> Changing the movzwl to movzbl in bn_get_bits5 eliminates the valgrind > error. But this isn't a valid fix since bn_get_bits5 no longer returns > the correct data. My assembly skills are near nil. Maybe someone else > can propose a valid fix. > > Having said this, this does show the problem appears to be due to the > movzwl reading past the end of the buffer by a byte.
Correct. > Given the data > allocated on the heap is likely surrounded by guard bytes, this is > likely a benign read outside the buffer. Correct. > But it should still be fixed. Test attached.
diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 69e81bf..aa96d43 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -3231,11 +3231,16 @@ $code.=<<___; .type bn_get_bits5,\@abi-omnipotent .align 16 bn_get_bits5: - mov $inp,%r10 + lea 0($inp),%r10 + lea 1($inp),%r11 mov $num,%ecx - shr \$3,$num - movzw (%r10,$num),%eax - and \$7,%ecx + shr \$4,$num + and \$15,%ecx + lea -8(%ecx),%eax + cmp \$11,%ecx + cmova %r11,%r10 + cmova %eax,%ecx + movzw (%r10,$num,2),%eax shrl %cl,%eax and \$31,%eax ret
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
