Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  hwrng: core - Prevent too-small buffer sizes
  hwrng: virtio-rng - Convert to new API
  hwrng: core - Replace u32 in driver API with byte array
  crypto: ansi_cprng - Move FIPS functions under CONFIG_CRYPTO_FIPS
  crypto: testmgr - Add ghash algorithm test before provide to users
  crypto: ghash-clmulni-intel - Put proper .data section in place
  crypto: ghash-clmulni-intel - Use gas macro for PCLMULQDQ-NI and PSHUFB
  crypto: aesni-intel - Use gas macro for AES-NI instructions
  x86: Generate .byte code for some new instructions via gas macro
  crypto: ghash-intel - Fix irq_fpu_usable usage
  crypto: ghash-intel - Add PSHUFB macros
  crypto: ghash-intel - Hard-code pshufb
  crypto: ghash-intel - Fix building failure on x86_32
  crypto: testmgr - Fix warning
  crypto: ansi_cprng - Fix test in get_prng_bytes
  crypto: hash - Remove cra_u.{digest,hash}
  crypto: api - Remove digest case from procfs show handler
  crypto: hash - Remove legacy hash/digest code
  crypto: ansi_cprng - Add FIPS wrapper
  crypto: ghash - Add PCLMULQDQ accelerated implementation

7 files changed, 824 insertions, 344 deletions

diff --git a/arch/x86/crypto/Makefile b/arch/x86/crypto/Makefile
index cfb0010fa940..1a58ad89fdf7 100644
--- a/arch/x86/crypto/Makefile
+++ b/arch/x86/crypto/Makefile
@@ -12,6 +12,7 @@ obj-$(CONFIG_CRYPTO_AES_X86_64) += aes-x86_64.o
 obj-$(CONFIG_CRYPTO_TWOFISH_X86_64) += twofish-x86_64.o
 obj-$(CONFIG_CRYPTO_SALSA20_X86_64) += salsa20-x86_64.o
 obj-$(CONFIG_CRYPTO_AES_NI_INTEL) += aesni-intel.o
+obj-$(CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL) += ghash-clmulni-intel.o
 
 obj-$(CONFIG_CRYPTO_CRC32C_INTEL) += crc32c-intel.o
 
@@ -24,3 +25,5 @@ twofish-x86_64-y := twofish-x86_64-asm_64.o twofish_glue.o
 salsa20-x86_64-y := salsa20-x86_64-asm_64.o salsa20_glue.o
 
 aesni-intel-y := aesni-intel_asm.o aesni-intel_glue.o
+
+ghash-clmulni-intel-y := ghash-clmulni-intel_asm.o ghash-clmulni-intel_glue.o
diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
index eb0566e83319..20bb0e1ac681 100644
--- a/arch/x86/crypto/aesni-intel_asm.S
+++ b/arch/x86/crypto/aesni-intel_asm.S
@@ -16,6 +16,7 @@
  */
 
 #include <linux/linkage.h>
+#include <asm/inst.h>
 
 .text
 
@@ -122,103 +123,72 @@ ENTRY(aesni_set_key)
         movups 0x10(%rsi), %xmm2        # other user key
         movaps %xmm2, (%rcx)
         add $0x10, %rcx
-        # aeskeygenassist $0x1, %xmm2, %xmm1    # round 1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x01
+        AESKEYGENASSIST 0x1 %xmm2 %xmm1         # round 1
         call _key_expansion_256a
-        # aeskeygenassist $0x1, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x01
+        AESKEYGENASSIST 0x1 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x2, %xmm2, %xmm1    # round 2
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x02
+        AESKEYGENASSIST 0x2 %xmm2 %xmm1         # round 2
         call _key_expansion_256a
-        # aeskeygenassist $0x2, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x02
+        AESKEYGENASSIST 0x2 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x4, %xmm2, %xmm1    # round 3
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x04
+        AESKEYGENASSIST 0x4 %xmm2 %xmm1         # round 3
         call _key_expansion_256a
-        # aeskeygenassist $0x4, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x04
+        AESKEYGENASSIST 0x4 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x8, %xmm2, %xmm1    # round 4
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x08
+        AESKEYGENASSIST 0x8 %xmm2 %xmm1         # round 4
         call _key_expansion_256a
-        # aeskeygenassist $0x8, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x08
+        AESKEYGENASSIST 0x8 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x10, %xmm2, %xmm1   # round 5
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x10
+        AESKEYGENASSIST 0x10 %xmm2 %xmm1        # round 5
         call _key_expansion_256a
-        # aeskeygenassist $0x10, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x10
+        AESKEYGENASSIST 0x10 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x20, %xmm2, %xmm1   # round 6
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x20
+        AESKEYGENASSIST 0x20 %xmm2 %xmm1        # round 6
         call _key_expansion_256a
-        # aeskeygenassist $0x20, %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x20
+        AESKEYGENASSIST 0x20 %xmm0 %xmm1
         call _key_expansion_256b
-        # aeskeygenassist $0x40, %xmm2, %xmm1   # round 7
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x40
+        AESKEYGENASSIST 0x40 %xmm2 %xmm1        # round 7
         call _key_expansion_256a
         jmp .Ldec_key
 .Lenc_key192:
         movq 0x10(%rsi), %xmm2          # other user key
-        # aeskeygenassist $0x1, %xmm2, %xmm1    # round 1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x01
+        AESKEYGENASSIST 0x1 %xmm2 %xmm1         # round 1
         call _key_expansion_192a
-        # aeskeygenassist $0x2, %xmm2, %xmm1    # round 2
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x02
+        AESKEYGENASSIST 0x2 %xmm2 %xmm1         # round 2
         call _key_expansion_192b
-        # aeskeygenassist $0x4, %xmm2, %xmm1    # round 3
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x04
+        AESKEYGENASSIST 0x4 %xmm2 %xmm1         # round 3
         call _key_expansion_192a
-        # aeskeygenassist $0x8, %xmm2, %xmm1    # round 4
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x08
+        AESKEYGENASSIST 0x8 %xmm2 %xmm1         # round 4
         call _key_expansion_192b
-        # aeskeygenassist $0x10, %xmm2, %xmm1   # round 5
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x10
+        AESKEYGENASSIST 0x10 %xmm2 %xmm1        # round 5
         call _key_expansion_192a
-        # aeskeygenassist $0x20, %xmm2, %xmm1   # round 6
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x20
+        AESKEYGENASSIST 0x20 %xmm2 %xmm1        # round 6
         call _key_expansion_192b
-        # aeskeygenassist $0x40, %xmm2, %xmm1   # round 7
