Permalink
Browse files
bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqr8x_internal.
CVE-2017-3732
Reviewed-by: Rich Salz <rsalz@openssl.org>
- Loading branch information...
Showing
with
7 additions
and
9 deletions.
-
+7
−9
crypto/bn/asm/x86_64-mont5.pl
|
|
@@ -1934,17 +1934,16 @@ |
|
|
|
|
|
.align 32
|
|
|
.L8x_tail_done:
|
|
|
xor %rax,%rax
|
|
|
add (%rdx),%r8 # can this overflow?
|
|
|
adc \$0,%r9
|
|
|
adc \$0,%r10
|
|
|
adc \$0,%r11
|
|
|
adc \$0,%r12
|
|
|
adc \$0,%r13
|
|
|
adc \$0,%r14
|
|
|
adc \$0,%r15 # can't overflow, because we
|
|
|
# started with "overhung" part
|
|
|
# of multiplication
|
|
|
xor %rax,%rax
|
|
|
adc \$0,%r15
|
|
|
adc \$0,%rax
|
|
|
|
|
|
neg $carry
|
|
|
.L8x_no_tail:
|
|
|
@@ -3384,17 +3383,16 @@ |
|
|
|
|
|
.align 32
|
|
|
.Lsqrx8x_tail_done:
|
|
|
xor %rax,%rax
|
|
|
add 24+8(%rsp),%r8 # can this overflow?
|
|
|
adc \$0,%r9
|
|
|
adc \$0,%r10
|
|
|
adc \$0,%r11
|
|
|
adc \$0,%r12
|
|
|
adc \$0,%r13
|
|
|
adc \$0,%r14
|
|
|
adc \$0,%r15 # can't overflow, because we
|
|
|
# started with "overhung" part
|
|
|
# of multiplication
|
|
|
mov $carry,%rax # xor %rax,%rax
|
|
|
adc \$0,%r15
|
|
|
adc \$0,%rax
|
|
|
|
|
|
sub 16+8(%rsp),$carry # mov 16(%rsp),%cf
|
|
|
.Lsqrx8x_no_tail: # %cf is 0 if jumped here
|
|
|
@@ -3409,7 +3407,7 @@ |
|
|
adc 8*5($tptr),%r13
|
|
|
adc 8*6($tptr),%r14
|
|
|
adc 8*7($tptr),%r15
|
|
|
adc %rax,%rax # top-most carry
|
|
|
adc \$0,%rax # top-most carry
|
|
|
|
|
|
mov 32+8(%rsp),%rbx # n0
|
|
|
mov 8*8($tptr,%rcx),%rdx # modulo-scheduled "%r8"
|
|
|
|
0 comments on commit
a59b90b