The branch master has been updated
via f643deac417a3ccb27f77670bb2b136de49079d9 (commit)
from e2f5081116d8b3dadd602fcf611bc6584ab395f7 (commit)
- Log -----------------------------------------------------------------
commit f643deac417a3ccb27f77670bb2b136de49079d9
Author: Daniel Axtens <[email protected]>
Date: Mon Mar 18 10:22:44 2019 +1100
PPC assembly pack: fix copy-paste error in CTR mode
There are two copy-paste errors in handling CTR mode. When dealing
with a 2 or 3 block tail, the code branches to the CBC decryption exit
path, rather than to the CTR exit path.
This can lead to data corruption: in the Linux kernel we have a copy
of this file, and the bug leads to corruption of the IV, which leads
to data corruption when we call the encryption function again later to
encrypt subsequent blocks.
Originally reported to the Linux kernel by Ondrej Mosnáček
<[email protected]>
CLA: trivial
Reviewed-by: Tim Hudson <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/8510)
-----------------------------------------------------------------------
Summary of changes:
crypto/aes/asm/aesp8-ppc.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl
index ce3fae0..44056e3 100755
--- a/crypto/aes/asm/aesp8-ppc.pl
+++ b/crypto/aes/asm/aesp8-ppc.pl
@@ -1829,7 +1829,7 @@ Lctr32_enc8x_three:
stvx_u $out1,$x10,$out
stvx_u $out2,$x20,$out
addi $out,$out,0x30
- b Lcbc_dec8x_done
+ b Lctr32_enc8x_done
.align 5
Lctr32_enc8x_two:
@@ -1841,7 +1841,7 @@ Lctr32_enc8x_two:
stvx_u $out0,$x00,$out
stvx_u $out1,$x10,$out
addi $out,$out,0x20
- b Lcbc_dec8x_done
+ b Lctr32_enc8x_done
.align 5
Lctr32_enc8x_one:
