aes/asm/aesni-sha*-x86_64.pl: fix IV handling in SHAEXT paths.
authorAndy Polyakov <appro@openssl.org>
Mon, 20 Mar 2017 10:38:25 +0000 (11:38 +0100)
committerAndy Polyakov <appro@openssl.org>
Wed, 22 Mar 2017 10:04:48 +0000 (11:04 +0100)
Initial IV was disregarded on SHAEXT-capable processors. Amazingly
enough bulk AES128-SHA* talk-to-yourself tests were passing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2992)

(cherry picked from commit 08d09628d2c9f3ef599399d8cad021a07ab98347)

crypto/aes/asm/aesni-sha1-x86_64.pl
crypto/aes/asm/aesni-sha256-x86_64.pl

index 8c84260..7a30e89 100644 (file)
@@ -1702,6 +1702,7 @@ $code.=<<___;
        mov     240($key),$rounds
        sub     $in0,$out
        movups  ($key),$rndkey0                 # $key[0]
+       movups  ($ivp),$iv                      # load IV
        movups  16($key),$rndkey[0]             # forward reference
        lea     112($key),$key                  # size optimization
 
index 72f44ec..588ade6 100644 (file)
@@ -1299,6 +1299,7 @@ $code.=<<___;
        mov             240($key),$rounds
        sub             $in0,$out
        movups          ($key),$rndkey0         # $key[0]
+       movups          ($ivp),$iv              # load IV
        movups          16($key),$rndkey[0]     # forward reference
        lea             112($key),$key          # size optimization