Control: tags 877436 + pending
Dear OndÅej,
I've prepared an NMU for botan1.10 (versioned as 1.10.17-0.1) and
will upload it to DELAYED/4. Please feel free to tell me if I
should delay it longer.
Cheers,
Chris
diff -Nru botan1.10-1.10.16/botan_version.py botan1.10-1.10.17/botan_version.py
--- botan1.10-1.10.16/botan_version.py 2017-04-05 01:07:02.000000000 +0000
+++ botan1.10-1.10.17/botan_version.py 2017-10-02 06:00:00.000000000 +0000
@@ -1,11 +1,11 @@
release_major = 1
release_minor = 10
-release_patch = 16
+release_patch = 17
release_so_abi_rev = 1
# These are set by the distribution script
-release_vc_rev = 'git:3756c97d295d06ac19cec6736e05003afb10623e'
-release_datestamp = 20170404
-release_type = 'released'
+release_vc_rev = 'git:f7fe6beb5b3b6f944aa7bac491a3455e48ef6ebb'
+release_datestamp = 20171002
+release_type = 'release'
diff -Nru botan1.10-1.10.16/configure.py botan1.10-1.10.17/configure.py
--- botan1.10-1.10.16/configure.py 2017-04-05 01:06:45.000000000 +0000
+++ botan1.10-1.10.17/configure.py 2017-10-02 06:00:00.000000000 +0000
@@ -59,9 +59,6 @@
logging.debug('Monotone reported revision %s' % (rev))
return 'mtn:' + rev
- except OSError as e:
- logging.debug('Error getting rev from monotone - %s' % (e[1]))
- return 'unknown'
except Exception as e:
logging.debug('Error getting rev from monotone - %s' % (e))
return 'unknown'
diff -Nru botan1.10-1.10.16/debian/changelog botan1.10-1.10.17/debian/changelog
--- botan1.10-1.10.16/debian/changelog 2017-05-29 11:45:02.000000000 +0000
+++ botan1.10-1.10.17/debian/changelog 2017-10-09 09:19:15.000000000 +0000
@@ -1,3 +1,13 @@
+botan1.10 (1.10.17-0.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream release 1.10.17 (Closes: #877436)
+ + [CVE-2017-14737]: Side channel affecting modular exponentiation
+ + Upstream has imported Debian architecture support patches, removed
+ them.
+
+ -- Christian Hofstaedtler <z...@debian.org> Mon, 09 Oct 2017 09:19:15 +0000
+
botan1.10 (1.10.16-1) unstable; urgency=high
* Update d/watch to match new upstream download directory
diff -Nru
botan1.10-1.10.16/debian/patches/0001-add-mips64-mipsn32-support.patch
botan1.10-1.10.17/debian/patches/0001-add-mips64-mipsn32-support.patch
--- botan1.10-1.10.16/debian/patches/0001-add-mips64-mipsn32-support.patch
2017-05-29 11:45:02.000000000 +0000
+++ botan1.10-1.10.17/debian/patches/0001-add-mips64-mipsn32-support.patch
1970-01-01 00:00:00.000000000 +0000
@@ -1,64 +0,0 @@
-From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ond...@debian.org>
-Date: Tue, 29 Nov 2016 15:10:20 +0100
-Subject: add-mips64-mipsn32-support
-
----
- src/build-data/arch/mipsn32.txt | 22 ++++++++++++++++++++++
- src/build-data/cc/clang.txt | 2 ++
- src/build-data/cc/gcc.txt | 1 +
- 3 files changed, 25 insertions(+)
- create mode 100644 src/build-data/arch/mipsn32.txt
-
-diff --git a/src/build-data/arch/mipsn32.txt b/src/build-data/arch/mipsn32.txt
-new file mode 100644
-index 0000000..96ced25
---- /dev/null
-+++ b/src/build-data/arch/mipsn32.txt
-@@ -0,0 +1,22 @@
-+<aliases>
-+mipsn32el # For Debian
-+</aliases>
-+
-+<submodels>
-+r4000
-+r4100
-+r4300
-+r4400
-+r4600
-+r4560
-+r5000
-+r8000
-+r10000
-+</submodels>
-+
-+<submodel_aliases>
-+r4k -> r4000
-+r5k -> r5000
-+r8k -> r8000
-+r10k -> r10000
-+</submodel_aliases>
-diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt
-index cbcfd89..23237e3 100644
---- a/src/build-data/cc/clang.txt
-+++ b/src/build-data/cc/clang.txt
-@@ -39,6 +39,8 @@ westmere -> "-march=corei7 -maes"
-
- <mach_abi_linking>
- x86_64 -> "-m64"
-+mips32 -> "-mabi=32"
-+mipsn32 -> "-mabi=n32"
- mips64 -> "-mabi=64"
- s390 -> "-m31"
- s390x -> "-m64"
-diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt
-index 1fc6831..938c065 100644
---- a/src/build-data/cc/gcc.txt
-+++ b/src/build-data/cc/gcc.txt
-@@ -80,6 +80,7 @@ hppa -> "-march=SUBMODEL" hppa
- ia64 -> "-mtune=SUBMODEL"
- m68k -> "-mSUBMODEL"
- mips32 -> "-mips1 -mcpu=SUBMODEL" mips32-
-+mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64-
- mips64 -> "-mips3 -mcpu=SUBMODEL" mips64-
- ppc32 -> "-mcpu=SUBMODEL" ppc
- ppc64 -> "-mcpu=SUBMODEL" ppc
diff -Nru botan1.10-1.10.16/debian/patches/0002-add-powerpc64le-support.patch
botan1.10-1.10.17/debian/patches/0002-add-powerpc64le-support.patch
--- botan1.10-1.10.16/debian/patches/0002-add-powerpc64le-support.patch
2017-05-29 11:45:02.000000000 +0000
+++ botan1.10-1.10.17/debian/patches/0002-add-powerpc64le-support.patch
1970-01-01 00:00:00.000000000 +0000
@@ -1,109 +0,0 @@
-From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ond...@debian.org>
-Date: Tue, 29 Nov 2016 15:10:20 +0100
-Subject: add-powerpc64le-support
-
----
- src/build-data/arch/ppc64.txt | 5 ++++-
- src/build-data/arch/ppc64le.txt | 21 +++++++++++++++++++++
- src/build-data/cc/gcc.txt | 1 +
- src/math/mp/mp_asm64/info.txt | 1 +
- src/utils/cpuid.cpp | 6 ++++++
- 5 files changed, 33 insertions(+), 1 deletion(-)
- create mode 100644 src/build-data/arch/ppc64le.txt
-
-diff --git a/src/build-data/arch/ppc64.txt b/src/build-data/arch/ppc64.txt
-index 954d918..f6f568e 100644
---- a/src/build-data/arch/ppc64.txt
-+++ b/src/build-data/arch/ppc64.txt
-@@ -17,6 +17,9 @@ power4
- power5
- power6
- power7
-+power7p
-+power8
-+power8e
- cellppu
- </submodels>
-
-@@ -25,5 +28,5 @@ cellbroadbandengine -> cellppu
- </submodel_aliases>
-
- <isa_extn>
--altivec:cellppu,ppc970,power6,power7
-+altivec:cellppu,ppc970,power6,power7,power7p,power8,power8e
- </isa_extn>
-diff --git a/src/build-data/arch/ppc64le.txt b/src/build-data/arch/ppc64le.txt
-new file mode 100644
-index 0000000..da93668
---- /dev/null
-+++ b/src/build-data/arch/ppc64le.txt
-@@ -0,0 +1,21 @@
-+endian little
-+
-+family ppc
-+
-+<aliases>
-+powerpc64le
-+ppc64el
-+</aliases>
-+
-+<submodels>
-+power7
-+power7p
-+power8
-+power8e
-+</submodels>
-+
-+# This should be enabled for all targets, but the Altivec code currently
