nettle package update

Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org>

SOURCES/nettle-2.7.1-ecc-cve.patch

@@ -0,0 +1,275 @@
+diff --git a/ecc-256.c b/ecc-256.c
+index 571cf73..07841b1 100644
+--- a/ecc-256.c
++++ b/ecc-256.c
+@@ -108,7 +108,10 @@ ecc_256_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+       u0 -= t;
+       t = (u1 < cy);
+       u1 -= cy;
+-      u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
++
++      cy = cnd_add_n (t, rp + n - 4, ecc->p, 2);
++      u0 += cy;
++      u1 += (u0 < cy);
+       u1 -= (-t) & 0xffffffff;
+     }
+   rp[2] = u0;
+@@ -195,7 +198,7 @@ ecc_256_modq (const struct ecc_curve *ecc, mp_limb_t *rp)
+
+       /* Conditional add of p */
+       u1 += t;
+-      u2 += (t<<32) + (u0 < t);
++      u2 += (t<<32) + (u1 < t);
+
+       t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
+       u1 += t;
+diff --git a/x86_64/ecc-384-modp.asm b/x86_64/ecc-384-modp.asm
+index 698838f..31b739e 100644
+--- a/x86_64/ecc-384-modp.asm
++++ b/x86_64/ecc-384-modp.asm
+@@ -20,7 +20,7 @@ C MA 02111-1301, USA.
+	.file "ecc-384-modp.asm"
+
+ define(<RP>, <%rsi>)
+-define(<D4>, <%rax>)
++define(<D5>, <%rax>)
+ define(<T0>, <%rbx>)
+ define(<T1>, <%rcx>)
+ define(<T2>, <%rdx>)
+@@ -35,8 +35,8 @@ define(<H4>, <%r13>)
+ define(<H5>, <%r14>)
+ define(<C2>, <%r15>)
+ define(<C0>, H5)	C Overlap
+-define(<D0>, RP)	C Overlap
+-define(<TMP>, H4)	C Overlap
++define(<TMP>, RP)	C Overlap
++
+
+ PROLOGUE(nettle_ecc_384_modp)
+	W64_ENTRY(2, 0)
+@@ -48,34 +48,38 @@ PROLOGUE(nettle_ecc_384_modp)
+	push	%r14
+	push	%r15
+
+-	C First get top 2 limbs, which need folding twice
++	C First get top 2 limbs, which need folding twice.
++	C B^10 = B^6 + B^4 + 2^32 (B-1)B^4.
++	C We handle the terms as follow:
+	C
+-	C   H5 H4
+-	C     -H5
+-	C  ------
+-	C   H0 D4
++	C B^6: Folded immediatly.
+	C
+-	C Then shift right, (H1,H0,D4)  <--  (H0,D4) << 32
+-	C and add
++	C B^4: Delayed, added in in the next folding.
+	C
+-	C     H5 H4
+-	C     H1 H0
+-	C ----------
+-	C  C2 H1 H0
+-
+-	mov	80(RP), D4
+-	mov	88(RP), H0
+-	mov	D4, H4
+-	mov	H0, H5
+-	sub	H0, D4
+-	sbb	$0, H0
+-
+-	mov	D4, T2
+-	mov	H0, H1
+-	shl	$32, H0
+-	shr	$32, T2
++	C 2^32(B-1) B^4: Low half limb delayed until the next
++	C folding. Top 1.5 limbs subtracted and shifter now, resulting
++	C in 2.5 limbs. The low limb saved in D5, high 1.5 limbs added
++	C in.
++
++	mov	80(RP), H4
++	mov	88(RP), H5
++	C Shift right 32 bits, into H1, H0
++	mov	H4, H0
++	mov	H5, H1
++	mov	H5, D5
+	shr	$32, H1
+-	or	T2, H0
++	shl	$32, D5
++	shr	$32, H0
++	or	D5, H0
++
++	C	H1 H0
++	C       -  H1 H0
++	C       --------
++	C       H1 H0 D5
++	mov	H0, D5
++	neg	D5
++	sbb	H1, H0
++	sbb	$0, H1
+
+	xor	C2, C2
+	add	H4, H0
+@@ -114,118 +118,95 @@ PROLOGUE(nettle_ecc_384_modp)
+	adc	H3, T5
+	adc	$0, C0
+
+-	C   H3 H2 H1 H0  0
+-	C - H4 H3 H2 H1 H0
+-	C  ---------------
+-	C   H3 H2 H1 H0 D0
+-
+-	mov	XREG(D4), XREG(D4)
+-	mov	H0, D0
+-	neg	D0
+-	sbb	H1, H0
+-	sbb	H2, H1
+-	sbb	H3, H2
+-	sbb	H4, H3
+-	sbb	$0, D4
+-
+-	C Shift right. High bits are sign, to be added to C0.
+-	mov	D4, TMP
+-	sar	$32, TMP
+-	shl	$32, D4
+-	add	TMP, C0
+-
++	C Shift left, including low half of H4
+	mov	H3, TMP
++	shl	$32, H4
+	shr	$32, TMP
+-	shl	$32, H3
+-	or	TMP, D4
++	or	TMP, H4
+
+	mov	H2, TMP
++	shl	$32, H3
+	shr	$32, TMP
+-	shl	$32, H2
+	or	TMP, H3
+
+	mov	H1, TMP
++	shl	$32, H2
+	shr	$32, TMP
+-	shl	$32, H1
+	or	TMP, H2
+
+	mov	H0, TMP
++	shl	$32, H1
+	shr	$32, TMP
+-	shl	$32, H0
+	or	TMP, H1
+
+-	mov	D0, TMP
+-	shr	$32, TMP
+-	shl	$32, D0
+-	or	TMP, H0
++	shl	$32, H0
++
++	C   H4 H3 H2 H1 H0  0
++	C  -   H4 H3 H2 H1 H0
++	C  ---------------
++	C   H4 H3 H2 H1 H0 TMP
+
+-	add	D0, T0
++	mov	H0, TMP
++	neg	TMP
++	sbb	H1, H0
++	sbb	H2, H1
++	sbb	H3, H2
++	sbb	H4, H3
++	sbb	$0, H4
++
++	add	TMP, T0
+	adc	H0, T1
+	adc	H1, T2
+	adc	H2, T3
+	adc	H3, T4
+-	adc	D4, T5
++	adc	H4, T5
+	adc	$0, C0
+
+	C Remains to add in C2 and C0
+-	C                         C0  C0<<32  (-2^32+1)C0
+-	C    C2  C2<<32  (-2^32+1)C2
+-	C where C2 is always positive, while C0 may be -1.
