diff --git a/.gitignore b/.gitignore
index 2d84e1d..2f0aa7d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/gnutls-3.3.8-hobbled.tar.xz
+SOURCES/gnutls-3.3.24-hobbled.tar.xz
diff --git a/.gnutls.metadata b/.gnutls.metadata
index 20684e9..70743da 100644
--- a/.gnutls.metadata
+++ b/.gnutls.metadata
@@ -1 +1 @@
-328c5c1d1fb28537df0e894765939b0f6b9780ea SOURCES/gnutls-3.3.8-hobbled.tar.xz
+8e6860e7208db4b695e28c0389df1965161015b9 SOURCES/gnutls-3.3.24-hobbled.tar.xz
diff --git a/SOURCES/gnutls-3.3.22-eapp-data.patch b/SOURCES/gnutls-3.3.22-eapp-data.patch
new file mode 100644
index 0000000..74bb486
--- /dev/null
+++ b/SOURCES/gnutls-3.3.22-eapp-data.patch
@@ -0,0 +1,27 @@
+diff --git b/lib/gnutls_handshake.c a/lib/gnutls_handshake.c
+index 5930941..e904f2e 100644
+--- b/lib/gnutls_handshake.c
++++ a/lib/gnutls_handshake.c
+@@ -2510,7 +2510,8 @@ static int _gnutls_recv_supplemental(gnutls_session_t session)
+ * are non fatal errors, only in the specific case of a rehandshake.
+ * Their meaning is that the client rejected the rehandshake request or
+ * in the case of %GNUTLS_E_GOT_APPLICATION_DATA it could also mean that
+- * some data were pending.
++ * some data were pending. A client may receive that error code if
++ * it initiates the handshake and the server doesn't agreed.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code.
+ **/
+diff --git b/lib/gnutls_record.c a/lib/gnutls_record.c
+index 157d12a..40c20fe 100644
+--- b/lib/gnutls_record.c
++++ a/lib/gnutls_record.c
+@@ -837,7 +837,7 @@ record_add_to_buffers(gnutls_session_t session,
+ * reasons). Otherwise it is an unexpected packet
+ */
+ if (type == GNUTLS_ALERT
+- || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
++ || ((htype == GNUTLS_HANDSHAKE_SERVER_HELLO || htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
+ && type == GNUTLS_HANDSHAKE)) {
+ /* even if data is unexpected put it into the buffer */
+ _gnutls_record_buffer_put(session, recv->type,
diff --git a/SOURCES/gnutls-3.3.8-cve-2014-8564.patch b/SOURCES/gnutls-3.3.8-cve-2014-8564.patch
deleted file mode 100644
index ec045e0..0000000
--- a/SOURCES/gnutls-3.3.8-cve-2014-8564.patch
+++ /dev/null
@@ -1,42 +0,0 @@
->From 45401d6b4297f4ace2cbc2f476cf44d1f7d8dd45 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Fri, 31 Oct 2014 10:00:32 +0100
-Subject: [PATCH 1/2] when exporting curve coordinates to X9.63 format, perform
- additional sanity checks on input
-
-Reported by Sean Burford.
----
- lib/gnutls_ecc.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c
-index 847f0d2..aa6399b 100644
---- a/lib/gnutls_ecc.c
-+++ b/lib/gnutls_ecc.c
-@@ -53,6 +53,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
-
- /* pad and store x */
- byte_size = (_gnutls_mpi_get_nbits(x) + 7) / 8;
-+ if (numlen < byte_size) {
-+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-+ goto cleanup;
-+ }
-+
- size = out->size - (1 + (numlen - byte_size));
- ret =
- _gnutls_mpi_print(x, &out->data[1 + (numlen - byte_size)],
-@@ -63,6 +68,11 @@ _gnutls_ecc_ansi_x963_export(gnutls_ecc_curve_t curve, bigint_t x,
- }
-
- byte_size = (_gnutls_mpi_get_nbits(y) + 7) / 8;
-+ if (numlen < byte_size) {
-+ ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-+ goto cleanup;
-+ }
-+
- size = out->size - (1 + (numlen + numlen - byte_size));
- ret =
- _gnutls_mpi_print(y,
---
-2.0.0
-
diff --git a/SOURCES/gnutls-3.3.8-dh-fips-tests.patch b/SOURCES/gnutls-3.3.8-dh-fips-tests.patch
deleted file mode 100644
index be8f315..0000000
--- a/SOURCES/gnutls-3.3.8-dh-fips-tests.patch
+++ /dev/null
@@ -1,305 +0,0 @@
-diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
-index b9ca0cb..ac8a922 100644
---- a/lib/gnutls_global.c
-+++ b/lib/gnutls_global.c
-@@ -297,6 +297,7 @@ int gnutls_global_init(void)
- * res == not in fips140 mode
- */
- if (res != 0) {
-+ _gnutls_debug_log("FIPS140-2 mode: %d\n", res);
- _gnutls_priority_update_fips();
-
- /* first round of self checks, these are done on the
-diff --git a/lib/libgnutls.map b/lib/libgnutls.map
-index 5de541d..cbd62d7 100644
---- a/lib/libgnutls.map
-+++ b/lib/libgnutls.map
-@@ -1043,6 +1043,10 @@ GNUTLS_FIPS140 {
- _gnutls_prf_raw;
- _gnutls_encode_ber_rs_raw;
- _rsa_generate_fips186_4_keypair;
-+ _gnutls_dh_compute_key;
-+ _gnutls_dh_generate_key;
-+ _gnutls_ecdh_generate_key;
-+ _gnutls_ecdh_compute_key;
- };
-
- GNUTLS_PRIVATE {
-diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
-index fbc3da1..1b61051 100644
---- a/lib/nettle/pk.c
-+++ b/lib/nettle/pk.c
-@@ -844,7 +844,7 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
- #endif
-
- params->params_nr = 0;
--
-+
- ret = _gnutls_mpi_init_multi(¶ms->params[DSA_P], ¶ms->params[DSA_Q],
- ¶ms->params[DSA_G], NULL);
- if (ret < 0) {
-@@ -891,6 +891,249 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
- return ret;
- }
-
-+#ifdef ENABLE_FIPS140
-+int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params,
-+ gnutls_datum_t *priv_key, gnutls_datum_t *pub_key);
-+
-+int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params,
-+ const gnutls_datum_t *priv_key, const gnutls_datum_t *pub_key,
-+ const gnutls_datum_t *peer_key, gnutls_datum_t *Z);
-+
-+int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve,
-+ const gnutls_datum_t *x, const gnutls_datum_t *y,
-+ const gnutls_datum_t *k,
-+ const gnutls_datum_t *peer_x, const gnutls_datum_t *peer_y,
-+ gnutls_datum_t *Z);
-+
-+int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve,
-+ gnutls_datum_t *x, gnutls_datum_t *y,
-+ gnutls_datum_t *k);
-+
-+
-+int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params,
-+ gnutls_datum_t *priv_key, gnutls_datum_t *pub_key)
-+{
-+ gnutls_pk_params_st params;
-+ int ret;
-+
-+ gnutls_pk_params_init(¶ms);
-+ params.params[DH_P] = _gnutls_mpi_copy(dh_params->params[0]);
-+ params.params[DH_G] = _gnutls_mpi_copy(dh_params->params[1]);
-+
-+ params.params_nr = 3; /* include empty q */
-+ params.algo = GNUTLS_PK_DH;
-+
-+ priv_key->data = NULL;
-+ pub_key->data = NULL;
-+
-+ ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0, ¶ms);
-+ if (ret < 0) {
-+ return gnutls_assert_val(ret);
-+ }
-+
-+ ret =
-+ _gnutls_mpi_dprint_lz(params.params[DH_X], priv_key);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ goto fail;
-+ }
-+
-+ ret =
-+ _gnutls_mpi_dprint_lz(params.params[DH_Y], pub_key);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ goto fail;
-+ }
-+
-+ ret = 0;
-+ goto cleanup;
-+ fail:
-+ gnutls_free(pub_key->data);
-+ gnutls_free(priv_key->data);
-+ cleanup:
-+ gnutls_pk_params_clear(¶ms);
-+ return ret;
-+}
-+
-+int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params,
-+ const gnutls_datum_t *priv_key, const gnutls_datum_t *pub_key,
-+ const gnutls_datum_t *peer_key, gnutls_datum_t *Z)
-+{
-+ gnutls_pk_params_st pub, priv;
-+ int ret;
-+
-+ gnutls_pk_params_init(&pub);
-+ gnutls_pk_params_init(&priv);
-+ pub.algo = GNUTLS_PK_DH;
-+
-+ if (_gnutls_mpi_init_scan_nz
-+ (&pub.params[DH_Y], peer_key->data,
-+ peer_key->size) != 0) {
-+ ret =
-+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
-+ goto cleanup;
-+ }
-+
-+ priv.params[DH_P] = _gnutls_mpi_copy(dh_params->params[0]);
-+ priv.params[DH_G] = _gnutls_mpi_copy(dh_params->params[1]);
-+
-+ if (_gnutls_mpi_init_scan_nz
-+ (&priv.params[DH_X], priv_key->data,
-+ priv_key->size) != 0) {
-+ ret =
-+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
-+ goto cleanup;
-+ }
-+
-+ priv.params_nr = 3; /* include empty q */
-+ priv.algo = GNUTLS_PK_DH;
-+
-+ Z->data = NULL;
-+
-+ ret = _gnutls_pk_derive(GNUTLS_PK_DH, Z, &priv, &pub);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ goto cleanup;
-+ }
-+
-+ ret = 0;
-+ cleanup:
-+ gnutls_pk_params_clear(&pub);
-+ gnutls_pk_params_clear(&priv);
-+ return ret;
-+}
-+
-+int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve,
-+ gnutls_datum_t *x, gnutls_datum_t *y,
-+ gnutls_datum_t *k)
-+{
-+ gnutls_pk_params_st params;
-+ int ret;
-+
-+ gnutls_pk_params_init(¶ms);
-+ params.flags = curve;
-+ params.algo = GNUTLS_PK_EC;
-+
-+ x->data = NULL;
-+ y->data = NULL;
-+ k->data = NULL;
-+
-+ ret = _gnutls_pk_generate_keys(GNUTLS_PK_EC, curve, ¶ms);
-+ if (ret < 0) {
-+ return gnutls_assert_val(ret);
-+ }
-+
-+ ret =
-+ _gnutls_mpi_dprint_lz(params.params[ECC_X], x);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ goto fail;
-+ }
-+
-+ ret =
-+ _gnutls_mpi_dprint_lz(params.params[ECC_Y], y);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ goto fail;
-+ }
-+
-+ ret =
-+ _gnutls_mpi_dprint_lz(params.params[ECC_K], k);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ goto fail;
-+ }
-+
-+ ret = 0;
-+ goto cleanup;
-+ fail:
-+ gnutls_free(y->data);
-+ gnutls_free(x->data);
-+ gnutls_free(k->data);
-+ cleanup:
-+ gnutls_pk_params_clear(¶ms);
-+ return ret;
-+}
-+
-+int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve,
-+ const gnutls_datum_t *x, const gnutls_datum_t *y,
-+ const gnutls_datum_t *k,
-+ const gnutls_datum_t *peer_x, const gnutls_datum_t *peer_y,
-+ gnutls_datum_t *Z)
-+{
-+ gnutls_pk_params_st pub, priv;
-+ int ret;
-+
-+ gnutls_pk_params_init(&pub);
-+ gnutls_pk_params_init(&priv);
-+
-+ pub.algo = GNUTLS_PK_EC;
-+ pub.flags = curve;
-+
-+ if (_gnutls_mpi_init_scan_nz
-+ (&pub.params[ECC_Y], peer_y->data,
-+ peer_y->size) != 0) {
-+ ret =
-+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
-+ goto cleanup;
-+ }
-+
-+ if (_gnutls_mpi_init_scan_nz
-+ (&pub.params[ECC_X], peer_x->data,
-+ peer_x->size) != 0) {
-+ ret =
-+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
-+ goto cleanup;
-+ }
-+
-+ priv.params_nr = 2;
-+
-+ if (_gnutls_mpi_init_scan_nz
-+ (&priv.params[ECC_Y], y->data,
-+ y->size) != 0) {
-+ ret =
-+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
-+ goto cleanup;
-+ }
-+
-+ if (_gnutls_mpi_init_scan_nz
-+ (&priv.params[ECC_X], x->data,
-+ x->size) != 0) {
-+ ret =
-+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
-+ goto cleanup;
-+ }
-+
-+ if (_gnutls_mpi_init_scan_nz
-+ (&priv.params[ECC_K], k->data,
-+ k->size) != 0) {
-+ ret =
-+ gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
-+ goto cleanup;
-+ }
-+
-+
-+ priv.params_nr = 3;
-+ priv.algo = GNUTLS_PK_EC;
-+ priv.flags = curve;
-+
-+ Z->data = NULL;
-+
-+ ret = _gnutls_pk_derive(GNUTLS_PK_EC, Z, &priv, &pub);
-+ if (ret < 0) {
-+ gnutls_assert();
-+ goto cleanup;
-+ }
-+
-+ ret = 0;
-+ cleanup:
-+ gnutls_pk_params_clear(&pub);
-+ gnutls_pk_params_clear(&priv);
-+ return ret;
-+}
-+#endif
-+
-+
- /* To generate a DH key either q must be set in the params or
- * level should be set to the number of required bits.
