Hi, xmm6 and xmm7 registers are not correctly restored on bn_scatter5 return. The diff was generated using git HEAD.
I am using openssl-1.0.1e that contains the bug. On openssl git logs it appears the bug is present since the first commit when bn_scatter5 was implemented. regards, Oscar diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 508564f..9325737 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -1327,8 +1327,8 @@ $code.=<<___; jnz .Lgather ___ $code.=<<___ if ($win64); - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) + movaps (%rsp),%xmm6 + movaps 0x10(%rsp),%xmm7 lea 0x28(%rsp),%rsp ___ $code.=<<___; ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org