a14c93
From 38d600147331d36e74174ebbd4008b63188b321b Mon Sep 17 00:00:00 2001
a14c93
From: Andy Polyakov <appro@openssl.org>
a14c93
Date: Thu, 17 Aug 2017 21:08:57 +0200
a14c93
Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.
a14c93
a14c93
Credit to OSS-Fuzz for finding this.
a14c93
a14c93
CVE-2017-3736
a14c93
a14c93
Reviewed-by: Rich Salz <rsalz@openssl.org>
a14c93
---
a14c93
 crypto/bn/asm/x86_64-mont5.pl | 12 ++++++++++--
a14c93
 1 file changed, 10 insertions(+), 2 deletions(-)
a14c93
a14c93
diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
a14c93
index 3bb0cdf..42178e4 100755
a14c93
--- a/crypto/bn/asm/x86_64-mont5.pl
a14c93
+++ b/crypto/bn/asm/x86_64-mont5.pl
a14c93
@@ -3090,11 +3090,19 @@ $code.=<<___;
a14c93
 
a14c93
 .align	32
a14c93
 .Lsqrx8x_break:
a14c93
-	sub	16+8(%rsp),%r8		# consume last carry
a14c93
+	xor	$zero,$zero
a14c93
+	sub	16+8(%rsp),%rbx		# mov 16(%rsp),%cf
a14c93
+	adcx	$zero,%r8
a14c93
 	mov	24+8(%rsp),$carry	# initial $tptr, borrow $carry
a14c93
+	adcx	$zero,%r9
a14c93
 	mov	0*8($aptr),%rdx		# a[8], modulo-scheduled
a14c93
-	xor	%ebp,%ebp		# xor	$zero,$zero
a14c93
+	adc	\$0,%r10
a14c93
 	mov	%r8,0*8($tptr)
a14c93
+	adc	\$0,%r11
a14c93
+	adc	\$0,%r12
a14c93
+	adc	\$0,%r13
a14c93
+	adc	\$0,%r14
a14c93
+	adc	\$0,%r15
a14c93
 	cmp	$carry,$tptr		# cf=0, of=0
a14c93
 	je	.Lsqrx8x_outer_loop
a14c93
 
a14c93
-- 
a14c93
2.9.5
a14c93