| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Apr 2024 19:04:20 +0800 From: Herbert Xu <herbert@...dor.apana.org.au> To: Eric Biggers <ebiggers@...nel.org> Cc: linux-crypto@...r.kernel.org, x86@...nel.org, linux-kernel@...r.kernel.org, chang.seok.bae@...el.com Subject: Re: [PATCH] crypto: x86/aes-xts - handle CTS encryption more efficiently Eric Biggers <ebiggers@...nel.org> wrote: > From: Eric Biggers <ebiggers@...gle.com> > > When encrypting a message whose length isn't a multiple of 16 bytes, > encrypt the last full block in the main loop. This works because only > decryption uses the last two tweaks in reverse order, not encryption. > > This improves the performance of decrypting messages whose length isn't > a multiple of the AES block length, shrinks the size of > aes-xts-avx-x86_64.o by 5.0%, and eliminates two instructions (a test > and a not-taken conditional jump) when encrypting a message whose length > *is* a multiple of the AES block length. > > While it's not super useful to optimize for ciphertext stealing given > that it's rarely needed in practice, the other two benefits mentioned > above make this optimization worthwhile. > > Signed-off-by: Eric Biggers <ebiggers@...gle.com> > --- > arch/x86/crypto/aes-xts-avx-x86_64.S | 53 +++++++++++++++------------- > 1 file changed, 29 insertions(+), 24 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists