Eric Biggers <ebiggers@xxxxxxxxxx> wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > When encrypting a message whose length isn't a multiple of 16 bytes, > encrypt the last full block in the main loop. This works because only > decryption uses the last two tweaks in reverse order, not encryption. > > This improves the performance of decrypting messages whose length isn't > a multiple of the AES block length, shrinks the size of > aes-xts-avx-x86_64.o by 5.0%, and eliminates two instructions (a test > and a not-taken conditional jump) when encrypting a message whose length > *is* a multiple of the AES block length. > > While it's not super useful to optimize for ciphertext stealing given > that it's rarely needed in practice, the other two benefits mentioned > above make this optimization worthwhile. > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > --- > arch/x86/crypto/aes-xts-avx-x86_64.S | 53 +++++++++++++++------------- > 1 file changed, 29 insertions(+), 24 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt