[packit] 3.8.3 upstream release
Upstream tag: 3.8.3 Upstream commit: 2f04c14d
This commit is contained in:
parent
c42ee03de2
commit
da7f0db0fe
2
.gitignore
vendored
2
.gitignore
vendored
@ -148,3 +148,5 @@ gnutls-2.10.1-nosrp.tar.bz2
|
|||||||
/gnutls-3.8.1.tar.xz.sig
|
/gnutls-3.8.1.tar.xz.sig
|
||||||
/gnutls-3.8.2.tar.xz
|
/gnutls-3.8.2.tar.xz
|
||||||
/gnutls-3.8.2.tar.xz.sig
|
/gnutls-3.8.2.tar.xz.sig
|
||||||
|
/gnutls-3.8.3.tar.xz
|
||||||
|
/gnutls-3.8.3.tar.xz.sig
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
This repository is maintained by packit.
|
This repository is maintained by packit.
|
||||||
https://packit.dev/
|
https://packit.dev/
|
||||||
The file was generated using packit 0.85.0.
|
The file was generated using packit 0.88.0.
|
||||||
|
@ -1,701 +0,0 @@
|
|||||||
From 8b7065ed5c72d34d3bf3e0bb803d81fb3abdcb8b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daiki Ueno <ueno@gnu.org>
|
|
||||||
Date: Fri, 1 Dec 2023 17:42:09 +0900
|
|
||||||
Subject: [PATCH] Revert "pkcs11: support Ed448 keys"
|
|
||||||
|
|
||||||
This reverts commit 8cd6e84edaad4a826e481ae045548587f98bd9f7.
|
|
||||||
---
|
|
||||||
lib/pkcs11.c | 23 +---
|
|
||||||
lib/pkcs11_int.h | 23 +++-
|
|
||||||
lib/pkcs11_privkey.c | 67 +---------
|
|
||||||
lib/pkcs11_write.c | 9 +-
|
|
||||||
lib/pubkey.c | 1 -
|
|
||||||
tests/cert-common.h | 47 +------
|
|
||||||
tests/pkcs11/pkcs11-eddsa-privkey-test.c | 160 +++++++++++------------
|
|
||||||
tests/pkcs11/pkcs11-privkey-generate.c | 17 +--
|
|
||||||
tests/tls13/ocsp-client.c | 4 +-
|
|
||||||
9 files changed, 114 insertions(+), 237 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
|
|
||||||
index c46d1f7e61..a96605da60 100644
|
|
||||||
--- a/lib/pkcs11.c
|
|
||||||
+++ b/lib/pkcs11.c
|
|
||||||
@@ -1796,7 +1796,6 @@ int pkcs11_read_pubkey(struct ck_function_list *module, ck_session_handle_t pks,
|
|
||||||
pobj->pubkey[1].size = a[1].value_len;
|
|
||||||
|
|
||||||
pobj->pubkey_size = 2;
|
|
||||||
- pobj->pk_algorithm = GNUTLS_PK_RSA;
|
|
||||||
} else {
|
|
||||||
gnutls_assert();
|
|
||||||
ret = GNUTLS_E_PKCS11_ERROR;
|
|
||||||
@@ -1852,7 +1851,6 @@ int pkcs11_read_pubkey(struct ck_function_list *module, ck_session_handle_t pks,
|
|
||||||
pobj->pubkey[3].size = a[1].value_len;
|
|
||||||
|
|
||||||
pobj->pubkey_size = 4;
|
|
||||||
- pobj->pk_algorithm = GNUTLS_PK_DSA;
|
|
||||||
} else {
|
|
||||||
gnutls_assert();
|
|
||||||
ret = pkcs11_rv_to_err(rv);
|
|
||||||
@@ -1877,7 +1875,6 @@ int pkcs11_read_pubkey(struct ck_function_list *module, ck_session_handle_t pks,
|
|
||||||
pobj->pubkey[1].size = a[1].value_len;
|
|
||||||
|
|
||||||
pobj->pubkey_size = 2;
|
|
||||||
- pobj->pk_algorithm = GNUTLS_PK_EC;
|
|
||||||
} else {
|
|
||||||
gnutls_assert();
|
|
||||||
|
|
||||||
@@ -1898,9 +1895,6 @@ int pkcs11_read_pubkey(struct ck_function_list *module, ck_session_handle_t pks,
|
|
||||||
|
|
||||||
if ((rv = pkcs11_get_attribute_value(module, pks, ctx, a, 2)) ==
|
|
||||||
CKR_OK) {
|
|
||||||
- gnutls_ecc_curve_t curve;
|
|
||||||
- const gnutls_ecc_curve_entry_st *ce;
|
|
||||||
-
|
|
||||||
pobj->pubkey[0].data = a[0].value;
|
|
||||||
pobj->pubkey[0].size = a[0].value_len;
|
|
||||||
|
|
||||||
@@ -1908,26 +1902,13 @@ int pkcs11_read_pubkey(struct ck_function_list *module, ck_session_handle_t pks,
|
|
||||||
pobj->pubkey[1].size = a[1].value_len;
|
|
||||||
|
|
||||||
pobj->pubkey_size = 2;
|
|
||||||
-
|
|
||||||
- ret = _gnutls_x509_read_ecc_params(pobj->pubkey[0].data,
|
|
||||||
- pobj->pubkey[0].size,
|
|
||||||
- &curve);
|
|
||||||
- if (ret < 0) {
|
|
||||||
- ret = GNUTLS_E_INVALID_REQUEST;
|
|
||||||
- goto cleanup;
|
|
||||||
- }
|
|
||||||
- ce = _gnutls_ecc_curve_get_params(curve);
|
|
||||||
- if (unlikely(ce == NULL)) {
|
|
||||||
- ret = GNUTLS_E_INVALID_REQUEST;
|
|
||||||
- goto cleanup;
|
|
||||||
- }
|
|
||||||
- pobj->pk_algorithm = ce->pk;
|
|
||||||
} else {
|
|
||||||
gnutls_assert();
|
|
||||||
|
|
||||||
ret = pkcs11_rv_to_err(rv);
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
default:
|
|
||||||
@@ -1964,6 +1945,8 @@ pkcs11_obj_import_pubkey(struct ck_function_list *module,
|
|
||||||
a[0].value_len = sizeof(key_type);
|
|
||||||
|
|
||||||
if (pkcs11_get_attribute_value(module, pks, ctx, a, 1) == CKR_OK) {
|
|
||||||
+ pobj->pk_algorithm = key_type_to_pk(key_type);
|
|
||||||
+
|
|
||||||
ret = pkcs11_read_pubkey(module, pks, ctx, key_type, pobj);
|
|
||||||
if (ret < 0)
|
|
||||||
return gnutls_assert_val(ret);
|
|
||||||
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
|
|
||||||
index 891e98f962..9a3380f9cc 100644
|
|
||||||
--- a/lib/pkcs11_int.h
|
|
||||||
+++ b/lib/pkcs11_int.h
|
|
||||||
@@ -247,7 +247,7 @@ static inline int pk_to_mech(gnutls_pk_algorithm_t pk)
|
|
||||||
else if (pk == GNUTLS_PK_RSA_PSS)
|
|
||||||
return CKM_RSA_PKCS_PSS;
|
|
||||||
#ifdef HAVE_PKCS11_EDDSA
|
|
||||||
- else if (pk == GNUTLS_PK_EDDSA_ED25519 || pk == GNUTLS_PK_EDDSA_ED448)
|
|
||||||
+ else if (pk == GNUTLS_PK_EDDSA_ED25519)
|
|
||||||
return CKM_EDDSA;
|
|
||||||
#endif
|
|
||||||
else
|
|
||||||
@@ -263,13 +263,29 @@ static inline int pk_to_key_type(gnutls_pk_algorithm_t pk)
|
|
||||||
else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA)
|
|
||||||
return CKK_RSA;
|
|
||||||
#ifdef HAVE_PKCS11_EDDSA
|
|
||||||
- else if (pk == GNUTLS_PK_EDDSA_ED25519 || pk == GNUTLS_PK_EDDSA_ED448)
|
|
||||||
+ else if (pk == GNUTLS_PK_EDDSA_ED25519)
|
|
||||||
return CKK_EC_EDWARDS;
|
|
||||||
#endif
|
|
||||||
else
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+static inline gnutls_pk_algorithm_t key_type_to_pk(ck_key_type_t m)
|
|
||||||
+{
|
|
||||||
+ if (m == CKK_RSA)
|
|
||||||
+ return GNUTLS_PK_RSA;
|
|
||||||
+ else if (m == CKK_DSA)
|
|
||||||
+ return GNUTLS_PK_DSA;
|
|
||||||
+ else if (m == CKK_ECDSA)
|
|
||||||
+ return GNUTLS_PK_EC;
|
|
||||||
+#ifdef HAVE_PKCS11_EDDSA
|
|
||||||
+ else if (m == CKK_EC_EDWARDS)
|
|
||||||
+ return GNUTLS_PK_EDDSA_ED25519;
|
|
||||||
+#endif
|
|
||||||
+ else
|
|
||||||
+ return GNUTLS_PK_UNKNOWN;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static inline int pk_to_genmech(gnutls_pk_algorithm_t pk, ck_key_type_t *type)
|
|
||||||
{
|
|
||||||
if (pk == GNUTLS_PK_DSA) {
|
|
||||||
@@ -282,8 +298,7 @@ static inline int pk_to_genmech(gnutls_pk_algorithm_t pk, ck_key_type_t *type)
|
|
||||||
*type = CKK_RSA;
|
|
||||||
return CKM_RSA_PKCS_KEY_PAIR_GEN;
|
|
||||||
#ifdef HAVE_PKCS11_EDDSA
|
|
||||||
- } else if (pk == GNUTLS_PK_EDDSA_ED25519 ||
|
|
||||||
- pk == GNUTLS_PK_EDDSA_ED448) {
|
|
||||||
+ } else if (pk == GNUTLS_PK_EDDSA_ED25519) {
|
|
||||||
*type = CKK_EC_EDWARDS;
|
|
||||||
return CKM_EC_EDWARDS_KEY_PAIR_GEN;
|
|
||||||
#endif
|
|
||||||
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
|
|
||||||
index b9f36c0a62..a30e44084c 100644
|
|
||||||
--- a/lib/pkcs11_privkey.c
|
|
||||||
+++ b/lib/pkcs11_privkey.c
|
|
||||||
@@ -486,61 +486,6 @@ cleanup:
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static inline gnutls_pk_algorithm_t
|
|
||||||
-key_type_to_pk(struct ck_function_list *module, ck_session_handle_t pks,
|
|
||||||
- ck_object_handle_t ctx, ck_key_type_t m)
|
|
||||||
-{
|
|
||||||
- switch (m) {
|
|
||||||
- case CKK_RSA:
|
|
||||||
- return GNUTLS_PK_RSA;
|
|
||||||
- case CKK_DSA:
|
|
||||||
- return GNUTLS_PK_DSA;
|
|
||||||
- case CKK_ECDSA:
|
|
||||||
- return GNUTLS_PK_EC;
|
|
||||||
-#ifdef HAVE_PKCS11_EDDSA
|
|
||||||
- case CKK_EC_EDWARDS: {
|
|
||||||
- struct ck_attribute a[1];
|
|
||||||
- uint8_t *tmp1;
|
|
||||||
- size_t tmp1_size;
|
|
||||||
- gnutls_pk_algorithm_t pk = GNUTLS_PK_UNKNOWN;
|
|
||||||
-
|
|
||||||
- tmp1_size = MAX_PK_PARAM_SIZE;
|
|
||||||
- tmp1 = gnutls_calloc(1, tmp1_size);
|
|
||||||
- if (tmp1 == NULL)
|
|
||||||
- return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
|
||||||
-
|
|
||||||
- a[0].type = CKA_EC_PARAMS;
|
|
||||||
- a[0].value = tmp1;
|
|
||||||
- a[0].value_len = tmp1_size;
|
|
||||||
-
|
|
||||||
- if (pkcs11_get_attribute_value(module, pks, ctx, a, 1) ==
|
|
||||||
- CKR_OK) {
|
|
||||||
- gnutls_ecc_curve_t curve;
|
|
||||||
- const gnutls_ecc_curve_entry_st *ce;
|
|
||||||
- int ret;
|
|
||||||
-
|
|
||||||
- ret = _gnutls_x509_read_ecc_params(
|
|
||||||
- a[0].value, a[0].value_len, &curve);
|
|
||||||
- if (ret < 0) {
|
|
||||||
- goto edwards_cleanup;
|
|
||||||
- }
|
|
||||||
- ce = _gnutls_ecc_curve_get_params(curve);
|
|
||||||
- if (unlikely(ce == NULL)) {
|
|
||||||
- goto edwards_cleanup;
|
|
||||||
- }
|
|
||||||
- pk = ce->pk;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- edwards_cleanup:
|
|
||||||
- gnutls_free(tmp1);
|
|
||||||
- return pk;
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
- default:
|
|
||||||
- return GNUTLS_PK_UNKNOWN;
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
/**
|
|
||||||
* gnutls_pkcs11_privkey_import_url:
|
|
||||||
* @pkey: The private key
|
|
||||||
@@ -616,9 +561,7 @@ int gnutls_pkcs11_privkey_import_url(gnutls_pkcs11_privkey_t pkey,
|
|
||||||
a[0].value_len = sizeof(key_type);
|
|
||||||
if (pkcs11_get_attribute_value(pkey->sinfo.module, pkey->sinfo.pks,
|
|
||||||
pkey->ref, a, 1) == CKR_OK) {
|
|
||||||
- pkey->pk_algorithm = key_type_to_pk(pkey->sinfo.module,
|
|
||||||
- pkey->sinfo.pks, pkey->ref,
|
|
||||||
- key_type);
|
|
||||||
+ pkey->pk_algorithm = key_type_to_pk(key_type);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN) {
|
|
||||||
@@ -1245,7 +1188,6 @@ int gnutls_pkcs11_privkey_generate3(const char *url, gnutls_pk_algorithm_t pk,
|
|
||||||
|
|
||||||
break;
|
|
||||||
case GNUTLS_PK_EDDSA_ED25519:
|
|
||||||
- case GNUTLS_PK_EDDSA_ED448:
|
|
||||||
p[p_val].type = CKA_SIGN;
|
|
||||||
p[p_val].value = (void *)&tval;
|
|
||||||
p[p_val].value_len = sizeof(tval);
|
|
||||||
@@ -1256,11 +1198,8 @@ int gnutls_pkcs11_privkey_generate3(const char *url, gnutls_pk_algorithm_t pk,
|
|
||||||
a[a_val].value_len = sizeof(tval);
|
|
||||||
a_val++;
|
|
||||||
|
|
||||||
- ret = _gnutls_x509_write_ecc_params(
|
|
||||||
- pk == GNUTLS_PK_EDDSA_ED25519 ?
|
|
||||||
- GNUTLS_ECC_CURVE_ED25519 :
|
|
||||||
- GNUTLS_ECC_CURVE_ED448,
|
|
||||||
- &der);
|
|
||||||
+ ret = _gnutls_x509_write_ecc_params(GNUTLS_ECC_CURVE_ED25519,
|
|
||||||
+ &der);
|
|
||||||
if (ret < 0) {
|
|
||||||
gnutls_assert();
|
|
||||||
goto cleanup;
|
|
||||||
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
|
|
||||||
index a3201ddeba..3090721db5 100644
|
|
||||||
--- a/lib/pkcs11_write.c
|
|
||||||
+++ b/lib/pkcs11_write.c
|
|
||||||
@@ -355,8 +355,7 @@ static int add_pubkey(gnutls_pubkey_t pubkey, struct ck_attribute *a,
|
|
||||||
(*a_val)++;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
- case GNUTLS_PK_EDDSA_ED25519:
|
|
||||||
- case GNUTLS_PK_EDDSA_ED448: {
|
|
||||||
+ case GNUTLS_PK_EDDSA_ED25519: {
|
|
||||||
gnutls_datum_t params, ecpoint;
|
|
||||||
|
|
||||||
ret = _gnutls_x509_write_ecc_params(pubkey->params.curve,
|
|
||||||
@@ -936,8 +935,7 @@ int gnutls_pkcs11_copy_x509_privkey2(const char *token_url,
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
#ifdef HAVE_PKCS11_EDDSA
|
|
||||||
- case GNUTLS_PK_EDDSA_ED25519:
|
|
||||||
- case GNUTLS_PK_EDDSA_ED448: {
|
|
||||||
+ case GNUTLS_PK_EDDSA_ED25519: {
|
|
||||||
ret = _gnutls_x509_write_ecc_params(key->params.curve, &p);
|
|
||||||
if (ret < 0) {
|
|
||||||
gnutls_assert();
|
|
||||||
@@ -1003,8 +1001,7 @@ cleanup:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
case GNUTLS_PK_EC:
|
|
||||||
- case GNUTLS_PK_EDDSA_ED25519:
|
|
||||||
- case GNUTLS_PK_EDDSA_ED448: {
|
|
||||||
+ case GNUTLS_PK_EDDSA_ED25519: {
|
|
||||||
gnutls_free(p.data);
|
|
||||||
gnutls_free(x.data);
|
|
||||||
break;
|
|
||||||
diff --git a/lib/pubkey.c b/lib/pubkey.c
|
|
||||||
index 1139ad99fc..59ca194f1a 100644
|
|
||||||
--- a/lib/pubkey.c
|
|
||||||
+++ b/lib/pubkey.c
|
|
||||||
@@ -700,7 +700,6 @@ int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, gnutls_pkcs11_obj_t obj,
|
|
||||||
&obj->pubkey[1]);
|
|
||||||
break;
|
|
||||||
case GNUTLS_PK_EDDSA_ED25519:
|
|
||||||
- case GNUTLS_PK_EDDSA_ED448:
|
|
||||||
ret = gnutls_pubkey_import_ecc_eddsa(key, &obj->pubkey[0],
|
|
||||||
&obj->pubkey[1]);
|
|
||||||
break;
|
|
||||||
diff --git a/tests/cert-common.h b/tests/cert-common.h
|
|
||||||
index 57cf6c0c4f..33b3ee3b68 100644
|
|
||||||
--- a/tests/cert-common.h
|
|
||||||
+++ b/tests/cert-common.h
|
|
||||||
@@ -36,8 +36,7 @@
|
|
||||||
* IPv4 server (SAN: IPAddr: 127.0.0.1): server_ca3_ipaddr_cert, server_ca3_key
|
|
||||||
* IPv4 server (RSA-PSS, SAN: localhost IPAddr: 127.0.0.1): server_ca3_rsa_pss_cert, server_ca3_rsa_pss_key
|
|
||||||
* IPv4 server (RSA-PSS key, SAN: localhost IPAddr: 127.0.0.1): server_ca3_rsa_pss2_cert, server_ca3_rsa_pss2_key
|
|
||||||
- * IPv4 server (Ed25519, SAN: localhost IPAddr: 127.0.0.1): server_ca3_eddsa_cert, server_ca3_eddsa_key
|
|
||||||
- * IPv4 server (Ed448, SAN: localhost IPAddr: 127.0.0.1): server_ca3_ed448_cert, server_ca3_ed448_key
|
|
||||||
