aesni-x86[_64].pl: fix bug in CCM code.

2011-10-14 09:15:19 +00:00 · 2011-10-14 09:15:19 +00:00 · 9ee5916d97
commit 9ee5916d97
parent af9b610cef
2 changed files with 7 additions and 9 deletions
--- a/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/aes/asm/aesni-x86.pl
@ -612,9 +612,10 @@ if ($PREFIX eq "aesni") {

 	&shr	($rounds,1);
 	&lea	($key_,&DWP(0,$key));
+	&movdqa	($inout3,&QWP(0,"esp"));
 	&movdqa	($inout0,$ivec);
 	&mov	($rounds_,$rounds);
-	&movdqa	($inout3,&QWP(0,"esp"));
+	&pshufb	($ivec,$inout3);

 &set_label("ccm64_enc_outer");
 	&$movekey	($rndkey0,&QWP(0,$key_));
@ -638,7 +639,6 @@ if ($PREFIX eq "aesni") {
 	&aesenc		($cmac,$rndkey0);
 	&$movekey	($rndkey0,&QWP(0,$key));
 	&jnz		(&label("ccm64_enc2_loop"));
-	&pshufb		($ivec,$inout3);
 	&aesenc		($inout0,$rndkey1);
 	&aesenc		($cmac,$rndkey1);
 	&paddq		($ivec,&QWP(16,"esp"));
@ -651,7 +651,7 @@ if ($PREFIX eq "aesni") {
 	&movdqa	($inout0,$ivec);
 	&movups	(&QWP(0,$out),$in0);		# save output
 	&lea	($out,&DWP(16,$out));
-	&pshufb	($ivec,$inout3);
+	&pshufb	($inout0,$inout3);
 	&jnz	(&label("ccm64_enc_outer"));

 	&mov	("esp",&DWP(48,"esp"));
@ -702,7 +702,6 @@ if ($PREFIX eq "aesni") {
 	{   &call	("_aesni_encrypt1");	}
 	&movups	($in0,&QWP(0,$inp));		# load inp
 	&paddq	($ivec,&QWP(16,"esp"));
-	&pshufb	($ivec,$inout3);
 	&lea	($inp,&QWP(16,$inp));
 	&jmp	(&label("ccm64_dec_outer"));

@ -712,6 +711,7 @@ if ($PREFIX eq "aesni") {
 	&mov	($rounds,$rounds_);
 	&movups	(&QWP(0,$out),$in0);		# save output
 	&lea	($out,&DWP(16,$out));
+	&pshufb	($inout0,$inout3);

 	&sub	($len,1);
 	&jz	(&label("ccm64_dec_break"));
@ -739,7 +739,6 @@ if ($PREFIX eq "aesni") {
 	&paddq		($ivec,&QWP(16,"esp"));
 	&aesenc		($inout0,$rndkey1);
 	&aesenc		($cmac,$rndkey1);
-	&pshufb		($ivec,$inout3);
 	&lea		($inp,&QWP(16,$inp));
 	&aesenclast	($inout0,$rndkey0);
 	&aesenclast	($cmac,$rndkey0);
--- a/crypto/aes/asm/aesni-x86_64.pl
+++ b/crypto/aes/asm/aesni-x86_64.pl
@ -849,6 +849,7 @@ $code.=<<___;
 	movdqu	($cmac),$inout1
 	movdqa	$iv,$inout0
 	mov	$rounds,$rnds_
+	pshufb	$bswap_mask,$iv
 	jmp	.Lccm64_enc_outer
 .align	16
 .Lccm64_enc_outer:
@ -873,7 +874,6 @@ $code.=<<___;
 	aesenc	$rndkey0,$inout1
 	$movkey	0($key),$rndkey0
 	jnz	.Lccm64_enc2_loop
-	pshufb	$bswap_mask,$iv
 	aesenc	$rndkey1,$inout0
 	aesenc	$rndkey1,$inout1
 	paddq	$increment,$iv
@ -886,7 +886,7 @@ $code.=<<___;
 	movdqa	$iv,$inout0
 	movups	$in0,($out)			# save output
 	lea	16($out),$out
-	pshufb	$bswap_mask,$iv
+	pshufb	$bswap_mask,$inout0
 	jnz	.Lccm64_enc_outer

 	movups	$inout1,($cmac)
@ -934,7 +934,6 @@ ___
 $code.=<<___;
 	movups	($inp),$in0			# load inp
 	paddq	$increment,$iv
-	pshufb	$bswap_mask,$iv
 	lea	16($inp),$inp
 	jmp	.Lccm64_dec_outer
 .align	16
@ -944,6 +943,7 @@ $code.=<<___;
 	mov	$rnds_,$rounds
 	movups	$in0,($out)			# save output
 	lea	16($out),$out
+	pshufb	$bswap_mask,$inout0

 	sub	\$1,$len
 	jz	.Lccm64_dec_break
@ -971,7 +971,6 @@ $code.=<<___;
 	paddq	$increment,$iv
 	aesenc	$rndkey1,$inout0
 	aesenc	$rndkey1,$inout1
-	pshufb	$bswap_mask,$iv
 	lea	16($inp),$inp
 	aesenclast	$rndkey0,$inout0
 	aesenclast	$rndkey0,$inout1