From afb7f053dfcd58a018767b56b365689890c70d59 Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 4 Feb 2023 11:48:55 +0000 Subject: [PATCH] Fix output constraints for bn_umul_hilo(). When bn_umul_hilo() is implemented using an instruction pair, mark the first output with a constraint that prevents the output from overlapping with the inputs ("&"). Otherwise the first instruction can overwrite the inputs, which then results in the second instruction producing incorrect value. --- lib/libcrypto/bn/arch/aarch64/bn_arch.h | 4 ++-- lib/libcrypto/bn/arch/alpha/bn_arch.h | 4 ++-- lib/libcrypto/bn/arch/powerpc64/bn_arch.h | 4 ++-- lib/libcrypto/bn/arch/riscv64/bn_arch.h | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/libcrypto/bn/arch/aarch64/bn_arch.h b/lib/libcrypto/bn/arch/aarch64/bn_arch.h index 5cf25adc489..7592971dc07 100644 --- a/lib/libcrypto/bn/arch/aarch64/bn_arch.h +++ b/lib/libcrypto/bn/arch/aarch64/bn_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_arch.h,v 1.2 2023/01/31 05:53:49 jsing Exp $ */ +/* $OpenBSD: bn_arch.h,v 1.3 2023/02/04 11:48:55 jsing Exp $ */ /* * Copyright (c) 2023 Joel Sing * @@ -32,7 +32,7 @@ bn_umul_hilo(BN_ULONG a, BN_ULONG b, BN_ULONG *out_h, BN_ULONG *out_l) /* Unsigned multiplication using a umulh/mul pair. */ __asm__ ("umulh %0, %2, %3; mul %1, %2, %3" - : "=r"(h), "=r"(l) + : "=&r"(h), "=r"(l) : "r"(a), "r"(b)); *out_h = h; diff --git a/lib/libcrypto/bn/arch/alpha/bn_arch.h b/lib/libcrypto/bn/arch/alpha/bn_arch.h index 9bc00911ab0..0f7c582fdf4 100644 --- a/lib/libcrypto/bn/arch/alpha/bn_arch.h +++ b/lib/libcrypto/bn/arch/alpha/bn_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_arch.h,v 1.2 2023/01/31 05:57:08 jsing Exp $ */ +/* $OpenBSD: bn_arch.h,v 1.3 2023/02/04 11:48:55 jsing Exp $ */ /* * Copyright (c) 2023 Joel Sing * @@ -31,7 +31,7 @@ bn_umul_hilo(BN_ULONG a, BN_ULONG b, BN_ULONG *out_h, BN_ULONG *out_l) /* Unsigned multiplication using a umulh/mulq pair. */ __asm__ ("umulh %2, %3, %0; mulq %2, %3, %1" - : "=r"(h), "=r"(l) + : "=&r"(h), "=r"(l) : "r"(a), "r"(b)); *out_h = h; diff --git a/lib/libcrypto/bn/arch/powerpc64/bn_arch.h b/lib/libcrypto/bn/arch/powerpc64/bn_arch.h index 1b8bd61138e..92e16e9f9c9 100644 --- a/lib/libcrypto/bn/arch/powerpc64/bn_arch.h +++ b/lib/libcrypto/bn/arch/powerpc64/bn_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_arch.h,v 1.2 2023/01/31 05:57:08 jsing Exp $ */ +/* $OpenBSD: bn_arch.h,v 1.3 2023/02/04 11:48:55 jsing Exp $ */ /* * Copyright (c) 2023 Joel Sing * @@ -31,7 +31,7 @@ bn_umul_hilo(BN_ULONG a, BN_ULONG b, BN_ULONG *out_h, BN_ULONG *out_l) /* Unsigned multiplication using a mulhdu/mul pair. */ __asm__ ("mulhdu %0, %2, %3; mul %1, %2, %3" - : "=r"(h), "=r"(l) + : "=&r"(h), "=r"(l) : "r"(a), "r"(b)); *out_h = h; diff --git a/lib/libcrypto/bn/arch/riscv64/bn_arch.h b/lib/libcrypto/bn/arch/riscv64/bn_arch.h index 1b4267acc01..36cf3a4f66c 100644 --- a/lib/libcrypto/bn/arch/riscv64/bn_arch.h +++ b/lib/libcrypto/bn/arch/riscv64/bn_arch.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_arch.h,v 1.2 2023/01/31 05:57:08 jsing Exp $ */ +/* $OpenBSD: bn_arch.h,v 1.3 2023/02/04 11:48:55 jsing Exp $ */ /* * Copyright (c) 2023 Joel Sing * @@ -35,7 +35,7 @@ bn_umul_hilo(BN_ULONG a, BN_ULONG b, BN_ULONG *out_h, BN_ULONG *out_l) * into a single operation. */ __asm__ ("mulh %0, %2, %3; mul %1, %2, %3" - : "=r"(h), "=r"(l) + : "=&r"(h), "=r"(l) : "r"(a), "r"(b)); *out_h = h; -- 2.20.1