On Mon, Apr 15, 2024 at 03:04:26PM +0200, Ard Biesheuvel wrote: > From: Ard Biesheuvel <ardb@xxxxxxxxxx> > > Tweak the round key logic so that they can be loaded using a single > branchless sequence using overlapping loads. This is shorter and > simpler, and puts the conditional branches based on the key size further > apart, which might benefit microarchitectures that cannot record taken > branches at every instruction. For these branches, use test-bit-branch > instructions that don't clobber the condition flags. > > Note that none of this has any impact on performance, positive or > otherwise (and the branch prediction benefit would only benefit AES-192 > which nobody uses). It does make for nicer code, though. > > While at it, use \@ to generate the labels inside the macros, which is > more robust than using fixed numbers, which could clash inadvertently. > Also, bring aes-neon.S in line with these changes, including the switch > to test-and-branch instructions, to avoid surprises in the future when > we might start relying on the condition flags being preserved in the > chaining mode wrappers in aes-modes.S > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > --- > arch/arm64/crypto/aes-ce.S | 34 ++++++++++++++-------------------- > arch/arm64/crypto/aes-neon.S | 20 ++++++++++---------- > 2 files changed, 24 insertions(+), 30 deletions(-) Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx> - Eric
