Re: [openssl.org #2636] bug in ppc asm version of bn_mul_comba4

Andy Polyakov via RT Sat, 05 Nov 2011 03:18:10 -0700

> The ppc version of bn_mul_comba4 produces an incorrect result because
> one of the products added into r[5] is wrong. Instead of adding a[3]*b[2],
> a[3]*a[2] is added because r4 is used instead of r5:
> 
> diff -N -ru bad/crypto/bn/asm/ppc.pl good/crypto/bn/asm/ppc.pl
> --- bad/crypto/bn/asm/ppc.pl 2008-09-12 15:45:53.000000000 +0100
> +++ good/crypto/bn/asm/ppc.pl   2011-10-28 12:57:59.000000000 +0100
> @@ -949,7 +949,7 @@
>         addze   r11,r0
>                                         #mul_add_c(a[3],b[2],c3,c1,c2);
>         $LD     r6,`3*$BNSZ`(r4)
> -       $LD     r7,`2*$BNSZ`(r4)
> +       $LD     r7,`2*$BNSZ`(r5)
>         $UMULL  r8,r6,r7
>         $UMULH  r9,r6,r7
>         addc    r12,r8,r12


Isn't it amazing for how long can a bug go unnoticed? This one was
present in original submission from 2004. How did you find that
bn_mul_comba4 is broken?


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [email protected]

Re: [openssl.org #2636] bug in ppc asm version of bn_mul_comba4

Reply via email to