diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2010-10-01 22:54:18 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2010-10-01 22:54:18 +0000 |
commit | 83818a12de45db7cb1101fbfdd2623d993f60550 (patch) | |
tree | 7f62af8daf1472973725396bb0177d36d76f5bd0 | |
parent | ead3de0e8a6279161ffa0ae7efdf2dc6dbfd3975 (diff) |
import OpenSSL-1.0.0a
-rwxr-xr-x | lib/libssl/src/crypto/perlasm/ppc-xlate.pl | 13 | ||||
-rw-r--r-- | lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl | 100 | ||||
-rwxr-xr-x | lib/libssl/src/crypto/sha/asm/sha1-ppc.pl | 83 | ||||
-rw-r--r-- | lib/libssl/src/crypto/sha/asm/sha1-s390x.pl | 50 | ||||
-rw-r--r-- | lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl | 1 | ||||
-rw-r--r-- | lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl | 3 | ||||
-rw-r--r-- | lib/libssl/src/crypto/sha/asm/sha256-586.pl | 52 | ||||
-rw-r--r-- | lib/libssl/src/crypto/sha/asm/sha256-armv4.pl | 78 | ||||
-rw-r--r-- | lib/libssl/src/crypto/sha/asm/sha512-586.pl | 16 | ||||
-rw-r--r-- | lib/libssl/src/crypto/sha/asm/sha512-armv4.pl | 387 | ||||
-rw-r--r-- | lib/libssl/src/crypto/sha/asm/sha512-s390x.pl | 63 | ||||
-rw-r--r-- | lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl | 7 | ||||
-rw-r--r-- | lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl | 2 | ||||
-rw-r--r-- | lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod | 2 | ||||
-rw-r--r-- | lib/libssl/src/test/pkits-test.pl | 9 |
15 files changed, 287 insertions, 579 deletions
diff --git a/lib/libssl/src/crypto/perlasm/ppc-xlate.pl b/lib/libssl/src/crypto/perlasm/ppc-xlate.pl index a3edd982b66..4579671c970 100755 --- a/lib/libssl/src/crypto/perlasm/ppc-xlate.pl +++ b/lib/libssl/src/crypto/perlasm/ppc-xlate.pl @@ -31,9 +31,10 @@ my $globl = sub { $ret .= ".type $name,\@function"; last; }; - /linux.*64/ && do { $ret .= ".globl $name\n"; - $ret .= ".type $name,\@function\n"; + /linux.*64/ && do { $ret .= ".globl .$name\n"; + $ret .= ".type .$name,\@function\n"; $ret .= ".section \".opd\",\"aw\"\n"; + $ret .= ".globl $name\n"; $ret .= ".align 3\n"; $ret .= "$name:\n"; $ret .= ".quad .$name,.TOC.\@tocbase,0\n"; @@ -61,14 +62,6 @@ my $machine = sub { } ".machine $arch"; }; -my $size = sub { - if ($flavour =~ /linux.*32/) - { shift; - ".size " . join(",",@_); - } - else - { ""; } -}; my $asciz = sub { shift; my $line = join(",",@_); diff --git a/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl b/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl index 33da3e0e3c0..88861af6411 100644 --- a/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl +++ b/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl @@ -37,22 +37,9 @@ # modes are limited. As result it takes more instructions to do # the same job in Thumb, therefore the code is never twice as # small and always slower. -# [***] which is also ~35% better than compiler generated code. Dual- -# issue Cortex A8 core was measured to process input block in -# ~990 cycles. +# [***] which is also ~35% better than compiler generated code. -# August 2010. -# -# Rescheduling for dual-issue pipeline resulted in 13% improvement on -# Cortex A8 core and in absolute terms ~870 cycles per input block -# [or 13.6 cycles per byte]. - -# February 2011. -# -# Profiler-assisted and platform-specific optimization resulted in 10% -# improvement on Cortex A8 core and 12.2 cycles per byte. - -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +$output=shift; open STDOUT,">$output"; $ctx="r0"; @@ -71,62 +58,63 @@ $t3="r12"; $Xi="r14"; @V=($a,$b,$c,$d,$e); +# One can optimize this for aligned access on big-endian architecture, +# but code's endian neutrality makes it too pretty:-) +sub Xload { +my ($a,$b,$c,$d,$e)=@_; +$code.=<<___; + ldrb $t0,[$inp],#4 + ldrb $t1,[$inp,#-3] + ldrb $t2,[$inp,#-2] + ldrb $t3,[$inp,#-1] + add $e,$K,$e,ror#2 @ E+=K_00_19 + orr $t0,$t1,$t0,lsl#8 + add $e,$e,$a,ror#27 @ E+=ROR(A,27) + orr $t0,$t2,$t0,lsl#8 + eor $t1,$c,$d @ F_xx_xx + orr $t0,$t3,$t0,lsl#8 + add $e,$e,$t0 @ E+=X[i] + str $t0,[$Xi,#-4]! +___ +} sub Xupdate { -my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_; +my ($a,$b,$c,$d,$e,$flag)=@_; $code.=<<___; ldr $t0,[$Xi,#15*4] ldr $t1,[$Xi,#13*4] ldr $t2,[$Xi,#7*4] - add $e,$K,$e,ror#2 @ E+=K_xx_xx ldr $t3,[$Xi,#2*4] + add $e,$K,$e,ror#2 @ E+=K_xx_xx eor $t0,$t0,$t1 - eor $t2,$t2,$t3 @ 1 cycle stall - eor $t1,$c,$d @ F_xx_xx - mov $t0,$t0,ror#31 + eor $t0,$t0,$t2 + eor $t0,$t0,$t3 add $e,$e,$a,ror#27 @ E+=ROR(A,27) - eor $t0,$t0,$t2,ror#31 - str $t0,[$Xi,#-4]! - $opt1 @ F_xx_xx - $opt2 @ F_xx_xx +___ +$code.=<<___ if (!defined($flag)); + eor $t1,$c,$d @ F_xx_xx, but not in 40_59 +___ +$code.=<<___; + mov $t0,$t0,ror#31 add $e,$e,$t0 @ E+=X[i] + str $t0,[$Xi,#-4]! ___ } sub BODY_00_15 { my ($a,$b,$c,$d,$e)=@_; + &Xload(@_); $code.=<<___; -#if __ARM_ARCH__<7 - ldrb $t1,[$inp,#2] - ldrb $t0,[$inp,#3] - ldrb $t2,[$inp,#1] - add $e,$K,$e,ror#2 @ E+=K_00_19 - ldrb $t3,[$inp],#4 - orr $t0,$t0,$t1,lsl#8 - eor $t1,$c,$d @ F_xx_xx - orr $t0,$t0,$t2,lsl#16 - add $e,$e,$a,ror#27 @ E+=ROR(A,27) - orr $t0,$t0,$t3,lsl#24 -#else - ldr $t0,[$inp],#4 @ handles unaligned - add $e,$K,$e,ror#2 @ E+=K_00_19 - eor $t1,$c,$d @ F_xx_xx - add $e,$e,$a,ror#27 @ E+=ROR(A,27) -#ifdef __ARMEL__ - rev $t0,$t0 @ byte swap -#endif -#endif and $t1,$b,$t1,ror#2 - add $e,$e,$t0 @ E+=X[i] eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) - str $t0,[$Xi,#-4]! add $e,$e,$t1 @ E+=F_00_19(B,C,D) ___ } sub BODY_16_19 { my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_,"and $t1,$b,$t1,ror#2"); + &Xupdate(@_); $code.=<<___; + and $t1,$b,$t1,ror#2 eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) add $e,$e,$t1 @ E+=F_00_19(B,C,D) ___ @@ -134,24 +122,26 @@ ___ sub BODY_20_39 { my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_,"eor $t1,$b,$t1,ror#2"); + &Xupdate(@_); $code.=<<___; + eor $t1,$b,$t1,ror#2 @ F_20_39(B,C,D) add $e,$e,$t1 @ E+=F_20_39(B,C,D) ___ } sub BODY_40_59 { my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d"); + &Xupdate(@_,1); $code.=<<___; + and $t1,$b,$c,ror#2 + orr $t2,$b,$c,ror#2 + and $t2,$t2,$d,ror#2 + orr $t1,$t1,$t2 @ F_40_59(B,C,D) add $e,$e,$t1 @ E+=F_40_59(B,C,D) - add $e,$e,$t2,ror#2 ___ } $code=<<___; -#include "arm_arch.h" - .text .global sha1_block_data_order @@ -177,7 +167,6 @@ for($i=0;$i<5;$i++) { $code.=<<___; teq $Xi,sp bne .L_00_15 @ [((11+4)*5+2)*3] - sub sp,sp,#25*4 ___ &BODY_00_15(@V); unshift(@V,pop(@V)); &BODY_16_19(@V); unshift(@V,pop(@V)); @@ -187,6 +176,7 @@ ___ $code.=<<___; ldr $K,.LK_20_39 @ [+15+16*4] + sub sp,sp,#25*4 cmn sp,#0 @ [+3], clear carry to denote 20_39 .L_20_39_or_60_79: ___ @@ -225,14 +215,10 @@ $code.=<<___; teq $inp,$len bne .Lloop @ [+18], total 1307 -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} -#else ldmia sp!,{r4-r12,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) -#endif .align 2 .LK_00_19: .word 0x5a827999 .LK_20_39: .word 0x6ed9eba1 diff --git a/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl b/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl index 2140dd2f8dd..dcd0fcdfcfa 100755 --- a/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl +++ b/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl @@ -24,14 +24,12 @@ $flavour = shift; if ($flavour =~ /64/) { $SIZE_T =8; - $LRSAVE =2*$SIZE_T; $UCMP ="cmpld"; $STU ="stdu"; $POP ="ld"; $PUSH ="std"; } elsif ($flavour =~ /32/) { $SIZE_T =4; - $LRSAVE =$SIZE_T; $UCMP ="cmplw"; $STU ="stwu"; $POP ="lwz"; @@ -45,8 +43,7 @@ die "can't locate ppc-xlate.pl"; open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; -$FRAME=24*$SIZE_T+64; -$LOCALS=6*$SIZE_T; +$FRAME=24*$SIZE_T; $K ="r0"; $sp ="r1"; @@ -165,8 +162,9 @@ $code=<<___; .globl .sha1_block_data_order .align 4 .sha1_block_data_order: - $STU $sp,-$FRAME($sp) mflr r0 + $STU $sp,`-($FRAME+64)`($sp) + $PUSH r0,`$FRAME-$SIZE_T*18`($sp) $PUSH r15,`$FRAME-$SIZE_T*17`($sp) $PUSH r16,`$FRAME-$SIZE_T*16`($sp) $PUSH r17,`$FRAME-$SIZE_T*15`($sp) @@ -184,7 +182,6 @@ $code=<<___; $PUSH r29,`$FRAME-$SIZE_T*3`($sp) $PUSH r30,`$FRAME-$SIZE_T*2`($sp) $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) lwz $A,0($ctx) lwz $B,4($ctx) lwz $C,8($ctx) @@ -195,14 +192,37 @@ $code=<<___; Laligned: mtctr $num bl Lsha1_block_private - b Ldone +Ldone: + $POP r0,`$FRAME-$SIZE_T*18`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,`$FRAME+64` + blr +___ -; PowerPC specification allows an implementation to be ill-behaved -; upon unaligned access which crosses page boundary. "Better safe -; than sorry" principle makes me treat it specially. But I don't -; look for particular offending word, but rather for 64-byte input -; block which crosses the boundary. Once found that block is aligned -; and hashed separately... +# PowerPC specification allows an implementation to be ill-behaved +# upon unaligned access which crosses page boundary. "Better safe +# than sorry" principle makes me treat it specially. But I don't +# look for particular offending word, but rather for 64-byte input +# block which crosses the boundary. Once found that block is aligned +# and hashed separately... +$code.=<<___; .align 4 Lunaligned: subfic $t1,$inp,4096 @@ -217,7 +237,7 @@ Lunaligned: Lcross_page: li $t1,16 mtctr $t1 - addi r20,$sp,$LOCALS ; spot within the frame + addi r20,$sp,$FRAME ; spot below the frame Lmemcpy: lbz r16,0($inp) lbz r17,1($inp) @@ -231,40 +251,15 @@ Lmemcpy: addi r20,r20,4 bdnz Lmemcpy - $PUSH $inp,`$FRAME-$SIZE_T*18`($sp) + $PUSH $inp,`$FRAME-$SIZE_T*19`($sp) li $t1,1 - addi $inp,$sp,$LOCALS + addi $inp,$sp,$FRAME mtctr $t1 bl Lsha1_block_private - $POP $inp,`$FRAME-$SIZE_T*18`($sp) + $POP $inp,`$FRAME-$SIZE_T*19`($sp) addic. $num,$num,-1 bne- Lunaligned - -Ldone: - $POP r0,`$FRAME+$LRSAVE`($sp) - $POP r15,`$FRAME-$SIZE_T*17`($sp) - $POP r16,`$FRAME-$SIZE_T*16`($sp) - $POP r17,`$FRAME-$SIZE_T*15`($sp) - $POP r18,`$FRAME-$SIZE_T*14`($sp) - $POP r19,`$FRAME-$SIZE_T*13`($sp) - $POP r20,`$FRAME-$SIZE_T*12`($sp) - $POP r21,`$FRAME-$SIZE_T*11`($sp) - $POP r22,`$FRAME-$SIZE_T*10`($sp) - $POP r23,`$FRAME-$SIZE_T*9`($sp) - $POP r24,`$FRAME-$SIZE_T*8`($sp) - $POP r25,`$FRAME-$SIZE_T*7`($sp) - $POP r26,`$FRAME-$SIZE_T*6`($sp) - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - mtlr r0 - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,18,3,0 - .long 0 + b Ldone ___ # This is private block function, which uses tailored calling @@ -314,8 +309,6 @@ $code.=<<___; addi $inp,$inp,`16*4` bdnz- Lsha1_block_private blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 ___ $code.=<<___; .asciz "SHA1 block transform for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>" diff --git a/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl b/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl index 9193dda45ef..4b17848287a 100644 --- a/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl +++ b/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl @@ -21,28 +21,9 @@ # instructions to favour dual-issue z10 pipeline. On z10 hardware is # "only" ~2.3x faster than software. -# November 2010. -# -# Adapt for -m31 build. If kernel supports what's called "highgprs" -# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit -# instructions and achieve "64-bit" performance even in 31-bit legacy -# application context. The feature is not specific to any particular -# processor, as long as it's "z-CPU". Latter implies that the code -# remains z/Architecture specific. - $kimdfunc=1; # magic function code for kimd instruction -$flavour = shift; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +$output=shift; open STDOUT,">$output"; $K_00_39="%r0"; $K=$K_00_39; @@ -61,14 +42,13 @@ $t1="%r11"; @X=("%r12","%r13","%r14"); $sp="%r15"; -$stdframe=16*$SIZE_T+4*8; -$frame=$stdframe+16*4; +$frame=160+16*4; sub Xupdate { my $i=shift; $code.