+ * IPv4 server (EdDSA, SAN: localhost IPAddr: 127.0.0.1): server_ca3_eddsa_cert, server_ca3_eddsa_key
|
|
||||||
* IPv4 server (GOST R 34.10-2001, SAN: localhost): server_ca3_gost01_cert, server_ca3_gost01_key
|
|
||||||
* IPv4 server (GOST R 34.10-2012-256, SAN: localhost): server_ca3_gost12-256_cert, server_ca3_gost12-256_key
|
|
||||||
* IPv4 server (GOST R 34.10-2012-512, SAN: localhost): server_ca3_gost12-512_cert, server_ca3_gost12-512_key
|
|
||||||
@@ -350,7 +349,7 @@ static unsigned char ca2_cert_pem[] =
|
|
||||||
|
|
||||||
const gnutls_datum_t ca2_cert = { ca2_cert_pem, sizeof(ca2_cert_pem) - 1 };
|
|
||||||
|
|
||||||
-static unsigned char cli_cert_pem[] =
|
|
||||||
+static unsigned char cert_pem[] =
|
|
||||||
"-----BEGIN CERTIFICATE-----\n"
|
|
||||||
"MIICHjCCAYmgAwIBAgIERiYdNzALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
|
|
||||||
"VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTI3WhcNMDgwNDE3MTMyOTI3WjAdMRsw\n"
|
|
||||||
@@ -365,9 +364,9 @@ static unsigned char cli_cert_pem[] =
|
|
||||||
"U7jyOsBJ44SEQITbin2yUeJMIm1tievvdNXBDfW95AM507ShzP12sfiJkJfjjdhy\n"
|
|
||||||
"dc8Siq5JojruiMizAf0pA7in\n"
|
|
||||||
"-----END CERTIFICATE-----\n";
|
|
||||||
-const gnutls_datum_t cli_cert = { cli_cert_pem, sizeof(cli_cert_pem) - 1 };
|
|
||||||
+const gnutls_datum_t cli_cert = { cert_pem, sizeof(cert_pem) - 1 };
|
|
||||||
|
|
||||||
-static unsigned char cli_key_pem[] =
|
|
||||||
+static unsigned char key_pem[] =
|
|
||||||
"-----BEGIN RSA PRIVATE KEY-----\n"
|
|
||||||
"MIICXAIBAAKBgQC7ZkP18sXXtozMxd/1iDuxyUtqDqGtIFBACIChT1yj0Phsz+Y8\n"
|
|
||||||
"9+wEdhMXi2SJIlvA3VN8O+18BLuAuSi+jpvGjqClEsv1Vx6i57u3M0mf47tKrmpN\n"
|
|
||||||
@@ -383,7 +382,7 @@ static unsigned char cli_key_pem[] =
|
|
||||||
"/iVX2cmMTSh3w3z8MaECQEp0XJWDVKOwcTW6Ajp9SowtmiZ3YDYo1LF9igb4iaLv\n"
|
|
||||||
"sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
|
|
||||||
"-----END RSA PRIVATE KEY-----\n";
|
|
||||||
-const gnutls_datum_t cli_key = { cli_key_pem, sizeof(cli_key_pem) - 1 };
|
|
||||||
+const gnutls_datum_t cli_key = { key_pem, sizeof(key_pem) - 1 };
|
|
||||||
|
|
||||||
static char dsa_key_pem[] =
|
|
||||||
"-----BEGIN DSA PRIVATE KEY-----\n"
|
|
||||||
@@ -1082,42 +1081,6 @@ const gnutls_datum_t server_ca3_eddsa_cert = {
|
|
||||||
sizeof(server_ca3_eddsa_cert_pem) - 1
|
|
||||||
};
|
|
||||||
|
|
||||||
-/* server Ed448 key */
|
|
||||||
-static char server_ca3_ed448_key_pem[] =
|
|
||||||
- "-----BEGIN PRIVATE KEY-----\n"
|
|
||||||
- "MEcCAQAwBQYDK2VxBDsEOXPoCtsxxy7itrHfeuQ2bG7oh3uerkBwhabkeSsNFYoS\n"
|
|
||||||
- "QYy6KKYld8lnhlYQQmMo6lx28x9GmpTiag==\n"
|
|
||||||
- "-----END PRIVATE KEY-----\n";
|
|
||||||
-
|
|
||||||
-const gnutls_datum_t server_ca3_ed448_key = {
|
|
||||||
- (unsigned char *)server_ca3_ed448_key_pem,
|
|
||||||
- sizeof(server_ca3_ed448_key_pem) - 1
|
|
||||||
-};
|
|
||||||
-
|
|
||||||
-static char server_ca3_ed448_cert_pem[] =
|
|
||||||
- "-----BEGIN CERTIFICATE-----\n"
|
|
||||||
- "MIICqzCCAROgAwIBAgIUAvQ9bcei1eNZ9viV1kP7MKODp9YwDQYJKoZIhvcNAQEL\n"
|
|
||||||
- "BQAwDzENMAsGA1UEAxMEQ0EtMzAgFw0yMzA5MjgwNjU1NThaGA85OTk5MTIzMTIz\n"
|
|
||||||
- "NTk1OVowDTELMAkGA1UEBhMCR1IwQzAFBgMrZXEDOgAYxZxGeKtoWUL20zvrFClm\n"
|
|
||||||
- "irhECIIdccq6x0uZccYHfmRVkFoUI7iOFj6Mlsp5vg24XZ2tGF5MBACjYDBeMAwG\n"
|
|
||||||
- "A1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTYq6RhA2qMWmYM\n"
|
|
||||||
- "UAEx3AlNSnhWHDAfBgNVHSMEGDAWgBT5qIYZY7akFBNgdg8BmjU27/G0rzANBgkq\n"
|
|
||||||
- "hkiG9w0BAQsFAAOCAYEAhEd0coRahGvMx8gLS8biuaqh50+9RJIjMpf+/0IQJ4DV\n"
|
|
||||||
- "FHT5E70YyaQ0YOsvyxGa04d+KyhdVLppD1pDztLGXYZWxzmowopwpgnpPNT25M+0\n"
|
|
||||||
- "aQOvCZZvRlqmwgUiRXdhSxqPsUj/73uUBPIjFknrxajoox7sOLris9ujmidqgBGa\n"
|
|
||||||
- "H1FVbQQQgDOBCKcKXTAllVKzS/ZLwlRHibbm+4UDxGk1tJv1dbnQhJk0FYSQZn3h\n"
|
|
||||||
- "ZVmSSfP4ZB+U+lsCshypBJ9qVZEqMM2b4m1wv/VAOuw0lGA2SiPub5q91hFYRdeL\n"
|
|
||||||
- "9FB78/WlrSCTbGeMzzDPXBf/Y2KvFAv3o7K0tsMg1vBsDJBARHEzo4GMRsYDZzvI\n"
|
|
||||||
- "JXb5tSmJOi/PBfup8GPiG0WbZV9nuvW8V/zmfaP3s9YBfYOtL/+nZch9VdSee2xp\n"
|
|
||||||
- "T8arukB/s2jLaXQUduD3hoFvFNgCvWJwAWQWNNyHN3ivArqNQpfl2Gtftmb6xCdW\n"
|
|
||||||
- "Xwt1/q2XKqqLpnF1N2wU\n"
|
|
||||||
- "-----END CERTIFICATE-----\n";
|
|
||||||
-
|
|
||||||
-const gnutls_datum_t server_ca3_ed448_cert = {
|
|
||||||
- (unsigned char *)server_ca3_ed448_cert_pem,
|
|
||||||
- sizeof(server_ca3_ed448_cert_pem) - 1
|
|
||||||
-};
|
