Rebuild in new side-tag

Related: #1992457
Signed-off-by: Daiki Ueno <dueno@redhat.com>

.gitignore

@@ -15,3 +15,8 @@ nettle-1.15.tar.gz
 /nettle-3.4.1rc1-hobbled.tar.xz
 /nettle-3.6-hobbled.tar.xz
 /nettle-3.7-hobbled.tar.xz
+/nettle-3.7.1-hobbled.tar.xz
+/nettle-3.7.2-hobbled.tar.xz
+/nettle-3.7.3-hobbled.tar.xz
+/nettle-3.8-hobbled.tar.xz
+/gmp-6.2.1.tar.xz

.nettle.metadata

@@ -0,0 +1 @@
+c809f048a71b322453c18e30986a18e600306d77 nettle-3.8-hobbled.tar.xz

gating.yaml

@@ -0,0 +1,9 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
+  - !PassingTestCaseRule {test_case_name: manual.sst_security_crypto.gnutls.streamspreadprevent}
+

gmp-6.2.1-zeroize-allocator.patch

@@ -0,0 +1,53 @@
+diff -r e3123b88d012 memory.c
+--- a/memory.c	Tue Aug 16 22:02:45 2022 +0200
++++ b/memory.c	Fri Aug 19 06:25:37 2022 +0900
+@@ -29,7 +29,8 @@
+ see https://www.gnu.org/licenses/.  */
+ 
+ #include <stdio.h>
+-#include <stdlib.h> /* for malloc, realloc, free */
++#include <stdlib.h> /* for malloc, free */
++#include <string.h> /* for memcpy, explicit_bzero */
+ 
+ #include "gmp-impl.h"
+ 
+@@ -98,11 +99,28 @@
+   new_size += 2 * GMP_LIMB_BYTES;
+ #endif
+ 
+-  ret = realloc (oldptr, new_size);
+-  if (ret == 0)
++  if (new_size == 0)
++    {
++      explicit_bzero (oldptr, old_size);
++      free (oldptr);
++      return NULL;
++    }
++  else if (old_size == new_size)
++    return oldptr;
++  else
+     {
+-      fprintf (stderr, "GNU MP: Cannot reallocate memory (old_size=%lu new_size=%lu)\n", (long) old_size, (long) new_size);
+-      abort ();
++      /* We can't simply call realloc, as it may allocate memory from
++	 a different arena.  */
++      ret = malloc (new_size);
++      if (ret == NULL)
++	{
++	  fprintf (stderr, "GNU MP: Cannot reallocate memory (old_size=%lu new_size=%lu)\n", (long) old_size, (long) new_size);
++	  explicit_bzero(oldptr, old_size);
++	  abort();
++	}
++      memcpy (ret, oldptr, MIN(old_size, new_size));
++      explicit_bzero (oldptr, old_size);
++      free (oldptr);
+     }
+ 
+ #ifdef DEBUG
+@@ -141,5 +159,6 @@
+     blk_ptr = p - 1;
+   }
+ #endif
++  explicit_bzero (blk_ptr, blk_size);
+   free (blk_ptr);
+ }