=<<___ if ($i==15); - lg $prefetch,$stdframe($sp) ### Xupdate(16) warm-up + lg $prefetch,160($sp) ### Xupdate(16) warm-up lr $X[0],$X[2] ___ return if ($i&1); # Xupdate is vectorized and executed every 2nd cycle @@ -78,8 +58,8 @@ $code.=<<___ if ($i<16); ___ $code.=<<___ if ($i>=16); xgr $X[0],$prefetch ### Xupdate($i) - lg $prefetch,`$stdframe+4*(($i+2)%16)`($sp) - xg $X[0],`$stdframe+4*(($i+8)%16)`($sp) + lg $prefetch,`160+4*(($i+2)%16)`($sp) + xg $X[0],`160+4*(($i+8)%16)`($sp) xgr $X[0],$prefetch rll $X[0],$X[0],1 rllg $X[1],$X[0],32 @@ -88,7 +68,7 @@ $code.=<<___ if ($i>=16); lr $X[2],$X[1] # feedback ___ $code.=<<___ if ($i<=70); - stg $X[0],`$stdframe+4*($i%16)`($sp) + stg $X[0],`160+4*($i%16)`($sp) ___ unshift(@X,pop(@X)); } @@ -168,9 +148,9 @@ $code.=<<___ if ($kimdfunc); tmhl %r0,0x4000 # check for message-security assist jz .Lsoftware lghi %r0,0 - la %r1,`2*$SIZE_T`($sp) + la %r1,16($sp) .long 0xb93e0002 # kimd %r0,%r2 - lg %r0,`2*$SIZE_T`($sp) + lg %r0,16($sp) tmhh %r0,`0x8000>>$kimdfunc` jz .Lsoftware lghi %r0,$kimdfunc @@ -185,11 +165,11 @@ $code.=<<___ if ($kimdfunc); ___ $code.=<<___; lghi %r1,-$frame - st${g} $ctx,`2*$SIZE_T`($sp) - stm${g} %r6,%r15,`6*$SIZE_T`($sp) + stg $ctx,16($sp) + stmg %r6,%r15,48($sp) lgr %r0,$sp la $sp,0(%r1,$sp) - st${g} %r0,0($sp) + stg %r0,0($sp) larl $t0,Ktable llgf $A,0($ctx) @@ -219,7 +199,7 @@ ___ for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } $code.=<<___; - l${g} $ctx,`$frame+2*$SIZE_T`($sp) + lg $ctx,`$frame+16`($sp) la $inp,64($inp) al $A,0($ctx) al $B,4($ctx) @@ -231,13 +211,13 @@ $code.=<<___; st $C,8($ctx) st $D,12($ctx) st $E,16($ctx) - brct${g} $len,.Lloop + brct $len,.Lloop - lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) + lmg %r6,%r15,`$frame+48`($sp) br %r14 .size sha1_block_data_order,.-sha1_block_data_order .string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>" -.comm OPENSSL_s390xcap_P,16,8 +.comm OPENSSL_s390xcap_P,8,8 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl index 5c161cecd69..8306fc88ccf 100644 --- a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl +++ b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl @@ -276,7 +276,6 @@ $code.=<<___; .type sha1_block_data_order,#function .size sha1_block_data_order,(.-sha1_block_data_order) .asciz "SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>" -.align 4 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl index e65291bbd97..15eb854badc 100644 --- a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl +++ b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl @@ -539,7 +539,6 @@ $code.=<<___; .type sha1_block_data_order,#function .size sha1_block_data_order,(.-sha1_block_data_order) .asciz "SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>" -.align 4 ___ # Purpose of these subroutines is to explicitly encode VIS instructions, @@ -549,7 +548,7 @@ ___ # programmer detect if current CPU is VIS capable at run-time. sub unvis { my ($mnemonic,$rs1,$rs2,$rd)=@_; -my ($ref,$opf); +my $ref,$opf; my %visopf = ( "fmul8ulx16" => 0x037, "faligndata" => 0x048, "fpadd32" => 0x052, diff --git a/lib/libssl/src/crypto/sha/asm/sha256-586.pl b/lib/libssl/src/crypto/sha/asm/sha256-586.pl index 928ec53123b..ecc8b69c75d 100644 --- a/lib/libssl/src/crypto/sha/asm/sha256-586.pl +++ b/lib/libssl/src/crypto/sha/asm/sha256-586.pl @@ -14,8 +14,8 @@ # Pentium PIII P4 AMD K8 Core2 # gcc 46 36 41 27 26 # icc 57 33 38 25 23 -# x86 asm 40 30 33 20 18 -# x86_64 asm(*) - - 21 16 16 +# x86 asm 40 30 35 20 20 +# x86_64 asm(*) - - 21 15.8 16.5 # # (*) x86_64 assembler performance is presented for reference # purposes. @@ -48,19 +48,20 @@ sub BODY_00_15() { my $in_16_63=shift; &mov ("ecx",$E); - &add ($T,"edi") if ($in_16_63); # T += sigma1(X[-2]) - &ror ("ecx",25-11); + &add ($T,&DWP(4*(8+15+16-9),"esp")) if ($in_16_63); # T += X[-7] + &ror ("ecx",6); + &mov ("edi",$E); + &ror ("edi",11); &mov ("esi",$Foff); - &xor ("ecx",$E); - &ror ("ecx",11-6); + &xor ("ecx","edi"); + &ror ("edi",25-11); &mov (&DWP(4*(8+15),"esp"),$T) if ($in_16_63); # save X[0] - &xor ("ecx",$E); - &ror ("ecx",6); # Sigma1(e) + &xor ("ecx","edi"); # Sigma1(e) &mov ("edi",$Goff); &add ($T,"ecx"); # T += Sigma1(e) + &mov ($Eoff,$E); # modulo-scheduled &xor ("esi","edi"); - &mov ($Eoff,$E); # modulo-scheduled &mov ("ecx",$A); &and ("esi",$E); &mov ($E,$Doff); # e becomes d, which is e in next iteration @@ -68,14 +69,14 @@ sub BODY_00_15() { &mov ("edi",$A); &add ($T,"esi"); # T += Ch(e,f,g) - &ror ("ecx",22-13); + &ror ("ecx",2); &add ($T,$Hoff); # T += h - &xor ("ecx",$A); - &ror ("ecx",13-2); + &ror ("edi",13); &mov ("esi",$Boff); - &xor ("ecx",$A); - &ror ("ecx",2); # Sigma0(a) + &xor ("ecx","edi"); + &ror ("edi",22-13); &add ($E,$T); # d += T + &xor ("ecx","edi"); # Sigma0(a) &mov ("edi",$Coff); &add ($T,"ecx"); # T += Sigma0(a) @@ -167,22 +168,23 @@ sub BODY_00_15() { &set_label("16_63",16); &mov ("esi",$T); &mov ("ecx",&DWP(4*(8+15+16-14),"esp")); + &shr ($T,3); + &ror ("esi",7); + &xor ($T,"esi"); &ror ("esi",18-7); &mov ("edi","ecx"); - &xor ("esi",$T); - &ror ("esi",7); - &shr ($T,3); + &xor ($T,"esi"); # T = sigma0(X[-15]) - &ror ("edi",19-17); - &xor ($T,"esi"); # T = sigma0(X[-15]) - &xor ("edi","ecx"); - &ror ("edi",17); &shr ("ecx",10); - &add ($T,&DWP(4*(8+15+16),"esp")); # T += X[-16] - &xor ("edi","ecx"); # sigma1(X[-2]) + &mov ("esi",&DWP(4*(8+15+16),"esp")); + &ror ("edi",17); + &xor ("ecx","edi"); + &ror ("edi",19-17); + &add ($T,"esi"); # T += X[-16] + &xor ("edi","ecx") # sigma1(X[-2]) - &add ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7] - # &add ($T,"edi"); # T += sigma1(X[-2]) + &add ($T,"edi"); # T += sigma1(X[-2]) + # &add ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7], moved to BODY_00_15(1) # &mov (&DWP(4*(8+15),"esp"),$T); # save X[0] &BODY_00_15(1); diff --git a/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl b/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl index 9c84e8d93c3..48d846deec3 100644 --- a/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl +++ b/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl @@ -11,23 +11,13 @@ # Performance is ~2x better than gcc 3.4 generated code and in "abso- # lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per -# byte [on single-issue Xscale PXA250 core]. +# byte. -# July 2010. -# -# Rescheduling for dual-issue pipeline resulted in 22% improvement on -# Cortex A8 core and ~20 cycles per processed byte. - -# February 2011. -# -# Profiler-assisted and platform-specific optimization resulted in 16% -# improvement on Cortex A8 core and ~17 cycles per processed byte. - -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +$output=shift; open STDOUT,">$output"; $ctx="r0"; $t0="r0"; -$inp="r1"; $t3="r1"; +$inp="r1"; $len="r2"; $t1="r2"; $T1="r3"; $A="r4"; @@ -51,9 +41,6 @@ sub BODY_00_15 { my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; $code.