From: slontis <shane.lontis@oracle.com>
Date: Wed, 18 Feb 2026 03:12:59 +0000 (+1100)
Subject: Fix uninitialized variables in rsaz-3k-avxifma & rsaz-4k-avxifma
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f0de2ebb561521ffebd1d54899b8dfbbbc750cd2;p=thirdparty%2Fopenssl.git

Fix uninitialized variables in rsaz-3k-avxifma & rsaz-4k-avxifma
assembler.

This looks like a block copy bug, the 2k file uses both fields but the
3k & 4K variants only pass acc0_0 to functions.

Reported and proposed fix supplied by pyca (@reaperhulk and @alex).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Mar 13 08:48:11 2026
(Merged from https://github.com/openssl/openssl/pull/30061)
---

diff --git a/crypto/bn/asm/rsaz-3k-avxifma.pl b/crypto/bn/asm/rsaz-3k-avxifma.pl
index a19cb5aaa30..a3bc70c601d 100644
--- a/crypto/bn/asm/rsaz-3k-avxifma.pl
+++ b/crypto/bn/asm/rsaz-3k-avxifma.pl
@@ -87,8 +87,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
 my $mask52     = "%rax";
 my $acc0_0     = "%r9";
 my $acc0_0_low = "%r9d";
-my $acc0_1     = "%r15";
-my $acc0_1_low = "%r15d";
 my $b_ptr      = "%r11";
 
 my $iter = "%ebx";
@@ -741,7 +739,7 @@ $code.=<<___;
     vmovdqu   $R3_0,  `6*32`($res)
     vmovdqu   $R3_0h, `7*32`($res)
 
-    xorl    $acc0_1_low, $acc0_1_low
+    xorl    $acc0_0_low, $acc0_0_low
 
     lea    16($b_ptr), $b_ptr
     movq    \$0xfffffffffffff, $mask52       # 52-bit mask
diff --git a/crypto/bn/asm/rsaz-4k-avxifma.pl b/crypto/bn/asm/rsaz-4k-avxifma.pl
index f15e2d74118..d5ff62db0a2 100644
--- a/crypto/bn/asm/rsaz-4k-avxifma.pl
+++ b/crypto/bn/asm/rsaz-4k-avxifma.pl
@@ -84,8 +84,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
 my $mask52     = "%rax";
 my $acc0_0     = "%r9";
 my $acc0_0_low = "%r9d";
-my $acc0_1     = "%r15";
-my $acc0_1_low = "%r15d";
 my $b_ptr      = "%r11";
 
 my $iter = "%ebx";
@@ -834,7 +832,7 @@ $code.=<<___;
     vmovdqu   $R4_0,  `8*32`($res)
     vmovdqu   $R4_0h, `9*32`($res)
 
-    xorl    $acc0_1_low, $acc0_1_low
+    xorl    $acc0_0_low, $acc0_0_low
 
     movq    \$0xfffffffffffff, $mask52