rpms
/
nettle
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
...
pull from: rpms:c10-beta
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'c10-beta' have entirely different histories.
c9 ... c10-beta

5 changed files with 94 additions and 53 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1,2 +1,2 @@
SOURCES/gmp-6.2.1.tar.xz SOURCES/gmp-6.2.1.tar.xz
SOURCES/nettle-3.8-hobbled.tar.xz SOURCES/nettle-3.10-hobbled.tar.xz

2
.nettle.metadata
Unescape View File

@ -1,2 +1,2 @@
0578d48607ec0e272177d175fd1807c30b00fdf2 SOURCES/gmp-6.2.1.tar.xz 0578d48607ec0e272177d175fd1807c30b00fdf2 SOURCES/gmp-6.2.1.tar.xz
c809f048a71b322453c18e30986a18e600306d77 SOURCES/nettle-3.8-hobbled.tar.xz 762cc3c0a8cf735353927607a147d7bb802b5aad SOURCES/nettle-3.10-hobbled.tar.xz

13
SOURCES/nettle-3.4-annocheck.patch
Unescape View File

@ -1,13 +0,0 @@
Index: nettle-3.7/Makefile.in
===================================================================
--- nettle-3.7.orig/Makefile.in
+++ nettle-3.7/Makefile.in
@@ -291,7 +291,7 @@ libhogweed.a: $(hogweed_OBJS)
%.$(OBJEXT): %.asm $(srcdir)/m4-utils.m4 $(srcdir)/asm.m4 config.m4 machine.m4
$(M4) $(srcdir)/m4-utils.m4 $(srcdir)/asm.m4 config.m4 machine.m4 $< >$*.s
- $(COMPILE) -c $*.s
+ $(COMPILE) -c -Wa,--generate-missing-build-notes=yes $*.s
%.$(OBJEXT): %.c
$(COMPILE) -c $< \

22
SOURCES/nettle-3.8-zeroize-stack.patch
Unescape View File

@ -1,4 +1,4 @@
From 894b22e6d851512776bd62e85e749d6950ce16fc Mon Sep 17 00:00:00 2001 From 24a4cb910a51f35dff89842e8cce27f88e8e78c3 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com> From: Daiki Ueno <dueno@redhat.com>
Date: Wed, 24 Aug 2022 17:19:57 +0900 Date: Wed, 24 Aug 2022 17:19:57 +0900
Subject: [PATCH] Clear any intermediate data allocate on stack Subject: [PATCH] Clear any intermediate data allocate on stack
@ -212,10 +212,10 @@ index 892c0742..a7e0c21d 100644
+ TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size)); + TMP_CLEAR (k, size + ECC_GOSTDSA_SIGN_ITCH (size));
} }
diff --git a/hmac.c b/hmac.c diff --git a/hmac.c b/hmac.c
index 6ac5e11a..0ac33bed 100644 index ea356970..6a55551b 100644
--- a/hmac.c --- a/hmac.c
+++ b/hmac.c +++ b/hmac.c
@@ -55,6 +55,8 @@ hmac_set_key(void *outer, void *inner, void *state, @@ -53,6 +53,8 @@ hmac_set_key(void *outer, void *inner, void *state,
{ {
TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE); TMP_DECL(pad, uint8_t, NETTLE_MAX_HASH_BLOCK_SIZE);
TMP_ALLOC(pad, hash->block_size); TMP_ALLOC(pad, hash->block_size);
@ -224,7 +224,7 @@ index 6ac5e11a..0ac33bed 100644
hash->init(outer); hash->init(outer);
hash->init(inner); hash->init(inner);
@@ -64,9 +66,6 @@ hmac_set_key(void *outer, void *inner, void *state, @@ -62,9 +64,6 @@ hmac_set_key(void *outer, void *inner, void *state,
/* Reduce key to the algorithm's hash size. Use the area pointed /* Reduce key to the algorithm's hash size. Use the area pointed
* to by state for the temporary state. */ * to by state for the temporary state. */
@ -234,7 +234,7 @@ index 6ac5e11a..0ac33bed 100644
hash->init(state); hash->init(state);
hash->update(state, key_length, key); hash->update(state, key_length, key);
hash->digest(state, hash->digest_size, digest); hash->digest(state, hash->digest_size, digest);
@@ -88,6 +87,9 @@ hmac_set_key(void *outer, void *inner, void *state, @@ -86,6 +85,9 @@ hmac_set_key(void *outer, void *inner, void *state,
hash->update(inner, hash->block_size, pad); hash->update(inner, hash->block_size, pad);
memcpy(state, inner, hash->context_size); memcpy(state, inner, hash->context_size);
@ -244,7 +244,7 @@ index 6ac5e11a..0ac33bed 100644
} }
void void
@@ -114,4 +116,6 @@ hmac_digest(const void *outer, const void *inner, void *state, @@ -112,4 +114,6 @@ hmac_digest(const void *outer, const void *inner, void *state,
hash->digest(state, length, dst); hash->digest(state, length, dst);
memcpy(state, inner, hash->context_size); memcpy(state, inner, hash->context_size);
@ -252,10 +252,10 @@ index 6ac5e11a..0ac33bed 100644
+ TMP_CLEAR(digest, hash->digest_size); + TMP_CLEAR(digest, hash->digest_size);
} }
diff --git a/nettle-internal.h b/nettle-internal.h diff --git a/nettle-internal.h b/nettle-internal.h
index ddc483de..9fc55514 100644 index c41f3ee0..62b89e11 100644
--- a/nettle-internal.h --- a/nettle-internal.h
+++ b/nettle-internal.h +++ b/nettle-internal.h
@@ -72,6 +72,11 @@ @@ -76,6 +76,11 @@
do { assert((size_t)(size) <= (sizeof(name))); } while (0) do { assert((size_t)(size) <= (sizeof(name))); } while (0)
#endif #endif
@ -264,8 +264,8 @@ index ddc483de..9fc55514 100644
+#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size))) +#define TMP_CLEAR(name, size) (explicit_bzero (name, sizeof (*name) * (size)))
+#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size)) +#define TMP_CLEAR_ALIGN(name, size) (explicit_bzero (name, size))
+ +
/* Arbitrary limits which apply to systems that don't have alloca */ /* Limits that apply to systems that don't have alloca */
#define NETTLE_MAX_HASH_BLOCK_SIZE 128 #define NETTLE_MAX_HASH_BLOCK_SIZE 144 /* For sha3_224*/
#define NETTLE_MAX_HASH_DIGEST_SIZE 64 #define NETTLE_MAX_HASH_DIGEST_SIZE 64
diff --git a/pbkdf2.c b/pbkdf2.c diff --git a/pbkdf2.c b/pbkdf2.c
index 291d138a..a8ecba5b 100644 index 291d138a..a8ecba5b 100644
@ -330,5 +330,5 @@ index d28e7b13..8106ebf2 100644
return ret; return ret;
} }
-- --
2.37.2 2.41.0

