search

wolfSSL / wolfssl

The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!
https://www.wolfssl.com
GNU General Public License v2.0
2.31k stars 823 forks source link

[Bug]: Parameter corruption passed in RCX register #7661

Closed ilka1999 closed 3 months ago

ilka1999 commented 3 months ago

Contact Details

ilka1999

Version

master

Description

I found the bug in the file sp_x86_64_asm.asm

The bug is at least in the functions: sp_2048_lshift_32 sp_3072_lshift_48 sp_4096_lshift_64 sp_521_rshift_9 sp_521_lshift_9 sp_521_lshift_18

for example sp_2048_lshift_32:


; /* Shift number left by n bit. (r = a << n)
;  *
;  * r  Result of left shift by n.
;  * a  Number to shift.
;  * n  Amoutnt o shift.
;  */
_text SEGMENT READONLY PARA
sp_2048_lshift_32 PROC
        push    r12
        push    r13
        mov cl, r8b       ; <<< BUG!
                              ; When entering the function body, RCX stores the first parameter, 
                              ; but this instruction modifies the lower part of RCX.

        mov rax, rcx      ; <<< RCX is corrupted here
`

### Reproduction steps

_No response_

### Relevant log output

_No response_
SparkiDev commented 3 months ago

Hi @ilka1999

I've put up a PR to fix this: #7666

Let us know if this fixes your issues!

Thanks, Sean