++	C Set H1, H0 = (2^96 - 2^32 + 1) C0
+	mov	C0, H0
+	mov	C0, H1
+-	mov	C0, H2
+-	sar	$63, C0		C Get sign
+	shl	$32, H1
+-	sub	H1, H0		C Gives borrow iff C0 > 0
++	sub	H1, H0
+	sbb	$0, H1
+-	add	C0, H2
+
++	C Set H3, H2 = (2^96 - 2^32 + 1) C2
++	mov	C2, H2
++	mov	C2, H3
++	shl	$32, H3
++	sub	H3, H2
++	sbb	$0, H3
++	add	C0, H2		C No carry. Could use lea trick
++
++	xor	C0, C0
+	add	H0, T0
+	adc	H1, T1
+-	adc	$0, H2
+-	adc	$0, C0
+-
+-	C Set (H1 H0)  <-- C2 << 96 - C2 << 32 + 1
+-	mov	C2, H0
+-	mov	C2, H1
+-	shl	$32, H1
+-	sub	H1, H0
+-	sbb	$0, H1
+-
+-	add	H2, H0
+-	adc	C0, H1
+-	adc	C2, C0
+-	mov	C0, H2
+-	sar	$63, C0
+-	add	H0, T2
+-	adc	H1, T3
+-	adc	H2, T4
+-	adc	C0, T5
+-	sbb	C0, C0
++	adc	H2, T2
++	adc	H3, T3
++	adc	C2, T4
++	adc	D5, T5		C Value delayed from initial folding
++	adc	$0, C0		C Use sbb and switch sign?
+
+	C Final unlikely carry
+	mov	C0, H0
+	mov	C0, H1
+-	mov	C0, H2
+-	sar	$63, C0
+	shl	$32, H1
+	sub	H1, H0
+	sbb	$0, H1
+-	add	C0, H2
+
+	pop	RP
+
+-	sub	H0, T0
++	add	H0, T0
+	mov	T0, (RP)
+-	sbb	H1, T1
++	adc	H1, T1
+	mov	T1, 8(RP)
+-	sbb	H2, T2
++	adc	C0, T2
+	mov	T2, 16(RP)
+-	sbb	C0, T3
++	adc	$0, T3
+	mov	T3, 24(RP)
+-	sbb	C0, T4
++	adc	$0, T4
+	mov	T4, 32(RP)
+-	sbb	C0, T5
++	adc	$0, T5
+	mov	T5, 40(RP)
+
+	pop	%r15

SOURCES/nettle-2.7.1-powm-sec.patch

@@ -0,0 +1,160 @@
+diff --git a/configure.ac b/configure.ac
+index 78a3d4e..dfb151e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -645,9 +645,9 @@ if test "x$nettle_cv_fcntl_locking" = "xyes" ; then
+ fi
+
+ # Checks for libraries
+-AC_CHECK_LIB(gmp, __gmpz_getlimbn,,
++AC_CHECK_LIB(gmp, __gmpz_powm_sec,,
+     [AC_MSG_WARN(
+-[GNU MP not found, or not 3.1 or up, see http://gmplib.org/.
++[GNU MP not found, or not 5.0 or up, see http://gmplib.org/.
+ Support for public key algorithms will be unavailable.])]
+     enable_public_key=no)
+
+diff --git a/dsa-sign.c b/dsa-sign.c
+index 0b5ab1d..d0baa27 100644
+--- a/dsa-sign.c
++++ b/dsa-sign.c
+@@ -54,6 +54,11 @@ _dsa_sign(const struct dsa_public_key *pub,
+   if (mpz_sizeinbase(pub->q, 2) != 8 * digest_size)
+     return 0;
+
++  /* Check that p is odd, so that invalid keys don't result in a crash
++     inside mpz_powm_sec. */
++  if (mpz_even_p (pub->p))
++    return 0;
++
+   /* Select k, 0<k<q, randomly */
+   mpz_init_set(tmp, pub->q);
+   mpz_sub_ui(tmp, tmp, 1);
+@@ -63,7 +68,7 @@ _dsa_sign(const struct dsa_public_key *pub,
+   mpz_add_ui(k, k, 1);
+
+   /* Compute r = (g^k (mod p)) (mod q) */
+-  mpz_powm(tmp, pub->g, k, pub->p);
++  mpz_powm_sec(tmp, pub->g, k, pub->p);
+   mpz_fdiv_r(signature->r, tmp, pub->q);
+
+   /* Compute hash */
+diff --git a/rsa-blind.c b/rsa-blind.c
+index 97485be..468b68e 100644
+--- a/rsa-blind.c
++++ b/rsa-blind.c
+@@ -53,7 +53,7 @@ _rsa_blind (const struct rsa_public_key *pub,
+   while (!mpz_invert (ri, r, pub->n));
+
+   /* c = c*(r^e) mod n */
+-  mpz_powm(r, r, pub->e, pub->n);
++  mpz_powm_sec(r, r, pub->e, pub->n);
+   mpz_mul(c, c, r);
+   mpz_fdiv_r(c, c, pub->n);
+
+diff --git a/rsa-decrypt-tr.c b/rsa-decrypt-tr.c
+index 312b182..4066619 100644
+--- a/rsa-decrypt-tr.c
++++ b/rsa-decrypt-tr.c
+@@ -43,6 +43,9 @@ rsa_decrypt_tr(const struct rsa_public_key *pub,
+   mpz_t m, ri;
+   int res;
+
++  if (mpz_even_p (pub->n) || mpz_even_p (key->p) || mpz_even_p (key->q))
++    return 0;
++
+   mpz_init_set(m, gibberish);
+   mpz_init (ri);
+
+diff --git a/rsa-decrypt.c b/rsa-decrypt.c
+index a3abf6e..64d12ae 100644
+--- a/rsa-decrypt.c
++++ b/rsa-decrypt.c
+@@ -39,6 +39,9 @@ rsa_decrypt(const struct rsa_private_key *key,
+   mpz_t m;
+   int res;
+
++  if (mpz_even_p (key->p) || mpz_even_p (key->q))
++    return 0;
++
+   mpz_init(m);
+   rsa_compute_root(key, m, gibberish);
+
+diff --git a/rsa-pkcs1-sign-tr.c b/rsa-pkcs1-sign-tr.c
+index 5efc155..0031706 100644
+--- a/rsa-pkcs1-sign-tr.c
++++ b/rsa-pkcs1-sign-tr.c
+@@ -40,6 +40,9 @@ rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
+ {
+   mpz_t ri;
+
++  if (mpz_even_p (pub->n) || mpz_even_p (key->p) || mpz_even_p (key->q))
++    return 0;
++
+   if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info))
+     {
+       mpz_init (ri);
+diff --git a/rsa-pkcs1-sign.c b/rsa-pkcs1-sign.c
+index 9162cfc..e39485b 100644
+--- a/rsa-pkcs1-sign.c
++++ b/rsa-pkcs1-sign.c
+@@ -36,6 +36,9 @@ rsa_pkcs1_sign(const struct rsa_private_key *key,
