[openssl-dev] AES-GCM for ARM: what is the status of the new work published by

Mon Jul 13 15:36:13 UTC 2015

> As it can be seen OpenSSL GHASH is slower on Cortex A57 (but not sum of
> CTR and GHASH) and Apple A7. There is explanation for that. One of GHASH
> implementations parameters is "aggregate factor" that denotes amount of
> multiplications that are performed prior reduction. OpenSSL uses factor
> of 4, while referred code - 8. Higher aggregate factor is on to-do list
> and there is no reason to believe that performance would be worse than
> reported in referred paper.

Correction. Currently implemented aggregate factor in OpenSSL is 2, not 4.