aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
authorAndy Polyakov <appro@openssl.org>
Mon, 20 Mar 2017 10:38:25 +0000 (11:38 +0100)
committerAndy Polyakov <appro@openssl.org>
Wed, 22 Mar 2017 10:02:56 +0000 (11:02 +0100)
Initial IV was disregarded on SHAEXT-capable processors. Amazingly
enough bulk AES128-SHA* talk-to-yourself tests were passing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2992)

crypto/aes/asm/aesni-sha1-x86_64.pl
crypto/aes/asm/aesni-sha256-x86_64.pl

index dcdf454..6644d70 100644 (file)
@@ -1779,6 +1779,7 @@ $code.=<<___;
        mov     240($key),$rounds
        sub     $in0,$out
        movups  ($key),$rndkey0                 # $key[0]
+       movups  ($ivp),$iv                      # load IV
        movups  16($key),$rndkey[0]             # forward reference
        lea     112($key),$key                  # size optimization
 
index ceec9a6..74ec844 100644 (file)
@@ -1361,6 +1361,7 @@ $code.=<<___;
        mov             240($key),$rounds
        sub             $in0,$out
        movups          ($key),$rndkey0         # $key[0]
+       movups          ($ivp),$iv              # load IV
        movups          16($key),$rndkey[0]     # forward reference
        lea             112($key),$key          # size optimization