Fix output constraints for bn_umul_hilo().

When bn_umul_hilo() is implemented using an instruction pair, mark the
first output with a constraint that prevents the output from overlapping
with the inputs ("&"). Otherwise the first instruction can overwrite the
inputs, which then results in the second instruction producing incorrect
value.

diff --git a/lib/libcrypto/bn/arch/aarch64/bn_arch.h b/lib/libcrypto/bn/arch/aarch64/bn_arch.h
index 5cf25ad..7592971 100644 (file)
--- a/lib/libcrypto/bn/arch/aarch64/bn_arch.h
+++ b/lib/libcrypto/bn/arch/aarch64/bn_arch.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: bn_arch.h,v 1.2 2023/01/31 05:53:49 jsing Exp $ */
+/*     $OpenBSD: bn_arch.h,v 1.3 2023/02/04 11:48:55 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -32,7 +32,7 @@ bn_umul_hilo(BN_ULONG a, BN_ULONG b, BN_ULONG *out_h, BN_ULONG *out_l)
 
        /* Unsigned multiplication using a umulh/mul pair. */
        __asm__ ("umulh %0, %2, %3; mul %1, %2, %3"
-           : "=r"(h), "=r"(l)
+           : "=&r"(h), "=r"(l)
            : "r"(a), "r"(b));
 
        *out_h = h;

diff --git a/lib/libcrypto/bn/arch/alpha/bn_arch.h b/lib/libcrypto/bn/arch/alpha/bn_arch.h
index 9bc0091..0f7c582 100644 (file)
--- a/lib/libcrypto/bn/arch/alpha/bn_arch.h
+++ b/lib/libcrypto/bn/arch/alpha/bn_arch.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: bn_arch.h,v 1.2 2023/01/31 05:57:08 jsing Exp $ */
+/*     $OpenBSD: bn_arch.h,v 1.3 2023/02/04 11:48:55 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -31,7 +31,7 @@ bn_umul_hilo(BN_ULONG a, BN_ULONG b, BN_ULONG *out_h, BN_ULONG *out_l)
 
        /* Unsigned multiplication using a umulh/mulq pair. */
        __asm__ ("umulh %2, %3, %0; mulq %2, %3, %1"
-           : "=r"(h), "=r"(l)
+           : "=&r"(h), "=r"(l)
            : "r"(a), "r"(b));
 
        *out_h = h;

diff --git a/lib/libcrypto/bn/arch/powerpc64/bn_arch.h b/lib/libcrypto/bn/arch/powerpc64/bn_arch.h
index 1b8bd61..92e16e9 100644 (file)
--- a/lib/libcrypto/bn/arch/powerpc64/bn_arch.h
+++ b/lib/libcrypto/bn/arch/powerpc64/bn_arch.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: bn_arch.h,v 1.2 2023/01/31 05:57:08 jsing Exp $ */
+/*     $OpenBSD: bn_arch.h,v 1.3 2023/02/04 11:48:55 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -31,7 +31,7 @@ bn_umul_hilo(BN_ULONG a, BN_ULONG b, BN_ULONG *out_h, BN_ULONG *out_l)
 
        /* Unsigned multiplication using a mulhdu/mul pair. */
        __asm__ ("mulhdu %0, %2, %3; mul %1, %2, %3"
-           : "=r"(h), "=r"(l)
+           : "=&r"(h), "=r"(l)
            : "r"(a), "r"(b));
 
        *out_h = h;

diff --git a/lib/libcrypto/bn/arch/riscv64/bn_arch.h b/lib/libcrypto/bn/arch/riscv64/bn_arch.h
index 1b4267a..36cf3a4 100644 (file)
--- a/lib/libcrypto/bn/arch/riscv64/bn_arch.h
+++ b/lib/libcrypto/bn/arch/riscv64/bn_arch.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: bn_arch.h,v 1.2 2023/01/31 05:57:08 jsing Exp $ */
+/*     $OpenBSD: bn_arch.h,v 1.3 2023/02/04 11:48:55 jsing Exp $ */
 /*
  * Copyright (c) 2023 Joel Sing <jsing@openbsd.org>
  *
@@ -35,7 +35,7 @@ bn_umul_hilo(BN_ULONG a, BN_ULONG b, BN_ULONG *out_h, BN_ULONG *out_l)
         * into a single operation.
         */
        __asm__ ("mulh %0, %2, %3; mul %1, %2, %3"
-           : "=r"(h), "=r"(l)
+           : "=&r"(h), "=r"(l)
            : "r"(a), "r"(b));
 
        *out_h = h;