[m2crypto] Use only ECC curves supported in Fedora in the test suite
Miloslav Trmac
mitr at fedoraproject.org
Wed Dec 18 02:15:11 UTC 2013
commit 88de6f608d70c0e3ab31955ad73b5a608e883ff0
Author: Miloslav Trmač <mitr at redhat.com>
Date: Wed Dec 18 02:49:42 2013 +0100
Use only ECC curves supported in Fedora in the test suite
m2crypto-0.21.1-supported-ec.patch | 162 ++++++++++++++++++++++++++++++++++++
m2crypto.spec | 7 ++
2 files changed, 169 insertions(+), 0 deletions(-)
---
diff --git a/m2crypto-0.21.1-supported-ec.patch b/m2crypto-0.21.1-supported-ec.patch
new file mode 100644
index 0000000..8bff224
--- /dev/null
+++ b/m2crypto-0.21.1-supported-ec.patch
@@ -0,0 +1,162 @@
+Modify the test suite to only use the EC curves supported by Fedora's
+OpenSSL (and when having a choice, use the p256 curve).
+
+diff -ur M2Crypto/tests/ec.priv.pem M2Crypto-0.21.1/tests/ec.priv.pem
+--- M2Crypto/tests/ec.priv.pem 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/ec.priv.pem 2013-12-17 04:02:00.602961297 +0100
+@@ -1,5 +1,5 @@
+ -----BEGIN EC PRIVATE KEY-----
+-MG0CAQEEHXXhxMbflWHSfCjfxsqHTsIR+BVbREI6JFYGaUs0oAcGBSuBBAAaoUAD
+-PgAEAdJXSN/xnRiDqc4wSiYbWB7LGabs71Y9zzIE1ZbzAcvb7uxtoyUxrmRQC8xD
+-EO2qZX16mtpmgoNz3EeT
++MHcCAQEEIAdDwKEoKa3qnuvofjRFJgNul5Ldzy1EmoArNuY3jmKUoAoGCCqGSM49
++AwEHoUQDQgAEA2q6LZM77EldCKF9mBszDIVJVxepXJt6QpjEDtsmetYsNB2e4D1z
++QOjQGGwz+8NeOSkDqhE+1rNAaCjx93CeRg==
+ -----END EC PRIVATE KEY-----
+diff -ur M2Crypto/tests/ec.pub.pem M2Crypto-0.21.1/tests/ec.pub.pem
+--- M2Crypto/tests/ec.pub.pem 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/ec.pub.pem 2013-12-17 04:01:53.627964282 +0100
+@@ -1,4 +1,4 @@
+ -----BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAdJXSN/xnRiDqc4wSiYbWB7LGabs71Y9
+-zzIE1ZbzAcvb7uxtoyUxrmRQC8xDEO2qZX16mtpmgoNz3EeT
++MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEA2q6LZM77EldCKF9mBszDIVJVxep
++XJt6QpjEDtsmetYsNB2e4D1zQOjQGGwz+8NeOSkDqhE+1rNAaCjx93CeRg==
+ -----END PUBLIC KEY-----
+diff -ur M2Crypto/tests/test_ec_curves.py M2Crypto-0.21.1/tests/test_ec_curves.py
+--- M2Crypto/tests/test_ec_curves.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/test_ec_curves.py 2013-12-17 03:54:58.321142332 +0100
+@@ -25,75 +25,8 @@
+
+
+ curves = [
+- ('secp112r1', 112),
+- ('secp112r2', 112),
+- ('secp128r1', 128),
+- ('secp128r2', 128),
+- ('secp160k1', 160),
+- ('secp160r1', 160),
+- ('secp160r2', 160),
+- ('secp192k1', 192),
+- ('secp224k1', 224),
+- ('secp224r1', 224),
+- ('secp256k1', 256),
+- ('secp384r1', 384),
+- ('secp521r1', 521),
+-
+- ('sect113r1', 113),
+- ('sect113r2', 113),
+- ('sect131r1', 131),
+- ('sect131r2', 131),
+- ('sect163k1', 163),
+- ('sect163r1', 163),
+- ('sect163r2', 163),
+- ('sect193r1', 193),
+- ('sect193r2', 193),
+- ('sect233k1', 233),
+- ('sect233r1', 233),
+- ('sect239k1', 239),
+- ('sect283k1', 283),
+- ('sect283r1', 283),
+- ('sect409k1', 409),
+- ('sect409r1', 409),
+- ('sect571k1', 571),
+- ('sect571r1', 571),
+-
+- ('X9_62_prime192v1', 192),
+- ('X9_62_prime192v2', 192),
+- ('X9_62_prime192v3', 192),
+- ('X9_62_prime239v1', 239),
+- ('X9_62_prime239v2', 239),
+- ('X9_62_prime239v3', 239),
+ ('X9_62_prime256v1', 256),
+-
+- ('X9_62_c2pnb163v1', 163),
+- ('X9_62_c2pnb163v2', 163),
+- ('X9_62_c2pnb163v3', 163),
+- ('X9_62_c2pnb176v1', 176),
+- ('X9_62_c2tnb191v1', 191),
+- ('X9_62_c2tnb191v2', 191),
+- ('X9_62_c2tnb191v3', 191),
+- ('X9_62_c2pnb208w1', 208),
+- ('X9_62_c2tnb239v1', 239),
+- ('X9_62_c2tnb239v2', 239),
+- ('X9_62_c2tnb239v3', 239),
+- ('X9_62_c2pnb272w1', 272),
+- ('X9_62_c2pnb304w1', 304),
+- ('X9_62_c2tnb359v1', 359),
+- ('X9_62_c2pnb368w1', 368),
