git.ipfire.org Git - thirdparty/openssl.git/commit

author	Danny Tsen <dtsen@us.ibm.com>
	Tue, 11 Feb 2025 18:48:01 +0000 (13:48 -0500)
committer	Tomas Mraz <tomas@openssl.org>
	Fri, 14 Mar 2025 16:20:52 +0000 (17:20 +0100)
commit	85cabd94958303859b1551364a609d4ff40b67a5
tree	a3385172ea7dc06f438b2c3adf28d5e7c47b8add	tree
parent	ff030ad5bd1c6196e640b1338dac23c1ce3a3154	commit \| diff

Fix Minerva timing side-channel signal for P-384 curve on PPC

1. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6()
   for Montgomery multiplication.
2. ecp_nistp384-ppc64.pl:
   - Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with
     minumum perl wrapper.
   - Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce.
   - Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly.
3. ecp_nistp384.c:
   - Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce.

Signed-off-by: Danny Tsen <dtsen@us.ibm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26709)

crypto/bn/bn_ppc.c		diff \| blob \| blame \| history
crypto/ec/asm/ecp_nistp384-ppc64.pl		diff \| blob \| blame \| history
crypto/ec/ecp_nistp384.c		diff \| blob \| blame \| history