[PATCH] libgcrypt-1.5: rinjdael: Fix use of SSE2 outside USE_AESNI/ctx->use_aesni
Jussi Kivilinna
jussi.kivilinna at mbnet.fi
Tue Jan 29 09:05:15 CET 2013
* cipher/rijndael.c (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec): Check if
AES-NI is enabled before calling aesni_prepare() and aesni_cleanup().
--
aesni_cleanup() contains SSE2 instructions that are interpreted as MMX on CPUs
without SSE2 support (Pentium-III, etc). In above functions, aesni_cleanup()
was called outside use_aesni checks. This causes x87 register state to be
poisoned, causing crashes later on when program tries to use floating point
registers.
Add missing '#ifdef USE_AESNI' and 'if (ctx->use_aesni)' for aesni_cleanup()
and, while at it, for aesni_prepare() too.
Reported-by: Mitsutoshi NAKANO <bkbin005 at rinku.zaq.ne.jp>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at mbnet.fi>
---
cipher/rijndael.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
diff --git a/cipher/rijndael.c b/cipher/rijndael.c
index 92fa31d..9816280 100644
--- a/cipher/rijndael.c
+++ b/cipher/rijndael.c
@@ -1239,7 +1239,11 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv,
unsigned char *ivp;
int i;
- aesni_prepare ();
+#ifdef USE_AESNI
+ if (ctx->use_aesni)
+ aesni_prepare ();
+#endif /*USE_AESNI*/
+
for ( ;nblocks; nblocks-- )
{
for (ivp=iv, i=0; i < BLOCKSIZE; i++ )
@@ -1263,7 +1267,11 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv,
if (!cbc_mac)
outbuf += BLOCKSIZE;
}
- aesni_cleanup ();
+
+#ifdef USE_AESNI
+ if (ctx->use_aesni)
+ aesni_cleanup ();
+#endif /*USE_AESNI*/
_gcry_burn_stack (48 + 2*sizeof(int));
}
@@ -1575,7 +1583,11 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv,
int i;
unsigned char savebuf[BLOCKSIZE];
- aesni_prepare ();
+#ifdef USE_AESNI
+ if (ctx->use_aesni)
+ aesni_prepare ();
+#endif /*USE_AESNI*/
+
for ( ;nblocks; nblocks-- )
{
/* We need to save INBUF away because it may be identical to
@@ -1601,7 +1613,11 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv,
inbuf += BLOCKSIZE;
outbuf += BLOCKSIZE;
}
- aesni_cleanup ();
+
+#ifdef USE_AESNI
+ if (ctx->use_aesni)
+ aesni_cleanup ();
+#endif /*USE_AESNI*/
_gcry_burn_stack (48 + 2*sizeof(int) + BLOCKSIZE + 4*sizeof (char*));
}
More information about the Gcrypt-devel
mailing list