bn/asm/x86_64-mont5.pl: fix carry bug in bn_sqrx8x_internal.

author Andy Polyakov <appro@openssl.org>

Thu, 17 Aug 2017 19:08:57 +0000 (21:08 +0200)

committer Matt Caswell <matt@openssl.org>

Thu, 2 Nov 2017 11:05:15 +0000 (11:05 +0000)
author Andy Polyakov <appro@openssl.org>
Thu, 17 Aug 2017 19:08:57 +0000 (21:08 +0200)
committer Matt Caswell <matt@openssl.org>
Thu, 2 Nov 2017 11:05:15 +0000 (11:05 +0000)
diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl

index 6807ab5cfe345850eae98492a6d4e3192373c154..5779059ea268eefd9fea04985b9a0ec4e4785ea1 100755 (executable)
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
@@ -3099,11 +3099,19 @@ $code.=<<___;
  
  .align 32
  .Lsqrx8x_break:
-       sub     16+8(%rsp),%r8          # consume last carry
+       xor     $zero,$zero
+       sub     16+8(%rsp),%rbx         # mov 16(%rsp),%cf
+       adcx    $zero,%r8
         mov     24+8(%rsp),$carry       # initial $tptr, borrow $carry
+       adcx    $zero,%r9
         mov     0*8($aptr),%rdx         # a[8], modulo-scheduled
-       xor     %ebp,%ebp               # xor   $zero,$zero
+       adc     \$0,%r10
         mov     %r8,0*8($tptr)
+       adc     \$0,%r11
+       adc     \$0,%r12
+       adc     \$0,%r13
+       adc     \$0,%r14
+       adc     \$0,%r15
         cmp     $carry,$tptr            # cf=0, of=0
         je      .Lsqrx8x_outer_loop
author	Andy Polyakov <appro@openssl.org>
	Thu, 17 Aug 2017 19:08:57 +0000 (21:08 +0200)
committer	Matt Caswell <matt@openssl.org>
	Thu, 2 Nov 2017 11:05:15 +0000 (11:05 +0000)