summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2010-10-01 22:54:18 +0000
committerDamien Miller <djm@cvs.openbsd.org>2010-10-01 22:54:18 +0000
commit83818a12de45db7cb1101fbfdd2623d993f60550 (patch)
tree7f62af8daf1472973725396bb0177d36d76f5bd0
parentead3de0e8a6279161ffa0ae7efdf2dc6dbfd3975 (diff)
import OpenSSL-1.0.0a
-rwxr-xr-xlib/libssl/src/crypto/perlasm/ppc-xlate.pl13
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl100
-rwxr-xr-xlib/libssl/src/crypto/sha/asm/sha1-ppc.pl83
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha1-s390x.pl50
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl1
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl3
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha256-586.pl52
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha256-armv4.pl78
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha512-586.pl16
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha512-armv4.pl387
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha512-s390x.pl63
-rw-r--r--lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl7
-rw-r--r--lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl2
-rw-r--r--lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod2
-rw-r--r--lib/libssl/src/test/pkits-test.pl9
15 files changed, 287 insertions, 579 deletions
diff --git a/lib/libssl/src/crypto/perlasm/ppc-xlate.pl b/lib/libssl/src/crypto/perlasm/ppc-xlate.pl
index a3edd982b66..4579671c970 100755
--- a/lib/libssl/src/crypto/perlasm/ppc-xlate.pl
+++ b/lib/libssl/src/crypto/perlasm/ppc-xlate.pl
@@ -31,9 +31,10 @@ my $globl = sub {
$ret .= ".type $name,\@function";
last;
};
- /linux.*64/ && do { $ret .= ".globl $name\n";
- $ret .= ".type $name,\@function\n";
+ /linux.*64/ && do { $ret .= ".globl .$name\n";
+ $ret .= ".type .$name,\@function\n";
$ret .= ".section \".opd\",\"aw\"\n";
+ $ret .= ".globl $name\n";
$ret .= ".align 3\n";
$ret .= "$name:\n";
$ret .= ".quad .$name,.TOC.\@tocbase,0\n";
@@ -61,14 +62,6 @@ my $machine = sub {
}
".machine $arch";
};
-my $size = sub {
- if ($flavour =~ /linux.*32/)
- { shift;
- ".size " . join(",",@_);
- }
- else
- { ""; }
-};
my $asciz = sub {
shift;
my $line = join(",",@_);
diff --git a/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl b/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl
index 33da3e0e3c0..88861af6411 100644
--- a/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl
@@ -37,22 +37,9 @@
# modes are limited. As result it takes more instructions to do
# the same job in Thumb, therefore the code is never twice as
# small and always slower.
-# [***] which is also ~35% better than compiler generated code. Dual-
-# issue Cortex A8 core was measured to process input block in
-# ~990 cycles.
+# [***] which is also ~35% better than compiler generated code.
-# August 2010.
-#
-# Rescheduling for dual-issue pipeline resulted in 13% improvement on
-# Cortex A8 core and in absolute terms ~870 cycles per input block
-# [or 13.6 cycles per byte].
-
-# February 2011.
-#
-# Profiler-assisted and platform-specific optimization resulted in 10%
-# improvement on Cortex A8 core and 12.2 cycles per byte.
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+$output=shift;
open STDOUT,">$output";
$ctx="r0";
@@ -71,62 +58,63 @@ $t3="r12";
$Xi="r14";
@V=($a,$b,$c,$d,$e);
+# One can optimize this for aligned access on big-endian architecture,
+# but code's endian neutrality makes it too pretty:-)
+sub Xload {
+my ($a,$b,$c,$d,$e)=@_;
+$code.=<<___;
+ ldrb $t0,[$inp],#4
+ ldrb $t1,[$inp,#-3]
+ ldrb $t2,[$inp,#-2]
+ ldrb $t3,[$inp,#-1]
+ add $e,$K,$e,ror#2 @ E+=K_00_19
+ orr $t0,$t1,$t0,lsl#8
+ add $e,$e,$a,ror#27 @ E+=ROR(A,27)
+ orr $t0,$t2,$t0,lsl#8
+ eor $t1,$c,$d @ F_xx_xx
+ orr $t0,$t3,$t0,lsl#8
+ add $e,$e,$t0 @ E+=X[i]
+ str $t0,[$Xi,#-4]!
+___
+}
sub Xupdate {
-my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_;
+my ($a,$b,$c,$d,$e,$flag)=@_;
$code.=<<___;
ldr $t0,[$Xi,#15*4]
ldr $t1,[$Xi,#13*4]
ldr $t2,[$Xi,#7*4]
- add $e,$K,$e,ror#2 @ E+=K_xx_xx
ldr $t3,[$Xi,#2*4]
+ add $e,$K,$e,ror#2 @ E+=K_xx_xx
eor $t0,$t0,$t1
- eor $t2,$t2,$t3 @ 1 cycle stall
- eor $t1,$c,$d @ F_xx_xx
- mov $t0,$t0,ror#31
+ eor $t0,$t0,$t2
+ eor $t0,$t0,$t3
add $e,$e,$a,ror#27 @ E+=ROR(A,27)
- eor $t0,$t0,$t2,ror#31
- str $t0,[$Xi,#-4]!