hobble-nettle

@@ -8,20 +8,36 @@ else
 fi
 
 # ECC-192, 224
-for f in ecc-192.c ecc-224.c; do
+for f in ecc-secp192r1.c ecc-secp224r1.c; do
     eval "$CMD $f"
 done
 
 patch -p1 << __EOF__
+From b519b23a141752043c9cc9182048c26d80d22af2 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Sun, 21 Mar 2021 11:09:51 +0100
+Subject: [PATCH] Remove secp192r1 and secp224r1 support
+
+---
+ eccdata.c                     | 67 +----------------------------------
+ examples/ecc-benchmark.c      |  2 --
+ examples/hogweed-benchmark.c  | 17 ---------
+ testsuite/ecdh-test.c         | 40 ---------------------
+ testsuite/ecdsa-sign-test.c   | 47 ------------------------
+ testsuite/ecdsa-verify-test.c | 28 ---------------
+ testsuite/testutils.c         | 20 -----------
+ 7 files changed, 1 insertion(+), 220 deletions(-)
+
 diff --git a/eccdata.c b/eccdata.c
-index 9533d78..2f0e4e7 100644
+index 1b4cb0b5..dc2be5f9 100644
 --- a/eccdata.c
 +++ b/eccdata.c
-@@ -349,71 +349,6 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
+@@ -434,72 +434,7 @@ ecc_curve_init_str (struct ecc_curve *ecc, enum ecc_type type,
+ static void
+ ecc_curve_init (struct ecc_curve *ecc, const char *curve)
  {
-   switch (bit_size)
-     {
--    case 192:      
+-  if (!strcmp (curve, "secp192r1"))
+-    {
 -      ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
 -			  /* p = 2^{192} - 2^{64} - 1 */
 -			  "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
@@ -37,8 +53,7 @@ index 9533d78..2f0e4e7 100644
 -			  "f4ff0afd82ff1012",
 -
 -			  "07192b95ffc8da78631011ed6b24cdd5"
--			  "73f977a11e794811",
--			  NULL, NULL);
+-			  "73f977a11e794811");
 -      ecc->ref = ecc_alloc (3);
 -      ecc_set_str (&ecc->ref[0], /* 2 g */
 -		   "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
@@ -52,8 +67,9 @@ index 9533d78..2f0e4e7 100644
 -		   "35433907297cc378b0015703374729d7a4fe46647084e4ba",
 -		   "a2649984f2135c301ea3acb0776cd4f125389b311db3be32");
 -
--      break;
--    case 224:
+-    }
+-  else if (!strcmp (curve, "secp224r1"))
+-    {
 -      ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
 -			  /* p = 2^{224} - 2^{96} + 1 */
 -			  "ffffffffffffffffffffffffffffffff"
@@ -69,8 +85,7 @@ index 9533d78..2f0e4e7 100644
 -			  "56c21122343280d6115c1d21",
 -
 -			  "bd376388b5f723fb4c22dfe6cd4375a0"
--			  "5a07476444d5819985007e34",
--			  NULL, NULL);
+-			  "5a07476444d5819985007e34");
 -
 -      ecc->ref = ecc_alloc (3);
 -      ecc_set_str (&ecc->ref[0], /* 2 g */
@@ -85,8 +100,240 @@ index 9533d78..2f0e4e7 100644
 -		   "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
 -		   "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9");
 -
--      break;
-     case 256:
+-    }
+-  else if (!strcmp (curve, "secp256r1"))
++  if (!strcmp (curve, "secp256r1"))
+     {
        ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
  			  /* p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 */
+diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c
+index 3ab269c7..402744a0 100644
+--- a/examples/ecc-benchmark.c
++++ b/examples/ecc-benchmark.c
+@@ -307,8 +307,6 @@ bench_curve (const struct ecc_curve *ecc)
+ }
+ 
+ const struct ecc_curve * const curves[] = {
+-  &_nettle_secp_192r1,
+-  &_nettle_secp_224r1,
+   &_nettle_curve25519,
+   &_nettle_secp_256r1,
+   &_nettle_secp_384r1,
+diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c
+index 3d008021..b8cf902c 100644
+--- a/examples/hogweed-benchmark.c
++++ b/examples/hogweed-benchmark.c
+@@ -412,23 +412,6 @@ bench_ecdsa_init (unsigned size)
+ 
+   switch (size)
+     {
+-    case 192:
+-      ecc = &_nettle_secp_192r1;
+-      xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
+-      ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
+-      zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
+-      ctx->digest = hash_string (&nettle_sha1, "abc");
+-      ctx->digest_size = 20;
+-      break;
+-    case 224:
+-      ecc = &_nettle_secp_224r1;
+-      xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
+-      ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
+-      zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
+-      ctx->digest = hash_string (&nettle_sha224, "abc");
+-      ctx->digest_size = 28;
+-      break;
+-
+       /* From RFC 4754 */
+     case 256:
+       ecc = &_nettle_secp_256r1;
+diff --git a/testsuite/ecdh-test.c b/testsuite/ecdh-test.c
+index ff4f7233..2be26b19 100644
+--- a/testsuite/ecdh-test.c
++++ b/testsuite/ecdh-test.c
+@@ -159,46 +159,6 @@ test_public_key (const char *label, const struct ecc_curve *ecc,
+ void
+ test_main(void)
+ {
+-  test_public_key ("(0,0) with secp-192r1", &_nettle_secp_192r1, "0", "0", 0);
+-  test_public_key (
+-    "(P,0) with secp-192r1", &_nettle_secp_192r1,
+-    "6277101735386680763835789423207666416083908700390324961279",
+-    "0", 0);
+-  test_public_key (
+-    "(0,P) with secp-192r1", &_nettle_secp_192r1, "0",
+-    "6277101735386680763835789423207666416083908700390324961279",
+-    0);
+-  test_public_key (
+-    "(P,P) with secp-192r1", &_nettle_secp_192r1,
+-    "6277101735386680763835789423207666416083908700390324961279",
+-    "6277101735386680763835789423207666416083908700390324961279",
+-    0);
+-  test_public_key ("(1,2) with secp-192r1", &_nettle_secp_192r1, "1", "2", 0);
+-  test_public_key ("(X,Y) with secp-192r1", &_nettle_secp_192r1,
+-    "1050363442265225480786760666329560655512990381040021438562",
+-    "5298249600854377235107392014200406283816103564916230704184",
+-    1);
+-
+-  test_dh ("secp-192r1", &_nettle_secp_192r1,
+-	   "3406157206141798348095184987208239421004566462391397236532",
+-	   "1050363442265225480786760666329560655512990381040021438562",
+-	   "5298249600854377235107392014200406283816103564916230704184",
+-	   "738368960171459956677260317271477822683777845013274506165",
+-	   "2585840779771604687467445319428618542927556223024046979917",
+-	   "293088185788565313717816218507714888251468410990708684573",
+-	   "149293809021051532782730990145509724807636529827149481690",
+-	   "2891131861147398318714693938158856874319184314120776776192");
+-
+-  test_dh ("secp-224r1", &_nettle_secp_224r1,
+-	   "1321072106881784386340709783538698930880431939595776773514895067682",
+-	   "6768311794185371282972144247871764855860666277647541840973645586477",
+-	   "2880077809069104378181313860274147139049600284805670362929579614547",
+-	   "13934723037778859565852601874354272638301919827851286722006496784914",
+-	   "373124771833407982305885866158843810218322878380632071540538232035",
+-	   "24223309755162432227459925493224336241652868856405241018762887667883",
+-	   "8330362698029245839097779050425944245826040430538860338085968752913",
+-	   "24167244512472228715617822000878192535267113543393576038737592837010");	   
+-
+   test_dh ("secp-256r1", &_nettle_secp_256r1,
+ 	   "94731533361265297353914491124013058635674217345912524033267198103710636378786",
+ 	   "22441589863306126152768848344973918725077248391248404659242620344938484650846",
+diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c
+index 08a10a1d..0acd4e5c 100644
+--- a/testsuite/ecdsa-sign-test.c
++++ b/testsuite/ecdsa-sign-test.c
+@@ -58,53 +58,6 @@ test_ecdsa (const struct ecc_curve *ecc,
+ void
+ test_main (void)
+ {
+-  /* Producing the signature for corresponding test in
+-     ecdsa-verify-test.c, with special u1 and u2. */
+-  test_ecdsa (&_nettle_secp_224r1,
+-	      "99b5b787484def12894ca507058b3bf5"
+-	      "43d72d82fa7721d2e805e5e6",
+-	      "2",
+-	      SHEX("cdb887ac805a3b42e22d224c85482053"
+-		   "16c755d4a736bb2032c92553"),
+-	      "706a46dc76dcb76798e60e6d89474788"
+-	      "d16dc18032d268fd1a704fa6", /* r */
+-	      "3a41e1423b1853e8aa89747b1f987364"
+-	      "44705d6d6d8371ea1f578f2e"); /* s */
+-
+-  /* Test cases for the smaller groups, verified with a
+-     proof-of-concept implementation done for Yubico AB. */
+-  test_ecdsa (&_nettle_secp_192r1,
+-	      "DC51D3866A15BACDE33D96F992FCA99D"
+-	      "A7E6EF0934E70975", /* z */
+-
+-	      "9E56F509196784D963D1C0A401510EE7"
+-	      "ADA3DCC5DEE04B15", /* k */
+-
+-	      SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
+-		   "B00361A396177A9C"), /* h */
+-
+-	      "8c478db6a5c131540cebc739f9c0a9a8"
+-	      "c720c2abdd14a891", /* r */
+-
+-	      "a91fb738f9f175d72f9c98527e881c36"
+-	      "8de68cb55ffe589"); /* s */
+-
+-  test_ecdsa (&_nettle_secp_224r1,
+-	      "446df0a771ed58403ca9cb316e617f6b"
+-	      "158420465d00a69601e22858",  /* z */
+-
+-	      "4c13f1905ad7eb201178bc08e0c9267b"
+-	      "4751c15d5e1831ca214c33f4",  /* z */
+-
+-	      SHEX("1b28a611fe62ab3649350525d06703ba"
+-		   "4b979a1e543566fd5caa85c6"),  /* h */
+-
+-	      "2cc280778f3d067df6d3adbe3a6aad63"
+-	      "bc75f08f5c5f915411902a99",  /* r */ 
+-
+-	      "d0f069fd0f108eb07b7bbc54c8d6c88d"
+-	      "f2715c38a95c31a2b486995f"); /* s */
+-
+   /* From RFC 4754 */
+   test_ecdsa (&_nettle_secp_256r1,
+ 	      "DC51D386 6A15BACD E33D96F9 92FCA99D"
+diff --git a/testsuite/ecdsa-verify-test.c b/testsuite/ecdsa-verify-test.c
+index 8110c64d..71c0b5c0 100644
+--- a/testsuite/ecdsa-verify-test.c
++++ b/testsuite/ecdsa-verify-test.c
+@@ -81,34 +81,6 @@ test_ecdsa (const struct ecc_curve *ecc,
+ void
+ test_main (void)
+ {
+-  /* Corresponds to nonce k = 2 and private key z =
+-     0x99b5b787484def12894ca507058b3bf543d72d82fa7721d2e805e5e6. z and
+-     hash are chosen so that intermediate scalars in the verify
+-     equations are u1 = 0x6b245680e700, u2 =
+-     259da6542d4ba7d21ad916c3bd57f811. These values require canonical
+-     reduction of the scalars. Bug caused by missing canonical
+-     reduction reported by Guido Vranken. */
+-  test_ecdsa (&_nettle_secp_224r1,
+-	      "9e7e6cc6b1bdfa8ee039b66ad85e5490"
+-	      "7be706a900a3cba1c8fdd014", /* x */
+-	      "74855db3f7c1b4097ae095745fc915e3"
+-	      "8a79d2a1de28f282eafb22ba", /* y */
+-
+-	      SHEX("cdb887ac805a3b42e22d224c85482053"
+-		   "16c755d4a736bb2032c92553"),
+-	      "706a46dc76dcb76798e60e6d89474788"
+-	      "d16dc18032d268fd1a704fa6", /* r */
+-	      "3a41e1423b1853e8aa89747b1f987364"
+-	      "44705d6d6d8371ea1f578f2e"); /* s */
+-
+-  /* Test case provided by Guido Vranken, from oss-fuzz */
+-  test_ecdsa (&_nettle_secp_192r1,
+-	      "14683086 f1734c6d e68743a6 48181b54 a74d4c5b 383eb6a8", /* x */
+-	      "  1e2584 2ab8b2b0 4017f655 1b5e4058 a2aa0612 2dae9344", /* y */
+-	      SHEX("00"), /* h == 0 corner case*/
+-	      "952800792ed19341fdeeec047f2514f3b0f150d6066151fb", /* r */
+-	      "ec5971222014878b50d7a19d8954bc871e7e65b00b860ffb"); /* s */
+-
+   /* From RFC 4754 */
+   test_ecdsa (&_nettle_secp_256r1,
+ 	      "2442A5CC 0ECD015F A3CA31DC 8E2BBC70"
+diff --git a/testsuite/testutils.c b/testsuite/testutils.c
+index 2c6cac40..fbf4974c 100644
+--- a/testsuite/testutils.c
++++ b/testsuite/testutils.c
+@@ -1656,8 +1656,6 @@ test_dsa_key(const struct dsa_params *params,
+ }
+ 
+ const struct ecc_curve * const ecc_curves[] = {
+-  &_nettle_secp_192r1,
+-  &_nettle_secp_224r1,
+   &_nettle_secp_256r1,
+   &_nettle_secp_384r1,
+   &_nettle_secp_521r1,
+@@ -1714,24 +1712,6 @@ test_ecc_point (const struct ecc_curve *ecc,
+ 
+ /* For each curve, the points g, 2 g, 3 g and 4 g */
+ static const struct ecc_ref_point ecc_ref[9][4] = {
+-  { { "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
+-      "07192b95ffc8da78631011ed6b24cdd573f977a11e794811" },
+-    { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
+-	"dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
+-    { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
+-	"782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
+-    { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
+-	"a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
+-  },
+-  { { "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
+-	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34" },
+-    { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
+-	"1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
+-    { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
+-	"a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
+-    { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
+-	"482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
+-  },
+   { { "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
+ 	"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" },
+     { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
+-- 
+2.30.2
+
 __EOF__

nettle-3.6-remove-ecc-testsuite.patch

@@ -1,173 +0,0 @@
-Index: nettle-3.7/examples/ecc-benchmark.c
-===================================================================
---- nettle-3.7.orig/examples/ecc-benchmark.c
-+++ nettle-3.7/examples/ecc-benchmark.c
-@@ -307,8 +307,6 @@ bench_curve (const struct ecc_curve *ecc
- }
- 
- const struct ecc_curve * const curves[] = {
--  &_nettle_secp_192r1,
--  &_nettle_secp_224r1,
-   &_nettle_curve25519,
-   &_nettle_secp_256r1,
-   &_nettle_secp_384r1,
-Index: nettle-3.7/examples/hogweed-benchmark.c
-===================================================================
---- nettle-3.7.orig/examples/hogweed-benchmark.c
-+++ nettle-3.7/examples/hogweed-benchmark.c
-@@ -412,23 +412,6 @@ bench_ecdsa_init (unsigned size)
- 
-   switch (size)
-     {
--    case 192:
--      ecc = &_nettle_secp_192r1;
--      xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
--      ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
--      zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
--      ctx->digest = hash_string (&nettle_sha1, "abc");
--      ctx->digest_size = 20;
--      break;
--    case 224:
--      ecc = &_nettle_secp_224r1;
--      xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
--      ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
--      zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
--      ctx->digest = hash_string (&nettle_sha224, "abc");
--      ctx->digest_size = 28;
--      break;
--
-       /* From RFC 4754 */
-     case 256:
-       ecc = &_nettle_secp_256r1;
-Index: nettle-3.7/testsuite/ecdh-test.c
-===================================================================
---- nettle-3.7.orig/testsuite/ecdh-test.c
-+++ nettle-3.7/testsuite/ecdh-test.c
-@@ -159,46 +159,6 @@ test_public_key (const char *label, cons
- void
- test_main(void)
- {
--  test_public_key ("(0,0) with secp-192r1", &_nettle_secp_192r1, "0", "0", 0);
--  test_public_key (
--    "(P,0) with secp-192r1", &_nettle_secp_192r1,
--    "6277101735386680763835789423207666416083908700390324961279",
--    "0", 0);
--  test_public_key (
--    "(0,P) with secp-192r1", &_nettle_secp_192r1, "0",
--    "6277101735386680763835789423207666416083908700390324961279",
--    0);
--  test_public_key (
--    "(P,P) with secp-192r1", &_nettle_secp_192r1,
--    "6277101735386680763835789423207666416083908700390324961279",
--    "6277101735386680763835789423207666416083908700390324961279",
--    0);
--  test_public_key ("(1,2) with secp-192r1", &_nettle_secp_192r1, "1", "2", 0);
--  test_public_key ("(X,Y) with secp-192r1", &_nettle_secp_192r1,
--    "1050363442265225480786760666329560655512990381040021438562",
--    "5298249600854377235107392014200406283816103564916230704184",
--    1);
--
--  test_dh ("secp-192r1", &_nettle_secp_192r1,
--	   "3406157206141798348095184987208239421004566462391397236532",
--	   "1050363442265225480786760666329560655512990381040021438562",
--	   "5298249600854377235107392014200406283816103564916230704184",
--	   "738368960171459956677260317271477822683777845013274506165",
--	   "2585840779771604687467445319428618542927556223024046979917",
--	   "293088185788565313717816218507714888251468410990708684573",
--	   "149293809021051532782730990145509724807636529827149481690",
--	   "2891131861147398318714693938158856874319184314120776776192");
--
--  test_dh ("secp-224r1", &_nettle_secp_224r1,
--	   "1321072106881784386340709783538698930880431939595776773514895067682",
--	   "6768311794185371282972144247871764855860666277647541840973645586477",
--	   "2880077809069104378181313860274147139049600284805670362929579614547",
--	   "13934723037778859565852601874354272638301919827851286722006496784914",
--	   "373124771833407982305885866158843810218322878380632071540538232035",
--	   "24223309755162432227459925493224336241652868856405241018762887667883",
--	   "8330362698029245839097779050425944245826040430538860338085968752913",
--	   "24167244512472228715617822000878192535267113543393576038737592837010");	   
--
-   test_dh ("secp-256r1", &_nettle_secp_256r1,
- 	   "94731533361265297353914491124013058635674217345912524033267198103710636378786",
- 	   "22441589863306126152768848344973918725077248391248404659242620344938484650846",
-Index: nettle-3.7/testsuite/ecdsa-sign-test.c
-===================================================================
---- nettle-3.7.orig/testsuite/ecdsa-sign-test.c
-+++ nettle-3.7/testsuite/ecdsa-sign-test.c
-@@ -60,38 +60,6 @@ test_main (void)
- {
-   /* Test cases for the smaller groups, verified with a
-      proof-of-concept implementation done for Yubico AB. */
--  test_ecdsa (&_nettle_secp_192r1,
--	      "DC51D3866A15BACDE33D96F992FCA99D"
--	      "A7E6EF0934E70975", /* z */
--
--	      "9E56F509196784D963D1C0A401510EE7"
--	      "ADA3DCC5DEE04B15", /* k */
--
--	      SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
--		   "B00361A396177A9C"), /* h */
--
--	      "8c478db6a5c131540cebc739f9c0a9a8"
--	      "c720c2abdd14a891", /* r */
--
--	      "a91fb738f9f175d72f9c98527e881c36"
--	      "8de68cb55ffe589"); /* s */
--
--  test_ecdsa (&_nettle_secp_224r1,
--	      "446df0a771ed58403ca9cb316e617f6b"
--	      "158420465d00a69601e22858",  /* z */
--
--	      "4c13f1905ad7eb201178bc08e0c9267b"
--	      "4751c15d5e1831ca214c33f4",  /* z */
--
--	      SHEX("1b28a611fe62ab3649350525d06703ba"
--		   "4b979a1e543566fd5caa85c6"),  /* h */
--
--	      "2cc280778f3d067df6d3adbe3a6aad63"
--	      "bc75f08f5c5f915411902a99",  /* r */ 
--
--	      "d0f069fd0f108eb07b7bbc54c8d6c88d"
--	      "f2715c38a95c31a2b486995f"); /* s */
--
-   /* From RFC 4754 */
-   test_ecdsa (&_nettle_secp_256r1,
- 	      "DC51D386 6A15BACD E33D96F9 92FCA99D"
-Index: nettle-3.7/testsuite/testutils.c
-===================================================================
---- nettle-3.7.orig/testsuite/testutils.c
-+++ nettle-3.7/testsuite/testutils.c
-@@ -1656,8 +1656,6 @@ test_dsa_key(const struct dsa_params *pa
- }
- 
- const struct ecc_curve * const ecc_curves[] = {
--  &_nettle_secp_192r1,
--  &_nettle_secp_224r1,
-   &_nettle_secp_256r1,
-   &_nettle_secp_384r1,
-   &_nettle_secp_521r1,
-@@ -1714,24 +1712,6 @@ test_ecc_point (const struct ecc_curve *
- 
- /* For each curve, the points g, 2 g, 3 g and 4 g */
- static const struct ecc_ref_point ecc_ref[9][4] = {
--  { { "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
--      "07192b95ffc8da78631011ed6b24cdd573f977a11e794811" },
--    { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
--	"dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
--    { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
--	"782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
--    { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
--	"a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
--  },
--  { { "b70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
--	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34" },
--    { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
--	"1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
--    { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
--	"a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
--    { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
--	"482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
--  },
-   { { "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
- 	"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5" },
-     { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",

nettle-3.7-chacha-counter-ppc64.patch

@@ -1,51 +0,0 @@
-From 64837b2e433e2b99b893683949bad3a99acab38f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
-Date: Wed, 10 Feb 2021 11:22:23 +0100
-Subject: [PATCH] Fix chacha counter update for _4core variants.
-
----
- ChangeLog      |  4 ++++
- chacha-crypt.c | 10 +++++++---
- 2 files changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/chacha-crypt.c b/chacha-crypt.c
-index 081ebcf4..1fdfc813 100644
---- a/chacha-crypt.c
-+++ b/chacha-crypt.c
-@@ -80,13 +80,16 @@ _nettle_chacha_crypt_4core(struct chacha_ctx *ctx,
-   while (length > 2*CHACHA_BLOCK_SIZE)
-     {
-       _nettle_chacha_4core (x, ctx->state, CHACHA_ROUNDS);
--      ctx->state[12] += 4;
--      ctx->state[13] += (ctx->state[12] < 4);
-       if (length <= 4*CHACHA_BLOCK_SIZE)
- 	{
-+	  uint32_t incr = 3 + (length > 3*CHACHA_BLOCK_SIZE);
-+	  ctx->state[12] += incr;
-+	  ctx->state[13] += (ctx->state[12] < incr);
- 	  memxor3 (dst, src, x, length);
- 	  return;
- 	}
-+      ctx->state[12] += 4;
-+      ctx->state[13] += (ctx->state[12] < 4);
-       memxor3 (dst, src, x, 4*CHACHA_BLOCK_SIZE);
- 
-       length -= 4*CHACHA_BLOCK_SIZE;
-@@ -200,12 +203,13 @@ _nettle_chacha_crypt32_4core(struct chacha_ctx *ctx,
-   while (length > 2*CHACHA_BLOCK_SIZE)
-     {
-       _nettle_chacha_4core32 (x, ctx->state, CHACHA_ROUNDS);
--      ctx->state[12] += 4;
-       if (length <= 4*CHACHA_BLOCK_SIZE)
- 	{
-+	  ctx->state[12] += 3 + (length > 3*CHACHA_BLOCK_SIZE);
- 	  memxor3 (dst, src, x, length);
- 	  return;
- 	}
-+      ctx->state[12] += 4;
-       memxor3 (dst, src, x, 4*CHACHA_BLOCK_SIZE);
- 
-       length -= 4*CHACHA_BLOCK_SIZE;
--- 
-2.29.2
-

nettle-3.7.2-suppress-maybe-uninit.patch

@@ -0,0 +1,40 @@
+From 952c2d890902782ee90b6ed273f1d8b4e95dbff1 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Sun, 21 Mar 2021 11:13:36 +0100
+Subject: [PATCH] nettle-benchmark: suppress -Wmaybe-uninitialized warnings
+
+---
+ examples/nettle-benchmark.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
+index ca6346e0..518b947d 100644
+--- a/examples/nettle-benchmark.c
++++ b/examples/nettle-benchmark.c
+@@ -392,6 +392,7 @@ time_umac(void)
+ 
+   uint8_t key[16];
+ 
++  init_key(sizeof(key), key);
+   umac32_set_key (&ctx32, key);
+   info.ctx = &ctx32;
+   info.update = (nettle_hash_update_func *) umac32_update;
+@@ -434,6 +435,7 @@ time_cmac(void)
+ 
+   uint8_t key[16];
+ 
++  init_key(sizeof(key), key);
+   cmac_aes128_set_key (&ctx, key);
+   info.ctx = &ctx;
+   info.update = (nettle_hash_update_func *) cmac_aes128_update;
+@@ -451,6 +453,7 @@ time_poly1305_aes(void)
+   struct poly1305_aes_ctx ctx;
+   uint8_t key[32];
+ 
++  init_key(sizeof(key), key);
+   poly1305_aes_set_key (&ctx, key);
+   info.ctx = &ctx;
+   info.update = (nettle_hash_update_func *) poly1305_aes_update;
+-- 
+2.30.2
+