|
||||||
-
|
|
||||||
static char server_ca3_gost01_key_pem[] =
|
|
||||||
"-----BEGIN PRIVATE KEY-----\n"
|
|
||||||
"MEUCAQAwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwICHgEEIgQgR1lBLIr4WBpn\n"
|
|
||||||
diff --git a/tests/pkcs11/pkcs11-eddsa-privkey-test.c b/tests/pkcs11/pkcs11-eddsa-privkey-test.c
|
|
||||||
index 1b7732e884..d3cd9a97c7 100644
|
|
||||||
--- a/tests/pkcs11/pkcs11-eddsa-privkey-test.c
|
|
||||||
+++ b/tests/pkcs11/pkcs11-eddsa-privkey-test.c
|
|
||||||
@@ -64,8 +64,8 @@ static int pin_func(void *userdata, int attempt, const char *url,
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
-#define myfail(fmt, ...) \
|
|
||||||
- fail("%s (iter %zu): " fmt, gnutls_sign_get_name(sigalgo), i, \
|
|
||||||
+#define myfail(fmt, ...) \
|
|
||||||
+ fail("%s (iter %d): " fmt, gnutls_sign_get_name(sigalgo), i, \
|
|
||||||
##__VA_ARGS__)
|
|
||||||
|
|
||||||
static unsigned verify_eddsa_presence(void)
|
|
||||||
@@ -85,10 +85,11 @@ static unsigned verify_eddsa_presence(void)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-static void test(const char *name, const gnutls_datum_t *cert_pem,
|
|
||||||
- const gnutls_datum_t *key_pem, gnutls_sign_algorithm_t sigalgo)
|
|
||||||
+void doit(void)
|
|
||||||
{
|
|
||||||
+ char buf[128];
|
|
||||||
int ret;
|
|
||||||
+ const char *lib, *bin;
|
|
||||||
gnutls_x509_crt_t crt;
|
|
||||||
gnutls_x509_privkey_t key;
|
|
||||||
gnutls_datum_t tmp, sig;
|
|
||||||
@@ -97,16 +98,51 @@ static void test(const char *name, const gnutls_datum_t *cert_pem,
|
|
||||||
gnutls_pubkey_t pubkey2;
|
|
||||||
gnutls_pubkey_t pubkey3;
|
|
||||||
gnutls_pubkey_t pubkey4;
|
|
||||||
- char buf[256];
|
|
||||||
- size_t i;
|
|
||||||
+ unsigned i, sigalgo;
|
|
||||||
+
|
|
||||||
+ bin = softhsm_bin();
|
|
||||||
+
|
|
||||||
+ lib = softhsm_lib();
|
|
||||||
+
|
|
||||||
+ ret = global_init();
|
|
||||||
+ if (ret != 0) {
|
|
||||||
+ fail("%d: %s\n", ret, gnutls_strerror(ret));
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (gnutls_fips140_mode_enabled()) {
|
|
||||||
+ gnutls_global_deinit();
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ gnutls_pkcs11_set_pin_function(pin_func, NULL);
|
|
||||||
+ gnutls_global_set_log_function(tls_log_func);
|
|
||||||
+ if (debug)
|
|
||||||
+ gnutls_global_set_log_level(4711);
|
|
||||||
+
|
|
||||||
+ set_softhsm_conf(CONFIG);
|
|
||||||
+ snprintf(buf, sizeof(buf),
|
|
||||||
+ "%s --init-token --slot 0 --label test --so-pin " PIN
|
|
||||||
+ " --pin " PIN,
|
|
||||||
+ bin);
|
|
||||||
+ system(buf);
|
|
||||||
+
|
|
||||||
+ ret = gnutls_pkcs11_add_provider(lib, NULL);
|
|
||||||
+ if (ret < 0) {
|
|
||||||
+ fail("gnutls_x509_crt_init: %s\n", gnutls_strerror(ret));
|
|
||||||
+ }
|
|
||||||
|
|
||||||
- success("%s\n", name);
|
|
||||||
+ if (verify_eddsa_presence() == 0) {
|
|
||||||
+ fprintf(stderr,
|
|
||||||
+ "Skipping test as no EDDSA mech is supported\n");
|
|
||||||
+ exit(77);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
ret = gnutls_x509_crt_init(&crt);
|
|
||||||
if (ret < 0)
|
|
||||||
fail("gnutls_x509_crt_init: %s\n", gnutls_strerror(ret));
|
|
||||||
|
|
||||||
- ret = gnutls_x509_crt_import(crt, cert_pem, GNUTLS_X509_FMT_PEM);
|
|
||||||
+ ret = gnutls_x509_crt_import(crt, &server_ca3_eddsa_cert,
|
|
||||||
+ GNUTLS_X509_FMT_PEM);
|
|
||||||
if (ret < 0)
|
|
||||||
fail("gnutls_x509_crt_import: %s\n", gnutls_strerror(ret));
|
|
||||||
|
|
||||||
@@ -122,12 +158,25 @@ static void test(const char *name, const gnutls_datum_t *cert_pem,
|
|
||||||
fail("gnutls_x509_privkey_init: %s\n", gnutls_strerror(ret));
|
|
||||||
}
|
|
||||||
|
|
||||||
- ret = gnutls_x509_privkey_import(key, key_pem, GNUTLS_X509_FMT_PEM);
|
|
||||||
+ ret = gnutls_x509_privkey_import(key, &server_ca3_eddsa_key,
|
|
||||||
+ GNUTLS_X509_FMT_PEM);
|
|
||||||
if (ret < 0) {
|
|
||||||
fail("gnutls_x509_privkey_import: %s\n", gnutls_strerror(ret));
|
|
||||||
}
|
|
||||||
|
|
||||||
- ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, name,
|
|
||||||
+ /* initialize softhsm token */
|
|
||||||
+ ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test");
|
|
||||||
+ if (ret < 0) {
|
|
||||||
+ fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret));
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN,
|
|
||||||
+ GNUTLS_PIN_USER);
|
|
||||||
+ if (ret < 0) {
|
|
||||||
+ fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret));
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ret = gnutls_pkcs11_copy_x509_crt(SOFTHSM_URL, crt, "cert",
|
|
||||||
GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE |
|
|
||||||
GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
|
|
||||||
if (ret < 0) {
|
|
||||||
@@ -135,7 +184,7 @@ static void test(const char *name, const gnutls_datum_t *cert_pem,
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = gnutls_pkcs11_copy_x509_privkey(
|
|
||||||
- SOFTHSM_URL, key, name,
|
|
||||||
+ SOFTHSM_URL, key, "cert",
|
|
||||||
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
|
|
||||||
GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE |
|
|
||||||
GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE |
|
|
||||||
@@ -150,7 +199,7 @@ static void test(const char *name, const gnutls_datum_t *cert_pem,
|
|
||||||
assert(gnutls_pubkey_import_x509(pubkey, crt, 0) == 0);
|
|
||||||
|
|
||||||
ret = gnutls_pkcs11_copy_pubkey(
|
|
||||||
- SOFTHSM_URL, pubkey, name, NULL,
|
|
||||||
+ SOFTHSM_URL, pubkey, "cert", NULL,
|
|
||||||
GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT, 0);
|
|
||||||
if (ret < 0) {
|
|
||||||
fail("gnutls_pkcs11_copy_pubkey: %s\n", gnutls_strerror(ret));
|
|
||||||
@@ -161,13 +210,11 @@ static void test(const char *name, const gnutls_datum_t *cert_pem,
|
|
||||||
gnutls_pubkey_deinit(pubkey);
|
|
||||||
gnutls_pkcs11_set_pin_function(NULL, NULL);
|
|
||||||
|
|
||||||
- assert(snprintf(buf, sizeof(buf),
|
|
||||||
- "%s;object=%s;object-type=private?pin-value=" PIN,
|
|
||||||
- SOFTHSM_URL, name) < (int)sizeof(buf));
|
|
||||||
-
|
|
||||||
assert(gnutls_privkey_init(&pkey) == 0);
|
|
||||||
|
|
||||||
- ret = gnutls_privkey_import_pkcs11_url(pkey, buf);
|
|
||||||
+ ret = gnutls_privkey_import_pkcs11_url(
|
|
||||||
+ pkey,
|
|
||||||
+ SOFTHSM_URL ";object=cert;object-type=private;pin-value=" PIN);
|
|
||||||
if (ret < 0) {
|
|
||||||
fail("error in gnutls_privkey_import_pkcs11_url: %s\n",
|
|
||||||
gnutls_strerror(ret));
|
|
||||||
@@ -176,7 +223,10 @@ static void test(const char *name, const gnutls_datum_t *cert_pem,
|
|
||||||
/* Try to read the public key with public key URI */
|
|
||||||
assert(gnutls_pubkey_init(&pubkey3) == 0);
|
|
||||||
|
|
||||||
- ret = gnutls_pubkey_import_pkcs11_url(pubkey3, buf, 0);
|
|
||||||
+ ret = gnutls_pubkey_import_pkcs11_url(
|
|
||||||
+ pubkey3,
|
|
||||||
+ SOFTHSM_URL ";object=cert;object-type=public;pin-value=" PIN,
|
|
||||||
+ 0);
|
|
||||||
if (ret < 0) {
|
|
||||||
fail("error in gnutls_pubkey_import_pkcs11_url: %s\n",
|
|
||||||
gnutls_strerror(ret));
|
|
||||||
@@ -185,7 +235,9 @@ static void test(const char *name, const gnutls_datum_t *cert_pem,
|
|
||||||
/* Try to read the public key with certificate URI */
|
|
||||||
assert(gnutls_pubkey_init(&pubkey4) == 0);
|
|
||||||
|
|
||||||
- ret = gnutls_pubkey_import_pkcs11_url(pubkey4, buf, 0);
|
|
||||||
+ ret = gnutls_pubkey_import_pkcs11_url(
|
|
||||||
+ pubkey4,
|
|
||||||
+ SOFTHSM_URL ";object=cert;object-type=cert;pin-value=" PIN, 0);
|
|
||||||
if (ret < 0) {
|
|
||||||
fail("error in gnutls_pubkey_import_pkcs11_url: %s\n",
|
|
||||||
gnutls_strerror(ret));
|
|
||||||
@@ -195,9 +247,12 @@ static void test(const char *name, const gnutls_datum_t *cert_pem,
|
|
||||||
assert(gnutls_pubkey_import_privkey(pubkey, pkey, 0, 0) == 0);
|
|
||||||
|
|
||||||
assert(gnutls_pubkey_init(&pubkey2) == 0);
|
|
||||||
- assert(gnutls_pubkey_import_x509_raw(pubkey2, cert_pem,
|
|
||||||
+ assert(gnutls_pubkey_import_x509_raw(pubkey2, &server_ca3_eddsa_cert,
|
|
||||||
GNUTLS_X509_FMT_PEM, 0) == 0);
|
|
||||||
|
|
||||||
+ /* this is the algorithm supported by the certificate */
|
|
||||||
+ sigalgo = GNUTLS_SIGN_EDDSA_ED25519;
|
|
||||||
+
|
|
||||||
for (i = 0; i < 20; i++) {
|
|
||||||
/* check whether privkey and pubkey are operational
|
|
||||||
* by signing and verifying */
|
|
||||||
@@ -229,71 +284,6 @@ static void test(const char *name, const gnutls_datum_t *cert_pem,
|
|
||||||
gnutls_pubkey_deinit(pubkey2);
|
|
||||||
gnutls_pubkey_deinit(pubkey);
|
|
||||||
gnutls_privkey_deinit(pkey);
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-void doit(void)
|
|
||||||
-{
|
|
||||||
- char buf[256];
|
|
||||||
- int ret;
|
|
||||||
- const char *lib, *bin;
|
|
||||||
-
|
|
||||||
- bin = softhsm_bin();
|
|
||||||
-
|
|
||||||
- lib = softhsm_lib();
|
|
||||||
-
|
|
||||||
- ret = global_init();
|
|
||||||
- if (ret != 0) {
|
|
||||||
- fail("%d: %s\n", ret, gnutls_strerror(ret));
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (gnutls_fips140_mode_enabled()) {
|
|
||||||
- gnutls_global_deinit();
|
|
||||||
- return;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- gnutls_pkcs11_set_pin_function(pin_func, NULL);
|
|
||||||
- gnutls_global_set_log_function(tls_log_func);
|
|
||||||
- if (debug)
|
|
||||||
- gnutls_global_set_log_level(4711);
|
|
||||||
-
|
|
||||||
- set_softhsm_conf(CONFIG);
|
|
||||||
- assert(snprintf(buf, sizeof(buf),
|
|
||||||
- "%s --init-token --slot 0 --label test --so-pin " PIN
|
|
||||||
- " --pin " PIN,
|
|
||||||
- bin) < (int)sizeof(buf));
|
|
||||||
- system(buf);
|
|
||||||
-
|
|
||||||
- ret = gnutls_pkcs11_add_provider(lib, NULL);
|
|
||||||
- if (ret < 0) {
|
|
||||||
- fail("gnutls_x509_crt_init: %s\n", gnutls_strerror(ret));
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (verify_eddsa_presence() == 0) {
|
|
||||||
- fprintf(stderr,
|
|
||||||
- "Skipping test as no EDDSA mech is supported\n");
|
|
||||||
- exit(77);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /* initialize softhsm token */
|
|
||||||
- ret = gnutls_pkcs11_token_init(SOFTHSM_URL, PIN, "test");
|
|
||||||
- if (ret < 0) {
|
|
||||||
- fail("gnutls_pkcs11_token_init: %s\n", gnutls_strerror(ret));
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- ret = gnutls_pkcs11_token_set_pin(SOFTHSM_URL, NULL, PIN,
|
|
||||||
- GNUTLS_PIN_USER);
|
|
||||||
- if (ret < 0) {
|
|
||||||
- fail("gnutls_pkcs11_token_set_pin: %s\n", gnutls_strerror(ret));
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- test("ed25519", &server_ca3_eddsa_cert, &server_ca3_eddsa_key,
|
|
||||||
- GNUTLS_SIGN_EDDSA_ED25519);
|
|
||||||
-
|
|
||||||
- /* test clears PIN function to check "?pin-value" works */
|
|
||||||
- gnutls_pkcs11_set_pin_function(pin_func, NULL);
|
|
||||||
-
|
|
||||||
- test("ed448", &server_ca3_ed448_cert, &server_ca3_ed448_key,
|
|
||||||
- GNUTLS_SIGN_EDDSA_ED448);
|
|
||||||
|
|
||||||
gnutls_global_deinit();
|
|
||||||
|
|
||||||
diff --git a/tests/pkcs11/pkcs11-privkey-generate.c b/tests/pkcs11/pkcs11-privkey-generate.c
|
|
||||||
index 7de0c35426..bd54fad8d2 100644
|
|
||||||
--- a/tests/pkcs11/pkcs11-privkey-generate.c
|
|
||||||
+++ b/tests/pkcs11/pkcs11-privkey-generate.c
|
|
||||||
@@ -98,7 +98,8 @@ static void generate_keypair(gnutls_pk_algorithm_t algo, size_t bits,
|
|
||||||
fail("%d: %s\n", ret, gnutls_strerror(ret));
|
|
||||||
}
|
|
||||||
|
|
||||||
- success("generated %s key (%s)\n", gnutls_pk_get_name(algo),
|
|
||||||
+ success("generated %s key (%s)\n",
|
|
||||||
+ gnutls_pk_get_name(algo),
|
|
||||||
sensitive ? "sensitive" : "non sensitive");
|
|
||||||
|
|
||||||
assert(gnutls_pkcs11_obj_init(&obj) >= 0);
|
|
||||||
@@ -130,9 +131,6 @@ void doit(void)
|
|
||||||
char buf[128];
|
|
||||||
int ret;
|
|
||||||
const char *lib, *bin;
|
|
||||||
-#ifdef CKM_EC_EDWARDS_KEY_PAIR_GEN
|
|
||||||
- CK_MECHANISM_INFO minfo;
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
if (gnutls_fips140_mode_enabled())
|
|
||||||
exit(77);
|
|
||||||
@@ -176,20 +174,13 @@ void doit(void)
|
|
||||||
generate_keypair(GNUTLS_PK_RSA, 2048, "rsa-non-sensitive", false);
|
|
||||||
|
|
||||||
#ifdef CKM_EC_EDWARDS_KEY_PAIR_GEN
|
|
||||||
- ret = gnutls_pkcs11_token_check_mechanism("pkcs11:token=test",
|
|
||||||
- CKM_EC_EDWARDS_KEY_PAIR_GEN,
|
|
||||||
- &minfo, sizeof(minfo), 0);
|
|
||||||
+ ret = gnutls_pkcs11_token_check_mechanism(
|
|
||||||
+ "pkcs11:token=test", CKM_EC_EDWARDS_KEY_PAIR_GEN, NULL, 0, 0);
|
|
||||||
if (ret != 0) {
|
|
||||||
generate_keypair(GNUTLS_PK_EDDSA_ED25519, 256,
|
|
||||||
"ed25519-sensitive", true);
|
|
||||||
generate_keypair(GNUTLS_PK_EDDSA_ED25519, 256,
|
|
||||||
"ed25519-non-sensitive", false);
|
|
||||||
- if (minfo.ulMaxKeySize >= 456) {
|
|
||||||
- generate_keypair(GNUTLS_PK_EDDSA_ED448, 456,
|
|
||||||
- "ed448-sensitive", true);
|
|
||||||
- generate_keypair(GNUTLS_PK_EDDSA_ED448, 456,
|
|
||||||
- "ed448-non-sensitive", false);
|
|
||||||
- }
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
diff --git a/tests/tls13/ocsp-client.c b/tests/tls13/ocsp-client.c
