diff -Nru botan1.10-1.10.16/botan_version.py botan1.10-1.10.17/botan_version.py --- botan1.10-1.10.16/botan_version.py 2017-04-05 01:07:02.000000000 +0000 +++ botan1.10-1.10.17/botan_version.py 2017-10-02 06:00:00.000000000 +0000 @@ -1,11 +1,11 @@ release_major = 1 release_minor = 10 -release_patch = 16 +release_patch = 17 release_so_abi_rev = 1 # These are set by the distribution script -release_vc_rev = 'git:3756c97d295d06ac19cec6736e05003afb10623e' -release_datestamp = 20170404 -release_type = 'released' +release_vc_rev = 'git:f7fe6beb5b3b6f944aa7bac491a3455e48ef6ebb' +release_datestamp = 20171002 +release_type = 'release' diff -Nru botan1.10-1.10.16/configure.py botan1.10-1.10.17/configure.py --- botan1.10-1.10.16/configure.py 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/configure.py 2017-10-02 06:00:00.000000000 +0000 @@ -59,9 +59,6 @@ logging.debug('Monotone reported revision %s' % (rev)) return 'mtn:' + rev - except OSError as e: - logging.debug('Error getting rev from monotone - %s' % (e[1])) - return 'unknown' except Exception as e: logging.debug('Error getting rev from monotone - %s' % (e)) return 'unknown' diff -Nru botan1.10-1.10.16/debian/changelog botan1.10-1.10.17/debian/changelog --- botan1.10-1.10.16/debian/changelog 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/changelog 2017-10-09 09:19:15.000000000 +0000 @@ -1,3 +1,13 @@ +botan1.10 (1.10.17-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * New upstream release 1.10.17 (Closes: #877436) + + [CVE-2017-14737]: Side channel affecting modular exponentiation + + Upstream has imported Debian architecture support patches, removed + them. + + -- Christian Hofstaedtler Mon, 09 Oct 2017 09:19:15 +0000 + botan1.10 (1.10.16-1) unstable; urgency=high * Update d/watch to match new upstream download directory diff -Nru botan1.10-1.10.16/debian/patches/0001-add-mips64-mipsn32-support.patch botan1.10-1.10.17/debian/patches/0001-add-mips64-mipsn32-support.patch --- botan1.10-1.10.16/debian/patches/0001-add-mips64-mipsn32-support.patch 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/patches/0001-add-mips64-mipsn32-support.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= -Date: Tue, 29 Nov 2016 15:10:20 +0100 -Subject: add-mips64-mipsn32-support - ---- - src/build-data/arch/mipsn32.txt | 22 ++++++++++++++++++++++ - src/build-data/cc/clang.txt | 2 ++ - src/build-data/cc/gcc.txt | 1 + - 3 files changed, 25 insertions(+) - create mode 100644 src/build-data/arch/mipsn32.txt - -diff --git a/src/build-data/arch/mipsn32.txt b/src/build-data/arch/mipsn32.txt -new file mode 100644 -index 0000000..96ced25 ---- /dev/null -+++ b/src/build-data/arch/mipsn32.txt -@@ -0,0 +1,22 @@ -+ -+mipsn32el # For Debian -+ -+ -+ -+r4000 -+r4100 -+r4300 -+r4400 -+r4600 -+r4560 -+r5000 -+r8000 -+r10000 -+ -+ -+ -+r4k -> r4000 -+r5k -> r5000 -+r8k -> r8000 -+r10k -> r10000 -+ -diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt -index cbcfd89..23237e3 100644 ---- a/src/build-data/cc/clang.txt -+++ b/src/build-data/cc/clang.txt -@@ -39,6 +39,8 @@ westmere -> "-march=corei7 -maes" - - - x86_64 -> "-m64" -+mips32 -> "-mabi=32" -+mipsn32 -> "-mabi=n32" - mips64 -> "-mabi=64" - s390 -> "-m31" - s390x -> "-m64" -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt -index 1fc6831..938c065 100644 ---- a/src/build-data/cc/gcc.txt -+++ b/src/build-data/cc/gcc.txt -@@ -80,6 +80,7 @@ hppa -> "-march=SUBMODEL" hppa - ia64 -> "-mtune=SUBMODEL" - m68k -> "-mSUBMODEL" - mips32 -> "-mips1 -mcpu=SUBMODEL" mips32- -+mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- - mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- - ppc32 -> "-mcpu=SUBMODEL" ppc - ppc64 -> "-mcpu=SUBMODEL" ppc diff -Nru botan1.10-1.10.16/debian/patches/0002-add-powerpc64le-support.patch botan1.10-1.10.17/debian/patches/0002-add-powerpc64le-support.patch --- botan1.10-1.10.16/debian/patches/0002-add-powerpc64le-support.patch 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/patches/0002-add-powerpc64le-support.