Update to nettle 3.9.1

Resolves: RHEL-14890 Signed-off-by: Daiki Ueno <dueno@redhat.com>
2023-11-01 12:26:32 +09:00 · 2023-11-01 12:26:32 +09:00 · 7e4a847c42
commit 7e4a847c42
parent 66014d1edd
6 changed files with 22 additions and 72 deletions
--- a/.gitignore
+++ b/.gitignore
@ -20,3 +20,4 @@ nettle-1.15.tar.gz
 /nettle-3.7.3-hobbled.tar.xz
 /nettle-3.8-hobbled.tar.xz
 /gmp-6.2.1.tar.xz
+/nettle-3.9.1-hobbled.tar.xz
--- a/nettle-3.4-annocheck.patch
+++ b/nettle-3.4-annocheck.patch
@ -1,13 +0,0 @@
-Index: nettle-3.7/Makefile.in
-===================================================================
--- nettle-3.7.orig/Makefile.in
-+++ nettle-3.7/Makefile.in
-@@ -291,7 +291,7 @@ libhogweed.a: $(hogweed_OBJS)
- 
- %.$(OBJEXT): %.asm $(srcdir)/m4-utils.m4 $(srcdir)/asm.m4 config.m4 machine.m4
- 	$(M4) $(srcdir)/m4-utils.m4 $(srcdir)/asm.m4 config.m4 machine.m4 $< >$*.s
-	$(COMPILE) -c $*.s
-+	$(COMPILE) -c -Wa,--generate-missing-build-notes=yes $*.s
- 
- %.$(OBJEXT): %.c
- 	$(COMPILE) -c $< \
--- a/nettle-3.7.2-suppress-maybe-uninit.patch
+++ b/nettle-3.7.2-suppress-maybe-uninit.patch
@ -1,40 +0,0 @@
-From 952c2d890902782ee90b6ed273f1d8b4e95dbff1 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno@redhat.com>
-Date: Sun, 21 Mar 2021 11:13:36 +0100
-Subject: [PATCH] nettle-benchmark: suppress -Wmaybe-uninitialized warnings
-
---
- examples/nettle-benchmark.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
-index ca6346e0..518b947d 100644
--- a/examples/nettle-benchmark.c
-+++ b/examples/nettle-benchmark.c
-@@ -392,6 +392,7 @@ time_umac(void)
- 
-   uint8_t key[16];
- 
-+  init_key(sizeof(key), key);
-   umac32_set_key (&ctx32, key);
-   info.ctx = &ctx32;
-   info.update = (nettle_hash_update_func *) umac32_update;
-@@ -434,6 +435,7 @@ time_cmac(void)
- 
-   uint8_t key[16];
- 
-+  init_key(sizeof(key), key);
-   cmac_aes128_set_key (&ctx, key);
-   info.ctx = &ctx;
-   info.update = (nettle_hash_update_func *) cmac_aes128_update;
-@@ -451,6 +453,7 @@ time_poly1305_aes(void)
-   struct poly1305_aes_ctx ctx;
-   uint8_t key[32];
- 
-+  init_key(sizeof(key), key);
-   poly1305_aes_set_key (&ctx, key);
-   info.ctx = &ctx;
-   info.update = (nettle_hash_update_func *) poly1305_aes_update;
-- 
-2.30.2
-
--- a/nettle-3.8-zeroize-stack.patch
+++ b/nettle-3.8-zeroize-stack.patch
@ -1,4 +1,4 @@
-From 894b22e6d851512776bd62e85e749d6950ce16fc Mon Sep 17 00:00:00 2001
+From 24a4cb910a51f35dff89842e8cce27f88e8e78c3 Mon Sep 17 00:00:00 2001
 From: Daiki Ueno <dueno@redhat.com>
 Date: Wed, 24 Aug 2022 17:19:57 +0900
 Subject: [PATCH] Clear any intermediate data allocate on stack
@ -212,10 +212,10 @@ index 892c0742..a7e0c21d 100644
 +  TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size));
 }
 diff --git a/hmac.c b/hmac.c
-index 6ac5e11a..0ac33bed 100644
+index ea356970..6a55551b 100644
 --- a/hmac.c
 +++ b/hmac.c
-@@ -55,6 +55,8 @@ hmac_set_key(void *outer, void *inner, void *state,
+@@ -53,6 +53,8 @@ hmac_set_key(void *outer, void *inner, void *state,
 {
   TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
   TMP_ALLOC(pad, hash->block_size);
@ -224,7 +224,7 @@ index 6ac5e11a..0ac33bed 100644
   
   hash->init(outer);
   hash->init(inner);
-@@ -64,9 +66,6 @@ hmac_set_key(void *outer, void *inner, void *state,
+@@ -62,9 +64,6 @@ hmac_set_key(void *outer, void *inner, void *state,
       /* Reduce key to the algorithm's hash size. Use the area pointed
        * to by state for the temporary state. */
 
