summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Marko <peter.marko@siemens.com>2025-07-21 18:31:41 +0200
committerSteve Sakoman <steve@sakoman.com>2025-07-29 07:59:52 -0700
commit99f48be958e8b141502f8fea0ef34e1c9b85cb27 (patch)
tree54dfcbc49f1857b0cce7b5237c24b08912d10ba2
parented5a1a7443a7123441cd1201e6405de177c56347 (diff)
downloadpoky-99f48be958e8b141502f8fea0ef34e1c9b85cb27.tar.gz
openssl: patch CVE-2025-27587
Pick commits for Minerva fix between 3.2.4 and 3.2.5 release. Update to 3.2.5 is blocked due to problem with python ptest errors, so use patch instead of upgrade for now. (From OE-Core rev: 57c04a32997c1b045121aff045f3ffaa7bb0b5f5) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch1918
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch129
-rw-r--r--meta/recipes-connectivity/openssl/openssl_3.2.4.bb2
3 files changed, 2049 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
new file mode 100644
index 0000000000..eb3fc52dca
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-1.patch
@@ -0,0 +1,1918 @@
1From 14ac0f0e4e1f36793d09b41ffd5e482575289ab2 Mon Sep 17 00:00:00 2001
2From: Danny Tsen <dtsen@us.ibm.com>
3Date: Tue, 11 Feb 2025 13:48:01 -0500
4Subject: [PATCH] Fix Minerva timing side-channel signal for P-384 curve on PPC
5
61. bn_ppc.c: Used bn_mul_mont_int() instead of bn_mul_mont_300_fixed_n6()
7 for Montgomery multiplication.
82. ecp_nistp384-ppc64.pl:
9 - Re-wrote p384_felem_mul and p384_felem_square for easier maintenance with
10 minumum perl wrapper.
11 - Implemented p384_felem_reduce, p384_felem_mul_reduce and p384_felem_square_reduce.
12 - Implemented p384_felem_diff64, felem_diff_128_64 and felem_diff128 in assembly.
133. ecp_nistp384.c:
14 - Added wrapper function for p384_felem_mul_reduce and p384_felem_square_reduce.
15
16Signed-off-by: Danny Tsen <dtsen@us.ibm.com>
17
18Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
19Reviewed-by: Tomas Mraz <tomas@openssl.org>
20(Merged from https://github.com/openssl/openssl/pull/26709)
21
22(cherry picked from commit 85cabd94958303859b1551364a609d4ff40b67a5)
23
24CVE: CVE-2025-27587
25Upstream-Status: Backport [https://github.com/openssl/openssl/commit/14ac0f0e4e1f36793d09b41ffd5e482575289ab2]
26Signed-off-by: Peter Marko <peter.marko@siemens.com>
27---
28 crypto/bn/bn_ppc.c | 3 +
29 crypto/ec/asm/ecp_nistp384-ppc64.pl | 1724 +++++++++++++++++++++++----
30 crypto/ec/ecp_nistp384.c | 28 +-
31 3 files changed, 1504 insertions(+), 251 deletions(-)
32
33diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
34index 1e9421bee2..29293bad55 100644
35--- a/crypto/bn/bn_ppc.c
36+++ b/crypto/bn/bn_ppc.c
37@@ -41,12 +41,15 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
38 */
39
40 #if defined(_ARCH_PPC64) && !defined(__ILP32__)
41+ /* Minerva side-channel fix danny */
42+# if defined(USE_FIXED_N6)
43 if (num == 6) {
44 if (OPENSSL_ppccap_P & PPC_MADD300)
45 return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
46 else
47 return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
48 }
49+# endif
50 #endif
51
52 return bn_mul_mont_int(rp, ap, bp, np, n0, num);
53diff --git a/crypto/ec/asm/ecp_nistp384-ppc64.pl b/crypto/ec/asm/ecp_nistp384-ppc64.pl
54index 28f4168e52..b663bddfc6 100755
55--- a/crypto/ec/asm/ecp_nistp384-ppc64.pl
56+++ b/crypto/ec/asm/ecp_nistp384-ppc64.pl
57@@ -7,13 +7,15 @@
58 # https://www.openssl.org/source/license.html
59 #
60 # ====================================================================
61-# Written by Rohan McLure <rmclure@linux.ibm.com> for the OpenSSL
62-# project.
63+# Written by Danny Tsen <dtsen@us.ibm.com> # for the OpenSSL project.
64+#
65+# Copyright 2025- IBM Corp.
66 # ====================================================================
67 #
68-# p384 lower-level primitives for PPC64 using vector instructions.
69+# p384 lower-level primitives for PPC64.
70 #
71
72+
73 use strict;
74 use warnings;
75
76@@ -21,7 +23,7 @@ my $flavour = shift;
77 my $output = "";
78 while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
79 if (!$output) {
80- $output = "-";
81+ $output = "-";
82 }
83
84 my ($xlate, $dir);
85@@ -35,271 +37,1495 @@ open OUT,"| \"$^X\" $xlate $flavour $output";
86
87 my $code = "";
88
89-my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12");
90-
91-my $vzero = "v32";
92-
93-sub startproc($)
94-{
95- my ($name) = @_;
96-
97- $code.=<<___;
98- .globl ${name}
99- .align 5
100-${name}:
101-
102-___
103-}
104-
105-sub endproc($)
106-{
107- my ($name) = @_;
108-
109- $code.=<<___;
110- blr
111- .size ${name},.-${name}
112-
113-___
114-}
115-
116-sub load_vrs($$)
117-{
118- my ($pointer, $reg_list) = @_;
119-
120- for (my $i = 0; $i <= 6; $i++) {
121- my $offset = $i * 8;
122- $code.=<<___;
123- lxsd $reg_list->[$i],$offset($pointer)
124-___
125- }
126-
127- $code.=<<___;
128-
129-___
130-}
131-
132-sub store_vrs($$)
133-{
134- my ($pointer, $reg_list) = @_;
135-
136- for (my $i = 0; $i <= 12; $i++) {
137- my $offset = $i * 16;
138- $code.=<<___;
139- stxv $reg_list->[$i],$offset($pointer)
140-___
141- }
142-
143- $code.=<<___;
144-
145-___
146-}
147-
148 $code.=<<___;
149-.machine "any"
150+.machine "any"
151 .text
152
153-___
154+.globl p384_felem_mul
155+.type p384_felem_mul,\@function
156+.align 4
157+p384_felem_mul:
158
159-{
160- # mul/square common
161- my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v42", "v43");
162- my ($zero, $one) = ("r8", "r9");
163- my $out = "v51";
164+ stdu 1, -176(1)
165+ mflr 0
166+ std 14, 56(1)
167+ std 15, 64(1)
168+ std 16, 72(1)
169+ std 17, 80(1)
170+ std 18, 88(1)
171+ std 19, 96(1)
172+ std 20, 104(1)
173+ std 21, 112(1)
174+ std 22, 120(1)
175
176- {
177- #
178- # p384_felem_mul
179- #
180+ bl _p384_felem_mul_core
181
182- my ($in1p, $in2p) = ("r4", "r5");
183- my @in1 = map("v$_",(44..50));
184- my @in2 = map("v$_",(35..41));
185+ mtlr 0
186+ ld 14, 56(1)
187+ ld 15, 64(1)
188+ ld 16, 72(1)
189+ ld 17, 80(1)
190+ ld 18, 88(1)
191+ ld 19, 96(1)
192+ ld 20, 104(1)
193+ ld 21, 112(1)
194+ ld 22, 120(1)
195+ addi 1, 1, 176
196+ blr
197+.size p384_felem_mul,.-p384_felem_mul
198
199- startproc("p384_felem_mul");
200+.globl p384_felem_square
201+.type p384_felem_square,\@function
202+.align 4
203+p384_felem_square:
204
205- $code.=<<___;
206- vspltisw $vzero,0
207+ stdu 1, -176(1)
208+ mflr 0
209+ std 14, 56(1)
210+ std 15, 64(1)
211+ std 16, 72(1)
212+ std 17, 80(1)
213
214-___
215+ bl _p384_felem_square_core
216
217- load_vrs($in1p, \@in1);
218- load_vrs($in2p, \@in2);
219-
220- $code.=<<___;
221- vmsumudm $out,$in1[0],$in2[0],$vzero
222- stxv $out,0($outp)
223-
224- xxpermdi $t1,$in1[0],$in1[1],0b00
225- xxpermdi $t2,$in2[1],$in2[0],0b00
226- vmsumudm $out,$t1,$t2,$vzero
227- stxv $out,16($outp)
228-
229- xxpermdi $t2,$in2[2],$in2[1],0b00
230- vmsumudm $out,$t1,$t2,$vzero
231- vmsumudm $out,$in1[2],$in2[0],$out
232- stxv $out,32($outp)
233-
234- xxpermdi $t2,$in2[1],$in2[0],0b00
235- xxpermdi $t3,$in1[2],$in1[3],0b00
236- xxpermdi $t4,$in2[3],$in2[2],0b00
237- vmsumudm $out,$t1,$t4,$vzero
238- vmsumudm $out,$t3,$t2,$out
239- stxv $out,48($outp)
240-
241- xxpermdi $t2,$in2[4],$in2[3],0b00
242- xxpermdi $t4,$in2[2],$in2[1],0b00
243- vmsumudm $out,$t1,$t2,$vzero
244- vmsumudm $out,$t3,$t4,$out
245- vmsumudm $out,$in1[4],$in2[0],$out
246- stxv $out,64($outp)
247-
248- xxpermdi $t2,$in2[5],$in2[4],0b00
249- xxpermdi $t4,$in2[3],$in2[2],0b00
250- vmsumudm $out,$t1,$t2,$vzero
251- vmsumudm $out,$t3,$t4,$out
252- xxpermdi $t4,$in2[1],$in2[0],0b00
253- xxpermdi $t1,$in1[4],$in1[5],0b00
254- vmsumudm $out,$t1,$t4,$out
255- stxv $out,80($outp)
256-
257- xxpermdi $t1,$in1[0],$in1[1],0b00
258- xxpermdi $t2,$in2[6],$in2[5],0b00
259- xxpermdi $t4,$in2[4],$in2[3],0b00
260- vmsumudm $out,$t1,$t2,$vzero
261- vmsumudm $out,$t3,$t4,$out
262- xxpermdi $t2,$in2[2],$in2[1],0b00
263- xxpermdi $t1,$in1[4],$in1[5],0b00
264- vmsumudm $out,$t1,$t2,$out
265- vmsumudm $out,$in1[6],$in2[0],$out
266- stxv $out,96($outp)
267-
268- xxpermdi $t1,$in1[1],$in1[2],0b00
269- xxpermdi $t2,$in2[6],$in2[5],0b00
270- xxpermdi $t3,$in1[3],$in1[4],0b00
271- vmsumudm $out,$t1,$t2,$vzero
272- vmsumudm $out,$t3,$t4,$out
273- xxpermdi $t3,$in2[2],$in2[1],0b00
274- xxpermdi $t1,$in1[5],$in1[6],0b00
275- vmsumudm $out,$t1,$t3,$out
276- stxv $out,112($outp)
277-
278- xxpermdi $t1,$in1[2],$in1[3],0b00
279- xxpermdi $t3,$in1[4],$in1[5],0b00
280- vmsumudm $out,$t1,$t2,$vzero
281- vmsumudm $out,$t3,$t4,$out
282- vmsumudm $out,$in1[6],$in2[2],$out
283- stxv $out,128($outp)
284-
285- xxpermdi $t1,$in1[3],$in1[4],0b00
286- vmsumudm $out,$t1,$t2,$vzero
287- xxpermdi $t1,$in1[5],$in1[6],0b00
288- vmsumudm $out,$t1,$t4,$out
289- stxv $out,144($outp)
290-
291- vmsumudm $out,$t3,$t2,$vzero
292- vmsumudm $out,$in1[6],$in2[4],$out
293- stxv $out,160($outp)
294-
295- vmsumudm $out,$t1,$t2,$vzero
296- stxv $out,176($outp)
297-
298- vmsumudm $out,$in1[6],$in2[6],$vzero
299- stxv $out,192($outp)
300-___
301+ mtlr 0
302+ ld 14, 56(1)
303+ ld 15, 64(1)
304+ ld 16, 72(1)
305+ ld 17, 80(1)
306+ addi 1, 1, 176
307+ blr
308+.size p384_felem_square,.-p384_felem_square
309
310- endproc("p384_felem_mul");
311- }
312+#
313+# Felem mul core function -
314+# r3, r4 and r5 need to pre-loaded.
315+#
316+.type _p384_felem_mul_core,\@function
317+.align 4
318+_p384_felem_mul_core:
319
320- {
321- #
322- # p384_felem_square
323- #
324+ ld 6,0(4)
325+ ld 14,0(5)
326+ ld 7,8(4)
327+ ld 15,8(5)
328+ ld 8,16(4)
329+ ld 16,16(5)
330+ ld 9,24(4)
331+ ld 17,24(5)
332+ ld 10,32(4)
333+ ld 18,32(5)
334+ ld 11,40(4)
335+ ld 19,40(5)
336+ ld 12,48(4)
337+ ld 20,48(5)
338
339- my ($inp) = ("r4");
340- my @in = map("v$_",(44..50));
341- my @inx2 = map("v$_",(35..41));
342+ # out0
343+ mulld 21, 14, 6
344+ mulhdu 22, 14, 6
345+ std 21, 0(3)
346+ std 22, 8(3)
347
348- startproc("p384_felem_square");
349+ vxor 0, 0, 0
350
351- $code.=<<___;
352- vspltisw $vzero,0
353+ # out1
354+ mtvsrdd 32+13, 14, 6
355+ mtvsrdd 32+14, 7, 15
356+ vmsumudm 1, 13, 14, 0
357
358-___
359+ # out2
360+ mtvsrdd 32+15, 15, 6
361+ mtvsrdd 32+16, 7, 16
362+ mtvsrdd 32+17, 0, 8
363+ mtvsrdd 32+18, 0, 14
364+ vmsumudm 19, 15, 16, 0
365+ vmsumudm 2, 17, 18, 19
366
367- load_vrs($inp, \@in);
368+ # out3
369+ mtvsrdd 32+13, 16, 6
370+ mtvsrdd 32+14, 7, 17
371+ mtvsrdd 32+15, 14, 8
372+ mtvsrdd 32+16, 9, 15
373+ vmsumudm 19, 13, 14, 0
374+ vmsumudm 3, 15, 16, 19
375
376- $code.=<<___;
377- li $zero,0
378- li $one,1
379- mtvsrdd $t1,$one,$zero
380-___
381+ # out4
382+ mtvsrdd 32+13, 17, 6
383+ mtvsrdd 32+14, 7, 18
384+ mtvsrdd 32+15, 15, 8
385+ mtvsrdd 32+16, 9, 16
386+ mtvsrdd 32+17, 0, 10
387+ mtvsrdd 32+18, 0, 14
388+ vmsumudm 19, 13, 14, 0
389+ vmsumudm 4, 15, 16, 19
390+ vmsumudm 4, 17, 18, 4
391
392- for (my $i = 0; $i <= 6; $i++) {
393- $code.=<<___;
394- vsld $inx2[$i],$in[$i],$t1
395-___
396- }
397-
398- $code.=<<___;
399- vmsumudm $out,$in[0],$in[0],$vzero
400- stxv $out,0($outp)
401-
402- vmsumudm $out,$in[0],$inx2[1],$vzero
403- stxv $out,16($outp)
404-
405- vmsumudm $out,$in[0],$inx2[2],$vzero
406- vmsumudm $out,$in[1],$in[1],$out
407- stxv $out,32($outp)
408-
409- xxpermdi $t1,$in[0],$in[1],0b00
410- xxpermdi $t2,$inx2[3],$inx2[2],0b00
411- vmsumudm $out,$t1,$t2,$vzero
412- stxv $out,48($outp)
413-
414- xxpermdi $t4,$inx2[4],$inx2[3],0b00
415- vmsumudm $out,$t1,$t4,$vzero
416- vmsumudm $out,$in[2],$in[2],$out
417- stxv $out,64($outp)
418-
419- xxpermdi $t2,$inx2[5],$inx2[4],0b00
420- vmsumudm $out,$t1,$t2,$vzero
421- vmsumudm $out,$in[2],$inx2[3],$out
422- stxv $out,80($outp)
423-
424- xxpermdi $t2,$inx2[6],$inx2[5],0b00
425- vmsumudm $out,$t1,$t2,$vzero
426- vmsumudm $out,$in[2],$inx2[4],$out
427- vmsumudm $out,$in[3],$in[3],$out
428- stxv $out,96($outp)
429-
430- xxpermdi $t3,$in[1],$in[2],0b00
431- vmsumudm $out,$t3,$t2,$vzero
432- vmsumudm $out,$in[3],$inx2[4],$out
433- stxv $out,112($outp)
434-
435- xxpermdi $t1,$in[2],$in[3],0b00
436- vmsumudm $out,$t1,$t2,$vzero
437- vmsumudm $out,$in[4],$in[4],$out
438- stxv $out,128($outp)
439-
440- xxpermdi $t1,$in[3],$in[4],0b00
441- vmsumudm $out,$t1,$t2,$vzero
442- stxv $out,144($outp)
443-
444- vmsumudm $out,$in[4],$inx2[6],$vzero
445- vmsumudm $out,$in[5],$in[5],$out
446- stxv $out,160($outp)
447-
448- vmsumudm $out,$in[5],$inx2[6],$vzero
449- stxv $out,176($outp)
450-
451- vmsumudm $out,$in[6],$in[6],$vzero
452- stxv $out,192($outp)
453-___
454+ # out5
455+ mtvsrdd 32+13, 18, 6
456+ mtvsrdd 32+14, 7, 19
457+ mtvsrdd 32+15, 16, 8
458+ mtvsrdd 32+16, 9, 17
459+ mtvsrdd 32+17, 14, 10
460+ mtvsrdd 32+18, 11, 15
461+ vmsumudm 19, 13, 14, 0
462+ vmsumudm 5, 15, 16, 19
463+ vmsumudm 5, 17, 18, 5
464+
465+ stxv 32+1, 16(3)
466+ stxv 32+2, 32(3)
467+ stxv 32+3, 48(3)
468+ stxv 32+4, 64(3)
469+ stxv 32+5, 80(3)
470+
471+ # out6
472+ mtvsrdd 32+13, 19, 6
473+ mtvsrdd 32+14, 7, 20
474+ mtvsrdd 32+15, 17, 8
475+ mtvsrdd 32+16, 9, 18
476+ mtvsrdd 32+17, 15, 10
477+ mtvsrdd 32+18, 11, 16
478+ vmsumudm 19, 13, 14, 0
479+ vmsumudm 6, 15, 16, 19
480+ mtvsrdd 32+13, 0, 12
481+ mtvsrdd 32+14, 0, 14
482+ vmsumudm 19, 17, 18, 6
483+ vmsumudm 6, 13, 14, 19
484+
485+ # out7
486+ mtvsrdd 32+13, 19, 7
487+ mtvsrdd 32+14, 8, 20
488+ mtvsrdd 32+15, 17, 9
489+ mtvsrdd 32+16, 10, 18
490+ mtvsrdd 32+17, 15, 11
491+ mtvsrdd 32+18, 12, 16
492+ vmsumudm 19, 13, 14, 0
493+ vmsumudm 7, 15, 16, 19
494+ vmsumudm 7, 17, 18, 7
495+
496+ # out8
497+ mtvsrdd 32+13, 19, 8
498+ mtvsrdd 32+14, 9, 20
499+ mtvsrdd 32+15, 17, 10
500+ mtvsrdd 32+16, 11, 18
501+ mtvsrdd 32+17, 0, 12
502+ mtvsrdd 32+18, 0, 16
503+ vmsumudm 19, 13, 14, 0
504+ vmsumudm 8, 15, 16, 19
505+ vmsumudm 8, 17, 18, 8
506+
507+ # out9
508+ mtvsrdd 32+13, 19, 9
509+ mtvsrdd 32+14, 10, 20
510+ mtvsrdd 32+15, 17, 11
511+ mtvsrdd 32+16, 12, 18
512+ vmsumudm 19, 13, 14, 0
513+ vmsumudm 9, 15, 16, 19
514+
515+ # out10
516+ mtvsrdd 32+13, 19, 10
517+ mtvsrdd 32+14, 11, 20
518+ mtvsrdd 32+15, 0, 12
519+ mtvsrdd 32+16, 0, 18
520+ vmsumudm 19, 13, 14, 0
521+ vmsumudm 10, 15, 16, 19
522+
523+ # out11
524+ mtvsrdd 32+17, 19, 11
525+ mtvsrdd 32+18, 12, 20
526+ vmsumudm 11, 17, 18, 0
527+
528+ stxv 32+6, 96(3)
529+ stxv 32+7, 112(3)
530+ stxv 32+8, 128(3)
531+ stxv 32+9, 144(3)
532+ stxv 32+10, 160(3)
533+ stxv 32+11, 176(3)
534+
535+ # out12
536+ mulld 21, 20, 12
537+ mulhdu 22, 20, 12 # out12
538+
539+ std 21, 192(3)
540+ std 22, 200(3)
541+
542+ blr
543+.size _p384_felem_mul_core,.-_p384_felem_mul_core
544+
545+#
546+# Felem square core function -
547+# r3 and r4 need to pre-loaded.
