Fix uninitialized variables in rsaz-3k-avxifma & rsaz-4k-avxifma

assembler.

This looks like a block copy bug, the 2k file uses both fields but the
3k & 4K variants only pass acc0_0 to functions.

Reported and proposed fix supplied by pyca (@reaperhulk and @alex).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Mar 13 08:48:11 2026
(Merged from https://github.com/openssl/openssl/pull/30061)

diff --git a/crypto/bn/asm/rsaz-3k-avxifma.pl b/crypto/bn/asm/rsaz-3k-avxifma.pl
index a19cb5aaa309272214b6f96cb654ed1b3b78b17e..a3bc70c601d5ba4a1367e3136a814da9b8404585 100644 (file)
--- a/crypto/bn/asm/rsaz-3k-avxifma.pl
+++ b/crypto/bn/asm/rsaz-3k-avxifma.pl
@@ -87,8 +87,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
 my $mask52     = "%rax";
 my $acc0_0     = "%r9";
 my $acc0_0_low = "%r9d";
-my $acc0_1     = "%r15";
-my $acc0_1_low = "%r15d";
 my $b_ptr      = "%r11";
 
 my $iter = "%ebx";
@@ -741,7 +739,7 @@ $code.=<<___;
     vmovdqu   $R3_0,  `6*32`($res)
     vmovdqu   $R3_0h, `7*32`($res)
 
-    xorl    $acc0_1_low, $acc0_1_low
+    xorl    $acc0_0_low, $acc0_0_low
 
     lea    16($b_ptr), $b_ptr
     movq    \$0xfffffffffffff, $mask52       # 52-bit mask

diff --git a/crypto/bn/asm/rsaz-4k-avxifma.pl b/crypto/bn/asm/rsaz-4k-avxifma.pl
index f15e2d74118cb07a8e70ded27388bace2ed80d8e..d5ff62db0a2386464c251585cf33c475d24c9506 100644 (file)
--- a/crypto/bn/asm/rsaz-4k-avxifma.pl
+++ b/crypto/bn/asm/rsaz-4k-avxifma.pl
@@ -84,8 +84,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
 my $mask52     = "%rax";
 my $acc0_0     = "%r9";
 my $acc0_0_low = "%r9d";
-my $acc0_1     = "%r15";
-my $acc0_1_low = "%r15d";
 my $b_ptr      = "%r11";
 
 my $iter = "%ebx";
@@ -834,7 +832,7 @@ $code.=<<___;
     vmovdqu   $R4_0,  `8*32`($res)
     vmovdqu   $R4_0h, `9*32`($res)
 
-    xorl    $acc0_1_low, $acc0_1_low
+    xorl    $acc0_0_low, $acc0_0_low
 
     movq    \$0xfffffffffffff, $mask52