]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/blob
projects / thirdparty / openembedded / openembedded-core-contrib.git / blob
? search:


125016a23aded7490a3e8bca0dd0ff24fa025c11
[thirdparty/openembedded/openembedded-core-contrib.git] /
1 From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001
2 From: Andy Polyakov <appro@openssl.org>
3 Date: Tue, 1 Dec 2015 09:00:32 +0100
4 Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug
5 (CVE-2015-3193).
6
7 Reviewed-by: Richard Levitte <levitte@openssl.org>
8 (cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
9
10 Upstream-Status: Backport
11
12 This patch was imported from
13 https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
14
15 Signed-off-by: Armin Kuster <akuster@mvista.com>
16
17 ---
18 crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++---
19 crypto/bn/bntest.c | 18 ++++++++++++++++++
20 2 files changed, 37 insertions(+), 3 deletions(-)
21
22 Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
23 ===================================================================
24 --- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl
25 +++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
26 @@ -1779,6 +1779,15 @@ sqr8x_reduction:
27 .align 32
28 .L8x_tail_done:
29 add (%rdx),%r8 # can this overflow?
30 + adc \$0,%r9
31 + adc \$0,%r10
32 + adc \$0,%r11
33 + adc \$0,%r12
34 + adc \$0,%r13
35 + adc \$0,%r14
36 + adc \$0,%r15 # can't overflow, because we
37 + # started with "overhung" part
38 + # of multiplication
39 xor %rax,%rax
40
41 neg $carry
42 @@ -3125,6 +3134,15 @@ sqrx8x_reduction:
43 .align 32
44 .Lsqrx8x_tail_done:
45 add 24+8(%rsp),%r8 # can this overflow?
46 + adc \$0,%r9
47 + adc \$0,%r10
48 + adc \$0,%r11
49 + adc \$0,%r12
50 + adc \$0,%r13
51 + adc \$0,%r14
52 + adc \$0,%r15 # can't overflow, because we
53 + # started with "overhung" part
54 + # of multiplication
55 mov $carry,%rax # xor %rax,%rax
56
57 sub 16+8(%rsp),$carry # mov 16(%rsp),%cf
58 @@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp");
59 my @ri=map("%r$_",(10..13));
60 my @ni=map("%r$_",(14..15));
61 $code.=<<___;
62 - xor %rbx,%rbx
63 + xor %ebx,%ebx
64 sub %r15,%rsi # compare top-most words
65 adc %rbx,%rbx
66 mov %rcx,%r10 # -$num
67 - .byte 0x67
68 or %rbx,%rax
69 - .byte 0x67
70 mov %rcx,%r9 # -$num
71 xor \$1,%rax
72 sar \$3+2,%rcx # cf=0
73 Index: openssl-1.0.2d/crypto/bn/bntest.c
74 ===================================================================
75 --- openssl-1.0.2d.orig/crypto/bn/bntest.c
76 +++ openssl-1.0.2d/crypto/bn/bntest.c
77 @@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp,
78 return 0;
79 }
80 }
81 +
82 + /* Regression test for carry propagation bug in sqr8x_reduction */
83 + BN_hex2bn(&a, "050505050505");
84 + BN_hex2bn(&b, "02");
85 + BN_hex2bn(&c,
86 + "4141414141414141414141274141414141414141414141414141414141414141"
87 + "4141414141414141414141414141414141414141414141414141414141414141"
88 + "4141414141414141414141800000000000000000000000000000000000000000"
89 + "0000000000000000000000000000000000000000000000000000000000000000"
90 + "0000000000000000000000000000000000000000000000000000000000000000"
91 + "0000000000000000000000000000000000000000000000000000000001");
92 + BN_mod_exp(d, a, b, c, ctx);
93 + BN_mul(e, a, a, ctx);
94 + if (BN_cmp(d, e)) {
95 + fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
96 + return 0;
97 + }
98 +
99 BN_free(a);
100 BN_free(b);
101 BN_free(c);
Mirror of git://git.openembedded.org/openembedded-core-contrib