548+#
549+.type _p384_felem_square_core,\@function
550+.align 4
551+_p384_felem_square_core:
552+
553+ ld 6, 0(4)
554+ ld 7, 8(4)
555+ ld 8, 16(4)
556+ ld 9, 24(4)
557+ ld 10, 32(4)
558+ ld 11, 40(4)
559+ ld 12, 48(4)
560+
561+ vxor 0, 0, 0
562+
563+ # out0
564+ mulld 14, 6, 6
565+ mulhdu 15, 6, 6
566+ std 14, 0(3)
567+ std 15, 8(3)
568+
569+ # out1
570+ add 14, 6, 6
571+ mtvsrdd 32+13, 0, 14
572+ mtvsrdd 32+14, 0, 7
573+ vmsumudm 1, 13, 14, 0
574+
575+ # out2
576+ mtvsrdd 32+15, 7, 14
577+ mtvsrdd 32+16, 7, 8
578+ vmsumudm 2, 15, 16, 0
579+
580+ # out3
581+ add 15, 7, 7
582+ mtvsrdd 32+13, 8, 14
583+ mtvsrdd 32+14, 15, 9
584+ vmsumudm 3, 13, 14, 0
585+
586+ # out4
587+ mtvsrdd 32+13, 9, 14
588+ mtvsrdd 32+14, 15, 10
589+ mtvsrdd 32+15, 0, 8
590+ vmsumudm 4, 13, 14, 0
591+ vmsumudm 4, 15, 15, 4
592+
593+ # out5
594+ mtvsrdd 32+13, 10, 14
595+ mtvsrdd 32+14, 15, 11
596+ add 16, 8, 8
597+ mtvsrdd 32+15, 0, 16
598+ mtvsrdd 32+16, 0, 9
599+ vmsumudm 5, 13, 14, 0
600+ vmsumudm 5, 15, 16, 5
601+
602+ stxv 32+1, 16(3)
603+ stxv 32+2, 32(3)
604+ stxv 32+3, 48(3)
605+ stxv 32+4, 64(3)
606+
607+ # out6
608+ mtvsrdd 32+13, 11, 14
609+ mtvsrdd 32+14, 15, 12
610+ mtvsrdd 32+15, 9, 16
611+ mtvsrdd 32+16, 9, 10
612+ stxv 32+5, 80(3)
613+ vmsumudm 19, 13, 14, 0
614+ vmsumudm 6, 15, 16, 19
615+
616+ # out7
617+ add 17, 9, 9
618+ mtvsrdd 32+13, 11, 15
619+ mtvsrdd 32+14, 16, 12
620+ mtvsrdd 32+15, 0, 17
621+ mtvsrdd 32+16, 0, 10
622+ vmsumudm 19, 13, 14, 0
623+ vmsumudm 7, 15, 16, 19
624+
625+ # out8
626+ mtvsrdd 32+13, 11, 16
627+ mtvsrdd 32+14, 17, 12
628+ mtvsrdd 32+15, 0, 10
629+ vmsumudm 19, 13, 14, 0
630+ vmsumudm 8, 15, 15, 19
631+
632+ # out9
633+ add 14, 10, 10
634+ mtvsrdd 32+13, 11, 17
635+ mtvsrdd 32+14, 14, 12
636+ vmsumudm 9, 13, 14, 0
637+
638+ # out10
639+ mtvsrdd 32+13, 11, 14
640+ mtvsrdd 32+14, 11, 12
641+ vmsumudm 10, 13, 14, 0
642+
643+ stxv 32+6, 96(3)
644+ stxv 32+7, 112(3)
645+
646+ # out11
647+ #add 14, 11, 11
648+ #mtvsrdd 32+13, 0, 14
649+ #mtvsrdd 32+14, 0, 12
650+ #vmsumudm 11, 13, 14, 0
651+
652+ mulld 6, 12, 11
653+ mulhdu 7, 12, 11
654+ addc 8, 6, 6
655+ adde 9, 7, 7
656+
657+ stxv 32+8, 128(3)
658+ stxv 32+9, 144(3)
659+ stxv 32+10, 160(3)
660+ #stxv 32+11, 176(3)
661+
662+ # out12
663+ mulld 14, 12, 12
664+ mulhdu 15, 12, 12
665+
666+ std 8, 176(3)
667+ std 9, 184(3)
668+ std 14, 192(3)
669+ std 15, 200(3)
670+
671+ blr
672+.size _p384_felem_square_core,.-_p384_felem_square_core
673+
674+#
675+# widefelem (128 bits) * 8
676+#
677+.macro F128_X_8 _off1 _off2
678+ ld 9,\\_off1(3)
679+ ld 8,\\_off2(3)
680+ srdi 10,9,61
681+ rldimi 10,8,3,0
682+ sldi 9,9,3
683+ std 9,\\_off1(3)
684+ std 10,\\_off2(3)
685+.endm
686+
687+.globl p384_felem128_mul_by_8
688+.type p384_felem128_mul_by_8, \@function
689+.align 4
690+p384_felem128_mul_by_8:
691+
692+ F128_X_8 0, 8
693+
694+ F128_X_8 16, 24
695+
696+ F128_X_8 32, 40
697+
698+ F128_X_8 48, 56
699+
700+ F128_X_8 64, 72
701+
702+ F128_X_8 80, 88
703+
704+ F128_X_8 96, 104
705+
706+ F128_X_8 112, 120
707+
708+ F128_X_8 128, 136
709+
710+ F128_X_8 144, 152
711+
712+ F128_X_8 160, 168
713+
714+ F128_X_8 176, 184
715+
716+ F128_X_8 192, 200
717+
718+ blr
719+.size p384_felem128_mul_by_8,.-p384_felem128_mul_by_8
720+
721+#
722+# widefelem (128 bits) * 2
723+#
724+.macro F128_X_2 _off1 _off2
725+ ld 9,\\_off1(3)
726+ ld 8,\\_off2(3)
727+ srdi 10,9,63
728+ rldimi 10,8,1,0
729+ sldi 9,9,1
730+ std 9,\\_off1(3)
731+ std 10,\\_off2(3)
732+.endm
733+
734+.globl p384_felem128_mul_by_2
735+.type p384_felem128_mul_by_2, \@function
736+.align 4
737+p384_felem128_mul_by_2:
738+
739+ F128_X_2 0, 8
740+
741+ F128_X_2 16, 24
742+
743+ F128_X_2 32, 40
744+
745+ F128_X_2 48, 56
746+
747+ F128_X_2 64, 72
748+
749+ F128_X_2 80, 88
750+
751+ F128_X_2 96, 104
752+
753+ F128_X_2 112, 120
754+
755+ F128_X_2 128, 136
756+
757+ F128_X_2 144, 152
758+
759+ F128_X_2 160, 168
760+
761+ F128_X_2 176, 184
762+
763+ F128_X_2 192, 200
764+
765+ blr
766+.size p384_felem128_mul_by_2,.-p384_felem128_mul_by_2
767+
768+.globl p384_felem_diff128
769+.type p384_felem_diff128, \@function
770+.align 4
771+p384_felem_diff128:
772+
773+ addis 5, 2, .LConst_two127\@toc\@ha
774+ addi 5, 5, .LConst_two127\@toc\@l
775+
776+ ld 10, 0(3)
777+ ld 8, 8(3)
778+ li 9, 0
779+ addc 10, 10, 9
780+ li 7, -1
781+ rldicr 7, 7, 0, 0 # two127
782+ adde 8, 8, 7
783+ ld 11, 0(4)
784+ ld 12, 8(4)
785+ subfc 11, 11, 10
786+ subfe 12, 12, 8
787+ std 11, 0(3) # out0
788+ std 12, 8(3)
789+
790+ # two127m71 = (r10, r9)
791+ ld 8, 16(3)
792+ ld 7, 24(3)
793+ ld 10, 24(5) # two127m71
794+ addc 8, 8, 9
795+ adde 7, 7, 10
796+ ld 11, 16(4)
797+ ld 12, 24(4)
798+ subfc 11, 11, 8
799+ subfe 12, 12, 7
800+ std 11, 16(3) # out1
801+ std 12, 24(3)
802+
803+ ld 8, 32(3)
804+ ld 7, 40(3)
805+ addc 8, 8, 9
806+ adde 7, 7, 10
807+ ld 11, 32(4)
808+ ld 12, 40(4)
809+ subfc 11, 11, 8
810+ subfe 12, 12, 7
811+ std 11, 32(3) # out2
812+ std 12, 40(3)
813+
814+ ld 8, 48(3)
815+ ld 7, 56(3)
816+ addc 8, 8, 9
817+ adde 7, 7, 10
818+ ld 11, 48(4)
819+ ld 12, 56(4)
820+ subfc 11, 11, 8
821+ subfe 12, 12, 7
822+ std 11, 48(3) # out3
823+ std 12, 56(3)
824+
825+ ld 8, 64(3)
826+ ld 7, 72(3)
827+ addc 8, 8, 9
828+ adde 7, 7, 10
829+ ld 11, 64(4)
830+ ld 12, 72(4)
831+ subfc 11, 11, 8
832+ subfe 12, 12, 7
833+ std 11, 64(3) # out4
834+ std 12, 72(3)
835+
836+ ld 8, 80(3)
837+ ld 7, 88(3)
838+ addc 8, 8, 9
839+ adde 7, 7, 10
840+ ld 11, 80(4)
841+ ld 12, 88(4)
842+ subfc 11, 11, 8
843+ subfe 12, 12, 7
844+ std 11, 80(3) # out5
845+ std 12, 88(3)
846+
847+ ld 8, 96(3)
848+ ld 7, 104(3)
849+ ld 6, 40(5) # two127p111m79m71
850+ addc 8, 8, 9
851+ adde 7, 7, 6
852+ ld 11, 96(4)
853+ ld 12, 104(4)
854+ subfc 11, 11, 8
855+ subfe 12, 12, 7
856+ std 11, 96(3) # out6
857+ std 12, 104(3)
858+
859+ ld 8, 112(3)
860+ ld 7, 120(3)
861+ ld 6, 56(5) # two127m119m71
862+ addc 8, 8, 9
863+ adde 7, 7, 6
864+ ld 11, 112(4)
865+ ld 12, 120(4)
866+ subfc 11, 11, 8
867+ subfe 12, 12, 7
868+ std 11, 112(3) # out7
869+ std 12, 120(3)
870+
871+ ld 8, 128(3)
872+ ld 7, 136(3)
873+ ld 6, 72(5) # two127m95m71
874+ addc 8, 8, 9
875+ adde 7, 7, 6
876+ ld 11, 128(4)
877+ ld 12, 136(4)
878+ subfc 11, 11, 8
879+ subfe 12, 12, 7
880+ std 11, 128(3) # out8
881+ std 12, 136(3)
882+
883+ ld 8, 144(3)
884+ ld 7, 152(3)
885+ addc 8, 8, 9
886+ adde 7, 7, 10
887+ ld 11, 144(4)
888+ ld 12, 152(4)
889+ subfc 11, 11, 8
890+ subfe 12, 12, 7
891+ std 11, 144(3) # out9
892+ std 12, 152(3)
893+
894+ ld 8, 160(3)
895+ ld 7, 168(3)
896+ addc 8, 8, 9
897+ adde 7, 7, 10
898+ ld 11, 160(4)
899+ ld 12, 168(4)
900+ subfc 11, 11, 8
901+ subfe 12, 12, 7
902+ std 11, 160(3) # out10
903+ std 12, 168(3)
904+
905+ ld 8, 176(3)
906+ ld 7, 184(3)
907+ addc 8, 8, 9
908+ adde 7, 7, 10
909+ ld 11, 176(4)
910+ ld 12, 184(4)
911+ subfc 11, 11, 8
912+ subfe 12, 12, 7
913+ std 11, 176(3) # out11
914+ std 12, 184(3)
915+
916+ ld 8, 192(3)
917+ ld 7, 200(3)
918+ addc 8, 8, 9
919+ adde 7, 7, 10
920+ ld 11, 192(4)
921+ ld 12, 200(4)
922+ subfc 11, 11, 8
923+ subfe 12, 12, 7
924+ std 11, 192(3) # out12
925+ std 12, 200(3)
926+
927+ blr
928+.size p384_felem_diff128,.-p384_felem_diff128
929+
930+.data
931+.align 4
932+.LConst_two127:
933+#two127
934+.long 0x00000000, 0x00000000, 0x00000000, 0x80000000
935+#two127m71
936+.long 0x00000000, 0x00000000, 0xffffff80, 0x7fffffff
937+#two127p111m79m71
938+.long 0x00000000, 0x00000000, 0xffff7f80, 0x80007fff
939+#two127m119m71
940+.long 0x00000000, 0x00000000, 0xffffff80, 0x7f7fffff
941+#two127m95m71
942+.long 0x00000000, 0x00000000, 0x7fffff80, 0x7fffffff
943+
944+.text
945+
946+.globl p384_felem_diff_128_64
947+.type p384_felem_diff_128_64, \@function
948+.align 4
949+p384_felem_diff_128_64:
950+ addis 5, 2, .LConst_128_two64\@toc\@ha
951+ addi 5, 5, .LConst_128_two64\@toc\@l
952+
953+ ld 9, 0(3)
954+ ld 10, 8(3)
955+ ld 8, 48(5) # two64p48m16
956+ li 7, 0
957+ addc 9, 9, 8
958+ li 6, 1
959+ adde 10, 10, 6
960+ ld 11, 0(4)
961+ subfc 8, 11, 9
962+ subfe 12, 7, 10
963+ std 8, 0(3) # out0
964+ std 12, 8(3)
965+
966+ ld 9, 16(3)
967+ ld 10, 24(3)
968+ ld 8, 0(5) # two64m56m8
969+ addc 9, 9, 8
970+ addze 10, 10
971+ ld 11, 8(4)
972+ subfc 11, 11, 9
973+ subfe 12, 7, 10
974+ std 11, 16(3) # out1
975+ std 12, 24(3)
976+
977+ ld 9, 32(3)
978+ ld 10, 40(3)
979+ ld 8, 16(5) # two64m32m8
980+ addc 9, 9, 8
981+ addze 10, 10
982+ ld 11, 16(4)
983+ subfc 11, 11, 9
984+ subfe 12, 7, 10
985+ std 11, 32(3) # out2
986+ std 12, 40(3)
987+
988+ ld 10, 48(3)
989+ ld 8, 56(3)
990+ #ld 9, 32(5) # two64m8
991+ li 9, -256 # two64m8
992+ addc 10, 10, 9
993+ addze 8, 8
994+ ld 11, 24(4)
995+ subfc 11, 11, 10
996+ subfe 12, 7, 8
997+ std 11, 48(3) # out3
998+ std 12, 56(3)
999+
1000+ ld 10, 64(3)
1001+ ld 8, 72(3)
1002+ addc 10, 10, 9
1003+ addze 8, 8
1004+ ld 11, 32(4)
1005+ subfc 11, 11, 10
1006+ subfe 12, 7, 8
1007+ std 11, 64(3) # out4
1008+ std 12, 72(3)
1009+
1010+ ld 10, 80(3)
1011+ ld 8, 88(3)
1012+ addc 10, 10, 9
1013+ addze 8, 8
1014+ ld 11, 40(4)
1015+ subfc 11, 11, 10
1016+ subfe 12, 7, 8
1017+ std 11, 80(3) # out5
1018+ std 12, 88(3)
1019+
1020+ ld 10, 96(3)
1021+ ld 8, 104(3)
1022+ addc 10, 10, 9
1023+ addze 9, 8
1024+ ld 11, 48(4)
1025+ subfc 11, 11, 10
1026+ subfe 12, 7, 9
1027+ std 11, 96(3) # out6
1028+ std 12, 104(3)
1029+
1030+ blr
1031+.size p384_felem_diff_128_64,.-p384_felem_diff_128_64
1032+
1033+.data
1034+.align 4
1035+.LConst_128_two64:
1036+#two64m56m8
1037+.long 0xffffff00, 0xfeffffff, 0x00000000, 0x00000000
1038+#two64m32m8
1039+.long 0xffffff00, 0xfffffffe, 0x00000000, 0x00000000
1040+#two64m8
1041+.long 0xffffff00, 0xffffffff, 0x00000000, 0x00000000
1042+#two64p48m16
1043+.long 0xffff0000, 0x0000ffff, 0x00000001, 0x00000000
1044+
1045+.LConst_two60:
1046+#two60m52m4
1047+.long 0xfffffff0, 0x0fefffff, 0x0, 0x0
1048+#two60p44m12
1049+.long 0xfffff000, 0x10000fff, 0x0, 0x0
1050+#two60m28m4
1051+.long 0xeffffff0, 0x0fffffff, 0x0, 0x0
1052+#two60m4
1053+.long 0xfffffff0, 0x0fffffff, 0x0, 0x0
1054+
1055+.text
1056+#
1057+# static void felem_diff64(felem out, const felem in)
1058+#
1059+.globl p384_felem_diff64
1060+.type p384_felem_diff64, \@function
1061+.align 4
1062+p384_felem_diff64:
1063+ addis 5, 2, .LConst_two60\@toc\@ha
1064+ addi 5, 5, .LConst_two60\@toc\@l
1065+
1066+ ld 9, 0(3)
1067+ ld 8, 16(5) # two60p44m12
1068+ li 7, 0
1069+ add 9, 9, 8
1070+ ld 11, 0(4)
1071+ subf 8, 11, 9
1072+ std 8, 0(3) # out0
1073+
1074+ ld 9, 8(3)
1075+ ld 8, 0(5) # two60m52m4
1076+ add 9, 9, 8
1077+ ld 11, 8(4)
1078+ subf 11, 11, 9
1079+ std 11, 8(3) # out1
1080+
1081+ ld 9, 16(3)
1082+ ld 8, 32(5) # two60m28m4
1083+ add 9, 9, 8
1084+ ld 11, 16(4)
1085+ subf 11, 11, 9
1086+ std 11, 16(3) # out2
1087+
1088+ ld 10, 24(3)
1089+ ld 9, 48(5) # two60m4
1090+ add 10, 10, 9
1091+ ld 12, 24(4)
1092+ subf 12, 12, 10
1093+ std 12, 24(3) # out3
1094+
1095+ ld 10, 32(3)
1096+ add 10, 10, 9
1097+ ld 11, 32(4)
1098+ subf 11, 11, 10
1099+ std 11, 32(3) # out4
1100+
1101+ ld 10, 40(3)
1102+ add 10, 10, 9
1103+ ld 12, 40(4)
1104+ subf 12, 12, 10
1105+ std 12, 40(3) # out5
1106
1107- endproc("p384_felem_square");
1108- }
1109-}
1110+ ld 10, 48(3)
1111+ add 10, 10, 9
1112+ ld 11, 48(4)
1113+ subf 11, 11, 10
1114+ std 11, 48(3) # out6
1115+
1116+ blr
1117+.size p384_felem_diff64,.-p384_felem_diff64
1118+
1119+.text
1120+#
1121+# Shift 128 bits right <nbits>
1122+#
1123+.macro SHR o_h o_l in_h in_l nbits
1124+ srdi \\o_l, \\in_l, \\nbits # shift lower right <nbits>
1125+ rldimi \\o_l, \\in_h, 64-\\nbits, 0 # insert <64-nbits> from hi
1126+ srdi \\o_h, \\in_h, \\nbits # shift higher right <nbits>
1127+.endm
