From: Andy Polyakov <appro@openssl.org>
Date: Fri, 8 Jun 2018 13:02:39 +0000 (+0200)
Subject: bn/asm/sparcv9-mont.pl: iron another glitch in squaring code path.
X-Git-Tag: OpenSSL_1_1_1-pre8~48
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f55ef97b5c0f8559f393b72ebd4b2de32ad6d231;p=thirdparty%2Fopenssl.git

bn/asm/sparcv9-mont.pl: iron another glitch in squaring code path.

This module is used only with odd input lengths, i.e. not used in normal
PKI cases, on contemporary processors. The problem was "illuminated" by
fuzzing tests.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6440)
---

diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl
index c0407b1b1bd..b41903af985 100644
--- a/crypto/bn/asm/sparcv9-mont.pl
+++ b/crypto/bn/asm/sparcv9-mont.pl
@@ -493,6 +493,9 @@ $code.=<<___;
 	mulx	$npj,$mul1,$acc1
 	add	$tpj,$car1,$car1
 	ld	[$np+$j],$npj			! np[j]
+	srlx	$car1,32,$tmp0
+	and	$car1,$mask,$car1
+	add	$tmp0,$sbit,$sbit
 	add	$acc0,$car1,$car1
 	ld	[$tp+8],$tpj			! tp[j]
 	add	$acc1,$car1,$car1