Fix incorrect bounds check in amd64 assembly version of bn_mul_mont();

noticed and fix by Fedor Indutny of Joyent
( https://github.com/joyent/node/issues/7704 )

2 files changed, 8 insertions, 7 deletions

diff --git a/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl b/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl
index 90c717f1152..c35493e80ad 100755
--- a/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl
+++ b/lib/libssl/src/crypto/bn/asm/x86_64-mont.pl
@@ -138,7 +138,7 @@ $code.=<<___;
 
 	mulq	$m1			# np[j]*m1
 	cmp	$num,$j
-	jne	.L1st
+	jl	.L1st
 
 	add	%rax,$hi1
 	mov	($ap),%rax		# ap[0]
@@ -204,7 +204,7 @@ $code.=<<___;
 
 	mulq	$m1			# np[j]*m1
 	cmp	$num,$j
-	jne	.Linner
+	jl	.Linner
 
 	add	%rax,$hi1
 	mov	($ap),%rax		# ap[0]
diff --git a/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl b/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl
index 057cda28aae..9c88884d424 100755
--- a/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl
+++ b/lib/libssl/src/crypto/bn/asm/x86_64-mont5.pl
@@ -28,7 +28,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 # int bn_mul_mont_gather5(
 $rp="%rdi";	# BN_ULONG *rp,
@@ -180,7 +181,7 @@ $code.=<<___;
 
 	mulq	$m1			# np[j]*m1
 	cmp	$num,$j
-	jne	.L1st
+	jl	.L1st
 
 	movq	%xmm0,$m0		# bp[1]
 
@@ -263,7 +264,7 @@ $code.=<<___;
 
 	mulq	$m1			# np[j]*m1
 	cmp	$num,$j
-	jne	.Linner
+	jl	.Linner
 
 	movq	%xmm0,$m0		# bp[i+1]
 
@@ -900,8 +901,8 @@ $code.=<<___;
 	jnz	.Lgather
 ___
 $code.=<<___ if ($win64);
-	movaps	%xmm6,(%rsp)
-	movaps	%xmm7,0x10(%rsp)
+	movaps	(%rsp),%xmm6
+	movaps	0x10(%rsp),%xmm7
 	lea	0x28(%rsp),%rsp
 ___
 $code.=<<___;