Date: Wed, 14 Jan 2015 21:27:47 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r277195 - in releng: 10.0 10.0/crypto/openssl/crypto/asn1 10.0/crypto/openssl/crypto/bio 10.0/crypto/openssl/crypto/bn 10.0/crypto/openssl/crypto/bn/asm 10.0/crypto/openssl/crypto/dsa 1... Message-ID: <201501142127.t0ELRlvE021690@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Wed Jan 14 21:27:46 2015 New Revision: 277195 URL: https://svnweb.freebsd.org/changeset/base/277195 Log: Fix multiple vulnerabilities in OpenSSL. [SA-15:01] Approved by: so Modified: releng/10.0/UPDATING releng/10.0/crypto/openssl/crypto/asn1/a_bitstr.c releng/10.0/crypto/openssl/crypto/asn1/a_type.c releng/10.0/crypto/openssl/crypto/asn1/a_verify.c releng/10.0/crypto/openssl/crypto/asn1/asn1.h releng/10.0/crypto/openssl/crypto/asn1/asn1_err.c releng/10.0/crypto/openssl/crypto/asn1/x_algor.c releng/10.0/crypto/openssl/crypto/bio/bss_dgram.c releng/10.0/crypto/openssl/crypto/bn/asm/mips.pl releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-gcc.c releng/10.0/crypto/openssl/crypto/bn/bn_asm.c releng/10.0/crypto/openssl/crypto/bn/bntest.c releng/10.0/crypto/openssl/crypto/dsa/dsa_asn1.c releng/10.0/crypto/openssl/crypto/ecdsa/ecs_vrf.c releng/10.0/crypto/openssl/crypto/x509/x509.h releng/10.0/crypto/openssl/crypto/x509/x_all.c releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod releng/10.0/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod releng/10.0/crypto/openssl/ssl/d1_pkt.c releng/10.0/crypto/openssl/ssl/d1_srvr.c releng/10.0/crypto/openssl/ssl/s23_srvr.c releng/10.0/crypto/openssl/ssl/s3_clnt.c releng/10.0/crypto/openssl/ssl/s3_pkt.c releng/10.0/crypto/openssl/ssl/s3_srvr.c releng/10.0/crypto/openssl/ssl/ssl.h releng/10.0/crypto/openssl/ssl/ssl_lib.c releng/10.0/crypto/openssl/util/libeay.num releng/10.0/sys/conf/newvers.sh releng/10.1/UPDATING releng/10.1/crypto/openssl/crypto/asn1/a_bitstr.c releng/10.1/crypto/openssl/crypto/asn1/a_type.c releng/10.1/crypto/openssl/crypto/asn1/a_verify.c releng/10.1/crypto/openssl/crypto/asn1/asn1.h releng/10.1/crypto/openssl/crypto/asn1/asn1_err.c releng/10.1/crypto/openssl/crypto/asn1/x_algor.c releng/10.1/crypto/openssl/crypto/bio/bss_dgram.c releng/10.1/crypto/openssl/crypto/bn/asm/mips.pl releng/10.1/crypto/openssl/crypto/bn/asm/x86_64-gcc.c releng/10.1/crypto/openssl/crypto/bn/bn_asm.c releng/10.1/crypto/openssl/crypto/bn/bntest.c releng/10.1/crypto/openssl/crypto/dsa/dsa_asn1.c releng/10.1/crypto/openssl/crypto/ecdsa/ecs_vrf.c releng/10.1/crypto/openssl/crypto/x509/x509.h releng/10.1/crypto/openssl/crypto/x509/x_all.c releng/10.1/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod releng/10.1/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod releng/10.1/crypto/openssl/ssl/d1_pkt.c releng/10.1/crypto/openssl/ssl/d1_srvr.c releng/10.1/crypto/openssl/ssl/s23_srvr.c releng/10.1/crypto/openssl/ssl/s3_clnt.c releng/10.1/crypto/openssl/ssl/s3_pkt.c releng/10.1/crypto/openssl/ssl/s3_srvr.c releng/10.1/crypto/openssl/ssl/ssl.h releng/10.1/crypto/openssl/ssl/ssl_lib.c releng/10.1/crypto/openssl/util/libeay.num releng/10.1/sys/conf/newvers.sh releng/8.4/UPDATING releng/8.4/crypto/openssl/crypto/asn1/a_bitstr.c releng/8.4/crypto/openssl/crypto/asn1/a_type.c releng/8.4/crypto/openssl/crypto/asn1/a_verify.c releng/8.4/crypto/openssl/crypto/asn1/asn1.h releng/8.4/crypto/openssl/crypto/asn1/asn1_err.c releng/8.4/crypto/openssl/crypto/asn1/tasn_dec.c releng/8.4/crypto/openssl/crypto/asn1/x_algor.c releng/8.4/crypto/openssl/crypto/bn/asm/mips3.s releng/8.4/crypto/openssl/crypto/bn/asm/x86_64-gcc.c releng/8.4/crypto/openssl/crypto/bn/bn_asm.c releng/8.4/crypto/openssl/crypto/bn/bntest.c releng/8.4/crypto/openssl/crypto/dsa/dsa_asn1.c releng/8.4/crypto/openssl/crypto/ecdsa/ecs_vrf.c releng/8.4/crypto/openssl/crypto/x509/x509.h releng/8.4/crypto/openssl/crypto/x509/x_all.c releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod releng/8.4/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod releng/8.4/crypto/openssl/ssl/d1_pkt.c releng/8.4/crypto/openssl/ssl/d1_srvr.c releng/8.4/crypto/openssl/ssl/s23_srvr.c releng/8.4/crypto/openssl/ssl/s3_clnt.c releng/8.4/crypto/openssl/ssl/s3_pkt.c releng/8.4/crypto/openssl/ssl/s3_srvr.c releng/8.4/crypto/openssl/ssl/ssl.h