=<<___ if ($i<16); -#if __ARM_ARCH__>=7 - ldr $T1,[$inp],#4 -#else ldrb $T1,[$inp,#3] @ $i ldrb $t2,[$inp,#2] ldrb $t1,[$inp,#1] @@ -61,42 +48,31 @@ $code.=<<___ if ($i<16); orr $T1,$T1,$t2,lsl#8 orr $T1,$T1,$t1,lsl#16 orr $T1,$T1,$t0,lsl#24 -#endif + `"str $inp,[sp,#17*4]" if ($i==15)` ___ $code.=<<___; - mov $t0,$e,ror#$Sigma1[0] ldr $t2,[$Ktbl],#4 @ *K256++ + str $T1,[sp,#`$i%16`*4] + mov $t0,$e,ror#$Sigma1[0] eor $t0,$t0,$e,ror#$Sigma1[1] - eor $t1,$f,$g -#if $i>=16 - add $T1,$T1,$t3 @ from BODY_16_xx -#elif __ARM_ARCH__>=7 && defined(__ARMEL__) - rev $T1,$T1 -#endif -#if $i==15 - str $inp,[sp,#17*4] @ leave room for $t3 -#endif eor $t0,$t0,$e,ror#$Sigma1[2] @ Sigma1(e) - and $t1,$t1,$e - str $T1,[sp,#`$i%16`*4] add $T1,$T1,$t0 + eor $t1,$f,$g + and $t1,$t1,$e eor $t1,$t1,$g @ Ch(e,f,g) + add $T1,$T1,$t1 add $T1,$T1,$h + add $T1,$T1,$t2 mov $h,$a,ror#$Sigma0[0] - add $T1,$T1,$t1 eor $h,$h,$a,ror#$Sigma0[1] - add $T1,$T1,$t2 eor $h,$h,$a,ror#$Sigma0[2] @ Sigma0(a) -#if $i>=15 - ldr $t3,[sp,#`($i+2)%16`*4] @ from BODY_16_xx -#endif orr $t0,$a,$b - and $t1,$a,$b and $t0,$t0,$c - add $h,$h,$T1 + and $t1,$a,$b orr $t0,$t0,$t1 @ Maj(a,b,c) - add $d,$d,$T1 add $h,$h,$t0 + add $d,$d,$T1 + add $h,$h,$T1 ___ } @@ -104,26 +80,24 @@ sub BODY_16_XX { my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; $code.=<<___; - @ ldr $t3,[sp,#`($i+1)%16`*4] @ $i + ldr $t1,[sp,#`($i+1)%16`*4] @ $i ldr $t2,[sp,#`($i+14)%16`*4] - mov $t0,$t3,ror#$sigma0[0] ldr $T1,[sp,#`($i+0)%16`*4] - eor $t0,$t0,$t3,ror#$sigma0[1] - ldr $t1,[sp,#`($i+9)%16`*4] - eor $t0,$t0,$t3,lsr#$sigma0[2] @ sigma0(X[i+1]) - mov $t3,$t2,ror#$sigma1[0] + ldr $inp,[sp,#`($i+9)%16`*4] + mov $t0,$t1,ror#$sigma0[0] + eor $t0,$t0,$t1,ror#$sigma0[1] + eor $t0,$t0,$t1,lsr#$sigma0[2] @ sigma0(X[i+1]) + mov $t1,$t2,ror#$sigma1[0] + eor $t1,$t1,$t2,ror#$sigma1[1] + eor $t1,$t1,$t2,lsr#$sigma1[2] @ sigma1(X[i+14]) add $T1,$T1,$t0 - eor $t3,$t3,$t2,ror#$sigma1[1] add $T1,$T1,$t1 - eor $t3,$t3,$t2,lsr#$sigma1[2] @ sigma1(X[i+14]) - @ add $T1,$T1,$t3 + add $T1,$T1,$inp ___ &BODY_00_15(@_); } $code=<<___; -#include "arm_arch.h" - .text .code 32 @@ -153,7 +127,7 @@ K256: sha256_block_data_order: sub r3,pc,#8 @ sha256_block_data_order add $len,$inp,$len,lsl#6 @ len to point at the end of inp - stmdb sp!,{$ctx,$inp,$len,r4-r11,lr} + stmdb sp!,{$ctx,$inp,$len,r4-r12,lr} ldmia $ctx,{$A,$B,$C,$D,$E,$F,$G,$H} sub $Ktbl,r3,#256 @ K256 sub sp,sp,#16*4 @ alloca(X[16]) @@ -192,14 +166,10 @@ $code.=<<___; bne .Loop add sp,sp,#`16+3`*4 @ destroy frame -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r11,pc} -#else - ldmia sp!,{r4-r11,lr} + ldmia sp!,{r4-r12,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) -#endif .size sha256_block_data_order,.-sha256_block_data_order .asciz "SHA256 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" .align 2 diff --git a/lib/libssl/src/crypto/sha/asm/sha512-586.pl b/lib/libssl/src/crypto/sha/asm/sha512-586.pl index 7eab6a5b88b..5b9f3337add 100644 --- a/lib/libssl/src/crypto/sha/asm/sha512-586.pl +++ b/lib/libssl/src/crypto/sha/asm/sha512-586.pl @@ -142,9 +142,9 @@ sub BODY_00_15_x86 { &mov ("edx",$Ehi); &mov ("esi","ecx"); - &shr ("ecx",9); # lo>>9 + &shr ("ecx",9) # lo>>9 &mov ("edi","edx"); - &shr ("edx",9); # hi>>9 + &shr ("edx",9) # hi>>9 &mov ("ebx","ecx"); &shl ("esi",14); # lo<<14 &mov ("eax","edx"); @@ -207,9 +207,9 @@ sub BODY_00_15_x86 { &mov ($Dhi,"ebx"); &mov ("esi","ecx"); - &shr ("ecx",2); # lo>>2 + &shr ("ecx",2) # lo>>2 &mov ("edi","edx"); - &shr ("edx",2); # hi>>2 + &shr ("edx",2) # hi>>2 &mov ("ebx","ecx"); &shl ("esi",4); # lo<<4 &mov ("eax","edx"); @@ -452,9 +452,9 @@ if ($sse2) { &mov ("edx",&DWP(8*(9+15+16-1)+4,"esp")); &mov ("esi","ecx"); - &shr ("ecx",1); # lo>>1 + &shr ("ecx",1) # lo>>1 &mov ("edi","edx"); - &shr ("edx",1); # hi>>1 + &shr ("edx",1) # hi>>1 &mov ("eax","ecx"); &shl ("esi",24); # lo<<24 &mov ("ebx","edx"); @@ -488,9 +488,9 @@ if ($sse2) { &mov ("edx",&DWP(8*(9+15+16-14)+4,"esp")); &mov ("esi","ecx"); - &shr ("ecx",6); # lo>>6 + &shr ("ecx",6) # lo>>6 &mov ("edi","edx"); - &shr ("edx",6); # hi>>6 + &shr ("edx",6) # hi>>6 &mov ("eax","ecx"); &shl ("esi",3); # lo<<3 &mov ("ebx","edx"); diff --git a/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl b/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl index 7faf37b1479..4fbb94a914f 100644 --- a/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl +++ b/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl @@ -10,41 +10,24 @@ # SHA512 block procedure for ARMv4. September 2007. # This code is ~4.5 (four and a half) times faster than code generated -# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue -# Xscale PXA250 core]. -# -# July 2010. -# -# Rescheduling for dual-issue pipeline resulted in 6% improvement on -# Cortex A8 core and ~40 cycles per processed byte. - -# February 2011. -# -# Profiler-assisted and platform-specific optimization resulted in 7% -# improvement on Coxtex A8 core and ~38 cycles per byte. - -# March 2011. -# -# Add NEON implementation. On Cortex A8 it was measured to process -# one byte in 25.5 cycles or 47% faster than integer-only code. +# by gcc 3.4 and it spends ~72 clock cycles per byte. # Byte order [in]dependence. ========================================= # -# Originally caller was expected to maintain specific *dword* order in -# h[0-7], namely with most significant dword at *lower* address, which -# was reflected in below two parameters as 0 and 4. Now caller is -# expected to maintain native byte order for whole 64-bit values. -$hi="HI"; -$lo="LO"; +# Caller is expected to maintain specific *dword* order in h[0-7], +# namely with most significant dword at *lower* address, which is +# reflected in below two parameters. *Byte* order within these dwords +# in turn is whatever *native* byte order on current platform. +$hi=0; +$lo=4; # ==================================================================== -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +$output=shift; open STDOUT,">$output"; -$ctx="r0"; # parameter block +$ctx="r0"; $inp="r1"; $len="r2"; - $Tlo="r3"; $Thi="r4"; $Alo="r5"; @@ -72,17 +55,15 @@ $Xoff=8*8; sub BODY_00_15() { my $magic = shift; $code.=<<___; + ldr $t2,[sp,#$Hoff+0] @ h.lo + ldr $t3,[sp,#$Hoff+4] @ h.hi @ Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) @ LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 @ HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 mov $t0,$Elo,lsr#14 - str $Tlo,[sp,#$Xoff+0] mov $t1,$Ehi,lsr#14 - str $Thi,[sp,#$Xoff+4] eor $t0,$t0,$Ehi,lsl#18 - ldr $t2,[sp,#$Hoff+0] @ h.lo eor $t1,$t1,$Elo,lsl#18 - ldr $t3,[sp,#$Hoff+4] @ h.hi eor $t0,$t0,$Elo,lsr#18 eor $t1,$t1,$Ehi,lsr#18 eor $t0,$t0,$Ehi,lsl#14 @@ -92,41 +73,44 @@ $code.=<<___; eor $t0,$t0,$Elo,lsl#23 eor $t1,$t1,$Ehi,lsl#23 @ Sigma1(e) adds $Tlo,$Tlo,$t0 - ldr $t0,[sp,#$Foff+0] @ f.lo adc $Thi,$Thi,$t1 @ T += Sigma1(e) - ldr $t1,[sp,#$Foff+4] @ f.hi adds $Tlo,$Tlo,$t2 - ldr $t2,[sp,#$Goff+0] @ g.lo adc $Thi,$Thi,$t3 @ T += h + + ldr $t0,[sp,#$Foff+0] @ f.lo + ldr $t1,[sp,#$Foff+4] @ f.hi + ldr $t2,[sp,#$Goff+0] @ g.lo ldr $t3,[sp,#$Goff+4] @ g.hi + str $Elo,[sp,#$Eoff+0] + str $Ehi,[sp,#$Eoff+4] + str $Alo,[sp,#$Aoff+0] + str $Ahi,[sp,#$Aoff+4] eor $t0,$t0,$t2 - str $Elo,[sp,#$Eoff+0] eor $t1,$t1,$t3 - str $Ehi,[sp,#$Eoff+4] and $t0,$t0,$Elo - str $Alo,[sp,#$Aoff+0] and $t1,$t1,$Ehi - str $Ahi,[sp,#$Aoff+4] eor $t0,$t0,$t2 - ldr $t2,[$Ktbl,#$lo] @ K[i].lo eor $t1,$t1,$t3 @ Ch(e,f,g) - ldr $t3,[$Ktbl,#$hi] @ K[i].hi - adds $Tlo,$Tlo,$t0 + ldr $t2,[$Ktbl,#4] @ K[i].lo + ldr $t3,[$Ktbl,#0] @ K[i].hi ldr $Elo,[sp,#$Doff+0] @ d.lo - adc $Thi,$Thi,$t1 @ T += Ch(e,f,g) ldr $Ehi,[sp,#$Doff+4] @ d.hi + + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 @ T += Ch(e,f,g) adds $Tlo,$Tlo,$t2 - and $t0,$t2,#0xff adc $Thi,$Thi,$t3 @ T += K[i] adds $Elo,$Elo,$Tlo - ldr $t2,[sp,#$Boff+0] @ b.lo adc $Ehi,$Ehi,$Thi @ d += T + + and $t0,$t2,#0xff teq $t0,#$magic + orreq $Ktbl,$Ktbl,#1 + ldr $t2,[sp,#$Boff+0] @ b.lo ldr $t3,[sp,#$Coff+0] @ c.lo - orreq $Ktbl,$Ktbl,#1 @ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) @ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 @ HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 @@ -143,100 +127,80 @@ $code.=<<___; eor $t0,$t0,$Alo,lsl#25 eor $t1,$t1,$Ahi,lsl#25 @ Sigma0(a) adds $Tlo,$Tlo,$t0 - and $t0,$Alo,$t2 adc $Thi,$Thi,$t1 @ T += Sigma0(a) - ldr $t1,[sp,#$Boff+4] @ b.hi + and $t0,$Alo,$t2 orr $Alo,$Alo,$t2 + ldr $t1,[sp,#$Boff+4] @ b.hi ldr $t2,[sp,#$Coff+4] @ c.hi and $Alo,$Alo,$t3 + orr $Alo,$Alo,$t0 @ Maj(a,b,c).lo and $t3,$Ahi,$t1 orr $Ahi,$Ahi,$t1 - orr $Alo,$Alo,$t0 @ Maj(a,b,c).lo and $Ahi,$Ahi,$t2 - adds $Alo,$Alo,$Tlo orr $Ahi,$Ahi,$t3 @ Maj(a,b,c).hi - sub sp,sp,#8 + adds $Alo,$Alo,$Tlo adc $Ahi,$Ahi,$Thi @ h += T - tst $Ktbl,#1 + + sub sp,sp,#8 add $Ktbl,$Ktbl,#8 ___ } $code=<<___; -#include "arm_arch.h" -#ifdef __ARMEL__ -# define LO 0 -# define HI 4 -# define WORD64(hi0,lo0,hi1,lo1) .word lo0,hi0, lo1,hi1 -#else -# define HI 0 -# define LO 4 -# define WORD64(hi0,lo0,hi1,lo1) .word hi0,lo0, hi1,lo1 -#endif - .text .code 32 .type K512,%object .align 5 K512: -WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd) -WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc) -WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019) -WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118) -WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe) -WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2) -WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1) -WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694) -WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3) -WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65) -WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483) -WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5) -WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210) -WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4) -WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725) -WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70) -WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926) -WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df) -WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8) -WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b) -WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001) -WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30) -WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910) -WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8) -WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53) -WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8) -WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb) -WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3) -WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60) -WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec) -WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9) -WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b) -WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207) -WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178) -WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6) -WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b) -WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493) -WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c) -WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) -WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) +.word 