crypto: arm64/aes-blk - update IV after partial final CTR block

Make the arm64 ctr-aes-neon and ctr-aes-ce algorithms update the IV
buffer to contain the next counter after processing a partial final
block, rather than leave it as the last counter.  This makes these
algorithms pass the updated AES-CTR tests.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/arch/arm64/crypto/aes-modes.S b/arch/arm64/crypto/aes-modes.S
index 67700045a0e0f7b0f70bb42e9bc50cf71b43c17e..4c7ce231963c9c415c1645ad6deb63bc41fb160e 100644 (file)
--- a/arch/arm64/crypto/aes-modes.S
+++ b/arch/arm64/crypto/aes-modes.S
@@ -320,8 +320,7 @@ AES_ENTRY(aes_ctr_encrypt)
 
 .Lctrtailblock:
        st1             {v0.16b}, [x0]
-       ldp             x29, x30, [sp], #16
-       ret
+       b               .Lctrout
 
 .Lctrcarry:
        umov            x7, v4.d[0]             /* load upper word of ctr  */