-+# makes lots of endian assumptions that I don't have the time to fix up:
-+#<isa_extn>
-+#altivec:all
-+#</isa_extn>
-diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt
-index 938c065..32e19c9 100644
---- a/src/build-data/cc/gcc.txt
-+++ b/src/build-data/cc/gcc.txt
-@@ -84,6 +84,7 @@ mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64-
- mips64 -> "-mips3 -mcpu=SUBMODEL" mips64-
- ppc32 -> "-mcpu=SUBMODEL" ppc
- ppc64 -> "-mcpu=SUBMODEL" ppc
-+ppc64le -> "-mcpu=power7 -mtune=power8" ppc
- sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus" sparc32-
- sparc64 -> "-mcpu=v9 -mtune=SUBMODEL"
- x86_32 -> "-march=SUBMODEL -momit-leaf-frame-pointer"
-diff --git a/src/math/mp/mp_asm64/info.txt b/src/math/mp/mp_asm64/info.txt
-index 9af7c4a..2704718 100644
---- a/src/math/mp/mp_asm64/info.txt
-+++ b/src/math/mp/mp_asm64/info.txt
-@@ -12,6 +12,7 @@ alpha
- ia64
- mips64
- ppc64
-+ppc64le
- sparc64
- </arch>
-
-diff --git a/src/utils/cpuid.cpp b/src/utils/cpuid.cpp
-index f6581f0..eba5b18 100644
---- a/src/utils/cpuid.cpp
-+++ b/src/utils/cpuid.cpp
-@@ -157,6 +157,9 @@ bool altivec_check_pvr_emul()
- const u16bit PVR_G5_970GX = 0x0045;
- const u16bit PVR_POWER6 = 0x003E;
- const u16bit PVR_POWER7 = 0x003F;
-+ const u16bit PVR_POWER7p = 0x004A;
-+ const u16bit PVR_POWER8 = 0x004D;
-+ const u16bit PVR_POWER8E = 0x004B;
- const u16bit PVR_CELL_PPU = 0x0070;
-
- // Motorola produced G4s with PVR 0x800[0123C] (at least)
-@@ -177,6 +180,9 @@ bool altivec_check_pvr_emul()
- altivec_capable |= (pvr == PVR_G5_970GX);
- altivec_capable |= (pvr == PVR_POWER6);
- altivec_capable |= (pvr == PVR_POWER7);
-+ altivec_capable |= (pvr == PVR_POWER7p);
-+ altivec_capable |= (pvr == PVR_POWER8);
-+ altivec_capable |= (pvr == PVR_POWER8E);
- altivec_capable |= (pvr == PVR_CELL_PPU);
- #endif
-
diff -Nru botan1.10-1.10.16/debian/patches/0003-add-arm64-support.patch.patch
botan1.10-1.10.17/debian/patches/0003-add-arm64-support.patch.patch
--- botan1.10-1.10.16/debian/patches/0003-add-arm64-support.patch.patch
2017-05-29 11:45:02.000000000 +0000
+++ botan1.10-1.10.17/debian/patches/0003-add-arm64-support.patch.patch
1970-01-01 00:00:00.000000000 +0000
@@ -1,47 +0,0 @@
-From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ond...@debian.org>
-Date: Tue, 29 Nov 2016 15:10:20 +0100
-Subject: add-arm64-support.patch
-
----
- src/build-data/arch/aarch64.txt | 6 ++++++
- src/build-data/cc/gcc.txt | 1 +
- src/math/mp/mp_asm64/info.txt | 1 +
- 3 files changed, 8 insertions(+)
- create mode 100644 src/build-data/arch/aarch64.txt
-
-diff --git a/src/build-data/arch/aarch64.txt b/src/build-data/arch/aarch64.txt
-new file mode 100644
-index 0000000..863b000
---- /dev/null
-+++ b/src/build-data/arch/aarch64.txt
-@@ -0,0 +1,6 @@
-+endian little
-+
-+<aliases>
-+arm64 # For Debian
-+</aliases>
-+
-diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt
-index 32e19c9..db729b4 100644
---- a/src/build-data/cc/gcc.txt
-+++ b/src/build-data/cc/gcc.txt
