Module Name: src
Committed By: martin
Date: Wed Apr 18 13:51:36 UTC 2018
Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/asn1 [netbsd-8]: asn1.h
asn1_err.c tasn_dec.c
src/crypto/external/bsd/openssl/dist/crypto/bn/asm [netbsd-8]:
rsaz-avx2.pl x86_64-mont5.pl
src/crypto/external/bsd/openssl/dist/crypto/rsa [netbsd-8]: rsa_gen.c
src/crypto/external/bsd/openssl/dist/crypto/x509v3 [netbsd-8]:
v3_addr.c
src/crypto/external/bsd/openssl/dist/ssl [netbsd-8]: ssl.h
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64 [netbsd-8]:
rsaz-avx2.S x86_64-mont5.S
Log Message:
Apply upstream fixes for CVE-2017-3735, CVE-2017-3736, CVE-2017-3737,
CVE-2017-3738, CVE-2018-0737, CVE-2018-0739. Regen.
Requested by christos in ticket #774.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.6.1 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.8.1 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c
cvs rdiff -u -r1.6 -r1.6.6.1 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.8.1 \
src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.4.1 \
src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.4.1 \
src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c
cvs rdiff -u -r1.5 -r1.5.6.1 \
src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c
cvs rdiff -u -r1.16 -r1.16.6.1 src/crypto/external/bsd/openssl/dist/ssl/ssl.h
cvs rdiff -u -r1.2 -r1.2.6.1 \
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S
cvs rdiff -u -r1.5 -r1.5.4.1 \
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h
diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2 src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2.6.1
--- src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2 Fri Oct 14 16:23:18 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h Wed Apr 18 13:51:35 2018
@@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_MSTRING_NOT_UNIVERSAL 139
# define ASN1_R_MSTRING_WRONG_TAG 140
# define ASN1_R_NESTED_ASN1_STRING 197
+# define ASN1_R_NESTED_TOO_DEEP 219
# define ASN1_R_NON_HEX_CHARACTERS 141
# define ASN1_R_NOT_ASCII_FORMAT 190
# define ASN1_R_NOT_ENOUGH_DATA 142
Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7 src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7.8.1
--- src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7 Mon Mar 23 08:28:38 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c Wed Apr 18 13:51:35 2018
@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
{ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
+ {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6 src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6.6.1
--- src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6 Fri Oct 14 16:23:18 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c Wed Apr 18 13:51:35 2018
@@ -65,6 +65,14 @@
#include <openssl/buffer.h>
#include <openssl/err.h>
+/*
+ * Constructed types with a recursive definition (such as can be found in PKCS7)
+ * could eventually exceed the stack given malicious input with excessive
+ * recursion. Therefore we limit the stack depth. This is the maximum number of
+ * recursive invocations of asn1_item_embed_d2i().
+ */
+#define ASN1_MAX_CONSTRUCTED_NEST 30
+
static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf);
@@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, i
static int asn1_template_ex_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx);
+ ASN1_TLC *ctx, int depth);
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx);
+ ASN1_TLC *ctx, int depth);
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
{
ASN1_TLC c;
asn1_tlc_clear_nc(&c);
- return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0);
}
/*
* Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
* tag mismatch return -1 to handle OPTIONAL
*/
-
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
- const ASN1_ITEM *it,
- int tag, int aclass, char opt, ASN1_TLC *ctx)
+static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
+ long len, const ASN1_ITEM *it, int tag, int aclass,
+ char opt, ASN1_TLC *ctx, int depth)
{
const ASN1_TEMPLATE *tt, *errtt = NULL;
const ASN1_COMPAT_FUNCS *cf;
@@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
else
asn1_cb = 0;
+ if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP);
+ goto err;
+ }
+
switch (it->itype) {
case ASN1_ITYPE_PRIMITIVE:
if (it->templates) {
@@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
goto err;
}
return asn1_template_ex_d2i(pval, in, len,
- it->templates, opt, ctx);
+ it->templates, opt, ctx, depth);
}
return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx);
@@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
/*
* We mark field as OPTIONAL so its absence can be recognised.
*/
- ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
/* If field not present, try the next one */
if (ret == -1)
continue;
@@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
* attempt to read in field, allowing each to be OPTIONAL
*/
- ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
+ depth);
if (!ret) {
errtt = seqtt;
goto err;
@@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
return 0;
}
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+ return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
+}
+
/*
* Templates are handled with two separate functions. One handles any
* EXPLICIT tag and the other handles the rest.
