svn commit: r219178 - head/sys/crypto/aesni

Kostik Belousov kostikbel at gmail.com
Wed Mar 2 15:44:32 UTC 2011 

On Wed, Mar 02, 2011 at 02:56:58PM +0000, Konstantin Belousov wrote:
> Author: kib
> Date: Wed Mar  2 14:56:58 2011
> New Revision: 219178
> URL: http://svn.freebsd.org/changeset/base/219178
> 
> Log:
>   Fix a bug in the result of manual assembly.
>   
>   Reported by:	Stefan Grundmann <sg2342 googlemail com>
>   PR:	kern/155118
>   MFC after:	3 days
The end result of this bug should affect only AES256 variants,
causing wrong keyschedule calculation. If you have a geli partition
with 256bit key that worked with previous version of aesni(4), best
strategy is backup, reinitialize geli volume with the new driver,
then restore.

Sorry.


> 
> Modified:
>   head/sys/crypto/aesni/aeskeys_amd64.S
>   head/sys/crypto/aesni/aeskeys_i386.S
> 
> Modified: head/sys/crypto/aesni/aeskeys_amd64.S
> ==============================================================================
> --- head/sys/crypto/aesni/aeskeys_amd64.S	Wed Mar  2 14:39:26 2011	(r219177)
> +++ head/sys/crypto/aesni/aeskeys_amd64.S	Wed Mar  2 14:56:58 2011	(r219178)
> @@ -162,7 +162,7 @@ ENTRY(aesni_set_enckey)
>  	.byte	0x66,0x0f,0x3a,0xdf,0xc8,0x20
>  	call	_key_expansion_256b
>  //	aeskeygenassist $0x40,%xmm2,%xmm1	# round 7
> -	.byte	0x66,0x0f,0x3a,0xdf,0xca,0x20
> +	.byte	0x66,0x0f,0x3a,0xdf,0xca,0x40
>  	call	_key_expansion_256a
>  	retq
>  .Lenc_key192:
> 
> Modified: head/sys/crypto/aesni/aeskeys_i386.S
> ==============================================================================
> --- head/sys/crypto/aesni/aeskeys_i386.S	Wed Mar  2 14:39:26 2011	(r219177)
> +++ head/sys/crypto/aesni/aeskeys_i386.S	Wed Mar  2 14:56:58 2011	(r219178)
> @@ -167,7 +167,7 @@ ENTRY(aesni_set_enckey)
>  	.byte	0x66,0x0f,0x3a,0xdf,0xc8,0x20
>  	call	_key_expansion_256b
>  //	aeskeygenassist $0x40,%xmm2,%xmm1	# round 7
> -	.byte	0x66,0x0f,0x3a,0xdf,0xca,0x20
> +	.byte	0x66,0x0f,0x3a,0xdf,0xca,0x40
>  	call	_key_expansion_256a
>  	.cfi_adjust_cfa_offset -4
>  	leave
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20110302/853992b6/attachment.pgp

More information about the freebsd-current mailing list