a/lib/crypto/sha3.c b/lib/crypto/sha3.c
index 049be8414de26..ee7a2ca92b2c5 100644
--- a/lib/crypto/sha3.c
+++ b/lib/crypto/sha3.c
@@ -46,11 +46,11 @@ static const u64 sha3_keccakf_rndc[SHA3_KECCAK_ROUNDS] = {
 };
 
 /*
  * Perform a single round of Keccak mixing.
  */
-static SHA3_INLINE void sha3_keccakf_one_round_generic(u64 st[25])
+static SHA3_INLINE void sha3_keccakf_one_round_generic(u64 st[25], int round)
 {
 	u64 t[5], tt, bc[5];
 
 	/* Theta */
 	bc[0] = st[0] ^ st[5] ^ st[10] ^ st[15] ^ st[20];
@@ -147,10 +147,13 @@ static SHA3_INLINE void sha3_keccakf_one_round_generic(u64 st[25])
 	st[20] ^= bc[ 0];
 	st[21] ^= bc[ 1];
 	st[22] ^= bc[ 2];
 	st[23] ^= bc[ 3];
 	st[24] ^= bc[ 4];
+
+	/* Iota */
+	st[0] ^= sha3_keccakf_rndc[round];
 }
 
 /* Generic implementation of the Keccak-f[1600] permutation */
 static void sha3_keccakf_generic(struct sha3_state *state)
 {
@@ -161,15 +164,12 @@ static void sha3_keccakf_generic(struct sha3_state *state)
 	 */
 
 	for (int i = 0; i < ARRAY_SIZE(state->words); i++)
 		state->native_words[i] = le64_to_cpu(state->words[i]);
 
-	for (int round = 0; round < SHA3_KECCAK_ROUNDS; round++) {
-		sha3_keccakf_one_round_generic(state->native_words);
-		/* Iota */
-		state->native_words[0] ^= sha3_keccakf_rndc[round];
-	}
+	for (int round = 0; round < SHA3_KECCAK_ROUNDS; round++)
+		sha3_keccakf_one_round_generic(state->native_words, round);
 
 	for (int i = 0; i < ARRAY_SIZE(state->words); i++)
 		state->words[i] = cpu_to_le64(state->native_words[i]);
 }
 
-- 
2.51.1.dirty[PATCH v2 04/15] lib/crypto: sha3: Move SHA3 Iota step mapping into round functionEric Biggers <ebiggers@kernel.org> undefinedlinux-crypto@vger.kernel.org undefined undefined undefined undefined undefined undefined undefined undefined undefined undefined [ƒÆ