[openssl-commits] [openssl] master update

Andy Polyakov appro at openssl.org
Sat Sep 9 17:19:51 UTC 2017


The branch master has been updated
       via  236dd4633942d62777c44be630a06bc50603f659 (commit)
      from  f1b97da1fd90cf3935eafedc8df0d0165cb75f2f (commit)


- Log -----------------------------------------------------------------
commit 236dd4633942d62777c44be630a06bc50603f659
Author: Andy Polyakov <appro at openssl.org>
Date:   Fri Sep 8 11:50:57 2017 +0200

    sha/asm/keccak1600-armv8.pl: fix return value buglet and ...
    
    ... script data load.
    
    On related note an attempt was made to merge rotations with logical
    operations. I mean as we know, ARM ISA has merged rotate-n-logical
    instructions which can be used here. And they were used to improve
    keccak1600-armv4 performance. But not here. Even though this approach
    resulted in improvement on Cortex-A53 proportional to reduction of
    amount of instructions, ~8%, it didn't exactly worked out on
    non-Cortex cores. Presumably because they break merged instructions
    to separate μ-ops, which results in higher *operations* count. X-Gene
    and Denver went ~20% slower and Apple A7 - 40%. The optimization was
    therefore dismissed.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/sha/asm/keccak1600-armv8.pl | 158 +++----------------------------------
 1 file changed, 11 insertions(+), 147 deletions(-)

diff --git a/crypto/sha/asm/keccak1600-armv8.pl b/crypto/sha/asm/keccak1600-armv8.pl
index b67fb63..6ab28ac 100755
--- a/crypto/sha/asm/keccak1600-armv8.pl
+++ b/crypto/sha/asm/keccak1600-armv8.pl
@@ -375,162 +375,26 @@ SHA3_absorb:
 	blo	.Labsorbed
 
 	str	$C[0],[sp,#48]			// save len - bsz
+___
+for (my $i=0; $i<24; $i+=2) {
+my $j = $i+1;
+$code.=<<___;
 	ldr	$C[0],[$C[1]],#8		// *inp++
 #ifdef	__AARCH64EB__
 	rev	$C[0],$C[0]
 #endif
-	eor	$A[0][0],$A[0][0],$C[0]
-	cmp	$C[3],#8*2
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[0][1],$A[0][1],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[0][2],$A[0][2],$C[0]
-	cmp	$C[3],#8*4
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[0][3],$A[0][3],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[0][4],$A[0][4],$C[0]
-	cmp	$C[3],#8*6
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[1][0],$A[1][0],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[1][1],$A[1][1],$C[0]
-	cmp	$C[3],#8*8
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[1][2],$A[1][2],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[1][3],$A[1][3],$C[0]
-	cmp	$C[3],#8*10
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[1][4],$A[1][4],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[2][0],$A[2][0],$C[0]
-	cmp	$C[3],#8*12
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[2][1],$A[2][1],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[2][2],$A[2][2],$C[0]
-	cmp	$C[3],#8*14
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[2][3],$A[2][3],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[2][4],$A[2][4],$C[0]
-	cmp	$C[3],#8*16
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[3][0],$A[3][0],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[3][1],$A[3][1],$C[0]
-	cmp	$C[3],#8*18
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[3][2],$A[3][2],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[3][3],$A[3][3],$C[0]
-	cmp	$C[3],#8*20
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[3][4],$A[3][4],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[4][0],$A[4][0],$C[0]
-	cmp	$C[3],#8*22
-	blo	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[4][1],$A[4][1],$C[0]
-	beq	.Lprocess_block
-	ldr	$C[0],[$C[1]],#8		// *inp++
-#ifdef	__AARCH64EB__
-	rev	$C[0],$C[0]
-#endif
-	eor	$A[4][2],$A[4][2],$C[0]
-	cmp	$C[3],#8*24
+	eor	$A[$i/5][$i%5],$A[$i/5][$i%5],$C[0]
+	cmp	$C[3],#8*($i+2)
 	blo	.Lprocess_block
 	ldr	$C[0],[$C[1]],#8		// *inp++
 #ifdef	__AARCH64EB__
 	rev	$C[0],$C[0]
 #endif
-	eor	$A[4][3],$A[4][3],$C[0]
+	eor	$A[$j/5][$j%5],$A[$j/5][$j%5],$C[0]
 	beq	.Lprocess_block
+___
+}
+$code.=<<___;
 	ldr	$C[0],[$C[1]],#8		// *inp++
 #ifdef	__AARCH64EB__
 	rev	$C[0],$C[0]
@@ -563,7 +427,7 @@ SHA3_absorb:
 	stp	$A[4][2],$A[4][3],[$C[1],#16*11]
 	str	$A[4][4],[$C[1],#16*12]
 
-	mov	x0,$C[0]			// return value
+	mov	x0,$C[2]			// return value
 	ldp	x19,x20,[x29,#16]
 	add	sp,sp,#64
 	ldp	x21,x22,[x29,#32]


More information about the openssl-commits mailing list