On 2021-02-10 Andreas Metzler wrote:
> Package: libnettle8
> Version: 3.7-1
> Severity: serious
> Tags: upstream patch fixed-upstream
> nettle 3.7 breaks GnuTLS testsuite on ppc64(el). I had forwarded this
> upstream
> https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009418.html and
> there is now a fix (+ testsuite coverage) in nettle GIT master.
[...]
Find attached a proposed debdiff.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru nettle-3.7/debian/changelog nettle-3.7/debian/changelog
--- nettle-3.7/debian/changelog 2021-02-01 00:01:59.0 +0100
+++ nettle-3.7/debian/changelog 2021-02-13 08:34:20.0 +0100
@@ -1,3 +1,12 @@
+nettle (3.7-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix chacha breakage on ppc64(el). Closes: #982482
++ 0001-Improve-chacha-test-coverage.patch
++ 0002-Fix-chacha-counter-update-for-_4core-variants.patch
+
+ -- Andreas Metzler Sat, 13 Feb 2021 08:34:20 +0100
+
nettle (3.7-2) unstable; urgency=low
* Adjust libnettle8.symbols.
diff -Nru nettle-3.7/debian/patches/0001-Improve-chacha-test-coverage.patch nettle-3.7/debian/patches/0001-Improve-chacha-test-coverage.patch
--- nettle-3.7/debian/patches/0001-Improve-chacha-test-coverage.patch 1970-01-01 01:00:00.0 +0100
+++ nettle-3.7/debian/patches/0001-Improve-chacha-test-coverage.patch 2021-02-13 08:29:19.0 +0100
@@ -0,0 +1,910 @@
+From dd1867efa005704fbac438896369694a44fd474b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Niels=20M=C3=B6ller?=
+Date: Wed, 10 Feb 2021 10:26:52 +0100
+Subject: [PATCH 1/2] Improve chacha test coverage.
+
+---
+ ChangeLog | 12 +
+ testsuite/chacha-test.c | 746 ++--
+ 2 files changed, 504 insertions(+), 254 deletions(-)
+
+ a/ChangeLog
+ b/ChangeLog
+ 2021-02-10 Niels Möller
+
+ * testsuite/chacha-test.c (test_chacha_rounds): New function, for
+ tests with non-standard round count. Extracted from _test_chacha.
+ (_test_chacha): Deleted rounds argument. Reorganized crypt/crypt32
+ handling. When testing message prefixes of varying length, also
+ encrypt the remainder of the message, to catch errors in counter
+ value update.
+ (test_main): Add a few tests with large messages (16 blocks, 1024
+ octets), to improve test coverage for _nettle_chacha_crypt_4core
+ and _nettle_chacha_crypt32_4core.
+
+diff --git a/testsuite/chacha-test.c b/testsuite/chacha-test.c
+index 5efe4ee2..8bbdd4ad 100644
+--- a/testsuite/chacha-test.c
b/testsuite/chacha-test.c
+@@ -121,119 +121,140 @@ test_chacha_core(void)
+ }
+ }
+
++/* For tests with non-standard number of rounds, calling
++ _nettle_chacha_core directly. */
+ static void
+-_test_chacha(const struct tstring *key, const struct tstring *nonce,
+- const struct tstring *expected, unsigned rounds,
+- const struct tstring *counter)
++test_chacha_rounds(const struct tstring *key, const struct tstring *nonce,
++ const struct tstring *expected, unsigned rounds)
+ {
+ struct chacha_ctx ctx;
++ uint32_t out[_CHACHA_STATE_LENGTH];
++ ASSERT (expected->length == CHACHA_BLOCK_SIZE);
+
+ ASSERT (key->length == CHACHA_KEY_SIZE);
+ chacha_set_key (&ctx, key->data);
+
+- if (rounds == 20)
++ ASSERT (nonce->length == CHACHA_NONCE_SIZE);
++ chacha_set_nonce(&ctx, nonce->data);
++
++ _nettle_chacha_core (out, ctx.state, rounds);
++
++ if (!MEMEQ(CHACHA_BLOCK_SIZE, out, expected->data))
+ {
+- uint8_t *data = xalloc (expected->length + 2);
+- size_t length;
+- data++;
++ printf("Error, expected:\n");
++ tstring_print_hex (expected);
++ printf("Got:\n");
++ print_hex(CHACHA_BLOCK_SIZE, (uint8_t *) out);
++ FAIL ();
++}
+
+- for (length = 1; length <= expected->length; length++)
+- {
+- data[-1] = 17;
+- memset (data, 0, length);
+- data[length] = 17;
+- if (nonce->length == CHACHA_NONCE_SIZE)
+- chacha_set_nonce(&ctx, nonce->data);
+- else if (nonce->length == CHACHA_NONCE96_SIZE)
+- {
+- chacha_set_nonce96(&ctx, nonce->data);
+- /* Use initial counter 1, for
+- draft-irtf-cfrg-chacha20-poly1305-08 test cases. */
+- ctx.state[12]++;
+- }
+- else
+- die ("Bad nonce size %u.\n", (unsigned) nonce->length);
++ if (verbose)
++{
++ printf("Result after encryption:\n");
++ print_hex(CHACHA_BLOCK_SIZE, (uint8_t *) out);
++}
++}
+
+- if (counter)
+- {
+- if (counter->length == CHACHA_COUNTER_SIZE)
+- {
+- ASSERT (nonce->length == CHACHA_NONCE_SIZE);
+- chacha_set_counter(&ctx, counter->data);
+- }
+- else if (counter->length == CHACHA_COUNTER32_SIZE)
+- {
+- ASSERT (nonce->length == CHACHA_NONCE96_SIZE);
+- chacha_set_counter32(&ctx, counter->data);
+- }
+- }
++static void
++_test_chacha(const struct tstring *key, const struct tstring *nonce,
++ const struct tstring