No, please go ahead an upload directly. Thanks for the NMU.
Ondrej On 9 October 2017 at 11:33, <[email protected]> wrote: > Control: tags 877436 + pending > > Dear Ondřej, > > I've prepared an NMU for botan1.10 (versioned as 1.10.17-0.1) and > will upload it to DELAYED/4. Please feel free to tell me if I > should delay it longer. > > Cheers, > Chris > > > diff -Nru botan1.10-1.10.16/botan_version.py botan1.10-1.10.17/botan_ > version.py > --- botan1.10-1.10.16/botan_version.py 2017-04-05 01:07:02.000000000 > +0000 > +++ botan1.10-1.10.17/botan_version.py 2017-10-02 06:00:00.000000000 > +0000 > @@ -1,11 +1,11 @@ > > release_major = 1 > release_minor = 10 > -release_patch = 16 > +release_patch = 17 > > release_so_abi_rev = 1 > > # These are set by the distribution script > -release_vc_rev = 'git:3756c97d295d06ac19cec6736e05003afb10623e' > -release_datestamp = 20170404 > -release_type = 'released' > +release_vc_rev = 'git:f7fe6beb5b3b6f944aa7bac491a3455e48ef6ebb' > +release_datestamp = 20171002 > +release_type = 'release' > diff -Nru botan1.10-1.10.16/configure.py botan1.10-1.10.17/configure.py > --- botan1.10-1.10.16/configure.py 2017-04-05 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/configure.py 2017-10-02 06:00:00.000000000 +0000 > @@ -59,9 +59,6 @@ > logging.debug('Monotone reported revision %s' % (rev)) > > return 'mtn:' + rev > - except OSError as e: > - logging.debug('Error getting rev from monotone - %s' % (e[1])) > - return 'unknown' > except Exception as e: > logging.debug('Error getting rev from monotone - %s' % (e)) > return 'unknown' > diff -Nru botan1.10-1.10.16/debian/changelog botan1.10-1.10.17/debian/ > changelog > --- botan1.10-1.10.16/debian/changelog 2017-05-29 11:45:02.000000000 > +0000 > +++ botan1.10-1.10.17/debian/changelog 2017-10-09 09:19:15.000000000 > +0000 > @@ -1,3 +1,13 @@ > +botan1.10 (1.10.17-0.1) unstable; urgency=medium > + > + * Non-maintainer upload. > + * New upstream release 1.10.17 (Closes: #877436) > + + [CVE-2017-14737]: Side channel affecting modular exponentiation > + + Upstream has imported Debian architecture support patches, removed > + them. > + > + -- Christian Hofstaedtler <[email protected]> Mon, 09 Oct 2017 09:19:15 > +0000 > + > botan1.10 (1.10.16-1) unstable; urgency=high > > * Update d/watch to match new upstream download directory > diff -Nru > botan1.10-1.10.16/debian/patches/0001-add-mips64-mipsn32-support.patch > botan1.10-1.10.17/debian/patches/0001-add-mips64-mipsn32-support.patch > --- botan1.10-1.10.16/debian/patches/0001-add-mips64-mipsn32-support.patch > 2017-05-29 11:45:02.000000000 +0000 > +++ botan1.10-1.10.17/debian/patches/0001-add-mips64-mipsn32-support.patch > 1970-01-01 00:00:00.000000000 +0000 > @@ -1,64 +0,0 @@ > -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <[email protected]> > -Date: Tue, 29 Nov 2016 15:10:20 +0100 > -Subject: add-mips64-mipsn32-support > - > ---- > - src/build-data/arch/mipsn32.txt | 22 ++++++++++++++++++++++ > - src/build-data/cc/clang.txt | 2 ++ > - src/build-data/cc/gcc.txt | 1 + > - 3 files changed, 25 insertions(+) > - create mode 100644 src/build-data/arch/mipsn32.txt > - > -diff --git a/src/build-data/arch/mipsn32.txt > b/src/build-data/arch/mipsn32.txt > -new file mode 100644 > -index 0000000..96ced25 > ---- /dev/null > -+++ b/src/build-data/arch/mipsn32.txt > -@@ -0,0 +1,22 @@ > -+<aliases> > -+mipsn32el # For Debian > -+</aliases> > -+ > -+<submodels> > -+r4000 > -+r4100 > -+r4300 > -+r4400 > -+r4600 > -+r4560 > -+r5000 > -+r8000 > -+r10000 > -+</submodels> > -+ > -+<submodel_aliases> > -+r4k -> r4000 > -+r5k -> r5000 > -+r8k -> r8000 > -+r10k -> r10000 > -+</submodel_aliases> > -diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt > -index cbcfd89..23237e3 100644 > ---- a/src/build-data/cc/clang.txt > -+++ b/src/build-data/cc/clang.txt > -@@ -39,6 +39,8 @@ westmere -> "-march=corei7 -maes" > - > - <mach_abi_linking> > - x86_64 -> "-m64" > -+mips32 -> "-mabi=32" > -+mipsn32 -> "-mabi=n32" > - mips64 -> "-mabi=64" > - s390 -> "-m31" > - s390x -> "-m64" > -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt > -index 1fc6831..938c065 100644 > ---- a/src/build-data/cc/gcc.txt > -+++ b/src/build-data/cc/gcc.txt > -@@ -80,6 +80,7 @@ hppa -> "-march=SUBMODEL" hppa > - ia64 -> "-mtune=SUBMODEL" > - m68k -> "-mSUBMODEL" > - mips32 -> "-mips1 -mcpu=SUBMODEL" mips32- > -+mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- > - mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- > - ppc32 -> "-mcpu=SUBMODEL" ppc > - ppc64 -> "-mcpu=SUBMODEL" ppc > diff -Nru botan1.10-1.10.16/debian/patches/0002-add-powerpc64le-support.patch > botan1.10-1.10.17/debian/patches/0002-add-powerpc64le-support.patch > --- botan1.10-1.10.16/debian/patches/0002-add-powerpc64le-support.patch > 2017-05-29 11:45:02.000000000 +0000 > +++ botan1.10-1.10.17/debian/patches/0002-add-powerpc64le-support.patch > 1970-01-01 00:00:00.000000000 +0000 > @@ -1,109 +0,0 @@ > -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <[email protected]> > -Date: Tue, 29 Nov 2016 15:10:20 +0100 > -Subject: add-powerpc64le-support > - > ---- > - src/build-data/arch/ppc64.txt | 5 ++++- > - src/build-data/arch/ppc64le.txt | 21 +++++++++++++++++++++ > - src/build-data/cc/gcc.txt | 1 + > - src/math/mp/mp_asm64/info.txt | 1 + > - src/utils/cpuid.cpp | 6 ++++++ > - 5 files changed, 33 insertions(+), 1 deletion(-) > - create mode 100644 src/build-data/arch/ppc64le.txt > - > -diff --git a/src/build-data/arch/ppc64.txt b/src/build-data/arch/ppc64. > txt > -index 954d918..f6f568e 100644 > ---- a/src/build-data/arch/ppc64.txt > -+++ b/src/build-data/arch/ppc64.txt > -@@ -17,6 +17,9 @@ power4 > - power5 > - power6 > - power7 > -+power7p > -+power8 > -+power8e > - cellppu > - </submodels> > - > -@@ -25,5 +28,5 @@ cellbroadbandengine -> cellppu > - </submodel_aliases> > - > - <isa_extn> > --altivec:cellppu,ppc970,power6,power7 > -+altivec:cellppu,ppc970,power6,power7,power7p,power8,power8e > - </isa_extn> > -diff --git a/src/build-data/arch/ppc64le.txt > b/src/build-data/arch/ppc64le.txt > -new file mode 100644 > -index 0000000..da93668 > ---- /dev/null > -+++ b/src/build-data/arch/ppc64le.txt > -@@ -0,0 +1,21 @@ > -+endian little > -+ > -+family ppc > -+ > -+<aliases> > -+powerpc64le > -+ppc64el > -+</aliases> > -+ > -+<submodels> > -+power7 > -+power7p > -+power8 > -+power8e > -+</submodels> > -+ > -+# This should be enabled for all targets, but the Altivec code currently > -+# makes lots of endian assumptions that I don't have the time to fix up: > -+#<isa_extn> > -+#altivec:all > -+#</isa_extn> > -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt > -index 938c065..32e19c9 100644 > ---- a/src/build-data/cc/gcc.txt > -+++ b/src/build-data/cc/gcc.txt > -@@ -84,6 +84,7 @@ mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- > - mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- > - ppc32 -> "-mcpu=SUBMODEL" ppc > - ppc64 -> "-mcpu=SUBMODEL" ppc > -+ppc64le -> "-mcpu=power7 -mtune=power8" ppc > - sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus" sparc32- > - sparc64 -> "-mcpu=v9 -mtune=SUBMODEL" > - x86_32 -> "-march=SUBMODEL -momit-leaf-frame-pointer" > -diff --git a/src/math/mp/mp_asm64/info.txt b/src/math/mp/mp_asm64/info. > txt > -index 9af7c4a..2704718 100644 > ---- a/src/math/mp/mp_asm64/info.txt > -+++ b/src/math/mp/mp_asm64/info.txt > -@@ -12,6 +12,7 @@ alpha > - ia64 > - mips64 > - ppc64 > -+ppc64le > - sparc64 > - </arch> > - > -diff --git a/src/utils/cpuid.cpp b/src/utils/cpuid.cpp > -index f6581f0..eba5b18 100644 > ---- a/src/utils/cpuid.cpp > -+++ b/src/utils/cpuid.cpp > -@@ -157,6 +157,9 @@ bool altivec_check_pvr_emul() > - const u16bit PVR_G5_970GX = 0x0045; > - const u16bit PVR_POWER6 = 0x003E; > - const u16bit PVR_POWER7 = 0x003F; > -+ const u16bit PVR_POWER7p = 0x004A; > -+ const u16bit PVR_POWER8 = 0x004D; > -+ const u16bit PVR_POWER8E = 0x004B; > - const u16bit PVR_CELL_PPU = 0x0070; > - > - // Motorola produced G4s with PVR 0x800[0123C] (at least) > -@@ -177,6 +180,9 @@ bool altivec_check_pvr_emul() > - altivec_capable |= (pvr == PVR_G5_970GX); > - altivec_capable |= (pvr == PVR_POWER6); > - altivec_capable |= (pvr == PVR_POWER7); > -+ altivec_capable |= (pvr == PVR_POWER7p); > -+ altivec_capable |= (pvr == PVR_POWER8); > -+ altivec_capable |= (pvr == PVR_POWER8E); > - altivec_capable |= (pvr == PVR_CELL_PPU); > - #endif > - > diff -Nru botan1.10-1.10.16/debian/patches/0003-add-arm64-support.patch.patch > botan1.10-1.10.17/debian/patches/0003-add-arm64-support.patch.patch > --- botan1.10-1.10.16/debian/patches/0003-add-arm64-support.patch.patch > 2017-05-29 11:45:02.000000000 +0000 > +++ botan1.10-1.10.17/debian/patches/0003-add-arm64-support.patch.patch > 1970-01-01 00:00:00.000000000 +0000 > @@ -1,47 +0,0 @@ > -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <[email protected]> > -Date: Tue, 29 Nov 2016 15:10:20 +0100 > -Subject: add-arm64-support.patch > - > ---- > - src/build-data/arch/aarch64.txt | 6 ++++++ > - src/build-data/cc/gcc.txt | 1 + > - src/math/mp/mp_asm64/info.txt | 1 + > - 3 files changed, 8 insertions(+) > - create mode 100644 src/build-data/arch/aarch64.txt > - > -diff --git a/src/build-data/arch/aarch64.txt > b/src/build-data/arch/aarch64.txt > -new file mode 100644 > -index 0000000..863b000 > ---- /dev/null > -+++ b/src/build-data/arch/aarch64.txt > -@@ -0,0 +1,6 @@ > -+endian little > -+ > -+<aliases> > -+arm64 # For Debian > -+</aliases> > -+ > -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt > -index 32e19c9..db729b4 100644 > ---- a/src/build-data/cc/gcc.txt > -+++ b/src/build-data/cc/gcc.txt > -@@ -75,6 +75,7 @@ sh4 -> "-m4 -mieee" > - > - alpha -> "-mcpu=SUBMODEL" alpha- > - arm -> "-march=SUBMODEL" > -+aarch64 -> "-mtune=generic" > - superh -> "-mSUBMODEL" sh > - hppa -> "-march=SUBMODEL" hppa > - ia64 -> "-mtune=SUBMODEL" > -diff --git a/src/math/mp/mp_asm64/info.txt b/src/math/mp/mp_asm64/info. > txt > -index 2704718..2664740 100644 > ---- a/src/math/mp/mp_asm64/info.txt > -+++ b/src/math/mp/mp_asm64/info.txt > -@@ -8,6 +8,7 @@ mp_generic:mp_asmi.h > - </header:internal> > - > - <arch> > -+aarch64 > - alpha > - ia64 > - mips64 > diff -Nru botan1.10-1.10.16/debian/patches/0004-add-or1k-support.patch > botan1.10-1.10.17/debian/patches/0004-add-or1k-support.patch > --- botan1.10-1.10.16/debian/patches/0004-add-or1k-support.patch > 2017-05-29 11:45:02.000000000 +0000 > +++ botan1.10-1.10.17/debian/patches/0004-add-or1k-support.patch > 1970-01-01 00:00:00.000000000 +0000 > @@ -1,19 +0,0 @@ > -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= <[email protected]> > -Date: Tue, 29 Nov 2016 15:10:20 +0100 > -Subject: add-or1k-support > - > ---- > - src/build-data/arch/or1k.txt | 4 ++++ > - 1 file changed, 4 insertions(+) > - create mode 100644 src/build-data/arch/or1k.txt > - > -diff --git a/src/build-data/arch/or1k.txt b/src/build-data/arch/or1k.txt > -new file mode 100644 > -index 0000000..c5fdc32 > ---- /dev/null > -+++ b/src/build-data/arch/or1k.txt > -@@ -0,0 +1,4 @@ > -+endian big > -+<submodels> > -+or1k > -+</submodels> > diff -Nru botan1.10-1.10.16/debian/patches/series > botan1.10-1.10.17/debian/patches/series > --- botan1.10-1.10.16/debian/patches/series 2017-05-29 > 11:45:02.000000000 +0000 > +++ botan1.10-1.10.17/debian/patches/series 1970-01-01 > 00:00:00.000000000 +0000 > @@ -1,4 +0,0 @@ > -0001-add-mips64-mipsn32-support.patch > -0002-add-powerpc64le-support.patch > -0003-add-arm64-support.patch.patch > -0004-add-or1k-support.patch > diff -Nru botan1.10-1.10.16/doc/log.txt botan1.10-1.10.17/doc/log.txt > --- botan1.10-1.10.16/doc/log.txt 2017-04-05 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/doc/log.txt 2017-10-02 06:00:00.000000000 +0000 > @@ -7,6 +7,36 @@ > Series 1.10 > ---------------------------------------- > > +Version 1.10.17, 1.10.17 > +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > + > +* Address a side channel affecting modular exponentiation. An attacker > + capabable of a local or cross-VM cache analysis attack may be able > + to recover bits of secret exponents as used in RSA, DH, etc. > + CVE-2017-14737 > + > +* Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 > + hash function. (GH #1192 #1148 #882) > + > +* Add SecureVector::data() function which returns the start of the > + buffer. This makes it slightly simpler to support both 1.10 and 2.x > + APIs in the same codebase. > + > +* When compiled by a C++11 (or later) compiler, a template typedef of > + SecureVector, secure_vector, is added. In 2.x this class is a > + std::vector with a custom allocator, so has a somewhat different > + interface than SecureVector in 1.10. But this makes it slightly > + simpler to support both 1.10 and 2.x APIs in the same codebase. > + > +* Fix a bug that prevented `configure.py` from running under Python3 > + > +* Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build > + will `#error` if OpenSSL 1.1 is detected. Avoid `--with-openssl` > + if compiling against 1.1 or later. (GH #753) > + > +* Import patches from Debian adding basic support for building on > + aarch64, ppc64le, or1k, and mipsn32 platforms. > + > Version 1.10.16, 2017-04-04 > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > diff -Nru botan1.10-1.10.16/readme.txt botan1.10-1.10.17/readme.txt > --- botan1.10-1.10.16/readme.txt 2017-04-05 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/readme.txt 2017-10-02 06:00:00.000000000 +0000 > @@ -1,6 +1,6 @@ > > This branch (1.10) of Botan is only supported for security fixes until > -the end of 2017. Please upgrade to 2.0 API as soon as possible. > +the end of 2017. Please upgrade to 2.x as soon as possible. > > > Botan is a C++ library for performing a wide variety of cryptographic > diff -Nru botan1.10-1.10.16/src/alloc/secmem.h > botan1.10-1.10.17/src/alloc/secmem.h > --- botan1.10-1.10.16/src/alloc/secmem.h 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/alloc/secmem.h 2017-10-02 > 06:00:00.000000000 +0000 > @@ -50,6 +50,12 @@ > * Get a pointer