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,109 +0,0 @@ -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= -Date: Tue, 29 Nov 2016 15:10:20 +0100 -Subject: add-powerpc64le-support - ---- - src/build-data/arch/ppc64.txt | 5 ++++- - src/build-data/arch/ppc64le.txt | 21 +++++++++++++++++++++ - src/build-data/cc/gcc.txt | 1 + - src/math/mp/mp_asm64/info.txt | 1 + - src/utils/cpuid.cpp | 6 ++++++ - 5 files changed, 33 insertions(+), 1 deletion(-) - create mode 100644 src/build-data/arch/ppc64le.txt - -diff --git a/src/build-data/arch/ppc64.txt b/src/build-data/arch/ppc64.txt -index 954d918..f6f568e 100644 ---- a/src/build-data/arch/ppc64.txt -+++ b/src/build-data/arch/ppc64.txt -@@ -17,6 +17,9 @@ power4 - power5 - power6 - power7 -+power7p -+power8 -+power8e - cellppu - - -@@ -25,5 +28,5 @@ cellbroadbandengine -> cellppu - - - --altivec:cellppu,ppc970,power6,power7 -+altivec:cellppu,ppc970,power6,power7,power7p,power8,power8e - -diff --git a/src/build-data/arch/ppc64le.txt b/src/build-data/arch/ppc64le.txt -new file mode 100644 -index 0000000..da93668 ---- /dev/null -+++ b/src/build-data/arch/ppc64le.txt -@@ -0,0 +1,21 @@ -+endian little -+ -+family ppc -+ -+ -+powerpc64le -+ppc64el -+ -+ -+ -+power7 -+power7p -+power8 -+power8e -+ -+ -+# This should be enabled for all targets, but the Altivec code currently -+# makes lots of endian assumptions that I don't have the time to fix up: -+# -+#altivec:all -+# -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt -index 938c065..32e19c9 100644 ---- a/src/build-data/cc/gcc.txt -+++ b/src/build-data/cc/gcc.txt -@@ -84,6 +84,7 @@ mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- - mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- - ppc32 -> "-mcpu=SUBMODEL" ppc - ppc64 -> "-mcpu=SUBMODEL" ppc -+ppc64le -> "-mcpu=power7 -mtune=power8" ppc - sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus" sparc32- - sparc64 -> "-mcpu=v9 -mtune=SUBMODEL" - x86_32 -> "-march=SUBMODEL -momit-leaf-frame-pointer" -diff --git a/src/math/mp/mp_asm64/info.txt b/src/math/mp/mp_asm64/info.txt -index 9af7c4a..2704718 100644 ---- a/src/math/mp/mp_asm64/info.txt -+++ b/src/math/mp/mp_asm64/info.txt -@@ -12,6 +12,7 @@ alpha - ia64 - mips64 - ppc64 -+ppc64le - sparc64 - - -diff --git a/src/utils/cpuid.cpp b/src/utils/cpuid.cpp -index f6581f0..eba5b18 100644 ---- a/src/utils/cpuid.cpp -+++ b/src/utils/cpuid.cpp -@@ -157,6 +157,9 @@ bool altivec_check_pvr_emul() - const u16bit PVR_G5_970GX = 0x0045; - const u16bit PVR_POWER6 = 0x003E; - const u16bit PVR_POWER7 = 0x003F; -+ const u16bit PVR_POWER7p = 0x004A; -+ const u16bit PVR_POWER8 = 0x004D; -+ const u16bit PVR_POWER8E = 0x004B; - const u16bit PVR_CELL_PPU = 0x0070; - - // Motorola produced G4s with PVR 0x800[0123C] (at least) -@@ -177,6 +180,9 @@ bool altivec_check_pvr_emul() - altivec_capable |= (pvr == PVR_G5_970GX); - altivec_capable |= (pvr == PVR_POWER6); - altivec_capable |= (pvr == PVR_POWER7); -+ altivec_capable |= (pvr == PVR_POWER7p); -+ altivec_capable |= (pvr == PVR_POWER8); -+ altivec_capable |= (pvr == PVR_POWER8E); - altivec_capable |= (pvr == PVR_CELL_PPU); - #endif - diff -Nru botan1.10-1.10.16/debian/patches/0003-add-arm64-support.patch.patch botan1.10-1.10.17/debian/patches/0003-add-arm64-support.patch.patch --- botan1.10-1.10.16/debian/patches/0003-add-arm64-support.patch.patch 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/patches/0003-add-arm64-support.patch.