- */
-@@ -1398,12 +1641,12 @@ static int calc_rsa_exp(gnutls_pk_params_st * params)
- {
- bigint_t tmp;
- int ret;
--
-+
- if (params->params_nr < RSA_PRIVATE_PARAMS - 2) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
--
-+
- params->params[6] = params->params[7] = NULL;
-
- ret = _gnutls_mpi_init_multi(&tmp, ¶ms->params[6], ¶ms->params[7], NULL);
diff --git a/SOURCES/gnutls-3.3.8-dh-fips-tests2.patch b/SOURCES/gnutls-3.3.8-dh-fips-tests2.patch
deleted file mode 100644
index 4cb3df7..0000000
--- a/SOURCES/gnutls-3.3.8-dh-fips-tests2.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
-index 0653fcc..66815f0 100644
---- a/lib/nettle/pk.c
-+++ b/lib/nettle/pk.c
-@@ -929,7 +929,7 @@ int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params,
- priv_key->data = NULL;
- pub_key->data = NULL;
-
-- ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0, ¶ms);
-+ ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, dh_params->q_bits, ¶ms);
- if (ret < 0) {
- return gnutls_assert_val(ret);
- }
diff --git a/SOURCES/gnutls-3.3.8-drbg-fips-symbol.patch b/SOURCES/gnutls-3.3.8-drbg-fips-symbol.patch
deleted file mode 100644
index 855c57f..0000000
--- a/SOURCES/gnutls-3.3.8-drbg-fips-symbol.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/lib/libgnutls.map b/lib/libgnutls.map
-index cbd62d7..6e56004 100644
---- a/lib/libgnutls.map
-+++ b/lib/libgnutls.map
-@@ -1032,7 +1032,7 @@ GNUTLS_FIPS140 {
- gnutls_mac_self_test;
- gnutls_digest_self_test;
- #for FIPS140-2 validation
-- rbg_aes_reseed;
-+ drbg_aes_reseed;
- drbg_aes_init;
- drbg_aes_generate;
- _dsa_generate_dss_pq;
diff --git a/SOURCES/gnutls-3.3.8-fips-reseed.patch b/SOURCES/gnutls-3.3.8-fips-reseed.patch
deleted file mode 100644
index 438edda..0000000
--- a/SOURCES/gnutls-3.3.8-fips-reseed.patch
+++ /dev/null
@@ -1,301 +0,0 @@
-diff --git a/lib/nettle/int/drbg-aes-self-test.c b/lib/nettle/int/drbg-aes-self-test.c
-index 9c87453..eb62cf0 100644
---- a/lib/nettle/int/drbg-aes-self-test.c
-+++ b/lib/nettle/int/drbg-aes-self-test.c
-@@ -104,7 +104,8 @@ int drbg_aes_self_test(void)
- struct drbg_aes_ctx test_ctx;
- struct drbg_aes_ctx test_ctx2;
- struct priv_st priv;
-- int ret;
-+ int ret, saved;
-+ uint8_t *tmp;
- unsigned char result[16];
-
- memset(&priv, 0, sizeof(priv));
-@@ -119,26 +120,32 @@ int drbg_aes_self_test(void)
- return 0;
- }
-
-+ tmp = gnutls_malloc(MAX_DRBG_AES_GENERATE_SIZE+1);
-+ if (tmp == NULL) {
-+ gnutls_assert();
-+ return 0;
-+ }
-+
- for (i = 0; i < sizeof(tv) / sizeof(tv[0]); i++) {
- /* Setup the key. */
- ret =
- drbg_aes_init(&test_ctx, DRBG_AES_SEED_SIZE, tv[i].entropy,
- strlen(tv[i].pstring), (void *)tv[i].pstring);
- if (ret == 0)
-- return 0;
-+ goto fail;
-
- if (drbg_aes_is_seeded(&test_ctx) == 0)
-- return 0;
-+ goto fail;
-
- /* Get and compare the first three results. */
- for (j = 0; j < 3; j++) {
- /* Compute the next value. */
- if (drbg_aes_random(&test_ctx, 16, result) == 0)
-- return 0;
-+ goto fail;
-
- /* Compare it to the known value. */
- if (memcmp(result, tv[i].res[j], 16) != 0) {
-- return 0;
-+ goto fail;
- }
- }
-
-@@ -146,20 +153,72 @@ int drbg_aes_self_test(void)
- drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE,
- tv[i].entropy, 0, NULL);
- if (ret == 0)
-- return 0;
-+ goto fail;
-
- if (drbg_aes_random(&test_ctx, 16, result) == 0)
-- return 0;
-+ goto fail;
-
- if (memcmp(result, tv[i].res[3], 16) != 0) {
-- return 0;
-+ goto fail;
- }
-
- /* test the error handling of drbg_aes_random() */
-+ saved = test_ctx.reseed_counter;
- test_ctx.reseed_counter = DRBG_AES_RESEED_TIME+1;
- if (drbg_aes_random(&test_ctx, 16, result) != 0) {
- gnutls_assert();
-- return 0;
-+ goto fail;
-+ }
-+ test_ctx.reseed_counter = saved;
-+
-+ ret = drbg_aes_random(&test_ctx, MAX_DRBG_AES_GENERATE_SIZE+1, tmp);
-+ if (ret == 0) {
-+ gnutls_assert();
-+ goto fail;
-+ }
-+
-+ /* test the low-level function */
-+ ret = drbg_aes_generate(&test_ctx, MAX_DRBG_AES_GENERATE_SIZE+1, tmp, 0, NULL);
-+ if (ret != 0) {
-+ gnutls_assert();
-+ goto fail;
-+ }
-+
-+ /* Test of the reseed function for error handling */
-+ ret =
-+ drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE*2,
-+ (uint8_t*)tv, 0, NULL);
-+ if (ret != 0)
-+ goto fail;
-+
-+ ret =
-+ drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE,
-+ tv[i].entropy, DRBG_AES_SEED_SIZE*2, (uint8_t*)tv);
-+ if (ret != 0)
-+ goto fail;
-+
-+ /* check whether reseed detection works */
-+ if (i==0) {
-+ ret =
-+ drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE,
-+ tv[i].entropy, 0, NULL);
-+ if (ret == 0)
-+ goto fail;
-+
-+ saved = test_ctx.reseed_counter;
-+ test_ctx.reseed_counter = DRBG_AES_RESEED_TIME-4;
-+ for (j=0;j<5;j++) {
-+ if (drbg_aes_random(&test_ctx, 1, result) == 0) {
-+ gnutls_assert();
-+ goto fail;
-+ }
-+ }
-+ /* that should fail */
-+ if (drbg_aes_random(&test_ctx, 1, result) != 0) {
-+ gnutls_assert();
-+ goto fail;
-+ }
-+ test_ctx.reseed_counter = saved;
- }
-
- /* test deinit, which is zeroize_key() */
-@@ -167,9 +226,15 @@ int drbg_aes_self_test(void)
- zeroize_key(&test_ctx, sizeof(test_ctx));
- if (memcmp(&test_ctx, &test_ctx2, sizeof(test_ctx)) == 0) {
- gnutls_assert();
-- return 0;
-+ goto fail;
- }
-+
-+
- }
-
-+ free(tmp);
- return 1;
-+ fail:
-+ free(tmp);
-+ return 0;
- }
-diff --git a/lib/nettle/int/drbg-aes.c b/lib/nettle/int/drbg-aes.c
-index 5ff2484..43df5e1 100644
---- a/lib/nettle/int/drbg-aes.c
-+++ b/lib/nettle/int/drbg-aes.c
-@@ -22,6 +22,7 @@
-
- #include <config.h>
- #include <drbg-aes.h>
-+#include <gnutls_errors.h>
- #include <nettle/memxor.h>
- #include <nettle/aes.h>
- #include <minmax.h>
-@@ -67,7 +68,6 @@ drbg_aes_update(struct drbg_aes_ctx *ctx,
-
- memcpy(ctx->v, &tmp[DRBG_AES_KEY_SIZE], AES_BLOCK_SIZE);
-
-- ctx->reseed_counter = 1;
- ctx->seeded = 1;
- }
-
-@@ -93,6 +93,27 @@ drbg_aes_reseed(struct drbg_aes_ctx *ctx,
- memxor(tmp, entropy, entropy_size);
-
- drbg_aes_update(ctx, tmp);
-+ ctx->reseed_counter = 1;
-+
-+ return 1;
-+}
-+
-+int drbg_aes_random(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst)
-+{
-+ unsigned p_len;
-+ int left = length;
-+ uint8_t *p = dst;
-+ int ret;
-+
-+ while(left > 0) {
-+ p_len = MIN(MAX_DRBG_AES_GENERATE_SIZE, left);
-+ ret = drbg_aes_generate(ctx, p_len, p, 0, 0);
-+ if (ret == 0)
-+ return ret;
-+
-+ p += p_len;
-+ left -= p_len;
-+ }
-
- return 1;
- }
-@@ -106,11 +127,14 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst,
- unsigned left;
-
- if (ctx->seeded == 0)
-- return 0;
-+ return gnutls_assert_val(0);
-+
-+ if (length > MAX_DRBG_AES_GENERATE_SIZE)
-+ return gnutls_assert_val(0);
-
- if (add_size > 0) {
- if (add_size > DRBG_AES_SEED_SIZE)
-- return 0;
-+ return gnutls_assert_val(0);
- memcpy(seed, add, add_size);
- if (add_size != DRBG_AES_SEED_SIZE)
- memset(&seed[add_size], 0, DRBG_AES_SEED_SIZE - add_size);
-@@ -140,7 +164,7 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst,
- /* if detected loop */
- if (memcmp(dst, ctx->prev_block, AES_BLOCK_SIZE) == 0) {
- _gnutls_switch_lib_state(LIB_STATE_ERROR);
-- return 0;
-+ return gnutls_assert_val(0);
- }
-
- memcpy(ctx->prev_block, dst, AES_BLOCK_SIZE);
-@@ -154,7 +178,7 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst,
- /* if detected loop */
- if (memcmp(tmp, ctx->prev_block, AES_BLOCK_SIZE) == 0) {
- _gnutls_switch_lib_state(LIB_STATE_ERROR);
-- return 0;
-+ return gnutls_assert_val(0);
- }
-
- memcpy(ctx->prev_block, tmp, AES_BLOCK_SIZE);
-@@ -162,7 +186,7 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst,
- }
-
- if (ctx->reseed_counter > DRBG_AES_RESEED_TIME)
-- return 0;
-+ return gnutls_assert_val(0);
- ctx->reseed_counter++;
-
- drbg_aes_update(ctx, seed);
-diff --git a/lib/nettle/int/drbg-aes.h b/lib/nettle/int/drbg-aes.h
-index eb89be6..72608de 100644
---- a/lib/nettle/int/drbg-aes.h
-+++ b/lib/nettle/int/drbg-aes.h
-@@ -55,10 +55,13 @@ struct drbg_aes_ctx {
- unsigned reseed_counter;
- };
-
-+/* max_number_of_bits_per_request */
-+#define MAX_DRBG_AES_GENERATE_SIZE 65536 /* 2^19 */
-+
- /* This DRBG should be reseeded if reseed_counter exceeds
- * that number. Otherwise drbg_aes_random() will fail.