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x40
+        AESKEYGENASSIST 0x40 %xmm2 %xmm1        # round 7
         call _key_expansion_192a
-        # aeskeygenassist $0x80, %xmm2, %xmm1   # round 8
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xca, 0x80
+        AESKEYGENASSIST 0x80 %xmm2 %xmm1        # round 8
         call _key_expansion_192b
         jmp .Ldec_key
 .Lenc_key128:
-        # aeskeygenassist $0x1, %xmm0, %xmm1    # round 1
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x01
+        AESKEYGENASSIST 0x1 %xmm0 %xmm1         # round 1
         call _key_expansion_128
-        # aeskeygenassist $0x2, %xmm0, %xmm1    # round 2
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x02
+        AESKEYGENASSIST 0x2 %xmm0 %xmm1         # round 2
         call _key_expansion_128
-        # aeskeygenassist $0x4, %xmm0, %xmm1    # round 3
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x04
+        AESKEYGENASSIST 0x4 %xmm0 %xmm1         # round 3
         call _key_expansion_128
-        # aeskeygenassist $0x8, %xmm0, %xmm1    # round 4
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x08
+        AESKEYGENASSIST 0x8 %xmm0 %xmm1         # round 4
         call _key_expansion_128
-        # aeskeygenassist $0x10, %xmm0, %xmm1   # round 5
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x10
+        AESKEYGENASSIST 0x10 %xmm0 %xmm1        # round 5
         call _key_expansion_128
-        # aeskeygenassist $0x20, %xmm0, %xmm1   # round 6
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x20
+        AESKEYGENASSIST 0x20 %xmm0 %xmm1        # round 6
         call _key_expansion_128
-        # aeskeygenassist $0x40, %xmm0, %xmm1   # round 7
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x40
+        AESKEYGENASSIST 0x40 %xmm0 %xmm1        # round 7
         call _key_expansion_128
-        # aeskeygenassist $0x80, %xmm0, %xmm1   # round 8
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x80
+        AESKEYGENASSIST 0x80 %xmm0 %xmm1        # round 8
         call _key_expansion_128
-        # aeskeygenassist $0x1b, %xmm0, %xmm1   # round 9
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x1b
+        AESKEYGENASSIST 0x1b %xmm0 %xmm1        # round 9
         call _key_expansion_128
-        # aeskeygenassist $0x36, %xmm0, %xmm1   # round 10
-        .byte 0x66, 0x0f, 0x3a, 0xdf, 0xc8, 0x36
+        AESKEYGENASSIST 0x36 %xmm0 %xmm1        # round 10
         call _key_expansion_128
 .Ldec_key:
         sub $0x10, %rcx
@@ -231,8 +201,7 @@ ENTRY(aesni_set_key)
 .align 4
 .Ldec_key_loop:
         movaps (%rdi), %xmm0
-        # aesimc %xmm0, %xmm1
-        .byte 0x66, 0x0f, 0x38, 0xdb, 0xc8
+        AESIMC %xmm0 %xmm1
         movaps %xmm1, (%rsi)
         add $0x10, %rdi
         sub $0x10, %rsi
@@ -274,51 +243,37 @@ _aesni_enc1:
         je .Lenc192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps -0x50(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
 .align 4
 .Lenc192:
         movaps -0x40(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps -0x30(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
 .align 4
 .Lenc128:
         movaps -0x20(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps -0x10(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps (TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x10(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x20(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x30(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x40(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x50(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x60(TKEYP), KEY
-        # aesenc KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
+        AESENC KEY STATE
         movaps 0x70(TKEYP), KEY
-        # aesenclast KEY, STATE # last round
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xc2
+        AESENCLAST KEY STATE
         ret
 
 /*
@@ -353,135 +308,79 @@ _aesni_enc4:
         je .L4enc192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps -0x50(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
 #.align 4
 .L4enc192:
         movaps -0x40(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps -0x30(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
 #.align 4
 .L4enc128:
         movaps -0x20(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps -0x10(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps (TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x10(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x20(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x30(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x40(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x50(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x60(TKEYP), KEY
-        # aesenc KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xc2
-        # aesenc KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xe2
-        # aesenc KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xea
-        # aesenc KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdc, 0xf2
+        AESENC KEY STATE1
+        AESENC KEY STATE2
+        AESENC KEY STATE3
+        AESENC KEY STATE4
         movaps 0x70(TKEYP), KEY
-        # aesenclast KEY, STATE1        # last round
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xc2
-        # aesenclast KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xe2
-        # aesenclast KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xea
-        # aesenclast KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdd, 0xf2
+        AESENCLAST KEY STATE1           # last round
+        AESENCLAST KEY STATE2
+        AESENCLAST KEY STATE3
+        AESENCLAST KEY STATE4
         ret
 
 /*
@@ -518,51 +417,37 @@ _aesni_dec1:
         je .Ldec192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps -0x50(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
 .align 4
 .Ldec192:
         movaps -0x40(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps -0x30(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
 .align 4
 .Ldec128:
         movaps -0x20(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps -0x10(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps (TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x10(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x20(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x30(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x40(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x50(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x60(TKEYP), KEY
-        # aesdec KEY, STATE
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
+        AESDEC KEY STATE
         movaps 0x70(TKEYP), KEY
-        # aesdeclast KEY, STATE         # last round
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xc2
+        AESDECLAST KEY STATE
         ret
 
 /*
@@ -597,135 +482,79 @@ _aesni_dec4:
         je .L4dec192
         add $0x20, TKEYP
         movaps -0x60(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps -0x50(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
 .align 4
 .L4dec192:
         movaps -0x40(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps -0x30(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
 .align 4
 .L4dec128:
         movaps -0x20(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps -0x10(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps (TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x10(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x20(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x30(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x40(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x50(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x60(TKEYP), KEY
-        # aesdec KEY, STATE1
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xc2
-        # aesdec KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xe2
-        # aesdec KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xea
-        # aesdec KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xde, 0xf2
+        AESDEC KEY STATE1
+        AESDEC KEY STATE2
+        AESDEC KEY STATE3
+        AESDEC KEY STATE4
         movaps 0x70(TKEYP), KEY
-        # aesdeclast KEY, STATE1        # last round
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xc2
-        # aesdeclast KEY, STATE2
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xe2
-        # aesdeclast KEY, STATE3
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xea
-        # aesdeclast KEY, STATE4
-        .byte 0x66, 0x0f, 0x38, 0xdf, 0xf2
+        AESDECLAST KEY STATE1           # last round
+        AESDECLAST KEY STATE2
+        AESDECLAST KEY STATE3
+        AESDECLAST KEY STATE4
         ret
 
 /*
diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S
new file mode 100644
index 000000000000..1eb7f90cb7b9
--- /dev/null
+++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S
@@ -0,0 +1,157 @@
+/*
+ * Accelerated GHASH implementation with Intel PCLMULQDQ-NI
+ * instructions. This file contains accelerated part of ghash
+ * implementation. More information about PCLMULQDQ can be found at:
+ *
+ * http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode/
+ *
+ * Copyright (c) 2009 Intel Corp.
+ *   Author: Huang Ying <ying.huang@intel.com>
+ *           Vinodh Gopal
+ *           Erdinc Ozturk
+ *           Deniz Karakoyunlu
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published
+ * by the Free Software Foundation.
+ */
+
+#include <linux/linkage.h>
+#include <asm/inst.h>
+
+.data
+
+.align 16
+.Lbswap_mask:
+        .octa 0x000102030405060708090a0b0c0d0e0f
+.Lpoly:
+        .octa 0xc2000000000000000000000000000001
+.Ltwo_one:
+        .octa 0x00000001000000000000000000000001
+
+#define DATA    %xmm0
+#define SHASH   %xmm1
+#define T1      %xmm2
+#define T2      %xmm3
+#define T3      %xmm4
+#define BSWAP   %xmm5
+#define IN1     %xmm6
+
+.text
+
+/*
+ * __clmul_gf128mul_ble:        internal ABI
+ * input:
+ *      DATA:                   operand1
+ *      SHASH:                  operand2, hash_key << 1 mod poly
+ * output:
+ *      DATA:                   operand1 * operand2 mod poly
+ * changed:
+ *      T1
+ *      T2
+ *      T3
+ */
+__clmul_gf128mul_ble:
+        movaps DATA, T1
+        pshufd $0b01001110, DATA, T2
+        pshufd $0b01001110, SHASH, T3
+        pxor DATA, T2
+        pxor SHASH, T3
+
+        PCLMULQDQ 0x00 SHASH DATA       # DATA = a0 * b0
+        PCLMULQDQ 0x11 SHASH T1         # T1 = a1 * b1
+        PCLMULQDQ 0x00 T3 T2            # T2 = (a1 + a0) * (b1 + b0)
+        pxor DATA, T2
+        pxor T1, T2                     # T2 = a0 * b1 + a1 * b0
+
+        movaps T2, T3
+        pslldq $8, T3
+        psrldq $8, T2
+        pxor T3, DATA
+        pxor T2, T1                     # <T1:DATA> is result of
+                                        # carry-less multiplication
+
+        # first phase of the reduction
+        movaps DATA, T3
+        psllq $1, T3
+        pxor DATA, T3
+        psllq $5, T3
+        pxor DATA, T3
+        psllq $57, T3
+        movaps T3, T2
+        pslldq $8, T2
+        psrldq $8, T3
+        pxor T2, DATA
+        pxor T3, T1
+
+        # second phase of the reduction
+        movaps DATA, T2
+        psrlq $5, T2
+        pxor DATA, T2
+        psrlq $1, T2
+        pxor DATA, T2
+        psrlq $1, T2
+        pxor T2, T1
+        pxor T1, DATA
+        ret
+
+/* void clmul_ghash_mul(char *dst, const be128 *shash) */
+ENTRY(clmul_ghash_mul)
+        movups (%rdi), DATA
+        movups (%rsi), SHASH
+        movaps .Lbswap_mask, BSWAP
+        PSHUFB_XMM BSWAP DATA
+        call __clmul_gf128mul_ble
+        PSHUFB_XMM BSWAP DATA
+        movups DATA, (%rdi)
+        ret
+
+/*
+ * void clmul_ghash_update(char *dst, const char *src, unsigned int srclen,
+ *                         const be128 *shash);
+ */
+ENTRY(clmul_ghash_update)
+        cmp $16, %rdx
+        jb .Lupdate_just_ret    # check length
+        movaps .Lbswap_mask, BSWAP
+        movups (%rdi), DATA
+        movups (%rcx), SHASH
+        PSHUFB_XMM BSWAP DATA
+.align 4
+.Lupdate_loop:
+        movups (%rsi), IN1
+        PSHUFB_XMM BSWAP IN1
+        pxor IN1, DATA
+        call __clmul_gf128mul_ble
+        sub $16, %rdx
+        add $16, %rsi
+        cmp $16, %rdx
+        jge .Lupdate_loop
+        PSHUFB_XMM BSWAP DATA
+        movups DATA, (%rdi)
+.Lupdate_just_ret:
+        ret
+
+/*
+ * void clmul_ghash_setkey(be128 *shash, const u8 *key);
+ *
+ * Calculate hash_key << 1 mod poly
+ */
+ENTRY(clmul_ghash_setkey)
+        movaps .Lbswap_mask, BSWAP
+        movups (%rsi), %xmm0
+        PSHUFB_XMM BSWAP %xmm0
+        movaps %xmm0, %xmm1
+        psllq $1, %xmm0
+        psrlq $63, %xmm1
+        movaps %xmm1, %xmm2
+        pslldq $8, %xmm1
+        psrldq $8, %xmm2
+        por %xmm1, %xmm0
+        # reduction
+        pshufd $0b00100100, %xmm2, %xmm1
+        pcmpeqd .Ltwo_one, %xmm1
+        pand .Lpoly, %xmm1
+        pxor %xmm1, %xmm0
+        movups %xmm0, (%rdi)
+        ret
diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c
new file mode 100644
index 000000000000..cbcc8d8ea93a
--- /dev/null
+++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c
@@ -0,0 +1,333 @@
+/*
+ * Accelerated GHASH implementation with Intel PCLMULQDQ-NI
+ * instructions. This file contains glue code.
+ *
+ * Copyright (c) 2009 Intel Corp.
+ *   Author: Huang Ying <ying.huang@intel.com>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 as published
+ * by the Free Software Foundation.
+ */
+
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/crypto.h>
+#include <crypto/algapi.h>
+#include <crypto/cryptd.h>
+#include <crypto/gf128mul.h>
+#include <crypto/internal/hash.h>
+#include <asm/i387.h>
+
+#define GHASH_BLOCK_SIZE        16
+#define GHASH_DIGEST_SIZE       16
+
+void clmul_ghash_mul(char *dst, const be128 *shash);
