From f361d1ccecce3330cbb4f534f6b91dc7d0eb8d67 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 16 May 2016 23:34:03 +0200
Subject: [PATCH] sandy2x: clean the upper halves of the AVX registers

On Linux, with dynamic linking, upper AVX registers are not 0, which
introduces a massive performance penalty due to state transitions.

Thanks to to Tung Chou and Samuel Neves for catching this, and to
@theakman2 for his initial report.
---
 src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S      | 1 +
 src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S
index 00461b00..d788f0cd 100644
--- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S
@@ -17,6 +17,7 @@ ASM_HIDE_SYMBOL _ladder
 ladder:
 _ladder:
 
+vzeroupper
 mov %rsp,%r11
 and $31,%r11
 add $1856,%r11
diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S
index c3094185..ca1abe2b 100644
--- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S
+++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S
@@ -17,6 +17,7 @@ ASM_HIDE_SYMBOL _ladder_base
 ladder_base:
 _ladder_base:
 
+vzeroupper
 mov %rsp,%r11
 and $31,%r11
 add $1568,%r11