diff options
author | ValdikSS <iam@valdikss.org.ru> | 2023-01-18 20:14:48 +0300 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2023-01-20 07:31:33 +0000 |
commit | 7331e7ef79fe4499d81cc92249e9c97e9ff9291a (patch) | |
tree | 19193b6ff2b45f589e94320e7766030dd715f777 /engines | |
parent | 69d6ecb7c320bafe0d30a88949eb22e19704221a (diff) | |
download | openssl-new-7331e7ef79fe4499d81cc92249e9c97e9ff9291a.tar.gz |
Padlock: fix byte swapping assembly for AES-192 and 256
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.
This commit correctly sets the number of swapping loops to be done.
Fixes #20073
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20077)
Diffstat (limited to 'engines')
-rw-r--r-- | engines/asm/e_padlock-x86.pl | 2 | ||||
-rw-r--r-- | engines/asm/e_padlock-x86_64.pl | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/engines/asm/e_padlock-x86.pl b/engines/asm/e_padlock-x86.pl index f579a4d933..bb2b144689 100644 --- a/engines/asm/e_padlock-x86.pl +++ b/engines/asm/e_padlock-x86.pl @@ -115,6 +115,8 @@ $chunk="ebx"; &function_begin_B("padlock_key_bswap"); &mov ("edx",&wparam(0)); &mov ("ecx",&DWP(240,"edx")); + &inc ("ecx"); + &shl ("ecx",2); &set_label("bswap_loop"); &mov ("eax",&DWP(0,"edx")); &bswap ("eax"); diff --git a/engines/asm/e_padlock-x86_64.pl b/engines/asm/e_padlock-x86_64.pl index 7982f19932..2622e272db 100644 --- a/engines/asm/e_padlock-x86_64.pl +++ b/engines/asm/e_padlock-x86_64.pl @@ -94,6 +94,8 @@ padlock_capability: .align 16 padlock_key_bswap: mov 240($arg1),%edx + inc %edx + shl \$2,%edx .Lbswap_loop: mov ($arg1),%eax bswap %eax |