The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3 and DTLS 1.3!
The bug is at least in the functions:
sp_2048_lshift_32
sp_3072_lshift_48
sp_4096_lshift_64
sp_521_rshift_9
sp_521_lshift_9
sp_521_lshift_18
for example sp_2048_lshift_32:
; /* Shift number left by n bit. (r = a << n)
; *
; * r Result of left shift by n.
; * a Number to shift.
; * n Amoutnt o shift.
; */
_text SEGMENT READONLY PARA
sp_2048_lshift_32 PROC
push r12
push r13
mov cl, r8b ; <<< BUG!
; When entering the function body, RCX stores the first parameter,
; but this instruction modifies the lower part of RCX.
mov rax, rcx ; <<< RCX is corrupted here
`
### Reproduction steps
_No response_
### Relevant log output
_No response_
Contact Details
ilka1999
Version
master
Description
I found the bug in the file sp_x86_64_asm.asm
The bug is at least in the functions: sp_2048_lshift_32 sp_3072_lshift_48 sp_4096_lshift_64 sp_521_rshift_9 sp_521_lshift_9 sp_521_lshift_18
for example sp_2048_lshift_32: