From 5048b594fb9cd050c4d5d8bb7a9c9bad8865a171 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 24 Jan 2024 15:24:28 +0000
Subject: Avoid a four-byte overread in gcm_ghash_4bit_mmx() on i386

This is a variant of the same logic error fixed in ghash-x86_64.pl r1.6.
The code path is only reachable on machines without FXSR or PCLMUL.

ok jsing
---
 src/lib/libcrypto/modes/asm/ghash-x86.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/libcrypto/modes/asm/ghash-x86.pl b/src/lib/libcrypto/modes/asm/ghash-x86.pl
index 5e868a43ff..47833582b6 100644
--- a/src/lib/libcrypto/modes/asm/ghash-x86.pl
+++ b/src/lib/libcrypto/modes/asm/ghash-x86.pl
@@ -714,7 +714,7 @@ sub mmx_loop() {
       }
 
 	&mov	(&LB($nlo),&LB($dat));
-	&mov	($dat,&DWP(528+$j,"esp"))		if (--$j%4==0);
+	&mov	($dat,&DWP(528+$j,"esp"))		if (--$j%4==0 && $j>=0);
 
 	&movd	($rem[0],$Zlo);
 	&movz	($rem[1],&LB($rem[1]))			if ($i>0);
-- 
cgit v1.2.3-55-g6feb