releng/8.4/crypto/openssl/util/libeay.num releng/8.4/sys/conf/newvers.sh releng/9.3/UPDATING releng/9.3/crypto/openssl/crypto/asn1/a_bitstr.c releng/9.3/crypto/openssl/crypto/asn1/a_type.c releng/9.3/crypto/openssl/crypto/asn1/a_verify.c releng/9.3/crypto/openssl/crypto/asn1/asn1.h releng/9.3/crypto/openssl/crypto/asn1/asn1_err.c releng/9.3/crypto/openssl/crypto/asn1/tasn_dec.c releng/9.3/crypto/openssl/crypto/asn1/x_algor.c releng/9.3/crypto/openssl/crypto/bn/asm/mips3.s releng/9.3/crypto/openssl/crypto/bn/asm/x86_64-gcc.c releng/9.3/crypto/openssl/crypto/bn/bn_asm.c releng/9.3/crypto/openssl/crypto/bn/bntest.c releng/9.3/crypto/openssl/crypto/dsa/dsa_asn1.c releng/9.3/crypto/openssl/crypto/ecdsa/ecs_vrf.c releng/9.3/crypto/openssl/crypto/x509/x509.h releng/9.3/crypto/openssl/crypto/x509/x_all.c releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod releng/9.3/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod releng/9.3/crypto/openssl/ssl/d1_pkt.c releng/9.3/crypto/openssl/ssl/d1_srvr.c releng/9.3/crypto/openssl/ssl/s23_srvr.c releng/9.3/crypto/openssl/ssl/s3_clnt.c releng/9.3/crypto/openssl/ssl/s3_pkt.c releng/9.3/crypto/openssl/ssl/s3_srvr.c releng/9.3/crypto/openssl/ssl/ssl.h releng/9.3/crypto/openssl/util/libeay.num releng/9.3/sys/conf/newvers.sh Modified: releng/10.0/UPDATING ============================================================================== --- releng/10.0/UPDATING Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/UPDATING Wed Jan 14 21:27:46 2015 (r277195) @@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20150114: p16 FreeBSD-SA-15:01.openssl + Fix multiple vulnerabilities in OpenSSL. [SA-15:01] + 20141223: p15 FreeBSD-SA-14:31.ntp FreeBSD-EN-14:13.freebsd-update Modified: releng/10.0/crypto/openssl/crypto/asn1/a_bitstr.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/asn1/a_bitstr.c Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/asn1/a_bitstr.c Wed Jan 14 21:27:46 2015 (r277195) @@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN p= *pp; i= *(p++); + if (i > 7) + { + i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT; + goto err; + } /* We do this to preserve the settings. If we modify * the settings, via the _set_bit function, we will recalculate * on output */ ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ - ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ + ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */ if (len-- > 1) /* using one because of the bits left byte */ { Modified: releng/10.0/crypto/openssl/crypto/asn1/a_type.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/asn1/a_type.c Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/asn1/a_type.c Wed Jan 14 21:27:46 2015 (r277195) @@ -113,7 +113,7 @@ IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) /* Returns 0 if they are equal, != 0 otherwise. */ -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b) +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) { int result = -1; Modified: releng/10.0/crypto/openssl/crypto/asn1/a_verify.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/asn1/a_verify.c Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/asn1/a_verify.c Wed Jan 14 21:27:46 2015 (r277195) @@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_A ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } inl=i2d(data,NULL); buf_in=OPENSSL_malloc((unsigned int)inl); @@ -146,6 +152,12 @@ int ASN1_item_verify(const ASN1_ITEM *it return -1; } + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ Modified: releng/10.0/crypto/openssl/crypto/asn1/asn1.h ============================================================================== --- releng/10.0/crypto/openssl/crypto/asn1/asn1.h Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/asn1/asn1.h Wed Jan 14 21:27:46 2015 (r277195) @@ -776,7 +776,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); @@ -1329,6 +1329,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_ILLEGAL_TIME_VALUE 184 #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 #define ASN1_R_INVALID_MIME_TYPE 205 Modified: releng/10.0/crypto/openssl/crypto/asn1/asn1_err.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/asn1/asn1_err.c Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/asn1/asn1_err.c Wed Jan 14 21:27:46 2015 (r277195) @@ -246,6 +246,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"}, {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"}, {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, +{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"}, {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, {ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, Modified: releng/10.0/crypto/openssl/crypto/asn1/x_algor.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/asn1/x_algor.c Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/asn1/x_algor.c Wed Jan 14 21:27:46 2015 (r277195) @@ -142,3 +142,14 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); } + +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) + { + int rv; + rv = OBJ_cmp(a->algorithm, b->algorithm); + if (rv) + return rv; + if (!a->parameter && !b->parameter) + return 0; + return ASN1_TYPE_cmp(a->parameter, b->parameter); + } Modified: releng/10.0/crypto/openssl/crypto/bio/bss_dgram.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/bio/bss_dgram.c Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/bio/bss_dgram.c Wed Jan 14 21:27:46 2015 (r277195) @@ -982,7 +982,12 @@ static int dgram_sctp_free(BIO *a) return 0; data = (bio_dgram_sctp_data *)a->ptr; - if(data != NULL) OPENSSL_free(data); + if(data != NULL) + { + if(data->saved_message.data != NULL) + OPENSSL_free(data->saved_message.data); + OPENSSL_free(data); + } return(1); } @@ -1099,6 +1104,7 @@ static int dgram_sctp_read(BIO *b, char dgram_sctp_write(data->saved_message.bio, data->saved_message.data, data->saved_message.length); OPENSSL_free(data->saved_message.data); + data->saved_message.data = NULL; data->saved_message.length = 0; } @@ -1258,9 +1264,11 @@ static int dgram_sctp_write(BIO *b, cons if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { data->saved_message.bio = b; - data->saved_message.length = inl; + if (data->saved_message.data) + OPENSSL_free(data->saved_message.data); data->saved_message.data = OPENSSL_malloc(inl); memcpy(data->saved_message.data, in, inl); + data->saved_message.length = inl; return inl; } Modified: releng/10.0/crypto/openssl/crypto/bn/asm/mips.pl ============================================================================== --- releng/10.0/crypto/openssl/crypto/bn/asm/mips.pl Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/bn/asm/mips.pl Wed Jan 14 21:27:46 2015 (r277195) @@ -1874,6 +1874,41 @@ ___ ($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3); +sub add_c2 () { +my ($hi,$lo,$c0,$c1,$c2, + $warm, # !$warm denotes first call with specific sequence of + # $c_[XYZ] when there is no Z-carry to accumulate yet; + $an,$bn # these two are arguments for multiplication which + # result is used in *next* step [which is why it's + # commented as "forward multiplication" below]; + )=@_; +$code.=<<___; + mflo $lo + mfhi $hi + $ADDU $c0,$lo + sltu $at,$c0,$lo + $MULTU $an,$bn # forward multiplication + $ADDU $c0,$lo + $ADDU $at,$hi + sltu $lo,$c0,$lo + $ADDU $c1,$at + $ADDU $hi,$lo +___ +$code.=<<___ if (!$warm); + sltu $c2,$c1,$at + $ADDU $c1,$hi + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +$code.=<<___ if ($warm); + sltu $at,$c1,$at + $ADDU $c1,$hi + $ADDU $c2,$at + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +} + $code.=<<___; .align 5 @@ -1922,21 +1957,10 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -1947,67 +1971,19 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_2 # mul_add_c2(a[1],b[2],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_0 # mul_add_c2(a[4],b[0],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_0); # mul_add_c2(a[4],b[0],c2,c3,c1); +$code.=<<___; $ST $c_1,3*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2018,97 +1994,23 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_4 # mul_add_c2(a[1],b[4],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_2,$a_3 # mul_add_c2(a[2],b[3],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $MULTU $a_6,$a_0 # mul_add_c2(a[6],b[0],c1,c2,c3); - $ADDU $c_2,$at - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_4); # mul_add_c2(a[1],b[4],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_2,$a_3); # mul_add_c2(a[2],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_6,$a_0); # mul_add_c2(a[6],b[0],c1,c2,c3); +$code.