From 4150efdb76ac2548a1583e18ee0fafa2ac31b73c Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Mon, 20 Mar 2017 11:38:25 +0100
Subject: [PATCH] aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT
 paths.

Initial IV was disregarded on SHAEXT-capable processors. Amazingly
enough bulk AES128-SHA* talk-to-yourself tests were passing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2992)

(cherry picked from commit 08d09628d2c9f3ef599399d8cad021a07ab98347)
---
 crypto/aes/asm/aesni-sha1-x86_64.pl   | 1 +
 crypto/aes/asm/aesni-sha256-x86_64.pl | 1 +
 2 files changed, 2 insertions(+)

diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl
index 8c84260856..7a30e893fb 100644
--- a/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha1-x86_64.pl
@@ -1702,6 +1702,7 @@ $code.=<<___;
 	mov	240($key),$rounds
 	sub	$in0,$out
 	movups	($key),$rndkey0			# $key[0]
+	movups	($ivp),$iv			# load IV
 	movups	16($key),$rndkey[0]		# forward reference
 	lea	112($key),$key			# size optimization
 
diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl
index 72f44ecf62..588ade64ee 100644
--- a/crypto/aes/asm/aesni-sha256-x86_64.pl
+++ b/crypto/aes/asm/aesni-sha256-x86_64.pl
@@ -1299,6 +1299,7 @@ $code.=<<___;
 	mov		240($key),$rounds
 	sub		$in0,$out
 	movups		($key),$rndkey0		# $key[0]
+	movups		($ivp),$iv		# load IV
 	movups		16($key),$rndkey[0]	# forward reference
 	lea		112($key),$key		# size optimization
 
-- 
2.34.1