From: Jason A. Donenfeld
Sent: 27 May 2022 09:11
BLAKE2s has no use as an shash, with no users of it. Just remove all of this unnecessary plumbing. Removing this shash was something we talked about back when we were making BLAKE2s a built-in, but I simply never got around to doing it. So this completes that project.
...
diff --git a/lib/crypto/blake2s.c b/lib/crypto/blake2s.c index c71c09621c09..716da32cf4dc 100644 --- a/lib/crypto/blake2s.c +++ b/lib/crypto/blake2s.c @@ -16,16 +16,43 @@ #include <linux/init.h> #include <linux/bug.h>
+static inline void blake2s_set_lastblock(struct blake2s_state *state) +{
- state->f[0] = -1;
+}
void blake2s_update(struct blake2s_state *state, const u8 *in, size_t inlen) {
- __blake2s_update(state, in, inlen, false);
- const size_t fill = BLAKE2S_BLOCK_SIZE - state->buflen;
- if (unlikely(!inlen))
return;
Does this happen often enough to optimise for? The zero length memcpy() should be fine. (though pedants might worry about in == NULL)
- if (inlen > fill) {
Testing inlen >= fill will be better. You also don't need the code below in the (probably) likely case that state->buflen == 0.
memcpy(state->buf + state->buflen, in, fill);
blake2s_compress(state, state->buf, 1, BLAKE2S_BLOCK_SIZE);
state->buflen = 0;
in += fill;
inlen -= fill;
an 'if (!inlen) return' check here may be a cheap optimisation.
- }
- if (inlen > BLAKE2S_BLOCK_SIZE) {
This test only needs to be inside the earlier inlen > fill condition. The compiler may not be able to assume so.
const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_SIZE);
Why not inlen/BLAKE2S_BLOCK_SIZE and remove all the '- 1'. Looping inside blakes2s_compress() has to be better than doing an extra call when processing the next data block.
blake2s_compress(state, in, nblocks - 1, BLAKE2S_BLOCK_SIZE);
in += BLAKE2S_BLOCK_SIZE * (nblocks - 1);
inlen -= BLAKE2S_BLOCK_SIZE * (nblocks - 1);
- }
- memcpy(state->buf + state->buflen, in, inlen);
- state->buflen += inlen;
} EXPORT_SYMBOL(blake2s_update);
void blake2s_final(struct blake2s_state *state, u8 *out) { WARN_ON(IS_ENABLED(DEBUG) && !out);
- __blake2s_final(state, out, false);
- blake2s_set_lastblock(state);
- memset(state->buf + state->buflen, 0, BLAKE2S_BLOCK_SIZE - state->buflen); /* Padding */
- blake2s_compress(state, state->buf, 1, state->buflen);
- cpu_to_le32_array(state->h, ARRAY_SIZE(state->h));
- memcpy(out, state->h, state->outlen); memzero_explicit(state, sizeof(*state));
} EXPORT_SYMBOL(blake2s_final); @@ -38,12 +65,7 @@ static int __init blake2s_mod_init(void) return 0; }
David
- Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)