- */
--#define DRBG_AES_RESEED_TIME 65536
-+#define DRBG_AES_RESEED_TIME 16777216
-
- /* The entropy provided in these functions should be of
- * size DRBG_AES_SEED_SIZE. Additional data and pers.
-@@ -74,7 +77,10 @@ drbg_aes_reseed(struct drbg_aes_ctx *ctx,
- unsigned entropy_size, const uint8_t *entropy,
- unsigned add_size, const uint8_t* add);
-
--#define drbg_aes_random(ctx, l, dst) drbg_aes_generate(ctx, l, dst, 0, NULL)
-+/* our wrapper for the low-level drbg_aes_generate */
-+int
-+drbg_aes_random(struct drbg_aes_ctx *ctx, unsigned length,
-+ uint8_t * dst);
-
- int
- drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length,
-diff --git a/tests/rng-fork.c b/tests/rng-fork.c
-index ba9178e..45a18b4 100644
---- a/tests/rng-fork.c
-+++ b/tests/rng-fork.c
-@@ -53,6 +53,7 @@ void doit(void)
- unsigned char buf1[64];
- unsigned char buf2[64];
- pid_t pid;
-+ unsigned char *tmp;
- int ret;
- FILE *fp;
- unsigned i;
-@@ -119,6 +120,20 @@ void doit(void)
- exit(1);
- }
- }
-+#define TMP_SIZE (65*1024)
-+ tmp = malloc(TMP_SIZE);
-+ if (tmp == NULL) {
-+ fail("memory error\n");
-+ exit(1);
-+ }
-+ for (i = 0; i <= 65539; i++) {
-+ ret = gnutls_rnd(GNUTLS_RND_RANDOM, tmp, TMP_SIZE);
-+ if (ret < 0) {
-+ fail("Error iterating RNG-random more than %u times for %d data\n", i, TMP_SIZE);
-+ exit(1);
-+ }
-+ }
-+ free(tmp);
-
- gnutls_global_deinit();
- }
diff --git a/SOURCES/gnutls-3.3.8-fips-rnd-regr.patch b/SOURCES/gnutls-3.3.8-fips-rnd-regr.patch
deleted file mode 100644
index a9b8850..0000000
--- a/SOURCES/gnutls-3.3.8-fips-rnd-regr.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff --git a/lib/random.h b/lib/random.h
-index 370a2f9..59e3f3c 100644
---- a/lib/random.h
-+++ b/lib/random.h
-@@ -50,7 +50,10 @@ int _gnutls_rnd_init(void);
-
- inline static int _gnutls_rnd_check(void)
- {
-- return _gnutls_rnd_ops.check(gnutls_rnd_ctx);
-+ if (_gnutls_rnd_ops.check)
-+ return _gnutls_rnd_ops.check(gnutls_rnd_ctx);
-+ else
-+ return 0;
- }
-
- #ifndef _WIN32
diff --git a/SOURCES/gnutls-3.3.8-fips140-dsa1024.patch b/SOURCES/gnutls-3.3.8-fips140-dsa1024.patch
deleted file mode 100644
index 656e34f..0000000
--- a/SOURCES/gnutls-3.3.8-fips140-dsa1024.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h
-index 08fac25..82d545e 100644
---- a/lib/nettle/int/dsa-fips.h
-+++ b/lib/nettle/int/dsa-fips.h
-@@ -80,7 +80,7 @@ int
- _dsa_validate_dss_g(struct dsa_public_key *pub,
- unsigned domain_seed_size, const uint8_t *domain_seed, unsigned index);
-
--unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits);
-+unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate);
-
- /* The following low-level functions can be used for DH key exchange as well
- */
-diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c
-index 2712ddb..1ac9441 100644
---- a/lib/nettle/int/dsa-keygen-fips186.c
-+++ b/lib/nettle/int/dsa-keygen-fips186.c
-@@ -36,11 +36,11 @@
-
- #include <nettle/bignum.h>
-
--unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits)
-+unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate)
- {
- switch (q_bits) {
- case 160:
-- if (_gnutls_fips_mode_enabled() != 0)
-+ if (_gnutls_fips_mode_enabled() != 0 && generate != 0)
- return 0;
-
- if (p_bits != 1024)
-@@ -77,7 +77,7 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub,
- uint8_t *storage = NULL;
- unsigned storage_length = 0;
-
-- ret = _dsa_check_qp_sizes(q_bits, p_bits);
-+ ret = _dsa_check_qp_sizes(q_bits, p_bits, 1);
- if (ret == 0) {
- return 0;
- }
-@@ -375,7 +375,7 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub,
- uint8_t domain_seed[MAX_PVP_SEED_SIZE*3];
- unsigned domain_seed_size = 0;
-
-- ret = _dsa_check_qp_sizes(q_bits, p_bits);
-+ ret = _dsa_check_qp_sizes(q_bits, p_bits, 1);
- if (ret == 0)
- return 0;
-
-diff --git a/lib/nettle/int/dsa-validate.c b/lib/nettle/int/dsa-validate.c
-index 3f55755..daa39da 100644
---- a/lib/nettle/int/dsa-validate.c
-+++ b/lib/nettle/int/dsa-validate.c
-@@ -83,7 +83,7 @@ _dsa_validate_dss_g(struct dsa_public_key *pub,
- p_bits = mpz_sizeinbase(pub->p, 2);
- q_bits = mpz_sizeinbase(pub->q, 2);
-
-- ret = _dsa_check_qp_sizes(q_bits, p_bits);
-+ ret = _dsa_check_qp_sizes(q_bits, p_bits, 0);
- if (ret == 0) {
- return 0;
- }
-@@ -151,7 +151,7 @@ _dsa_validate_dss_pq(struct dsa_public_key *pub,
- p_bits = mpz_sizeinbase(pub->p, 2);
- q_bits = mpz_sizeinbase(pub->q, 2);
-
-- ret = _dsa_check_qp_sizes(q_bits, p_bits);
-+ ret = _dsa_check_qp_sizes(q_bits, p_bits, 0);
- if (ret == 0) {
- return 0;
- }
diff --git a/SOURCES/gnutls-3.3.8-fips140-rsa.patch b/SOURCES/gnutls-3.3.8-fips140-rsa.patch
deleted file mode 100644
index b456b6f..0000000
--- a/SOURCES/gnutls-3.3.8-fips140-rsa.patch
+++ /dev/null
@@ -1,178 +0,0 @@
-From c25a14ab6ce15d18338a7499e5849225aea03a7d Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Tue, 14 Oct 2014 13:57:33 +0200
-Subject: [PATCH] FIPS140-2 RSA key generation changes to account for seed
- starting with null byte
-
----
- lib/nettle/int/dsa-fips.h | 2 ++
- lib/nettle/int/provable-prime.c | 25 ++++++++++++++++++-------
- lib/nettle/int/rsa-keygen-fips186.c | 33 ++++++++++++++++++++-------------
- 3 files changed, 40 insertions(+), 20 deletions(-)
-
-diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h
-index 571bc0a..08fac25 100644
---- a/lib/nettle/int/dsa-fips.h
-+++ b/lib/nettle/int/dsa-fips.h
-@@ -115,4 +115,6 @@ hash (uint8_t digest[DIGEST_SIZE], unsigned length, void *data)
- return;
- }
-
-+unsigned mpz_seed_sizeinbase_256_u(mpz_t s, unsigned nominal);
-+
- #endif /* DSA_FIPS_H_INCLUDED */
-diff --git a/lib/nettle/int/provable-prime.c b/lib/nettle/int/provable-prime.c
-index 3bb46aa..e4a4325 100644
---- a/lib/nettle/int/provable-prime.c
-+++ b/lib/nettle/int/provable-prime.c
-@@ -992,6 +992,18 @@ static unsigned small_prime_check(unsigned x)
- return 1;
- }
-
-+/* The seed in FIPS186-3 is used either as an integer or blob,
-+ * but when used as an integer it must not be trunacated below
-+ * the "nominal" seed size. This function returns the size
-+ * that way. */
-+unsigned mpz_seed_sizeinbase_256_u(mpz_t s, unsigned nominal)
-+{
-+ unsigned ret = nettle_mpz_sizeinbase_256_u(s);
-+ if (ret < nominal)
-+ return nominal;
-+ return ret;
-+}
-+
- static int st_provable_prime_small(mpz_t p,
- unsigned *prime_seed_length,
- void *prime_seed,
-@@ -1018,7 +1030,7 @@ static int st_provable_prime_small(mpz_t p,
- nettle_mpz_set_str_256_u(s, seed_length, seed);
-
- retry:
-- tseed_length = nettle_mpz_sizeinbase_256_u(s);
-+ tseed_length = mpz_seed_sizeinbase_256_u(s, seed_length);
- if (tseed_length > sizeof(tseed)) {
- goto fail;
- }
-@@ -1030,7 +1042,7 @@ static int st_provable_prime_small(mpz_t p,
-
- mpz_add_ui(s, s, 1);
-
-- tseed_length = nettle_mpz_sizeinbase_256_u(s);
-+ tseed_length = mpz_seed_sizeinbase_256_u(s, seed_length);
- if (tseed_length > sizeof(tseed))
- goto fail;
-
-@@ -1071,7 +1083,7 @@ static int st_provable_prime_small(mpz_t p,
- mpz_set_ui(p, c);
-
- if (prime_seed != NULL) {
-- tseed_length = nettle_mpz_sizeinbase_256_u(s);
-+ tseed_length = mpz_seed_sizeinbase_256_u(s, tseed_length);
- if (*prime_seed_length < tseed_length)
- goto fail;
-
-@@ -1161,7 +1173,7 @@ st_provable_prime(mpz_t p,
- goto fail;
-
- for (i = 0; i < iterations; i++) {
-- tseed_length = nettle_mpz_sizeinbase_256_u(s);
-+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length);
- if (tseed_length > sizeof(tseed))
- goto fail;
- nettle_mpz_get_str_256(tseed_length, tseed, s);
-@@ -1212,9 +1224,8 @@ st_provable_prime(mpz_t p,
-
- mpz_set_ui(r, 0); /* a = 0 */
- if (iterations > 0) {
--
- for (i = 0; i < iterations; i++) {
-- tseed_length = nettle_mpz_sizeinbase_256_u(s);
-+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length);
- if (tseed_length > sizeof(tseed))
- goto fail;
-
-@@ -1249,7 +1260,7 @@ st_provable_prime(mpz_t p,
- mpz_set(p, c);
-
- if (prime_seed != NULL) {
-- tseed_length = nettle_mpz_sizeinbase_256_u(s);
-+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length);
- if (*prime_seed_length < tseed_length)
- goto fail;
-
-diff --git a/lib/nettle/int/rsa-keygen-fips186.c b/lib/nettle/int/rsa-keygen-fips186.c
-index 754842a..624aa36 100644
---- a/lib/nettle/int/rsa-keygen-fips186.c
-+++ b/lib/nettle/int/rsa-keygen-fips186.c
-@@ -53,7 +53,7 @@ unsigned iterations;
- unsigned storage_length = 0, i;
- uint8_t *storage = NULL;
- uint8_t pseed[MAX_PVP_SEED_SIZE+1];
--unsigned pseed_length = sizeof(pseed);
-+unsigned pseed_length = sizeof(pseed), tseed_length;
- unsigned max = bits*5;
-
- mpz_init(p0);
-@@ -85,11 +85,13 @@ unsigned max = bits*5;
-
- nettle_mpz_set_str_256_u(s, pseed_length, pseed);
- for (i = 0; i < iterations; i++) {
-- pseed_length = nettle_mpz_sizeinbase_256_u(s);
-- nettle_mpz_get_str_256(pseed_length, pseed, s);
-+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length);
-+ if (tseed_length > sizeof(pseed))
-+ goto fail;
-+ nettle_mpz_get_str_256(tseed_length, pseed, s);
-
- hash(&storage[(iterations - i - 1) * DIGEST_SIZE],
-- pseed_length, pseed);
-+ tseed_length, pseed);
- mpz_add_ui(s, s, 1);
- }
-
-@@ -170,11 +172,13 @@ unsigned max = bits*5;
- mpz_set_ui(x, 0); /* a = 0 */
- if (iterations > 0) {
- for (i = 0; i < iterations; i++) {
-- pseed_length = nettle_mpz_sizeinbase_256_u(s);
