Revisit RT#1801 and complete fix.

crypto/aes/asm/aes-586.pl

@@ -2360,6 +2360,7 @@ my $mark=&DWP(76+240,"esp");	# copy of aes_key->rounds
 
 #--------------------------- SLOW ENCRYPT ---------------------------#
 	&cmp	($s2,16);
+	&mov	($s3,$s1);
 	&jb	(&label("slow_enc_tail"));
 
 					if (!$x86only) {
@@ -2468,7 +2469,7 @@ my $mark=&DWP(76+240,"esp");	# copy of aes_key->rounds
 	&align	(4);
 	&data_word(0xAAF3F689);	# rep stosb	# zero tail
 
-	&lea	($key,&DWP(-16,$s3));		# restore ivp
+	&mov	($key,$_ivp);			# restore ivp
 	&mov	($acc,$s3);			# output as input
 	&mov	($s0,&DWP(0,$key));
 	&mov	($s1,&DWP(4,$key));

crypto/aes/asm/aes-x86_64.pl

@@ -1990,6 +1990,8 @@ AES_cbc_encrypt:
 
 .align	4
 .Lcbc_slow_enc_tail:
+	mov	%rax,%r11
+	mov	%rcx,%r12
 	mov	%r10,%rcx
 	mov	$inp,%rsi
 	mov	$out,%rdi
@@ -2000,6 +2002,8 @@ AES_cbc_encrypt:
 	.long	0x9066AAF3		# rep stosb
 	mov	$out,$inp		# this is not a mistake!
 	mov	\$16,%r10		# len=16
+	mov	%r11,%rax
+	mov	%r12,%rcx
 	jmp	.Lcbc_slow_enc_loop	# one more spin...
 #--------------------------- SLOW DECRYPT ---------------------------#
 .align	16