Fix big-endian Power10 chacha20 implementation

Some of the BE specific permutes were incorrect. Fix them.

This passes all tests on a P10/ppc64 debian unstable host.

Fixes #25451

CLA: trivial

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25483)

diff --git a/crypto/chacha/asm/chachap10-ppc.pl b/crypto/chacha/asm/chachap10-ppc.pl
index ea4f3faf53d186c6c50aab1c9de6e2a521b67ab0..a6bff8db38ad8e4d66c35c6e185e81c194d0f1b4 100755 (executable)
--- a/crypto/chacha/asm/chachap10-ppc.pl
+++ b/crypto/chacha/asm/chachap10-ppc.pl
@@ -1032,10 +1032,10 @@ $code.=<<___;
        vadduwm $xcn0,$xcn4,@K[2]
        vadduwm $xdn0,$xdn4,@K[3]
 
-       be?vperm $xan0,$xa4,$xa4,$beperm
-       be?vperm $xbn0,$xb4,$xb4,$beperm
-       be?vperm $xcn0,$xcn4,$xcn4,$beperm
-       be?vperm $xdn0,$xdn4,$xdn4,$beperm
+       be?vperm $xan0,$xan0,$xan0,$beperm
+       be?vperm $xbn0,$xbn0,$xbn0,$beperm
+       be?vperm $xcn0,$xcn0,$xcn0,$beperm
+       be?vperm $xdn0,$xdn0,$xdn0,$beperm
 
        ${UCMP}i $len,0x40
        blt     Ltail_vsx_8x_1