-- nettle_mpz_get_str_256(pseed_length, pseed, s);
-+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length);
-+ if (tseed_length > sizeof(pseed))
-+ goto fail;
-+ nettle_mpz_get_str_256(tseed_length, pseed, s);
-
- hash(&storage[(iterations - i - 1) * DIGEST_SIZE],
-- pseed_length, pseed);
-+ tseed_length, pseed);
- mpz_add_ui(s, s, 1);
- }
-
-@@ -203,16 +207,19 @@ unsigned max = bits*5;
- mpz_powm(r1, r2, p0, p);
- if (mpz_cmp_ui(r1, 1) == 0) {
- if (prime_seed_length != NULL) {
-- pseed_length = nettle_mpz_sizeinbase_256_u(s);
-- nettle_mpz_get_str_256(pseed_length, pseed, s);
-+ tseed_length = mpz_seed_sizeinbase_256_u(s, pseed_length);
-+ if (tseed_length > sizeof(pseed))
-+ goto fail;
-+
-+ nettle_mpz_get_str_256(tseed_length, pseed, s);
-
-- if (*prime_seed_length < pseed_length) {
-- *prime_seed_length = pseed_length;
-+ if (*prime_seed_length < tseed_length) {
-+ *prime_seed_length = tseed_length;
- goto fail;
- }
-- *prime_seed_length = pseed_length;
-+ *prime_seed_length = tseed_length;
- if (prime_seed != NULL)
-- memcpy(prime_seed, pseed, pseed_length);
-+ memcpy(prime_seed, pseed, tseed_length);
- }
- ret = 1;
- goto cleanup;
---
-1.9.3
-
diff --git a/SOURCES/gnutls-3.3.8-handshake-reset.patch b/SOURCES/gnutls-3.3.8-handshake-reset.patch
deleted file mode 100644
index 1ad4e15..0000000
--- a/SOURCES/gnutls-3.3.8-handshake-reset.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
-index 53f1ef1..759c67e 100644
---- a/lib/gnutls_handshake.c
-+++ b/lib/gnutls_handshake.c
-@@ -2491,7 +2491,8 @@ static int _gnutls_recv_supplemental(gnutls_session_t session)
- * full handshake will be performed.
- *
- * The non-fatal errors expected by this function are:
-- * %GNUTLS_E_INTERRUPTED, %GNUTLS_E_AGAIN, and %GNUTLS_E_WARNING_ALERT_RECEIVED.
-+ * %GNUTLS_E_INTERRUPTED, %GNUTLS_E_AGAIN,
-+ * %GNUTLS_E_LARGE_PACKET and %GNUTLS_E_WARNING_ALERT_RECEIVED.
- * The former two interrupt the handshake procedure due to the lower
- * layer being interrupted, and the latter because of an alert that
- * may be sent by a server (it is always a good idea to check any
-@@ -2600,12 +2601,15 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)
- #define IMED_RET( str, ret, allow_alert) do { \
- if (ret < 0) { \
- /* EAGAIN and INTERRUPTED are always non-fatal */ \
-- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \
-+ if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_LARGE_PACKET) \
- return ret; \
- /* a warning alert might interrupt handshake */ \
- if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \
- gnutls_assert(); \
- ERR( str, ret); \
-+ /* do not allow non-fatal errors at this point */ \
-+ if (gnutls_error_is_fatal(ret) == 0) ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); \
-+ session_invalidate(session); \
- _gnutls_handshake_hash_buffers_clear(session); \
- return ret; \
- } } while (0)
-diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
-index e2a492d..157d12a 100644
---- a/lib/gnutls_record.c
-+++ b/lib/gnutls_record.c
-@@ -349,12 +349,6 @@ int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how)
- return 0;
- }
-
--inline static void session_invalidate(gnutls_session_t session)
--{
-- session->internals.invalid_connection = 1;
--}
--
--
- inline static void session_unresumable(gnutls_session_t session)
- {
- session->internals.resumable = RESUME_FALSE;
-diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h
-index 50ff08d..cb0320c 100644
---- a/lib/gnutls_record.h
-+++ b/lib/gnutls_record.h
-@@ -101,4 +101,9 @@ unsigned int get_total_headers2(gnutls_session_t session, record_parameters_st *
- return total + _gnutls_cipher_get_explicit_iv_size(params->cipher);
- }
-
-+inline static void session_invalidate(gnutls_session_t session)
-+{
-+ session->internals.invalid_connection = 1;
-+}
-+
- #endif
diff --git a/SOURCES/gnutls-3.3.8-handshake-reset2.patch b/SOURCES/gnutls-3.3.8-handshake-reset2.patch
deleted file mode 100644
index 3572b77..0000000
--- a/SOURCES/gnutls-3.3.8-handshake-reset2.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 42a8bb3bdad73f13425ae18a41addbbc04496101 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Thu, 25 Sep 2014 12:00:39 +0200
-Subject: [PATCH] protect DTLS clients that don't handle GNUTLS_E_LARGE_PACKET from an infinite loop on handshake
-
----
- lib/gnutls_handshake.c | 6 +++++-
- lib/gnutls_int.h | 3 +++
- lib/gnutls_state.c | 1 +
- 3 files changed, 9 insertions(+), 1 deletions(-)
-
-diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
-index 759c67e..8b73267 100644
---- a/lib/gnutls_handshake.c
-+++ b/lib/gnutls_handshake.c
-@@ -2601,8 +2601,12 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)
- #define IMED_RET( str, ret, allow_alert) do { \
- if (ret < 0) { \
- /* EAGAIN and INTERRUPTED are always non-fatal */ \
-- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_LARGE_PACKET) \
-+ if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \
- return ret; \
-+ if (ret == GNUTLS_E_LARGE_PACKET && session->internals.handshake_large_loops < 16) { \
-+ session->internals.handshake_large_loops++; \
-+ return ret; \
-+ } \
- /* a warning alert might interrupt handshake */ \
- if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \
- gnutls_assert(); \
-diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
-index 58ffdf1..deca5fe 100644
---- a/lib/gnutls_int.h
-+++ b/lib/gnutls_int.h
-@@ -961,6 +961,9 @@ typedef struct {
-
- /* DTLS session state */
- dtls_st dtls;
-+ /* In case of clients that don't handle GNUTLS_E_LARGE_PACKET, don't
-+ * force them into an infinite loop */
-+ unsigned handshake_large_loops;
-
- /* if set it means that the master key was set using
- * gnutls_session_set_master() rather than being negotiated. */
-diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
-index 121ad5c..6165531 100644
---- a/lib/gnutls_state.c
-+++ b/lib/gnutls_state.c
-@@ -261,6 +261,7 @@ static void _gnutls_handshake_internal_state_init(gnutls_session_t session)
-
- session->internals.resumable = RESUME_TRUE;
-
-+ session->internals.handshake_large_loops = 0;
- session->internals.dtls.hsk_read_seq = 0;
- session->internals.dtls.hsk_write_seq = 0;
- }
---
-1.7.1
-
diff --git a/SOURCES/gnutls-3.3.8-handshake-reset3.patch b/SOURCES/gnutls-3.3.8-handshake-reset3.patch
deleted file mode 100644
index 0f9b0d5..0000000
--- a/SOURCES/gnutls-3.3.8-handshake-reset3.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 01049f9c00f0a903d4923a054769ef9f2187bd21 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Fri, 21 Nov 2014 20:18:08 +0100
-Subject: [PATCH] treat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial
- negotiation is complete
-
-This corrects a regression introduced in b5a0de2e6da98866cafb770c3141b7353d030ab2
-Reported by Dan Winship. https://savannah.gnu.org/support/?108690
----
- lib/gnutls_handshake.c | 11 ++++++++---
- lib/gnutls_record.c | 2 +-
- 2 files changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
-index 40d399c..e904f2e 100644
---- a/lib/gnutls_handshake.c
-+++ b/lib/gnutls_handshake.c
-@@ -2607,6 +2610,8 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)
- /* EAGAIN and INTERRUPTED are always non-fatal */ \
- if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \
- return ret; \
-+ if (ret == GNUTLS_E_GOT_APPLICATION_DATA && session->internals.initial_negotiation_completed != 0) \
-+ return ret; \
- if (ret == GNUTLS_E_LARGE_PACKET && session->internals.handshake_large_loops < 16) { \
- session->internals.handshake_large_loops++; \
- return ret; \
-diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
-index 157d12a..40c20fe 100644
---- a/lib/gnutls_record.c
-+++ b/lib/gnutls_record.c
-@@ -837,7 +837,7 @@ record_add_to_buffers(gnutls_session_t session,
- * reasons). Otherwise it is an unexpected packet
- */
- if (type == GNUTLS_ALERT
-- || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
-+ || ((htype == GNUTLS_HANDSHAKE_SERVER_HELLO || htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
- && type == GNUTLS_HANDSHAKE)) {
- /* even if data is unexpected put it into the buffer */
- _gnutls_record_buffer_put(session, recv->type,
---
-2.1.0
-
diff --git a/SOURCES/gnutls-3.3.8-keygen-fix.patch b/SOURCES/gnutls-3.3.8-keygen-fix.patch
deleted file mode 100644
index 275fa6c..0000000
--- a/SOURCES/gnutls-3.3.8-keygen-fix.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
-index 9017421..ad2b965 100644
---- a/lib/nettle/pk.c
-+++ b/lib/nettle/pk.c
-@@ -798,50 +798,53 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
- return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
-
- #ifdef ENABLE_FIPS140
-- if (algo==GNUTLS_PK_DSA)
-- index = 1;
-- else
-- index = 2;
-+ if (_gnutls_fips_mode_enabled() != 0) {
-+ if (algo==GNUTLS_PK_DSA)
-+ index = 1;
-+ else
-+ index = 2;
-
-- ret =
-- dsa_generate_dss_pqg(&pub, &cert,
-+ ret =
-+ dsa_generate_dss_pqg(&pub, &cert,
- index,
- NULL, rnd_func,
- NULL, NULL,
- level, q_bits);
-- if (ret != 1) {
-- gnutls_assert();
-- ret = GNUTLS_E_PK_GENERATION_ERROR;
-- goto dsa_fail;
-- }
-+ if (ret != 1) {
-+ gnutls_assert();
-+ ret = GNUTLS_E_PK_GENERATION_ERROR;
-+ goto dsa_fail;
-+ }
-
-- /* verify the generated parameters */
-- ret = dsa_validate_dss_pqg(&pub, &cert, index);
-- if (ret != 1) {
-- gnutls_assert();