+	       unsigned length, const uint8_t *digest_info,
+	       mpz_t s)
+ {
++  if (mpz_even_p (key->p) || mpz_even_p (key->q))
++    return 0;
++
+   if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info))
+     {
+       rsa_compute_root(key, s, s);
+diff --git a/rsa-sign.c b/rsa-sign.c
+index 56adda3..9f2a707 100644
+--- a/rsa-sign.c
++++ b/rsa-sign.c
+@@ -88,11 +88,11 @@ rsa_compute_root(const struct rsa_private_key *key,
+
+   /* Compute xq = m^d % q = (m%q)^b % q */
+   mpz_fdiv_r(xq, m, key->q);
+-  mpz_powm(xq, xq, key->b, key->q);
++  mpz_powm_sec(xq, xq, key->b, key->q);
+
+   /* Compute xp = m^d % p = (m%p)^a % p */
+   mpz_fdiv_r(xp, m, key->p);
+-  mpz_powm(xp, xp, key->a, key->p);
++  mpz_powm_sec(xp, xp, key->a, key->p);
+
+   /* Set xp' = (xp - xq) c % p. */
+   mpz_sub(xp, xp, xq);
+diff --git a/rsa.c b/rsa.c
+index e303a8c..91b3f85 100644
+--- a/rsa.c
++++ b/rsa.c
+@@ -58,6 +58,9 @@ _rsa_check_size(mpz_t n)
+   /* Round upwards */
+   unsigned size = (mpz_sizeinbase(n, 2) + 7) / 8;
+
++  if (mpz_even_p (n))
++    return 0;
++
+   if (size < RSA_MINIMUM_N_OCTETS)
+     return 0;
+
+diff --git a/testsuite/rsa-test.c b/testsuite/rsa-test.c
+index e9b1c03..a429664 100644
+--- a/testsuite/rsa-test.c
++++ b/testsuite/rsa-test.c
+@@ -57,6 +57,13 @@ test_main(void)
+
+   test_rsa_sha512(&pub, &key, expected);
+
++  /* Test detection of invalid keys with even modulo */
++  mpz_clrbit (pub.n, 0);
++  ASSERT (!rsa_public_key_prepare (&pub));
++
++  mpz_clrbit (key.p, 0);
++  ASSERT (!rsa_private_key_prepare (&key));
++
+   /* 777-bit key, generated by
+    *
+    *   lsh-keygen -a rsa -l 777 -f advanced-hex

SOURCES/nettle-2.7.1-remove-ecc-testsuite.patch

@@ -0,0 +1,131 @@
+diff -ur nettle-2.7.1.orig/examples/ecc-benchmark.c nettle-2.7.1/examples/ecc-benchmark.c
+--- nettle-2.7.1.orig/examples/ecc-benchmark.c	2013-05-28 16:21:54.000000000 +0200
++++ nettle-2.7.1/examples/ecc-benchmark.c	2013-11-25 14:57:21.168064904 +0100
+@@ -262,8 +262,6 @@
+ }
+
+ const struct ecc_curve * const curves[] = {
+-  &nettle_secp_192r1,
+-  &nettle_secp_224r1,
+   &nettle_secp_256r1,
+   &nettle_secp_384r1,
+   &nettle_secp_521r1,
+Only in nettle-2.7.1/examples: ecc-benchmark.c~
+diff -ur nettle-2.7.1.orig/examples/hogweed-benchmark.c nettle-2.7.1/examples/hogweed-benchmark.c
+--- nettle-2.7.1.orig/examples/hogweed-benchmark.c	2013-05-28 16:21:54.000000000 +0200
++++ nettle-2.7.1/examples/hogweed-benchmark.c	2013-11-25 14:57:53.728295845 +0100
+@@ -376,23 +376,6 @@
+
+   switch (size)
+     {
+-    case 192:
+-      ecc = &nettle_secp_192r1;
+-      xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
+-      ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
+-      zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
+-      ctx->digest = hash_string (&nettle_sha1, 3, "abc");
+-      ctx->digest_size = 20;
+-      break;
+-    case 224:
+-      ecc = &nettle_secp_224r1;
+-      xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
+-      ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
+-      zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
+-      ctx->digest = hash_string (&nettle_sha224, 3, "abc");
+-      ctx->digest_size = 28;
+-      break;
+-
+       /* From RFC 4754 */
+     case 256:
+       ecc = &nettle_secp_256r1;
+@@ -585,13 +568,10 @@
+ #if 0
+   { "dsa",2048, bench_dsa_init, bench_dsa_sign,   bench_dsa_verify, bench_dsa_clear },
+ #endif
+-  { "ecdsa",  192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+-  { "ecdsa",  224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+   { "ecdsa",  256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+   { "ecdsa",  384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+   { "ecdsa",  521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+ #if WITH_OPENSSL
+-  { "ecdsa (openssl)",  224, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
+   { "ecdsa (openssl)",  384, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
+   { "ecdsa (openssl)",  521, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
+ #endif
+Only in nettle-2.7.1/examples: hogweed-benchmark.c~
+diff -ur nettle-2.7.1.orig/testsuite/ecdsa-sign-test.c nettle-2.7.1/testsuite/ecdsa-sign-test.c
+--- nettle-2.7.1.orig/testsuite/ecdsa-sign-test.c	2013-05-28 16:21:54.000000000 +0200