+
+void clmul_ghash_update(char *dst, const char *src, unsigned int srclen,
+                        const be128 *shash);
+
+void clmul_ghash_setkey(be128 *shash, const u8 *key);
+
+struct ghash_async_ctx {
+        struct cryptd_ahash *cryptd_tfm;
+};
+
+struct ghash_ctx {
+        be128 shash;
+};
+
+struct ghash_desc_ctx {
+        u8 buffer[GHASH_BLOCK_SIZE];
+        u32 bytes;
+};
+
+static int ghash_init(struct shash_desc *desc)
+{
+        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
+
+        memset(dctx, 0, sizeof(*dctx));
+
+        return 0;
+}
+
+static int ghash_setkey(struct crypto_shash *tfm,
+                        const u8 *key, unsigned int keylen)
+{
+        struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
+
+        if (keylen != GHASH_BLOCK_SIZE) {
+                crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+                return -EINVAL;
+        }
+
+        clmul_ghash_setkey(&ctx->shash, key);
+
+        return 0;
+}
+
+static int ghash_update(struct shash_desc *desc,
+                         const u8 *src, unsigned int srclen)
+{
+        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
+        struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
+        u8 *dst = dctx->buffer;
+
+        kernel_fpu_begin();
+        if (dctx->bytes) {
+                int n = min(srclen, dctx->bytes);
+                u8 *pos = dst + (GHASH_BLOCK_SIZE - dctx->bytes);
+
+                dctx->bytes -= n;
+                srclen -= n;
+
+                while (n--)
+                        *pos++ ^= *src++;
+
+                if (!dctx->bytes)
+                        clmul_ghash_mul(dst, &ctx->shash);
+        }
+
+        clmul_ghash_update(dst, src, srclen, &ctx->shash);
+        kernel_fpu_end();
+
+        if (srclen & 0xf) {
+                src += srclen - (srclen & 0xf);
+                srclen &= 0xf;
+                dctx->bytes = GHASH_BLOCK_SIZE - srclen;
+                while (srclen--)
+                        *dst++ ^= *src++;
+        }
+
+        return 0;
+}
+
+static void ghash_flush(struct ghash_ctx *ctx, struct ghash_desc_ctx *dctx)
+{
+        u8 *dst = dctx->buffer;
+
+        if (dctx->bytes) {
+                u8 *tmp = dst + (GHASH_BLOCK_SIZE - dctx->bytes);
+
+                while (dctx->bytes--)
+                        *tmp++ ^= 0;
+
+                kernel_fpu_begin();
+                clmul_ghash_mul(dst, &ctx->shash);
+                kernel_fpu_end();
+        }
+
+        dctx->bytes = 0;
+}
+
+static int ghash_final(struct shash_desc *desc, u8 *dst)
+{
+        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
+        struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
+        u8 *buf = dctx->buffer;
+
+        ghash_flush(ctx, dctx);
+        memcpy(dst, buf, GHASH_BLOCK_SIZE);
+
+        return 0;
+}
+
+static struct shash_alg ghash_alg = {
+        .digestsize     = GHASH_DIGEST_SIZE,
+        .init           = ghash_init,
+        .update         = ghash_update,
+        .final          = ghash_final,
+        .setkey         = ghash_setkey,
+        .descsize       = sizeof(struct ghash_desc_ctx),
+        .base           = {
+                .cra_name               = "__ghash",
+                .cra_driver_name        = "__ghash-pclmulqdqni",
+                .cra_priority           = 0,
+                .cra_flags              = CRYPTO_ALG_TYPE_SHASH,
+                .cra_blocksize          = GHASH_BLOCK_SIZE,
+                .cra_ctxsize            = sizeof(struct ghash_ctx),
+                .cra_module             = THIS_MODULE,
+                .cra_list               = LIST_HEAD_INIT(ghash_alg.base.cra_list),
+        },
+};
+
+static int ghash_async_init(struct ahash_request *req)
+{
+        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+        struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+        struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+        if (!irq_fpu_usable()) {
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_init(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                struct crypto_shash *child = cryptd_ahash_child(cryptd_tfm);
+
+                desc->tfm = child;
+                desc->flags = req->base.flags;
+                return crypto_shash_init(desc);
+        }
+}
+
+static int ghash_async_update(struct ahash_request *req)
+{
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+
+        if (!irq_fpu_usable()) {
+                struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+                struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+                struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_update(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                return shash_ahash_update(req, desc);
+        }
+}
+
+static int ghash_async_final(struct ahash_request *req)
+{
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+
+        if (!irq_fpu_usable()) {
+                struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+                struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+                struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_final(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                return crypto_shash_final(desc, req->result);
+        }
+}
+
+static int ghash_async_digest(struct ahash_request *req)
+{
+        struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+        struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+        struct ahash_request *cryptd_req = ahash_request_ctx(req);
+        struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
+
+        if (!irq_fpu_usable()) {
+                memcpy(cryptd_req, req, sizeof(*req));
+                ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
+                return crypto_ahash_digest(cryptd_req);
+        } else {
+                struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
+                struct crypto_shash *child = cryptd_ahash_child(cryptd_tfm);
+
+                desc->tfm = child;
+                desc->flags = req->base.flags;
+                return shash_ahash_digest(req, desc);
+        }
+}
+
+static int ghash_async_setkey(struct crypto_ahash *tfm, const u8 *key,
+                              unsigned int keylen)
+{
+        struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
+        struct crypto_ahash *child = &ctx->cryptd_tfm->base;
+        int err;
+
+        crypto_ahash_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+        crypto_ahash_set_flags(child, crypto_ahash_get_flags(tfm)
+                               & CRYPTO_TFM_REQ_MASK);
+        err = crypto_ahash_setkey(child, key, keylen);
+        crypto_ahash_set_flags(tfm, crypto_ahash_get_flags(child)
+                               & CRYPTO_TFM_RES_MASK);
+
+        return 0;
+}
+
+static int ghash_async_init_tfm(struct crypto_tfm *tfm)
+{
+        struct cryptd_ahash *cryptd_tfm;
+        struct ghash_async_ctx *ctx = crypto_tfm_ctx(tfm);
+
+        cryptd_tfm = cryptd_alloc_ahash("__ghash-pclmulqdqni", 0, 0);
+        if (IS_ERR(cryptd_tfm))
+                return PTR_ERR(cryptd_tfm);
+        ctx->cryptd_tfm = cryptd_tfm;
+        crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
+                                 sizeof(struct ahash_request) +
+                                 crypto_ahash_reqsize(&cryptd_tfm->base));
+
+        return 0;
+}
+
+static void ghash_async_exit_tfm(struct crypto_tfm *tfm)
+{
+        struct ghash_async_ctx *ctx = crypto_tfm_ctx(tfm);
+
+        cryptd_free_ahash(ctx->cryptd_tfm);
+}
+
+static struct ahash_alg ghash_async_alg = {
+        .init           = ghash_async_init,
+        .update         = ghash_async_update,
+        .final          = ghash_async_final,
+        .setkey         = ghash_async_setkey,
+        .digest         = ghash_async_digest,
+        .halg = {
+                .digestsize     = GHASH_DIGEST_SIZE,
+                .base = {
+                        .cra_name               = "ghash",
+                        .cra_driver_name        = "ghash-clmulni",
+                        .cra_priority           = 400,
+                        .cra_flags              = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
+                        .cra_blocksize          = GHASH_BLOCK_SIZE,
+                        .cra_type               = &crypto_ahash_type,
+                        .cra_module             = THIS_MODULE,
+                        .cra_list               = LIST_HEAD_INIT(ghash_async_alg.halg.base.cra_list),
+                        .cra_init               = ghash_async_init_tfm,
+                        .cra_exit               = ghash_async_exit_tfm,
+                },
+        },
+};
+
+static int __init ghash_pclmulqdqni_mod_init(void)
+{
+        int err;
+
+        if (!cpu_has_pclmulqdq) {
+                printk(KERN_INFO "Intel PCLMULQDQ-NI instructions are not"
+                       " detected.\n");
+                return -ENODEV;
+        }
+
+        err = crypto_register_shash(&ghash_alg);
+        if (err)
+                goto err_out;
+        err = crypto_register_ahash(&ghash_async_alg);
+        if (err)
+                goto err_shash;
+
+        return 0;
+
+err_shash:
+        crypto_unregister_shash(&ghash_alg);
+err_out:
+        return err;
+}
+
+static void __exit ghash_pclmulqdqni_mod_exit(void)
+{
+        crypto_unregister_ahash(&ghash_async_alg);
+        crypto_unregister_shash(&ghash_alg);
+}
+
+module_init(ghash_pclmulqdqni_mod_init);
+module_exit(ghash_pclmulqdqni_mod_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("GHASH Message Digest Algorithm, "
+                   "acclerated by PCLMULQDQ-NI");
+MODULE_ALIAS("ghash");
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
index 9cfc88b97742..613700f27a4a 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -248,6 +248,7 @@ extern const char * const x86_power_flags[32];
 #define cpu_has_x2apic          boot_cpu_has(X86_FEATURE_X2APIC)
 #define cpu_has_xsave           boot_cpu_has(X86_FEATURE_XSAVE)
 #define cpu_has_hypervisor      boot_cpu_has(X86_FEATURE_HYPERVISOR)
+#define cpu_has_pclmulqdq       boot_cpu_has(X86_FEATURE_PCLMULQDQ)
 
