From 7f2ee3522d90c61df2125e496fa1e9b549255d1e Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Thu, 10 Nov 2016 09:45:19 -0500 Subject: [PATCH] bn/asm/x86_64-mont.pl: fix for CVE-2016-7055 (not affected). (Imported from upstream's 2a7dd548a6f5d6f7f84a89c98323b70a2822406e and 9ebcbbba81eba52282df9ad8902f047e2d501f51.) This is only in the ADX assembly codepath which we do not enable. See $addx = 0 at the top of the file. Nonetheless, import the test vector and fix since we still have the code in there. Upstream's test vector only compares a*b against b*a. The expected answer was computed using Python. Change-Id: I3a21093978c5946d83f2d6f4f8399f69d78202cf Reviewed-on: https://boringssl-review.googlesource.com/12186 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/bn/asm/x86_64-mont.pl | 5 ++--- crypto/bn/bn_tests.txt | 12 ++++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl index 92933d47..60e0111a 100755 --- a/crypto/bn/asm/x86_64-mont.pl +++ b/crypto/bn/asm/x86_64-mont.pl @@ -1059,18 +1059,17 @@ $code.=<<___; mulx 2*8($aptr),%r15,%r13 # ... adox -3*8($tptr),%r11 adcx %r15,%r12 - adox $zero,%r12 + adox -2*8($tptr),%r12 adcx $zero,%r13 + adox $zero,%r13 mov $bptr,8(%rsp) # off-load &b[i] - .byte 0x67 mov $mi,%r15 imulq 24(%rsp),$mi # "t[0]"*n0 xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0 mulx 3*8($aptr),%rax,%r14 mov $mi,%rdx - adox -2*8($tptr),%r12 adcx %rax,%r13 adox -1*8($tptr),%r13 adcx $zero,%r14 diff --git a/crypto/bn/bn_tests.txt b/crypto/bn/bn_tests.txt index 8451fcf4..692a6429 100644 --- a/crypto/bn/bn_tests.txt +++ b/crypto/bn/bn_tests.txt @@ -9875,6 +9875,18 @@ A = 1c08cec52d96136fbd9078b7b8db36ab63b86e19dd3dba7b2e3190ff566180e89dfee9423fa4 B = a8b4bc9647d8df9b7c76cc6d0f2248cdbc41f5da9c061f9864aa8415c9557582cada456cf23cc32d47d1fc1caf19d36b398019aac4734e10f55ce3cad419e5e7 M = 7eacffe21f88413af94155a2a8e37f70a431a59653738afda04a1bec72d0d9ed +# Regression tests for CVE-2016-7055. + +ModMul = ccd6f75b5f24b7c5ce2ce755fa89c2450c6a7d96ce8c8791e659eab84577a7695e3b2caa7c980fb23f60634233e9798499c28b0338c1f1a326d0ca89fd41f2fd88b759f317889832966b551a950043ec7a4b6152d3e2cbfb40e88458e70ab783b96f12d271f828d5b39e198ccaf8665411d85026282dbead5d24cd01b6c8a8e9 +A = 7878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878 +B = 095d72c08c097ba488c5e439c655a192eafb6380073d8c2664668eddb4060744e16e57fb4edb9ae10a0cefcdc28a894f689a128379db279d48a2e20849d685939b7803bcf46cebf5c533fb0dd35b080593de5472e3fe5db951b8bff9b4cb8f039cc638a5ee8cdd703719f8000e6a9f63beed5f2fcd52ff293ea05a251bb4ab81 +M = d78af684e71db0c39cff4e64fb9db567132cb9c50cc98009feb820b26f2ded9b91b9b5e2b83ae0ae4eb4e0523ca726bfbe969b89fd754f674ce99118c3f2d1c5d81fdc7c54e02b60262b241d53c040e99e45826eca37a804668e690e1afc1ca42c9a15d84d4954425f0b7642fc0bd9d7b24e2618d2dcc9b729d944badacfddaf + +ModMul = ccd6f75b5f24b7c5ce2ce755fa89c2450c6a7d96ce8c8791e659eab84577a7695e3b2caa7c980fb23f60634233e9798499c28b0338c1f1a326d0ca89fd41f2fd88b759f317889832966b551a950043ec7a4b6152d3e2cbfb40e88458e70ab783b96f12d271f828d5b39e198ccaf8665411d85026282dbead5d24cd01b6c8a8e9 +A = 095d72c08c097ba488c5e439c655a192eafb6380073d8c2664668eddb4060744e16e57fb4edb9ae10a0cefcdc28a894f689a128379db279d48a2e20849d685939b7803bcf46cebf5c533fb0dd35b080593de5472e3fe5db951b8bff9b4cb8f039cc638a5ee8cdd703719f8000e6a9f63beed5f2fcd52ff293ea05a251bb4ab81 +B = 7878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878787878 +M = d78af684e71db0c39cff4e64fb9db567132cb9c50cc98009feb820b26f2ded9b91b9b5e2b83ae0ae4eb4e0523ca726bfbe969b89fd754f674ce99118c3f2d1c5d81fdc7c54e02b60262b241d53c040e99e45826eca37a804668e690e1afc1ca42c9a15d84d4954425f0b7642fc0bd9d7b24e2618d2dcc9b729d944badacfddaf + # ModExp tests. #