-@@ -75,6 +75,7 @@ sh4 -> "-m4 -mieee"
-
- alpha -> "-mcpu=SUBMODEL" alpha-
- arm -> "-march=SUBMODEL"
-+aarch64 -> "-mtune=generic"
- superh -> "-mSUBMODEL" sh
- hppa -> "-march=SUBMODEL" hppa
- ia64 -> "-mtune=SUBMODEL"
-diff --git a/src/math/mp/mp_asm64/info.txt b/src/math/mp/mp_asm64/info.txt
-index 2704718..2664740 100644
---- a/src/math/mp/mp_asm64/info.txt
-+++ b/src/math/mp/mp_asm64/info.txt
-@@ -8,6 +8,7 @@ mp_generic:mp_asmi.h
- </header:internal>
-
- <arch>
-+aarch64
- alpha
- ia64
- mips64
diff -Nru botan1.10-1.10.16/debian/patches/0004-add-or1k-support.patch
botan1.10-1.10.17/debian/patches/0004-add-or1k-support.patch
--- botan1.10-1.10.16/debian/patches/0004-add-or1k-support.patch
2017-05-29 11:45:02.000000000 +0000
+++ botan1.10-1.10.17/debian/patches/0004-add-or1k-support.patch
1970-01-01 00:00:00.000000000 +0000
@@ -1,19 +0,0 @@
-From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <ond...@debian.org>
-Date: Tue, 29 Nov 2016 15:10:20 +0100
-Subject: add-or1k-support
-
----
- src/build-data/arch/or1k.txt | 4 ++++
- 1 file changed, 4 insertions(+)
- create mode 100644 src/build-data/arch/or1k.txt
-
-diff --git a/src/build-data/arch/or1k.txt b/src/build-data/arch/or1k.txt
-new file mode 100644
-index 0000000..c5fdc32
---- /dev/null
-+++ b/src/build-data/arch/or1k.txt
-@@ -0,0 +1,4 @@
-+endian big
-+<submodels>
-+or1k
-+</submodels>
diff -Nru botan1.10-1.10.16/debian/patches/series
botan1.10-1.10.17/debian/patches/series
--- botan1.10-1.10.16/debian/patches/series 2017-05-29 11:45:02.000000000
+0000
+++ botan1.10-1.10.17/debian/patches/series 1970-01-01 00:00:00.000000000
+0000
@@ -1,4 +0,0 @@
-0001-add-mips64-mipsn32-support.patch
-0002-add-powerpc64le-support.patch
-0003-add-arm64-support.patch.patch
-0004-add-or1k-support.patch
diff -Nru botan1.10-1.10.16/doc/log.txt botan1.10-1.10.17/doc/log.txt
--- botan1.10-1.10.16/doc/log.txt 2017-04-05 01:06:45.000000000 +0000
+++ botan1.10-1.10.17/doc/log.txt 2017-10-02 06:00:00.000000000 +0000
@@ -7,6 +7,36 @@
Series 1.10
----------------------------------------
+Version 1.10.17, 1.10.17
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* Address a side channel affecting modular exponentiation. An attacker
+ capabable of a local or cross-VM cache analysis attack may be able
+ to recover bits of secret exponents as used in RSA, DH, etc.
+ CVE-2017-14737
+
+* Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11
+ hash function. (GH #1192 #1148 #882)
+
+* Add SecureVector::data() function which returns the start of the
+ buffer. This makes it slightly simpler to support both 1.10 and 2.x
+ APIs in the same codebase.
+
+* When compiled by a C++11 (or later) compiler, a template typedef of
+ SecureVector, secure_vector, is added. In 2.x this class is a
+ std::vector with a custom allocator, so has a somewhat different
+ interface than SecureVector in 1.10. But this makes it slightly
+ simpler to support both 1.10 and 2.x APIs in the same codebase.