0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd +.word 0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc +.word 0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019 +.word 0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118 +.word 0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe +.word 0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2 +.word 0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1 +.word 0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694 +.word 0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3 +.word 0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65 +.word 0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483 +.word 0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5 +.word 0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210 +.word 0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4 +.word 0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725 +.word 0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70 +.word 0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926 +.word 0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df +.word 0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8 +.word 0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b +.word 0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001 +.word 0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30 +.word 0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910 +.word 0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8 +.word 0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53 +.word 0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8 +.word 0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb +.word 0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3 +.word 0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60 +.word 0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec +.word 0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9 +.word 0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b +.word 0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207 +.word 0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178 +.word 0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6 +.word 0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b +.word 0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493 +.word 0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c +.word 0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a +.word 0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817 .size K512,.-K512 -.LOPENSSL_armcap: -.word OPENSSL_armcap_P-sha512_block_data_order -.skip 32-4 .global sha512_block_data_order .type sha512_block_data_order,%function sha512_block_data_order: sub r3,pc,#8 @ sha512_block_data_order add $len,$inp,$len,lsl#7 @ len to point at the end of inp -#if __ARM_ARCH__>=7 - ldr r12,.LOPENSSL_armcap - ldr r12,[r3,r12] @ OPENSSL_armcap_P - tst r12,#1 - bne .LNEON -#endif stmdb sp!,{r4-r12,lr} - sub $Ktbl,r3,#672 @ K512 + sub $Ktbl,r3,#640 @ K512 sub sp,sp,#9*8 ldr $Elo,[$ctx,#$Eoff+$lo] @@ -270,7 +234,6 @@ sha512_block_data_order: str $Thi,[sp,#$Foff+4] .L00_15: -#if __ARM_ARCH__<7 ldrb $Tlo,[$inp,#7] ldrb $t0, [$inp,#6] ldrb $t1, [$inp,#5] @@ -285,30 +248,26 @@ sha512_block_data_order: orr $Thi,$Thi,$t3,lsl#8 orr $Thi,$Thi,$t0,lsl#16 orr $Thi,$Thi,$t1,lsl#24 -#else - ldr $Tlo,[$inp,#4] - ldr $Thi,[$inp],#8 -#ifdef __ARMEL__ - rev $Tlo,$Tlo - rev $Thi,$Thi -#endif -#endif + str $Tlo,[sp,#$Xoff+0] + str $Thi,[sp,#$Xoff+4] ___ &BODY_00_15(0x94); $code.=<<___; tst $Ktbl,#1 beq .L00_15 - ldr $t0,[sp,#`$Xoff+8*(16-1)`+0] - ldr $t1,[sp,#`$Xoff+8*(16-1)`+4] bic $Ktbl,$Ktbl,#1 + .L16_79: + ldr $t0,[sp,#`$Xoff+8*(16-1)`+0] + ldr $t1,[sp,#`$Xoff+8*(16-1)`+4] + ldr $t2,[sp,#`$Xoff+8*(16-14)`+0] + ldr $t3,[sp,#`$Xoff+8*(16-14)`+4] + @ sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) @ LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25 @ HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7 mov $Tlo,$t0,lsr#1 - ldr $t2,[sp,#`$Xoff+8*(16-14)`+0] mov $Thi,$t1,lsr#1 - ldr $t3,[sp,#`$Xoff+8*(16-14)`+4] eor $Tlo,$Tlo,$t1,lsl#31 eor $Thi,$Thi,$t0,lsl#31 eor $Tlo,$Tlo,$t0,lsr#8 @@ -332,24 +291,25 @@ $code.=<<___; eor $t1,$t1,$t3,lsl#3 eor $t0,$t0,$t2,lsr#6 eor $t1,$t1,$t3,lsr#6 - ldr $t2,[sp,#`$Xoff+8*(16-9)`+0] eor $t0,$t0,$t3,lsl#26 + ldr $t2,[sp,#`$Xoff+8*(16-9)`+0] ldr $t3,[sp,#`$Xoff+8*(16-9)`+4] adds $Tlo,$Tlo,$t0 - ldr $t0,[sp,#`$Xoff+8*16`+0] adc $Thi,$Thi,$t1 + ldr $t0,[sp,#`$Xoff+8*16`+0] ldr $t1,[sp,#`$Xoff+8*16`+4] adds $Tlo,$Tlo,$t2 adc $Thi,$Thi,$t3 adds $Tlo,$Tlo,$t0 adc $Thi,$Thi,$t1 + str $Tlo,[sp,#$Xoff+0] + str $Thi,[sp,#$Xoff+4] ___ &BODY_00_15(0x17); $code.=<<___; - ldreq $t0,[sp,#`$Xoff+8*(16-1)`+0] - ldreq $t1,[sp,#`$Xoff+8*(16-1)`+4] + tst $Ktbl,#1 beq .L16_79 bic $Ktbl,$Ktbl,#1 @@ -360,12 +320,12 @@ $code.=<<___; ldr $t2, [$ctx,#$Boff+$lo] ldr $t3, [$ctx,#$Boff+$hi] adds $t0,$Alo,$t0 - str $t0, [$ctx,#$Aoff+$lo] adc $t1,$Ahi,$t1 - str $t1, [$ctx,#$Aoff+$hi] adds $t2,$Tlo,$t2 - str $t2, [$ctx,#$Boff+$lo] adc $t3,$Thi,$t3 + str $t0, [$ctx,#$Aoff+$lo] + str $t1, [$ctx,#$Aoff+$hi] + str $t2, [$ctx,#$Boff+$lo] str $t3, [$ctx,#$Boff+$hi] ldr $Alo,[sp,#$Coff+0] @@ -377,12 +337,12 @@ $code.=<<___; ldr $t2, [$ctx,#$Doff+$lo] ldr $t3, [$ctx,#$Doff+$hi] adds $t0,$Alo,$t0 - str $t0, [$ctx,#$Coff+$lo] adc $t1,$Ahi,$t1 - str $t1, [$ctx,#$Coff+$hi] adds $t2,$Tlo,$t2 - str $t2, [$ctx,#$Doff+$lo] adc $t3,$Thi,$t3 + str $t0, [$ctx,#$Coff+$lo] + str $t1, [$ctx,#$Coff+$hi] + str $t2, [$ctx,#$Doff+$lo] str $t3, [$ctx,#$Doff+$hi] ldr $Tlo,[sp,#$Foff+0] @@ -392,12 +352,12 @@ $code.