108
SPECS/nettle.spec
Unescape View File

@ -1,3 +1,13 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 1;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
## END: Set by rpmautospec
# Recent so-version, so we do not bump accidentally. # Recent so-version, so we do not bump accidentally.
%global nettle_so_ver 8 %global nettle_so_ver 8
%global hogweed_so_ver 6 %global hogweed_so_ver 6
@ -11,14 +21,25 @@
%global hogweed_so_ver_old 5 %global hogweed_so_ver_old 5
%endif %endif
%bcond_without fips %if %{defined rhel}
# * RHEL 9 and later include nettle in the gnutls module boundary,
# and HMAC is calculated there with its own tool.
# * RHEL 9 and later statically links to gmp to ensure zeroization of CSP.
%if 0%{?rhel} < 9
%bcond_without fipshmac
%bcond_with bundle_gmp
%else
%bcond_with fipshmac
%bcond_without bundle_gmp
%endif
%endif
Name: nettle Name: nettle
Version: 3.8 Version: 3.10
Release: 3%{?dist} Release: %{?autorelease}%{!?autorelease:1%{?dist}}
Summary: A low-level cryptographic library Summary: A low-level cryptographic library
License: LGPLv3+ or GPLv2+ License: LGPL-3.0-or-later OR GPL-2.0-or-later
URL: http://www.lysator.liu.se/~nisse/nettle/ URL: http://www.lysator.liu.se/~nisse/nettle/
Source0: %{name}-%{version}-hobbled.tar.xz Source0: %{name}-%{version}-hobbled.tar.xz
#Source0: http://www.lysator.liu.se/~nisse/archive/%%{name}-%%{version}.tar.gz #Source0: http://www.lysator.liu.se/~nisse/archive/%%{name}-%%{version}.tar.gz
@ -26,7 +47,6 @@ Source0: %{name}-%{version}-hobbled.tar.xz
Source1: %{name}-%{version_old}-hobbled.tar.xz Source1: %{name}-%{version_old}-hobbled.tar.xz
Source2: nettle-3.5-remove-ecc-testsuite.patch Source2: nettle-3.5-remove-ecc-testsuite.patch
%endif %endif
Patch: nettle-3.4-annocheck.patch
Patch: nettle-3.8-zeroize-stack.patch Patch: nettle-3.8-zeroize-stack.patch
Source100: gmp-6.2.1.tar.xz Source100: gmp-6.2.1.tar.xz
@ -36,12 +56,12 @@ Source102: gmp-6.2.1-zeroize-allocator.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
%if !%{with fips} %if !%{with bundle_gmp}
BuildRequires: gmp-devel BuildRequires: gmp-devel
%endif %endif
BuildRequires: m4 BuildRequires: m4
BuildRequires: libtool, automake, autoconf, gettext-devel BuildRequires: libtool, automake, autoconf, gettext-devel
%if %{with fips} %if %{with fipshmac}
BuildRequires: fipscheck BuildRequires: fipscheck
%endif %endif
@ -67,7 +87,7 @@ applications with nettle.
%prep %prep
%autosetup -Tb 0 -p1 %autosetup -Tb 0 -p1
%if %{with fips} %if %{with bundle_gmp}
mkdir -p bundled_gmp mkdir -p bundled_gmp
pushd bundled_gmp pushd bundled_gmp
tar --strip-components=1 -xf %{SOURCE100} tar --strip-components=1 -xf %{SOURCE100}
@ -98,7 +118,7 @@ sed 's/ecc-secp192r1.c//g' -i Makefile.in
sed 's/ecc-secp224r1.c//g' -i Makefile.in sed 's/ecc-secp224r1.c//g' -i Makefile.in
%build %build
%if %{with fips} %if %{with bundle_gmp}
pushd bundled_gmp pushd bundled_gmp
autoreconf -ifv autoreconf -ifv
%configure --disable-cxx --disable-shared --enable-fat --with-pic %configure --disable-cxx --disable-shared --enable-fat --with-pic
@ -107,13 +127,13 @@ popd
%endif %endif
autoreconf -ifv autoreconf -ifv
# For annocheck
export ASM_FLAGS="-Wa,--generate-missing-build-notes=yes"
%configure --enable-shared --enable-fat \ %configure --enable-shared --enable-fat \
%if %{with fips} %if %{with bundle_gmp}
