-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/08/14 01:06, Denis Krienbühl wrote: > I did that and got the following results: > > (gdb) p key $1 = (const uint8_t *) 0xbfa8a85c "" > > (gdb) p rkeys $2 = (__m128i *) 0x8a8b7c8 Thanks, that's exactly what I was hoping to see. The problem is that the SSE instructions used require the AES round keys to be stored aligned to 16-byte boundaries, and the malloc on your system is providing unaligned allocations. Can you try the attached patch? In a clean source tree, # patch < rkeys-align.patch # make all and then you should find that it works again. - -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEYEARECAAYFAlQ145kACgkQOM7KaQxqam4z8ACdHZ9lOrEoKKrAm4G2ucfM3XbJ bLQAni51EQ3YfuDHbfkwbbcGNrlzj0Qt =ripw -----END PGP SIGNATURE-----
Index: libcperciva/crypto/crypto_aes_aesni.c =================================================================== --- libcperciva/crypto/crypto_aes_aesni.c (revision 177) +++ libcperciva/crypto/crypto_aes_aesni.c (working copy) @@ -13,7 +13,8 @@ /* Expanded-key structure. */ struct crypto_aes_key_aesni { - __m128i rkeys[15]; + uint8_t rkeys_buf[15 * sizeof(__m128i) + (sizeof(__m128i) - 1)]; + __m128i * rkeys; size_t nr; }; @@ -143,11 +144,17 @@ crypto_aes_key_expand_aesni(const uint8_t * key, size_t len) { struct crypto_aes_key_aesni * kexp; + size_t rkey_offset; /* Allocate structure. */ if ((kexp = malloc(sizeof(struct crypto_aes_key_aesni))) == NULL) goto err0; + /* Figure out where to put the round keys. */ + rkey_offset = (uintptr_t)(&kexp->rkeys_buf[0]) % sizeof(__m128i); + rkey_offset = (sizeof(__m128i) - rkey_offset) % sizeof(__m128i); + kexp->rkeys = &kexp->rkeys_buf[rkey_offset]; + /* Compute round keys. */ if (len == 16) { kexp->nr = 10;
Attachment:
rkeys-align.patch.sig
Description: Binary data