From c6d977eae508f5740fc3e0019f82ba3d55f9af7a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 14 Sep 2021 00:13:05 +0200
Subject: [PATCH 1/2] x86_64 MULADDC assembly: add missing constraints about
 memory

MULADDC_CORE reads from (%%rsi) and writes to (%%rdi). This fragment is
repeated up to 16 times, and %%rsi and %%rdi are s and d on entry
respectively. Hence the complete asm statement reads 16 64-bit words
from memory starting at s, and writes 16 64-bit words starting at d.

Without any declaration of modified memory, Clang 12 and Clang 13 generated
non-working code for mbedtls_mpi_mod_exp. The constraints make the unit
tests pass with Clang 12.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/muladdc-amd64-memory.txt | 3 +++
 include/mbedtls/bn_mul.h             | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 ChangeLog.d/muladdc-amd64-memory.txt

diff --git a/ChangeLog.d/muladdc-amd64-memory.txt b/ChangeLog.d/muladdc-amd64-memory.txt
new file mode 100644
index 000000000..1803e423d
--- /dev/null
+++ b/ChangeLog.d/muladdc-amd64-memory.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix missing constraints on x86_64 assembly code for bignum multiplication
+     that broke some bignum operations with (at least) Clang 12. Fixes #4786.
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index 17d057f3a..1dea22bfd 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -189,9 +189,9 @@
         "addq   $8, %%rdi\n"
 
 #define MULADDC_STOP                        \
-        : "+c" (c), "+D" (d), "+S" (s)      \
-        : "b" (b)                           \
-        : "rax", "rdx", "r8"                \
+        : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \
+        : "b" (b), "m" (*(const uint64_t (*)[16]) s)                 \
+        : "rax", "rdx", "r8"                                         \
     );
 
 #endif /* AMD64 */

From 184a688d516a2532413ffbf48b5140ed0674d026 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 15 Sep 2021 17:04:31 +0200
Subject: [PATCH 2/2] Update the list of issues fixed

This had actually been reported multiple times.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/muladdc-amd64-memory.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog.d/muladdc-amd64-memory.txt b/ChangeLog.d/muladdc-amd64-memory.txt
index 1803e423d..b83433167 100644
--- a/ChangeLog.d/muladdc-amd64-memory.txt
+++ b/ChangeLog.d/muladdc-amd64-memory.txt
@@ -1,3 +1,4 @@
 Bugfix
    * Fix missing constraints on x86_64 assembly code for bignum multiplication
-     that broke some bignum operations with (at least) Clang 12. Fixes #4786.
+     that broke some bignum operations with (at least) Clang 12.
+     Fixes #4116, #4786, #4917.