[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Thu Nov 10 10:41:21 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via 2a7dd548a6f5d6f7f84a89c98323b70a2822406e (commit)
via 9ebcbbba81eba52282df9ad8902f047e2d501f51 (commit)
from 3f7452e45a3c3ca4194edb0723f53465e0d788a1 (commit)
- Log -----------------------------------------------------------------
commit 2a7dd548a6f5d6f7f84a89c98323b70a2822406e
Author: Andy Polyakov <appro at openssl.org>
Date: Sun Nov 6 18:33:17 2016 +0100
bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (Low severity).
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 2fac86d9abeaa643677d1ffd0a139239fdf9406a)
commit 9ebcbbba81eba52282df9ad8902f047e2d501f51
Author: Andy Polyakov <appro at openssl.org>
Date: Sun Nov 6 18:31:14 2016 +0100
test/bntest.c: regression test for CVE-2016-7055.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit dca2e0ee1745ed2d9cba8c29f334f881a58f85dc)
-----------------------------------------------------------------------
Summary of changes:
crypto/bn/asm/x86_64-mont.pl | 5 ++---
test/bntest.c | 26 ++++++++++++++++++++++++++
2 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl
index 0451fef..df4cca5 100755
--- a/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/bn/asm/x86_64-mont.pl
@@ -1157,18 +1157,17 @@ $code.=<<___;
mulx 2*8($aptr),%r15,%r13 # ...
adox -3*8($tptr),%r11
adcx %r15,%r12
- adox $zero,%r12
+ adox -2*8($tptr),%r12
adcx $zero,%r13
+ adox $zero,%r13
mov $bptr,8(%rsp) # off-load &b[i]
- .byte 0x67
mov $mi,%r15
imulq 24(%rsp),$mi # "t[0]"*n0
xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0
mulx 3*8($aptr),%rax,%r14
mov $mi,%rdx
- adox -2*8($tptr),%r12
adcx %rax,%r13
adox -1*8($tptr),%r13
adcx $zero,%r14
diff --git a/test/bntest.c b/test/bntest.c
index 51b75d3..3af2b83 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -836,6 +836,32 @@ int test_mont(BIO *bp, BN_CTX *ctx)
return 0;
}
}
+
+ /* Regression test for carry bug in mulx4x_mont */
+ BN_hex2bn(&a,
+ "7878787878787878787878787878787878787878787878787878787878787878"
+ "7878787878787878787878787878787878787878787878787878787878787878"
+ "7878787878787878787878787878787878787878787878787878787878787878"
+ "7878787878787878787878787878787878787878787878787878787878787878");
+ BN_hex2bn(&b,
+ "095D72C08C097BA488C5E439C655A192EAFB6380073D8C2664668EDDB4060744"
+ "E16E57FB4EDB9AE10A0CEFCDC28A894F689A128379DB279D48A2E20849D68593"
+ "9B7803BCF46CEBF5C533FB0DD35B080593DE5472E3FE5DB951B8BFF9B4CB8F03"
+ "9CC638A5EE8CDD703719F8000E6A9F63BEED5F2FCD52FF293EA05A251BB4AB81");
+ BN_hex2bn(&n,
+ "D78AF684E71DB0C39CFF4E64FB9DB567132CB9C50CC98009FEB820B26F2DED9B"
+ "91B9B5E2B83AE0AE4EB4E0523CA726BFBE969B89FD754F674CE99118C3F2D1C5"
+ "D81FDC7C54E02B60262B241D53C040E99E45826ECA37A804668E690E1AFC1CA4"
+ "2C9A15D84D4954425F0B7642FC0BD9D7B24E2618D2DCC9B729D944BADACFDDAF");
+ BN_MONT_CTX_set(mont, n, ctx);
+ BN_mod_mul_montgomery(c, a, b, mont, ctx);
+ BN_mod_mul_montgomery(d, b, a, mont, ctx);
+ if (BN_cmp(c, d)) {
+ fprintf(stderr, "Montgomery multiplication test failed:"
+ " a*b != b*a.\n");
+ return 0;
+ }
+
BN_MONT_CTX_free(mont);
BN_free(a);
BN_free(b);
More information about the openssl-commits
mailing list