nettle-3.8-zeroize-stack.patch

@@ -0,0 +1,334 @@
+From 894b22e6d851512776bd62e85e749d6950ce16fc Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno@redhat.com>
+Date: Wed, 24 Aug 2022 17:19:57 +0900
+Subject: [PATCH] Clear any intermediate data allocate on stack
+
+Signed-off-by: Daiki Ueno <dueno@redhat.com>
+---
+ cbc.c                 |  3 +++
+ cfb.c                 | 13 +++++++++++++
+ ctr.c                 |  4 ++++
+ ctr16.c               |  2 ++
+ ecc-random.c          |  3 +++
+ ecdsa-keygen.c        |  2 ++
+ ecdsa-sign.c          |  2 ++
+ ed25519-sha512-sign.c |  2 ++
+ ed448-shake256-sign.c |  2 ++
+ gostdsa-sign.c        |  2 ++
+ hmac.c                | 10 +++++++---
+ nettle-internal.h     |  5 +++++
+ pbkdf2.c              |  5 ++++-
+ pss-mgf1.c            |  5 ++++-
+ pss.c                 |  4 ++++
+ 15 files changed, 59 insertions(+), 5 deletions(-)
+
+diff --git a/cbc.c b/cbc.c
+index 76b6492d..b9da3aa0 100644
+--- a/cbc.c
++++ b/cbc.c
+@@ -128,6 +128,9 @@ cbc_decrypt(const void *ctx, nettle_cipher_func *f,
+ 	      length - block_size);
+       /* Writes first block. */
+       memxor3(dst, buffer, initial_iv, block_size);
++
++      TMP_CLEAR(buffer, buffer_size);
++      TMP_CLEAR(initial_iv, block_size);
+     }
+ }
+ 
+diff --git a/cfb.c b/cfb.c
+index b9da3159..b1b01b9e 100644
+--- a/cfb.c
++++ b/cfb.c
+@@ -83,6 +83,8 @@ cfb_encrypt(const void *ctx, nettle_cipher_func *f,
+       /* We do not care about updating IV here. This is the last call in
+        * message sequence and one has to set IV afterwards anyway */
+     }
++
++  TMP_CLEAR(buffer, block_size);
+ }
+ 
+ /* Don't allocate any more space than this on the stack */
+@@ -115,6 +117,8 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
+ 
+ 	  f(ctx, block_size, buffer, iv);
+ 	  memxor3(dst + length, src + length, buffer, left);
++
++	  TMP_CLEAR(buffer, block_size);
+ 	}
+     }
+   else
+@@ -160,6 +164,9 @@ cfb_decrypt(const void *ctx, nettle_cipher_func *f,
+ 	  f(ctx, block_size, buffer, iv);
+ 	  memxor(dst, buffer, left);
+ 	}
++
++      TMP_CLEAR(buffer, buffer_size);
++      TMP_CLEAR(initial_iv, block_size);
+     }
+ }
+ 
+@@ -196,6 +203,9 @@ cfb8_encrypt(const void *ctx, nettle_cipher_func *f,
+       pos ++;
+     }
+   memcpy(iv, buffer + pos, block_size);
++
++  TMP_CLEAR(buffer, block_size * 2);
++  TMP_CLEAR(outbuf, block_size);
+ }
+ 
+ void
+@@ -235,4 +245,7 @@ cfb8_decrypt(const void *ctx, nettle_cipher_func *f,
+     }
+ 
+   memcpy(iv, buffer + i, block_size);
++
++  TMP_CLEAR(buffer, block_size * 2);
++  TMP_CLEAR(outbuf, block_size * 2);
+ }
+diff --git a/ctr.c b/ctr.c
+index 8c6b4626..217d1abb 100644
+--- a/ctr.c
++++ b/ctr.c
+@@ -137,6 +137,8 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
+ 	  f(ctx, block_size, block, ctr);
+ 	  INCREMENT(block_size, ctr);
+ 	  memxor3(dst + filled, src + filled, block, length - filled);
++
++	  TMP_CLEAR(block, block_size);
+ 	}
+     }
+   else
+@@ -173,5 +175,7 @@ ctr_crypt(const void *ctx, nettle_cipher_func *f,
+ 	  INCREMENT(block_size, ctr);
+ 	  memxor(dst, buffer, length);
+ 	}
++
++      TMP_CLEAR(buffer, buffer_size);
+     }
+ }
+diff --git a/ctr16.c b/ctr16.c
+index d744d2a9..ec0abd72 100644
+--- a/ctr16.c
++++ b/ctr16.c
+@@ -102,5 +102,7 @@ _nettle_ctr_crypt16(const void *ctx, nettle_cipher_func *f,
+ 	done:
+ 	  memxor3 (dst + i, src + i, buffer->b, length - i);
+ 	}
++
++      TMP_CLEAR(buffer, MIN(blocks, CTR_BUFFER_LIMIT / 16));
+     }
+ }
+diff --git a/ecc-random.c b/ecc-random.c
+index a7b48d6a..676f5933 100644
+--- a/ecc-random.c
++++ b/ecc-random.c
+@@ -36,6 +36,7 @@
+ #endif
+ 
+ #include <assert.h>
++#include <string.h>
+ 
+ #include "ecc.h"
+ #include "ecc-internal.h"
+@@ -79,4 +80,6 @@ ecc_scalar_random (struct ecc_scalar *x,
+   TMP_ALLOC (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
+ 
+   ecc_mod_random (&x->ecc->q, x->p, random_ctx, random, scratch);
++
++  TMP_CLEAR (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
+ }
+diff --git a/ecdsa-keygen.c b/ecdsa-keygen.c
+index 870282b0..05dd827a 100644
+--- a/ecdsa-keygen.c
++++ b/ecdsa-keygen.c
+@@ -59,4 +59,6 @@ ecdsa_generate_keypair (struct ecc_point *pub,
+   ecc_mod_random (&ecc->q, key->p, random_ctx, random, p);
+   ecc->mul_g (ecc, p, key->p, p + 3*ecc->p.size);
+   ecc->h_to_a (ecc, 0, pub->p, p, p + 3*ecc->p.size);
++
++  TMP_CLEAR (p, itch);
+ }
+diff --git a/ecdsa-sign.c b/ecdsa-sign.c
+index e6fb3287..e6b960bf 100644
+--- a/ecdsa-sign.c
++++ b/ecdsa-sign.c
+@@ -68,4 +68,6 @@ ecdsa_sign (const struct ecc_scalar *key,
+       mpz_limbs_finish (signature->s, size);
+     }
+   while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
++
++  TMP_CLEAR (k, size + ECC_ECDSA_SIGN_ITCH (size));
+ }
+diff --git a/ed25519-sha512-sign.c b/ed25519-sha512-sign.c
+index 389a157e..52a46ea5 100644