++++ nettle-2.7.1/testsuite/ecdsa-sign-test.c	2013-11-25 14:54:01.104562760 +0100
+@@ -55,37 +55,6 @@
+ {
+   /* Test cases for the smaller groups, verified with a
+      proof-of-concept implementation done for Yubico AB. */
+-  test_ecdsa (&nettle_secp_192r1,
+-	      "DC51D3866A15BACDE33D96F992FCA99D"
+-	      "A7E6EF0934E70975", /* z */
+-
+-	      "9E56F509196784D963D1C0A401510EE7"
+-	      "ADA3DCC5DEE04B15", /* k */
+-
+-	      SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
+-		   "B00361A396177A9C"), /* h */
+-
+-	      "8c478db6a5c131540cebc739f9c0a9a8"
+-	      "c720c2abdd14a891", /* r */
+-
+-	      "a91fb738f9f175d72f9c98527e881c36"
+-	      "8de68cb55ffe589"); /* s */
+-
+-  test_ecdsa (&nettle_secp_224r1,
+-	      "446df0a771ed58403ca9cb316e617f6b"
+-	      "158420465d00a69601e22858",  /* z */
+-
+-	      "4c13f1905ad7eb201178bc08e0c9267b"
+-	      "4751c15d5e1831ca214c33f4",  /* z */
+-
+-	      SHEX("1b28a611fe62ab3649350525d06703ba"
+-		   "4b979a1e543566fd5caa85c6"),  /* h */
+-
+-	      "2cc280778f3d067df6d3adbe3a6aad63"
+-	      "bc75f08f5c5f915411902a99",  /* r */
+-
+-	      "d0f069fd0f108eb07b7bbc54c8d6c88d"
+-	      "f2715c38a95c31a2b486995f"); /* s */
+
+   /* From RFC 4754 */
+   test_ecdsa (&nettle_secp_256r1,
+Only in nettle-2.7.1/testsuite: ecdsa-sign-test.c~
+diff -ur nettle-2.7.1.orig/testsuite/testutils.c nettle-2.7.1/testsuite/testutils.c
+--- nettle-2.7.1.orig/testsuite/testutils.c	2013-05-28 16:21:54.000000000 +0200
++++ nettle-2.7.1/testsuite/testutils.c	2013-11-25 15:01:37.623807622 +0100
+@@ -1125,8 +1125,6 @@
+ }
+
+ const struct ecc_curve * const ecc_curves[] = {
+-  &nettle_secp_192r1,
+-  &nettle_secp_224r1,
+   &nettle_secp_256r1,
+   &nettle_secp_384r1,
+   &nettle_secp_521r1,
+@@ -1178,20 +1176,6 @@
+ {
+   /* For each curve, the points 2 g, 3 g and 4 g */
+   static const struct ecc_ref_point ref[5][3] = {
+-    { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
+-	"dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
+-      { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
+-	"782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
+-      { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
+-	"a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
+-    },
+-    { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
+-	"1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
+-      { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
+-	"a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
+-      { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
+-	"482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
+-    },
+     { { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
+	"7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" },
+       { "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c",
+Only in nettle-2.7.1/testsuite: testutils.c~

SOURCES/nettle-2.7.1-tmpalloc.patch

@@ -0,0 +1,590 @@
+diff --git a/Makefile.in b/Makefile.in
+index 3b0e1cb..ebef2c4 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -176,7 +176,7 @@ DISTFILES = $(SOURCES) $(HEADERS) getopt.h .bootstrap run-tests \
+	cast128_sboxes.h desinfo.h desCode.h \
+	nettle-internal.h nettle-write.h prime-list.h \
+	gmp-glue.h ecc-internal.h \
+-	mini-gmp.h mini-gmp.c asm.m4 \
++	mini-gmp.h mini-gmp.c asm.m4 bignum-internal.h \
+	nettle.texinfo nettle.info nettle.html nettle.pdf sha-example.c
+
+ # Rules building static libraries
+diff --git a/bignum-internal.h b/bignum-internal.h
+new file mode 100644
+index 0000000..26a7cdb
+--- /dev/null
++++ b/bignum-internal.h
+@@ -0,0 +1,36 @@
++/* bignum-internal.h
++ *
++ */
++
++/* nettle, low-level cryptographics library
++ *
++ * Copyright (C) 2013 Red Hat
++ *
++ * The nettle library is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU Lesser General Public License as published by
++ * the Free Software Foundation; either version 2.1 of the License, or (at your
++ * option) any later version.
++ *
++ * The nettle library is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
++ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
++ * License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public License
++ * along with the nettle library; see the file COPYING.LIB.  If not, write to
++ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
++ * MA 02111-1301, USA.
