Commit 668a709a authored by Andy Polyakov's avatar Andy Polyakov Committed by Matt Caswell
Browse files

bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal. 



Credit to OSS-Fuzz for finding this.

CVE-2017-3736

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent bd6eba79

crypto/bn/asm/x86_64-mont5.pl

+10 −2
Original line number Original line Diff line number Diff line
@@ -3206,11 +3206,19 @@ $code.=<<___; 




.align	32

.align	32

.Lsqrx8x_break:

.Lsqrx8x_break:

	sub	16+8(%rsp),%r8		# consume last carry

	xor	$zero,$zero

	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf

	adcx	$zero,%r8

	mov	24+8(%rsp),$carry	# initial $tptr, borrow $carry

	mov	24+8(%rsp),$carry	# initial $tptr, borrow $carry

	adcx	$zero,%r9

	mov	0*8($aptr),%rdx		# a[8], modulo-scheduled

	mov	0*8($aptr),%rdx		# a[8], modulo-scheduled

	xor	%ebp,%ebp		# xor	$zero,$zero

	adc	\$0,%r10

	mov	%r8,0*8($tptr)

	mov	%r8,0*8($tptr)

	adc	\$0,%r11

	adc	\$0,%r12

	adc	\$0,%r13

	adc	\$0,%r14

	adc	\$0,%r15

	cmp	$carry,$tptr		# cf=0, of=0

	cmp	$carry,$tptr		# cf=0, of=0

	je	.Lsqrx8x_outer_loop

	je	.Lsqrx8x_outer_loop