Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386

This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6.
The code path is only reachable on machines without FXSR or PCLMUL.

ok jsing

diff --git a/lib/libcrypto/modes/asm/ghash-x86.pl b/lib/libcrypto/modes/asm/ghash-x86.pl
index 5e868a4..4783358 100644 (file)
--- a/lib/libcrypto/modes/asm/ghash-x86.pl
+++ b/lib/libcrypto/modes/asm/ghash-x86.pl
@@ -714,7 +714,7 @@ sub mmx_loop() {
       }
 
        &mov    (&LB($nlo),&LB($dat));
-       &mov    ($dat,&DWP(528+$j,"esp"))               if (--$j%4==0);
+       &mov    ($dat,&DWP(528+$j,"esp"))               if (--$j%4==0 && $j>=0);
 
        &movd   ($rem[0],$Zlo);
        &movz   ($rem[1],&LB($rem[1]))                  if ($i>0);