From: tb <tb@openbsd.org>
Date: Wed, 24 Jan 2024 15:24:28 +0000 (+0000)
Subject: Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=13e262cf287165162838f36e9c633b03249fc1e0;p=openbsd

Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386

This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6.
The code path is only reachable on machines without FXSR or PCLMUL.

ok jsing
---

diff --git a/lib/libcrypto/modes/asm/ghash-x86.pl b/lib/libcrypto/modes/asm/ghash-x86.pl
index 5e868a43ff2..47833582b61 100644
--- a/lib/libcrypto/modes/asm/ghash-x86.pl
+++ b/lib/libcrypto/modes/asm/ghash-x86.pl
@@ -714,7 +714,7 @@ sub mmx_loop() {
       }
 
 	&mov	(&LB($nlo),&LB($dat));
-	&mov	($dat,&DWP(528+$j,"esp"))		if (--$j%4==0);
+	&mov	($dat,&DWP(528+$j,"esp"))		if (--$j%4==0 && $j>=0);
 
 	&movd	($rem[0],$Zlo);
 	&movz	($rem[1],&LB($rem[1]))			if ($i>0);