[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Thu Nov 10 10:41:21 UTC 2016


The branch OpenSSL_1_1_0-stable has been updated
       via  2a7dd548a6f5d6f7f84a89c98323b70a2822406e (commit)
       via  9ebcbbba81eba52282df9ad8902f047e2d501f51 (commit)
      from  3f7452e45a3c3ca4194edb0723f53465e0d788a1 (commit)


- Log -----------------------------------------------------------------
commit 2a7dd548a6f5d6f7f84a89c98323b70a2822406e
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Nov 6 18:33:17 2016 +0100

    bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity).
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 2fac86d9abeaa643677d1ffd0a139239fdf9406a)

commit 9ebcbbba81eba52282df9ad8902f047e2d501f51
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Nov 6 18:31:14 2016 +0100

    test/bntest.c: regression test for CVE-2016-7055.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit dca2e0ee1745ed2d9cba8c29f334f881a58f85dc)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bn/asm/x86_64-mont.pl |  5 ++---
 test/bntest.c                | 26 ++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl
index 0451fef..df4cca5 100755
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@@ -1157,18 +1157,17 @@ $code.=<<___;
 	mulx	2*8($aptr),%r15,%r13	# ...
 	adox	-3*8($tptr),%r11
 	adcx	%r15,%r12
-	adox	$zero,%r12
+	adox	-2*8($tptr),%r12
 	adcx	$zero,%r13
+	adox	$zero,%r13
 
 	mov	$bptr,8(%rsp)		# off-load &b[i]
-	.byte	0x67
 	mov	$mi,%r15
 	imulq	24(%rsp),$mi		# "t[0]"*n0
 	xor	%ebp,%ebp		# xor	$zero,$zero	# cf=0, of=0
 
 	mulx	3*8($aptr),%rax,%r14
 	 mov	$mi,%rdx
-	adox	-2*8($tptr),%r12
 	adcx	%rax,%r13
 	adox	-1*8($tptr),%r13
 	adcx	$zero,%r14
diff --git a/test/bntest.c b/test/bntest.c
index 51b75d3..3af2b83 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -836,6 +836,32 @@ int test_mont(BIO *bp, BN_CTX *ctx)
             return 0;
         }
     }
+
+    /* Regression test for carry bug in mulx4x_mont */
+    BN_hex2bn(&a,
+        "7878787878787878787878787878787878787878787878787878787878787878"
+        "7878787878787878787878787878787878787878787878787878787878787878"
+        "7878787878787878787878787878787878787878787878787878787878787878"
+        "7878787878787878787878787878787878787878787878787878787878787878");
+    BN_hex2bn(&b,
+        "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744"
+        "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593"
+        "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03"
+        "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81");
+    BN_hex2bn(&n,
+        "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B"
+        "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5"
+        "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4"
+        "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF");
+    BN_MONT_CTX_set(mont, n, ctx);
+    BN_mod_mul_montgomery(c, a, b, mont, ctx);
+    BN_mod_mul_montgomery(d, b, a, mont, ctx);
+    if (BN_cmp(c, d)) {
+        fprintf(stderr, "Montgomery multiplication test failed:"
+                        " a*b != b*a.\n");
+        return 0;
+    }
+
     BN_MONT_CTX_free(mont);
     BN_free(a);
     BN_free(b);


More information about the openssl-commits mailing list