+--- a/ed25519-sha512-sign.c
++++ b/ed25519-sha512-sign.c
+@@ -38,6 +38,7 @@
+ 
+ #include "ecc-internal.h"
+ #include "sha2.h"
++#include <string.h>
+ 
+ void
+ ed25519_sha512_sign (const uint8_t *pub,
+@@ -61,6 +62,7 @@ ed25519_sha512_sign (const uint8_t *pub,
+ 	       length, msg, signature, scratch_out);
+ 
+   gmp_free_limbs (scratch, itch);
++  explicit_bzero (digest, sizeof(digest));
+ #undef k1
+ #undef k2
+ #undef scratch_out
+diff --git a/ed448-shake256-sign.c b/ed448-shake256-sign.c
+index c524593d..01abf457 100644
+--- a/ed448-shake256-sign.c
++++ b/ed448-shake256-sign.c
+@@ -39,6 +39,7 @@
+ #include "ecc-internal.h"
+ #include "eddsa-internal.h"
+ #include "sha3.h"
++#include <string.h>
+ 
+ void
+ ed448_shake256_sign (const uint8_t *pub,
+@@ -63,6 +64,7 @@ ed448_shake256_sign (const uint8_t *pub,
+ 	       length, msg, signature, scratch_out);
+ 
+   gmp_free_limbs (scratch, itch);
++  explicit_bzero (digest, sizeof(digest));
+ #undef k1
+ #undef k2
+ #undef scratch_out
+diff --git a/gostdsa-sign.c b/gostdsa-sign.c
+index 892c0742..a7e0c21d 100644
+--- a/gostdsa-sign.c
++++ b/gostdsa-sign.c
+@@ -71,4 +71,6 @@ gostdsa_sign (const struct ecc_scalar *key,
+       mpz_limbs_finish (signature->s, size);
+     }
+   while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
++
++  TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size));
+ }
+diff --git a/hmac.c b/hmac.c
+index 6ac5e11a..0ac33bed 100644
+--- a/hmac.c
++++ b/hmac.c
+@@ -55,6 +55,8 @@ hmac_set_key(void *outer, void *inner, void *state,
+ {
+   TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
+   TMP_ALLOC(pad, hash->block_size);
++  TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
++  TMP_ALLOC(digest, hash->digest_size);
+   
+   hash->init(outer);
+   hash->init(inner);
+@@ -64,9 +66,6 @@ hmac_set_key(void *outer, void *inner, void *state,
+       /* Reduce key to the algorithm's hash size. Use the area pointed
+        * to by state for the temporary state. */
+ 
+-      TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
+-      TMP_ALLOC(digest, hash->digest_size);
+-
+       hash->init(state);
+       hash->update(state, key_length, key);
+       hash->digest(state, hash->digest_size, digest);
+@@ -88,6 +87,9 @@ hmac_set_key(void *outer, void *inner, void *state,
+   hash->update(inner, hash->block_size, pad);
+ 
+   memcpy(state, inner, hash->context_size);
++
++  TMP_CLEAR(pad, hash->block_size);
++  TMP_CLEAR(digest, hash->digest_size);
+ }
+ 
+ void
+@@ -114,4 +116,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
+   hash->digest(state, length, dst);
+ 
+   memcpy(state, inner, hash->context_size);
++
++  TMP_CLEAR(digest, hash->digest_size);
+ }
+diff --git a/nettle-internal.h b/nettle-internal.h
+index ddc483de..9fc55514 100644
+--- a/nettle-internal.h
++++ b/nettle-internal.h
+@@ -72,6 +72,11 @@
+   do { assert((size_t)(size) <= (sizeof(name))); } while (0)
+ #endif 
+ 
++#include <string.h>		/* explicit_bzero */
++
++#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size)))
++#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size))
++
+ /* Arbitrary limits which apply to systems that don't have alloca */
+ #define NETTLE_MAX_HASH_BLOCK_SIZE 128
+ #define NETTLE_MAX_HASH_DIGEST_SIZE 64
+diff --git a/pbkdf2.c b/pbkdf2.c
+index 291d138a..a8ecba5b 100644
+--- a/pbkdf2.c
++++ b/pbkdf2.c
+@@ -92,8 +92,11 @@ pbkdf2 (void *mac_ctx,
+       if (length <= digest_size)
+ 	{
+ 	  memcpy (dst, T, length);
+-	  return;
++	  break;
+ 	}
+       memcpy (dst, T, digest_size);
+     }
++
++  TMP_CLEAR (U, digest_size);
++  TMP_CLEAR (T, digest_size);
+ }
+diff --git a/pss-mgf1.c b/pss-mgf1.c
+index 3f5e204b..3644c642 100644
+--- a/pss-mgf1.c
++++ b/pss-mgf1.c
+@@ -66,8 +66,11 @@ pss_mgf1(const void *seed, const struct nettle_hash *hash,
+       if (length <= hash->digest_size)
+ 	{
+ 	  hash->digest(state, length, mask);
+-	  return;
++	  break;
+ 	}
+       hash->digest(state, hash->digest_size, mask);
+     }
++
++  TMP_CLEAR(h, hash->digest_size);
++  TMP_CLEAR_ALIGN(state, hash->context_size);
+ }
+diff --git a/pss.c b/pss.c
+index d28e7b13..8106ebf2 100644
+--- a/pss.c
++++ b/pss.c
+@@ -77,6 +77,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
+   if (key_size < hash->digest_size + salt_length + 2)
+     {
+       TMP_GMP_FREE(em);
++      TMP_CLEAR_ALIGN(state, hash->context_size);
+       return 0;
+     }
+ 
+@@ -111,6 +112,7 @@ pss_encode_mgf1(mpz_t m, size_t bits,
+ 
+   nettle_mpz_set_str_256_u(m, key_size, em);
+   TMP_GMP_FREE(em);
++  TMP_CLEAR_ALIGN(state, hash->context_size);
+   return 1;
+ }
+ 
+@@ -194,5 +196,7 @@ pss_verify_mgf1(const mpz_t m, size_t bits,
+   ret = 1;
+  cleanup:
+   TMP_GMP_FREE(em);
++  TMP_CLEAR(h2, hash->digest_size);
++  TMP_CLEAR_ALIGN(state, hash->context_size);
+   return ret;
+ }
+-- 
+2.37.2
+

