Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Padlock: fix byte swapping assembly for AES-192 and 256 #20077

Closed
wants to merge 1 commit into from
Closed

Padlock: fix byte swapping assembly for AES-192 and 256 #20077

wants to merge 1 commit into from

Conversation

ValdikSS
Copy link
Contributor

@ValdikSS ValdikSS commented Jan 18, 2023
edited
Loading

Byte swapping code incorrectly uses the number of AES rounds to swap expanded AES key, while swapping only a single dword in a loop, resulting in swapped key and partially swapped expanded keys, breaking AES encryption and decryption on VIA Padlock hardware.

This commit correctly sets the number of swapping loops to be done.

Fixes #20073

CLA: trivial

@ValdikSS
Padlock: fix byte swapping assembly for AES-192 and 256
54f125d 
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.

This commit correctly sets the number of swapping loops to be done.

Fixes #20073

CLA: trivial
paulidale
paulidale approved these changes Jan 18, 2023
View reviewed changes
Copy link
Contributor

@paulidale paulidale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay with trivial

@paulidale paulidale added branch: master Merge to master branch approval: review pending This pull request needs review by a committer branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch triaged: bug The issue/pr is/fixes a bug cla: trivial One of the commits is marked as 'CLA: trivial' branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 labels Jan 18, 2023
@hlandau hlandau added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Jan 19, 2023
@t8m t8m added the tests: exempted The PR is exempt from requirements for testing label Jan 19, 2023
t8m
t8m approved these changes Jan 19, 2023
View reviewed changes
Copy link
Member

@t8m t8m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK with CLA: trivial

@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Jan 20, 2023
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@hlandau
Copy link
Member

hlandau commented Jan 20, 2023

Merged to master, 3.1, 3.0 and 1.1.1. Thank you.

@hlandau hlandau closed this Jan 20, 2023
openssl-machine pushed a commit that referenced this pull request Jan 20, 2023
@ValdikSS @hlandau
Padlock: fix byte swapping assembly for AES-192 and 256
f9abf58 
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.

This commit correctly sets the number of swapping loops to be done.

Fixes #20073

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #20077)

(cherry picked from commit 7331e7e)
openssl-machine pushed a commit that referenced this pull request Jan 20, 2023
@ValdikSS @hlandau
Padlock: fix byte swapping assembly for AES-192 and 256
f45c603 
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.

This commit correctly sets the number of swapping loops to be done.

Fixes #20073

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #20077)

(cherry picked from commit 7331e7e)
openssl-machine pushed a commit that referenced this pull request Jan 20, 2023
@ValdikSS @hlandau
Padlock: fix byte swapping assembly for AES-192 and 256
7331e7e 
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.

This commit correctly sets the number of swapping loops to be done.

Fixes #20073

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #20077)
openssl-machine pushed a commit that referenced this pull request Jan 20, 2023
@ValdikSS @hlandau
Padlock: fix byte swapping assembly for AES-192 and 256
2bcf8e6 
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.

This commit correctly sets the number of swapping loops to be done.

Fixes #20073

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #20077)

(cherry picked from commit 7331e7e)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hlandau hlandau hlandau approved these changes

@t8m t8m t8m approved these changes

@paulidale paulidale paulidale approved these changes

Assignees
No one assigned
Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch branch: 1.1.1 Merge to OpenSSL_1_1_1-stable branch branch: 3.0 Merge to openssl-3.0 branch branch: 3.1 Merge to openssl-3.1 cla: trivial One of the commits is marked as 'CLA: trivial' tests: exempted The PR is exempt from requirements for testing triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AES-256 and 192 produce garbage output with -engine padlock (VIA Padlock)
5 participants
@ValdikSS @openssl-machine @hlandau @t8m @paulidale