Received: by 2002:a05:6a10:6744:0:0:0:0 with SMTP id w4csp756007pxu; Fri, 23 Oct 2020 12:25:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzR4kVan75Q2523brY0WHkTIf2KloxKT94ARFTMFIdPUJaBXTkpNoyDWLGOoO3C6GETm9jJ X-Received: by 2002:a50:ec8d:: with SMTP id e13mr3640649edr.143.1603481157227; Fri, 23 Oct 2020 12:25:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603481157; cv=none; d=google.com; s=arc-20160816; b=wvvLnAmxTEwINixGChldz709Ug8MPI+cuGUufq9upkCf9zEQOYZn7LY15RjNYkPZT2 whnWvQw7/CirCE0AfxfMvNL5wtKYZKe4pT5jO6U3+5IHeA217DZnGiK2HcdRKEpbKqoX deaEFWiSx8k7uFaj8vV0qZSo3SR/lRn0nG4sfeqmAFU9VTstgIPZpVYb6vs0eWFOprp2 nrzRwFlOPiUpKff7W8yGmaG8Cz8idaYH0mA4mZCrwozC2ydChfj+mk7eWfx1WauYmbOF VXQe25cgjmwsmjsm3Ex6hlpnXWm/J8vQ6jgRE3ZDcK1pd1LE90W4cBtQiw5wBp9xzVNO fEvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=t6coSryefsb3ak8Nuc7NVKsRwzzU7GO9O3ZnHo7ZcNg=; b=ZGHCLtYJ3X8X3RBsdx/+96iBAcLxOoHxtGue3y0p8Za2TJnFGNGiwzve1fySglFGYH mqqa/ERA3VYoplTtejDIBbDTyAu7ITJwycCXPOksGpLxDZKSzMcrGGC/eXa65NBnFbCr vwqx8nD8FeSjknOhK+0DxlMYNn64lp9hM7nGMr0isVHZdNok5vruWSRCifqCUNScjhV1 kWpStR0kPQhwKHlrrWgDLmAzXHzOBlNm5Xhr0GJVjrerJOoNRRPNlgjiCFu9qKy8PaL7 QIq8yGkQklZYsU4IMfan6Y5XfI7KrPEOeSx1P3/8Jrm9L5/yzOly4H1bWSpE9coptili K1dA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 92si1393893edp.262.2020.10.23.12.25.32; Fri, 23 Oct 2020 12:25:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753946AbgJWTWG (ORCPT + 99 others); Fri, 23 Oct 2020 15:22:06 -0400 Received: from mail-qk1-f196.google.com ([209.85.222.196]:45052 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750751AbgJWTWG (ORCPT ); Fri, 23 Oct 2020 15:22:06 -0400 Received: by mail-qk1-f196.google.com with SMTP id s14so2226351qkg.11; Fri, 23 Oct 2020 12:22:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=t6coSryefsb3ak8Nuc7NVKsRwzzU7GO9O3ZnHo7ZcNg=; b=h+AxWE8yWqy23u2MIbIDNUNm/7HuECev6jaeoKKWrTqVrmYUuaJvQBjQgLfHiScRtP 2XtWyuRiI4JmWe1VMhhV/dyTJN/EPVl80v8Md64312hgUJqj1zBHQB+OwmPlqK5Lrf5M IuUHnhyMLHqIiurnzfPWWCnBEAW+WRURjV5aYaX0BlrhmMNDuSMxl44RzLQElhI3Ille OdPBXbCZ0+gVojZHrvX1tEKMaD9IfDO6hxuZe4BKDURIiSqxINXPxyXAd94SKXm1xU6n iGKo72KTqExXzH7Ldk1TPmAvNH/un8JH7MFR1RTGwA9tscWyAvWErySN90lHrSkdtNWY l6Ag== X-Gm-Message-State: AOAM533QAgKfN1zN/B2Khv78RH6nhpDDSApxcURyf1J8Lw9AN1FYiuyR vvN0HNjpWfQcmYTRGQWMf9+VMzE1Ihhhcg== X-Received: by 2002:a37:67c3:: with SMTP id b186mr3721945qkc.26.1603480924992; Fri, 23 Oct 2020 12:22:04 -0700 (PDT) Received: from rani.riverdale.lan ([2001:470:1f07:5f3::b55f]) by smtp.gmail.com with ESMTPSA id n199sm1398493qkn.77.2020.10.23.12.22.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Oct 2020 12:22:04 -0700 (PDT) From: Arvind Sankar To: Herbert Xu , "David S. Miller" , "linux-crypto@vger.kernel.org" , Eric Biggers , David Laight Cc: linux-kernel@vger.kernel.org Subject: [PATCH v3 0/5] crypto: lib/sha256 - cleanup/optimization Date: Fri, 23 Oct 2020 15:21:58 -0400 Message-Id: <20201023192203.400040-1-nivedita@alum.mit.edu> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Patch 1 -- Use memzero_explicit() instead of structure assignment/plain memset() to clear sensitive state. Patch 2 -- Currently the temporary variables used in the generic sha256 implementation are cleared, but the clearing is optimized away due to lack of compiler barriers. Drop the clearing. The last three patches are optimizations for generic sha256. v3: - Add some more files to patch 1 - Reword commit message for patch 2 - Reformat SHA256_K array - Drop v2 patch combining K and W arrays v2: - Add patch to combine K and W arrays, suggested by David - Reformat SHA256_ROUND() macro a little Arvind Sankar (5): crypto: Use memzero_explicit() for clearing state crypto: lib/sha256 - Don't clear temporary variables crypto: lib/sha256 - Clear W[] in sha256_update() instead of sha256_transform() crypto: lib/sha256 - Unroll SHA256 loop 8 times intead of 64 crypto: lib/sha256 - Unroll LOAD and BLEND loops arch/arm64/crypto/ghash-ce-glue.c | 2 +- arch/arm64/crypto/poly1305-glue.c | 2 +- arch/arm64/crypto/sha3-ce-glue.c | 2 +- arch/x86/crypto/poly1305_glue.c | 2 +- include/crypto/sha1_base.h | 3 +- include/crypto/sha256_base.h | 3 +- include/crypto/sha512_base.h | 3 +- include/crypto/sm3_base.h | 3 +- lib/crypto/sha256.c | 212 +++++++++--------------------- 9 files changed, 76 insertions(+), 156 deletions(-) -- 2.26.2