- $opt1 @ F_xx_xx
- $opt2 @ F_xx_xx
+___
+$code.=<<___ if (!defined($flag));
+ eor $t1,$c,$d @ F_xx_xx, but not in 40_59
+___
+$code.=<<___;
+ mov $t0,$t0,ror#31
add $e,$e,$t0 @ E+=X[i]
+ str $t0,[$Xi,#-4]!
___
}
sub BODY_00_15 {
my ($a,$b,$c,$d,$e)=@_;
+ &Xload(@_);
$code.=<<___;
-#if __ARM_ARCH__<7
- ldrb $t1,[$inp,#2]
- ldrb $t0,[$inp,#3]
- ldrb $t2,[$inp,#1]
- add $e,$K,$e,ror#2 @ E+=K_00_19
- ldrb $t3,[$inp],#4
- orr $t0,$t0,$t1,lsl#8
- eor $t1,$c,$d @ F_xx_xx
- orr $t0,$t0,$t2,lsl#16
- add $e,$e,$a,ror#27 @ E+=ROR(A,27)
- orr $t0,$t0,$t3,lsl#24
-#else
- ldr $t0,[$inp],#4 @ handles unaligned
- add $e,$K,$e,ror#2 @ E+=K_00_19
- eor $t1,$c,$d @ F_xx_xx
- add $e,$e,$a,ror#27 @ E+=ROR(A,27)
-#ifdef __ARMEL__
- rev $t0,$t0 @ byte swap
-#endif
-#endif
and $t1,$b,$t1,ror#2
- add $e,$e,$t0 @ E+=X[i]
eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D)
- str $t0,[$Xi,#-4]!
add $e,$e,$t1 @ E+=F_00_19(B,C,D)
___
}
sub BODY_16_19 {
my ($a,$b,$c,$d,$e)=@_;
- &Xupdate(@_,"and $t1,$b,$t1,ror#2");
+ &Xupdate(@_);
$code.=<<___;
+ and $t1,$b,$t1,ror#2
eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D)
add $e,$e,$t1 @ E+=F_00_19(B,C,D)
___
@@ -134,24 +122,26 @@ ___
sub BODY_20_39 {
my ($a,$b,$c,$d,$e)=@_;
- &Xupdate(@_,"eor $t1,$b,$t1,ror#2");
+ &Xupdate(@_);
$code.=<<___;
+ eor $t1,$b,$t1,ror#2 @ F_20_39(B,C,D)
add $e,$e,$t1 @ E+=F_20_39(B,C,D)
___
}
sub BODY_40_59 {
my ($a,$b,$c,$d,$e)=@_;
- &Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d");
+ &Xupdate(@_,1);
$code.=<<___;
+ and $t1,$b,$c,ror#2
+ orr $t2,$b,$c,ror#2
+ and $t2,$t2,$d,ror#2
+ orr $t1,$t1,$t2 @ F_40_59(B,C,D)
add $e,$e,$t1 @ E+=F_40_59(B,C,D)
- add $e,$e,$t2,ror#2
___
}
$code=<<___;
-#include "arm_arch.h"
-
.text
.global sha1_block_data_order
@@ -177,7 +167,6 @@ for($i=0;$i<5;$i++) {
$code.=<<___;
teq $Xi,sp
bne .L_00_15 @ [((11+4)*5+2)*3]
- sub sp,sp,#25*4
___
&BODY_00_15(@V); unshift(@V,pop(@V));
&BODY_16_19(@V); unshift(@V,pop(@V));
@@ -187,6 +176,7 @@ ___
$code.=<<___;
ldr $K,.LK_20_39 @ [+15+16*4]
+ sub sp,sp,#25*4
cmn sp,#0 @ [+3], clear carry to denote 20_39
.L_20_39_or_60_79:
___
@@ -225,14 +215,10 @@ $code.=<<___;
teq $inp,$len
bne .Lloop @ [+18], total 1307
-#if __ARM_ARCH__>=5
- ldmia sp!,{r4-r12,pc}
-#else
ldmia sp!,{r4-r12,lr}
tst lr,#1
moveq pc,lr @ be binary compatible with V4, yet
bx lr @ interoperable with Thumb ISA:-)
-#endif
.align 2
.LK_00_19: .word 0x5a827999
.LK_20_39: .word 0x6ed9eba1
diff --git a/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl b/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl
index 2140dd2f8dd..dcd0fcdfcfa 100755
--- a/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha1-ppc.pl
@@ -24,14 +24,12 @@ $flavour = shift;
if ($flavour =~ /64/) {
$SIZE_T =8;
- $LRSAVE =2*$SIZE_T;
$UCMP ="cmpld";
$STU ="stdu";
$POP ="ld";
$PUSH ="std";
} elsif ($flavour =~ /32/) {
$SIZE_T =4;
- $LRSAVE =$SIZE_T;
$UCMP ="cmplw";
$STU ="stwu";
$POP ="lwz";
@@ -45,8 +43,7 @@ die "can't locate ppc-xlate.pl";
open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
-$FRAME=24*$SIZE_T+64;
-$LOCALS=6*$SIZE_T;
+$FRAME=24*$SIZE_T;
$K ="r0";
$sp ="r1";
@@ -165,8 +162,9 @@ $code=<<___;
.globl .sha1_block_data_order
.align 4
.sha1_block_data_order:
- $STU $sp,-$FRAME($sp)
mflr r0
+ $STU $sp,`-($FRAME+64)`($sp)
+ $PUSH r0,`$FRAME-$SIZE_T*18`($sp)
$PUSH r15,`$FRAME-$SIZE_T*17`($sp)
$PUSH r16,`$FRAME-$SIZE_T*16`($sp)
$PUSH r17,`$FRAME-$SIZE_T*15`($sp)
@@ -184,7 +182,6 @@ $code=<<___;
$PUSH r29,`$FRAME-$SIZE_T*3`($sp)
$PUSH r30,`$FRAME-$SIZE_T*2`($sp)
$PUSH r31,`$FRAME-$SIZE_T*1`($sp)
- $PUSH r0,`$FRAME+$LRSAVE`($sp)
