AES-NI: Disable round keys realignment in mbedtls_aes_crypt_ecb()

Mbed TLS takes care of the alignment when creating the round keys (placing them accordingly within the larger context struct) and we hope we're not copying them to differently-aligned context structs (if we are, we'll need to fix that). See openwall#5593
solardiz · Dec 11, 2024 · 0ab4262 · 0ab4262
1 parent e2a1b64
commit 0ab4262
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/mbedtls/aes.c b/src/mbedtls/aes.c
@@ -1000,6 +1000,8 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
 }
 #endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
 
+/* Should be unneeded in JtR */
+#if 0
 /* VIA Padlock and our intrinsics-based implementation of AESNI require
  * the round keys to be aligned on a 16-byte boundary. We take care of this
  * before creating them, but the AES context may have moved (this can happen
@@ -1017,6 +1019,9 @@ MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
         ctx->rk_offset = new_offset;
     }
 }
+#else
+#undef MAY_NEED_TO_ALIGN
+#endif
 
 /*
  * AES-ECB block encryption/decryption