+
+* Fix a bug that prevented `configure.py` from running under Python3
+
+* Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build
+ will `#error` if OpenSSL 1.1 is detected. Avoid `--with-openssl`
+ if compiling against 1.1 or later. (GH #753)
+
+* Import patches from Debian adding basic support for building on
+ aarch64, ppc64le, or1k, and mipsn32 platforms.
+
Version 1.10.16, 2017-04-04
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff -Nru botan1.10-1.10.16/readme.txt botan1.10-1.10.17/readme.txt
--- botan1.10-1.10.16/readme.txt 2017-04-05 01:06:45.000000000 +0000
+++ botan1.10-1.10.17/readme.txt 2017-10-02 06:00:00.000000000 +0000
@@ -1,6 +1,6 @@
This branch (1.10) of Botan is only supported for security fixes until
-the end of 2017. Please upgrade to 2.0 API as soon as possible.
+the end of 2017. Please upgrade to 2.x as soon as possible.
Botan is a C++ library for performing a wide variety of cryptographic
diff -Nru botan1.10-1.10.16/src/alloc/secmem.h
botan1.10-1.10.17/src/alloc/secmem.h
--- botan1.10-1.10.16/src/alloc/secmem.h 2017-04-05 01:06:45.000000000
+0000
+++ botan1.10-1.10.17/src/alloc/secmem.h 2017-10-02 06:00:00.000000000
+0000
@@ -50,6 +50,12 @@
* Get a pointer to the first element in the buffer.
* @return pointer to the first element in the buffer
*/
+ T* data() { return buf; }
+
+ /**
+ * Get a pointer to the first element in the buffer.
+ * @return pointer to the first element in the buffer
+ */
T* begin() { return buf; }
/**
@@ -369,6 +375,13 @@
}
};
+#if __cplusplus >= 201103
+
+// For better compatability with 2.x API
+ template<typename T>
+ using secure_vector = SecureVector<T>;
+#endif
+
template<typename T>
MemoryRegion<T>& operator+=(MemoryRegion<T>& out,
const MemoryRegion<T>& in)
diff -Nru botan1.10-1.10.16/src/build-data/arch/aarch64.txt
botan1.10-1.10.17/src/build-data/arch/aarch64.txt
--- botan1.10-1.10.16/src/build-data/arch/aarch64.txt 1970-01-01
00:00:00.000000000 +0000
+++ botan1.10-1.10.17/src/build-data/arch/aarch64.txt 2017-10-02
06:00:00.000000000 +0000
@@ -0,0 +1,6 @@
+endian little
+
+<aliases>
+arm64 # For Debian
+</aliases>
+
diff -Nru botan1.10-1.10.16/src/build-data/arch/mipsn32.txt
botan1.10-1.10.17/src/build-data/arch/mipsn32.txt
--- botan1.10-1.10.16/src/build-data/arch/mipsn32.txt 1970-01-01
00:00:00.000000000 +0000
+++ botan1.10-1.10.17/src/build-data/arch/mipsn32.txt 2017-10-02
06:00:00.000000000 +0000
@@ -0,0 +1,22 @@
+<aliases>
+mipsn32el # For Debian
+</aliases>
+
+<submodels>
+r4000
+r4100
+r4300
+r4400
+r4600
+r4560
+r5000
+r8000
+r10000
+</submodels>
+
+<submodel_aliases>
+r4k -> r4000
+r5k -> r5000
+r8k -> r8000
+r10k -> r10000
+</submodel_aliases>
diff -Nru botan1.10-1.10.16/src/build-data/arch/or1k.txt
