From d6338c22c32b9f55b71ace80f993bbb8f8c1aa6d Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Tue, 27 Mar 2018 23:05:07 +0100 Subject: [PATCH] Fix mishandling of IV in AES-NI CBC decryption. A user reported that the new hardware AES implementation wasn't working, and sent an event log suggesting that it was being run in CBC mode - which is unusual enough these days that that may well have been its first test. I wasn't looking forward to debugging the actual AES intrinsics code, but fortunately, I didn't have to, because an eyeball review spotted a nice simple error in the CBC decrypt function in which the wrong local variable was being stored into the IV variable on exit from the function. Testing against a local CBC-only server reproduced the reported failure and suggested that this fixed it. --- sshaes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshaes.c b/sshaes.c index 7b9eacb7..ed1ab92d 100644 --- a/sshaes.c +++ b/sshaes.c @@ -1524,7 +1524,7 @@ static void aes_decrypt_cbc_ni(unsigned char *blk, int len, AESContext * ctx) } /* Update IV */ - _mm_storeu_si128((__m128i*)(ctx->iv), dec); + _mm_storeu_si128((__m128i*)(ctx->iv), iv); } FUNC_ISA