From 3b0ee0d2bf076649fa1d2d42281678ec1008a86f Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Sat, 27 Dec 2008 13:32:21 +0000
Subject: [PATCH] Revisit RT#1801 and complete fix.

---
 crypto/aes/asm/aes-586.pl    | 3 ++-
 crypto/aes/asm/aes-x86_64.pl | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl
index 1df59c0d99..aab40e6f1c 100755
--- a/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
@@ -2360,6 +2360,7 @@ my $mark=&DWP(76+240,"esp");	# copy of aes_key->rounds
 
 #--------------------------- SLOW ENCRYPT ---------------------------#
 	&cmp	($s2,16);
+	&mov	($s3,$s1);
 	&jb	(&label("slow_enc_tail"));
 
 					if (!$x86only) {
@@ -2468,7 +2469,7 @@ my $mark=&DWP(76+240,"esp");	# copy of aes_key->rounds
 	&align	(4);
 	&data_word(0xAAF3F689);	# rep stosb	# zero tail
 
-	&lea	($key,&DWP(-16,$s3));		# restore ivp
+	&mov	($key,$_ivp);			# restore ivp
 	&mov	($acc,$s3);			# output as input
 	&mov	($s0,&DWP(0,$key));
 	&mov	($s1,&DWP(4,$key));
diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl
index c75e0ea2f8..a545e892ae 100755
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@@ -1990,6 +1990,8 @@ AES_cbc_encrypt:
 
 .align	4
 .Lcbc_slow_enc_tail:
+	mov	%rax,%r11
+	mov	%rcx,%r12
 	mov	%r10,%rcx
 	mov	$inp,%rsi
 	mov	$out,%rdi
@@ -2000,6 +2002,8 @@ AES_cbc_encrypt:
 	.long	0x9066AAF3		# rep stosb
 	mov	$out,$inp		# this is not a mistake!
 	mov	\$16,%r10		# len=16
+	mov	%r11,%rax
+	mov	%r12,%rcx
 	jmp	.Lcbc_slow_enc_loop	# one more spin...
 #--------------------------- SLOW DECRYPT ---------------------------#
 .align	16
-- 
2.25.1