From: ValdikSS Date: Wed, 18 Jan 2023 17:14:48 +0000 (+0300) Subject: Padlock: fix byte swapping assembly for AES-192 and 256 X-Git-Tag: openssl-3.2.0-alpha1~1427 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7331e7ef79fe4499d81cc92249e9c97e9ff9291a;p=thirdparty%2Fopenssl.git Padlock: fix byte swapping assembly for AES-192 and 256 Byte swapping code incorrectly uses the number of AES rounds to swap expanded AES key, while swapping only a single dword in a loop, resulting in swapped key and partially swapped expanded keys, breaking AES encryption and decryption on VIA Padlock hardware. This commit correctly sets the number of swapping loops to be done. Fixes #20073 CLA: trivial Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/20077) --- diff --git a/engines/asm/e_padlock-x86.pl b/engines/asm/e_padlock-x86.pl index f579a4d933f..bb2b1446898 100644 --- a/engines/asm/e_padlock-x86.pl +++ b/engines/asm/e_padlock-x86.pl @@ -115,6 +115,8 @@ $chunk="ebx"; &function_begin_B("padlock_key_bswap"); &mov ("edx",&wparam(0)); &mov ("ecx",&DWP(240,"edx")); + &inc ("ecx"); + &shl ("ecx",2); &set_label("bswap_loop"); &mov ("eax",&DWP(0,"edx")); &bswap ("eax"); diff --git a/engines/asm/e_padlock-x86_64.pl b/engines/asm/e_padlock-x86_64.pl index 7982f199327..2622e272db2 100644 --- a/engines/asm/e_padlock-x86_64.pl +++ b/engines/asm/e_padlock-x86_64.pl @@ -94,6 +94,8 @@ padlock_capability: .align 16 padlock_key_bswap: mov 240($arg1),%edx + inc %edx + shl \$2,%edx .Lbswap_loop: mov ($arg1),%eax bswap %eax