Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
lib/crypto: x86/blake2s: Avoid writing back unchanged 'f' value
Just before returning, blake2s_compress_ssse3() and
blake2s_compress_avx512() store updated values to the 'h', 't', and 'f'
fields of struct blake2s_ctx. But 'f' is always unchanged (which is
correct; only the C code changes it). So, there's no need to write to
'f'. Use 64-bit stores (movq and vmovq) instead of 128-bit stores
(movdqu and vmovdqu) so that only 't' is written.
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20251102234209.62133-6-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
+2
-2
+2
-2
lib/crypto/x86/blake2s-core.S
+2
-2
lib/crypto/x86/blake2s-core.S
···
193
193
194
194
movdqu %xmm0,(CTX) // Store new h[0..3]
195
195
movdqu %xmm1,16(CTX) // Store new h[4..7]
196
-
movdqu %xmm14,32(CTX) // Store new t and f
196
+
movq %xmm14,32(CTX) // Store new t (f is unchanged)
197
197
RET
198
198
SYM_FUNC_END(blake2s_compress_ssse3)
199
199
···
287
287
288
288
vmovdqu %xmm0,(CTX) // Store new h[0..3]
289
289
vmovdqu %xmm1,16(CTX) // Store new h[4..7]
290
-
vmovdqu %xmm4,32(CTX) // Store new t and f
290
+
vmovq %xmm4,32(CTX) // Store new t (f is unchanged)
291
291
vzeroupper
292
292
RET
293
293
SYM_FUNC_END(blake2s_compress_avx512)