1 From 2bcf8e69bd92e33d84c48e7d108d3d46b22f8a6d Mon Sep 17 00:00:00 2001
2 From: ValdikSS <iam@valdikss.org.ru>
3 Date: Wed, 18 Jan 2023 20:14:48 +0300
4 Subject: [PATCH] Padlock: fix byte swapping assembly for AES-192 and 256
6 Byte swapping code incorrectly uses the number of AES rounds to swap expanded
7 AES key, while swapping only a single dword in a loop, resulting in swapped
8 key and partially swapped expanded keys, breaking AES encryption and
9 decryption on VIA Padlock hardware.
11 This commit correctly sets the number of swapping loops to be done.
17 Reviewed-by: Hugo Landau <hlandau@openssl.org>
18 Reviewed-by: Tomas Mraz <tomas@openssl.org>
19 (Merged from https://github.com/openssl/openssl/pull/20077)
21 (cherry picked from commit 7331e7ef79fe4499d81cc92249e9c97e9ff9291a)
23 engines/asm/e_padlock-x86.pl | 2 ++
24 engines/asm/e_padlock-x86_64.pl | 2 ++
25 2 files changed, 4 insertions(+)
27 diff --git a/engines/asm/e_padlock-x86.pl b/engines/asm/e_padlock-x86.pl
28 index 5b097ce3ef9b..07f7000fd38a 100644
29 --- a/engines/asm/e_padlock-x86.pl
30 +++ b/engines/asm/e_padlock-x86.pl
32 &function_begin_B("padlock_key_bswap");
33 &mov ("edx",&wparam(0));
34 &mov ("ecx",&DWP(240,"edx"));
37 &set_label("bswap_loop");
38 &mov ("eax",&DWP(0,"edx"));
40 diff --git a/engines/asm/e_padlock-x86_64.pl b/engines/asm/e_padlock-x86_64.pl
41 index 09b0aaa48dfe..dfd2ae656375 100644
42 --- a/engines/asm/e_padlock-x86_64.pl
43 +++ b/engines/asm/e_padlock-x86_64.pl