++ */
++
++#ifndef BIGNUM_INTERNAL_H
++# define BIGNUM_INTERNAL_H
++
++#include <gmp-glue.h>
++
++#define TMP_GMP_DECL(name, type) type *name; \
++	unsigned tmp_##name##_size
++#define TMP_GMP_ALLOC(name, size) \
++	(name = gmp_alloc(&tmp_##name##_size, sizeof (*name) * (size)))
++#define TMP_GMP_FREE(name) (gmp_free(name, tmp_##name##_size))
++
++#endif
+diff --git a/bignum-next-prime.c b/bignum-next-prime.c
+index 58a4df8..bc89399 100644
+--- a/bignum-next-prime.c
++++ b/bignum-next-prime.c
+@@ -31,6 +31,7 @@
+ #include <stdlib.h>
+
+ #include "bignum.h"
++#include "bignum-internal.h"
+
+ #include "nettle-internal.h"
+
+@@ -77,9 +78,8 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
+		  void *progress_ctx, nettle_progress_func *progress)
+ {
+   mpz_t tmp;
+-  TMP_DECL(moduli, unsigned, NUMBER_OF_PRIMES);
+-
+   unsigned difference;
++  TMP_GMP_DECL(moduli, unsigned);
+
+   if (prime_limit > NUMBER_OF_PRIMES)
+     prime_limit = NUMBER_OF_PRIMES;
+@@ -112,7 +112,8 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
+      between the 5760 odd numbers in this interval that have no factor
+      in common with 15015.
+    */
+-  TMP_ALLOC(moduli, prime_limit);
++  TMP_GMP_ALLOC(moduli, prime_limit);
++
+   {
+     unsigned i;
+     for (i = 0; i < prime_limit; i++)
+@@ -159,4 +160,5 @@ nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
+ #endif
+     }
+   mpz_clear(tmp);
++  TMP_GMP_FREE(moduli);
+ }
+diff --git a/bignum-random.c b/bignum-random.c
+index f305f04..07ae1ba 100644
+--- a/bignum-random.c
++++ b/bignum-random.c
+@@ -30,6 +30,7 @@
+ #include <stdlib.h>
+
+ #include "bignum.h"
++#include "bignum-internal.h"
+ #include "nettle-internal.h"
+
+ void
+@@ -38,15 +39,17 @@ nettle_mpz_random_size(mpz_t x,
+		       unsigned bits)
+ {
+   unsigned length = (bits + 7) / 8;
+-  TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+-  TMP_ALLOC(data, length);
++  TMP_GMP_DECL(data, uint8_t);
+
+-  random(ctx, length, data);
++  TMP_GMP_ALLOC(data, length);
+
++  random(ctx, length, data);
+   nettle_mpz_set_str_256_u(x, length, data);
+
+   if (bits % 8)
+     mpz_fdiv_r_2exp(x, x, bits);
++
++  TMP_GMP_FREE(data);
+ }
+
+ /* Returns a random number x, 0 <= x < n */
+diff --git a/gmp-glue.c b/gmp-glue.c
+index a2633a5..991e793 100644
+--- a/gmp-glue.c
++++ b/gmp-glue.c
+@@ -239,3 +239,24 @@ gmp_free_limbs (mp_limb_t *p, mp_size_t n)
+
+   free_func (p, (size_t) n * sizeof(mp_limb_t));
+ }
++
++void* gmp_alloc(unsigned* out_n, size_t n)
++{
++	void *(*alloc_func)(size_t);
++	assert (n > 0);
++
++	mp_get_memory_functions(&alloc_func, NULL, NULL);
++
++	*out_n = n;
++	return alloc_func (n);
++}
++
++void gmp_free(void* p, size_t n)
++{
++  void (*free_func)(void *, size_t);
++  assert (n > 0);
++  assert (p != 0);
++  mp_get_memory_functions (NULL, NULL, &free_func);
++
++  free_func (p, (size_t) n);
++}
+diff --git a/gmp-glue.h b/gmp-glue.h
+index 269667f..ff936a1 100644
+--- a/gmp-glue.h
++++ b/gmp-glue.h
+@@ -65,6 +65,8 @@
+ #define mpn_set_base256 _nettle_mpn_set_base256
+ #define gmp_alloc_limbs _nettle_gmp_alloc_limbs
+ #define gmp_free_limbs _nettle_gmp_free_limbs
++#define gmp_free _nettle_gmp_free
++#define gmp_alloc _nettle_gmp_alloc
+
+ /* Use only in-place operations, so we can fall back to addmul_1/submul_1 */
+ #ifdef mpn_cnd_add_n
+@@ -155,5 +157,7 @@ gmp_alloc_limbs (mp_size_t n);
+ void
+ gmp_free_limbs (mp_limb_t *p, mp_size_t n);
+
++void* gmp_alloc(unsigned* out_n, size_t n);
++void gmp_free(void* p, size_t n);
+
+ #endif /* NETTLE_GMP_GLUE_H_INCLUDED */
+diff --git a/pkcs1-decrypt.c b/pkcs1-decrypt.c
+index 754fd51..89b4dcf 100644
+--- a/pkcs1-decrypt.c
++++ b/pkcs1-decrypt.c
+@@ -31,6 +31,7 @@
+ #include "pkcs1.h"
+
+ #include "bignum.h"
++#include "bignum-internal.h"
+ #include "nettle-internal.h"
+
+ int
+@@ -38,35 +39,50 @@ pkcs1_decrypt (unsigned key_size,
+	       const mpz_t m,
+	       unsigned *length, uint8_t *message)
+ {
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
++  TMP_GMP_DECL(em, uint8_t);
+   uint8_t *terminator;
+-  unsigned padding;
+-  unsigned message_length;
+-
+-  TMP_ALLOC(em, key_size);
++  size_t padding;
++  size_t message_length;
++  int ret;
++
++  TMP_GMP_ALLOC(em, key_size);
+   nettle_mpz_get_str_256(key_size, em, m);
+-
++
+   /* Check format */
+   if (em[0] || em[1] != 2)
+-    return 0;
+-
++    {
++     ret = 0;
++     goto cleanup;
++    }
++
+   terminator = memchr(em + 2, 0, key_size - 2);
+-
++
+   if (!terminator)
+-    return 0;
++    {
++     ret = 0;
++     goto cleanup;
++    }
+
+   padding = terminator - (em + 2);
+   if (padding < 8)
+-    return 0;
+-
++    {
++     ret = 0;
++     goto cleanup;
++    }
++
+   message_length = key_size - 3 - padding;
+-
++
+   if (*length < message_length)
+-    return 0;
++    {
++     ret = 0;
++     goto cleanup;
++    }
+
+   memcpy(message, terminator + 1, message_length);
+   *length = message_length;
+-
+-  return 1;
++
++  ret = 1;
++cleanup:
++  TMP_GMP_FREE(em);
++  return ret;
+ }
+-
+diff --git a/pkcs1-encrypt.c b/pkcs1-encrypt.c
+index cde19bc..5246455 100644
+--- a/pkcs1-encrypt.c
++++ b/pkcs1-encrypt.c
+@@ -34,6 +34,7 @@
+ #include "pkcs1.h"
+
+ #include "bignum.h"
++#include "bignum-internal.h"
+ #include "nettle-internal.h"
+
+ int
+@@ -43,7 +44,7 @@ pkcs1_encrypt (unsigned key_size,
+	       unsigned length, const uint8_t *message,
+	       mpz_t m)
+ {
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
++  TMP_GMP_DECL(em, uint8_t);
+   unsigned padding;
+   unsigned i;
+
+@@ -63,7 +64,7 @@ pkcs1_encrypt (unsigned key_size,
+   padding = key_size - length - 3;
+   assert(padding >= 8);
+
+-  TMP_ALLOC(em, key_size - 1);
++  TMP_GMP_ALLOC(em, key_size - 1);
+   em[0] = 2;
+
+   random(random_ctx, padding, em + 1);
+@@ -77,5 +78,7 @@ pkcs1_encrypt (unsigned key_size,
+   memcpy(em + padding + 2, message, length);
+
+   nettle_mpz_set_str_256_u(m, key_size - 1, em);
++
++  TMP_GMP_FREE(em);
+   return 1;
+ }
+diff --git a/pkcs1-rsa-digest.c b/pkcs1-rsa-digest.c
+index e4a6c52..3379b8f 100644
+--- a/pkcs1-rsa-digest.c
++++ b/pkcs1-rsa-digest.c
+@@ -29,21 +29,27 @@
+ #include "pkcs1.h"
+
+ #include "bignum.h"
++#include "bignum-internal.h"
+ #include "nettle-internal.h"
+
+ int
+ pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
+			unsigned di_length, const uint8_t *digest_info)
+ {
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+-  TMP_ALLOC(em, key_size);
++  TMP_GMP_DECL(em, uint8_t);
++
++  TMP_GMP_ALLOC(em, key_size);
+
+   if (_pkcs1_signature_prefix(key_size, em,
+			      di_length, digest_info, 0))
+     {
+       nettle_mpz_set_str_256_u(m, key_size, em);
++      TMP_GMP_FREE(em);
+       return 1;
+     }
+   else
+-    return 0;
++    {
++      TMP_GMP_FREE(em);
++      return 0;
++    }
+ }
+diff --git a/pkcs1-rsa-md5.c b/pkcs1-rsa-md5.c
+index 00514fc..e5edaf3 100644
+--- a/pkcs1-rsa-md5.c
++++ b/pkcs1-rsa-md5.c
+@@ -34,6 +34,7 @@
+ #include "rsa.h"
+
+ #include "bignum.h"
++#include "bignum-internal.h"
+ #include "pkcs1.h"
+
+ #include "nettle-internal.h"
+@@ -65,8 +66,9 @@ int
+ pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash)
+ {
+   uint8_t *p;
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+-  TMP_ALLOC(em, key_size);
++  TMP_GMP_DECL(em, uint8_t);
++
++  TMP_GMP_ALLOC(em, key_size);
+
+   p = _pkcs1_signature_prefix(key_size, em,
+			      sizeof(md5_prefix),
+@@ -76,18 +78,23 @@ pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash)
+     {
+       md5_digest(hash, MD5_DIGEST_SIZE, p);
+       nettle_mpz_set_str_256_u(m, key_size, em);
++      TMP_GMP_FREE(em);
+       return 1;
+     }
+   else
+-    return 0;
++    {
++      TMP_GMP_FREE(em);
++      return 0;
++    }
+ }
+
+ int
+ pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
+ {
+   uint8_t *p;
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+-  TMP_ALLOC(em, key_size);
++  TMP_GMP_DECL(em, uint8_t);
++
++  TMP_GMP_ALLOC(em, key_size);
+
+   p = _pkcs1_signature_prefix(key_size, em,
+			      sizeof(md5_prefix),
+@@ -97,8 +104,12 @@ pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
+     {
+       memcpy(p, digest, MD5_DIGEST_SIZE);
+       nettle_mpz_set_str_256_u(m, key_size, em);
++      TMP_GMP_FREE(em);
+       return 1;
+     }
+   else
+-    return 0;
++    {
++      TMP_GMP_FREE(em);
++      return 0;
++    }
+ }
+diff --git a/pkcs1-rsa-sha1.c b/pkcs1-rsa-sha1.c
+index 2951618..2a68121 100644
+--- a/pkcs1-rsa-sha1.c
++++ b/pkcs1-rsa-sha1.c
+@@ -34,6 +34,7 @@
+ #include "rsa.h"
+
+ #include "bignum.h"
++#include "bignum-internal.h"
+ #include "pkcs1.h"
+
+ #include "nettle-internal.h"
+@@ -65,8 +66,9 @@ int
+ pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash)
+ {
+   uint8_t *p;
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+-  TMP_ALLOC(em, key_size);
++  TMP_GMP_DECL(em, uint8_t);
++
++  TMP_GMP_ALLOC(em, key_size);
+
+   p = _pkcs1_signature_prefix(key_size, em,
+			      sizeof(sha1_prefix),
+@@ -76,18 +78,23 @@ pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash)
+     {
+       sha1_digest(hash, SHA1_DIGEST_SIZE, p);
+       nettle_mpz_set_str_256_u(m, key_size, em);
++      TMP_GMP_FREE(em);
+       return 1;
+     }
+   else
+-    return 0;
++    {
++      TMP_GMP_FREE(em);
++      return 0;
++    }
+ }
+
+ int
+ pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
+ {
+   uint8_t *p;
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+-  TMP_ALLOC(em, key_size);
++  TMP_GMP_DECL(em, uint8_t);
++
++  TMP_GMP_ALLOC(em, key_size);
+
+   p = _pkcs1_signature_prefix(key_size, em,
