From: Andy Polyakov <appro@openssl.org>
Date: Thu, 31 Aug 2006 21:15:38 +0000 (+0000)
Subject: Fix bug in aes-586.pl.
X-Git-Tag: OpenSSL_0_9_8k^2~1160
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2b8a5406f9e14379b1445ba48251967074f29978;p=oweals%2Fopenssl.git

Fix bug in aes-586.pl.
---

diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl
index 4401cee9e3..7b75685025 100755
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
@@ -120,7 +120,7 @@
 # to process in one stroke.
 #
 # Timing attacks are classified in two classes: synchronous when
-# attacker consciously initiates cryptographic operation and collect
+# attacker consciously initiates cryptographic operation and collects
 # timing data of various character afterwards, and asynchronous when
 # malicious code is executed on same CPU simultaneously with AES,
 # instruments itself and performs statistical analysis of this data.
@@ -144,7 +144,7 @@
 # CBC, do masks the plain-text in this exact way [secure cipher output
 # is distributed uniformly]. Yes, one still might find input that
 # would reveal the information about given key, but if amount of
-# candidate inputs to be tried is larger than amount possible key
+# candidate inputs to be tried is larger than amount of possible key
 # combinations then attack becomes infeasible. This is why revised
 # AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk
 # of data is to be processed in one stroke. The current size limit of
@@ -2595,7 +2595,6 @@ my $mark=&DWP(76+240,"esp");	# copy of aes_key->rounds
 		&mov	($acc,$_inp);		# load inp
 		&lea	($acc,&DWP(16,$acc));	# advance inp
 		&mov	($_inp,$acc);		# save inp
-		&mov	($_len,$s2);		# save len
 	&jnz	(&label("slow_dec_loop_x86"));
 	&mov	("esp",$_esp);
 	&popf	();