AES-NI: Disable round keys realignment in mbedtls_aes_crypt_ecb()

solardiz · solardiz · commit 0ab4262d3bf2 · 2024-12-11T03:43:27.000+01:00
Mbed TLS takes care of the alignment when creating the round keys (placing them accordingly within the larger context struct) and we hope we're not copying them to differently-aligned context structs (if we are, we'll need to fix that). See openwall#5593
diff --git a/src/mbedtls/aes.c b/src/mbedtls/aes.c
@@ -1000,6 +1000,8 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
 }
 #endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
 
+/* Should be unneeded in JtR */
+#if 0
 /* VIA Padlock and our intrinsics-based implementation of AESNI require
  * the round keys to be aligned on a 16-byte boundary. We take care of this
  * before creating them, but the AES context may have moved (this can happen
@@ -1017,6 +1019,9 @@ MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
         ctx->rk_offset = new_offset;
     }
 }
+#else
+#undef MAY_NEED_TO_ALIGN
+#endif
 
 /*
  * AES-ECB block encryption/decryption

Original file line number	Diff line number	Diff line change
`@@ -1000,6 +1000,8 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,`
`1000`	`1000`	`}`
`1001`	`1001`	`#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */`
`1002`	`1002`
	`1003`	`+/* Should be unneeded in JtR */`
	`1004`	`+#if 0`
`1003`	`1005`	`/* VIA Padlock and our intrinsics-based implementation of AESNI require`
`1004`	`1006`	`* the round keys to be aligned on a 16-byte boundary. We take care of this`
`1005`	`1007`	`* before creating them, but the AES context may have moved (this can happen`
`@@ -1017,6 +1019,9 @@ MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)`
`1017`	`1019`	`ctx->rk_offset = new_offset;`
`1018`	`1020`	`}`
`1019`	`1021`	`}`
	`1022`	`+#else`
	`1023`	`+#undef MAY_NEED_TO_ALIGN`
	`1024`	`+#endif`
`1020`	`1025`
`1021`	`1026`	`/*`
`1022`	`1027`	`* AES-ECB block encryption/decryption`