+			      sizeof(sha1_prefix),
+@@ -97,8 +104,12 @@ pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
+     {
+       memcpy(p, digest, SHA1_DIGEST_SIZE);
+       nettle_mpz_set_str_256_u(m, key_size, em);
++      TMP_GMP_FREE(em);
+       return 1;
+     }
+   else
+-    return 0;
++    {
++      TMP_GMP_FREE(em);
++      return 0;
++    }
+ }
+diff --git a/pkcs1-rsa-sha256.c b/pkcs1-rsa-sha256.c
+index cb07375..3aaabe1 100644
+--- a/pkcs1-rsa-sha256.c
++++ b/pkcs1-rsa-sha256.c
+@@ -34,6 +34,7 @@
+ #include "rsa.h"
+
+ #include "bignum.h"
++#include "bignum-internal.h"
+ #include "pkcs1.h"
+
+ #include "nettle-internal.h"
+@@ -63,8 +64,9 @@ int
+ pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash)
+ {
+   uint8_t *p;
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+-  TMP_ALLOC(em, key_size);
++  TMP_GMP_DECL(em, uint8_t);
++
++  TMP_GMP_ALLOC(em, key_size);
+
+   p = _pkcs1_signature_prefix(key_size, em,
+			      sizeof(sha256_prefix),
+@@ -74,18 +76,23 @@ pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash)
+     {
+       sha256_digest(hash, SHA256_DIGEST_SIZE, p);
+       nettle_mpz_set_str_256_u(m, key_size, em);
++      TMP_GMP_FREE(em);
+       return 1;
+     }
+   else
+-    return 0;
++    {
++      TMP_GMP_FREE(em);
++      return 0;
++    }
+ }
+
+ int
+ pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
+ {
+   uint8_t *p;
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+-  TMP_ALLOC(em, key_size);
++  TMP_GMP_DECL(em, uint8_t);
++
++  TMP_GMP_ALLOC(em, key_size);
+
+   p = _pkcs1_signature_prefix(key_size, em,
+			      sizeof(sha256_prefix),
+@@ -95,8 +102,12 @@ pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest
+     {
+       memcpy(p, digest, SHA256_DIGEST_SIZE);
+       nettle_mpz_set_str_256_u(m, key_size, em);
++      TMP_GMP_FREE(em);
+       return 1;
+     }
+   else
+-    return 0;
++    {
++      TMP_GMP_FREE(em);
++      return 0;
++    }
+ }
+diff --git a/pkcs1-rsa-sha512.c b/pkcs1-rsa-sha512.c
+index 3afd790..bd3d277 100644
+--- a/pkcs1-rsa-sha512.c
++++ b/pkcs1-rsa-sha512.c
+@@ -34,6 +34,7 @@
+ #include "rsa.h"
+
+ #include "bignum.h"
++#include "bignum-internal.h"
+ #include "pkcs1.h"
+
+ #include "nettle-internal.h"
+@@ -63,8 +64,9 @@ int
+ pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash)
+ {
+   uint8_t *p;
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+-  TMP_ALLOC(em, key_size);
++  TMP_GMP_DECL(em, uint8_t);
++
++  TMP_GMP_ALLOC(em, key_size);
+
+   p = _pkcs1_signature_prefix(key_size, em,
+			      sizeof(sha512_prefix),
+@@ -74,18 +76,23 @@ pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash)
+     {
+       sha512_digest(hash, SHA512_DIGEST_SIZE, p);
+       nettle_mpz_set_str_256_u(m, key_size, em);
++      TMP_GMP_FREE(em);
+       return 1;
+     }
+   else
+-    return 0;
++    {
++      TMP_GMP_FREE(em);
++      return 0;
++    }
+ }
+
+ int
+ pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
+ {
+   uint8_t *p;
+-  TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+-  TMP_ALLOC(em, key_size);
++  TMP_GMP_DECL(em, uint8_t);
++
++  TMP_GMP_ALLOC(em, key_size);
+
+   p = _pkcs1_signature_prefix(key_size, em,
+			      sizeof(sha512_prefix),
+@@ -95,8 +102,12 @@ pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest
+     {
+       memcpy(p, digest, SHA512_DIGEST_SIZE);
+       nettle_mpz_set_str_256_u(m, key_size, em);
++      TMP_GMP_FREE(em);
+       return 1;
+     }
+   else
+-    return 0;
++    {
++      TMP_GMP_FREE(em);
++      return 0;
++    }
+ }

SPECS/nettle.spec

@@ -0,0 +1,190 @@
+Name:           nettle
+Version:        2.7.1
+Release:        8%{?dist}
+Summary:        A low-level cryptographic library
+
+Group:          Development/Libraries
+License:        LGPLv2+
+URL:            http://www.lysator.liu.se/~nisse/nettle/
+Source0:	%{name}-%{version}-hobbled.tar.gz
+#Source0:        http://www.lysator.liu.se/~nisse/archive/%{name}-%{version}.tar.gz
+Patch0:		nettle-2.7.1-remove-ecc-testsuite.patch
+Patch1:		nettle-2.7.1-tmpalloc.patch
+Patch2:		nettle-2.7.1-sha3-fix.patch
+Patch3:		nettle-2.7.1-ecc-cve.patch
+Patch4:		nettle-2.7.1-powm-sec.patch
+
+BuildRequires:  gmp-devel m4 texinfo-tex texlive-dvips ghostscript
+BuildRequires:  fipscheck
+BuildRequires:	libtool, automake, autoconf, texinfo
+
+Requires(post): info
+Requires(preun): info
+
+
+%package devel
+Summary:        Development headers for a low-level cryptographic library
+Group:          Development/Libraries
+Requires:       %{name} = %{version}-%{release}
+Requires:       gmp-devel%{?_isa}
+
+%description
+Nettle is a cryptographic library that is designed to fit easily in more
+or less any context: In crypto toolkits for object-oriented languages
+(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
+kernel space.