botan1.10-1.10.17/src/build-data/arch/or1k.txt
--- botan1.10-1.10.16/src/build-data/arch/or1k.txt 1970-01-01
00:00:00.000000000 +0000
+++ botan1.10-1.10.17/src/build-data/arch/or1k.txt 2017-10-02
06:00:00.000000000 +0000
@@ -0,0 +1,4 @@
+endian big
+<submodels>
+or1k
+</submodels>
diff -Nru botan1.10-1.10.16/src/build-data/arch/ppc64le.txt
botan1.10-1.10.17/src/build-data/arch/ppc64le.txt
--- botan1.10-1.10.16/src/build-data/arch/ppc64le.txt 1970-01-01
00:00:00.000000000 +0000
+++ botan1.10-1.10.17/src/build-data/arch/ppc64le.txt 2017-10-02
06:00:00.000000000 +0000
@@ -0,0 +1,21 @@
+endian little
+
+family ppc
+
+<aliases>
+powerpc64le
+ppc64el
+</aliases>
+
+<submodels>
+power7
+power7p
+power8
+power8e
+</submodels>
+
+# This should be enabled for all targets, but the Altivec code currently
+# makes lots of endian assumptions that I don't have the time to fix up:
+#<isa_extn>
+#altivec:all
+#</isa_extn>
diff -Nru botan1.10-1.10.16/src/build-data/arch/ppc64.txt
botan1.10-1.10.17/src/build-data/arch/ppc64.txt
--- botan1.10-1.10.16/src/build-data/arch/ppc64.txt 2017-04-05
01:06:45.000000000 +0000
+++ botan1.10-1.10.17/src/build-data/arch/ppc64.txt 2017-10-02
06:00:00.000000000 +0000
@@ -17,6 +17,9 @@
power5
power6
power7
+power7p
+power8
+power8e
cellppu
</submodels>
@@ -25,5 +28,5 @@
</submodel_aliases>
<isa_extn>
-altivec:cellppu,ppc970,power6,power7
+altivec:cellppu,ppc970,power6,power7,power7p,power8,power8e
</isa_extn>
diff -Nru botan1.10-1.10.16/src/build-data/cc/clang.txt
botan1.10-1.10.17/src/build-data/cc/clang.txt
--- botan1.10-1.10.16/src/build-data/cc/clang.txt 2017-04-05
01:06:45.000000000 +0000
+++ botan1.10-1.10.17/src/build-data/cc/clang.txt 2017-10-02
06:00:00.000000000 +0000
@@ -39,6 +39,8 @@
<mach_abi_linking>
x86_64 -> "-m64"
+mips32 -> "-mabi=32"
+mipsn32 -> "-mabi=n32"
mips64 -> "-mabi=64"
s390 -> "-m31"
s390x -> "-m64"
diff -Nru botan1.10-1.10.16/src/build-data/cc/gcc.txt
botan1.10-1.10.17/src/build-data/cc/gcc.txt
--- botan1.10-1.10.16/src/build-data/cc/gcc.txt 2017-04-05 01:06:45.000000000
+0000
+++ botan1.10-1.10.17/src/build-data/cc/gcc.txt 2017-10-02 06:00:00.000000000
+0000
@@ -75,14 +75,17 @@
alpha -> "-mcpu=SUBMODEL" alpha-
arm -> "-march=SUBMODEL"
+aarch64 -> "-mtune=generic"
superh -> "-mSUBMODEL" sh
hppa -> "-march=SUBMODEL" hppa
ia64 -> "-mtune=SUBMODEL"
m68k -> "-mSUBMODEL"
mips32 -> "-mips1 -mcpu=SUBMODEL" mips32-
+mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64-
mips64 -> "-mips3 -mcpu=SUBMODEL" mips64-
ppc32 -> "-mcpu=SUBMODEL" ppc
ppc64 -> "-mcpu=SUBMODEL" ppc
+ppc64le -> "-mcpu=power7 -mtune=power8" ppc
sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus" sparc32-
sparc64 -> "-mcpu=v9 -mtune=SUBMODEL"
x86_32 -> "-march=SUBMODEL -momit-leaf-frame-pointer"