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= -Date: Tue, 29 Nov 2016 15:10:20 +0100 -Subject: add-arm64-support.patch - ---- - src/build-data/arch/aarch64.txt | 6 ++++++ - src/build-data/cc/gcc.txt | 1 + - src/math/mp/mp_asm64/info.txt | 1 + - 3 files changed, 8 insertions(+) - create mode 100644 src/build-data/arch/aarch64.txt - -diff --git a/src/build-data/arch/aarch64.txt b/src/build-data/arch/aarch64.txt -new file mode 100644 -index 0000000..863b000 ---- /dev/null -+++ b/src/build-data/arch/aarch64.txt -@@ -0,0 +1,6 @@ -+endian little -+ -+ -+arm64 # For Debian -+ -+ -diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt -index 32e19c9..db729b4 100644 ---- a/src/build-data/cc/gcc.txt -+++ b/src/build-data/cc/gcc.txt -@@ -75,6 +75,7 @@ sh4 -> "-m4 -mieee" - - alpha -> "-mcpu=SUBMODEL" alpha- - arm -> "-march=SUBMODEL" -+aarch64 -> "-mtune=generic" - superh -> "-mSUBMODEL" sh - hppa -> "-march=SUBMODEL" hppa - ia64 -> "-mtune=SUBMODEL" -diff --git a/src/math/mp/mp_asm64/info.txt b/src/math/mp/mp_asm64/info.txt -index 2704718..2664740 100644 ---- a/src/math/mp/mp_asm64/info.txt -+++ b/src/math/mp/mp_asm64/info.txt -@@ -8,6 +8,7 @@ mp_generic:mp_asmi.h - - - -+aarch64 - alpha - ia64 - mips64 diff -Nru botan1.10-1.10.16/debian/patches/0004-add-or1k-support.patch botan1.10-1.10.17/debian/patches/0004-add-or1k-support.patch --- botan1.10-1.10.16/debian/patches/0004-add-or1k-support.patch 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/patches/0004-add-or1k-support.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= -Date: Tue, 29 Nov 2016 15:10:20 +0100 -Subject: add-or1k-support - ---- - src/build-data/arch/or1k.txt | 4 ++++ - 1 file changed, 4 insertions(+) - create mode 100644 src/build-data/arch/or1k.txt - -diff --git a/src/build-data/arch/or1k.txt b/src/build-data/arch/or1k.txt -new file mode 100644 -index 0000000..c5fdc32 ---- /dev/null -+++ b/src/build-data/arch/or1k.txt -@@ -0,0 +1,4 @@ -+endian big -+ -+or1k -+ diff -Nru botan1.10-1.10.16/debian/patches/series botan1.10-1.10.17/debian/patches/series --- botan1.10-1.10.16/debian/patches/series 2017-05-29 11:45:02.000000000 +0000 +++ botan1.10-1.10.17/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -0001-add-mips64-mipsn32-support.patch -0002-add-powerpc64le-support.patch -0003-add-arm64-support.patch.patch -0004-add-or1k-support.patch diff -Nru botan1.10-1.10.16/doc/log.txt botan1.10-1.10.17/doc/log.txt --- botan1.10-1.10.16/doc/log.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/doc/log.txt 2017-10-02 06:00:00.000000000 +0000 @@ -7,6 +7,36 @@ Series 1.10 ---------------------------------------- +Version 1.10.17, 1.10.17 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* Address a side channel affecting modular exponentiation. An attacker + capabable of a local or cross-VM cache analysis attack may be able + to recover bits of secret exponents as used in RSA, DH, etc. + CVE-2017-14737 + +* Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 + hash function. (GH #1192 #1148 #882) + +* Add SecureVector::data() function which returns the start of the + buffer. This makes it slightly simpler to support both 1.10 and 2.x + APIs in the same codebase. + +* When compiled by a C++11 (or later) compiler, a template typedef of + SecureVector, secure_vector, is added. In 2.x this class is a + std::vector with a custom allocator, so has a somewhat different + interface than SecureVector in 1.10. But this makes it slightly + simpler to support both 1.10 and 2.x APIs in the same codebase. + +* Fix a bug that prevented `configure.py` from running under Python3 + +* Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build + will `#error` if OpenSSL 1.1 is detected. Avoid `--with-openssl` + if compiling against 1.1 or later. (GH #753) + +* Import patches from Debian adding basic support for building on + aarch64, ppc64le, or1k, and mipsn32 platforms. + Version 1.10.16, 2017-04-04 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff -Nru botan1.10-1.10.16/readme.txt botan1.10-1.10.17/readme.txt --- botan1.10-1.10.16/readme.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/readme.txt 2017-10-02 06:00:00.000000000 +0000 @@ -1,6 +1,6 @@ This branch (1.10) of Botan is only supported for security fixes until -the end of 2017. Please upgrade to 2.0 API as soon as possible. +the end of 2017. Please upgrade to 2.x as soon as possible. Botan is a C++ library for performing a wide variety of cryptographic diff -Nru botan1.10-1.10.16/src/alloc/secmem.h botan1.10-1.10.17/src/alloc/secmem.h --- botan1.10-1.10.16/src/alloc/secmem.h 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/alloc/secmem.h 2017-10-02 06:00:00.000000000 +0000 @@ -50,6 +50,12 @@ * Get a pointer to the first element in the buffer. * @return pointer to the first element in the buffer */ + T* data() { return buf; } + + /** + * Get a pointer to the first element in the buffer. + * @return pointer to the first element in the buffer + */ T* begin() { return buf; } /** @@ -369,6 +375,13 @@ } }; +#if __cplusplus >= 201103 + +// For better compatability with 2.x API + template + using secure_vector = SecureVector; +#endif + template MemoryRegion& operator+=(MemoryRegion& out, const MemoryRegion& in) diff -Nru botan1.10-1.10.16/src/build-data/arch/aarch64.txt botan1.10-1.10.17/src/build-data/arch/aarch64.txt --- botan1.10-1.10.16/src/build-data/arch/aarch64.txt 1970-01-01 00:00:00.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/arch/aarch64.txt 2017-10-02 06:00:00.000000000 +0000 @@ -0,0 +1,6 @@ +endian little + + +arm64 # For Debian + + diff -Nru botan1.10-1.10.16/src/build-data/arch/mipsn32.txt botan1.10-1.10.17/src/build-data/arch/mipsn32.txt --- botan1.10-1.10.16/src/build-data/arch/mipsn32.txt 1970-01-01 00:00:00.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/arch/mipsn32.txt 2017-10-02 06:00:00.000000000 +0000 @@ -0,0 +1,22 @@ + +mipsn32el # For Debian + + + +r4000 +r4100 +r4300 +r4400 +r4600 +r4560 +r5000 +r8000 +r10000 + + + +r4k -> r4000 +r5k -> r5000 +r8k -> r8000 +r10k -> r10000 + diff -Nru botan1.10-1.10.16/src/build-data/arch/or1k.txt botan1.10-1.10.17/src/build-data/arch/or1k.txt --- botan1.10-1.10.16/src/build-data/arch/or1k.txt 1970-01-01 00:00:00.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/arch/or1k.txt 2017-10-02 06:00:00.000000000 +0000 @@ -0,0 +1,4 @@ +endian big + +or1k + diff -Nru botan1.10-1.10.16/src/build-data/arch/ppc64le.txt botan1.10-1.10.17/src/build-data/arch/ppc64le.txt --- botan1.10-1.10.16/src/build-data/arch/ppc64le.txt 1970-01-01 00:00:00.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/arch/ppc64le.txt 2017-10-02 06:00:00.000000000 +0000 @@ -0,0 +1,21 @@ +endian little + +family ppc + + +powerpc64le +ppc64el + + + +power7 +power7p +power8 +power8e + + +# This should be enabled for all targets, but the Altivec code currently +# makes lots of endian assumptions that I don't have the time to fix up: +# +#altivec:all +# diff -Nru botan1.10-1.10.16/src/build-data/arch/ppc64.txt botan1.10-1.10.17/src/build-data/arch/ppc64.txt --- botan1.10-1.10.16/src/build-data/arch/ppc64.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/arch/ppc64.txt 2017-10-02 06:00:00.000000000 +0000 @@ -17,6 +17,9 @@ power5 power6 power7 +power7p +power8 +power8e cellppu @@ -25,5 +28,5 @@ -altivec:cellppu,ppc970,power6,power7 +altivec:cellppu,ppc970,power6,power7,power7p,power8,power8e diff -Nru botan1.10-1.10.16/src/build-data/cc/clang.txt botan1.10-1.10.17/src/build-data/cc/clang.txt --- botan1.10-1.10.16/src/build-data/cc/clang.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/cc/clang.txt 2017-10-02 06:00:00.000000000 +0000 @@ -39,6 +39,8 @@ x86_64 -> "-m64" +mips32 -> "-mabi=32" +mipsn32 -> "-mabi=n32" mips64 -> "-mabi=64" s390 -> "-m31" s390x -> "-m64" diff -Nru botan1.10-1.10.16/src/build-data/cc/gcc.txt botan1.10-1.10.17/src/build-data/cc/gcc.txt --- botan1.10-1.10.16/src/build-data/cc/gcc.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/build-data/cc/gcc.txt 2017-10-02 06:00:00.000000000 +0000 @@ -75,14 +75,17 @@ alpha -> "-mcpu=SUBMODEL" alpha- arm -> "-march=SUBMODEL" +aarch64 -> "-mtune=generic" superh -> "-mSUBMODEL" sh hppa -> "-march=SUBMODEL" hppa ia64 -> "-mtune=SUBMODEL" m68k -> "-mSUBMODEL" mips32 -> "-mips1 -mcpu=SUBMODEL" mips32- +mipsn32 -> "-mips3 -mcpu=SUBMODEL" mips64- mips64 -> "-mips3 -mcpu=SUBMODEL" mips64- ppc32 -> "-mcpu=SUBMODEL" ppc ppc64 -> "-mcpu=SUBMODEL" ppc +ppc64le -> "-mcpu=power7 -mtune=power8" ppc sparc32 -> "-mcpu=SUBMODEL -Wa,-xarch=v8plus" sparc32- sparc64 -> "-mcpu=v9 -mtune=SUBMODEL" x86_32 -> "-march=SUBMODEL -momit-leaf-frame-pointer" @@ -98,6 +101,7 @@ sparc32 -> "-m32 -mno-app-regs" sparc64 -> "-m64 -mno-app-regs" ppc64 -> "-m64" +ppc64le -> "-m64" # This should probably be used on most/all targets, but the docs are unclear openbsd -> "-pthread" diff -Nru botan1.10-1.10.16/src/engine/openssl/ossl_bc.cpp botan1.10-1.10.17/src/engine/openssl/ossl_bc.cpp --- botan1.10-1.10.16/src/engine/openssl/ossl_bc.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/engine/openssl/ossl_bc.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -8,6 +8,10 @@ #include #include +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x" +#endif + namespace Botan { namespace { diff -Nru botan1.10-1.10.16/src/engine/openssl/ossl_md.cpp botan1.10-1.10.17/src/engine/openssl/ossl_md.cpp --- botan1.10-1.10.16/src/engine/openssl/ossl_md.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/engine/openssl/ossl_md.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -8,6 +8,10 @@ #include #include +#if OPENSSL_VERSION_NUMBER >= 0x10100000 + #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x" +#endif + namespace Botan { namespace { diff -Nru botan1.10-1.10.16/src/hash/gost_3411/gost_3411.cpp botan1.10-1.10.17/src/hash/gost_3411/gost_3411.cpp --- botan1.10-1.10.16/src/hash/gost_3411/gost_3411.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/hash/gost_3411/gost_3411.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -90,8 +90,11 @@ // P transformation for(size_t k = 0; k != 4; ++k) + { + const uint64_t UVk = U[k] ^ V[k]; for(size_t l = 0; l != 8; ++l) - key[4*l+k] = get_byte(l, U[k]) ^ get_byte(l, V[k]); + key[4*l+k] = get_byte(l, UVk); + } cipher.set_key(key, 32); cipher.encrypt(&hash[8*j], S + 8*j); diff -Nru botan1.10-1.10.16/src/math/bigint/bigint.cpp botan1.10-1.10.17/src/math/bigint/bigint.cpp --- botan1.10-1.10.16/src/math/bigint/bigint.