[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Andy Polyakov]

The branch OpenSSL_1_0_2-stable has been updated
       via  0a59e2dc308e6d6a7078e6b3e4e714101a2db538 (commit)
      from  0945bfcb22f1df1d89e84973f175a620adab4f0d (commit)


- Log -----------------------------------------------------------------
commit 0a59e2dc308e6d6a7078e6b3e4e714101a2db538
Author: Andy Polyakov <appro at openssl.org>
Date:   Wed May 20 09:36:48 2015 +0200

    bn/asm/x86_64-mont5.pl: fix valgrind error.
    
    bn_get_bits5 was overstepping array boundary by 1 byte. It was exclusively
    read overstep and data could not have been used. The only potential problem
    would be if array happens to end on the very edge of last accesible page.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (cherry picked from commit 69567687b0b7ed67831c17a010f4d46dfd059aef)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/asm/x86_64-mont5.pl | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl
index fa22c30..820de3d 100755
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
@@ -3226,11 +3226,16 @@ $code.=<<___;
 .type	bn_get_bits5,\@abi-omnipotent
 .align	16
 bn_get_bits5:
-	mov	$inp,%r10
+	lea	0($inp),%r10
+	lea	1($inp),%r11
 	mov	$num,%ecx
-	shr	\$3,$num
-	movzw	(%r10,$num),%eax
-	and	\$7,%ecx
+	shr	\$4,$num
+	and	\$15,%ecx
+	lea	-8(%ecx),%eax
+	cmp	\$11,%ecx
+	cmova	%r11,%r10
+	cmova	%eax,%ecx
+	movzw	(%r10,$num,2),%eax
 	shrl	%cl,%eax
 	and	\$31,%eax
 	ret