https://github.com/openssl/openssl/commit/a1f7034bbd8f0730d360211f5ba0feeaef0b7b2c https://github.com/openssl/openssl/issues/18625 From a1f7034bbd8f0730d360211f5ba0feeaef0b7b2c Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Wed, 22 Jun 2022 18:07:05 +0800 Subject: [PATCH] rsa: fix bn_reduce_once_in_place call for rsaz_mod_exp_avx512_x2 bn_reduce_once_in_place expects the number of BN_ULONG, but factor_size is moduli bit size. Fixes #18625. Signed-off-by: Xi Ruoyao Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18626) (cherry picked from commit 4d8a88c134df634ba610ff8db1eb8478ac5fd345) --- a/crypto/bn/rsaz_exp_x2.c +++ b/crypto/bn/rsaz_exp_x2.c @@ -220,6 +220,9 @@ int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1, from_words52(res1, factor_size, rr1_red); from_words52(res2, factor_size, rr2_red); + /* bn_reduce_once_in_place expects number of BN_ULONG, not bit size */ + factor_size /= sizeof(BN_ULONG) * 8; + bn_reduce_once_in_place(res1, /*carry=*/0, m1, storage, factor_size); bn_reduce_once_in_place(res2, /*carry=*/0, m2, storage, factor_size);