From: David Laight <David.Laight@ACULAB.COM>
To: "'Jason A. Donenfeld'" <Jason@zx2c4.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>
Cc: gaochao <gaochao49@huawei.com>,
Eric Biggers <ebiggers@kernel.org>,
"Ard Biesheuvel" <ardb@kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: RE: [PATCH crypto v2] crypto: blake2s - remove shash module
Date: Fri, 27 May 2022 12:36:07 +0000 [thread overview]
Message-ID: <ffa404b7427043fda4b9f4a20ea0f068@AcuMS.aculab.com> (raw)
In-Reply-To: <20220527081106.63227-1-Jason@zx2c4.com>
From: Jason A. Donenfeld
> Sent: 27 May 2022 09:11
>
> BLAKE2s has no use as an shash, with no users of it. Just remove all of
> this unnecessary plumbing. Removing this shash was something we talked
> about back when we were making BLAKE2s a built-in, but I simply never
> got around to doing it. So this completes that project.
...
> diff --git a/lib/crypto/blake2s.c b/lib/crypto/blake2s.c
> index c71c09621c09..716da32cf4dc 100644
> --- a/lib/crypto/blake2s.c
> +++ b/lib/crypto/blake2s.c
> @@ -16,16 +16,43 @@
> #include <linux/init.h>
> #include <linux/bug.h>
>
> +static inline void blake2s_set_lastblock(struct blake2s_state *state)
> +{
> + state->f[0] = -1;
> +}
> +
> void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen)
> {
> - __blake2s_update(state, in, inlen, false);
> + const size_t fill = BLAKE2S_BLOCK_SIZE - state->buflen;
> +
> + if (unlikely(!inlen))
> + return;
Does this happen often enough to optimise for?
The zero length memcpy() should be fine.
(though pedants might worry about in == NULL)
> + if (inlen > fill) {
Testing inlen >= fill will be better.
You also don't need the code below in the (probably) likely
case that state->buflen == 0.
> + memcpy(state->buf + state->buflen, in, fill);
> + blake2s_compress(state, state->buf, 1, BLAKE2S_BLOCK_SIZE);
> + state->buflen = 0;
> + in += fill;
> + inlen -= fill;
an 'if (!inlen) return' check here may be a cheap optimisation.
> + }
> + if (inlen > BLAKE2S_BLOCK_SIZE) {
This test only needs to be inside the earlier inlen > fill condition.
The compiler may not be able to assume so.
> + const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_SIZE);
Why not inlen/BLAKE2S_BLOCK_SIZE and remove all the '- 1'.
Looping inside blakes2s_compress() has to be better than
doing an extra call when processing the next data block.
> + blake2s_compress(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
> + in += BLAKE2S_BLOCK_SIZE * (nblocks - 1);
> + inlen -= BLAKE2S_BLOCK_SIZE * (nblocks - 1);
> + }
> + memcpy(state->buf + state->buflen, in, inlen);
> + state->buflen += inlen;
> }
> EXPORT_SYMBOL(blake2s_update);
>
> void blake2s_final(struct blake2s_state *state, u8 *out)
> {
> WARN_ON(IS_ENABLED(DEBUG) && !out);
> - __blake2s_final(state, out, false);
> + blake2s_set_lastblock(state);
> + memset(state->buf + state->buflen, 0, BLAKE2S_BLOCK_SIZE - state->buflen); /* Padding */
> + blake2s_compress(state, state->buf, 1, state->buflen);
> + cpu_to_le32_array(state->h, ARRAY_SIZE(state->h));
> + memcpy(out, state->h, state->outlen);
> memzero_explicit(state, sizeof(*state));
> }
> EXPORT_SYMBOL(blake2s_final);
> @@ -38,12 +65,7 @@ static int __init blake2s_mod_init(void)
> return 0;
> }
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2022-05-27 12:43 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-26 9:20 [PATCH crypto] crypto: blake2s - remove shash module Jason A. Donenfeld
2022-05-26 18:01 ` Eric Biggers
2022-05-27 8:05 ` Jason A. Donenfeld
2022-05-27 8:11 ` [PATCH crypto v2] " Jason A. Donenfeld
2022-05-27 12:36 ` David Laight [this message]
2022-05-27 13:20 ` Jason A. Donenfeld
2022-05-28 3:59 ` Eric Biggers
2022-05-28 9:57 ` Jason A. Donenfeld
2022-05-28 10:07 ` [PATCH crypto v3] " Jason A. Donenfeld
2022-05-28 17:19 ` [PATCH crypto v2] " Eric Biggers
2022-05-28 19:33 ` Jason A. Donenfeld
2022-05-28 19:44 ` [PATCH crypto v4] " Jason A. Donenfeld
2022-06-10 9:16 ` Herbert Xu
2022-05-30 7:37 ` [PATCH crypto v2] " David Laight
2022-05-30 7:54 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ffa404b7427043fda4b9f4a20ea0f068@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=ebiggers@kernel.org \
--cc=gaochao49@huawei.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox