bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.

author Andy Polyakov <appro@openssl.org>

Thu, 17 Aug 2017 19:08:57 +0000 (21:08 +0200)

committer Matt Caswell <matt@openssl.org>

Thu, 2 Nov 2017 11:00:48 +0000 (11:00 +0000)
author Andy Polyakov <appro@openssl.org>
Thu, 17 Aug 2017 19:08:57 +0000 (21:08 +0200)
committer Matt Caswell <matt@openssl.org>
Thu, 2 Nov 2017 11:00:48 +0000 (11:00 +0000)
diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl

index 9c77642b71d0c822b1d37cff0235f0dd91ee571e..1666fbd7a2d4a92b30754d30286a9e005e091f5a 100755 (executable)
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
@@ -3206,11 +3206,19 @@ $code.=<<___;
  
  .align 32
  .Lsqrx8x_break:
-       sub     16+8(%rsp),%r8          # consume last carry
+       xor     $zero,$zero
+       sub     16+8(%rsp),%rbx         # mov 16(%rsp),%cf
+       adcx    $zero,%r8
         mov     24+8(%rsp),$carry       # initial $tptr, borrow $carry
+       adcx    $zero,%r9
         mov     0*8($aptr),%rdx         # a[8], modulo-scheduled
-       xor     %ebp,%ebp               # xor   $zero,$zero
+       adc     \$0,%r10
         mov     %r8,0*8($tptr)
+       adc     \$0,%r11
+       adc     \$0,%r12
+       adc     \$0,%r13
+       adc     \$0,%r14
+       adc     \$0,%r15
         cmp     $carry,$tptr            # cf=0, of=0
         je      .Lsqrx8x_outer_loop
author	Andy Polyakov <appro@openssl.org>
	Thu, 17 Aug 2017 19:08:57 +0000 (21:08 +0200)
committer	Matt Caswell <matt@openssl.org>
	Thu, 2 Nov 2017 11:00:48 +0000 (11:00 +0000)