lwz $A,0($ctx)
lwz $B,4($ctx)
lwz $C,8($ctx)
@@ -195,14 +192,37 @@ $code=<<___;
Laligned:
mtctr $num
bl Lsha1_block_private
- b Ldone
+Ldone:
+ $POP r0,`$FRAME-$SIZE_T*18`($sp)
+ $POP r15,`$FRAME-$SIZE_T*17`($sp)
+ $POP r16,`$FRAME-$SIZE_T*16`($sp)
+ $POP r17,`$FRAME-$SIZE_T*15`($sp)
+ $POP r18,`$FRAME-$SIZE_T*14`($sp)
+ $POP r19,`$FRAME-$SIZE_T*13`($sp)
+ $POP r20,`$FRAME-$SIZE_T*12`($sp)
+ $POP r21,`$FRAME-$SIZE_T*11`($sp)
+ $POP r22,`$FRAME-$SIZE_T*10`($sp)
+ $POP r23,`$FRAME-$SIZE_T*9`($sp)
+ $POP r24,`$FRAME-$SIZE_T*8`($sp)
+ $POP r25,`$FRAME-$SIZE_T*7`($sp)
+ $POP r26,`$FRAME-$SIZE_T*6`($sp)
+ $POP r27,`$FRAME-$SIZE_T*5`($sp)
+ $POP r28,`$FRAME-$SIZE_T*4`($sp)
+ $POP r29,`$FRAME-$SIZE_T*3`($sp)
+ $POP r30,`$FRAME-$SIZE_T*2`($sp)
+ $POP r31,`$FRAME-$SIZE_T*1`($sp)
+ mtlr r0
+ addi $sp,$sp,`$FRAME+64`
+ blr
+___
-; PowerPC specification allows an implementation to be ill-behaved
-; upon unaligned access which crosses page boundary. "Better safe
-; than sorry" principle makes me treat it specially. But I don't
-; look for particular offending word, but rather for 64-byte input
-; block which crosses the boundary. Once found that block is aligned
-; and hashed separately...
+# PowerPC specification allows an implementation to be ill-behaved
+# upon unaligned access which crosses page boundary. "Better safe
+# than sorry" principle makes me treat it specially. But I don't
+# look for particular offending word, but rather for 64-byte input
+# block which crosses the boundary. Once found that block is aligned
+# and hashed separately...
+$code.=<<___;
.align 4
Lunaligned:
subfic $t1,$inp,4096
@@ -217,7 +237,7 @@ Lunaligned:
Lcross_page:
li $t1,16
mtctr $t1
- addi r20,$sp,$LOCALS ; spot within the frame
+ addi r20,$sp,$FRAME ; spot below the frame
Lmemcpy:
lbz r16,0($inp)
lbz r17,1($inp)
@@ -231,40 +251,15 @@ Lmemcpy:
addi r20,r20,4
bdnz Lmemcpy
- $PUSH $inp,`$FRAME-$SIZE_T*18`($sp)
+ $PUSH $inp,`$FRAME-$SIZE_T*19`($sp)
li $t1,1
- addi $inp,$sp,$LOCALS
+ addi $inp,$sp,$FRAME
mtctr $t1
bl Lsha1_block_private
- $POP $inp,`$FRAME-$SIZE_T*18`($sp)
+ $POP $inp,`$FRAME-$SIZE_T*19`($sp)
addic. $num,$num,-1
bne- Lunaligned
-
-Ldone:
- $POP r0,`$FRAME+$LRSAVE`($sp)
- $POP r15,`$FRAME-$SIZE_T*17`($sp)
- $POP r16,`$FRAME-$SIZE_T*16`($sp)
- $POP r17,`$FRAME-$SIZE_T*15`($sp)
- $POP r18,`$FRAME-$SIZE_T*14`($sp)
- $POP r19,`$FRAME-$SIZE_T*13`($sp)
- $POP r20,`$FRAME-$SIZE_T*12`($sp)
- $POP r21,`$FRAME-$SIZE_T*11`($sp)
- $POP r22,`$FRAME-$SIZE_T*10`($sp)
- $POP r23,`$FRAME-$SIZE_T*9`($sp)
- $POP r24,`$FRAME-$SIZE_T*8`($sp)
- $POP r25,`$FRAME-$SIZE_T*7`($sp)
- $POP r26,`$FRAME-$SIZE_T*6`($sp)
- $POP r27,`$FRAME-$SIZE_T*5`($sp)
- $POP r28,`$FRAME-$SIZE_T*4`($sp)
- $POP r29,`$FRAME-$SIZE_T*3`($sp)
- $POP r30,`$FRAME-$SIZE_T*2`($sp)
- $POP r31,`$FRAME-$SIZE_T*1`($sp)
- mtlr r0
- addi $sp,$sp,$FRAME
- blr
- .long 0
- .byte 0,12,4,1,0x80,18,3,0
- .long 0
+ b Ldone
___
# This is private block function, which uses tailored calling
@@ -314,8 +309,6 @@ $code.=<<___;
addi $inp,$inp,`16*4`
bdnz- Lsha1_block_private
blr
- .long 0
- .byte 0,12,0x14,0,0,0,0,0
___
$code.=<<___;
.asciz "SHA1 block transform for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>"
diff --git a/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl b/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl
index 9193dda45ef..4b17848287a 100644
--- a/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha1-s390x.pl
@@ -21,28 +21,9 @@
# instructions to favour dual-issue z10 pipeline. On z10 hardware is
# "only" ~2.3x faster than software.
-# November 2010.
-#
-# Adapt for -m31 build. If kernel supports what's called "highgprs"
-# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
-# instructions and achieve "64-bit" performance even in 31-bit legacy
-# application context. The feature is not specific to any particular
-# processor, as long as it's "z-CPU". Latter implies that the code
-# remains z/Architecture specific.
-
$kimdfunc=1; # magic function code for kimd instruction
-$flavour = shift;
-
-if ($flavour =~ /3[12]/) {
- $SIZE_T=4;
- $g="";
-} else {
- $SIZE_T=8;
- $g="g";
-}
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+$output=shift;
open STDOUT,">$output";
$K_00_39="%r0"; $K=$K_00_39;
@@ -61,14 +42,13 @@ $t1="%r11";
@X=("%r12","%r13","%r14");
$sp="%r15";
-$stdframe=16*$SIZE_T+4*8;
-$frame=$stdframe+16*4;
+$frame=160+16*4;
sub Xupdate {
my $i=shift;
$code.=<<___ if ($i==15);
- lg $prefetch,$stdframe($sp) ### Xupdate(16) warm-up
+ lg $prefetch,160($sp) ### Xupdate(16) warm-up
lr $X[0],$X[2]
___
return if ($i&1); # Xupdate is vectorized and executed every 2nd cycle
@@ -78,8 +58,8 @@ $code.=<<___ if ($i<16);
___
$code.=<<___ if ($i>=16);
xgr $X[0],$prefetch ### Xupdate($i)
- lg $prefetch,`$stdframe+4*(($i+2)%16)`($sp)
- xg $X[0],`$stdframe+4*(($i+8)%16)`($sp)
+ lg $prefetch,`160+4*(($i+2)%16)`($sp)
+ xg $X[0],`160+4*(($i+8)%16)`($sp)
xgr $X[0],$prefetch
rll $X[0],$X[0],1
rllg $X[1],$X[0],32
@@ -88,7 +68,7 @@ $code.=<<___ if ($i>=16);
lr $X[2],$X[1] # feedback
___
$code.=<<___ if ($i<=70);
- stg $X[0],`$stdframe+4*($i%16)`($sp)
+ stg $X[0],`160+4*($i%16)`($sp)
___
unshift(@X,pop(@X));
}
@@ -168,9 +148,9 @@ $code.=<<___ if ($kimdfunc);
tmhl %r0,0x4000 # check for message-security assist
jz .Lsoftware
lghi %r0,0
- la %r1,`2*$SIZE_T`($sp)
+ la %r1,16($sp)
.long 0xb93e0002 # kimd %r0,%r2
- lg %r0,`2*$SIZE_T`($sp)
+ lg %r0,16($sp)
tmhh %r0,`0x8000>>$kimdfunc`
jz .Lsoftware
lghi %r0,$kimdfunc
@@ -185,11 +165,11 @@ $code.=<<___ if ($kimdfunc);
___
$code.=<<___;
lghi %r1,-$frame
- st${g} $ctx,`2*$SIZE_T`($sp)
- stm${g} %r6,%r15,`6*$SIZE_T`($sp)
+ stg $ctx,16($sp)
+ stmg %r6,%r15,48($sp)
lgr %r0,$sp
la $sp,0(%r1,$sp)
- st${g} %r0,0($sp)
+ stg %r0,0($sp)
larl $t0,Ktable
llgf $A,0($ctx)
@@ -219,7 +199,7 @@ ___
for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
$code.=<<___;
- l${g} $ctx,`$frame+2*$SIZE_T`($sp)
+ lg $ctx,`$frame+16`($sp)
la $inp,64($inp)
al $A,0($ctx)
al $B,4($ctx)
@@ -231,13 +211,13 @@ $code.=<<___;
st $C,8($ctx)
st $D,12($ctx)
st $E,16($ctx)
- brct${g} $len,.Lloop
+ brct $len,.Lloop
- lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp)
+ lmg %r6,%r15,`$frame+48`($sp)
br %r14
.size sha1_block_data_order,.-sha1_block_data_order
.string "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.comm OPENSSL_s390xcap_P,16,8
+.comm OPENSSL_s390xcap_P,8,8
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl
index 5c161cecd69..8306fc88ccf 100644
--- a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl
@@ -276,7 +276,6 @@ $code.=<<___;
.type sha1_block_data_order,#function
.size sha1_block_data_order,(.-sha1_block_data_order)
.asciz "SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
-.align 4
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl
index e65291bbd97..15eb854badc 100644
--- a/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl
@@ -539,7 +539,6 @@ $code.=<<___;
.type sha1_block_data_order,#function
.size sha1_block_data_order,(.-sha1_block_data_order)
.asciz "SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>"
-.align 4
___
# Purpose of these subroutines is to explicitly encode VIS instructions,
@@ -549,7 +548,7 @@ ___
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {
my ($mnemonic,$rs1,$rs2,$rd)=@_;
-my ($ref,$opf);
+my $ref,$opf;
my %visopf = ( "fmul8ulx16" => 0x037,
"faligndata" => 0x048,
"fpadd32" => 0x052,
diff --git a/lib/libssl/src/crypto/sha/asm/sha256-586.pl b/lib/libssl/src/crypto/sha/asm/sha256-586.pl
index 928ec53123b..ecc8b69c75d 100644
--- a/lib/libssl/src/crypto/sha/asm/sha256-586.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha256-586.pl