@@ -98,6 +101,7 @@
sparc32 -> "-m32 -mno-app-regs"
sparc64 -> "-m64 -mno-app-regs"
ppc64 -> "-m64"
+ppc64le -> "-m64"
# This should probably be used on most/all targets, but the docs are unclear
openbsd -> "-pthread"
diff -Nru botan1.10-1.10.16/src/engine/openssl/ossl_bc.cpp
botan1.10-1.10.17/src/engine/openssl/ossl_bc.cpp
--- botan1.10-1.10.16/src/engine/openssl/ossl_bc.cpp 2017-04-05
01:06:45.000000000 +0000
+++ botan1.10-1.10.17/src/engine/openssl/ossl_bc.cpp 2017-10-02
06:00:00.000000000 +0000
@@ -8,6 +8,10 @@
#include <botan/internal/openssl_engine.h>
#include <openssl/evp.h>
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x"
+#endif
+
namespace Botan {
namespace {
diff -Nru botan1.10-1.10.16/src/engine/openssl/ossl_md.cpp
botan1.10-1.10.17/src/engine/openssl/ossl_md.cpp
--- botan1.10-1.10.16/src/engine/openssl/ossl_md.cpp 2017-04-05
01:06:45.000000000 +0000
+++ botan1.10-1.10.17/src/engine/openssl/ossl_md.cpp 2017-10-02
06:00:00.000000000 +0000
@@ -8,6 +8,10 @@
#include <botan/internal/openssl_engine.h>
#include <openssl/evp.h>
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x"
+#endif
+
namespace Botan {
namespace {
diff -Nru botan1.10-1.10.16/src/hash/gost_3411/gost_3411.cpp
botan1.10-1.10.17/src/hash/gost_3411/gost_3411.cpp
--- botan1.10-1.10.16/src/hash/gost_3411/gost_3411.cpp 2017-04-05
01:06:45.000000000 +0000
+++ botan1.10-1.10.17/src/hash/gost_3411/gost_3411.cpp 2017-10-02
06:00:00.000000000 +0000
@@ -90,8 +90,11 @@
// P transformation
for(size_t k = 0; k != 4; ++k)
+ {
+ const uint64_t UVk = U[k] ^ V[k];
for(size_t l = 0; l != 8; ++l)
- key[4*l+k] = get_byte(l, U[k]) ^ get_byte(l, V[k]);
+ key[4*l+k] = get_byte(l, UVk);
+ }
cipher.set_key(key, 32);
cipher.encrypt(&hash[8*j], S + 8*j);
diff -Nru botan1.10-1.10.16/src/math/bigint/bigint.cpp
botan1.10-1.10.17/src/math/bigint/bigint.cpp
--- botan1.10-1.10.16/src/math/bigint/bigint.cpp 2017-04-05
01:06:45.000000000 +0000
+++ botan1.10-1.10.17/src/math/bigint/bigint.cpp 2017-10-02
06:00:00.000000000 +0000
@@ -10,6 +10,7 @@
#include <botan/get_byte.h>
#include <botan/parsing.h>
#include <botan/internal/rounding.h>
+#include <botan/internal/ct_utils.h>
namespace Botan {
@@ -373,4 +374,25 @@
binary_decode(buf, buf.size());
}
+void BigInt::shrink_to_fit()
+ {
+ reg.resize(sig_words());
+ }
+
+void BigInt::const_time_lookup(SecureVector<word>& output,
+ const std::vector<BigInt>& vec,
+ size_t idx)
+ {
+ const size_t words = output.size();
+
+ clear_mem(output.data(), output.size());
+
+ for(size_t i = 0; i != vec.size(); ++i)
+ {
+ for(size_t w = 0; w != words; ++w)
+ output[w] |= CT::select<word>(CT::is_equal(i, idx),
vec[i].word_at(w), 0);
+ }
+ }
+
+
}
diff -Nru botan1.10-1.10.16/src/math/bigint/bigint.h
