-
-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rsa: fix bn_reduce_once_in_place call for rsaz_mod_exp_avx512_x2 #18626
Conversation
bn_reduce_once_in_place expects the number of BN_ULONG, but factor_size is moduli bit size. Fixes openssl#18625. Signed-off-by: Xi Ruoyao <xry111@xry111.site>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this would be acceptable with CLA: trivial.
Or even better please submit a CLA according to https://www.openssl.org/policies/cla.html
I've sent a signed ICLA. |
Is there a test that should be added for this, or does the OpenSSL test suite already contain one that simply requires AVX-512 to reproduce? |
The later - there are multiple tests that would reproduce this but unfortunately no CI runner apparently supports AVX-512. |
Actually could be that some of the "random" test failures as in #18594 are caused by this bug. |
I compared this result with the result on my machine and they are almost same. So it looks like that the run was scheduled on a Skylake-SP (or newer model) server in Azure cloud :) |
Reopening for the CLA tag. |
ping for a second review |
Marking it also urgent because this most probably causes many of the CI broken runs seen recently. |
ping @openssl/committers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed urgent.
Merged. Thanks for this fix. |
Regarding tests, what we've done in BoringSSL to ensure CI coverage of our x86 assembly variants is run everything through Intel SDE. https://www.intel.com/content/www/us/en/developer/articles/tool/software-development-emulator.html It can simulate CPU models, filling in newer instructions missing on the host and enforcing the lack of various instructions on older CPUs. (Handy for making sure ia32cap checks are correct.) I expect that would have caught this without the flakiness of depending on what kind of CI host you happened to get. You may also be able to do something similar with QEMU, but I haven't looked into this. |
bn_reduce_once_in_place expects the number of BN_ULONG, but factor_size is moduli bit size. Fixes openssl#18625. Signed-off-by: Xi Ruoyao <xry111@xry111.site> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#18626)
bn_reduce_once_in_place expects the number of BN_ULONG, but factor_size
is moduli bit size.
Fixes #18625.