On Mon, Dec 19, 2022 at 04:35:27PM +0100, Peter Zijlstra wrote: > Even though x86 is firmly little endian, use be128 because le128 is in > fact the wrong way around :/ The actual code is already using be128 in > ghash_setkey() so this shouldn't be more confusing. > > This frees up the u128 name for a real u128 type. > > Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx> This patch doesn't make sense. The x86 ghash code is definitely storing the key as a little endian value, not big endian. The reason be128 shows up in ghash_setkey() is because the code is doing a byteswap from the original key bytes. Also, this patch causes 'sparse' warnings. Can you consider https://lore.kernel.org/linux-crypto/20221220054042.188537-1-ebiggers@xxxxxxxxxx/T/#u instead? - Eric