to the first element in the buffer. > * @return pointer to the first element in the buffer > */ > + T* data() { return buf; } > + > + /** > + * Get a pointer to the first element in the buffer. > + * @return pointer to the first element in the buffer > + */ > T* begin() { return buf; } > > /** > @@ -369,6 +375,13 @@ > } > }; > > +#if __cplusplus >= 201103 > + > +// For better compatability with 2.x API > + template<typename T> > + using secure_vector = SecureVector<T>; > +#endif > + > template<typename T> > MemoryRegion<T>& operator+=(MemoryRegion<T>& out, > const MemoryRegion<T>& in) > diff -Nru botan1.10-1.10.16/src/build-data/arch/aarch64.txt > botan1.10-1.10.17/src/build-data/arch/aarch64.txt > --- botan1.10-1.10.16/src/build-data/arch/aarch64.txt 1970-01-01 > 00:00:00.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/arch/aarch64.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -0,0 +1,6 @@ > +endian little > + > +<aliases> > +arm64 # For Debian > +</aliases> > + > diff -Nru botan1.10-1.10.16/src/build-data/arch/mipsn32.txt > botan1.10-1.10.17/src/build-data/arch/mipsn32.txt > --- botan1.10-1.10.16/src/build-data/arch/mipsn32.txt 1970-01-01 > 00:00:00.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/arch/mipsn32.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -0,0 +1,22 @@ > +<aliases> > +mipsn32el # For Debian > +</aliases> > + > +<submodels> > +r4000 > +r4100 > +r4300 > +r4400 > +r4600 > +r4560 > +r5000 > +r8000 > +r10000 > +</submodels> > + > +<submodel_aliases> > +r4k -> r4000 > +r5k -> r5000 > +r8k -> r8000 > +r10k -> r10000 > +</submodel_aliases> > diff -Nru botan1.10-1.10.16/src/build-data/arch/or1k.txt > botan1.10-1.10.17/src/build-data/arch/or1k.txt > --- botan1.10-1.10.16/src/build-data/arch/or1k.txt 1970-01-01 > 00:00:00.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/arch/or1k.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -0,0 +1,4 @@ > +endian big > +<submodels> > +or1k > +</submodels> > diff -Nru botan1.10-1.10.16/src/build-data/arch/ppc64le.txt > botan1.10-1.10.17/src/build-data/arch/ppc64le.txt > --- botan1.10-1.10.16/src/build-data/arch/ppc64le.txt 1970-01-01 > 00:00:00.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/arch/ppc64le.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -0,0 +1,21 @@ > +endian little > + > +family ppc > + > +<aliases> > +powerpc64le > +ppc64el > +</aliases> > + > +<submodels> > +power7 > +power7p > +power8 > +power8e > +</submodels> > + > +# This should be enabled for all targets, but the Altivec code currently > +# makes lots of endian assumptions that I don't have the time to fix up: > +#<isa_extn> > +#altivec:all > +#</isa_extn> > diff -Nru botan1.10-1.10.16/src/build-data/arch/ppc64.txt > botan1.10-1.10.17/src/build-data/arch/ppc64.txt > --- botan1.10-1.10.16/src/build-data/arch/ppc64.txt 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/arch/ppc64.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -17,6 +17,9 @@ > power5 > power6 > power7 > +power7p > +power8 > +power8e > cellppu > </submodels> > > @@ -25,5 +28,5 @@ > </submodel_aliases> > > <isa_extn> > -altivec:cellppu,ppc970,power6,power7 > +altivec:cellppu,ppc970,power6,power7,power7p,power8,power8e > </isa_extn> > diff -Nru botan1.10-1.10.16/src/build-data/cc/clang.txt > botan1.10-1.10.17/src/build-data/cc/clang.txt > --- botan1.10-1.10.16/src/build-data/cc/clang.txt 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/cc/clang.