+- ('X9_62_c2tnb431r1', 431),
+-
+- ('wap_wsg_idm_ecid_wtls1', 113),
+- ('wap_wsg_idm_ecid_wtls3', 163),
+- ('wap_wsg_idm_ecid_wtls4', 113),
+- ('wap_wsg_idm_ecid_wtls5', 163),
+- ('wap_wsg_idm_ecid_wtls6', 112),
+- ('wap_wsg_idm_ecid_wtls7', 160),
+- ('wap_wsg_idm_ecid_wtls8', 112),
+- ('wap_wsg_idm_ecid_wtls9', 160),
+- ('wap_wsg_idm_ecid_wtls10', 233),
+- ('wap_wsg_idm_ecid_wtls11', 233),
+- ('wap_wsg_idm_ecid_wtls12', 224),
++ ('secp384r1', 384),
+ ]
+
+ # The following two curves, according to OpenSSL, have a
+diff -ur M2Crypto/tests/test_ecdh.py M2Crypto-0.21.1/tests/test_ecdh.py
+--- M2Crypto/tests/test_ecdh.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/test_ecdh.py 2013-12-17 04:02:25.980950434 +0100
+@@ -20,16 +20,16 @@
+
+ def test_compute_key(self):
+ a = EC.load_key(self.privkey)
+- b = EC.gen_params(EC.NID_sect233k1)
++ b = EC.gen_params(EC.NID_X9_62_prime256v1)
+ b.gen_key()
+ ak = a.compute_dh_key(b.pub())
+ bk = b.compute_dh_key(a.pub())
+ assert ak == bk
+
+ def test_pubkey_from_der(self):
+- a = EC.gen_params(EC.NID_sect233k1)
++ a = EC.gen_params(EC.NID_X9_62_prime256v1)
+ a.gen_key()
+- b = EC.gen_params(EC.NID_sect233k1)
++ b = EC.gen_params(EC.NID_X9_62_prime256v1)
+ b.gen_key()
+ a_pub_der = a.pub().get_der()
+ a_pub = EC.pub_key_from_der(a_pub_der)
+diff -ur M2Crypto/tests/test_ecdsa.py M2Crypto-0.21.1/tests/test_ecdsa.py
+--- M2Crypto/tests/test_ecdsa.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/test_ecdsa.py 2013-12-17 04:02:46.709941569 +0100
+@@ -29,16 +29,16 @@
+
+ def test_loadkey(self):
+ ec = EC.load_key(self.privkey)
+- assert len(ec) == 233
++ assert len(ec) == 256
+
+ def test_loadpubkey(self):
+ # XXX more work needed
+ ec = EC.load_pub_key(self.pubkey)
+- assert len(ec) == 233
++ assert len(ec) == 256
+ self.assertRaises(EC.ECError, EC.load_pub_key, self.errkey)
+
+ def _test_sign_dsa(self):
+- ec = EC.gen_params(EC.NID_sect233k1)
++ ec = EC.gen_params(EC.NID_X9_62_prime256v1)
+ # ec.gen_key()
+ self.assertRaises(EC.ECError, ec.sign_dsa, self.data)
+ ec = EC.load_key(self.privkey)
+@@ -60,8 +60,8 @@
+ assert not ec2.verify_dsa(self.data, s, r)
+
+ def test_genparam(self):
+- ec = EC.gen_params(EC.NID_sect233k1)
+- assert len(ec) == 233
++ ec = EC.gen_params(EC.NID_X9_62_prime256v1)
++ assert len(ec) == 256
+
+
+ def suite():
diff --git a/m2crypto.spec b/m2crypto.spec
index 56635db..cabae79 100644
--- a/m2crypto.spec
+++ b/m2crypto.spec
@@ -34,6 +34,8 @@ Patch10: m2crypto-0.21.1-ssl23.patch
Patch11: m2crypto-0.21.1-SSL_CTX_new.patch
# https://bugzilla.osafoundation.org/show_bug.cgi?id=13073
Patch12: m2crypto-0.21.1-sni.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13100
+Patch13: m2crypto-0.21.1-supported-ec.patch
License: MIT
Group: System Environment/Libraries
URL: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto
@@ -62,6 +64,7 @@ openssl x509 -in tests/x509.pem -out tests/x509.der -outform DER
%patch10 -p0 -b .ssl23
%patch11 -p1 -b .SSL_CTX_new
%patch12 -p1 -b .sni
+%patch13 -p1 -b .supported-ec
# Red Hat opensslconf.h #includes an architecture-specific file, but SWIG
# doesn't follow the #include.
@@ -123,6 +126,10 @@ rm tests/*.{pem,py}.* # Patch backup files
%{python_sitearch}/M2Crypto-*.egg-info
%changelog
+* Wed Dec 18 2013 Miloslav Trmač <mitr at redhat.com> - 0.21.1-13
+- Use only ECC curves available in Fedora in the test suite
+ Related: #904996
+
* Tue Dec 17 2013 Miloslav Trmač <mitr at redhat.com> - 0.21.1-13
- Add minimal SNI support, based on a patch by Sander Steffann
<sander at steffann.nl>
More information about the scm-commits
mailing list