--with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \ --with-include-path=$PWD/bundled_gmp --with-lib-path=$PWD/bundled_gmp/.libs \
%endif %endif
%{nil} %{nil}
%make_build %make_build
%if 0%{?bootstrap} %if 0%{?bootstrap}
@ -124,7 +144,7 @@ autoconf
popd popd
%endif %endif
%if %{with fips} %if %{with fipshmac}
%define fipshmac() \ %define fipshmac() \
fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/%1.* \ fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/%1.* \
file=`basename $RPM_BUILD_ROOT%{_libdir}/%1.*.hmac` && \ file=`basename $RPM_BUILD_ROOT%{_libdir}/%1.*.hmac` && \
@ -188,7 +208,7 @@ make check
%{_libdir}/libhogweed.so.%{hogweed_so_ver_old} %{_libdir}/libhogweed.so.%{hogweed_so_ver_old}
%{_libdir}/libhogweed.so.%{hogweed_so_ver_old}.* %{_libdir}/libhogweed.so.%{hogweed_so_ver_old}.*
%endif %endif
%if %{with fips} %if %{with fipshmac}
%{_libdir}/.libhogweed.so.*.hmac %{_libdir}/.libhogweed.so.*.hmac
%{_libdir}/.libnettle.so.*.hmac %{_libdir}/.libnettle.so.*.hmac
%endif %endif
@ -205,25 +225,57 @@ make check
%changelog %changelog
* Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.8-3 ## START: Generated by rpmautospec
- Rebuild in new side-tag * Fri Jul 26 2024 Daiki Ueno <dueno@redhat.com> - 3.10-1
- Update to nettle 3.10
* Thu Aug 18 2022 Daiki Ueno <dueno@redhat.com> - 3.8-2 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.9.1-11
- Bump release for June 2024 mass rebuild
* Thu Jun 20 2024 Daiki Ueno <dueno@redhat.com> - 3.9.1-10
- Split "fips" bcond into "fipshmac" and "bundle_gmp"
* Tue Jun 18 2024 Daiki Ueno <dueno@redhat.com> - 3.9.1-9
- Update hobble-nettle to disable SM4 again
* Fri Jun 07 2024 Daiki Ueno <dueno@redhat.com> - 3.9.1-8
- Bundle GMP to privatize memory functions - Bundle GMP to privatize memory functions
- Zeroize stack allocated intermediate data
* Tue Jun 28 2022 Daiki Ueno <dueno@redhat.com> - 3.8-1 * Thu Feb 15 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 3.9.1-7
- Update to nettle 3.8 (#2100350) - Disable HMAC in RHEL 9+
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.9.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.3-2 * Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.9.1-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
Related: rhbz#1991688
* Wed Jul 28 2021 Daiki Ueno <dueno@redhat.com> - 3.7.3-1 * Thu Aug 24 2023 Daiki Ueno <dueno@redhat.com> - 3.9.1-4
- Update to nettle 3.7.3 (#1986712) - Migrate License field to SPDX license identifier
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.2-2 * Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.9.1-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Jun 5 2023 Daiki Ueno <dueno@redhat.com> - 3.9.1-1
- Update to nettle 3.9.1
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jun 3 2022 Daiki Ueno <dueno@redhat.com> - 3.8-1
- Update to nettle 3.8
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jun 7 2021 Daiki Ueno <dueno@redhat.com> - 3.7.3-1
- Update to nettle 3.7.3
* Sun Mar 21 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-1 * Sun Mar 21 2021 Daiki Ueno <dueno@redhat.com> - 3.7.2-1
- Update to nettle 3.7.2 - Update to nettle 3.7.2
@ -408,3 +460,5 @@ make check
* Fri Feb 08 2008 Ian Weller <ianweller@gmail.com> 1.15-1 * Fri Feb 08 2008 Ian Weller <ianweller@gmail.com> 1.15-1
- First package build. - First package build.
## END: Generated by rpmautospec

Write Preview
Loading…
Cancel
Save