botan1.10-1.10.17/src/math/bigint/bigint.h
--- botan1.10-1.10.16/src/math/bigint/bigint.h 2017-04-05 01:06:45.000000000
+0000
+++ botan1.10-1.10.17/src/math/bigint/bigint.h 2017-10-02 06:00:00.000000000
+0000
@@ -500,6 +500,12 @@
*/
BigInt(NumberType type, size_t n);
+ void shrink_to_fit();
+
+ static void const_time_lookup(SecureVector<word>& output,
+ const std::vector<BigInt>& vec,
+ size_t idx);
+
private:
SecureVector<word> reg;
Sign signedness;
diff -Nru botan1.10-1.10.16/src/math/mp/mp_asm64/info.txt
botan1.10-1.10.17/src/math/mp/mp_asm64/info.txt
--- botan1.10-1.10.16/src/math/mp/mp_asm64/info.txt 2017-04-05
01:06:45.000000000 +0000
+++ botan1.10-1.10.17/src/math/mp/mp_asm64/info.txt 2017-10-02
06:00:00.000000000 +0000
@@ -8,10 +8,12 @@
</header:internal>
<arch>
+aarch64
alpha
ia64
mips64
ppc64
+ppc64le
sparc64
</arch>
diff -Nru botan1.10-1.10.16/src/math/numbertheory/powm_mnt.cpp
botan1.10-1.10.17/src/math/numbertheory/powm_mnt.cpp
--- botan1.10-1.10.16/src/math/numbertheory/powm_mnt.cpp 2017-04-05
01:06:45.000000000 +0000
+++ botan1.10-1.10.17/src/math/numbertheory/powm_mnt.cpp 2017-10-02
06:00:00.000000000 +0000
@@ -68,6 +68,7 @@
&workspace[0]);
g[i].assign(&z[0], mod_words + 1);
+ g[i].grow_to(mod_words);
}
}
@@ -81,6 +82,7 @@
BigInt x = R_mod;
SecureVector<word> z(2 * (mod_words + 1));
SecureVector<word> workspace(2 * (mod_words + 1));
+ SecureVector<word> e(mod_words);
for(size_t i = exp_nibbles; i > 0; --i)
{
@@ -98,12 +100,13 @@
const u32bit nibble = exp.get_substring(window_bits*(i-1), window_bits);
- const BigInt& y = g[nibble];
-
zeroise(z);
+
+ BigInt::const_time_lookup(e, g, nibble);
+
bigint_monty_mul(&z[0], z.size(),
x.data(), x.size(), x.sig_words(),
- y.data(), y.size(), y.sig_words(),
+ e.data(), e.size(), e.size(),
modulus.data(), mod_words, mod_prime,
&workspace[0]);
diff -Nru botan1.10-1.10.16/src/utils/cpuid.cpp
botan1.10-1.10.17/src/utils/cpuid.cpp
--- botan1.10-1.10.16/src/utils/cpuid.cpp 2017-04-05 01:06:45.000000000
+0000
+++ botan1.10-1.10.17/src/utils/cpuid.cpp 2017-10-02 06:00:00.000000000
+0000
@@ -157,6 +157,9 @@
const u16bit PVR_G5_970GX = 0x0045;
const u16bit PVR_POWER6 = 0x003E;
const u16bit PVR_POWER7 = 0x003F;
+ const u16bit PVR_POWER7p = 0x004A;
+ const u16bit PVR_POWER8 = 0x004D;
+ const u16bit PVR_POWER8E = 0x004B;
const u16bit PVR_CELL_PPU = 0x0070;
// Motorola produced G4s with PVR 0x800[0123C] (at least)
@@ -177,6 +180,9 @@
altivec_capable |= (pvr == PVR_G5_970GX);
altivec_capable |= (pvr == PVR_POWER6);
altivec_capable |= (pvr == PVR_POWER7);
+ altivec_capable |= (pvr == PVR_POWER7p);
+ altivec_capable |= (pvr == PVR_POWER8);
+ altivec_capable |= (pvr == PVR_POWER8E);
altivec_capable |= (pvr == PVR_CELL_PPU);
#endif
