crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1 - linux-rng

diff options

author	Eric Biggers <ebiggers@kernel.org>	2025-10-01 19:31:16 -0700
committer	Eric Biggers <ebiggers@kernel.org>	2025-10-26 20:37:41 -0700
commit	5ab1ff2e0f03ab64cc1832999146c0dcbf9db966 (patch)
tree	1c209a0e31d64a673eeccd7c1839709a76b2eba0 /tools/testing/selftests/pidfd/git:/ssh:/git@git.zx2c4.com
parent	crypto: x86/aes-gcm - revise some comments in AVX512 code (diff)
download	linux-rng-5ab1ff2e0f03ab64cc1832999146c0dcbf9db966.tar.xz linux-rng-5ab1ff2e0f03ab64cc1832999146c0dcbf9db966.zip

crypto: x86/aes-gcm - optimize AVX512 precomputation of H^2 from H^1

Squaring in GF(2^128) requires fewer instructions than a generic multiplication in GF(2^128). Take advantage of this when computing H^2 from H^1 in aes_gcm_precompute_vaes_avx512(). Note that aes_gcm_precompute_vaes_avx2() already uses this optimization. Acked-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20251002023117.37504-8-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@kernel.org>

Diffstat (limited to 'tools/testing/selftests/pidfd/git:/ssh:/git@git.zx2c4.com')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: