git.ipfire.org Git - thirdparty/openssl.git/commit

author	Danny Tsen <dtsen@us.ibm.com>
	Tue, 11 Feb 2025 18:48:01 +0000 (13:48 -0500)
committer	Tomas Mraz <tomas@openssl.org>
	Fri, 14 Mar 2025 16:22:19 +0000 (17:22 +0100)
commit	080c6be0b102934bf66daeac70f0863f209f8d0f
tree	0ede984a126bc61f942f0f1cd18e50d9715df18d	tree
parent	cb286b6e09a5f3b7b99a03af7efaefe290ea1deb	commit \| diff

Fix Minerva timing side-channel signal for P-384 curve on PPC

1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6()
   for Montgomery multiplication.
2. ecp_nistp384-ppc64.pl:
   - Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with
     minumum perl wrapper.
   - Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce.
   - Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly.
3. ecp_nistp384.c:
   - Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce.

Signed-off-by: Danny Tsen <dtsen@us.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26709)

(cherry picked from commit 85cabd94958303859b1551364a609d4ff40b67a5)

crypto/bn/bn_ppc.c		diff \| blob \| blame \| history
crypto/ec/asm/ecp_nistp384-ppc64.pl		diff \| blob \| blame \| history
crypto/ec/ecp_nistp384.c		diff \| blob \| blame \| history