||
|  #include <stdlib.h> |  | ||||||
|   |  | ||||||
| -#if defined(_WIN32)
 |  | ||||||
| +#if defined(_WIN32) || !defined(ENABLE_ECC)
 |  | ||||||
|   |  | ||||||
|  int main() |  | ||||||
|  { |  | ||||||
| diff -up gnutls-3.1.11/tests/pkcs12_simple.c.noecc gnutls-3.1.11/tests/pkcs12_simple.c
 |  | ||||||
| --- gnutls-3.1.11/tests/pkcs12_simple.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/pkcs12_simple.c	2013-05-13 11:08:41.417446993 +0200
 |  | ||||||
| @@ -50,6 +50,10 @@ doit (void)
 |  | ||||||
|    gnutls_x509_privkey_t pkey; |  | ||||||
|    int ret; |  | ||||||
|   |  | ||||||
| +#ifndef ENABLE_ECC
 |  | ||||||
| +  exit(77);
 |  | ||||||
| +#endif
 |  | ||||||
| +
 |  | ||||||
|    ret = global_init (); |  | ||||||
|    if (ret < 0) |  | ||||||
|      fail ("global_init failed %d\n", ret); |  | ||||||
| diff -up gnutls-3.1.11/tests/slow/keygen.c.noecc gnutls-3.1.11/tests/slow/keygen.c
 |  | ||||||
| --- gnutls-3.1.11/tests/slow/keygen.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/slow/keygen.c	2013-05-13 11:08:41.417446993 +0200
 |  | ||||||
| @@ -65,6 +65,11 @@ doit (void)
 |  | ||||||
|                  if (algorithm == GNUTLS_PK_DH) |  | ||||||
|                      continue; |  | ||||||
|   |  | ||||||
| +#ifndef ENABLE_ECC
 |  | ||||||
| +                if (algorithm == GNUTLS_PK_EC)
 |  | ||||||
| +                    continue;
 |  | ||||||
| +#endif
 |  | ||||||
| +
 |  | ||||||
|                  ret = gnutls_x509_privkey_init (&pkey); |  | ||||||
|                  if (ret < 0) |  | ||||||
|                    { |  | ||||||
| diff -up gnutls-3.1.11/tests/srp/mini-srp.c.noecc gnutls-3.1.11/tests/srp/mini-srp.c
 |  | ||||||
| --- gnutls-3.1.11/tests/srp/mini-srp.c.noecc	2013-05-10 10:10:27.000000000 +0200
 |  | ||||||
| +++ gnutls-3.1.11/tests/srp/mini-srp.c	2013-05-13 11:08:41.418447015 +0200
 |  | ||||||
| @@ -27,7 +27,7 @@
 |  | ||||||
|  #include <stdio.h> |  | ||||||
|  #include <stdlib.h> |  | ||||||
|   |  | ||||||
| -#if defined(_WIN32)
 |  | ||||||
| +#if defined(_WIN32) || !defined(ENABLE_SRP)
 |  | ||||||
|   |  | ||||||
|  int main() |  | ||||||
|  { |  | ||||||
							
								
								
									
										12
									
								
								gnutls-3.1.11-nosrp.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								gnutls-3.1.11-nosrp.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,12 @@ | |||||||
|  | diff -up gnutls-3.1.10/tests/srp/mini-srp.c.noecc gnutls-3.1.10/tests/srp/mini-srp.c
 | ||||||
|  | --- gnutls-3.1.10/tests/srp/mini-srp.c.noecc	2013-03-21 21:42:28.000000000 +0100
 | ||||||
|  | +++ gnutls-3.1.10/tests/srp/mini-srp.c	2013-03-25 13:42:20.753422209 +0100
 | ||||||
|  | @@ -27,7 +27,7 @@
 | ||||||
|  |  #include <stdio.h> | ||||||
|  |  #include <stdlib.h> | ||||||
|  |   | ||||||
|  | -#if defined(_WIN32)
 | ||||||
|  | +#if defined(_WIN32) || !defined(ENABLE_SRP)
 | ||||||
|  |   | ||||||
|  |  int main() | ||||||
|  |  { | ||||||
							
								
								
									
										119
									
								
								gnutls-3.1.11-suiteb.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										119
									
								
								gnutls-3.1.11-suiteb.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,119 @@ | |||||||
|  | diff -up gnutls-3.1.11/lib/gnutls_ecc.c.suiteb gnutls-3.1.11/lib/gnutls_ecc.c
 | ||||||
|  | --- gnutls-3.1.11/lib/gnutls_ecc.c.suiteb	2013-04-27 10:04:48.000000000 +0200
 | ||||||
|  | +++ gnutls-3.1.11/lib/gnutls_ecc.c	2013-05-23 10:08:45.331883555 +0200
 | ||||||
|  | @@ -129,6 +129,12 @@ int ret;
 | ||||||
|  |        goto cleanup; | ||||||
|  |      } | ||||||
|  |    params->params_nr++; | ||||||
|  | +
 | ||||||
|  | +  if (_gnutls_mpi_get_nbits(params->params[ECC_PRIME]) < 256)
 | ||||||
|  | +    {
 | ||||||
|  | +      ret = gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
 | ||||||
|  | +      goto cleanup;
 | ||||||
|  | +    }
 | ||||||
|  |     | ||||||
|  |    val_size = sizeof(val); | ||||||
|  |    ret = _gnutls_hex2bin(st->order, strlen(st->order), val, &val_size); | ||||||
|  | diff -up gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c
 | ||||||
|  | --- gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c.suiteb	2013-04-27 10:04:48.000000000 +0200
 | ||||||
|  | +++ gnutls-3.1.11/lib/nettle/ecc_mulmod_cached.c	2013-05-23 10:24:56.575967312 +0200
 | ||||||
|  | @@ -42,6 +42,7 @@ typedef struct
 | ||||||
|  |   | ||||||
|  |  /* global cache */ | ||||||
|  |  static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache = NULL; | ||||||
|  | +static gnutls_ecc_curve_cache_entry_t *ecc_wmnaf_cache_last = NULL;
 | ||||||
|  |   | ||||||
|  |  /* free single cache entry */ | ||||||
|  |  static void | ||||||
|  | @@ -63,9 +64,10 @@ ecc_wmnaf_cache_free (void)
 | ||||||
|  |    gnutls_ecc_curve_cache_entry_t *p = ecc_wmnaf_cache; | ||||||
|  |    if (p) | ||||||
|  |      { | ||||||
|  | -      for (; p->id != GNUTLS_ECC_CURVE_INVALID; ++p)
 | ||||||
|  | +      for (; p <= ecc_wmnaf_cache_last; ++p)
 | ||||||
|  |          { | ||||||
|  | -          _ecc_wmnaf_cache_entry_free (p);
 | ||||||
|  | +          if (p->id != GNUTLS_ECC_CURVE_INVALID)
 | ||||||
|  | +            _ecc_wmnaf_cache_entry_free (p);
 | ||||||
|  |          } | ||||||
|  |   | ||||||
|  |        free (ecc_wmnaf_cache); | ||||||
|  | @@ -198,7 +200,7 @@ ecc_wmnaf_cache_init (void)
 | ||||||
|  |    const gnutls_ecc_curve_t *p; | ||||||
|  |   | ||||||
|  |    ret = (gnutls_ecc_curve_cache_entry_t *) | ||||||
|  | -    malloc (MAX_ALGOS * sizeof (gnutls_ecc_curve_cache_entry_t));
 | ||||||
|  | +    calloc (MAX_ALGOS, sizeof (gnutls_ecc_curve_cache_entry_t));
 | ||||||
|  |    if (ret == NULL) | ||||||
|  |      return GNUTLS_E_MEMORY_ERROR; | ||||||
|  |   | ||||||
|  | @@ -207,12 +209,16 @@ ecc_wmnaf_cache_init (void)
 | ||||||
|  |   | ||||||
|  |    for (j = 0; *p; ++p, ++j) | ||||||
|  |      { | ||||||
|  | -      if ((err = _ecc_wmnaf_cache_entry_init (ret + *p - 1, *p)) != 0)
 | ||||||