nettle.spec

@@ -14,26 +14,32 @@
 %bcond_without fips
 
 Name:           nettle
-Version:        3.7
+Version:        3.8
 Release:        3%{?dist}
 Summary:        A low-level cryptographic library
 
 License:        LGPLv3+ or GPLv2+
 URL:            http://www.lysator.liu.se/~nisse/nettle/
 Source0:	%{name}-%{version}-hobbled.tar.xz
-#Source0:        http://www.lysator.liu.se/~nisse/archive/%{name}-%{version}.tar.gz
+#Source0:        http://www.lysator.liu.se/~nisse/archive/%%{name}-%%{version}.tar.gz
 %if 0%{?bootstrap}
 Source1:	%{name}-%{version_old}-hobbled.tar.xz
 Source2:	nettle-3.5-remove-ecc-testsuite.patch
 %endif
-Patch0:		nettle-3.6-remove-ecc-testsuite.patch
-Patch1:		nettle-3.4-annocheck.patch
-# https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009423.html
-Patch2:		nettle-3.7-chacha-counter-ppc64.patch
+Patch:		nettle-3.4-annocheck.patch
+Patch:		nettle-3.8-zeroize-stack.patch
+
+Source100:	gmp-6.2.1.tar.xz
+# Taken from the main gmp package
+Source101:	gmp-6.2.1-intel-cet.patch
+Source102:	gmp-6.2.1-zeroize-allocator.patch
 
 BuildRequires: make
 BuildRequires:  gcc
-BuildRequires:  gmp-devel, m4
+%if !%{with fips}
+BuildRequires:  gmp-devel
+%endif
+BuildRequires:  m4
 BuildRequires:	libtool, automake, autoconf, gettext-devel
 %if %{with fips}
 BuildRequires:  fipscheck
@@ -61,6 +67,18 @@ applications with nettle.
 %prep
 %autosetup -Tb 0 -p1
 
+%if %{with fips}
+mkdir -p bundled_gmp
+pushd bundled_gmp
+tar --strip-components=1 -xf %{SOURCE100}
+patch -p1 < %{SOURCE101}
+patch -p1 < %{SOURCE102}
+popd
+
+# Prevent -lgmp appearing in the compiler command line in dependent components
+sed -i '/^Libs.private:/d' hogweed.pc.in
+%endif
+
 %if 0%{?bootstrap}
 mkdir -p bootstrap_ver
 pushd bootstrap_ver
@@ -80,8 +98,22 @@ sed 's/ecc-secp192r1.c//g' -i Makefile.in
 sed 's/ecc-secp224r1.c//g' -i Makefile.in
 
 %build
+%if %{with fips}
+pushd bundled_gmp
 autoreconf -ifv
-%configure --enable-shared --enable-fat
+%configure --disable-cxx --disable-shared --enable-fat --with-pic
+%make_build
+popd
+%endif
+
+autoreconf -ifv
+
+%configure --enable-shared --enable-fat \
+%if %{with fips}
+--with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \
+%endif
+%{nil}
+
 %make_build
 
 %if 0%{?bootstrap}
@@ -173,6 +205,33 @@ make check
 
 
 %changelog
+* Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.8-3
+- Rebuild in new side-tag
+
+* Thu Aug 18 2022 Daiki Ueno <dueno@redhat.com> - 3.8-2
+- Bundle GMP to privatize memory functions
+- Zeroize stack allocated intermediate data
+
+* Tue Jun 28 2022 Daiki Ueno <dueno@redhat.com> - 3.8-1
+- Update to nettle 3.8 (#1992457)
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.3-2
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Wed Jul 28 2021 Daiki Ueno <dueno@redhat.com> - 3.7.3-1
+- Update to nettle 3.7.3 (#1986712)
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.2-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Sun Mar 21 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-1
+- Update to nettle 3.7.2
+- Merge nettle-3.6-remove-ecc-testsuite.patch to hobble-nettle script
+
+* Tue Mar  9 2021 Daiki Ueno <dueno@redhat.com> - 3.7.1-1
+- Update to nettle 3.7.1
+
 * Wed Feb 10 2021 Daiki Ueno <dueno@redhat.com> - 3.7-3
 - Port a fix for chacha counter issue on ppc64le
 

sources

@@ -1 +1,2 @@
-SHA512 (nettle-3.7-hobbled.tar.xz) = 267ad57aa4fc7791490c94aae5c533489e6bc8080a8275eb7e8c037437b7e981769d7ff771115cd66c57bf4088589780653fd293ff612c233dd00fea0ea94248
+SHA512 (nettle-3.8-hobbled.tar.xz) = a0c24568401212895b69eff046dbc0450fc14f1759ec3b4b62771a3d77192056b9a43c3ee386aeae1fe2d12ce58efc183849af5f9088e4ea7dab278f52572b2f
+SHA512 (gmp-6.2.1.tar.xz) = c99be0950a1d05a0297d65641dd35b75b74466f7bf03c9e8a99895a3b2f9a0856cd17887738fa51cf7499781b65c049769271cbcb77d057d2e9f1ec52e07dd84