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -39,6 +39,8 @@ > > <mach_abi_linking> > x86_64 -> "-m64" > +mips32 -> "-mabi=32" > +mipsn32 -> "-mabi=n32" > mips64 -> "-mabi=64" > s390 -> "-m31" > s390x -> "-m64" > diff -Nru botan1.10-1.10.16/src/build-data/cc/gcc.txt > botan1.10-1.10.17/src/build-data/cc/gcc.txt > --- botan1.10-1.10.16/src/build-data/cc/gcc.txt 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/build-data/cc/gcc.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -75,14 +75,17 @@ > > alpha -> "-mcpu=SUBMODEL" alpha- > arm -> "-march=SUBMODEL" > +aarch64 -> "-mtune=generic" > superh -> "-mSUBMODEL" sh > hppa -> "-march=SUBMODEL" hppa > ia64 -> "-mtune=SUBMODEL" > m68k -> "-mSUBMODEL" > mips32 -> "-mips1 -mcpu=SUBMODEL" mips32- > +mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- > mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- > ppc32 -> "-mcpu=SUBMODEL" ppc > ppc64 -> "-mcpu=SUBMODEL" ppc > +ppc64le -> "-mcpu=power7 -mtune=power8" ppc > sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus" sparc32- > sparc64 -> "-mcpu=v9 -mtune=SUBMODEL" > x86_32 -> "-march=SUBMODEL -momit-leaf-frame-pointer" > @@ -98,6 +101,7 @@ > sparc32 -> "-m32 -mno-app-regs" > sparc64 -> "-m64 -mno-app-regs" > ppc64 -> "-m64" > +ppc64le -> "-m64" > > # This should probably be used on most/all targets, but the docs are > unclear > openbsd -> "-pthread" > diff -Nru botan1.10-1.10.16/src/engine/openssl/ossl_bc.cpp > botan1.10-1.10.17/src/engine/openssl/ossl_bc.cpp > --- botan1.10-1.10.16/src/engine/openssl/ossl_bc.cpp 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/engine/openssl/ossl_bc.cpp 2017-10-02 > 06:00:00.000000000 +0000 > @@ -8,6 +8,10 @@ > #include <botan/internal/openssl_engine.h> > #include <openssl/evp.h> > > +#if OPENSSL_VERSION_NUMBER >= 0x10100000 > + #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x" > +#endif > + > namespace Botan { > > namespace { > diff -Nru botan1.10-1.10.16/src/engine/openssl/ossl_md.cpp > botan1.10-1.10.17/src/engine/openssl/ossl_md.cpp > --- botan1.10-1.10.16/src/engine/openssl/ossl_md.cpp 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/engine/openssl/ossl_md.cpp 2017-10-02 > 06:00:00.000000000 +0000 > @@ -8,6 +8,10 @@ > #include <botan/internal/openssl_engine.h> > #include <openssl/evp.h> > > +#if OPENSSL_VERSION_NUMBER >= 0x10100000 > + #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x" > +#endif > + > namespace Botan { > > namespace { > diff -Nru botan1.10-1.10.16/src/hash/gost_3411/gost_3411.cpp > botan1.10-1.10.17/src/hash/gost_3411/gost_3411.cpp > --- botan1.10-1.10.16/src/hash/gost_3411/gost_3411.cpp 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/hash/gost_3411/gost_3411.cpp 2017-10-02 > 06:00:00.000000000 +0000 > @@ -90,8 +90,11 @@ > > // P transformation > for(size_t k = 0; k != 4; ++k) > + { > + const uint64_t UVk = U[k] ^ V[k]; > for(size_t l = 0; l != 8; ++l) > - key[4*l+k] = get_byte(l, U[k]) ^ get_byte(l, V[k]); > + key[4*l+k] = get_byte(l, UVk); > + } > > cipher.set_key(key, 32); > cipher.encrypt(&hash[8*j], S + 8*j); > diff -Nru botan1.10-1.10.16/src/math/bigint/bigint.cpp > botan1.10-1.10.17/src/math/bigint/bigint.cpp > --- botan1.10-1.10.16/src/math/bigint/bigint.cpp 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/math/bigint/bigint.cpp 2017-10-02 > 06:00:00.000000000 +0000 > @@ -10,6 +10,7 @@ > #include <botan/get_byte.h> > #include <botan/parsing.h> > #include <botan/internal/rounding.h> > +#include <botan/internal/ct_utils.h> > > namespace Botan { > > @@ -373,4 +374,25 @@ > binary_decode(buf, buf.size()); > } > > +void BigInt::shrink_to_fit() > + { > + reg.resize(sig_words()); > + } > + > +void BigInt::const_time_lookup(SecureVector<word>& output, > + const std::vector<BigInt>& vec, > + size_t idx) > + { > + const size_t words = output.size(); > + > + clear_mem(output.data(), output.size()); > + > + for(size_t i = 0; i != vec.size(); ++i) > + { > + for(size_t w = 0; w != words; ++w) > + output[w] |= CT::select<word>(CT::is_equal(i, idx), > vec[i].word_at(w), 0); > + } > + } > + > + > } > diff -Nru botan1.10-1.10.16/src/math/bigint/bigint.h > botan1.10-1.10.17/src/math/bigint/bigint.h > --- botan1.10-1.10.16/src/math/bigint/bigint.h 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/math/bigint/bigint.h 2017-10-02 > 06:00:00.000000000 +0000 > @@ -500,6 +500,12 @@ > */ > BigInt(NumberType type, size_t n); > > + void shrink_to_fit(); > + > + static void const_time_lookup(SecureVector<word>& output, > + const std::vector<BigInt>& vec, > + size_t idx); > + > private: > SecureVector<word> reg; > Sign signedness; > diff -Nru botan1.10-1.10.16/src/math/mp/mp_asm64/info.txt > botan1.10-1.10.17/src/math/mp/mp_asm64/info.txt > --- botan1.10-1.10.16/src/math/mp/mp_asm64/info.txt 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/math/mp/mp_asm64/info.txt 2017-10-02 > 06:00:00.000000000 +0000 > @@ -8,10 +8,12 @@ > </header:internal> > > <arch> > +aarch64 > alpha > ia64 > mips64 > ppc64 > +ppc64le > sparc64 > </arch> > > diff -Nru botan1.10-1.10.16/src/math/numbertheory/powm_mnt.cpp > botan1.10-1.10.17/src/math/numbertheory/powm_mnt.cpp > --- botan1.10-1.10.16/src/math/numbertheory/powm_mnt.cpp > 2017-04-05 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/math/numbertheory/powm_mnt.cpp > 2017-10-02 06:00:00.000000000 +0000 > @@ -68,6 +68,7 @@ > &workspace[0]); > > g[i].assign(&z[0], mod_words + 1); > + g[i].grow_to(mod_words); > } > } > > @@ -81,6 +82,7 @@ > BigInt x = R_mod; > SecureVector<word> z(2 * (mod_words + 1)); > SecureVector<word> workspace(2 * (mod_words + 1)); > + SecureVector<word> e(mod_words); > > for(size_t i = exp_nibbles; i > 0; --i) > { > @@ -98,12 +100,13 @@ > > const u32bit nibble = exp.get_substring(window_bits*(i-1), > window_bits); > > - const BigInt& y = g[nibble]; > - > zeroise(z); > + > + BigInt::const_time_lookup(e, g, nibble); > + > bigint_monty_mul(&z[0], z.size(), > x.data(), x.size(), x.sig_words(), > - y.data(), y.size(), y.sig_words(), > + e.data(), e.size(), e.size(), > modulus.data(), mod_words, mod_prime, > &workspace[0]); > > diff -Nru botan1.10-1.10.16/src/utils/cpuid.cpp > botan1.10-1.10.17/src/utils/cpuid.cpp > --- botan1.10-1.10.16/src/utils/cpuid.cpp 2017-04-05 > 01:06:45.000000000 +0000 > +++ botan1.10-1.10.17/src/utils/cpuid.cpp 2017-10-02 > 06:00:00.000000000 +0000 > @@ -157,6 +157,9 @@ > const u16bit PVR_G5_970GX = 0x0045; > const u16bit PVR_POWER6 = 0x003E; > const u16bit PVR_POWER7 = 0x003F; > + const u16bit PVR_POWER7p = 0x004A; > + const u16bit PVR_POWER8 = 0x004D; > + const u16bit PVR_POWER8E = 0x004B; > const u16bit PVR_CELL_PPU = 0x0070; > > // Motorola produced G4s with PVR 0x800[0123C] (at least) > @@ -177,6 +180,9 @@ > altivec_capable |= (pvr == PVR_G5_970GX); > altivec_capable |= (pvr == PVR_POWER6); > altivec_capable |= (pvr == PVR_POWER7); > + altivec_capable |= (pvr == PVR_POWER7p); > + altivec_capable |= (pvr == PVR_POWER8); > + altivec_capable |= (pvr == PVR_POWER8E); > altivec_capable |= (pvr == PVR_CELL_PPU); > #endif > > -- Ondřej Surý <[email protected]>
