From b11aa831cfe09befe3fb3229ca46a4a59352de34 Mon Sep 17 00:00:00 2001
From: simplelins <a735862152@163.com>
Date: Fri, 3 Jan 2020 22:56:18 +0800
Subject: Fix AES-GCM bug on aarch64 BigEndian

Fixes #10638
Fixes #13188

Fixes a bug for aarch64 bigendian with instructions 'st1' and 'ld1' on AES-GCM mode.

CLA: trivial

(cherry picked from commit bc8b648f744566031ce84d77333dbbcb9689e975)

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13193)
---
 crypto/aes/asm/aesv8-armx.pl | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'crypto/aes')

diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index d6068dbf03..f42f7bd1df 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -183,7 +183,12 @@ $code.=<<___;
 .Loop192:
 	vtbl.8	$key,{$in1},$mask
 	vext.8	$tmp,$zero,$in0,#12
+#ifdef __ARMEB__
+	vst1.32	{$in1},[$out],#16
+	sub	$out,$out,#8
+#else
 	vst1.32	{$in1},[$out],#8
+#endif
 	aese	$key,$zero
 	subs	$bits,$bits,#1
 
@@ -715,8 +720,11 @@ $code.=<<___;
 	ldr		$rounds,[$key,#240]
 
 	ldr		$ctr, [$ivp, #12]
+#ifdef __ARMEB__
+	vld1.8		{$dat0},[$ivp]
+#else
 	vld1.32		{$dat0},[$ivp]
-
+#endif
 	vld1.32		{q8-q9},[$key]		// load key schedule...
 	sub		$rounds,$rounds,#4
 	mov		$step,#16
-- 
cgit v1.2.3