 #if defined(CONFIG_X86_INVLPG) || defined(CONFIG_X86_64)
 # define cpu_has_invlpg         1
diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h
index 0b20bbb758f2..ebfb8a9e11f7 100644
--- a/arch/x86/include/asm/i387.h
+++ b/arch/x86/include/asm/i387.h
@@ -10,6 +10,8 @@
 #ifndef _ASM_X86_I387_H
 #define _ASM_X86_I387_H
 
+#ifndef __ASSEMBLY__
+
 #include <linux/sched.h>
 #include <linux/kernel_stat.h>
 #include <linux/regset.h>
@@ -411,4 +413,9 @@ static inline unsigned short get_fpu_mxcsr(struct task_struct *tsk)
         }
 }
 
+#endif /* __ASSEMBLY__ */
+
+#define PSHUFB_XMM5_XMM0 .byte 0x66, 0x0f, 0x38, 0x00, 0xc5
+#define PSHUFB_XMM5_XMM6 .byte 0x66, 0x0f, 0x38, 0x00, 0xf5
+
 #endif /* _ASM_X86_I387_H */
diff --git a/arch/x86/include/asm/inst.h b/arch/x86/include/asm/inst.h
new file mode 100644
index 000000000000..14cf526091f9
--- /dev/null
+++ b/arch/x86/include/asm/inst.h
@@ -0,0 +1,150 @@
+/*
+ * Generate .byte code for some instructions not supported by old
+ * binutils.
+ */
+#ifndef X86_ASM_INST_H
+#define X86_ASM_INST_H
+
+#ifdef __ASSEMBLY__
+
+        .macro XMM_NUM opd xmm
+        .ifc \xmm,%xmm0
+        \opd = 0
+        .endif
+        .ifc \xmm,%xmm1
+        \opd = 1
+        .endif
+        .ifc \xmm,%xmm2
+        \opd = 2
+        .endif
+        .ifc \xmm,%xmm3
+        \opd = 3
+        .endif
+        .ifc \xmm,%xmm4
+        \opd = 4
+        .endif
+        .ifc \xmm,%xmm5
+        \opd = 5
+        .endif
+        .ifc \xmm,%xmm6
+        \opd = 6
+        .endif
+        .ifc \xmm,%xmm7
+        \opd = 7
+        .endif
+        .ifc \xmm,%xmm8
+        \opd = 8
+        .endif
+        .ifc \xmm,%xmm9
+        \opd = 9
+        .endif
+        .ifc \xmm,%xmm10
+        \opd = 10
+        .endif
+        .ifc \xmm,%xmm11
+        \opd = 11
+        .endif
+        .ifc \xmm,%xmm12
+        \opd = 12
+        .endif
+        .ifc \xmm,%xmm13
+        \opd = 13
+        .endif
+        .ifc \xmm,%xmm14
+        \opd = 14
+        .endif
+        .ifc \xmm,%xmm15
+        \opd = 15
+        .endif
+        .endm
+
+        .macro PFX_OPD_SIZE
+        .byte 0x66
+        .endm
+
+        .macro PFX_REX opd1 opd2
+        .if (\opd1 | \opd2) & 8
+        .byte 0x40 | ((\opd1 & 8) >> 3) | ((\opd2 & 8) >> 1)
+        .endif
+        .endm
+
+        .macro MODRM mod opd1 opd2
+        .byte \mod | (\opd1 & 7) | ((\opd2 & 7) << 3)
+        .endm
+
+        .macro PSHUFB_XMM xmm1 xmm2
+        XMM_NUM pshufb_opd1 \xmm1
+        XMM_NUM pshufb_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX pshufb_opd1 pshufb_opd2
+        .byte 0x0f, 0x38, 0x00
+        MODRM 0xc0 pshufb_opd1 pshufb_opd2
+        .endm
+
+        .macro PCLMULQDQ imm8 xmm1 xmm2
+        XMM_NUM clmul_opd1 \xmm1
+        XMM_NUM clmul_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX clmul_opd1 clmul_opd2
+        .byte 0x0f, 0x3a, 0x44
+        MODRM 0xc0 clmul_opd1 clmul_opd2
+        .byte \imm8
+        .endm
+
+        .macro AESKEYGENASSIST rcon xmm1 xmm2
+        XMM_NUM aeskeygen_opd1 \xmm1
+        XMM_NUM aeskeygen_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aeskeygen_opd1 aeskeygen_opd2
+        .byte 0x0f, 0x3a, 0xdf
+        MODRM 0xc0 aeskeygen_opd1 aeskeygen_opd2
+        .byte \rcon
+        .endm
+
+        .macro AESIMC xmm1 xmm2
+        XMM_NUM aesimc_opd1 \xmm1
+        XMM_NUM aesimc_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesimc_opd1 aesimc_opd2
+        .byte 0x0f, 0x38, 0xdb
+        MODRM 0xc0 aesimc_opd1 aesimc_opd2
+        .endm
+
+        .macro AESENC xmm1 xmm2
+        XMM_NUM aesenc_opd1 \xmm1
+        XMM_NUM aesenc_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesenc_opd1 aesenc_opd2
+        .byte 0x0f, 0x38, 0xdc
+        MODRM 0xc0 aesenc_opd1 aesenc_opd2
+        .endm
+
+        .macro AESENCLAST xmm1 xmm2
+        XMM_NUM aesenclast_opd1 \xmm1
+        XMM_NUM aesenclast_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesenclast_opd1 aesenclast_opd2
+        .byte 0x0f, 0x38, 0xdd
+        MODRM 0xc0 aesenclast_opd1 aesenclast_opd2
+        .endm
+
+        .macro AESDEC xmm1 xmm2
+        XMM_NUM aesdec_opd1 \xmm1
+        XMM_NUM aesdec_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesdec_opd1 aesdec_opd2
+        .byte 0x0f, 0x38, 0xde
+        MODRM 0xc0 aesdec_opd1 aesdec_opd2
+        .endm
+
+        .macro AESDECLAST xmm1 xmm2
+        XMM_NUM aesdeclast_opd1 \xmm1
+        XMM_NUM aesdeclast_opd2 \xmm2
+        PFX_OPD_SIZE
+        PFX_REX aesdeclast_opd1 aesdeclast_opd2
+        .byte 0x0f, 0x38, 0xdf
+        MODRM 0xc0 aesdeclast_opd1 aesdeclast_opd2
+        .endm
+#endif
+
+#endif