From 7e4a847c42da5300f4bac05df9a0fb140e0a2ed2 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 1 Nov 2023 12:26:32 +0900
Subject: [PATCH] Update to nettle 3.9.1

Resolves: RHEL-14890
Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 .gitignore                               |  1 +
 nettle-3.4-annocheck.patch               | 13 --------
 nettle-3.7.2-suppress-maybe-uninit.patch | 40 ------------------------
 nettle-3.8-zeroize-stack.patch           | 22 ++++++-------
 nettle.spec                              | 16 +++++-----
 sources                                  |  2 +-
 6 files changed, 22 insertions(+), 72 deletions(-)
 delete mode 100644 nettle-3.4-annocheck.patch
 delete mode 100644 nettle-3.7.2-suppress-maybe-uninit.patch

diff --git a/.gitignore b/.gitignore
index 022199c..2b7f439 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@ nettle-1.15.tar.gz
 /nettle-3.7.3-hobbled.tar.xz
 /nettle-3.8-hobbled.tar.xz
 /gmp-6.2.1.tar.xz
+/nettle-3.9.1-hobbled.tar.xz
diff --git a/nettle-3.4-annocheck.patch b/nettle-3.4-annocheck.patch
deleted file mode 100644
index b1262a5..0000000
--- a/nettle-3.4-annocheck.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: nettle-3.7/Makefile.in
-===================================================================
---- nettle-3.7.orig/Makefile.in
-+++ nettle-3.7/Makefile.in
-@@ -291,7 +291,7 @@ libhogweed.a: $(hogweed_OBJS)
- 
- %.$(OBJEXT): %.asm $(srcdir)/m4-utils.m4 $(srcdir)/asm.m4 config.m4 machine.m4
- 	$(M4) $(srcdir)/m4-utils.m4 $(srcdir)/asm.m4 config.m4 machine.m4 $< >$*.s
--	$(COMPILE) -c $*.s
-+	$(COMPILE) -c -Wa,--generate-missing-build-notes=yes $*.s
- 
- %.$(OBJEXT): %.c
- 	$(COMPILE) -c $< \
diff --git a/nettle-3.7.2-suppress-maybe-uninit.patch b/nettle-3.7.2-suppress-maybe-uninit.patch
deleted file mode 100644
index f7295ea..0000000
--- a/nettle-3.7.2-suppress-maybe-uninit.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 952c2d890902782ee90b6ed273f1d8b4e95dbff1 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno@redhat.com>
-Date: Sun, 21 Mar 2021 11:13:36 +0100
-Subject: [PATCH] nettle-benchmark: suppress -Wmaybe-uninitialized warnings
-
----
- examples/nettle-benchmark.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
-index ca6346e0..518b947d 100644
---- a/examples/nettle-benchmark.c
-+++ b/examples/nettle-benchmark.c
-@@ -392,6 +392,7 @@ time_umac(void)
- 
-   uint8_t key[16];
- 
-+  init_key(sizeof(key), key);
-   umac32_set_key (&ctx32, key);
-   info.ctx = &ctx32;
-   info.update = (nettle_hash_update_func *) umac32_update;
-@@ -434,6 +435,7 @@ time_cmac(void)
- 
-   uint8_t key[16];
- 
-+  init_key(sizeof(key), key);
-   cmac_aes128_set_key (&ctx, key);
-   info.ctx = &ctx;
-   info.update = (nettle_hash_update_func *) cmac_aes128_update;
-@@ -451,6 +453,7 @@ time_poly1305_aes(void)
-   struct poly1305_aes_ctx ctx;
-   uint8_t key[32];
- 
-+  init_key(sizeof(key), key);
-   poly1305_aes_set_key (&ctx, key);
-   info.ctx = &ctx;
-   info.update = (nettle_hash_update_func *) poly1305_aes_update;
--- 
-2.30.2
-
diff --git a/nettle-3.8-zeroize-stack.patch b/nettle-3.8-zeroize-stack.patch
index 0f96571..f93a248 100644
--- a/nettle-3.8-zeroize-stack.patch
+++ b/nettle-3.8-zeroize-stack.patch
@@ -1,4 +1,4 @@
-From 894b22e6d851512776bd62e85e749d6950ce16fc Mon Sep 17 00:00:00 2001
+From 24a4cb910a51f35dff89842e8cce27f88e8e78c3 Mon Sep 17 00:00:00 2001
 From: Daiki Ueno <dueno@redhat.com>
 Date: Wed, 24 Aug 2022 17:19:57 +0900
 Subject: [PATCH] Clear any intermediate data allocate on stack
@@ -212,10 +212,10 @@ index 892c0742..a7e0c21d 100644
 +  TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size));
  }
 diff --git a/hmac.c b/hmac.c
-index 6ac5e11a..0ac33bed 100644
+index ea356970..6a55551b 100644
 --- a/hmac.c
 +++ b/hmac.c
-@@ -55,6 +55,8 @@ hmac_set_key(void *outer, void *inner, void *state,
+@@ -53,6 +53,8 @@ hmac_set_key(void *outer, void *inner, void *state,
  {
    TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
    TMP_ALLOC(pad, hash->block_size);
@@ -224,7 +224,7 @@ index 6ac5e11a..0ac33bed 100644
    
    hash->init(outer);
    hash->init(inner);
-@@ -64,9 +66,6 @@ hmac_set_key(void *outer, void *inner, void *state,
+@@ -62,9 +64,6 @@ hmac_set_key(void *outer, void *inner, void *state,
        /* Reduce key to the algorithm's hash size. Use the area pointed
         * to by state for the temporary state. */
  
@@ -234,7 +234,7 @@ index 6ac5e11a..0ac33bed 100644
        hash->init(state);
        hash->update(state, key_length, key);
        hash->digest(state, hash->digest_size, digest);
-@@ -88,6 +87,9 @@ hmac_set_key(void *outer, void *inner, void *state,
+@@ -86,6 +85,9 @@ hmac_set_key(void *outer, void *inner, void *state,
    hash->update(inner, hash->block_size, pad);
  
    memcpy(state, inner, hash->context_size);
@@ -244,7 +244,7 @@ index 6ac5e11a..0ac33bed 100644
  }
  
  void
-@@ -114,4 +116,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
+@@ -112,4 +114,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
    hash->digest(state, length, dst);
  
    memcpy(state, inner, hash->context_size);
@@ -252,10 +252,10 @@ index 6ac5e11a..0ac33bed 100644
 +  TMP_CLEAR(digest, hash->digest_size);
  }
 diff --git a/nettle-internal.h b/nettle-internal.h
-index ddc483de..9fc55514 100644
+index c41f3ee0..62b89e11 100644
 --- a/nettle-internal.h
 +++ b/nettle-internal.h
-@@ -72,6 +72,11 @@
+@@ -76,6 +76,11 @@
    do { assert((size_t)(size) <= (sizeof(name))); } while (0)
  #endif 
  
@@ -264,8 +264,8 @@ index ddc483de..9fc55514 100644
 +#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size)))
 +#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size))
 +
- /* Arbitrary limits which apply to systems that don't have alloca */
- #define NETTLE_MAX_HASH_BLOCK_SIZE 128
+ /* Limits that apply to systems that don't have alloca */
+ #define NETTLE_MAX_HASH_BLOCK_SIZE 144  /* For sha3_224*/
  #define NETTLE_MAX_HASH_DIGEST_SIZE 64
 diff --git a/pbkdf2.c b/pbkdf2.c
 index 291d138a..a8ecba5b 100644
@@ -330,5 +330,5 @@ index d28e7b13..8106ebf2 100644
    return ret;
  }
 -- 
-2.37.2
+2.41.0
 
diff --git a/nettle.spec b/nettle.spec
index 1553b78..c8d5cd7 100644
--- a/nettle.spec
+++ b/nettle.spec
@@ -14,8 +14,8 @@
 %bcond_without fips
 
 Name:           nettle
-Version:        3.8
-Release:        3%{?dist}
+Version:        3.9.1
+Release:        1%{?dist}
 Summary:        A low-level cryptographic library
 
 License:        LGPLv3+ or GPLv2+
@@ -26,7 +26,6 @@ Source0:	%{name}-%{version}-hobbled.tar.xz
 Source1:	%{name}-%{version_old}-hobbled.tar.xz
 Source2:	nettle-3.5-remove-ecc-testsuite.patch
 %endif
-Patch:		nettle-3.4-annocheck.patch
 Patch:		nettle-3.8-zeroize-stack.patch
 
 Source100:	gmp-6.2.1.tar.xz
@@ -87,15 +86,11 @@ patch -p1 < %{SOURCE2}
 
 # Disable -ggdb3 which makes debugedit unhappy
 sed s/ggdb3/g/ -i configure
-sed 's/ecc-192.c//g' -i Makefile.in
-sed 's/ecc-224.c//g' -i Makefile.in
 popd
 %endif
 
 # Disable -ggdb3 which makes debugedit unhappy
 sed s/ggdb3/g/ -i configure
-sed 's/ecc-secp192r1.c//g' -i Makefile.in
-sed 's/ecc-secp224r1.c//g' -i Makefile.in
 
 %build
 %if %{with fips}
@@ -108,12 +103,16 @@ popd
 
 autoreconf -ifv
 
+export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes"
+
 %configure --enable-shared --enable-fat \
 %if %{with fips}
 --with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \
 %endif
 %{nil}
 
+unset ASM_FLAGS
+
 %make_build
 
 %if 0%{?bootstrap}
@@ -205,6 +204,9 @@ make check
 
 
 %changelog
+* Wed Nov  1 2023 Daiki Ueno <dueno@redhat.com> - 3.9.1-1
+- Update to nettle 3.9.1 (RHEL-14890)
+
 * Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.8-3
 - Rebuild in new side-tag
 
diff --git a/sources b/sources
index 3b90044..d07dc4a 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (nettle-3.8-hobbled.tar.xz) = a0c24568401212895b69eff046dbc0450fc14f1759ec3b4b62771a3d77192056b9a43c3ee386aeae1fe2d12ce58efc183849af5f9088e4ea7dab278f52572b2f
 SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84
+SHA512 (nettle-3.9.1-hobbled.tar.xz) = 8e79b2c7ec0da17ce7eddb9c10c35d0a7bd0d17f978103499536c276e7824d6b938d877616a9cc808b7f001741d8a1a08f2130a8f21136909c42fb84fb303a6a