[openssl-dev] [openssl.org #4288] [BUG] Xmm7 register is cobbered in aesni_gcm_decrypt on win64
Erik Olofsson via RT
rt at openssl.org
Tue Feb 2 19:23:37 UTC 2016
For OpenSSL 1.0.2f
In crypto\modes\asm\aesni-gcm-x86_64.pl:
Registers are saved like this:
___
$code.=<<___ if ($win64);
lea -0xa8(%rsp),%rsp
movaps %xmm6,-0xd8(%rax)
movaps %xmm7,-0xc8(%rax)
movaps %xmm8,-0xb8(%rax)
movaps %xmm9,-0xa8(%rax)
movaps %xmm10,-0x98(%rax)
movaps %xmm11,-0x88(%rax)
movaps %xmm12,-0x78(%rax)
movaps %xmm13,-0x68(%rax)
movaps %xmm14,-0x58(%rax)
movaps %xmm15,-0x48(%rax)
.Lgcm_dec_body:
___
And restored like this:
$code.=<<___ if ($win64);
movaps -0xd8(%rax),%xmm6
movaps -0xd8(%rax),%xmm7
movaps -0xb8(%rax),%xmm8
movaps -0xa8(%rax),%xmm9
movaps -0x98(%rax),%xmm10
movaps -0x88(%rax),%xmm11
movaps -0x78(%rax),%xmm12
movaps -0x68(%rax),%xmm13
movaps -0x58(%rax),%xmm14
movaps -0x48(%rax),%xmm15
___
Notice that xmm6 register contents -0xd8(%rax) are used as source to restore both xmm6 and xmm7.
More information about the openssl-dev
mailing list