@@ -14,8 +14,8 @@
# Pentium PIII P4 AMD K8 Core2
# gcc 46 36 41 27 26
# icc 57 33 38 25 23
-# x86 asm 40 30 33 20 18
-# x86_64 asm(*) - - 21 16 16
+# x86 asm 40 30 35 20 20
+# x86_64 asm(*) - - 21 15.8 16.5
#
# (*) x86_64 assembler performance is presented for reference
# purposes.
@@ -48,19 +48,20 @@ sub BODY_00_15() {
my $in_16_63=shift;
&mov ("ecx",$E);
- &add ($T,"edi") if ($in_16_63); # T += sigma1(X[-2])
- &ror ("ecx",25-11);
+ &add ($T,&DWP(4*(8+15+16-9),"esp")) if ($in_16_63); # T += X[-7]
+ &ror ("ecx",6);
+ &mov ("edi",$E);
+ &ror ("edi",11);
&mov ("esi",$Foff);
- &xor ("ecx",$E);
- &ror ("ecx",11-6);
+ &xor ("ecx","edi");
+ &ror ("edi",25-11);
&mov (&DWP(4*(8+15),"esp"),$T) if ($in_16_63); # save X[0]
- &xor ("ecx",$E);
- &ror ("ecx",6); # Sigma1(e)
+ &xor ("ecx","edi"); # Sigma1(e)
&mov ("edi",$Goff);
&add ($T,"ecx"); # T += Sigma1(e)
+ &mov ($Eoff,$E); # modulo-scheduled
&xor ("esi","edi");
- &mov ($Eoff,$E); # modulo-scheduled
&mov ("ecx",$A);
&and ("esi",$E);
&mov ($E,$Doff); # e becomes d, which is e in next iteration
@@ -68,14 +69,14 @@ sub BODY_00_15() {
&mov ("edi",$A);
&add ($T,"esi"); # T += Ch(e,f,g)
- &ror ("ecx",22-13);
+ &ror ("ecx",2);
&add ($T,$Hoff); # T += h
- &xor ("ecx",$A);
- &ror ("ecx",13-2);
+ &ror ("edi",13);
&mov ("esi",$Boff);
- &xor ("ecx",$A);
- &ror ("ecx",2); # Sigma0(a)
+ &xor ("ecx","edi");
+ &ror ("edi",22-13);
&add ($E,$T); # d += T
+ &xor ("ecx","edi"); # Sigma0(a)
&mov ("edi",$Coff);
&add ($T,"ecx"); # T += Sigma0(a)
@@ -167,22 +168,23 @@ sub BODY_00_15() {
&set_label("16_63",16);
&mov ("esi",$T);
&mov ("ecx",&DWP(4*(8+15+16-14),"esp"));
+ &shr ($T,3);
+ &ror ("esi",7);
+ &xor ($T,"esi");
&ror ("esi",18-7);
&mov ("edi","ecx");
- &xor ("esi",$T);
- &ror ("esi",7);
- &shr ($T,3);
+ &xor ($T,"esi"); # T = sigma0(X[-15])
- &ror ("edi",19-17);
- &xor ($T,"esi"); # T = sigma0(X[-15])
- &xor ("edi","ecx");
- &ror ("edi",17);
&shr ("ecx",10);
- &add ($T,&DWP(4*(8+15+16),"esp")); # T += X[-16]
- &xor ("edi","ecx"); # sigma1(X[-2])
+ &mov ("esi",&DWP(4*(8+15+16),"esp"));
+ &ror ("edi",17);
+ &xor ("ecx","edi");
+ &ror ("edi",19-17);
+ &add ($T,"esi"); # T += X[-16]
+ &xor ("edi","ecx") # sigma1(X[-2])
- &add ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7]
- # &add ($T,"edi"); # T += sigma1(X[-2])
+ &add ($T,"edi"); # T += sigma1(X[-2])
+ # &add ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7], moved to BODY_00_15(1)
# &mov (&DWP(4*(8+15),"esp"),$T); # save X[0]
&BODY_00_15(1);
diff --git a/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl b/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl
index 9c84e8d93c3..48d846deec3 100644
--- a/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl
@@ -11,23 +11,13 @@
# Performance is ~2x better than gcc 3.4 generated code and in "abso-
# lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per
-# byte [on single-issue Xscale PXA250 core].
+# byte.
-# July 2010.
-#
-# Rescheduling for dual-issue pipeline resulted in 22% improvement on
-# Cortex A8 core and ~20 cycles per processed byte.
-
-# February 2011.
-#
-# Profiler-assisted and platform-specific optimization resulted in 16%
-# improvement on Cortex A8 core and ~17 cycles per processed byte.