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/math/bigint/bigint.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -10,6 +10,7 @@ #include #include #include +#include namespace Botan { @@ -373,4 +374,25 @@ binary_decode(buf, buf.size()); } +void BigInt::shrink_to_fit() + { + reg.resize(sig_words()); + } + +void BigInt::const_time_lookup(SecureVector& output, + const std::vector& vec, + size_t idx) + { + const size_t words = output.size(); + + clear_mem(output.data(), output.size()); + + for(size_t i = 0; i != vec.size(); ++i) + { + for(size_t w = 0; w != words; ++w) + output[w] |= CT::select(CT::is_equal(i, idx), vec[i].word_at(w), 0); + } + } + + } diff -Nru botan1.10-1.10.16/src/math/bigint/bigint.h botan1.10-1.10.17/src/math/bigint/bigint.h --- botan1.10-1.10.16/src/math/bigint/bigint.h 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/math/bigint/bigint.h 2017-10-02 06:00:00.000000000 +0000 @@ -500,6 +500,12 @@ */ BigInt(NumberType type, size_t n); + void shrink_to_fit(); + + static void const_time_lookup(SecureVector& output, + const std::vector& vec, + size_t idx); + private: SecureVector reg; Sign signedness; diff -Nru botan1.10-1.10.16/src/math/mp/mp_asm64/info.txt botan1.10-1.10.17/src/math/mp/mp_asm64/info.txt --- botan1.10-1.10.16/src/math/mp/mp_asm64/info.txt 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/math/mp/mp_asm64/info.txt 2017-10-02 06:00:00.000000000 +0000 @@ -8,10 +8,12 @@ +aarch64 alpha ia64 mips64 ppc64 +ppc64le sparc64 diff -Nru botan1.10-1.10.16/src/math/numbertheory/powm_mnt.cpp botan1.10-1.10.17/src/math/numbertheory/powm_mnt.cpp --- botan1.10-1.10.16/src/math/numbertheory/powm_mnt.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/math/numbertheory/powm_mnt.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -68,6 +68,7 @@ &workspace[0]); g[i].assign(&z[0], mod_words + 1); + g[i].grow_to(mod_words); } } @@ -81,6 +82,7 @@ BigInt x = R_mod; SecureVector z(2 * (mod_words + 1)); SecureVector workspace(2 * (mod_words + 1)); + SecureVector e(mod_words); for(size_t i = exp_nibbles; i > 0; --i) { @@ -98,12 +100,13 @@ const u32bit nibble = exp.get_substring(window_bits*(i-1), window_bits); - const BigInt& y = g[nibble]; - zeroise(z); + + BigInt::const_time_lookup(e, g, nibble); + bigint_monty_mul(&z[0], z.size(), x.data(), x.size(), x.sig_words(), - y.data(), y.size(), y.sig_words(), + e.data(), e.size(), e.size(), modulus.data(), mod_words, mod_prime, &workspace[0]); diff -Nru botan1.10-1.10.16/src/utils/cpuid.cpp botan1.10-1.10.17/src/utils/cpuid.cpp --- botan1.10-1.10.16/src/utils/cpuid.cpp 2017-04-05 01:06:45.000000000 +0000 +++ botan1.10-1.10.17/src/utils/cpuid.cpp 2017-10-02 06:00:00.000000000 +0000 @@ -157,6 +157,9 @@ const u16bit PVR_G5_970GX = 0x0045; const u16bit PVR_POWER6 = 0x003E; const u16bit PVR_POWER7 = 0x003F; + const u16bit PVR_POWER7p = 0x004A; + const u16bit PVR_POWER8 = 0x004D; + const u16bit PVR_POWER8E = 0x004B; const u16bit PVR_CELL_PPU = 0x0070; // Motorola produced G4s with PVR 0x800[0123C] (at least) @@ -177,6 +180,9 @@ altivec_capable |= (pvr == PVR_G5_970GX); altivec_capable |= (pvr == PVR_POWER6); altivec_capable |= (pvr == PVR_POWER7); + altivec_capable |= (pvr == PVR_POWER7p); + altivec_capable |= (pvr == PVR_POWER8); + altivec_capable |= (pvr == PVR_POWER8E); altivec_capable |= (pvr == PVR_CELL_PPU); #endif