|
|
||||||
index c7e7e2e410..1064a17752 100644
|
|
||||||
--- a/tests/tls13/ocsp-client.c
|
|
||||||
+++ b/tests/tls13/ocsp-client.c
|
|
||||||
@@ -169,8 +169,8 @@ void doit(void)
|
|
||||||
fp = fopen(certfile3, "wb");
|
|
||||||
if (fp == NULL)
|
|
||||||
fail("error in fopen\n");
|
|
||||||
- assert(fwrite(cli_cert_pem, 1, strlen((char *)cli_cert_pem), fp) > 0);
|
|
||||||
- assert(fwrite(cli_key_pem, 1, strlen((char *)cli_key_pem), fp) > 0);
|
|
||||||
+ assert(fwrite(cert_pem, 1, strlen((char *)cert_pem), fp) > 0);
|
|
||||||
+ assert(fwrite(key_pem, 1, strlen((char *)key_pem), fp) > 0);
|
|
||||||
fclose(fp);
|
|
||||||
|
|
||||||
ret = gnutls_certificate_set_x509_key_file2(
|
|
||||||
--
|
|
||||||
2.43.0
|
|
||||||
|
|
36
gnutls-3.8.3-kernel_version_check.patch
Normal file
36
gnutls-3.8.3-kernel_version_check.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
From 945c2f10eeda441f32404d1328761e311915add0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daiki Ueno <ueno@gnu.org>
|
||||||
|
Date: Tue, 23 Jan 2024 11:54:32 +0900
|
||||||
|
Subject: [PATCH] ktls: fix kernel version checking using utsname
|
||||||
|
|
||||||
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
||||||
|
---
|
||||||
|
lib/system/ktls.c | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/system/ktls.c b/lib/system/ktls.c
|
||||||
|
index 8efb913cda..432c70c5a2 100644
|
||||||
|
--- a/lib/system/ktls.c
|
||||||
|
+++ b/lib/system/ktls.c
|
||||||
|
@@ -482,7 +482,7 @@ int _gnutls_ktls_set_keys(gnutls_session_t session,
|
||||||
|
return GNUTLS_E_INTERNAL_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (strcmp(utsname.sysname, "Linux") == 0) {
|
||||||
|
+ if (strcmp(utsname.sysname, "Linux") != 0) {
|
||||||
|
return GNUTLS_E_INTERNAL_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -495,6 +495,9 @@ int _gnutls_ktls_set_keys(gnutls_session_t session,
|
||||||
|
return GNUTLS_E_INTERNAL_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ _gnutls_debug_log("Linux kernel version %lu.%lu has been detected\n",
|
||||||
|
+ major, minor);
|
||||||
|
+
|
||||||
|
/* setsockopt(SOL_TLS, TLS_RX) support added in 5.10 */
|
||||||
|
if (major < 5 || (major == 5 && minor < 10)) {
|
||||||
|
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
@ -12,15 +12,13 @@ sha256sum:close()
|
|||||||
print(string.sub(hash, 0, 16))
|
print(string.sub(hash, 0, 16))
|
||||||
}
|
}
|
||||||
|
|
||||||
Version: 3.8.2
|
Version: 3.8.3
|
||||||
Release: %{?autorelease}%{!?autorelease:1%{?dist}}
|
Release: %{?autorelease}%{!?autorelease:1%{?dist}}
|
||||||
Patch: gnutls-3.2.7-rpath.patch
|
Patch: gnutls-3.2.7-rpath.patch
|
||||||
|
|
||||||
# follow https://gitlab.com/gnutls/gnutls/-/issues/1443
|
# follow https://gitlab.com/gnutls/gnutls/-/issues/1443
|
||||||
Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
|
Patch: gnutls-3.7.8-ktls_skip_tls12_chachapoly_test.patch
|
||||||
|
Patch: gnutls-3.8.3-kernel_version_check.patch
|
||||||
# tentatively reverted for https://gitlab.com/gnutls/gnutls/-/issues/1515
|
|
||||||
Patch: gnutls-3.8.2-revert-pkcs11-ed448.patch
|
|
||||||
|
|
||||||
%bcond_without bootstrap
|
%bcond_without bootstrap
|
||||||
%bcond_without dane
|
%bcond_without dane
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (gnutls-3.8.2.tar.xz) = b3aa6e0fa7272cfca0bb0d364fe5dc9ca70cfd41878631d57271ba0a597cf6020a55a19e97a2c02f13a253455b119d296cf6f701be2b4e6880ebeeb07c93ef38
|
SHA512 (gnutls-3.8.3.tar.xz) = 74eddba01ce4c2ffdca781c85db3bb52c85f1db3c09813ee2b8ceea0608f92ca3912fd9266f55deb36a8ba4d01802895ca5d5d219e7d9caec45e1a8534e45a84
|
||||||
SHA512 (gnutls-3.8.2.tar.xz.sig) = 9feb30bfccb8c83e83d3d6df009f2a61f4c48eb357c988789c93b2e5a06a34cb490f33741ad0fd4f881fcd34747b3cf9c5aa45bbb15da680ebba35e07ba602f6
|
SHA512 (gnutls-3.8.3.tar.xz.sig) = 5b2ca0648ca5feeda1de933de2bbaf71fadb70e830a8f0d494d2f0380b6d0d7b79445257cc79e59bba1a7ff639ab4573da3e3e124eb80c20ac6141e29a4827ff
|
||||||
SHA512 (gnutls-release-keyring.gpg) = 5c14d83f4f37bd319c652db0d76fc5bb04752fb461bbe853e25b20ffe41d6d14faae6c0bdd0193ac6242975bf1205ce606a9d0082261cc4581fd680abfcdbd4d
|
SHA512 (gnutls-release-keyring.gpg) = 5c14d83f4f37bd319c652db0d76fc5bb04752fb461bbe853e25b20ffe41d6d14faae6c0bdd0193ac6242975bf1205ce606a9d0082261cc4581fd680abfcdbd4d
|
||||||
|
Loading…
Reference in New Issue
Block a user