The branch master has been updated via 2fac86d9abeaa643677d1ffd0a139239fdf9406a (commit) via dca2e0ee1745ed2d9cba8c29f334f881a58f85dc (commit) from dfbdf4abb7c62156f36925db95728142c4223225 (commit)
- Log ----------------------------------------------------------------- commit 2fac86d9abeaa643677d1ffd0a139239fdf9406a Author: Andy Polyakov <ap...@openssl.org> Date: Sun Nov 6 18:33:17 2016 +0100 bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity). Reviewed-by: Rich Salz <rs...@openssl.org> commit dca2e0ee1745ed2d9cba8c29f334f881a58f85dc Author: Andy Polyakov <ap...@openssl.org> Date: Sun Nov 6 18:31:14 2016 +0100 test/bntest.c: regression test for CVE-2016-7055. Reviewed-by: Rich Salz <rs...@openssl.org> ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/x86_64-mont.pl | 5 ++--- test/bntest.c | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index 0451fef..df4cca5 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -1157,18 +1157,17 @@ $code.=<<___; mulx 2*8($aptr),%r15,%r13 # ... adox -3*8($tptr),%r11 adcx %r15,%r12 - adox $zero,%r12 + adox -2*8($tptr),%r12 adcx $zero,%r13 + adox $zero,%r13 mov $bptr,8(%rsp) # off-load &b[i] - .byte 0x67 mov $mi,%r15 imulq 24(%rsp),$mi # "t[0]"*n0 xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0 mulx 3*8($aptr),%rax,%r14 mov $mi,%rdx - adox -2*8($tptr),%r12 adcx %rax,%r13 adox -1*8($tptr),%r13 adcx $zero,%r14 diff --git a/test/bntest.c b/test/bntest.c index 51b75d3..3af2b83 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -836,6 +836,32 @@ int test_mont(BIO *bp, BN_CTX *ctx) return 0; } } + + /* Regression test for carry bug in mulx4x_mont */ + BN_hex2bn(&a, + "7878787878787878787878787878787878787878787878787878787878787878" + "7878787878787878787878787878787878787878787878787878787878787878" + "7878787878787878787878787878787878787878787878787878787878787878" + "7878787878787878787878787878787878787878787878787878787878787878"); + BN_hex2bn(&b, + "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744" + "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593" + "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03" + "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81"); + BN_hex2bn(&n, + "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B" + "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5" + "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4" + "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF"); + BN_MONT_CTX_set(mont, n, ctx); + BN_mod_mul_montgomery(c, a, b, mont, ctx); + BN_mod_mul_montgomery(d, b, a, mont, ctx); + if (BN_cmp(c, d)) { + fprintf(stderr, "Montgomery multiplication test failed:" + " a*b != b*a.\n"); + return 0; + } + BN_MONT_CTX_free(mont); BN_free(a); BN_free(b); _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits