From 252a4dd5090083ede6d8fdecbd2241b2b8a001b5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Fri, 13 Mar 2020 17:24:26 +0100
Subject: nettle: vendor in ChaCha20 implementation from nettle

This enables to use bundled ChaCha20 implementation if the system
nettle doesn't have nettle_chacha_set_counter.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 .gitignore                         |  1 +
 bootstrap.conf                     |  1 +
 configure.ac                       |  9 +++++
 devel/import-chacha-from-nettle.sh | 83 ++++++++++++++++++++++++++++++++++++++
 devel/nettle                       |  2 +-
 lib/nettle/Makefile.am             |  8 ++++
 6 files changed, 103 insertions(+), 1 deletion(-)
 create mode 100755 devel/import-chacha-from-nettle.sh

diff --git a/.gitignore b/.gitignore
index de27a2fc9a..7c397c517c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -232,6 +232,7 @@ lib/minitasn1/Makefile
 lib/minitasn1/Makefile.in
 lib/nettle/libcrypto.la
 lib/nettle/curve448
+lib/nettle/chacha
 lib/opencdk/libminiopencdk.la
 lib/opencdk/Makefile
 lib/opencdk/Makefile.in
diff --git a/bootstrap.conf b/bootstrap.conf
index 9216ab6cf3..a2e9ae661d 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -103,4 +103,5 @@ bootstrap_post_import_hook ()
   touch ChangeLog || return 1
 
   devel/import-curve448-from-nettle.sh
+  devel/import-chacha-from-nettle.sh
 }
diff --git a/configure.ac b/configure.ac
index 09acf8b22f..99cb4091ef 100644
--- a/configure.ac
+++ b/configure.ac
@@ -669,6 +669,15 @@ LIBS=$save_LIBS
 AS_IF([test "$have_gostdsa" != "yes"], AC_DEFINE([NEED_GOSTDSA], 1, [Use backported GOST R 34.10 DSA support]))
 AM_CONDITIONAL(NEED_GOSTDSA, [test "$have_gostdsa" != "yes"])
 
+# Check if nettle has ChaCha20 initial block counter support
+have_chacha_set_counter=no
+save_LIBS=$LIBS
+LIBS="$LIBS $NETTLE_LIBS"
+AC_CHECK_FUNCS([nettle_chacha_set_counter],
+               [have_chacha_set_counter=yes])
+LIBS=$save_LIBS
+AM_CONDITIONAL(NEED_CHACHA, [test "$have_chacha_set_counter" != "yes"])
+
 AC_MSG_CHECKING([whether to build libdane])
 AC_ARG_ENABLE(libdane,
     AS_HELP_STRING([--disable-libdane],
diff --git a/devel/import-chacha-from-nettle.sh b/devel/import-chacha-from-nettle.sh
new file mode 100755
index 0000000000..c79f8b8c32
--- /dev/null
+++ b/devel/import-chacha-from-nettle.sh
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+# This script copies the ChaCha20 implementation from the
+# nettle upstream, with necessary adjustments for bundling in GnuTLS.
+
+set +e
+
+: ${srcdir=.}
+SRC=$srcdir/devel/nettle
+DST=$srcdir/lib/nettle/chacha
+
+IMPORTS="
+chacha-core-internal.c
+chacha-crypt.c
+chacha-internal.h
+chacha-poly1305.c
+chacha-poly1305.h
+chacha-set-key.c
+chacha-set-nonce.c
+chacha.h
+"
+
+PUBLIC="
+bignum.h
+ecc-curve.h
+ecc.h
+macros.h
+memxor.h
+nettle-meta.h
+nettle-types.h
+poly1305.h
+"
+
+test -d $DST || mkdir $DST
+
+for f in $IMPORTS; do
+  src=$SRC/$f
+  dst=$DST/$f
+  if test -f $src; then
+    if test -f $dst; then
+      echo "Replacing $dst (existing file backed up in $dst~)"
+      mv $dst $dst~
+    else
+      echo "Copying file $dst"
+    fi
+    cp $src $dst
+    # Use <nettle/*.h> for public headers.
+    for h in $PUBLIC; do
+      p=$(echo $h | sed 's/\./\\./g')
+      if grep '^#include "'$p'"' $dst 2>&1 >/dev/null; then
+	sed 's!^#include "'$p'"!#include <nettle/'$h'>!' $dst > $dst-t && \
+	  mv $dst-t $dst
+      fi
+    done
+    # Remove unused <assert.h>.
+    if grep '^#include <assert\.h>' $dst 2>&1 >/dev/null; then
+      if ! grep 'assert *(' $dst 2>&1 >/dev/null; then
+	sed '/^#include <assert\.h>/d' $dst > $dst-t && mv $dst-t $dst
+      fi
+    fi
+    case $dst in
+      *.h)
+	# Rename header guard so as not to conflict with the public ones.
+	if grep '^#ifndef NETTLE_.*_H\(_INCLUDED\)*' $dst 2>&1 >/dev/null; then
+	  g=$(sed -n 's/^#ifndef NETTLE_\(.*_H\(_INCLUDED\)*\)/\1/p' $dst)
+	  sed 's/\(NETTLE_'$g'\)/GNUTLS_LIB_NETTLE_CHACHA_\1/' $dst > $dst-t && \
+	    mv $dst-t $dst
+	fi
+	;;
+    esac
+    case $dst in
+      *.h)
+	# Add prefix to function symbols avoid clashing with the public ones.
+	sed -e 's/^#define \(.*\) nettle_\1/#define \1 gnutls_nettle_chacha_\1/' \
+	    -e 's/^#define \(.*\) _nettle_\1/#define \1 _gnutls_nettle_chacha_\1/' $dst > $dst-t && \
+	  mv $dst-t $dst
+      ;;
+    esac
+  else
+    echo "Error: $src not found" 1>&2
+    exit 1
+  fi
+done
diff --git a/devel/nettle b/devel/nettle
index d1dbba1e7f..dedba6ff09 160000
--- a/devel/nettle
+++ b/devel/nettle
@@ -1 +1 @@
-Subproject commit d1dbba1e7fcf4ad54e5d3435e381ae336c36cf2a
+Subproject commit dedba6ff09f78b96dbc5a2b3a13fb8825f438d3c
diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am
index ab49f7baed..84bb90a247 100644
--- a/lib/nettle/Makefile.am
+++ b/lib/nettle/Makefile.am
@@ -148,3 +148,11 @@ libcrypto_la_SOURCES += \
 	curve448/ed448-shake256.c curve448/ed448-shake256-pubkey.c \
 	curve448/ed448-shake256-sign.c curve448/ed448-shake256-verify.c
 endif
+
+if NEED_CHACHA
+libcrypto_la_SOURCES += \
+	chacha/chacha-core-internal.c chacha/chacha-crypt.c \
+	chacha/chacha-internal.h chacha/chacha-poly1305.c \
+	chacha/chacha-poly1305.h chacha/chacha-set-key.c \
+	chacha/chacha-set-nonce.c chacha/chacha.h
+endif
-- 
cgit v1.2.1