=<<___; ldr $t2, [$ctx,#$Foff+$lo] ldr $t3, [$ctx,#$Foff+$hi] adds $Elo,$Elo,$t0 - str $Elo,[$ctx,#$Eoff+$lo] adc $Ehi,$Ehi,$t1 - str $Ehi,[$ctx,#$Eoff+$hi] adds $t2,$Tlo,$t2 - str $t2, [$ctx,#$Foff+$lo] adc $t3,$Thi,$t3 + str $Elo,[$ctx,#$Eoff+$lo] + str $Ehi,[$ctx,#$Eoff+$hi] + str $t2, [$ctx,#$Foff+$lo] str $t3, [$ctx,#$Foff+$hi] ldr $Alo,[sp,#$Goff+0] @@ -409,12 +369,12 @@ $code.=<<___; ldr $t2, [$ctx,#$Hoff+$lo] ldr $t3, [$ctx,#$Hoff+$hi] adds $t0,$Alo,$t0 - str $t0, [$ctx,#$Goff+$lo] adc $t1,$Ahi,$t1 - str $t1, [$ctx,#$Goff+$hi] adds $t2,$Tlo,$t2 - str $t2, [$ctx,#$Hoff+$lo] adc $t3,$Thi,$t3 + str $t0, [$ctx,#$Goff+$lo] + str $t1, [$ctx,#$Goff+$hi] + str $t2, [$ctx,#$Hoff+$lo] str $t3, [$ctx,#$Hoff+$hi] add sp,sp,#640 @@ -424,156 +384,13 @@ $code.=<<___; bne .Loop add sp,sp,#8*9 @ destroy frame -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} -#else ldmia sp!,{r4-r12,lr} tst lr,#1 moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) -#endif -___ - -{ -my @Sigma0=(28,34,39); -my @Sigma1=(14,18,41); -my @sigma0=(1, 8, 7); -my @sigma1=(19,61,6); - -my $Ktbl="r3"; -my $cnt="r12"; # volatile register known as ip, intra-procedure-call scratch - -my @X=map("d$_",(0..15)); -my @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("d$_",(16..23)); - -sub NEON_00_15() { -my $i=shift; -my ($a,$b,$c,$d,$e,$f,$g,$h)=@_; -my ($t0,$t1,$t2,$T1,$K,$Ch,$Maj)=map("d$_",(24..31)); # temps - -$code.=<<___ if ($i<16 || $i&1); - vshr.u64 $t0,$e,#@Sigma1[0] @ $i -#if $i<16 - vld1.64 {@X[$i%16]},[$inp]! @ handles unaligned -#endif - vshr.u64 $t1,$e,#@Sigma1[1] - vshr.u64 $t2,$e,#@Sigma1[2] -___ -$code.=<<___; - vld1.64 {$K},[$Ktbl,:64]! @ K[i++] - vsli.64 $t0,$e,#`64-@Sigma1[0]` - vsli.64 $t1,$e,#`64-@Sigma1[1]` - vsli.64 $t2,$e,#`64-@Sigma1[2]` -#if $i<16 && defined(__ARMEL__) - vrev64.8 @X[$i],@X[$i] -#endif - vadd.i64 $T1,$K,$h - veor $Ch,$f,$g - veor $t0,$t1 - vand $Ch,$e - veor $t0,$t2 @ Sigma1(e) - veor $Ch,$g @ Ch(e,f,g) - vadd.i64 $T1,$t0 - vshr.u64 $t0,$a,#@Sigma0[0] - vadd.i64 $T1,$Ch - vshr.u64 $t1,$a,#@Sigma0[1] - vshr.u64 $t2,$a,#@Sigma0[2] - vsli.64 $t0,$a,#`64-@Sigma0[0]` - vsli.64 $t1,$a,#`64-@Sigma0[1]` - vsli.64 $t2,$a,#`64-@Sigma0[2]` - vadd.i64 $T1,@X[$i%16] - vorr $Maj,$a,$c - vand $Ch,$a,$c - veor $h,$t0,$t1 - vand $Maj,$b - veor $h,$t2 @ Sigma0(a) - vorr $Maj,$Ch @ Maj(a,b,c) - vadd.i64 $h,$T1 - vadd.i64 $d,$T1 - vadd.i64 $h,$Maj -___ -} - -sub NEON_16_79() { -my $i=shift; - -if ($i&1) { &NEON_00_15($i,@_); return; } - -# 2x-vectorized, therefore runs every 2nd round -my @X=map("q$_",(0..7)); # view @X as 128-bit vector -my ($t0,$t1,$s0,$s1) = map("q$_",(12..15)); # temps -my ($d0,$d1,$d2) = map("d$_",(24..26)); # temps from NEON_00_15 -my $e=@_[4]; # $e from NEON_00_15 -$i /= 2; -$code.=<<___; - vshr.u64 $t0,@X[($i+7)%8],#@sigma1[0] - vshr.u64 $t1,@X[($i+7)%8],#@sigma1[1] - vshr.u64 $s1,@X[($i+7)%8],#@sigma1[2] - vsli.64 $t0,@X[($i+7)%8],#`64-@sigma1[0]` - vext.8 $s0,@X[$i%8],@X[($i+1)%8],#8 @ X[i+1] - vsli.64 $t1,@X[($i+7)%8],#`64-@sigma1[1]` - veor $s1,$t0 - vshr.u64 $t0,$s0,#@sigma0[0] - veor $s1,$t1 @ sigma1(X[i+14]) - vshr.u64 $t1,$s0,#@sigma0[1] - vadd.i64 @X[$i%8],$s1 - vshr.u64 $s1,$s0,#@sigma0[2] - vsli.64 $t0,$s0,#`64-@sigma0[0]` - vsli.64 $t1,$s0,#`64-@sigma0[1]` - vext.8 $s0,@X[($i+4)%8],@X[($i+5)%8],#8 @ X[i+9] - veor $s1,$t0 - vshr.u64 $d0,$e,#@Sigma1[0] @ from NEON_00_15 - vadd.i64 @X[$i%8],$s0 - vshr.u64 $d1,$e,#@Sigma1[1] @ from NEON_00_15 - veor $s1,$t1 @ sigma0(X[i+1]) - vshr.u64 $d2,$e,#@Sigma1[2] @ from NEON_00_15 - vadd.i64 @X[$i%8],$s1 -___ - &NEON_00_15(2*$i,@_); -} - -$code.=<<___; -#if __ARM_ARCH__>=7 -.fpu neon - -.align 4 -.LNEON: - dmb @ errata #451034 on early Cortex A8 - vstmdb sp!,{d8-d15} @ ABI specification says so - sub $Ktbl,r3,#672 @ K512 - vldmia $ctx,{$A-$H} @ load context -.Loop_neon: -___ -for($i=0;$i<16;$i++) { &NEON_00_15($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - mov $cnt,#4 -.L16_79_neon: - subs $cnt,#1 -___ -for(;$i<32;$i++) { &NEON_16_79($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - bne .L16_79_neon - - vldmia $ctx,{d24-d31} @ load context to temp - vadd.i64 q8,q12 @ vectorized accumulate - vadd.i64 q9,q13 - vadd.i64 q10,q14 - vadd.i64 q11,q15 - vstmia $ctx,{$A-$H} @ save context - teq $inp,$len - sub $Ktbl,#640 @ rewind K512 - bne .Loop_neon - - vldmia sp!,{d8-d15} @ epilogue - bx lr -#endif -___ -} -$code.=<<___; -.size sha512_block_data_order,.-sha512_block_data_order -.asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>" +.size sha512_block_data_order,.-sha512_block_data_order +.asciz "SHA512 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" .align 2 -.comm OPENSSL_armcap_P,4,4 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl b/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl index 079a3fc78ab..e7ef2d5a9f5 100644 --- a/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl +++ b/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl @@ -26,26 +26,6 @@ # favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster # than software. -# November 2010. -# -# Adapt for -m31 build. If kernel supports what's called "highgprs" -# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit -# instructions and achieve "64-bit" performance even in 31-bit legacy -# application context. The feature is not specific to any particular -# processor, as long as it's "z-CPU". Latter implies that the code -# remains z/Architecture specific. On z900 SHA256 was measured to -# perform 2.4x and SHA512 - 13x better than code generated by gcc 4.3. - -$flavour = shift; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - $t0="%r0"; $t1="%r1"; $ctx="%r2"; $t2="%r2"; @@ -64,7 +44,7 @@ $tbl="%r13"; $T1="%r14"; $sp="%r15"; -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +$output=shift; open STDOUT,">$output"; if ($output =~ /512/) { @@ -98,8 +78,7 @@ if ($output =~ /512/) { } $Func="sha${label}_block_data_order"; $Table="K${label}"; -$stdframe=16*$SIZE_T+4*8; -$frame=$stdframe+16*$SZ; +$frame=160+16*$SZ; sub BODY_00_15 { my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; @@ -114,9 +93,9 @@ $code.