diff options
| author | Liu-ErMeng <liuermeng2@huawei.com> | 2023-04-21 16:04:51 +0800 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-04-28 09:19:49 +0200 |
| commit | 4df13d1054e143f1cbf13fa347491807289f87b7 (patch) | |
| tree | 5aed56e426ae11fdeef1d1f9e2480ddec8163b5a /crypto | |
| parent | 1f757df1f3de0c18cc22a4992d66e9a7b113f61d (diff) | |
fix aes-xts bug on aarch64 big-endian env.
Signed-off-by: Liu-ErMeng <liuermeng2@huawei.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20797)
Diffstat (limited to 'crypto')
| -rwxr-xr-x | crypto/aes/asm/aesv8-armx.pl | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index efd3ccd1a4..a2adbe2951 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -2274,10 +2274,10 @@ $code.=<<___ if ($flavour =~ /64/); b.ne .Lxts_enc_big_size // Encrypt the iv with key2, as the first XEX iv. ldr $rounds,[$key2,#240] - vld1.8 {$dat},[$key2],#16 + vld1.32 {$dat},[$key2],#16 vld1.8 {$iv0},[$ivp] sub $rounds,$rounds,#2 - vld1.8 {$dat1},[$key2],#16 + vld1.32 {$dat1},[$key2],#16 .Loop_enc_iv_enc: aese $iv0,$dat @@ -2879,9 +2879,9 @@ $code.=<<___ if ($flavour =~ /64/); // Encrypt the composite block to get the last second encrypted text block ldr $rounds,[$key1,#240] // load key schedule... - vld1.8 {$dat},[$key1],#16 + vld1.32 {$dat},[$key1],#16 sub $rounds,$rounds,#2 - vld1.8 {$dat1},[$key1],#16 // load key schedule... + vld1.32 {$dat1},[$key1],#16 // load key schedule... .Loop_final_enc: aese $tmpin,$dat0 aesmc $tmpin,$tmpin @@ -2951,10 +2951,10 @@ $code.=<<___ if ($flavour =~ /64/); b.ne .Lxts_dec_big_size // Encrypt the iv with key2, as the first XEX iv. ldr $rounds,[$key2,#240] - vld1.8 {$dat},[$key2],#16 + vld1.32 {$dat},[$key2],#16 vld1.8 {$iv0},[$ivp] sub $rounds,$rounds,#2 - vld1.8 {$dat1},[$key2],#16 + vld1.32 {$dat1},[$key2],#16 .Loop_dec_small_iv_enc: aese $iv0,$dat @@ -3034,10 +3034,10 @@ $code.=<<___ if ($flavour =~ /64/); // Encrypt the iv with key2, as the first XEX iv ldr $rounds,[$key2,#240] - vld1.8 {$dat},[$key2],#16 + vld1.32 {$dat},[$key2],#16 vld1.8 {$iv0},[$ivp] sub $rounds,$rounds,#2 - vld1.8 {$dat1},[$key2],#16 + vld1.32 {$dat1},[$key2],#16 .Loop_dec_iv_enc: aese $iv0,$dat @@ -3377,7 +3377,7 @@ $code.=<<___ if ($flavour =~ /64/); vst1.8 {$tmp3-$tmp4},[$out],#32 b.eq .Lxts_dec_abort - vld1.32 {$dat0},[$inp],#16 + vld1.8 {$dat0},[$inp],#16 b .Lxts_done .align 4 .Lxts_outer_dec_tail: @@ -3555,7 +3555,7 @@ $code.=<<___ if ($flavour =~ /64/); // Processing the last two blocks with cipher stealing. mov x7,x3 cbnz x2,.Lxts_dec_1st_done - vld1.32 {$dat0},[$inp],#16 + vld1.8 {$dat0},[$inp],#16 // Decrypt the last second block to get the last plain text block .Lxts_dec_1st_done: @@ -3600,9 +3600,9 @@ $code.=<<___ if ($flavour =~ /64/); // Decrypt the composite block to get the last second plain text block ldr $rounds,[$key_,#240] - vld1.8 {$dat},[$key_],#16 + vld1.32 {$dat},[$key_],#16 sub $rounds,$rounds,#2 - vld1.8 {$dat1},[$key_],#16 + vld1.32 {$dat1},[$key_],#16 .Loop_final_dec: aesd $tmpin,$dat0 aesimc $tmpin,$tmpin |