@@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval,
static int asn1_template_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long inlen,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx)
+ ASN1_TLC *ctx, int depth)
{
int flags, aclass;
int ret;
@@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VAL
return 0;
}
/* We've found the field so it can't be OPTIONAL now */
- ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
return 0;
@@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VAL
}
}
} else
- return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+ return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
*in = p;
return 1;
@@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VAL
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx)
+ ASN1_TLC *ctx, int depth)
{
int flags, aclass;
int ret;
@@ -665,8 +685,8 @@ static int asn1_template_noexp_d2i(ASN1_
break;
}
skfield = NULL;
- if (!ASN1_item_ex_d2i(&skfield, &p, len,
- ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+ if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
+ -1, 0, 0, ctx, depth)) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);
goto err;
@@ -683,9 +703,8 @@ static int asn1_template_noexp_d2i(ASN1_
}
} else if (flags & ASN1_TFLG_IMPTAG) {
/* IMPLICIT tagging */
- ret = ASN1_item_ex_d2i(val, &p, len,
- ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
- ctx);
+ ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
+ aclass, opt, ctx, depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
@@ -693,8 +712,9 @@ static int asn1_template_noexp_d2i(ASN1_
return -1;
} else {
/* Nothing special */
- ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
- -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
+ ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
+ depth);
if (!ret) {
ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
goto err;
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl:1.1.1.1 src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl:1.1.1.1.8.1
--- src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl:1.1.1.1 Fri Oct 14 16:03:22 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl Wed Apr 18 13:51:35 2018
@@ -239,7 +239,7 @@ $code.=<<___;
vmovdqu 32*8-128($ap), $ACC8
lea 192(%rsp), $tp0 # 64+128=192
- vpbroadcastq .Land_mask(%rip), $AND_MASK
+ vmovdqu .Land_mask(%rip), $AND_MASK
jmp .LOOP_GRANDE_SQR_1024
.align 32
@@ -1070,10 +1070,10 @@ $code.=<<___;
vpmuludq 32*6-128($np),$Yi,$TEMP1
vpaddq $TEMP1,$ACC6,$ACC6
vpmuludq 32*7-128($np),$Yi,$TEMP2
- vpblendd \$3, $ZERO, $ACC9, $ACC9 # correct $ACC3
+ vpblendd \$3, $ZERO, $ACC9, $TEMP1 # correct $ACC3
vpaddq $TEMP2,$ACC7,$ACC7
vpmuludq 32*8-128($np),$Yi,$TEMP0
- vpaddq $ACC9, $ACC3, $ACC3 # correct $ACC3
+ vpaddq $TEMP1, $ACC3, $ACC3 # correct $ACC3
vpaddq $TEMP0,$ACC8,$ACC8
mov %rbx, %rax
@@ -1086,7 +1086,9 @@ $code.=<<___;
vmovdqu -8+32*2-128($ap),$TEMP2
mov $r1, %rax
+ vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct $ACC3
imull $n0, %eax
+ vpaddq $ACC9,$ACC4,$ACC4 # correct $ACC3
and \$0x1fffffff, %eax
imulq 16-128($ap),%rbx
@@ -1322,15 +1324,12 @@ ___
# But as we underutilize resources, it's possible to correct in
# each iteration with marginal performance loss. But then, as
# we do it in each iteration, we can correct less digits, and
-# avoid performance penalties completely. Also note that we
-# correct only three digits out of four. This works because
-# most significant digit is subjected to less additions.
+# avoid performance penalties completely.
$TEMP0 = $ACC9;
$TEMP3 = $Bi;
$TEMP4 = $Yi;
$code.=<<___;
- vpermq \$0, $AND_MASK, $AND_MASK
vpaddq (%rsp), $TEMP1, $ACC0
vpsrlq \$29, $ACC0, $TEMP1
@@ -1763,7 +1762,7 @@ $code.=<<___;
.align 64
.Land_mask:
- .quad 0x1fffffff,0x1fffffff,0x1fffffff,-1
+ .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
.Lscatter_permd:
.long 0,2,4,6,7,7,7,7
.Lgather_permd:
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl:1.1.1.7 src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl:1.1.1.7.4.1
--- src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl:1.1.1.7 Fri Jan 27 22:55:23 2017
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl Wed Apr 18 13:51:35 2018
@@ -3090,11 +3090,19 @@ $code.=<<___;
.align 32
.Lsqrx8x_break:
- sub 16+8(%rsp),%r8 # consume last carry
+ xor $zero,$zero
+ sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf
+ adcx $zero,%r8