=<<___; xgr $t0,$t1 $ROT $t1,$t1,`$Sigma1[2]-$Sigma1[1]` xgr $t2,$g - $ST $T1,`$stdframe+$SZ*($i%16)`($sp) + $ST $T1,`160+$SZ*($i%16)`($sp) xgr $t0,$t1 # Sigma1(e) - algr $T1,$h # T1+=h + la $T1,0($T1,$h) # T1+=h ngr $t2,$e lgr $t1,$a algr $T1,$t0 # T1+=Sigma1(e) @@ -134,7 +113,7 @@ $code.=<<___; ngr $t2,$b algr $h,$T1 # h+=T1 ogr $t2,$t1 # Maj(a,b,c) - algr $d,$T1 # d+=T1 + la $d,0($d,$T1) # d+=T1 algr $h,$t2 # h+=Maj(a,b,c) ___ } @@ -143,19 +122,19 @@ sub BODY_16_XX { my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; $code.=<<___; - $LD $T1,`$stdframe+$SZ*(($i+1)%16)`($sp) ### $i - $LD $t1,`$stdframe+$SZ*(($i+14)%16)`($sp) + $LD $T1,`160+$SZ*(($i+1)%16)`($sp) ### $i + $LD $t1,`160+$SZ*(($i+14)%16)`($sp) $ROT $t0,$T1,$sigma0[0] $SHR $T1,$sigma0[2] $ROT $t2,$t0,`$sigma0[1]-$sigma0[0]` xgr $T1,$t0 $ROT $t0,$t1,$sigma1[0] - xgr $T1,$t2 # sigma0(X[i+1]) + xgr $T1,$t2 # sigma0(X[i+1]) $SHR $t1,$sigma1[2] - $ADD $T1,`$stdframe+$SZ*($i%16)`($sp) # +=X[i] + $ADD $T1,`160+$SZ*($i%16)`($sp) # +=X[i] xgr $t1,$t0 $ROT $t0,$t0,`$sigma1[1]-$sigma1[0]` - $ADD $T1,`$stdframe+$SZ*(($i+9)%16)`($sp) # +=X[i+9] + $ADD $T1,`160+$SZ*(($i+9)%16)`($sp) # +=X[i+9] xgr $t1,$t0 # sigma1(X[i+14]) algr $T1,$t1 # +=sigma1(X[i+14]) ___ @@ -233,7 +212,6 @@ $code.=<<___; .globl $Func .type $Func,\@function $Func: - sllg $len,$len,`log(16*$SZ)/log(2)` ___ $code.=<<___ if ($kimdfunc); larl %r1,OPENSSL_s390xcap_P @@ -241,15 +219,15 @@ $code.=<<___ if ($kimdfunc); tmhl %r0,0x4000 # check for message-security assist jz .Lsoftware lghi %r0,0 - la %r1,`2*$SIZE_T`($sp) + la %r1,16($sp) .long 0xb93e0002 # kimd %r0,%r2 - lg %r0,`2*$SIZE_T`($sp) + lg %r0,16($sp) tmhh %r0,`0x8000>>$kimdfunc` jz .Lsoftware lghi %r0,$kimdfunc lgr %r1,$ctx lgr %r2,$inp - lgr %r3,$len + sllg %r3,$len,`log(16*$SZ)/log(2)` .long 0xb93e0002 # kimd %r0,%r2 brc 1,.-4 # pay attention to "partial completion" br %r14 @@ -257,12 +235,13 @@ $code.=<<___ if ($kimdfunc); .Lsoftware: ___ $code.=<<___; + sllg $len,$len,`log(16*$SZ)/log(2)` lghi %r1,-$frame - la $len,0($len,$inp) - stm${g} $ctx,%r15,`2*$SIZE_T`($sp) + agr $len,$inp + stmg $ctx,%r15,16($sp) lgr %r0,$sp la $sp,0(%r1,$sp) - st${g} %r0,0($sp) + stg %r0,0($sp) larl $tbl,$Table $LD $A,`0*$SZ`($ctx) @@ -286,7 +265,7 @@ $code.=<<___; clgr $len,$t0 jne .Lrounds_16_xx - l${g} $ctx,`$frame+2*$SIZE_T`($sp) + lg $ctx,`$frame+16`($sp) la $inp,`16*$SZ`($inp) $ADD $A,`0*$SZ`($ctx) $ADD $B,`1*$SZ`($ctx) @@ -304,14 +283,14 @@ $code.=<<___; $ST $F,`5*$SZ`($ctx) $ST $G,`6*$SZ`($ctx) $ST $H,`7*$SZ`($ctx) - cl${g} $inp,`$frame+4*$SIZE_T`($sp) + clg $inp,`$frame+32`($sp) jne .Lloop - lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) + lmg %r6,%r15,`$frame+48`($sp) br %r14 .size $Func,.-$Func .string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>" -.comm OPENSSL_s390xcap_P,16,8 +.comm OPENSSL_s390xcap_P,8,8 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl b/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl index 585740789e6..54241aab504 100644 --- a/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl +++ b/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl @@ -305,9 +305,9 @@ $code.=<<___; srlx @X[(($i+9)/2)%8],32,$tmp1 ! X[i+9] xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14]) srl @X[($i/2)%8],0,$tmp0 - add $tmp2,$tmp1,$tmp1 add $xi,$T1,$T1 ! +=X[i] xor $tmp0,@X[($i/2)%8],@X[($i/2)%8] + add $tmp2,$T1,$T1 add $tmp1,$T1,$T1 srl $T1,0,$T1 @@ -318,9 +318,9 @@ ___ $code.=<<___; srlx @X[($i/2)%8],32,$tmp1 ! X[i] xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14]) - add $xi,$T1,$T1 ! +=X[i+9] - add $tmp2,$tmp1,$tmp1 srl @X[($i/2)%8],0,@X[($i/2)%8] + add $xi,$T1,$T1 ! +=X[i+9] + add $tmp2,$T1,$T1 add $tmp1,$T1,$T1 sllx $T1,32,$tmp0 @@ -586,7 +586,6 @@ $code.=<<___; .type sha${label}_block_data_order,#function .size sha${label}_block_data_order,(.-sha${label}_block_data_order) .asciz "SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>" -.align 4 ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; diff --git a/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl b/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl index cb2381c22ba..32cf16380b5 100644 --- a/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl +++ b/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl @@ -119,7 +119,7 @@ $tbl="ebp"; &mov ("eax",&DWP(0,"esp")); &mov ("ebx",&DWP(4,"esp")); for($i=0;$i<8;$i++) { - my $func = ($i==0)? \&movq : \&pxor; + my $func = ($i==0)? movq : pxor; &movb (&LB("ecx"),&LB("eax")); &movb (&LB("edx"),&HB("eax")); &scale ("esi","ecx"); diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod index 8ff597d44ad..1a9c7954c55 100644 --- a/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod +++ b/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod @@ -32,7 +32,7 @@ public key algorithm. L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, -L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>, =head1 HISTORY diff --git a/lib/libssl/src/test/pkits-test.pl b/lib/libssl/src/test/pkits-test.pl index 5c6b89fcdb0..69dffa16f90 100644 --- a/lib/libssl/src/test/pkits-test.pl +++ b/lib/libssl/src/test/pkits-test.pl @@ -784,15 +784,6 @@ my $ossl = "ossl/apps/openssl"; my $ossl_cmd = "$ossl_path cms -verify -verify_retcode "; $ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict "; - -# Check for expiry of trust anchor -system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0"; -if ($? == 256) - { - print STDERR "WARNING: using older expired data\n"; - $ossl_cmd .= "-attime 1291940972 "; - } - $ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 "; system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem"; |