-
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+$output=shift;
open STDOUT,">$output";
$ctx="r0"; $t0="r0";
-$inp="r1"; $t3="r1";
+$inp="r1";
$len="r2"; $t1="r2";
$T1="r3";
$A="r4";
@@ -51,9 +41,6 @@ sub BODY_00_15 {
my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
$code.=<<___ if ($i<16);
-#if __ARM_ARCH__>=7
- ldr $T1,[$inp],#4
-#else
ldrb $T1,[$inp,#3] @ $i
ldrb $t2,[$inp,#2]
ldrb $t1,[$inp,#1]
@@ -61,42 +48,31 @@ $code.=<<___ if ($i<16);
orr $T1,$T1,$t2,lsl#8
orr $T1,$T1,$t1,lsl#16
orr $T1,$T1,$t0,lsl#24
-#endif
+ `"str $inp,[sp,#17*4]" if ($i==15)`
___
$code.=<<___;
- mov $t0,$e,ror#$Sigma1[0]
ldr $t2,[$Ktbl],#4 @ *K256++
+ str $T1,[sp,#`$i%16`*4]
+ mov $t0,$e,ror#$Sigma1[0]
eor $t0,$t0,$e,ror#$Sigma1[1]
- eor $t1,$f,$g
-#if $i>=16
- add $T1,$T1,$t3 @ from BODY_16_xx
-#elif __ARM_ARCH__>=7 && defined(__ARMEL__)
- rev $T1,$T1
-#endif
-#if $i==15
- str $inp,[sp,#17*4] @ leave room for $t3
-#endif
eor $t0,$t0,$e,ror#$Sigma1[2] @ Sigma1(e)
- and $t1,$t1,$e
- str $T1,[sp,#`$i%16`*4]
add $T1,$T1,$t0
+ eor $t1,$f,$g
+ and $t1,$t1,$e
eor $t1,$t1,$g @ Ch(e,f,g)
+ add $T1,$T1,$t1
add $T1,$T1,$h
+ add $T1,$T1,$t2
mov $h,$a,ror#$Sigma0[0]
- add $T1,$T1,$t1
eor $h,$h,$a,ror#$Sigma0[1]
- add $T1,$T1,$t2
eor $h,$h,$a,ror#$Sigma0[2] @ Sigma0(a)
-#if $i>=15
- ldr $t3,[sp,#`($i+2)%16`*4] @ from BODY_16_xx
-#endif
orr $t0,$a,$b
- and $t1,$a,$b
and $t0,$t0,$c
- add $h,$h,$T1
+ and $t1,$a,$b
orr $t0,$t0,$t1 @ Maj(a,b,c)
- add $d,$d,$T1
add $h,$h,$t0
+ add $d,$d,$T1
+ add $h,$h,$T1
___
}
@@ -104,26 +80,24 @@ sub BODY_16_XX {
my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
$code.=<<___;
- @ ldr $t3,[sp,#`($i+1)%16`*4] @ $i
+ ldr $t1,[sp,#`($i+1)%16`*4] @ $i
ldr $t2,[sp,#`($i+14)%16`*4]
- mov $t0,$t3,ror#$sigma0[0]
ldr $T1,[sp,#`($i+0)%16`*4]
- eor $t0,$t0,$t3,ror#$sigma0[1]
- ldr $t1,[sp,#`($i+9)%16`*4]
- eor $t0,$t0,$t3,lsr#$sigma0[2] @ sigma0(X[i+1])
- mov $t3,$t2,ror#$sigma1[0]
+ ldr $inp,[sp,#`($i+9)%16`*4]
+ mov $t0,$t1,ror#$sigma0[0]
+ eor $t0,$t0,$t1,ror#$sigma0[1]
+ eor $t0,$t0,$t1,lsr#$sigma0[2] @ sigma0(X[i+1])
+ mov $t1,$t2,ror#$sigma1[0]
+ eor $t1,$t1,$t2,ror#$sigma1[1]
+ eor $t1,$t1,$t2,lsr#$sigma1[2] @ sigma1(X[i+14])
add $T1,$T1,$t0
- eor $t3,$t3,$t2,ror#$sigma1[1]
add $T1,$T1,$t1
- eor $t3,$t3,$t2,lsr#$sigma1[2] @ sigma1(X[i+14])
- @ add $T1,$T1,$t3
+ add $T1,$T1,$inp
___
&BODY_00_15(@_);
}
$code=<<___;
-#include "arm_arch.h"
-
.text
.code 32
@@ -153,7 +127,7 @@ K256:
sha256_block_data_order:
sub r3,pc,#8 @ sha256_block_data_order
add $len,$inp,$len,lsl#6 @ len to point at the end of inp
- stmdb sp!,{$ctx,$inp,$len,r4-r11,lr}
+ stmdb sp!,{$ctx,$inp,$len,r4-r12,lr}
ldmia $ctx,{$A,$B,$C,$D,$E,$F,$G,$H}
sub $Ktbl,r3,#256 @ K256
sub sp,sp,#16*4 @ alloca(X[16])
@@ -192,14 +166,10 @@ $code.=<<___;
bne .Loop
add sp,sp,#`16+3`*4 @ destroy frame
-#if __ARM_ARCH__>=5
- ldmia sp!,{r4-r11,pc}
-#else
- ldmia sp!,{r4-r11,lr}
+ ldmia sp!,{r4-r12,lr}
tst lr,#1
moveq pc,lr @ be binary compatible with V4, yet
bx lr @ interoperable with Thumb ISA:-)
-#endif
.size sha256_block_data_order,.-sha256_block_data_order
.asciz "SHA256 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
diff --git a/lib/libssl/src/crypto/sha/asm/sha512-586.pl b/lib/libssl/src/crypto/sha/asm/sha512-586.pl
index 7eab6a5b88b..5b9f3337add 100644
--- a/lib/libssl/src/crypto/sha/asm/sha512-586.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha512-586.pl
@@ -142,9 +142,9 @@ sub BODY_00_15_x86 {
&mov ("edx",$Ehi);
&mov ("esi","ecx");
- &shr ("ecx",9); # lo>>9
+ &shr ("ecx",9) # lo>>9
&mov ("edi","edx");
- &shr ("edx",9); # hi>>9
+ &shr ("edx",9) # hi>>9
&mov ("ebx","ecx");
&shl ("esi",14); # lo<<14
&mov ("eax","edx");
@@ -207,9 +207,9 @@ sub BODY_00_15_x86 {
&mov ($Dhi,"ebx");
&mov ("esi","ecx");
- &shr ("ecx",2); # lo>>2
+ &shr ("ecx",2) # lo>>2
&mov ("edi","edx");
- &shr ("edx",2); # hi>>2
+ &shr ("edx",2) # hi>>2
&mov ("ebx","ecx");
&shl ("esi",4); # lo<<4
&mov ("eax","edx");
@@ -452,9 +452,9 @@ if ($sse2) {
&mov ("edx",&DWP(8*(9+15+16-1)+4,"esp"));
&mov ("esi","ecx");
- &shr ("ecx",1); # lo>>1
+ &shr ("ecx",1) # lo>>1
&mov ("edi","edx");
- &shr ("edx",1); # hi>>1
+ &shr ("edx",1) # hi>>1
&mov ("eax","ecx");
&shl ("esi",24); # lo<<24
&mov ("ebx","edx");
@@ -488,9 +488,9 @@ if ($sse2) {
&mov ("edx",&DWP(8*(9+15+16-14)+4,"esp"));
&mov ("esi","ecx");
- &shr ("ecx",6); # lo>>6
+ &shr ("ecx",6) # lo>>6
&mov ("edi","edx");
- &shr ("edx",6); # hi>>6
+ &shr ("edx",6) # hi>>6
&mov ("eax","ecx");
&shl ("esi",3); # lo<<3
&mov ("ebx","edx");
