From 7e4a847c42da5300f4bac05df9a0fb140e0a2ed2 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 1 Nov 2023 12:26:32 +0900 Subject: [PATCH] Update to nettle 3.9.1 Resolves: RHEL-14890 Signed-off-by: Daiki Ueno --- .gitignore | 1 + nettle-3.4-annocheck.patch | 13 -------- nettle-3.7.2-suppress-maybe-uninit.patch | 40 ------------------------ nettle-3.8-zeroize-stack.patch | 22 ++++++------- nettle.spec | 16 +++++----- sources | 2 +- 6 files changed, 22 insertions(+), 72 deletions(-) delete mode 100644 nettle-3.4-annocheck.patch delete mode 100644 nettle-3.7.2-suppress-maybe-uninit.patch diff --git a/.gitignore b/.gitignore index 022199c..2b7f439 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ nettle-1.15.tar.gz /nettle-3.7.3-hobbled.tar.xz /nettle-3.8-hobbled.tar.xz /gmp-6.2.1.tar.xz +/nettle-3.9.1-hobbled.tar.xz diff --git a/nettle-3.4-annocheck.patch b/nettle-3.4-annocheck.patch deleted file mode 100644 index b1262a5..0000000 --- a/nettle-3.4-annocheck.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: nettle-3.7/Makefile.in -=================================================================== ---- nettle-3.7.orig/Makefile.in -+++ nettle-3.7/Makefile.in -@@ -291,7 +291,7 @@ libhogweed.a: $(hogweed_OBJS) - - %.$(OBJEXT): %.asm $(srcdir)/m4-utils.m4 $(srcdir)/asm.m4 config.m4 machine.m4 - $(M4) $(srcdir)/m4-utils.m4 $(srcdir)/asm.m4 config.m4 machine.m4 $< >$*.s -- $(COMPILE) -c $*.s -+ $(COMPILE) -c -Wa,--generate-missing-build-notes=yes $*.s - - %.$(OBJEXT): %.c - $(COMPILE) -c $< \ diff --git a/nettle-3.7.2-suppress-maybe-uninit.patch b/nettle-3.7.2-suppress-maybe-uninit.patch deleted file mode 100644 index f7295ea..0000000 --- a/nettle-3.7.2-suppress-maybe-uninit.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 952c2d890902782ee90b6ed273f1d8b4e95dbff1 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Sun, 21 Mar 2021 11:13:36 +0100 -Subject: [PATCH] nettle-benchmark: suppress -Wmaybe-uninitialized warnings - ---- - examples/nettle-benchmark.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c -index ca6346e0..518b947d 100644 ---- a/examples/nettle-benchmark.c -+++ b/examples/nettle-benchmark.c -@@ -392,6 +392,7 @@ time_umac(void) - - uint8_t key[16]; - -+ init_key(sizeof(key), key); - umac32_set_key (&ctx32, key); - info.ctx = &ctx32; - info.update = (nettle_hash_update_func *) umac32_update; -@@ -434,6 +435,7 @@ time_cmac(void) - - uint8_t key[16]; - -+ init_key(sizeof(key), key); - cmac_aes128_set_key (&ctx, key); - info.ctx = &ctx; - info.update = (nettle_hash_update_func *) cmac_aes128_update; -@@ -451,6 +453,7 @@ time_poly1305_aes(void) - struct poly1305_aes_ctx ctx; - uint8_t key[32]; - -+ init_key(sizeof(key), key); - poly1305_aes_set_key (&ctx, key); - info.ctx = &ctx; - info.update = (nettle_hash_update_func *) poly1305_aes_update; --- -2.30.2 - diff --git a/nettle-3.8-zeroize-stack.patch b/nettle-3.8-zeroize-stack.patch index 0f96571..f93a248 100644 --- a/nettle-3.8-zeroize-stack.patch +++ b/nettle-3.8-zeroize-stack.patch @@ -1,4 +1,4 @@ -From 894b22e6d851512776bd62e85e749d6950ce16fc Mon Sep 17 00:00:00 2001 +From 24a4cb910a51f35dff89842e8cce27f88e8e78c3 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Wed, 24 Aug 2022 17:19:57 +0900 Subject: [PATCH] Clear any intermediate data allocate on stack @@ -212,10 +212,10 @@ index 892c0742..a7e0c21d 100644 + TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size)); } diff --git a/hmac.c b/hmac.c -index 6ac5e11a..0ac33bed 100644 +index ea356970..6a55551b 100644 --- a/hmac.c +++ b/hmac.c -@@ -55,6 +55,8 @@ hmac_set_key(void *outer, void *inner, void *state, +@@ -53,6 +53,8 @@ hmac_set_key(void *outer, void *inner, void *state, { TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE); TMP_ALLOC(pad, hash->block_size); @@ -224,7 +224,7 @@ index 6ac5e11a..0ac33bed 100644 hash->init(outer); hash->init(inner); -@@ -64,9 +66,6 @@ hmac_set_key(void *outer, void *inner, void *state, +@@ -62,9 +64,6 @@ hmac_set_key(void *outer, void *inner, void *state, /* Reduce key to the algorithm's hash size. Use the area pointed * to by state for the temporary state. */ @@ -234,7 +234,7 @@ index 6ac5e11a..0ac33bed 100644 hash->init(state); hash->update(state, key_length, key); hash->digest(state, hash->digest_size, digest); -@@ -88,6 +87,9 @@ hmac_set_key(void *outer, void *inner, void *state, +@@ -86,6 +85,9 @@ hmac_set_key(void *outer, void *inner, void *state, hash->update(inner, hash->block_size, pad); memcpy(state, inner, hash->context_size); @@ -244,7 +244,7 @@ index 6ac5e11a..0ac33bed 100644 } void -@@ -114,4 +116,6 @@ hmac_digest(const void *outer, const void *inner, void *state, +@@ -112,4 +114,6 @@ hmac_digest(const void *outer, const void *inner, void *state, hash->digest(state, length, dst); memcpy(state, inner, hash->context_size); @@ -252,10 +252,10 @@ index 6ac5e11a..0ac33bed 100644 + TMP_CLEAR(digest, hash->digest_size); } diff --git a/nettle-internal.h b/nettle-internal.h -index ddc483de..9fc55514 100644 +index c41f3ee0..62b89e11 100644 --- a/nettle-internal.h +++ b/nettle-internal.h -@@ -72,6 +72,11 @@ +@@ -76,6 +76,11 @@ do { assert((size_t)(size) <= (sizeof(name))); } while (0) #endif @@ -264,8 +264,8 @@ index ddc483de..9fc55514 100644 +#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size))) +#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size)) + - /* Arbitrary limits which apply to systems that don't have alloca */ - #define NETTLE_MAX_HASH_BLOCK_SIZE 128 + /* Limits that apply to systems that don't have alloca */ + #define NETTLE_MAX_HASH_BLOCK_SIZE 144 /* For sha3_224*/ #define NETTLE_MAX_HASH_DIGEST_SIZE 64 diff --git a/pbkdf2.c b/pbkdf2.c index 291d138a..a8ecba5b 100644 @@ -330,5 +330,5 @@ index d28e7b13..8106ebf2 100644 return ret; } -- -2.37.2 +2.41.0 diff --git a/nettle.spec b/nettle.spec index 1553b78..c8d5cd7 100644 --- a/nettle.spec +++ b/nettle.spec @@ -14,8 +14,8 @@ %bcond_without fips Name: nettle -Version: 3.8 -Release: 3%{?dist} +Version: 3.9.1 +Release: 1%{?dist} Summary: A low-level cryptographic library License: LGPLv3+ or GPLv2+ @@ -26,7 +26,6 @@ Source0: %{name}-%{version}-hobbled.tar.xz Source1: %{name}-%{version_old}-hobbled.tar.xz Source2: nettle-3.5-remove-ecc-testsuite.patch %endif -Patch: nettle-3.4-annocheck.patch Patch: nettle-3.8-zeroize-stack.patch Source100: gmp-6.2.1.tar.xz @@ -87,15 +86,11 @@ patch -p1 < %{SOURCE2} # Disable -ggdb3 which makes debugedit unhappy sed s/ggdb3/g/ -i configure -sed 's/ecc-192.c//g' -i Makefile.in -sed 's/ecc-224.c//g' -i Makefile.in popd %endif # Disable -ggdb3 which makes debugedit unhappy sed s/ggdb3/g/ -i configure -sed 's/ecc-secp192r1.c//g' -i Makefile.in -sed 's/ecc-secp224r1.c//g' -i Makefile.in %build %if %{with fips} @@ -108,12 +103,16 @@ popd autoreconf -ifv +export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes" + %configure --enable-shared --enable-fat \ %if %{with fips} --with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \ %endif %{nil} +unset ASM_FLAGS + %make_build %if 0%{?bootstrap} @@ -205,6 +204,9 @@ make check %changelog +* Wed Nov 1 2023 Daiki Ueno - 3.9.1-1 +- Update to nettle 3.9.1 (RHEL-14890) + * Thu Aug 25 2022 Daiki Ueno - 3.8-3 - Rebuild in new side-tag diff --git a/sources b/sources index 3b90044..d07dc4a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (nettle-3.8-hobbled.tar.xz) = a0c24568401212895b69eff046dbc0450fc14f1759ec3b4b62771a3d77192056b9a43c3ee386aeae1fe2d12ce58efc183849af5f9088e4ea7dab278f52572b2f SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84 +SHA512 (nettle-3.9.1-hobbled.tar.xz) = 8e79b2c7ec0da17ce7eddb9c10c35d0a7bd0d17f978103499536c276e7824d6b938d877616a9cc808b7f001741d8a1a08f2130a8f21136909c42fb84fb303a6a