1128+
1129+#
1130+# static void felem_reduce(felem out, const widefelem in)
1131+#
1132+.global p384_felem_reduce
1133+.type p384_felem_reduce,\@function
1134+.align 4
1135+p384_felem_reduce:
1136+
1137+ stdu 1, -208(1)
1138+ mflr 0
1139+ std 14, 56(1)
1140+ std 15, 64(1)
1141+ std 16, 72(1)
1142+ std 17, 80(1)
1143+ std 18, 88(1)
1144+ std 19, 96(1)
1145+ std 20, 104(1)
1146+ std 21, 112(1)
1147+ std 22, 120(1)
1148+ std 23, 128(1)
1149+ std 24, 136(1)
1150+ std 25, 144(1)
1151+ std 26, 152(1)
1152+ std 27, 160(1)
1153+ std 28, 168(1)
1154+ std 29, 176(1)
1155+ std 30, 184(1)
1156+ std 31, 192(1)
1157+
1158+ bl _p384_felem_reduce_core
1159+
1160+ mtlr 0
1161+ ld 14, 56(1)
1162+ ld 15, 64(1)
1163+ ld 16, 72(1)
1164+ ld 17, 80(1)
1165+ ld 18, 88(1)
1166+ ld 19, 96(1)
1167+ ld 20, 104(1)
1168+ ld 21, 112(1)
1169+ ld 22, 120(1)
1170+ ld 23, 128(1)
1171+ ld 24, 136(1)
1172+ ld 25, 144(1)
1173+ ld 26, 152(1)
1174+ ld 27, 160(1)
1175+ ld 28, 168(1)
1176+ ld 29, 176(1)
1177+ ld 30, 184(1)
1178+ ld 31, 192(1)
1179+ addi 1, 1, 208
1180+ blr
1181+.size p384_felem_reduce,.-p384_felem_reduce
1182+
1183+#
1184+# Felem reduction core function -
1185+# r3 and r4 need to pre-loaded.
1186+#
1187+.type _p384_felem_reduce_core,\@function
1188+.align 4
1189+_p384_felem_reduce_core:
1190+ addis 12, 2, .LConst\@toc\@ha
1191+ addi 12, 12, .LConst\@toc\@l
1192+
1193+ # load constat p
1194+ ld 11, 8(12) # hi - two124m68
1195+
1196+ # acc[6] = in[6] + two124m68;
1197+ ld 26, 96(4) # in[6].l
1198+ ld 27, 96+8(4) # in[6].h
1199+ add 27, 27, 11
1200+
1201+ # acc[5] = in[5] + two124m68;
1202+ ld 24, 80(4) # in[5].l
1203+ ld 25, 80+8(4) # in[5].h
1204+ add 25, 25, 11
1205+
1206+ # acc[4] = in[4] + two124m68;
1207+ ld 22, 64(4) # in[4].l
1208+ ld 23, 64+8(4) # in[4].h
1209+ add 23, 23, 11
1210+
1211+ # acc[3] = in[3] + two124m68;
1212+ ld 20, 48(4) # in[3].l
1213+ ld 21, 48+8(4) # in[3].h
1214+ add 21, 21, 11
1215+
1216+ ld 11, 48+8(12) # hi - two124m92m68
1217+
1218+ # acc[2] = in[2] + two124m92m68;
1219+ ld 18, 32(4) # in[2].l
1220+ ld 19, 32+8(4) # in[2].h
1221+ add 19, 19, 11
1222+
1223+ ld 11, 16+8(12) # high - two124m116m68
1224+
1225+ # acc[1] = in[1] + two124m116m68;
1226+ ld 16, 16(4) # in[1].l
1227+ ld 17, 16+8(4) # in[1].h
1228+ add 17, 17, 11
1229+
1230+ ld 11, 32+8(12) # high - two124p108m76
1231+
1232+ # acc[0] = in[0] + two124p108m76;
1233+ ld 14, 0(4) # in[0].l
1234+ ld 15, 0+8(4) # in[0].h
1235+ add 15, 15, 11
1236+
1237+ # compute mask
1238+ li 7, -1
1239+
1240+ # Eliminate in[12]
1241+
1242+ # acc[8] += in[12] >> 32;
1243+ ld 5, 192(4) # in[12].l
1244+ ld 6, 192+8(4) # in[12].h
1245+ SHR 9, 10, 6, 5, 32
1246+ ld 30, 128(4) # in[8].l
1247+ ld 31, 136(4) # in[8].h
1248+ addc 30, 30, 10
1249+ adde 31, 31, 9
1250+
1251+ # acc[7] += (in[12] & 0xffffffff) << 24;
1252+ srdi 11, 7, 32 # 0xffffffff
1253+ and 11, 11, 5
1254+ sldi 11, 11, 24 # << 24
1255+ ld 28, 112(4) # in[7].l
1256+ ld 29, 120(4) # in[7].h
1257+ addc 28, 28, 11
1258+ addze 29, 29
1259+
1260+ # acc[7] += in[12] >> 8;
1261+ SHR 9, 10, 6, 5, 8
1262+ addc 28, 28, 10
1263+ adde 29, 29, 9
1264+
1265+ # acc[6] += (in[12] & 0xff) << 48;
1266+ andi. 11, 5, 0xff
1267+ sldi 11, 11, 48
1268+ addc 26, 26, 11
1269+ addze 27, 27
1270+
1271+ # acc[6] -= in[12] >> 16;
1272+ SHR 9, 10, 6, 5, 16
1273+ subfc 26, 10, 26
1274+ subfe 27, 9, 27
1275+
1276+ # acc[5] -= (in[12] & 0xffff) << 40;
1277+ srdi 11, 7, 48 # 0xffff
1278+ and 11, 11, 5
1279+ sldi 11, 11, 40 # << 40
1280+ li 9, 0
1281+ subfc 24, 11, 24
1282+ subfe 25, 9, 25
1283+
1284+ # acc[6] += in[12] >> 48;
1285+ SHR 9, 10, 6, 5, 48
1286+ addc 26, 26, 10
1287+ adde 27, 27, 9
1288+
1289+ # acc[5] += (in[12] & 0xffffffffffff) << 8;
1290+ srdi 11, 7, 16 # 0xffffffffffff
1291+ and 11, 11, 5
1292+ sldi 11, 11, 8 # << 8
1293+ addc 24, 24, 11
1294+ addze 25, 25
1295+
1296+ # Eliminate in[11]
1297+
1298+ # acc[7] += in[11] >> 32;
1299+ ld 5, 176(4) # in[11].l
1300+ ld 6, 176+8(4) # in[11].h
1301+ SHR 9, 10, 6, 5, 32
1302+ addc 28, 28, 10
1303+ adde 29, 29, 9
1304+
1305+ # acc[6] += (in[11] & 0xffffffff) << 24;
1306+ srdi 11, 7, 32 # 0xffffffff
1307+ and 11, 11, 5
1308+ sldi 11, 11, 24 # << 24
1309+ addc 26, 26, 11
1310+ addze 27, 27
1311+
1312+ # acc[6] += in[11] >> 8;
1313+ SHR 9, 10, 6, 5, 8
1314+ addc 26, 26, 10
1315+ adde 27, 27, 9
1316+
1317+ # acc[5] += (in[11] & 0xff) << 48;
1318+ andi. 11, 5, 0xff
1319+ sldi 11, 11, 48
1320+ addc 24, 24, 11
1321+ addze 25, 25
1322+
1323+ # acc[5] -= in[11] >> 16;
1324+ SHR 9, 10, 6, 5, 16
1325+ subfc 24, 10, 24
1326+ subfe 25, 9, 25
1327+
1328+ # acc[4] -= (in[11] & 0xffff) << 40;
1329+ srdi 11, 7, 48 # 0xffff
1330+ and 11, 11, 5
1331+ sldi 11, 11, 40 # << 40
1332+ li 9, 0
1333+ subfc 22, 11, 22
1334+ subfe 23, 9, 23
1335+
1336+ # acc[5] += in[11] >> 48;
1337+ SHR 9, 10, 6, 5, 48
1338+ addc 24, 24, 10
1339+ adde 25, 25, 9
1340+
1341+ # acc[4] += (in[11] & 0xffffffffffff) << 8;
1342+ srdi 11, 7, 16 # 0xffffffffffff
1343+ and 11, 11, 5
1344+ sldi 11, 11, 8 # << 8
1345+ addc 22, 22, 11
1346+ addze 23, 23
1347+
1348+ # Eliminate in[10]
1349+
1350+ # acc[6] += in[10] >> 32;
1351+ ld 5, 160(4) # in[10].l
1352+ ld 6, 160+8(4) # in[10].h
1353+ SHR 9, 10, 6, 5, 32
1354+ addc 26, 26, 10
1355+ adde 27, 27, 9
1356+
1357+ # acc[5] += (in[10] & 0xffffffff) << 24;
1358+ srdi 11, 7, 32 # 0xffffffff
1359+ and 11, 11, 5
1360+ sldi 11, 11, 24 # << 24
1361+ addc 24, 24, 11
1362+ addze 25, 25
1363+
1364+ # acc[5] += in[10] >> 8;
1365+ SHR 9, 10, 6, 5, 8
1366+ addc 24, 24, 10
1367+ adde 25, 25, 9
1368+
1369+ # acc[4] += (in[10] & 0xff) << 48;
1370+ andi. 11, 5, 0xff
1371+ sldi 11, 11, 48
1372+ addc 22, 22, 11
1373+ addze 23, 23
1374+
1375+ # acc[4] -= in[10] >> 16;
1376+ SHR 9, 10, 6, 5, 16
1377+ subfc 22, 10, 22
1378+ subfe 23, 9, 23
1379+