diff --git a/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl b/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl
index 7faf37b1479..4fbb94a914f 100644
--- a/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl
@@ -10,41 +10,24 @@
# SHA512 block procedure for ARMv4. September 2007.
# This code is ~4.5 (four and a half) times faster than code generated
-# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue
-# Xscale PXA250 core].
-#
-# July 2010.
-#
-# Rescheduling for dual-issue pipeline resulted in 6% improvement on
-# Cortex A8 core and ~40 cycles per processed byte.
-
-# February 2011.
-#
-# Profiler-assisted and platform-specific optimization resulted in 7%
-# improvement on Coxtex A8 core and ~38 cycles per byte.
-
-# March 2011.
-#
-# Add NEON implementation. On Cortex A8 it was measured to process
-# one byte in 25.5 cycles or 47% faster than integer-only code.
+# by gcc 3.4 and it spends ~72 clock cycles per byte.
# Byte order [in]dependence. =========================================
#
-# Originally caller was expected to maintain specific *dword* order in
-# h[0-7], namely with most significant dword at *lower* address, which
-# was reflected in below two parameters as 0 and 4. Now caller is
-# expected to maintain native byte order for whole 64-bit values.
-$hi="HI";
-$lo="LO";
+# Caller is expected to maintain specific *dword* order in h[0-7],
+# namely with most significant dword at *lower* address, which is
+# reflected in below two parameters. *Byte* order within these dwords
+# in turn is whatever *native* byte order on current platform.
+$hi=0;
+$lo=4;
# ====================================================================
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+$output=shift;
open STDOUT,">$output";
-$ctx="r0"; # parameter block
+$ctx="r0";
$inp="r1";
$len="r2";
-
$Tlo="r3";
$Thi="r4";
$Alo="r5";
@@ -72,17 +55,15 @@ $Xoff=8*8;
sub BODY_00_15() {
my $magic = shift;
$code.=<<___;
+ ldr $t2,[sp,#$Hoff+0] @ h.lo
+ ldr $t3,[sp,#$Hoff+4] @ h.hi
@ Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
@ LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
@ HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
mov $t0,$Elo,lsr#14
- str $Tlo,[sp,#$Xoff+0]
mov $t1,$Ehi,lsr#14
- str $Thi,[sp,#$Xoff+4]
eor $t0,$t0,$Ehi,lsl#18
- ldr $t2,[sp,#$Hoff+0] @ h.lo
eor $t1,$t1,$Elo,lsl#18
- ldr $t3,[sp,#$Hoff+4] @ h.hi
eor $t0,$t0,$Elo,lsr#18
eor $t1,$t1,$Ehi,lsr#18
eor $t0,$t0,$Ehi,lsl#14
@@ -92,41 +73,44 @@ $code.=<<___;
eor $t0,$t0,$Elo,lsl#23
eor $t1,$t1,$Ehi,lsl#23 @ Sigma1(e)
adds $Tlo,$Tlo,$t0
- ldr $t0,[sp,#$Foff+0] @ f.lo
adc $Thi,$Thi,$t1 @ T += Sigma1(e)
- ldr $t1,[sp,#$Foff+4] @ f.hi
adds $Tlo,$Tlo,$t2
- ldr $t2,[sp,#$Goff+0] @ g.lo
adc $Thi,$Thi,$t3 @ T += h
+
+ ldr $t0,[sp,#$Foff+0] @ f.lo
+ ldr $t1,[sp,#$Foff+4] @ f.hi
+ ldr $t2,[sp,#$Goff+0] @ g.lo
ldr $t3,[sp,#$Goff+4] @ g.hi
+ str $Elo,[sp,#$Eoff+0]
+ str $Ehi,[sp,#$Eoff+4]
+ str $Alo,[sp,#$Aoff+0]
+ str $Ahi,[sp,#$Aoff+4]
eor $t0,$t0,$t2
- str $Elo,[sp,#$Eoff+0]
eor $t1,$t1,$t3
- str $Ehi,[sp,#$Eoff+4]
and $t0,$t0,$Elo
- str $Alo,[sp,#$Aoff+0]
and $t1,$t1,$Ehi
- str $Ahi,[sp,#$Aoff+4]
eor $t0,$t0,$t2
- ldr $t2,[$Ktbl,#$lo] @ K[i].lo
eor $t1,$t1,$t3 @ Ch(e,f,g)
- ldr $t3,[$Ktbl,#$hi] @ K[i].hi
- adds $Tlo,$Tlo,$t0
+ ldr $t2,[$Ktbl,#4] @ K[i].lo
+ ldr $t3,[$Ktbl,#0] @ K[i].hi
ldr $Elo,[sp,#$Doff+0] @ d.lo
- adc $Thi,$Thi,$t1 @ T += Ch(e,f,g)
ldr $Ehi,[sp,#$Doff+4] @ d.hi
+
+ adds $Tlo,$Tlo,$t0
+ adc $Thi,$Thi,$t1 @ T += Ch(e,f,g)
adds $Tlo,$Tlo,$t2
- and $t0,$t2,#0xff
adc $Thi,$Thi,$t3 @ T += K[i]
adds $Elo,$Elo,$Tlo
- ldr $t2,[sp,#$Boff+0] @ b.lo
adc $Ehi,$Ehi,$Thi @ d += T
+
+ and $t0,$t2,#0xff
teq $t0,#$magic
+ orreq $Ktbl,$Ktbl,#1
+ ldr $t2,[sp,#$Boff+0] @ b.lo
ldr $t3,[sp,#$Coff+0] @ c.lo
- orreq $Ktbl,$Ktbl,#1
@ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
@ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
@ HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
@@ -143,100 +127,80 @@ $code.=<<___;
eor $t0,$t0,$Alo,lsl#25
eor $t1,$t1,$Ahi,lsl#25 @ Sigma0(a)
adds $Tlo,$Tlo,$t0
- and $t0,$Alo,$t2
adc $Thi,$Thi,$t1 @ T += Sigma0(a)
- ldr $t1,[sp,#$Boff+4] @ b.hi
+ and $t0,$Alo,$t2
orr $Alo,$Alo,$t2
+ ldr $t1,[sp,#$Boff+4] @ b.hi
ldr $t2,[sp,#$Coff+4] @ c.hi
and $Alo,$Alo,$t3
+ orr $Alo,$Alo,$t0 @ Maj(a,b,c).lo
and $t3,$Ahi,$t1
orr $Ahi,$Ahi,$t1
- orr $Alo,$Alo,$t0 @ Maj(a,b,c).lo
and $Ahi,$Ahi,$t2
- adds $Alo,$Alo,$Tlo
orr $Ahi,$Ahi,$t3 @ Maj(a,b,c).hi
- sub sp,sp,#8
+ adds $Alo,$Alo,$Tlo
