1 files changed, 11 insertions, 3 deletions

diff --git a/arch/x86/crypto/ghash-clmulni-intel_glue.c b/arch/x86/crypto/ghash-clmulni-intel_glue.c
index 6759dd1135be..d785cf2c529c 100644
--- a/arch/x86/crypto/ghash-clmulni-intel_glue.c
+++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c
@@ -30,8 +30,6 @@ void clmul_ghash_mul(char *dst, const be128 *shash);
 void clmul_ghash_update(char *dst, const char *src, unsigned int srclen,
                         const be128 *shash);
 
-void clmul_ghash_setkey(be128 *shash, const u8 *key);
-
 struct ghash_async_ctx {
         struct cryptd_ahash *cryptd_tfm;
 };
@@ -58,13 +56,23 @@ static int ghash_setkey(struct crypto_shash *tfm,
                         const u8 *key, unsigned int keylen)
 {
         struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
+        be128 *x = (be128 *)key;
+        u64 a, b;
 
         if (keylen != GHASH_BLOCK_SIZE) {
                 crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
                 return -EINVAL;
         }
 
-        clmul_ghash_setkey(&ctx->shash, key);
+        /* perform multiplication by 'x' in GF(2^128) */
+        a = be64_to_cpu(x->a);
+        b = be64_to_cpu(x->b);
+
+        ctx->shash.a = (__be64)((b << 1) | (a >> 63));
+        ctx->shash.b = (__be64)((a << 1) | (b >> 63));
+
+        if (a >> 63)
+                ctx->shash.b ^= cpu_to_be64(0xc2);
 
         return 0;
 }