git.ipfire.org Git - thirdparty/openssl.git/commit

author	Danny Tsen <dtsen@us.ibm.com>
	Tue, 11 Feb 2025 18:48:01 +0000 (13:48 -0500)
committer	Tomas Mraz <tomas@openssl.org>
	Fri, 14 Mar 2025 16:22:31 +0000 (17:22 +0100)
commit	8d097967f99d119eed017cd2f31695f732f9ea0d
tree	46e8adfb63870ba5bbcb5ee944dd5d1cd91c6685	tree \| snapshot
parent	782912cccc70f8c3fed4e49db2f479d97af0bdf9	commit \| diff

Fix Minerva timing side-channel signal for P-384 curve on PPC

1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6()
   for Montgomery multiplication.
2. ecp_nistp384-ppc64.pl:
   - Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with
     minumum perl wrapper.
   - Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce.
   - Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly.
3. ecp_nistp384.c:
   - Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce.

Signed-off-by: Danny Tsen <dtsen@us.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26709)

(cherry picked from commit 85cabd94958303859b1551364a609d4ff40b67a5)

crypto/bn/bn_ppc.c		diff \| blob \| blame \| history
crypto/ec/asm/ecp_nistp384-ppc64.pl		diff \| blob \| blame \| history
crypto/ec/ecp_nistp384.c		diff \| blob \| blame \| history