+
+%description devel
+Nettle is a cryptographic library that is designed to fit easily in more
+or less any context: In crypto toolkits for object-oriented languages
+(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
+kernel space.  This package contains the files needed for developing
+applications with nettle.
+
+
+%prep
+%setup -q
+# Disable -ggdb3 which makes debugedit unhappy
+sed s/ggdb3/g/ -i configure
+sed 's/ecc-192.c//g' -i Makefile.in
+sed 's/ecc-224.c//g' -i Makefile.in
+%patch0 -p1
+%patch1 -p1 -b .tmpalloc
+%patch2 -p1 -b .sha3
+%patch3 -p1 -b .ecc-cve
+%patch4 -p1 -b .powm-sec
+
+%build
+%configure --enable-shared
+make %{?_smp_mflags}
+
+%define __spec_install_post \
+	%{?__debug_package:%{__debug_install_post}} \
+	%{__arch_install_post} \
+	%{__os_install_post} \
+	fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.* \
+	fipshmac -d $RPM_BUILD_ROOT%{_libdir} $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.* \
+	file=`basename $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libnettle.so.4.hmac \
+	file=`basename $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.*.hmac` && mv $RPM_BUILD_ROOT%{_libdir}/$file $RPM_BUILD_ROOT%{_libdir}/.$file && ln -s .$file $RPM_BUILD_ROOT%{_libdir}/.libhogweed.so.2.hmac \
+%{nil}
+
+
+%install
+make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
+make install-shared DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
+mkdir -p $RPM_BUILD_ROOT%{_infodir}
+install -p -m 644 nettle.info $RPM_BUILD_ROOT%{_infodir}/
+rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
+rm -f $RPM_BUILD_ROOT%{_infodir}/dir
+chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libnettle.so.4.*
+chmod 0755 $RPM_BUILD_ROOT%{_libdir}/libhogweed.so.2.*
+%check
+make check
+
+%files
+%doc AUTHORS ChangeLog COPYING.LIB NEWS README TODO
+%{_infodir}/nettle.info.gz
+%{_bindir}/nettle-lfib-stream
+%{_bindir}/pkcs1-conv
+%{_bindir}/sexp-conv
+%{_bindir}/nettle-hash
+%{_libdir}/libnettle.so.4
+%{_libdir}/libnettle.so.4.*
+%{_libdir}/libhogweed.so.2
+%{_libdir}/libhogweed.so.2.*
+%{_libdir}/.libhogweed.so.*.hmac
+%{_libdir}/.libnettle.so.*.hmac
+
+
+%files devel
+%doc descore.README nettle.html nettle.pdf COPYING.LIB
+%{_includedir}/nettle
+%{_libdir}/libnettle.so
+%{_libdir}/libhogweed.so
+%{_libdir}/pkgconfig/hogweed.pc
+%{_libdir}/pkgconfig/nettle.pc
+
+%post
+/sbin/install-info %{_infodir}/%{name}.info %{_infodir}/dir || :
+/sbin/ldconfig
+
+%preun
+if [ $1 = 0 ]; then
+  /sbin/install-info --delete %{_infodir}/%{name}.info %{_infodir}/dir || :
+fi
+
+%postun -p /sbin/ldconfig
+
+
+
+%changelog
+* Mon Aug  8 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-8
+- Use a cache-silent version of mpz_powm to prevent cache-timing
+  attacks against RSA and DSA in shared VMs. (#1364897,CVE-2016-6489)
+
+* Wed Mar  2 2016 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-5
+- Fixed SHA-3 implementation to conform to final standard (#1252936)
+- Fixed CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 which caused issues
+  in secp256r1 and secp384r1 calculations (#1314374)
+
+* Tue Jul 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-4
+- Correct path of links (#1117782)
+
+* Mon Jul 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.7.1-3
+- Added fipshmac checksum (#1117782)
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.7.1-2
+- Mass rebuild 2014-01-24
+
+* Wed Jan 15 2014 Tomáš Mráz <tmraz@redhat.com> - 2.7.1-1
+- Updated to nettle 2.7.1
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.6-4
+- Mass rebuild 2013-12-27
+
+* Fri Dec 13 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 2.6-3
+- Added patch nettle-tmpalloc.patch (#1033570)
+
+* Wed Feb  6 2013 Tomáš Mráz <tmraz@redhat.com> - 2.6-2
+- nettle includes use gmp.h
+
+* Tue Feb  5 2013 Tomáš Mráz <tmraz@redhat.com> - 2.6-1
+- New upstream release
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Jul 05 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-3
+- Remove explicit buildroot handling and defattr.
+
+* Wed Jul 04 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-2
+- Review feedback
+
+* Mon Jun 18 2012 David Woodhouse <dwmw2@infradead.org> - 2.4-1
+- Revive package (GnuTLS needs it), disable static, update to current release 2.4
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Thu Apr 10 2008 Ian Weller <ianweller@gmail.com> 1.15-5
+- Moved static lib to -static
+
+* Mon Mar 24 2008 Ian Weller <ianweller@gmail.com> 1.15-4
+- Added libraries and ldconfig
+
+* Mon Feb 18 2008 Ian Weller <ianweller@gmail.com> 1.15-3
+- Added provides -static to -devel
+
+* Sun Feb 17 2008 Ian Weller <ianweller@gmail.com> 1.15-2
+- Removed redundant requires
+- Removed redundant documentation between packages
+- Fixed license tag
+- Fixed -devel description
+- Added the static library back to -devel
+- Added make clean
+
+* Fri Feb 08 2008 Ian Weller <ianweller@gmail.com> 1.15-1
+- First package build.