=<<___; $ST $c_3,5*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_5,$a_1 # mul_add_c2(a[5],b[1],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_2 # mul_add_c2(a[4],b[2],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_5,$a_1); # mul_add_c2(a[5],b[1],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_2); # mul_add_c2(a[4],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_1,$t_1 @@ -2119,112 +2021,25 @@ $code.=<<___; sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,6*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_6 # mul_add_c2(a[1],b[6],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_2,$a_5 # mul_add_c2(a[2],b[5],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_3,$a_4 # mul_add_c2(a[3],b[4],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_7,$a_1 # mul_add_c2(a[7],b[1],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_1,$a_6); # mul_add_c2(a[1],b[6],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_5); # mul_add_c2(a[2],b[5],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_3,$a_4); # mul_add_c2(a[3],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_7,$a_1); # mul_add_c2(a[7],b[1],c3,c1,c2); +$code.=<<___; $ST $c_2,7*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_2 # mul_add_c2(a[6],b[2],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_5,$a_3 # mul_add_c2(a[5],b[3],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_4,$a_4 # mul_add_c(a[4],b[4],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_6,$a_2); # mul_add_c2(a[6],b[2],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_5,$a_3); # mul_add_c2(a[5],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_4,$a_4); # mul_add_c(a[4],b[4],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -2235,82 +2050,21 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,8*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_6 # mul_add_c2(a[3],b[6],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_5 # mul_add_c2(a[4],b[5],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_7,$a_3 # mul_add_c2(a[7],b[3],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_3,$a_6); # mul_add_c2(a[3],b[6],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_5); # mul_add_c2(a[4],b[5],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_7,$a_3); # mul_add_c2(a[7],b[3],c2,c3,c1); +$code.=<<___; $ST $c_1,9*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_4 # mul_add_c2(a[6],b[4],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_5,$a_5 # mul_add_c(a[5],b[5],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_6,$a_4); # mul_add_c2(a[6],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_5,$a_5); # mul_add_c(a[5],b[5],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2321,52 +2075,17 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,10*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_5,$a_6 # mul_add_c2(a[5],b[6],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_7,$a_5 # mul_add_c2(a[7],b[5],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_5,$a_6); # mul_add_c2(a[5],b[6],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_7,$a_5); # mul_add_c2(a[7],b[5],c1,c2,c3); +$code.=<<___; $ST $c_3,11*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_6 # mul_add_c(a[6],b[6],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_6,$a_6); # mul_add_c(a[6],b[6],c1,c2,c3); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_1,$t_1 @@ -2377,21 +2096,10 @@ $code.=<<___; sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,12*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_7,$a_7 # mul_add_c(a[7],b[7],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_7,$a_7); # mul_add_c(a[7],b[7],c3,c1,c2); +$code.=<<___; $ST $c_2,13*$BNSZ($a0) mflo $t_1 @@ -2459,21 +2167,10 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -2484,52 +2181,17 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_2 # mul_add_c(a2[1],b[2],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a2[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); +$code.