Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.
CVE-2017-3732
Reviewed-by: Rich Salz <rsalz@openssl.org>
- Loading branch information
Showing
with
7 additions
and
9 deletions.
-
+7
−9
crypto/bn/asm/x86_64-mont5.pl
|
@@ -1934,17 +1934,16 @@ |
|
|
|
|
|
.align 32 |
|
|
.L8x_tail_done: |
|
|
xor %rax,%rax |
|
|
add (%rdx),%r8 # can this overflow? |
|
|
adc \$0,%r9 |
|
|
adc \$0,%r10 |
|
|
adc \$0,%r11 |
|
|
adc \$0,%r12 |
|
|
adc \$0,%r13 |
|
|
adc \$0,%r14 |
|
|
adc \$0,%r15 # can't overflow, because we |
|
|
# started with "overhung" part |
|
|
# of multiplication |
|
|
xor %rax,%rax |
|
|
adc \$0,%r15 |
|
|
adc \$0,%rax |
|
|
|
|
|
neg $carry |
|
|
.L8x_no_tail: |
|
@@ -3384,17 +3383,16 @@ |
|
|
|
|
|
.align 32 |
|
|
.Lsqrx8x_tail_done: |
|
|
xor %rax,%rax |
|
|
add 24+8(%rsp),%r8 # can this overflow? |
|
|
adc \$0,%r9 |
|
|
adc \$0,%r10 |
|
|
adc \$0,%r11 |
|
|
adc \$0,%r12 |
|
|
adc \$0,%r13 |
|
|
adc \$0,%r14 |
|
|
adc \$0,%r15 # can't overflow, because we |
|
|
# started with "overhung" part |
|
|
# of multiplication |
|
|
mov $carry,%rax # xor %rax,%rax |
|
|
adc \$0,%r15 |
|
|
adc \$0,%rax |
|
|
|
|
|
sub 16+8(%rsp),$carry # mov 16(%rsp),%cf |
|
|
.Lsqrx8x_no_tail: # %cf is 0 if jumped here |
|
@@ -3409,7 +3407,7 @@ |
|
|
adc 8*5($tptr),%r13 |
|
|
adc 8*6($tptr),%r14 |
|
|
adc 8*7($tptr),%r15 |
|
|
adc %rax,%rax # top-most carry |
|
|
adc \$0,%rax # top-most carry |
|
|
|
|
|
mov 32+8(%rsp),%rbx # n0 |
|
|
mov 8*8($tptr,%rcx),%rdx # modulo-scheduled "%r8" |
|
|