|  | +      gnutls_ecc_curve_cache_entry_t *entry;
 | ||||||
|  | +
 | ||||||
|  | +      entry = ret + *p - 1;
 | ||||||
|  | +      if ((err = _ecc_wmnaf_cache_entry_init (entry, *p)) != 0)
 | ||||||
|  |          goto done; | ||||||
|  | +      if (ecc_wmnaf_cache_last < entry)
 | ||||||
|  | +        ecc_wmnaf_cache_last = entry;
 | ||||||
|  |      } | ||||||
|  |   | ||||||
|  | -  /* nullify last cache entry id */
 | ||||||
|  | -  ret[j].id = GNUTLS_ECC_CURVE_INVALID;
 | ||||||
|  | +  /* no need to nullify last cache entry id, done by calloc */
 | ||||||
|  |   | ||||||
|  |    err = GNUTLS_E_SUCCESS; | ||||||
|  |   | ||||||
|  | @@ -223,7 +229,8 @@ done:
 | ||||||
|  |        int i; | ||||||
|  |        for (i = 0; i < j; ++i) | ||||||
|  |          { | ||||||
|  | -          _ecc_wmnaf_cache_entry_free (ret + i);
 | ||||||
|  | +          --p;
 | ||||||
|  | +          _ecc_wmnaf_cache_entry_free (ret + *p - 1);
 | ||||||
|  |          } | ||||||
|  |   | ||||||
|  |        free (ret); | ||||||
|  | @@ -445,9 +452,11 @@ ecc_mulmod_cached_lookup (mpz_t k, ecc_p
 | ||||||
|  |    if (k == NULL || G == NULL || R == NULL || modulus == NULL) | ||||||
|  |      return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; | ||||||
|  |   | ||||||
|  | -  for (i = 0; (id = ecc_wmnaf_cache[i].id); ++i)
 | ||||||
|  | +  for (i = 0; ecc_wmnaf_cache + i <= ecc_wmnaf_cache_last; ++i)
 | ||||||
|  |      { | ||||||
|  | -      if (!(mpz_cmp (G->x, ecc_wmnaf_cache[i].pos[0]->x)) &&
 | ||||||
|  | +      id = ecc_wmnaf_cache[i].id;
 | ||||||
|  | +      if (id &&
 | ||||||
|  | +          !(mpz_cmp (G->x, ecc_wmnaf_cache[i].pos[0]->x)) &&
 | ||||||
|  |            !(mpz_cmp (G->y, ecc_wmnaf_cache[i].pos[0]->y))) | ||||||
|  |          { | ||||||
|  |            break; | ||||||
|  | diff -up gnutls-3.1.11/tests/mini-xssl.c.suiteb gnutls-3.1.11/tests/mini-xssl.c
 | ||||||
|  | --- gnutls-3.1.11/tests/mini-xssl.c.suiteb	2013-05-10 10:10:27.000000000 +0200
 | ||||||
|  | +++ gnutls-3.1.11/tests/mini-xssl.c	2013-05-23 11:58:22.670298910 +0200
 | ||||||
|  | @@ -27,7 +27,8 @@
 | ||||||
|  |  #include <stdio.h> | ||||||
|  |  #include <stdlib.h> | ||||||
|  |   | ||||||
|  | -#if defined(_WIN32)
 | ||||||
|  | +/* uses unsupported curves */
 | ||||||
|  | +#if 1
 | ||||||
|  |   | ||||||
|  |  int main() | ||||||
|  |  { | ||||||
|  | diff -up gnutls-3.1.11/tests/pkcs12_simple.c.suiteb gnutls-3.1.11/tests/pkcs12_simple.c
 | ||||||
|  | --- gnutls-3.1.11/tests/pkcs12_simple.c.suiteb	2013-05-10 10:10:27.000000000 +0200
 | ||||||
|  | +++ gnutls-3.1.11/tests/pkcs12_simple.c	2013-05-23 11:57:59.776799848 +0200
 | ||||||
|  | @@ -50,6 +50,9 @@ doit (void)
 | ||||||
|  |    gnutls_x509_privkey_t pkey; | ||||||
|  |    int ret; | ||||||
|  |   | ||||||
|  | +  /* uses unsupported curves */
 | ||||||
|  | +  exit(77);
 | ||||||
|  | +
 | ||||||
|  |    ret = global_init (); | ||||||
|  |    if (ret < 0) | ||||||
|  |      fail ("global_init failed %d\n", ret); | ||||||
							
