From 13e262cf287165162838f36e9c633b03249fc1e0 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Wed, 24 Jan 2024 15:24:28 +0000
Subject: [PATCH] Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386

This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6.
The code path is only reachable on machines without FXSR or PCLMUL.

ok jsing
---
 lib/libcrypto/modes/asm/ghash-x86.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/libcrypto/modes/asm/ghash-x86.pl b/lib/libcrypto/modes/asm/ghash-x86.pl
index 5e868a43ff2..47833582b61 100644
--- a/lib/libcrypto/modes/asm/ghash-x86.pl
+++ b/lib/libcrypto/modes/asm/ghash-x86.pl
@@ -714,7 +714,7 @@ sub mmx_loop() {
       }
 
 	&mov	(&LB($nlo),&LB($dat));
-	&mov	($dat,&DWP(528+$j,"esp"))		if (--$j%4==0);
+	&mov	($dat,&DWP(528+$j,"esp"))		if (--$j%4==0 && $j>=0);
 
 	&movd	($rem[0],$Zlo);
 	&movz	($rem[1],&LB($rem[1]))			if ($i>0);
-- 
2.20.1