Commit f0de2ebb56 for openssl.org
commit f0de2ebb561521ffebd1d54899b8dfbbbc750cd2
Author: slontis <shane.lontis@oracle.com>
Date: Wed Feb 18 14:12:59 2026 +1100
Fix uninitialized variables in rsaz-3k-avxifma & rsaz-4k-avxifma
assembler.
This looks like a block copy bug, the 2k file uses both fields but the
3k & 4K variants only pass acc0_0 to functions.
Reported and proposed fix supplied by pyca (@reaperhulk and @alex).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Mar 13 08:48:11 2026
(Merged from https://github.com/openssl/openssl/pull/30061)
diff --git a/crypto/bn/asm/rsaz-3k-avxifma.pl b/crypto/bn/asm/rsaz-3k-avxifma.pl
index a19cb5aaa3..a3bc70c601 100644
--- a/crypto/bn/asm/rsaz-3k-avxifma.pl
+++ b/crypto/bn/asm/rsaz-3k-avxifma.pl
@@ -87,8 +87,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
my $mask52 = "%rax";
my $acc0_0 = "%r9";
my $acc0_0_low = "%r9d";
-my $acc0_1 = "%r15";
-my $acc0_1_low = "%r15d";
my $b_ptr = "%r11";
my $iter = "%ebx";
@@ -741,7 +739,7 @@ $code.=<<___;
vmovdqu $R3_0, `6*32`($res)
vmovdqu $R3_0h, `7*32`($res)
- xorl $acc0_1_low, $acc0_1_low
+ xorl $acc0_0_low, $acc0_0_low
lea 16($b_ptr), $b_ptr
movq \$0xfffffffffffff, $mask52 # 52-bit mask
diff --git a/crypto/bn/asm/rsaz-4k-avxifma.pl b/crypto/bn/asm/rsaz-4k-avxifma.pl
index f15e2d7411..d5ff62db0a 100644
--- a/crypto/bn/asm/rsaz-4k-avxifma.pl
+++ b/crypto/bn/asm/rsaz-4k-avxifma.pl
@@ -84,8 +84,6 @@ my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI;
my $mask52 = "%rax";
my $acc0_0 = "%r9";
my $acc0_0_low = "%r9d";
-my $acc0_1 = "%r15";
-my $acc0_1_low = "%r15d";
my $b_ptr = "%r11";
my $iter = "%ebx";
@@ -834,7 +832,7 @@ $code.=<<___;
vmovdqu $R4_0, `8*32`($res)
vmovdqu $R4_0h, `9*32`($res)
- xorl $acc0_1_low, $acc0_1_low
+ xorl $acc0_0_low, $acc0_0_low
movq \$0xfffffffffffff, $mask52