								
								
									
										19
									
								
								gnutls.spec
									
									
									
									
									
								
							
							
						
						
									
										19
									
								
								gnutls.spec
									
									
									
									
									
								
							| @ -3,7 +3,7 @@ | |||||||
| Summary: A TLS protocol implementation | Summary: A TLS protocol implementation | ||||||
| Name: gnutls | Name: gnutls | ||||||
| Version: 3.1.13 | Version: 3.1.13 | ||||||
| Release: 2%{?dist} | Release: 3%{?dist} | ||||||
| # The libraries are LGPLv2.1+, utilities are GPLv3+, however | # The libraries are LGPLv2.1+, utilities are GPLv3+, however | ||||||
| # the bundled gnulib is LGPLv3+ | # the bundled gnulib is LGPLv3+ | ||||||
| License: GPLv3+ and LGPLv2+ and LGPLv3+ | License: GPLv3+ and LGPLv2+ and LGPLv3+ | ||||||
| @ -22,16 +22,17 @@ URL: http://www.gnutls.org/ | |||||||
| #Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz | #Source0: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz | ||||||
| #Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz.sig | #Source1: ftp://ftp.gnutls.org/gcrypt/gnutls/%{name}-%{version}.tar.xz.sig | ||||||
| # XXX patent tainted code removed. | # XXX patent tainted code removed. | ||||||
| Source0: %{name}-%{version}-hobbled.tar.xz | Source0: %{name}-%{version}-hobbled-el.tar.xz | ||||||
| Source1: libgnutls-config | Source1: libgnutls-config | ||||||
| Source2: hobble-gnutls | Source2: hobble-gnutls | ||||||
|  | Source3: ecc.c | ||||||
| Patch1: gnutls-3.1.7-rpath.patch | Patch1: gnutls-3.1.7-rpath.patch | ||||||
| # Use only FIPS approved ciphers in the FIPS mode | # Use only FIPS approved ciphers in the FIPS mode | ||||||
| Patch7: gnutls-2.12.21-fips-algorithms.patch | Patch7: gnutls-2.12.21-fips-algorithms.patch | ||||||
| # Make ECC optional as it is now hobbled | Patch8: gnutls-3.1.11-nosrp.patch | ||||||
| Patch8: gnutls-3.1.11-noecc.patch |  | ||||||
| # Use random port in some tests to avoid conflicts during simultaneous builds on the same machine | # Use random port in some tests to avoid conflicts during simultaneous builds on the same machine | ||||||
| Patch9: gnutls-3.1.10-tests-rndport.patch | Patch9: gnutls-3.1.10-tests-rndport.patch | ||||||
|  | Patch10: gnutls-3.1.11-suiteb.patch | ||||||
| 
 | 
 | ||||||
| # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 | # Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174 | ||||||
| Provides: bundled(gnulib) = 20130424 | Provides: bundled(gnulib) = 20130424 | ||||||
| @ -124,13 +125,15 @@ This package contains Guile bindings for the library. | |||||||
| # This patch is not applicable as we use nettle now but some parts will be | # This patch is not applicable as we use nettle now but some parts will be | ||||||
| # later reused. | # later reused. | ||||||
| #%patch7 -p1 -b .fips | #%patch7 -p1 -b .fips | ||||||
| %patch8 -p1 -b .noecc | %patch8 -p1 -b .nosrp | ||||||
| %patch9 -p1 -b .rndport | %patch9 -p1 -b .rndport | ||||||
|  | %patch10 -p1 -b .suiteb | ||||||
| 
 | 
 | ||||||
| %{SOURCE2} -e | %{SOURCE2} -e | ||||||
| 
 | 
 | ||||||
|  | cp -f %{SOURCE3} lib/algorithms | ||||||
|  | 
 | ||||||
| %build | %build | ||||||
| autoreconf -f |  | ||||||
| 
 | 
 | ||||||
| export LDFLAGS="-Wl,--no-add-needed" | export LDFLAGS="-Wl,--no-add-needed" | ||||||
| 
 | 
 | ||||||
| @ -139,7 +142,6 @@ export LDFLAGS="-Wl,--no-add-needed" | |||||||
|            --disable-static \ |            --disable-static \ | ||||||
|            --disable-openssl-compatibility \ |            --disable-openssl-compatibility \ | ||||||
|            --disable-srp-authentication \ |            --disable-srp-authentication \ | ||||||
|            --disable-ecdhe \ |  | ||||||
| %if %{with guile} | %if %{with guile} | ||||||
|            --enable-guile \ |            --enable-guile \ | ||||||
| %ifarch %{arm} | %ifarch %{arm} | ||||||
| @ -255,6 +257,9 @@ fi | |||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Wed Oct 16 2013 Tomáš Mráz <tmraz@redhat.com> 3.1.13-3 | ||||||
|  | - enable ECC NIST Suite B curves | ||||||
|  | 
 | ||||||
| * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.13-2 | * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.13-2 | ||||||
| - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild | - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -14,10 +14,6 @@ for f in auth_srp_sb64.c auth_srp_passwd.c auth_srp_rsa.c \ | |||||||
| done | done | ||||||
| 
 | 
 | ||||||
| # ECC | # ECC | ||||||
| for f in ecc_free.c ecc_make_key.c ecc_shared_secret.c \ | for f in ecc.c ; do | ||||||
|     ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \ |     eval "$CMD lib/algorithms/$f" | ||||||
|     ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \ |  | ||||||
|     ecc_projective_check_point.c ecc_projective_negate_point.c \ |  | ||||||
|     ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c ; do |  | ||||||
|     eval "$CMD lib/nettle/$f" |  | ||||||
| done | done | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user