From 59eee916fa49541492b3eef3cbf7a4ab5e10a1cf Mon Sep 17 00:00:00 2001
From: Brian Smith <brian@briansmith.org>
Date: Wed, 12 Mar 2025 09:30:59 -0700
Subject: [PATCH] aes-gcm/x86-64: Tweak AVX2 VAES-VCLMUL.

---
 .../fipsmodule/aes/asm/aes-gcm-avx2-x86_64.pl | 24 +++++++------------
 1 file changed, 9 insertions(+), 15 deletions(-)

diff --git a/crypto/fipsmodule/aes/asm/aes-gcm-avx2-x86_64.pl b/crypto/fipsmodule/aes/asm/aes-gcm-avx2-x86_64.pl
index f4c546a70a..317e00287c 100644
--- a/crypto/fipsmodule/aes/asm/aes-gcm-avx2-x86_64.pl
+++ b/crypto/fipsmodule/aes/asm/aes-gcm-avx2-x86_64.pl
@@ -446,19 +446,16 @@ sub _ghash_4x {
     my ( $GHASH_ACC_PTR, $HTABLE, $AAD, $AADLEN ) = @argregs[ 0 .. 3 ];
 
     # Additional local variables
-    my ( $TMP0,       $TMP0_XMM )       = ( "%ymm0", "%xmm0" );
-    my ( $TMP1,       $TMP1_XMM )       = ( "%ymm1", "%xmm1" );
-    my ( $TMP2,       $TMP2_XMM )       = ( "%ymm2", "%xmm2" );
-    my ( $LO,         $LO_XMM )         = ( "%ymm3", "%xmm3" );
-    my ( $MI,         $MI_XMM )         = ( "%ymm4", "%xmm4" );
-    my ( $GHASH_ACC,  $GHASH_ACC_XMM )  = ( "%ymm5", "%xmm5" );
-    my ( $BSWAP_MASK, $BSWAP_MASK_XMM ) = ( "%ymm6", "%xmm6" );
-    my ( $GFPOLY,     $GFPOLY_XMM )     = ( "%ymm7", "%xmm7" );
-    my $H_POW2_XORED = "%ymm8";
-    my $H_POW1_XORED = "%ymm9";
+    my $TMP0_XMM       = "%xmm0";
+    my $TMP1_XMM       = "%xmm1";
+    my $TMP2_XMM       = "%xmm2";
+    my $LO_XMM         = "%xmm3";
+    my $GHASH_ACC_XMM  = "%xmm4"; # Different than upsream
+    my $BSWAP_MASK_XMM = "%xmm5"; # Different than upsream
+    my $GFPOLY_XMM     = "%xmm6"; # Different than upsream
 
     $code .= <<___;
-    @{[ _save_xmmregs (6 .. 9) ]}
+    @{[ _save_xmmregs (6) ]} # Less than upstream
     .seh_endprologue
 
     # Load the bswap_mask and gfpoly constants.  Since AADLEN is usually small,
@@ -471,8 +468,7 @@ sub _ghash_4x {
     vmovdqu         ($GHASH_ACC_PTR), $GHASH_ACC_XMM
     vpshufb         $BSWAP_MASK_XMM, $GHASH_ACC_XMM, $GHASH_ACC_XMM
 
-
-    # Update GHASH with the remaining 16-byte block if any.
+    # Update GHASH with the sinle 16-byte block.
 .Lghash_lastblock:
     vmovdqu         ($AAD), $TMP0_XMM
     vpshufb         $BSWAP_MASK_XMM, $TMP0_XMM, $TMP0_XMM
@@ -485,8 +481,6 @@ sub _ghash_4x {
     # Store the updated GHASH accumulator back to memory.
     vpshufb         $BSWAP_MASK_XMM, $GHASH_ACC_XMM, $GHASH_ACC_XMM
     vmovdqu         $GHASH_ACC_XMM, ($GHASH_ACC_PTR)
-
-    vzeroupper
 ___
 }
 $code .= _end_func;