-- ret = GNUTLS_E_PK_GENERATION_ERROR;
-- goto dsa_fail;
-- }
--#else
-- /* unfortunately nettle only accepts 160 or 256
-- * q_bits size. The check below makes sure we handle
-- * cases in between by rounding up, but fail when
-- * larger numbers are requested. */
-- if (q_bits < 160)
-- q_bits = 160;
-- else if (q_bits > 160 && q_bits <= 256)
-- q_bits = 256;
-- ret =
-- dsa_generate_keypair(&pub, &priv,
-+ /* verify the generated parameters */
-+ ret = dsa_validate_dss_pqg(&pub, &cert, index);
-+ if (ret != 1) {
-+ gnutls_assert();
-+ ret = GNUTLS_E_PK_GENERATION_ERROR;
-+ goto dsa_fail;
-+ }
-+ } else
-+#endif
-+ {
-+ /* unfortunately nettle only accepts 160 or 256
-+ * q_bits size. The check below makes sure we handle
-+ * cases in between by rounding up, but fail when
-+ * larger numbers are requested. */
-+ if (q_bits < 160)
-+ q_bits = 160;
-+ else if (q_bits > 160 && q_bits <= 256)
-+ q_bits = 256;
-+ ret =
-+ dsa_generate_keypair(&pub, &priv,
- NULL, rnd_func,
- NULL, NULL,
- level, q_bits);
-- if (ret != 1) {
-- gnutls_assert();
-- ret = GNUTLS_E_PK_GENERATION_ERROR;
-- goto dsa_fail;
-+ if (ret != 1) {
-+ gnutls_assert();
-+ ret = GNUTLS_E_PK_GENERATION_ERROR;
-+ goto dsa_fail;
-+ }
- }
--#endif
-
- params->params_nr = 0;
-
-@@ -1148,7 +1151,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
- switch (algo) {
- case GNUTLS_PK_DSA:
- #ifdef ENABLE_FIPS140
-- {
-+ if (_gnutls_fips_mode_enabled() != 0) {
- struct dsa_public_key pub;
- struct dsa_private_key priv;
-
-@@ -1272,17 +1275,18 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
- rsa_private_key_init(&priv);
-
- mpz_set_ui(pub.e, 65537);
--#ifdef ENABLE_FIPS140
-- ret =
-- rsa_generate_fips186_4_keypair(&pub, &priv, NULL,
-+
-+ if (_gnutls_fips_mode_enabled() != 0) {
-+ ret =
-+ rsa_generate_fips186_4_keypair(&pub, &priv, NULL,
- rnd_func, NULL, NULL,
- level);
--#else
-- ret =
-- rsa_generate_keypair(&pub, &priv, NULL,
-+ } else {
-+ ret =
-+ rsa_generate_keypair(&pub, &priv, NULL,
- rnd_func, NULL, NULL,
- level, 0);
--#endif
-+ }
- if (ret != 1) {
- gnutls_assert();
- ret = GNUTLS_E_PK_GENERATION_ERROR;
diff --git a/SOURCES/gnutls-3.3.8-lcm-fips.patch b/SOURCES/gnutls-3.3.8-lcm-fips.patch
deleted file mode 100644
index 6d79390..0000000
--- a/SOURCES/gnutls-3.3.8-lcm-fips.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-diff --git a/lib/nettle/int/rsa-keygen-fips186.c b/lib/nettle/int/rsa-keygen-fips186.c
-index 8d2a2b8..754842a 100644
---- a/lib/nettle/int/rsa-keygen-fips186.c
-+++ b/lib/nettle/int/rsa-keygen-fips186.c
-@@ -256,7 +256,7 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
- /* Desired size of modulo, in bits */
- unsigned n_size)
- {
-- mpz_t t, r, p1, q1, phi;
-+ mpz_t t, r, p1, q1, lcm;
- int ret;
- struct dss_params_validation_seeds cert;
- unsigned l = n_size / 2;
-@@ -281,7 +281,7 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
-
- mpz_init(p1);
- mpz_init(q1);
-- mpz_init(phi);
-+ mpz_init(lcm);
- mpz_init(t);
- mpz_init(r);
-
-@@ -337,9 +337,13 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
-
- mpz_sub_ui(p1, key->p, 1);
- mpz_sub_ui(q1, key->q, 1);
-- mpz_mul(phi, p1, q1);
-
-- assert(mpz_invert(key->d, pub->e, phi) != 0);
-+ mpz_lcm(lcm, p1, q1);
-+
-+ if (mpz_invert(key->d, pub->e, lcm) == 0) {
-+ ret = 0;
-+ goto cleanup;
-+ }
-
- /* Done! Almost, we must compute the auxillary private values. */
- /* a = d % (p-1) */
-@@ -357,7 +361,7 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
- cleanup:
- mpz_clear(p1);
- mpz_clear(q1);
-- mpz_clear(phi);
-+ mpz_clear(lcm);
- mpz_clear(t);
- mpz_clear(r);
- return ret;
diff --git a/SOURCES/gnutls-3.3.8-md5-downgrade.patch b/SOURCES/gnutls-3.3.8-md5-downgrade.patch
deleted file mode 100644
index be943b4..0000000
--- a/SOURCES/gnutls-3.3.8-md5-downgrade.patch
+++ /dev/null
@@ -1,414 +0,0 @@
-From 6612a7181af32903b03020090fe361360142258b Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Wed, 9 Dec 2015 10:07:18 +0100
-Subject: [PATCH] Prevent a downgrade attack to RSA-MD5 signatures
-
-This is by considering the list of the signature algorithms set by
-priorities.
----
- lib/ext/signature.c | 18 +--
- tests/Makefile.am | 2 +-
- tests/sign-md5-rep.c | 344 +++++++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 346 insertions(+), 18 deletions(-)
- create mode 100644 tests/sign-md5-rep.c
-
-diff --git a/lib/ext/signature.c b/lib/ext/signature.c
-index fb971f5..6f3066e 100644
---- a/lib/ext/signature.c
-+++ b/lib/ext/signature.c
-@@ -313,28 +313,12 @@ _gnutls_session_sign_algo_enabled(gnutls_session_t session,
- gnutls_sign_algorithm_t sig)
- {
- unsigned i;
-- int ret;
- const version_entry_st *ver = get_version(session);
-- sig_ext_st *priv;
-- extension_priv_data_t epriv;
-
- if (unlikely(ver == NULL))
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
-- ret =
-- _gnutls_ext_get_session_data(session,
-- GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
-- &epriv);
-- if (ret < 0) {
-- gnutls_assert();
-- return 0;
-- }
-- priv = epriv.ptr;
--
-- if (!_gnutls_version_has_selectable_sighash(ver)
-- || priv->sign_algorithms_size == 0)
-- /* none set, allow all */
-- {
-+ if (!_gnutls_version_has_selectable_sighash(ver)) {
- return 0;
- }
-
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index 95d6541..d1c4839 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -84,7 +84,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred certder certuniqueid \
- mini-cert-status mini-rsa-psk global-init sec-params \
- fips-test mini-global-load name-constraints x509-extensions \
- long-session-id mini-x509-callbacks-intr \
-- crlverify init_fds
-+ crlverify init_fds sign-md5-rep
-
- if ENABLE_OCSP
- ctests += ocsp
-diff --git a/tests/sign-md5-rep.c b/tests/sign-md5-rep.c
-new file mode 100644
-index 0000000..72869fa
---- /dev/null
-+++ b/tests/sign-md5-rep.c
-@@ -0,0 +1,344 @@
-+/*
-+ * Copyright (C) 2015 Nikos Mavrogiannopoulos
-+ *
-+ * Author: Nikos Mavrogiannopoulos
-+ *
-+ * This file is part of GnuTLS.
-+ *
-+ * GnuTLS is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 3 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * GnuTLS is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with GnuTLS; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
-+ */
-+
-+#ifdef HAVE_CONFIG_H
-+#include <config.h>
-+#endif
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+
-+#if defined(_WIN32)
-+
-+int main()
-+{
-+ exit(77);
-+}
-+
-+#else
-+
-+#include <string.h>
-+#include <sys/types.h>
-+#include <netinet/in.h>
-+#include <sys/socket.h>
-+#include <sys/wait.h>
-+#include <arpa/inet.h>
-+#include <unistd.h>
-+#include <gnutls/gnutls.h>
-+#include <gnutls/dtls.h>
-+#include <signal.h>
-+
-+#include "utils.h"
-+
-+static void terminate(void);
-+
-+/* This program tests whether EtM is negotiated as expected.
-+ */
-+
-+static void server_log_func(int level, const char *str)
-+{
-+ fprintf(stderr, "server|<%d>| %s", level, str);
-+}
-+
-+static void client_log_func(int level, const char *str)
-+{
-+ fprintf(stderr, "client|<%d>| %s", level, str);
-+}
-+
-+static unsigned char server_cert_pem[] =
-+ "-----BEGIN CERTIFICATE-----\n"
-+ "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
-+ "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n"
-+ "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
-+ "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n"
-+ "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n"
-+ "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n"
-+ "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n"
-+ "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n"
-+ "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n"
-+ "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n"
-+ "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n"
-+ "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n"
-+ "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n";
-+
-+const gnutls_datum_t server_cert = { server_cert_pem,
-+ sizeof(server_cert_pem)
-+};
-+
-+static unsigned char server_key_pem[] =
-+ "-----BEGIN RSA PRIVATE KEY-----\n"
-+ "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n"
-+ "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n"
-+ "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n"
-+ "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n"
-+ "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n"
-+ "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n"
-+ "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n"
-+ "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n"
-+ "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n"
-+ "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n"
-+ "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n"
-+ "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n"
-+ "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n"
-+ "-----END RSA PRIVATE KEY-----\n";
-+
-+const gnutls_datum_t server_key = { server_key_pem,
-+ sizeof(server_key_pem)
-+};
-+
-+
-+static int handshake_callback(gnutls_session_t session, unsigned int htype,
-+ unsigned post, unsigned int incoming)
-+{
-+ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA", NULL);
-+ return 0;
-+}
-+
-+
-+/* A very basic TLS client, with anonymous authentication.
-+ */
-+
-+#define MAX_BUF 1024
-+
-+static void client(int fd)
-+{
-+ int ret;
-+ char buffer[MAX_BUF + 1];
-+ gnutls_certificate_credentials_t x509_cred;
-+ gnutls_session_t session;
-+ /* Need to enable anonymous KX specifically. */
-+
-+ global_init();
-+
-+ if (debug) {
-+ gnutls_global_set_log_function(client_log_func);
-+ gnutls_global_set_log_level(7);
-+ }
-+
-+ gnutls_certificate_allocate_credentials(&x509_cred);
-+
-+ /* Initialize TLS session
-+ */
-+ gnutls_init(&session, GNUTLS_CLIENT);
-+
-+ /* Use default priorities */
-+ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-MD5", NULL);
-+
-+ /* put the anonymous credentials to the current session
-+ */
-+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-+
-+ gnutls_transport_set_int(session, fd);
-+ gnutls_handshake_set_hook_function(session, GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
-+ GNUTLS_HOOK_PRE,
-+ handshake_callback);
-+
-+ /* Perform the TLS handshake
-+ */
-+ do {
-+ ret = gnutls_handshake(session);
-+ }
-+ while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-+
-+ if (ret == GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM) {
-+ /* success */
-+ goto end;
-+ }
-+
-+ if (ret < 0) {
-+ terminate();
-+ fail("client: Handshake failed: %s\n", gnutls_strerror(ret));
-+ exit(1);
-+ } else {
-+ if (debug)
-+ success("client: Handshake was completed\n");
-+ }
-+
-+ if (gnutls_sign_algorithm_get(session) == GNUTLS_SIGN_RSA_MD5) {
-+ terminate();
-+ fail("client: MD5 was negotiated\n");
-+ exit(1);
-+ }
-+ success("client: %s was negotiated\n", gnutls_sign_get_name(gnutls_sign_algorithm_get(session)));
-+
-+ if (debug)
-+ success("client: TLS version is: %s\n",
-+ gnutls_protocol_get_name
-+ (gnutls_protocol_get_version(session)));
-+
-+ do {
-+ do {
-+ ret = gnutls_record_recv(session, buffer, MAX_BUF);
-+ } while (ret == GNUTLS_E_AGAIN
-+ || ret == GNUTLS_E_INTERRUPTED);
-+ } while (ret > 0);
-+
-+ if (ret == 0) {
-+ if (debug)
-+ success
-+ ("client: Peer has closed the TLS connection\n");
-+ goto end;
-+ } else if (ret < 0) {
-+ terminate();
-+ fail("client: Error: %s\n", gnutls_strerror(ret));
-+ exit(1);
-+ }
-+
-+ gnutls_bye(session, GNUTLS_SHUT_WR);
-+
-+ end:
-+
-+ close(fd);
-+
-+ gnutls_deinit(session);
-+
-+ gnutls_certificate_free_credentials(x509_cred);
-+
-+ gnutls_global_deinit();
-+}
-+
-+
-+/* These are global */
-+pid_t child;
-+
-+static void terminate(void)
-+{
-+ kill(child, SIGTERM);
-+ exit(1);
-+}
-+
-+static void server(int fd)
-+{
-+ int ret;
-+ char buffer[MAX_BUF + 1];
-+ gnutls_session_t session;
-+ gnutls_certificate_credentials_t x509_cred;
-+
-+ /* this must be called once in the program
-+ */
-+ global_init();
-+ memset(buffer, 0, sizeof(buffer));
-+
-+ if (debug) {
-+ gnutls_global_set_log_function(server_log_func);
-+ gnutls_global_set_log_level(4711);
-+ }
-+
-+ gnutls_certificate_allocate_credentials(&x509_cred);
-+ gnutls_certificate_set_x509_key_mem(x509_cred, &server_cert,
-+ &server_key,
-+ GNUTLS_X509_FMT_PEM);
-+
-+ gnutls_init(&session, GNUTLS_SERVER);
-+
-+ /* avoid calling all the priority functions, since the defaults
-+ * are adequate.
-+ */
-+ gnutls_priority_set_direct(session, "NORMAL:-KX-ALL:+ECDHE-RSA:-SIGN-ALL:+SIGN-RSA-MD5", NULL);
-+
-+ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-+
-+ gnutls_transport_set_int(session, fd);
-+
-+ do {
-+ ret = gnutls_handshake(session);
-+ } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
-+ if (ret < 0) {
-+ /* failure is expected here */
-+ goto end;
-+ }
-+
-+ if (debug) {
-+ success("server: Handshake was completed\n");
-+ success("server: %s was negotiated\n", gnutls_sign_get_name(gnutls_sign_algorithm_get(session)));
-+ }
-+
-+ if (debug)
-+ success("server: TLS version is: %s\n",
-+ gnutls_protocol_get_name
-+ (gnutls_protocol_get_version(session)));
-+
-+ /* do not wait for the peer to close the connection.
-+ */
-+ gnutls_bye(session, GNUTLS_SHUT_WR);
-+
-+ end:
-+ close(fd);
-+ gnutls_deinit(session);
-+
-+ gnutls_certificate_free_credentials(x509_cred);
-+
-+ gnutls_global_deinit();
-+
-+ if (debug)
-+ success("server: finished\n");
-+}
-+
-+static void ch_handler(int sig)
-+{
-+ int status;
-+ wait(&status);
-+ if (WEXITSTATUS(status) != 0 ||
-+ (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
-+ if (WIFSIGNALED(status))
-+ fail("Child died with sigsegv\n");
-+ else
-+ fail("Child died with status %d\n",
-+ WEXITSTATUS(status));
-+ terminate();
-+ }
-+ return;
-+}
-+
-+void doit(void)
-+{
-+ int fd[2];
-+ int ret;
-+
-+ signal(SIGCHLD, ch_handler);
-+
-+ ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
-+ if (ret < 0) {
-+ perror("socketpair");
-+ exit(1);
-+ }
-+
-+ child = fork();
-+ if (child < 0) {
-+ perror("fork");
-+ fail("fork");
-+ exit(1);
-+ }
-+
-+ if (child) {
-+ /* parent */
-+ close(fd[1]);
-+ client(fd[0]);
-+ kill(child, SIGTERM);
-+ } else {
-+ close(fd[0]);
-+ server(fd[1]);
-+ exit(0);
-+ }
-+}
-+
-+#endif /* _WIN32 */
---
-2.5.0
-
diff --git a/SOURCES/gnutls-3.3.8-mem-issue.patch b/SOURCES/gnutls-3.3.8-mem-issue.patch
deleted file mode 100644
index 58f9943..0000000
--- a/SOURCES/gnutls-3.3.8-mem-issue.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
-index b102f4d..a4921f9 100644
---- a/lib/gnutls_x509.c
-+++ b/lib/gnutls_x509.c
-@@ -697,11 +697,11 @@ static int
- read_cert_url(gnutls_certificate_credentials_t res, const char *url)
- {
- int ret;
-- gnutls_x509_crt_t crt;
-+ gnutls_x509_crt_t crt = NULL;
- gnutls_pcert_st *ccert;
- gnutls_str_array_t names;
- gnutls_datum_t t = {NULL, 0};
-- unsigned i;
-+ unsigned i, count = 0;
-
- _gnutls_str_array_init(&names);
-
-@@ -729,13 +729,13 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
-
- if (ret < 0) {
- gnutls_assert();
-- goto cleanup1;
-+ goto cleanup;
- }
-
- ret = get_x509_name(crt, &names);
- if (ret < 0) {
- gnutls_assert();
-- goto cleanup1;
-+ goto cleanup;
- }
-
- /* Try to load the whole certificate chain from the PKCS #11 token */
-@@ -747,17 +747,18 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
- }
-
- ret = gnutls_pcert_import_x509(&ccert[i], crt, 0);
-- gnutls_x509_crt_deinit(crt);
--
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-+ count++;
-
- ret = gnutls_pkcs11_get_raw_issuer(url, crt, &t, GNUTLS_X509_FMT_DER, 0);
- if (ret < 0)
- break;
--
-+
-+ gnutls_x509_crt_deinit(crt);
-+ crt = NULL;
- ret = gnutls_x509_crt_init(&crt);
- if (ret < 0) {
- gnutls_assert();
-@@ -767,23 +768,25 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
- ret = gnutls_x509_crt_import(crt, &t, GNUTLS_X509_FMT_DER);
- if (ret < 0) {
- gnutls_assert();
-- goto cleanup1;
-+ goto cleanup;
- }
- gnutls_free(t.data);
- t.data = NULL;
- }
-
-- ret = certificate_credential_append_crt_list(res, names, ccert, i+1);
-+ ret = certificate_credential_append_crt_list(res, names, ccert, count);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
-
-- return 0;
--cleanup1:
-- gnutls_x509_crt_deinit(crt);
-+ if (crt != NULL)
-+ gnutls_x509_crt_deinit(crt);
-
-+ return 0;
- cleanup:
-+ if (crt != NULL)
-+ gnutls_x509_crt_deinit(crt);
- gnutls_free(t.data);
- _gnutls_str_array_clear(&names);
- gnutls_free(ccert);
-@@ -959,7 +962,6 @@ static int check_if_sorted(gnutls_pcert_st * crt, int nr)
- ret = gnutls_x509_crt_init(&x509);
- if (ret < 0)
- return gnutls_assert_val(ret);
--
- ret =
- gnutls_x509_crt_import(x509, &crt[i].cert,
- GNUTLS_X509_FMT_DER);
diff --git a/SOURCES/gnutls-3.3.8-rnd-reregister.patch b/SOURCES/gnutls-3.3.8-rnd-reregister.patch
deleted file mode 100644
index 960ff17..0000000
--- a/SOURCES/gnutls-3.3.8-rnd-reregister.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From b6d992d0f96f2ecd9c0a3975576e4204c66b1fc6 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Thu, 11 Dec 2014 10:15:54 +0100
-Subject: [PATCH] Allow a random generator with the same priority to
- re-register
-
-That corrects an issue where the library is deinitialized, and
-reinitialization wouldn't register the same rnd module.
-Reported by Stanislav Zidek.
----
- lib/crypto-backend.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c
-index 8840b1c..2132b53 100644
---- a/lib/crypto-backend.c
-+++ b/lib/crypto-backend.c
-@@ -193,7 +193,7 @@ const gnutls_crypto_cipher_st
- int
- gnutls_crypto_rnd_register(int priority, const gnutls_crypto_rnd_st * s)
- {
-- if (crypto_rnd_prio > priority) {
-+ if (crypto_rnd_prio >= priority) {
- memcpy(&_gnutls_rnd_ops, s, sizeof(*s));
- crypto_rnd_prio = priority;
- return 0;
---
-1.9.3
-
diff --git a/SOURCES/gnutls-3.3.8-sha224-fix.patch b/SOURCES/gnutls-3.3.8-sha224-fix.patch
deleted file mode 100644
index 7786ba6..0000000
--- a/SOURCES/gnutls-3.3.8-sha224-fix.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/lib/accelerated/x86/sha-x86-ssse3.c b/lib/accelerated/x86/sha-x86-ssse3.c
-index 17724f7..e9d8eab 100644
---- a/lib/accelerated/x86/sha-x86-ssse3.c
-+++ b/lib/accelerated/x86/sha-x86-ssse3.c
-@@ -248,7 +248,7 @@ static int _ctx_init(gnutls_digest_algorithm_t algo,
- case GNUTLS_DIG_SHA224:
- sha224_init(&ctx->ctx.sha224);
- ctx->update = (update_func) x86_sha256_update;
-- ctx->digest = (digest_func) sha256_digest;
-+ ctx->digest = (digest_func) sha224_digest;
- ctx->init = (init_func) sha224_init;
- ctx->ctx_ptr = &ctx->ctx.sha224;
- ctx->length = SHA224_DIGEST_SIZE;
diff --git a/SOURCES/gnutls-3.3.8-testdsa-rndport.patch b/SOURCES/gnutls-3.3.8-testdsa-rndport.patch
deleted file mode 100644
index ae7a2b9..0000000
--- a/SOURCES/gnutls-3.3.8-testdsa-rndport.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/tests/dsa/testdsa b/tests/dsa/testdsa
-index 4da172f..394d60a 100755
---- a/tests/dsa/testdsa
-+++ b/tests/dsa/testdsa
-@@ -23,7 +23,7 @@
- srcdir="${srcdir:-.}"
- SERV="${SERV:-../../src/gnutls-serv} -q"
- CLI="${CLI:-../../src/gnutls-cli}"
--PORT="${PORT:-5558}"
-+PORT="$(((($$<<15)|RANDOM) % 63001 + 2000))"
- DEBUG=""
- unset RETCODE
-
diff --git a/SOURCES/gnutls-3.3.8-urandom-fd-fips.patch b/SOURCES/gnutls-3.3.8-urandom-fd-fips.patch
deleted file mode 100644
index 7854fe4..0000000
--- a/SOURCES/gnutls-3.3.8-urandom-fd-fips.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From a3f4c7e3f8cf4bb7be0267dd96d363ff69114162 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@redhat.com>
-Date: Wed, 10 Dec 2014 15:40:49 +0100
-Subject: [PATCH] added the .check function in FIPS140-2 code
-
----
- lib/nettle/rnd-fips.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/lib/nettle/rnd-fips.c b/lib/nettle/rnd-fips.c
-index 32fc141..7bb5dca 100644
---- a/lib/nettle/rnd-fips.c
-+++ b/lib/nettle/rnd-fips.c
-@@ -218,6 +218,15 @@ static void _rngfips_deinit(void *_ctx)
- free(ctx);
- }
-
-+/* This is called when gnutls_global_init() is called for second time.