=<<___; $ST $c_1,3*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2540,21 +2202,10 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; $ST $c_3,5*$BNSZ($a0) mflo $t_1 Modified: releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-gcc.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-gcc.c Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/bn/asm/x86_64-gcc.c Wed Jan 14 21:27:46 2015 (r277195) @@ -273,6 +273,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_UL /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ +/* + * Keep in mind that carrying into high part of multiplication result + * can not overflow, because it cannot be all-ones. + */ #if 0 /* original macros are kept for reference purposes */ #define mul_add_c(a,b,c0,c1,c2) { \ @@ -287,10 +291,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_UL BN_ULONG ta=(a),tb=(b),t0; \ t1 = BN_UMULT_HIGH(ta,tb); \ t0 = ta * tb; \ - t2 = t1+t1; c2 += (t2<t1)?1:0; \ - t1 = t0+t0; t2 += (t1<t0)?1:0; \ - c0 += t1; t2 += (c0<t1)?1:0; \ + c0 += t0; t2 = t1+((c0<t0)?1:0);\ c1 += t2; c2 += (c1<t2)?1:0; \ + c0 += t0; t1 += (c0<t0)?1:0; \ + c1 += t1; c2 += (c1<t1)?1:0; \ } #else #define mul_add_c(a,b,c0,c1,c2) do { \ @@ -328,22 +332,14 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_UL : "=a"(t1),"=d"(t2) \ : "a"(a),"m"(b) \ : "cc"); \ - asm ("addq %0,%0; adcq %2,%1" \ - : "+d"(t2),"+r"(c2) \ - : "g"(0) \ - : "cc"); \ - asm ("addq %0,%0; adcq %2,%1" \ - : "+a"(t1),"+d"(t2) \ - : "g"(0) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+r"(c0),"+d"(t2) \ - : "a"(t1),"g"(0) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+r"(c1),"+r"(c2) \ - : "d"(t2),"g"(0) \ - : "cc"); \ + asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \ + : "+r"(c0),"+r"(c1),"+r"(c2) \ + : "r"(t1),"r"(t2),"g"(0) \ + : "cc"); \ + asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \ + : "+r"(c0),"+r"(c1),"+r"(c2) \ + : "r"(t1),"r"(t2),"g"(0) \ + : "cc"); \ } while (0) #endif Modified: releng/10.0/crypto/openssl/crypto/bn/bn_asm.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/bn/bn_asm.c Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/bn/bn_asm.c Wed Jan 14 21:27:46 2015 (r277195) @@ -438,6 +438,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ +/* + * Keep in mind that carrying into high part of multiplication result + * can not overflow, because it cannot be all-ones. + */ #ifdef BN_LLONG #define mul_add_c(a,b,c0,c1,c2) \ t=(BN_ULLONG)a*b; \ @@ -478,10 +482,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const #define mul_add_c2(a,b,c0,c1,c2) { \ BN_ULONG ta=(a),tb=(b),t0; \ BN_UMULT_LOHI(t0,t1,ta,tb); \ - t2 = t1+t1; c2 += (t2<t1)?1:0; \ - t1 = t0+t0; t2 += (t1<t0)?1:0; \ - c0 += t1; t2 += (c0<t1)?1:0; \ + c0 += t0; t2 = t1+((c0<t0)?1:0);\ c1 += t2; c2 += (c1<t2)?1:0; \ + c0 += t0; t1 += (c0<t0)?1:0; \ + c1 += t1; c2 += (c1<t1)?1:0; \ } #define sqr_add_c(a,i,c0,c1,c2) { \ @@ -508,10 +512,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG ta=(a),tb=(b),t0; \ t1 = BN_UMULT_HIGH(ta,tb); \ t0 = ta * tb; \ - t2 = t1+t1; c2 += (t2<t1)?1:0; \ - t1 = t0+t0; t2 += (t1<t0)?1:0; \ - c0 += t1; t2 += (c0<t1)?1:0; \ + c0 += t0; t2 = t1+((c0<t0)?1:0);\ c1 += t2; c2 += (c1<t2)?1:0; \ + c0 += t0; t1 += (c0<t0)?1:0; \ + c1 += t1; c2 += (c1<t1)?1:0; \ } #define sqr_add_c(a,i,c0,c1,c2) { \ Modified: releng/10.0/crypto/openssl/crypto/bn/bntest.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/bn/bntest.c Wed Jan 14 21:23:46 2015 (r277194) +++ releng/10.0/crypto/openssl/crypto/bn/bntest.c Wed Jan 14 21:27:46 2015 (r277195) @@ -676,44 +676,98 @@ int test_mul(BIO *bp) int test_sqr(BIO *bp, BN_CTX *ctx) { - BIGNUM a,c,d,e; - int i; + BIGNUM *a,*c,*d,*e; + int i, ret = 0; - BN_init(&a); - BN_init(&c); - BN_init(&d); - BN_init(&e); + a = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); + if (a == NULL || c == NULL || d == NULL || e == NULL) + { + goto err; + } for (i=0; i<num0; i++) { - BN_bntest_rand(&a,40+i*10,0,0); - a.neg=rand_neg(); - BN_sqr(&c,&a,ctx); + BN_bntest_rand(a,40+i*10,0,0); + a->neg=rand_neg(); + BN_sqr(c,a,ctx); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," * "); - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_div(&d,&e,&c,&a,ctx); - BN_sub(&d,&d,&a); - if(!BN_is_zero(&d) || !BN_is_zero(&e)) - { *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501142127.t0ELRlvE021690>