From a6094fe6841d0f71da644689c3784580f3bca61d Mon Sep 17 00:00:00 2001 From: Archana Ravindar Date: Tue, 18 Feb 2025 16:59:02 +0530 Subject: [PATCH 1/2] =?UTF-8?q?Backport=20of=20fix=20https://go-review.goo?= =?UTF-8?q?glesource.com/c/go/+/643735=20to=20G=E2=80=A6=20Fixes=20CVE-202?= =?UTF-8?q?5-22866?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...14-variable-time-fix-for-p256NegCond.patch | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 patches/014-variable-time-fix-for-p256NegCond.patch diff --git a/patches/014-variable-time-fix-for-p256NegCond.patch b/patches/014-variable-time-fix-for-p256NegCond.patch new file mode 100644 index 0000000000..8c6a93947a --- /dev/null +++ b/patches/014-variable-time-fix-for-p256NegCond.patch @@ -0,0 +1,71 @@ +From ed2c20d4bda037890348bc7cd6abd0bfe9aa34e8 Mon Sep 17 00:00:00 2001 +From: Archana Ravindar +Date: Tue, 18 Feb 2025 16:37:06 +0530 +Subject: [PATCH 1/1] backport of variable time fix for p256NegCond + +--- + src/crypto/internal/nistec/p256_asm_ppc64le.s | 22 +++++++++++++++---- + 1 file changed, 18 insertions(+), 4 deletions(-) + +diff --git a/src/crypto/internal/nistec/p256_asm_ppc64le.s b/src/crypto/internal/nistec/p256_asm_ppc64le.s +index 0593ef370f..ba1b6cd715 100644 +--- a/src/crypto/internal/nistec/p256_asm_ppc64le.s ++++ b/src/crypto/internal/nistec/p256_asm_ppc64le.s +@@ -124,14 +124,23 @@ GLOBL p256mul<>(SB), 8, $160 + #define PH V31 + + #define CAR1 V6 ++#define SEL V8 ++#define ZER V9 ++ ++ + // func p256NegCond(val *p256Point, cond int) + TEXT ·p256NegCond(SB), NOSPLIT, $0-16 + MOVD val+0(FP), P1ptr + MOVD $16, R16 + +- MOVD cond+8(FP), R6 +- CMP $0, R6 +- BC 12, 2, LR // just return if cond == 0 ++ // Copy cond into SEL (cond is R1 + 8 (cond offset) + 32) ++ MOVD $40, R17 ++ LXVDSX (R1)(R17), SEL ++ // Zeroize ZER ++ VSPLTISB $0, ZER ++ // SEL controls whether to return the original value (Y1H/Y1L) ++ // or the negated value (T1H/T1L). ++ VCMPEQUD SEL, ZER, SEL + + MOVD $p256mul<>+0x00(SB), CPOOL + +@@ -148,6 +157,9 @@ TEXT ·p256NegCond(SB), NOSPLIT, $0-16 + VSUBUQM PL, Y1L, T1L // subtract part2 giving result + VSUBEUQM PH, Y1H, CAR1, T1H // subtract part1 using carry from part2 + ++ VSEL T1H, Y1H, SEL, T1H ++ VSEL T1L, Y1L, SEL, T1L ++ + XXPERMDI T1H, T1H, $2, T1H + XXPERMDI T1L, T1L, $2, T1L + +@@ -164,6 +176,8 @@ TEXT ·p256NegCond(SB), NOSPLIT, $0-16 + #undef PL + #undef PH + #undef CAR1 ++#undef SEL ++#undef ZER + + #define P3ptr R3 + #define P1ptr R4 +@@ -1208,7 +1222,7 @@ sqrLoop: + BR sqrLoop + + done: +- MOVD $p256mul<>+0x00(SB), CPOOL ++ MOVD $p256mul<>+0x00(SB), CPOOL + + XXPERMDI T0, T0, $2, T0 + XXPERMDI T1, T1, $2, T1 +-- +2.47.1 + From ffb0c1417d1f7df8ae4f557ef12988f9cdf4c6f9 Mon Sep 17 00:00:00 2001 From: Archana Ravindar Date: Mon, 24 Feb 2025 21:37:55 +0530 Subject: [PATCH 2/2] renamed patch file to fix variable time p256NegCond code --- ...6NegCond.patch => 015-variable-time-fix-for-p256NegCond.patch} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename patches/{014-variable-time-fix-for-p256NegCond.patch => 015-variable-time-fix-for-p256NegCond.patch} (100%) diff --git a/patches/014-variable-time-fix-for-p256NegCond.patch b/patches/015-variable-time-fix-for-p256NegCond.patch similarity index 100% rename from patches/014-variable-time-fix-for-p256NegCond.patch rename to patches/015-variable-time-fix-for-p256NegCond.patch