-+ * It must check whether any resources are still available.
-+ * The particular problem it solves is to verify that the urandom fd is still
-+ * open (for applications that for some reason closed all fds */
-+static int _rndfips_check(void **ctx)
-+{
-+ return _rnd_system_entropy_check();
-+}
-+
- static void _rngfips_refresh(void *_ctx)
- {
- /* this is predictable RNG. Don't refresh */
-@@ -243,6 +252,7 @@ static int selftest_kat(void)
-
- gnutls_crypto_rnd_st _gnutls_fips_rnd_ops = {
- .init = _rngfips_init,
-+ .check = _rndfips_check,
- .deinit = _rngfips_deinit,
- .rnd = _rngfips_rnd,
- .rnd_refresh = _rngfips_refresh,
---
-1.9.3
-
diff --git a/SOURCES/gnutls-3.3.8-urandom-fd.patch b/SOURCES/gnutls-3.3.8-urandom-fd.patch
deleted file mode 100644
index 7882f0e..0000000
--- a/SOURCES/gnutls-3.3.8-urandom-fd.patch
+++ /dev/null
@@ -1,310 +0,0 @@
-diff -urN gnutls-3.3.8.orig/lib/crypto-backend.h gnutls-3.3.8/lib/crypto-backend.h
---- gnutls-3.3.8.orig/lib/crypto-backend.h 2014-07-29 22:22:47.000000000 +0200
-+++ gnutls-3.3.8/lib/crypto-backend.h 2014-11-18 09:52:15.420936655 +0100
-@@ -77,6 +77,7 @@
-
- typedef struct gnutls_crypto_rnd {
- int (*init) (void **ctx);
-+ int (*check) (void **ctx);
- int (*rnd) (void *ctx, int level, void *data, size_t datasize);
- void (*rnd_refresh) (void *ctx);
- void (*deinit) (void *ctx);
-diff -urN gnutls-3.3.8.orig/lib/gnutls_global.c gnutls-3.3.8/lib/gnutls_global.c
---- gnutls-3.3.8.orig/lib/gnutls_global.c 2014-09-04 21:05:54.000000000 +0200
-+++ gnutls-3.3.8/lib/gnutls_global.c 2014-11-18 09:57:18.851879610 +0100
-@@ -207,6 +207,16 @@
-
- _gnutls_init++;
- if (_gnutls_init > 1) {
-+ if (_gnutls_init == 2 && _gnutls_init_ret == 0) {
-+ /* some applications may close the urandom fd
-+ * before calling gnutls_global_init(). in that
-+ * case reopen it */
-+ ret = _gnutls_rnd_check();
-+ if (ret < 0) {
-+ gnutls_assert();
-+ goto out;
-+ }
-+ }
- ret = _gnutls_init_ret;
- goto out;
- }
-diff -urN gnutls-3.3.8.orig/lib/nettle/rnd.c gnutls-3.3.8/lib/nettle/rnd.c
---- gnutls-3.3.8.orig/lib/nettle/rnd.c 2014-07-29 22:25:07.000000000 +0200
-+++ gnutls-3.3.8/lib/nettle/rnd.c 2014-11-18 09:52:15.420936655 +0100
-@@ -255,6 +255,15 @@
- return 0;
- }
-
-+/* This is called when gnutls_global_init() is called for second time.
-+ * It must check whether any resources are still available.
-+ * The particular problem it solves is to verify that the urandom fd is still
-+ * open (for applications that for some reason closed all fds */
-+static int wrap_nettle_rnd_check(void **ctx)
-+{
-+ return _rnd_system_entropy_check();
-+}
-+
- static int
- wrap_nettle_rnd_nonce(void *_ctx, void *data, size_t datasize)
- {
-@@ -363,6 +372,7 @@
-
- gnutls_crypto_rnd_st _gnutls_rnd_ops = {
- .init = wrap_nettle_rnd_init,
-+ .check = wrap_nettle_rnd_check,
- .deinit = wrap_nettle_rnd_deinit,
- .rnd = wrap_nettle_rnd,
- .rnd_refresh = wrap_nettle_rnd_refresh,
-diff -urN gnutls-3.3.8.orig/lib/nettle/rnd-common.c gnutls-3.3.8/lib/nettle/rnd-common.c
---- gnutls-3.3.8.orig/lib/nettle/rnd-common.c 2014-08-03 14:22:42.000000000 +0200
-+++ gnutls-3.3.8/lib/nettle/rnd-common.c 2014-11-18 10:25:56.962112669 +0100
-@@ -37,6 +37,10 @@
- #include <rnd-common.h>
- #include <hash-pjw-bare.h>
-
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <unistd.h>
-+
- /* gnulib wants to claim strerror even if it cannot provide it. WTF */
- #undef strerror
-
-@@ -94,6 +98,11 @@
-
- get_entropy_func _rnd_get_system_entropy = _rnd_get_system_entropy_win32;
-
-+int _rnd_system_entropy_check(void)
-+{
-+ return 0;
-+}
-+
- int _rnd_system_entropy_init(void)
- {
- int old;
-@@ -127,7 +136,8 @@
- #include <locks.h>
- #include "egd.h"
-
--static int device_fd = -1;
-+int _gnutls_urandom_fd = -1;
-+static mode_t _gnutls_urandom_fd_mode = 0;
-
- static int _rnd_get_system_entropy_urandom(void* _rnd, size_t size)
- {
-@@ -137,7 +147,7 @@
- for (done = 0; done < size;) {
- int res;
- do {
-- res = read(device_fd, rnd + done, size - done);
-+ res = read(_gnutls_urandom_fd, rnd + done, size - done);
- } while (res < 0 && errno == EINTR);
-
- if (res <= 0) {
-@@ -168,7 +178,7 @@
-
- for (done = 0; done < size;) {
- res =
-- _rndegd_read(&device_fd, rnd + done, size - done);
-+ _rndegd_read(&_gnutls_urandom_fd, rnd + done, size - done);
- if (res <= 0) {
- if (res < 0) {
- _gnutls_debug_log("Failed to read egd.\n");
-@@ -186,31 +196,53 @@
-
- get_entropy_func _rnd_get_system_entropy = NULL;
-
-+int _rnd_system_entropy_check(void)
-+{
-+ int ret;
-+ struct stat st;
-+
-+ ret = fstat(_gnutls_urandom_fd, &st);
-+ if (ret < 0 || st.st_mode != _gnutls_urandom_fd_mode) {
-+ return _rnd_system_entropy_init();
-+ }
-+ return 0;
-+}
-+
- int _rnd_system_entropy_init(void)
- {
--int old;
-+ int old;
-+ struct stat st;
-
-- device_fd = open("/dev/urandom", O_RDONLY);
-- if (device_fd < 0) {
-+ _gnutls_urandom_fd = open("/dev/urandom", O_RDONLY);
-+ if (_gnutls_urandom_fd < 0) {
- _gnutls_debug_log("Cannot open urandom!\n");
- goto fallback;
- }
-
-- old = fcntl(device_fd, F_GETFD);
-+ old = fcntl(_gnutls_urandom_fd, F_GETFD);
- if (old != -1)
-- fcntl(device_fd, F_SETFD, old | FD_CLOEXEC);
-+ fcntl(_gnutls_urandom_fd, F_SETFD, old | FD_CLOEXEC);
-+
-+ if (fstat(_gnutls_urandom_fd, &st) >= 0) {
-+ _gnutls_urandom_fd_mode = st.st_mode;
-+ }
-
- _rnd_get_system_entropy = _rnd_get_system_entropy_urandom;
-
- return 0;
- fallback:
-- device_fd = _rndegd_connect_socket();
-- if (device_fd < 0) {
-+ _gnutls_urandom_fd = _rndegd_connect_socket();
-+ if (_gnutls_urandom_fd < 0) {
- _gnutls_debug_log("Cannot open egd socket!\n");
- return
- gnutls_assert_val
- (GNUTLS_E_RANDOM_DEVICE_ERROR);
- }
-+
-+ if (fstat(_gnutls_urandom_fd, &st) >= 0) {
-+ _gnutls_urandom_fd_mode = st.st_mode;
-+ }
-+
- _rnd_get_system_entropy = _rnd_get_system_entropy_egd;
-
- return 0;
-@@ -218,9 +250,9 @@
-
- void _rnd_system_entropy_deinit(void)
- {
-- if (device_fd >= 0) {
-- close(device_fd);
-- device_fd = -1;
-+ if (_gnutls_urandom_fd >= 0) {
-+ close(_gnutls_urandom_fd);
-+ _gnutls_urandom_fd = -1;
- }
- }
- #endif
-diff -urN gnutls-3.3.8.orig/lib/nettle/rnd-common.h gnutls-3.3.8/lib/nettle/rnd-common.h
---- gnutls-3.3.8.orig/lib/nettle/rnd-common.h 2014-07-29 22:22:47.000000000 +0200
-+++ gnutls-3.3.8/lib/nettle/rnd-common.h 2014-11-18 09:52:15.420936655 +0100
-@@ -50,6 +50,7 @@
- void _rnd_get_event(struct event_st *e);
-
- int _rnd_system_entropy_init(void);
-+int _rnd_system_entropy_check(void);
- void _rnd_system_entropy_deinit(void);
-
- typedef int (*get_entropy_func)(void* rnd, size_t size);
-diff -urN gnutls-3.3.8.orig/lib/random.h gnutls-3.3.8/lib/random.h
---- gnutls-3.3.8.orig/lib/random.h 2014-07-29 22:22:47.000000000 +0200
-+++ gnutls-3.3.8/lib/random.h 2014-11-18 09:58:19.458267672 +0100
-@@ -48,4 +48,13 @@
- void _gnutls_rnd_deinit(void);
- int _gnutls_rnd_init(void);
-
-+inline static int _gnutls_rnd_check(void)
-+{
-+ return _gnutls_rnd_ops.check(gnutls_rnd_ctx);
-+}
-+
-+#ifndef _WIN32
-+extern int _gnutls_urandom_fd;
-+#endif
-+
- #endif
-diff -urN gnutls-3.3.8.orig/tests/init_fds.c gnutls-3.3.8/tests/init_fds.c
---- gnutls-3.3.8.orig/tests/init_fds.c 1970-01-01 01:00:00.000000000 +0100
-+++ gnutls-3.3.8/tests/init_fds.c 2014-11-18 10:01:10.484365302 +0100
-@@ -0,0 +1,80 @@
-+/*
-+ * Copyright (C) 2014 Nikos Mavrogiannopoulos
-+ *
-+ * Author: Nikos Mavrogiannopoulos
-+ *
-+ * This file is part of GnuTLS.
-+ *
-+ * GnuTLS is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 3 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * GnuTLS is distributed in the hope that it will be useful, but
-+ * WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with GnuTLS; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
-+ */
-+
-+#ifdef HAVE_CONFIG_H
-+#include <config.h>
-+#endif
-+
-+#include <stdio.h>
-+#include <unistd.h>
-+#include <gnutls/gnutls.h>
-+#include <gnutls/crypto.h>
-+
-+#include "utils.h"
-+
-+/* See <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760476>. */
-+
-+void doit(void)
-+{
-+#ifndef _WIN32
-+ int res;
-+ unsigned i;
-+ int serial = 0;
-+ char buf[128];
-+
-+ res = read(3, buf, 16);
-+ if (res == 16)
-+ serial = 1;
-+
-+ /* close all descriptors */
-+ for (i=3;i<1024;i++)
-+ close(i);
-+
-+ res = gnutls_global_init();
-+ if (res != 0)
-+ fail("global_init\n");
-+
-+ if (serial != 0) {
-+ res = read(3, buf, 16);
-+ if (res != 16) {
-+ fail("could not open fd, or OS doesn't assign fds in a serial way (%d)\n", res);
-+ }
-+ }
-+
-+ res = gnutls_global_init();
-+ if (res != 0)
-+ fail("global_init2\n");
-+
-+ gnutls_rnd_refresh();
-+
-+ res = gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
-+ if (res != 0)
-+ fail("gnutls_rnd\n");
-+
-+ gnutls_global_deinit();
-+
-+ if (debug)
-+ success("init-close success\n");
-+#else
-+ return;
-+#endif
-+}
-diff -urN gnutls-3.3.8.orig/tests/Makefile.am gnutls-3.3.8/tests/Makefile.am
---- gnutls-3.3.8.orig/tests/Makefile.am 2014-09-13 13:08:01.000000000 +0200
-+++ gnutls-3.3.8/tests/Makefile.am 2014-11-18 10:01:10.483365293 +0100
-@@ -84,7 +84,7 @@
- mini-cert-status mini-rsa-psk global-init sec-params \
- fips-test mini-global-load name-constraints x509-extensions \
- long-session-id mini-x509-callbacks-intr \
-- crlverify
-+ crlverify init_fds
-
- if ENABLE_OCSP
- ctests += ocsp
diff --git a/SOURCES/gnutls-3.3.8-zombie-fips.patch b/SOURCES/gnutls-3.3.8-zombie-fips.patch
deleted file mode 100644
index ed36f0b..0000000
--- a/SOURCES/gnutls-3.3.8-zombie-fips.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-diff -ur gnutls-3.3.8.orig/lib/fips.c gnutls-3.3.8/lib/fips.c
---- gnutls-3.3.8.orig/lib/fips.c 2014-09-04 21:05:54.000000000 +0200
-+++ gnutls-3.3.8/lib/fips.c 2014-11-18 09:46:47.376148426 +0100
-@@ -37,6 +37,8 @@
- #define FIPS_KERNEL_FILE "/proc/sys/crypto/fips_enabled"
- #define FIPS_SYSTEM_FILE "/etc/system-fips"
-
-+static int _fips_mode = -1;
-+
- /* Returns:
- * 0 - FIPS mode disabled
- * 1 - FIPS mode enabled and enforced
-@@ -46,21 +48,20 @@
- {
- unsigned f1p = 0, f2p;
- FILE* fd;
--static int fips_mode = -1;
- const char *p;
-
-- if (fips_mode != -1)
-- return fips_mode;
-+ if (_fips_mode != -1)
-+ return _fips_mode;
-
- p = getenv("GNUTLS_FORCE_FIPS_MODE");
- if (p) {
- if (p[0] == '1')
-- fips_mode = 1;
-+ _fips_mode = 1;
- else if (p[0] == '2')
-- fips_mode = 2;
-+ _fips_mode = 2;
- else
-- fips_mode = 0;
-- return fips_mode;
-+ _fips_mode = 0;
-+ return _fips_mode;
- }
-
- fd = fopen(FIPS_KERNEL_FILE, "r");
-@@ -76,20 +77,29 @@
-
- if (f1p != 0 && f2p != 0) {
- _gnutls_debug_log("FIPS140-2 mode enabled\n");
-- fips_mode = 1;
-- return fips_mode;
-+ _fips_mode = 1;
-+ return _fips_mode;
- }
-
- if (f2p != 0) {
- /* a funny state where self tests are performed
- * and ignored */
- _gnutls_debug_log("FIPS140-2 ZOMBIE mode enabled\n");
-- fips_mode = 2;
-- return fips_mode;
-+ _fips_mode = 2;
-+ return _fips_mode;
- }
-
-- fips_mode = 0;
-- return fips_mode;
-+ _fips_mode = 0;
-+ return _fips_mode;
-+}
-+
-+/* This _fips_mode == 2 is a strange mode where checks are being
-+ * performed, but its output is ignored. */
-+void _gnutls_fips_mode_reset_zombie(void)
-+{
-+ if (_fips_mode == 2) {
-+ _fips_mode = 0;
-+ }
- }
-
- #define GNUTLS_LIBRARY_NAME "libgnutls.so.28"
-@@ -367,6 +377,9 @@
- goto error;
- }
-
-+ if (_fips_mode == 2)
-+ _fips_mode = 0;
-+
- return 0;
-
- error:
-Only in gnutls-3.3.8/lib: fips.c.orig
-diff -ur gnutls-3.3.8.orig/lib/fips.h gnutls-3.3.8/lib/fips.h
---- gnutls-3.3.8.orig/lib/fips.h 2014-09-04 21:05:54.000000000 +0200
-+++ gnutls-3.3.8/lib/fips.h 2014-11-18 09:46:47.377148445 +0100
-@@ -55,6 +55,7 @@
-
- int _gnutls_fips_perform_self_checks1(void);
- int _gnutls_fips_perform_self_checks2(void);
-+void _gnutls_fips_mode_reset_zombie(void);
-
- #ifdef ENABLE_FIPS140
- unsigned _gnutls_fips_mode_enabled(void);
-diff -ur gnutls-3.3.8.orig/lib/gnutls_global.c gnutls-3.3.8/lib/gnutls_global.c
---- gnutls-3.3.8.orig/lib/gnutls_global.c 2014-09-04 21:05:54.000000000 +0200
-+++ gnutls-3.3.8/lib/gnutls_global.c 2014-11-18 09:46:47.377148445 +0100
-@@ -326,6 +326,7 @@
- goto out;
- }
- }
-+ _gnutls_fips_mode_reset_zombie();
- }
- #endif
- _gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);
-Only in gnutls-3.3.8/lib: gnutls_global.c.orig
diff --git a/SPECS/gnutls.spec b/SPECS/gnutls.spec
index ba542db..2934d88 100644
--- a/SPECS/gnutls.spec
+++ b/SPECS/gnutls.spec
@@ -2,8 +2,8 @@
%bcond_with guile
Summary: A TLS protocol implementation
Name: gnutls
-Version: 3.3.8
-Release: 14%{?dist}
+Version: 3.3.24
+Release: 1%{?dist}
# The libraries are LGPLv2.1+, utilities are GPLv3+
License: GPLv3+ and LGPLv2+
Group: System Environment/Libraries
@@ -16,6 +16,7 @@ BuildRequires: trousers-devel >= 0.3.11.2
BuildRequires: libidn-devel
BuildRequires: gperf
BuildRequires: fipscheck
+BuildRequires: softhsm, net-tools
Requires: p11-kit-trust
# The automatic dependency on libtasn1 and p11-kit is insufficient,
Requires: libtasn1 >= 3.8
@@ -37,29 +38,11 @@ Patch1: gnutls-3.2.7-rpath.patch
Patch2: gnutls-3.1.11-nosrp.patch
Patch3: gnutls-3.3.8-no-libtasn1-check.patch
Patch4: gnutls-3.3.8-fips-key.patch
-Patch5: gnutls-3.3.8-mem-issue.patch
-Patch6: gnutls-3.3.8-testdsa-rndport.patch
-Patch7: gnutls-3.3.8-padlock-disable.patch
-Patch8: gnutls-3.3.8-dh-fips-tests.patch
-Patch9: gnutls-3.3.8-drbg-fips-symbol.patch
-Patch10: gnutls-3.3.8-lcm-fips.patch
-Patch11: gnutls-3.3.8-sha224-fix.patch
-Patch12: gnutls-3.3.8-fips140-rsa.patch
-Patch13: gnutls-3.3.8-fips140-dsa1024.patch
-Patch14: gnutls-3.3.8-handshake-reset.patch
-Patch15: gnutls-3.3.8-handshake-reset2.patch
-Patch16: gnutls-3.3.8-keygen-fix.patch
-Patch17: gnutls-3.3.8-dh-fips-tests2.patch
-Patch18: gnutls-3.3.8-cve-2014-8564.patch
-Patch19: gnutls-3.3.8-zombie-fips.patch
-Patch20: gnutls-3.3.8-urandom-fd.patch
-Patch21: gnutls-3.3.8-fips-rnd-regr.patch
-Patch22: gnutls-3.3.8-urandom-fd-fips.patch
-Patch23: gnutls-3.3.8-rnd-reregister.patch
-Patch24: gnutls-3.3.8-handshake-reset3.patch
-Patch25: gnutls-3.3.8-fips-reseed.patch
-Patch26: gnutls-3.3.8-md5-downgrade.patch
-
+Patch5: gnutls-3.3.8-padlock-disable.patch
+# In 3.3.8 we were shipping an early backport of a fix in GNUTLS_E_APPLICATION_DATA
+# behavior, which was using 3.4.0 semantics. We continue shipping to support
+# any applications depending on that.
+Patch6: gnutls-3.3.22-eapp-data.patch
# Wildcard bundling exception https://fedorahosted.org/fpc/ticket/174
Provides: bundled(gnulib) = 20130424
@@ -163,28 +146,9 @@ This package contains Guile bindings for the library.
%patch2 -p1 -b .nosrp
%patch3 -p1 -b .libtasn1
%patch4 -p1 -b .fips-key
-%patch5 -p1 -b .mem-issue
-%patch6 -p1 -b .testdsa
-%patch7 -p1 -b .padlock-disable
-%patch8 -p1 -b .fips-dh
-%patch9 -p1 -b .fips-drbg
-%patch10 -p1 -b .fips-lcm
-%patch11 -p1 -b .sha224-fix
-%patch12 -p1 -b .fips-rsa-fix
-%patch13 -p1 -b .fips-dsa1024-fix
-%patch14 -p1 -b .handshake-reset
-%patch15 -p1 -b .handshake-reset2
-%patch16 -p1 -b .keygen-fix
-%patch17 -p1 -b .fips-dh2
-%patch18 -p1 -b .cve-2014-8564
-%patch19 -p1 -b .zombie-fips
-%patch20 -p1 -b .init-fd
-%patch21 -p1 -b .fips-regression
-%patch22 -p1 -b .init-fd-fips
-%patch23 -p1 -b .reregister
-%patch24 -p1 -b .handshake-reset3
-%patch25 -p1 -b .fips-reseed
-%patch26 -p1 -b .md5-downgrade
+%patch5 -p1 -b .padlock-disable
+%patch6 -p1 -b .eapp-data
+
sed 's/gnutls_srp.c//g' -i lib/Makefile.in
sed 's/gnutls_srp.lo//g' -i lib/Makefile.in
rm -f lib/minitasn1/*.c lib/minitasn1/*.h
@@ -196,9 +160,11 @@ autoreconf -if
%build
export LDFLAGS="-Wl,--no-add-needed"
-# --with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit"
%configure --with-libtasn1-prefix=%{_prefix} \
+ --with-default-trust-store-pkcs11="pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit" \
--with-included-libcfg \
+ --with-arcfour128 \
+ --with-ssl3 \
--disable-static \
--disable-openssl-compatibility \
--disable-srp-authentication \
@@ -330,8 +296,20 @@ fi
%endif
%changelog
-* Wed Dec 9 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-14
-- Prevent downgrade attack to RSA-MD5 in server key exchange.
+* Tue Jul 12 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.24-1
+- Addressed issue with DSA public keys smaller than 2^1024 (#1238279)
+- Addressed two-byte buffer overflow in the DTLS-0.9 protocol (#1209365)
+- When writing certificates to smart cards write the CKA_ISSUER and
+ CKA_SERIAL_NUMBER fields to allow NSS reading them (#1272179)
+- Use the shared system certificate store (#1110750)
+- Address MD5 transcript collision attacks in TLS key exchange (#1289888,
+ CVE-2015-7575)
+- Allow hashing data over 2^32 bytes (#1306953)
+- Ensure written PKCS#11 public keys are not marked as private (#1339453)
+- Ensure secure_getenv() is called on all uses of environment variables
+ (#1344591).
+- Fix issues related to PKCS #11 private key listing on certain HSMs
+ (#1351389)
* Fri Jun 5 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> 3.3.8-13
- Corrected reseed and respect of max_number_of_bits_per_request in