mov 24+8(%rsp),$carry # initial $tptr, borrow $carry
+ adcx $zero,%r9
mov 0*8($aptr),%rdx # a[8], modulo-scheduled
- xor %ebp,%ebp # xor $zero,$zero
+ adc \$0,%r10
mov %r8,0*8($tptr)
+ adc \$0,%r11
+ adc \$0,%r12
+ adc \$0,%r13
+ adc \$0,%r14
+ adc \$0,%r15
cmp $carry,$tptr # cf=0, of=0
je .Lsqrx8x_outer_loop
Index: src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c:1.1.1.6 src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c:1.1.1.6.4.1
--- src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c:1.1.1.6 Fri Jan 27 22:56:46 2017
+++ src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c Wed Apr 18 13:51:35 2018
@@ -146,6 +146,9 @@ static int rsa_builtin_keygen(RSA *rsa,
goto err;
/* generate p and q */
+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
+ BN_set_flags(r2, BN_FLG_CONSTTIME);
for (;;) {
if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
goto err;
Index: src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c:1.5 src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c:1.5.6.1
--- src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c:1.5 Fri Oct 14 16:23:21 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c Wed Apr 18 13:51:35 2018
@@ -130,10 +130,12 @@ static int length_from_afi(const unsigne
*/
unsigned int v3_addr_get_afi(const IPAddressFamily *f)
{
- return ((f != NULL &&
- f->addressFamily != NULL && f->addressFamily->data != NULL)
- ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
- : 0);
+ if (f == NULL
+ || f->addressFamily == NULL
+ || f->addressFamily->data == NULL
+ || f->addressFamily->length < 2)
+ return 0;
+ return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
}
/*
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl.h
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl.h:1.16 src/crypto/external/bsd/openssl/dist/ssl/ssl.h:1.16.6.1
--- src/crypto/external/bsd/openssl/dist/ssl/ssl.h:1.16 Fri Oct 14 16:23:22 2016
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl.h Wed Apr 18 13:51:36 2018
@@ -1727,7 +1727,7 @@ extern "C" {
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR 0x05
+# define SSL_ST_ERR (0x05|SSL_ST_INIT)
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S
diff -u src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S:1.2 src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S:1.2.6.1
--- src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S:1.2 Sun Jan 8 01:59:43 2017
+++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S Wed Apr 18 13:51:36 2018
@@ -67,7 +67,7 @@ rsaz_1024_sqr_avx2:
vmovdqu 256-128(%rsi),%ymm8
leaq 192(%rsp),%rbx
- vpbroadcastq .Land_mask(%rip),%ymm15
+ vmovdqu .Land_mask(%rip),%ymm15
jmp .LOOP_GRANDE_SQR_1024
.align 32
@@ -800,10 +800,10 @@ rsaz_1024_mul_avx2:
vpmuludq 192-128(%rcx),%ymm11,%ymm12
vpaddq %ymm12,%ymm6,%ymm6
vpmuludq 224-128(%rcx),%ymm11,%ymm13
- vpblendd $3,%ymm14,%ymm9,%ymm9
+ vpblendd $3,%ymm14,%ymm9,%ymm12
vpaddq %ymm13,%ymm7,%ymm7
vpmuludq 256-128(%rcx),%ymm11,%ymm0
- vpaddq %ymm9,%ymm3,%ymm3
+ vpaddq %ymm12,%ymm3,%ymm3
vpaddq %ymm0,%ymm8,%ymm8
movq %rbx,%rax
@@ -816,7 +816,9 @@ rsaz_1024_mul_avx2:
vmovdqu -8+64-128(%rsi),%ymm13
movq %r10,%rax
+ vpblendd $0xfc,%ymm14,%ymm9,%ymm9
imull %r8d,%eax
+ vpaddq %ymm9,%ymm4,%ymm4
andl $0x1fffffff,%eax
imulq 16-128(%rsi),%rbx
@@ -1045,7 +1047,6 @@ rsaz_1024_mul_avx2:
decl %r14d
jnz .Loop_mul_1024
- vpermq $0,%ymm15,%ymm15
vpaddq (%rsp),%ymm12,%ymm0
vpsrlq $29,%ymm0,%ymm12
@@ -1685,7 +1686,7 @@ rsaz_avx2_eligible:
.align 64
.Land_mask:
-.quad 0x1fffffff,0x1fffffff,0x1fffffff,-1
+.quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
.Lscatter_permd:
.long 0,2,4,6,7,7,7,7
.Lgather_permd:
Index: src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S
diff -u src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S:1.5 src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S:1.5.4.1
--- src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S:1.5 Fri Jan 27 23:00:46 2017
+++ src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S Wed Apr 18 13:51:36 2018
@@ -3076,11 +3076,19 @@ __bn_sqrx8x_internal:
.align 32
.Lsqrx8x_break:
- subq 16+8(%rsp),%r8
+ xorq %rbp,%rbp
+ subq 16+8(%rsp),%rbx
+ adcxq %rbp,%r8
movq 24+8(%rsp),%rcx
+ adcxq %rbp,%r9
movq 0(%rsi),%rdx
- xorl %ebp,%ebp
+ adcq $0,%r10
movq %r8,0(%rdi)
+ adcq $0,%r11
+ adcq $0,%r12
+ adcq $0,%r13
+ adcq $0,%r14
+ adcq $0,%r15
cmpq %rcx,%rdi
je .Lsqrx8x_outer_loop