@ -234,7 +234,7 @@ index 6ac5e11a..0ac33bed 100644
       hash->init(state);
       hash->update(state, key_length, key);
       hash->digest(state, hash->digest_size, digest);
-@@ -88,6 +87,9 @@ hmac_set_key(void *outer, void *inner, void *state,
+@@ -86,6 +85,9 @@ hmac_set_key(void *outer, void *inner, void *state,
   hash->update(inner, hash->block_size, pad);
 
   memcpy(state, inner, hash->context_size);
@ -244,7 +244,7 @@ index 6ac5e11a..0ac33bed 100644
 }
 
 void
-@@ -114,4 +116,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
+@@ -112,4 +114,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
   hash->digest(state, length, dst);
 
   memcpy(state, inner, hash->context_size);
@ -252,10 +252,10 @@ index 6ac5e11a..0ac33bed 100644
 +  TMP_CLEAR(digest, hash->digest_size);
 }
 diff --git a/nettle-internal.h b/nettle-internal.h
-index ddc483de..9fc55514 100644
+index c41f3ee0..62b89e11 100644
 --- a/nettle-internal.h
 +++ b/nettle-internal.h
-@@ -72,6 +72,11 @@
+@@ -76,6 +76,11 @@
   do { assert((size_t)(size) <= (sizeof(name))); } while (0)
 #endif 
 
@ -264,8 +264,8 @@ index ddc483de..9fc55514 100644
 +#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size)))
 +#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size))
 +
- /* Arbitrary limits which apply to systems that don't have alloca */
- #define NETTLE_MAX_HASH_BLOCK_SIZE 128
+ /* Limits that apply to systems that don't have alloca */
+ #define NETTLE_MAX_HASH_BLOCK_SIZE 144  /* For sha3_224*/
 #define NETTLE_MAX_HASH_DIGEST_SIZE 64
 diff --git a/pbkdf2.c b/pbkdf2.c
 index 291d138a..a8ecba5b 100644
@ -330,5 +330,5 @@ index d28e7b13..8106ebf2 100644
   return ret;
 }
 -- 
-2.37.2
+2.41.0

--- a/nettle.spec
+++ b/nettle.spec
@ -14,8 +14,8 @@
 %bcond_without fips

 Name:           nettle
-Version:        3.8
-Release:        3%{?dist}
+Version:        3.9.1
+Release:        1%{?dist}
 Summary:        A low-level cryptographic library

 License:        LGPLv3+ or GPLv2+
@ -26,7 +26,6 @@ Source0:	%{name}-%{version}-hobbled.tar.xz
 Source1:	%{name}-%{version_old}-hobbled.tar.xz
 Source2:	nettle-3.5-remove-ecc-testsuite.patch
 %endif
-Patch:		nettle-3.4-annocheck.patch
 Patch:		nettle-3.8-zeroize-stack.patch

 Source100:	gmp-6.2.1.tar.xz
@ -87,15 +86,11 @@ patch -p1 < %{SOURCE2}

 # Disable -ggdb3 which makes debugedit unhappy
 sed s/ggdb3/g/ -i configure
-sed 's/ecc-192.c//g' -i Makefile.in
-sed 's/ecc-224.c//g' -i Makefile.in
 popd
 %endif

 # Disable -ggdb3 which makes debugedit unhappy
 sed s/ggdb3/g/ -i configure
-sed 's/ecc-secp192r1.c//g' -i Makefile.in
-sed 's/ecc-secp224r1.c//g' -i Makefile.in

 %build
 %if %{with fips}
@ -108,12 +103,16 @@ popd

 autoreconf -ifv

+export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes"
+
 %configure --enable-shared --enable-fat \
 %if %{with fips}
 --with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \
 %endif
 %{nil}

+unset ASM_FLAGS
+
 %make_build

 %if 0%{?bootstrap}
@ -205,6 +204,9 @@ make check


 %changelog
+* Wed Nov  1 2023 Daiki Ueno <dueno@redhat.com> - 3.9.1-1
+- Update to nettle 3.9.1 (RHEL-14890)
+
 * Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.8-3
 - Rebuild in new side-tag

--- a/2
+++ b/2
@ -1,2 +1,2 @@
-SHA512 (nettle-3.8-hobbled.tar.xz) = a0c24568401212895b69eff046dbc0450fc14f1759ec3b4b62771a3d77192056b9a43c3ee386aeae1fe2d12ce58efc183849af5f9088e4ea7dab278f52572b2f
 SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84
+SHA512 (nettle-3.9.1-hobbled.tar.xz) = 8e79b2c7ec0da17ce7eddb9c10c35d0a7bd0d17f978103499536c276e7824d6b938d877616a9cc808b7f001741d8a1a08f2130a8f21136909c42fb84fb303a6a