gcm_ghash_vpclmulqdq_avx2_1: Make it clear that we only use XMM registers.

Author: briansmith

crypto/fipsmodule/aes/asm/aes-gcm-avx2-x86_64.pl

@@ -445,17 +445,16 @@ sub _ghash_4x {
     # Function arguments
     my ( $GHASH_ACC_PTR, $HTABLE, $AAD, $AADLEN ) = @argregs[ 0 .. 3 ];
 
-    # Additional local variables
-    my ( $TMP0,       $TMP0_XMM )       = ( "%ymm0", "%xmm0" );
-    my ( $TMP1,       $TMP1_XMM )       = ( "%ymm1", "%xmm1" );
-    my ( $TMP2,       $TMP2_XMM )       = ( "%ymm2", "%xmm2" );
-    my ( $LO,         $LO_XMM )         = ( "%ymm3", "%xmm3" );
-    my ( $MI,         $MI_XMM )         = ( "%ymm4", "%xmm4" );
-    my ( $GHASH_ACC,  $GHASH_ACC_XMM )  = ( "%ymm5", "%xmm5" );
-    my ( $BSWAP_MASK, $BSWAP_MASK_XMM ) = ( "%ymm6", "%xmm6" );
-    my ( $GFPOLY,     $GFPOLY_XMM )     = ( "%ymm7", "%xmm7" );
-    my $H_POW2_XORED = "%ymm8";
-    my $H_POW1_XORED = "%ymm9";
+    # Additional local variables.
+    # Unlike upstream, we avoid YMM registers in this function.
+    my $TMP0_XMM       = "%xmm0";
+    my $TMP1_XMM       = "%xmm1";
+    my $TMP2_XMM       = "%xmm2";
+    my $LO_XMM         = "%xmm3";
+    my $MI_XMM         = "%xmm4";
+    my $GHASH_ACC_XMM  = "%xmm5";
+    my $BSWAP_MASK_XMM = "%xmm6";
+    my $GFPOLY_XMM     = "%xmm7";
 
     $code .= <<___;
     @{[ _save_xmmregs (6 .. 9) ]}
@@ -486,7 +485,9 @@ sub _ghash_4x {
     vpshufb         $BSWAP_MASK_XMM, $GHASH_ACC_XMM, $GHASH_ACC_XMM
     vmovdqu         $GHASH_ACC_XMM, ($GHASH_ACC_PTR)
 
-    vzeroupper
+    # No vzeroupper is needed, unlike upstream, since we don't use YMM*. The
+    # epilogue may use XMM registers, so a vzeroupper might be needed here if
+    # we had used YMM registers.
 ___
 }
 $code .= _end_func;