1380+ # acc[3] -= (in[10] & 0xffff) << 40;
1381+ srdi 11, 7, 48 # 0xffff
1382+ and 11, 11, 5
1383+ sldi 11, 11, 40 # << 40
1384+ li 9, 0
1385+ subfc 20, 11, 20
1386+ subfe 21, 9, 21
1387+
1388+ # acc[4] += in[10] >> 48;
1389+ SHR 9, 10, 6, 5, 48
1390+ addc 22, 22, 10
1391+ adde 23, 23, 9
1392+
1393+ # acc[3] += (in[10] & 0xffffffffffff) << 8;
1394+ srdi 11, 7, 16 # 0xffffffffffff
1395+ and 11, 11, 5
1396+ sldi 11, 11, 8 # << 8
1397+ addc 20, 20, 11
1398+ addze 21, 21
1399+
1400+ # Eliminate in[9]
1401+
1402+ # acc[5] += in[9] >> 32;
1403+ ld 5, 144(4) # in[9].l
1404+ ld 6, 144+8(4) # in[9].h
1405+ SHR 9, 10, 6, 5, 32
1406+ addc 24, 24, 10
1407+ adde 25, 25, 9
1408+
1409+ # acc[4] += (in[9] & 0xffffffff) << 24;
1410+ srdi 11, 7, 32 # 0xffffffff
1411+ and 11, 11, 5
1412+ sldi 11, 11, 24 # << 24
1413+ addc 22, 22, 11
1414+ addze 23, 23
1415+
1416+ # acc[4] += in[9] >> 8;
1417+ SHR 9, 10, 6, 5, 8
1418+ addc 22, 22, 10
1419+ adde 23, 23, 9
1420+
1421+ # acc[3] += (in[9] & 0xff) << 48;
1422+ andi. 11, 5, 0xff
1423+ sldi 11, 11, 48
1424+ addc 20, 20, 11
1425+ addze 21, 21
1426+
1427+ # acc[3] -= in[9] >> 16;
1428+ SHR 9, 10, 6, 5, 16
1429+ subfc 20, 10, 20
1430+ subfe 21, 9, 21
1431+
1432+ # acc[2] -= (in[9] & 0xffff) << 40;
1433+ srdi 11, 7, 48 # 0xffff
1434+ and 11, 11, 5
1435+ sldi 11, 11, 40 # << 40
1436+ li 9, 0
1437+ subfc 18, 11, 18
1438+ subfe 19, 9, 19
1439+
1440+ # acc[3] += in[9] >> 48;
1441+ SHR 9, 10, 6, 5, 48
1442+ addc 20, 20, 10
1443+ adde 21, 21, 9
1444+
1445+ # acc[2] += (in[9] & 0xffffffffffff) << 8;
1446+ srdi 11, 7, 16 # 0xffffffffffff
1447+ and 11, 11, 5
1448+ sldi 11, 11, 8 # << 8
1449+ addc 18, 18, 11
1450+ addze 19, 19
1451+
1452+ # Eliminate acc[8]
1453+
1454+ # acc[4] += acc[8] >> 32;
1455+ mr 5, 30 # acc[8].l
1456+ mr 6, 31 # acc[8].h
1457+ SHR 9, 10, 6, 5, 32
1458+ addc 22, 22, 10
1459+ adde 23, 23, 9
1460+
1461+ # acc[3] += (acc[8] & 0xffffffff) << 24;
1462+ srdi 11, 7, 32 # 0xffffffff
1463+ and 11, 11, 5
1464+ sldi 11, 11, 24 # << 24
1465+ addc 20, 20, 11
1466+ addze 21, 21
1467+
1468+ # acc[3] += acc[8] >> 8;
1469+ SHR 9, 10, 6, 5, 8
1470+ addc 20, 20, 10
1471+ adde 21, 21, 9
1472+
1473+ # acc[2] += (acc[8] & 0xff) << 48;
1474+ andi. 11, 5, 0xff
1475+ sldi 11, 11, 48
1476+ addc 18, 18, 11
1477+ addze 19, 19
1478+
1479+ # acc[2] -= acc[8] >> 16;
1480+ SHR 9, 10, 6, 5, 16
1481+ subfc 18, 10, 18
1482+ subfe 19, 9, 19
1483+
1484+ # acc[1] -= (acc[8] & 0xffff) << 40;
1485+ srdi 11, 7, 48 # 0xffff
1486+ and 11, 11, 5
1487+ sldi 11, 11, 40 # << 40
1488+ li 9, 0
1489+ subfc 16, 11, 16
1490+ subfe 17, 9, 17
1491+
1492+ #acc[2] += acc[8] >> 48;
1493+ SHR 9, 10, 6, 5, 48
1494+ addc 18, 18, 10
1495+ adde 19, 19, 9
1496+
1497+ # acc[1] += (acc[8] & 0xffffffffffff) << 8;
1498+ srdi 11, 7, 16 # 0xffffffffffff
1499+ and 11, 11, 5
1500+ sldi 11, 11, 8 # << 8
1501+ addc 16, 16, 11
1502+ addze 17, 17
1503+
1504+ # Eliminate acc[7]
1505+
1506+ # acc[3] += acc[7] >> 32;
1507+ mr 5, 28 # acc[7].l
1508+ mr 6, 29 # acc[7].h
1509+ SHR 9, 10, 6, 5, 32
1510+ addc 20, 20, 10
1511+ adde 21, 21, 9
1512+
1513+ # acc[2] += (acc[7] & 0xffffffff) << 24;
1514+ srdi 11, 7, 32 # 0xffffffff
1515+ and 11, 11, 5
1516+ sldi 11, 11, 24 # << 24
1517+ addc 18, 18, 11
1518+ addze 19, 19
1519+
1520+ # acc[2] += acc[7] >> 8;
1521+ SHR 9, 10, 6, 5, 8
1522+ addc 18, 18, 10
1523+ adde 19, 19, 9
1524+
1525+ # acc[1] += (acc[7] & 0xff) << 48;
1526+ andi. 11, 5, 0xff
1527+ sldi 11, 11, 48
1528+ addc 16, 16, 11
1529+ addze 17, 17
1530+
1531+ # acc[1] -= acc[7] >> 16;
1532+ SHR 9, 10, 6, 5, 16
1533+ subfc 16, 10, 16
1534+ subfe 17, 9, 17
1535+
1536+ # acc[0] -= (acc[7] & 0xffff) << 40;
1537+ srdi 11, 7, 48 # 0xffff
1538+ and 11, 11, 5
1539+ sldi 11, 11, 40 # << 40
1540+ li 9, 0
1541+ subfc 14, 11, 14
1542+ subfe 15, 9, 15
1543+
1544+ # acc[1] += acc[7] >> 48;
1545+ SHR 9, 10, 6, 5, 48
1546+ addc 16, 16, 10
1547+ adde 17, 17, 9
1548+
1549+ # acc[0] += (acc[7] & 0xffffffffffff) << 8;
1550+ srdi 11, 7, 16 # 0xffffffffffff
1551+ and 11, 11, 5
1552+ sldi 11, 11, 8 # << 8
1553+ addc 14, 14, 11
1554+ addze 15, 15
1555+
1556+ #
1557+ # Carry 4 -> 5 -> 6
1558+ #
1559+ # acc[5] += acc[4] >> 56;
1560+ # acc[4] &= 0x00ffffffffffffff;
1561+ SHR 9, 10, 23, 22, 56
1562+ addc 24, 24, 10
1563+ adde 25, 25, 9
1564+ srdi 11, 7, 8 # 0x00ffffffffffffff
1565+ and 22, 22, 11
1566+ li 23, 0
1567+
1568+ # acc[6] += acc[5] >> 56;
1569+ # acc[5] &= 0x00ffffffffffffff;
1570+ SHR 9, 10, 25, 24, 56
1571+ addc 26, 26, 10
1572+ adde 27, 27, 9
1573+ and 24, 24, 11
1574+ li 25, 0
1575+
1576+ # [3]: Eliminate high bits of acc[6] */
1577+ # temp = acc[6] >> 48;
1578+ # acc[6] &= 0x0000ffffffffffff;
1579+ SHR 31, 30, 27, 26, 48 # temp = acc[6] >> 48
1580+ srdi 11, 7, 16 # 0x0000ffffffffffff
1581+ and 26, 26, 11
1582+ li 27, 0
1583+
1584+ # temp < 2^80
1585+ # acc[3] += temp >> 40;
1586+ SHR 9, 10, 31, 30, 40
1587+ addc 20, 20, 10
1588+ adde 21, 21, 9
1589+
1590+ # acc[2] += (temp & 0xffffffffff) << 16;
1591+ srdi 11, 7, 24 # 0xffffffffff
1592+ and 10, 30, 11
1593+ sldi 10, 10, 16
1594+ addc 18, 18, 10
1595+ addze 19, 19
1596+
1597+ # acc[2] += temp >> 16;
1598+ SHR 9, 10, 31, 30, 16
1599+ addc 18, 18, 10
1600+ adde 19, 19, 9
1601+
1602+ # acc[1] += (temp & 0xffff) << 40;
1603+ srdi 11, 7, 48 # 0xffff
1604+ and 10, 30, 11
1605+ sldi 10, 10, 40
1606+ addc 16, 16, 10
1607+ addze 17, 17
1608+
1609+ # acc[1] -= temp >> 24;
1610+ SHR 9, 10, 31, 30, 24
1611+ subfc 16, 10, 16
1612+ subfe 17, 9, 17
1613+
1614+ # acc[0] -= (temp & 0xffffff) << 32;
1615+ srdi 11, 7, 40 # 0xffffff
1616+ and 10, 30, 11
1617+ sldi 10, 10, 32
1618+ li 9, 0
1619+ subfc 14, 10, 14
1620+ subfe 15, 9, 15
1621+
1622+ # acc[0] += temp;
1623+ addc 14, 14, 30
1624+ adde 15, 15, 31
1625+
1626+ # Carry 0 -> 1 -> 2 -> 3 -> 4 -> 5 -> 6
1627+ #
1628+ # acc[1] += acc[0] >> 56; /* acc[1] < acc_old[1] + 2^72 */
1629+ SHR 9, 10, 15, 14, 56
1630+ addc 16, 16, 10
1631+ adde 17, 17, 9
1632+
1633+ # acc[0] &= 0x00ffffffffffffff;
1634+ srdi 11, 7, 8 # 0x00ffffffffffffff
1635+ and 14, 14, 11
1636+ li 15, 0
1637+
1638+ # acc[2] += acc[1] >> 56; /* acc[2] < acc_old[2] + 2^72 + 2^16 */
1639+ SHR 9, 10, 17, 16, 56
1640+ addc 18, 18, 10
1641+ adde 19, 19, 9
1642+
1643+ # acc[1] &= 0x00ffffffffffffff;
1644+ and 16, 16, 11
1645+ li 17, 0
1646+
1647+ # acc[3] += acc[2] >> 56; /* acc[3] < acc_old[3] + 2^72 + 2^16 */
1648+ SHR 9, 10, 19, 18, 56
1649+ addc 20, 20, 10
1650+ adde 21, 21, 9
1651+
1652+ # acc[2] &= 0x00ffffffffffffff;
1653+ and 18, 18, 11
1654+ li 19, 0
1655+
1656+ # acc[4] += acc[3] >> 56;
1657+ SHR 9, 10, 21, 20, 56
1658+ addc 22, 22, 10
1659+ adde 23, 23, 9
1660+
1661+ # acc[3] &= 0x00ffffffffffffff;
1662+ and 20, 20, 11
1663+ li 21, 0
1664+
1665+ # acc[5] += acc[4] >> 56;
1666+ SHR 9, 10, 23, 22, 56
1667+ addc 24, 24, 10
1668+ adde 25, 25, 9
1669+
1670+ # acc[4] &= 0x00ffffffffffffff;
1671+ and 22, 22, 11
1672+
1673+ # acc[6] += acc[5] >> 56;
1674+ SHR 9, 10, 25, 24, 56
1675+ addc 26, 26, 10
1676+ adde 27, 27, 9
1677+
1678+ # acc[5] &= 0x00ffffffffffffff;
1679+ and 24, 24, 11
1680+
1681+ std 14, 0(3)
1682+ std 16, 8(3)
1683+ std 18, 16(3)
1684+ std 20, 24(3)
1685+ std 22, 32(3)
1686+ std 24, 40(3)
1687+ std 26, 48(3)
1688+ blr
1689+.size _p384_felem_reduce_core,.-_p384_felem_reduce_core
1690+
1691+.data
1692+.align 4
1693+.LConst:
1694+# two124m68:
1695+.long 0x0, 0x0, 0xfffffff0, 0xfffffff
1696+# two124m116m68:
1697+.long 0x0, 0x0, 0xfffffff0, 0xfefffff
1698+#two124p108m76:
1699+.long 0x0, 0x0, 0xfffff000, 0x10000fff
1700+#two124m92m68:
1701+.long 0x0, 0x0, 0xeffffff0, 0xfffffff
1702+
1703+.text
1704+
1705+#
1706+# void p384_felem_square_reduce(felem out, const felem in)
1707+#
1708+.global p384_felem_square_reduce
1709+.type p384_felem_square_reduce,\@function
1710+.align 4
1711+p384_felem_square_reduce:
1712+ stdu 1, -512(1)
1713+ mflr 0
1714+ std 14, 56(1)
1715+ std 15, 64(1)
1716+ std 16, 72(1)
1717+ std 17, 80(1)
1718+ std 18, 88(1)
1719+ std 19, 96(1)
1720+ std 20, 104(1)
1721+ std 21, 112(1)
1722+ std 22, 120(1)
1723+ std 23, 128(1)
1724+ std 24, 136(1)
1725+ std 25, 144(1)
1726+ std 26, 152(1)
1727+ std 27, 160(1)
1728+ std 28, 168(1)
1729+ std 29, 176(1)
1730+ std 30, 184(1)
1731+ std 31, 192(1)
1732+
1733+ std 3, 496(1)
1734+ addi 3, 1, 208
1735+ bl _p384_felem_square_core
1736+
1737+ mr 4, 3
1738+ ld 3, 496(1)
1739+ bl _p384_felem_reduce_core
1740+
1741+ ld 14, 56(1)
1742+ ld 15, 64(1)
1743+ ld 16, 72(1)
1744+ ld 17, 80(1)
1745+ ld 18, 88(1)
1746+ ld 19, 96(1)
1747+ ld 20, 104(1)
1748+ ld 21, 112(1)
1749+ ld 22, 120(1)
1750+ ld 23, 128(1)
1751+ ld 24, 136(1)
1752+ ld 25, 144(1)
1753+ ld 26, 152(1)
1754+ ld 27, 160(1)
1755+ ld 28, 168(1)
1756+ ld 29, 176(1)
1757+ ld 30, 184(1)
1758+ ld 31, 192(1)
1759+ addi 1, 1, 512
1760+ mtlr 0
1761+ blr
1762+.size p384_felem_square_reduce,.-p384_felem_square_reduce
1763+
1764+#
1765+# void p384_felem_mul_reduce(felem out, const felem in1, const felem in2)
1766+#
1767+.global p384_felem_mul_reduce
1768+.type p384_felem_mul_reduce,\@function
1769+.align 5
1770+p384_felem_mul_reduce:
1771+ stdu 1, -512(1)
1772+ mflr 0
1773+ std 14, 56(1)
1774+ std 15, 64(1)
1775+ std 16, 72(1)
1776+ std 17, 80(1)
1777+ std 18, 88(1)
1778+ std 19, 96(1)
1779+ std 20, 104(1)
1780+ std 21, 112(1)
1781+ std 22, 120(1)
1782+ std 23, 128(1)
1783+ std 24, 136(1)
1784+ std 25, 144(1)
1785+ std 26, 152(1)
1786+ std 27, 160(1)
1787+ std 28, 168(1)
1788+ std 29, 176(1)
1789+ std 30, 184(1)
1790+ std 31, 192(1)
1791+
1792+ std 3, 496(1)
1793+ addi 3, 1, 208
1794+ bl _p384_felem_mul_core
1795+
1796+ mr 4, 3
1797+ ld 3, 496(1)
1798+ bl _p384_felem_reduce_core
1799+
1800+ ld 14, 56(1)
1801+ ld 15, 64(1)
1802+ ld 16, 72(1)
1803+ ld 17, 80(1)
1804+ ld 18, 88(1)
1805+ ld 19, 96(1)
1806+ ld 20, 104(1)
1807+ ld 21, 112(1)
1808+ ld 22, 120(1)
1809+ ld 23, 128(1)
1810+ ld 24, 136(1)
1811+ ld 25, 144(1)
1812+ ld 26, 152(1)
1813+ ld 27, 160(1)
1814+ ld 28, 168(1)
1815+ ld 29, 176(1)
1816+ ld 30, 184(1)
1817+ ld 31, 192(1)
1818+ addi 1, 1, 512
1819+ mtlr 0
1820+ blr
1821+.size p384_felem_mul_reduce,.-p384_felem_mul_reduce
1822+___
1823
1824 $code =~ s/\`([^\`]*)\`/eval $1/gem;
1825 print $code;
1826diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
1827index 3fd7a40020..e0b5786bc1 100644
1828--- a/crypto/ec/ecp_nistp384.c
1829+++ b/crypto/ec/ecp_nistp384.c
1830@@ -252,6 +252,16 @@ static void felem_neg(felem out, const felem in)
1831 out[6] = two60m4 - in[6];
1832 }
1833
1834+#if defined(ECP_NISTP384_ASM)
1835+void p384_felem_diff64(felem out, const felem in);
1836+void p384_felem_diff128(widefelem out, const widefelem in);
1837+void p384_felem_diff_128_64(widefelem out, const felem in);
1838+
1839+# define felem_diff64 p384_felem_diff64
1840+# define felem_diff128 p384_felem_diff128
1841+# define felem_diff_128_64 p384_felem_diff_128_64
1842+
1843+#else
1844 /*-
1845 * felem_diff64 subtracts |in| from |out|
1846 * On entry:
1847@@ -369,6 +379,7 @@ static void felem_diff128(widefelem out, const widefelem in)
1848 for (i = 0; i < 2*NLIMBS-1; i++)
1849 out[i] -= in[i];
1850 }
1851+#endif /* ECP_NISTP384_ASM */
1852
1853 static void felem_square_ref(widefelem out, const felem in)
1854 {
1855@@ -503,7 +514,7 @@ static void felem_mul_ref(widefelem out, const felem in1, const felem in2)
1856 * [3]: Y = 2^48 (acc[6] >> 48)
1857 * (Where a | b | c | d = (2^56)^3 a + (2^56)^2 b + (2^56) c + d)
1858 */
1859-static void felem_reduce(felem out, const widefelem in)
1860+static void felem_reduce_ref(felem out, const widefelem in)
1861 {
1862 /*
1863 * In order to prevent underflow, we add a multiple of p before subtracting.
1864@@ -682,8 +693,11 @@ static void (*felem_square_p)(widefelem out, const felem in) =
1865 static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
1866 felem_mul_wrapper;
1867
1868+static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
1869+
1870 void p384_felem_square(widefelem out, const felem in);
1871 void p384_felem_mul(widefelem out, const felem in1, const felem in2);
1872+void p384_felem_reduce(felem out, const widefelem in);
1873
1874 # if defined(_ARCH_PPC64)
1875 # include "crypto/ppc_arch.h"
1876@@ -695,6 +709,7 @@ static void felem_select(void)
1877 if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
1878 felem_square_p = p384_felem_square;
1879 felem_mul_p = p384_felem_mul;
1880+ felem_reduce_p = p384_felem_reduce;
1881
1882 return;
1883 }
1884@@ -703,6 +718,7 @@ static void felem_select(void)
1885 /* Default */
1886 felem_square_p = felem_square_ref;
1887 felem_mul_p = felem_mul_ref;
1888+ felem_reduce_p = p384_felem_reduce;
1889 }
1890
1891 static void felem_square_wrapper(widefelem out, const felem in)
1892@@ -719,10 +735,17 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
1893
1894 # define felem_square felem_square_p
1895 # define felem_mul felem_mul_p
1896+# define felem_reduce felem_reduce_p
1897+
1898+void p384_felem_square_reduce(felem out, const felem in);
1899+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
1900+
1901+# define felem_square_reduce p384_felem_square_reduce
1902+# define felem_mul_reduce p384_felem_mul_reduce
1903 #else
1904 # define felem_square felem_square_ref
1905 # define felem_mul felem_mul_ref
1906-#endif
1907+# define felem_reduce felem_reduce_ref
1908
1909 static ossl_inline void felem_square_reduce(felem out, const felem in)
1910 {
1911@@ -739,6 +762,7 @@ static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem
1912 felem_mul(tmp, in1, in2);
1913 felem_reduce(out, tmp);
1914 }
1915+#endif
1916
1917 /*-
1918 * felem_inv calculates |out| = |in|^{-1}
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
new file mode 100644
index 0000000000..0659a9d6d9
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2025-27587-2.patch
@@ -0,0 +1,129 @@
1From 6b1646e472c9e8c08bb14066ba2a7c3eed45f84a Mon Sep 17 00:00:00 2001
2From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
3Date: Thu, 17 Apr 2025 08:51:53 -0500
4Subject: [PATCH] Fix P-384 curve on lower-than-P9 PPC64 targets
5
6The change adding an asm implementation of p384_felem_reduce incorrectly
7uses the accelerated version on both targets that support the intrinsics
8*and* targets that don't, instead of falling back to the generics on older
9targets. This results in crashes when trying to use P-384 on < Power9.
10
11Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com>
12Closes: #27350
13Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC")
14
15Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
16Reviewed-by: Tomas Mraz <tomas@openssl.org>
17(Merged from https://github.com/openssl/openssl/pull/27429)
18
19(cherry picked from commit 29864f2b0f1046177e8048a5b17440893d3f9425)
20
21CVE: CVE-2025-27587
22Upstream-Status: Backport [https://github.com/openssl/openssl/commit/6b1646e472c9e8c08bb14066ba2a7c3eed45f84a]
23Signed-off-by: Peter Marko <peter.marko@siemens.com>
24---
25 crypto/ec/ecp_nistp384.c | 54 ++++++++++++++++++++++++----------------
26 1 file changed, 33 insertions(+), 21 deletions(-)
27
28diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
29index e0b5786bc1..439b4d03a3 100644
30--- a/crypto/ec/ecp_nistp384.c
31+++ b/crypto/ec/ecp_nistp384.c
32@@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in)
33 out[i] = acc[i];
34 }
35
36+static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
37+{
38+ widefelem tmp;
39+
40+ felem_square_ref(tmp, in);
41+ felem_reduce_ref(out, tmp);
42+}
43+
44+static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
45+{
46+ widefelem tmp;
47+
48+ felem_mul_ref(tmp, in1, in2);
49+ felem_reduce_ref(out, tmp);
50+}
51+
52 #if defined(ECP_NISTP384_ASM)
53 static void felem_square_wrapper(widefelem out, const felem in);
54 static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
55@@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
56
57 static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
58
59+static void (*felem_square_reduce_p)(felem out, const felem in) =
60+ felem_square_reduce_ref;
61+static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
62+ felem_mul_reduce_ref;
63+
64 void p384_felem_square(widefelem out, const felem in);
65 void p384_felem_mul(widefelem out, const felem in1, const felem in2);
66 void p384_felem_reduce(felem out, const widefelem in);
67
68+void p384_felem_square_reduce(felem out, const felem in);
69+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
70+
71 # if defined(_ARCH_PPC64)
72 # include "crypto/ppc_arch.h"
73 # endif
74@@ -710,6 +734,8 @@ static void felem_select(void)
75 felem_square_p = p384_felem_square;
76 felem_mul_p = p384_felem_mul;
77 felem_reduce_p = p384_felem_reduce;
78+ felem_square_reduce_p = p384_felem_square_reduce;
79+ felem_mul_reduce_p = p384_felem_mul_reduce;
80
81 return;
82 }
83@@ -718,7 +744,9 @@ static void felem_select(void)
84 /* Default */
85 felem_square_p = felem_square_ref;
86 felem_mul_p = felem_mul_ref;
87- felem_reduce_p = p384_felem_reduce;
88+ felem_reduce_p = felem_reduce_ref;
89+ felem_square_reduce_p = felem_square_reduce_ref;
90+ felem_mul_reduce_p = felem_mul_reduce_ref;
91 }
92
93 static void felem_square_wrapper(widefelem out, const felem in)
94@@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
95 # define felem_mul felem_mul_p
96 # define felem_reduce felem_reduce_p
97
98-void p384_felem_square_reduce(felem out, const felem in);
99-void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
100-
101-# define felem_square_reduce p384_felem_square_reduce
102-# define felem_mul_reduce p384_felem_mul_reduce
103+# define felem_square_reduce felem_square_reduce_p
104+# define felem_mul_reduce felem_mul_reduce_p
105 #else
106 # define felem_square felem_square_ref
107 # define felem_mul felem_mul_ref
108 # define felem_reduce felem_reduce_ref
109
110-static ossl_inline void felem_square_reduce(felem out, const felem in)
111-{
112- widefelem tmp;
113-
114- felem_square(tmp, in);
115- felem_reduce(out, tmp);
116-}
117-
118-static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
119-{
120- widefelem tmp;
121-
122- felem_mul(tmp, in1, in2);
123- felem_reduce(out, tmp);
124-}
125+# define felem_square_reduce felem_square_reduce_ref
126+# define felem_mul_reduce felem_mul_reduce_ref
127 #endif
128
129 /*-
diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb
index d6bf32d989..fd98b32007 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.2.4.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.2.4.bb
@@ -13,6 +13,8 @@ SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op
13 file://0001-Configure-do-not-tweak-mips-cflags.patch \ 13 file://0001-Configure-do-not-tweak-mips-cflags.patch \
14 file://0001-Added-handshake-history-reporting-when-test-fails.patch \ 14 file://0001-Added-handshake-history-reporting-when-test-fails.patch \
15 file://CVE-2024-41996.patch \ 15 file://CVE-2024-41996.patch \
16 file://CVE-2025-27587-1.patch \
17 file://CVE-2025-27587-2.patch \
16 " 18 "
17 19
18SRC_URI:append:class-nativesdk = " \ 20SRC_URI:append:class-nativesdk = " \
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-04 16:51:04 +0000