diff options
| author | Andy Polyakov <appro@openssl.org> | 2017-08-17 21:08:57 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-11-02 11:05:15 +0000 |
| commit | 4443cf7aa0099e5ce615c18cee249fff77fb0871 (patch) | |
| tree | d3b8cfd39cc201031701dc6561da09a46114a33a /crypto | |
| parent | b701fa8340944c2a0481457f96e7f38b03180c24 (diff) | |
bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
Credit to OSS-Fuzz for finding this.
CVE-2017-3736
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
| -rwxr-xr-x | crypto/bn/asm/x86_64-mont5.pl | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 6807ab5cfe..5779059ea2 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -3099,11 +3099,19 @@ $code.=<<___; .align 32 .Lsqrx8x_break: - sub 16+8(%rsp),%r8 # consume last carry + xor $zero,$zero + sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf + adcx $zero,%r8 mov 24+8(%rsp),$carry # initial $tptr, borrow $carry + adcx $zero,%r9 mov 0*8($aptr),%rdx # a[8], modulo-scheduled - xor %ebp,%ebp # xor $zero,$zero + adc \$0,%r10 mov %r8,0*8($tptr) + adc \$0,%r11 + adc \$0,%r12 + adc \$0,%r13 + adc \$0,%r14 + adc \$0,%r15 cmp $carry,$tptr # cf=0, of=0 je .Lsqrx8x_outer_loop |