adc $Ahi,$Ahi,$Thi @ h += T
- tst $Ktbl,#1
+
+ sub sp,sp,#8
add $Ktbl,$Ktbl,#8
___
}
$code=<<___;
-#include "arm_arch.h"
-#ifdef __ARMEL__
-# define LO 0
-# define HI 4
-# define WORD64(hi0,lo0,hi1,lo1) .word lo0,hi0, lo1,hi1
-#else
-# define HI 0
-# define LO 4
-# define WORD64(hi0,lo0,hi1,lo1) .word hi0,lo0, hi1,lo1
-#endif
-
.text
.code 32
.type K512,%object
.align 5
K512:
-WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd)
-WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc)
-WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019)
-WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118)
-WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe)
-WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2)
-WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1)
-WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694)
-WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3)
-WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65)
-WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483)
-WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5)
-WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210)
-WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4)
-WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725)
-WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70)
-WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926)
-WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df)
-WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8)
-WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b)
-WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001)
-WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30)
-WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910)
-WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8)
-WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53)
-WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8)
-WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb)
-WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3)
-WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60)
-WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec)
-WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9)
-WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b)
-WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207)
-WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178)
-WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6)
-WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b)
-WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493)
-WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c)
-WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a)
-WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817)
+.word 0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
+.word 0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
+.word 0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
+.word 0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
+.word 0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
+.word 0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
+.word 0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
+.word 0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
+.word 0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
+.word 0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
+.word 0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
+.word 0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
+.word 0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
+.word 0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
+.word 0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
+.word 0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
+.word 0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
+.word 0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
+.word 0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
+.word 0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
+.word 0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
+.word 0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
+.word 0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
+.word 0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
+.word 0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
+.word 0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
+.word 0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
+.word 0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
+.word 0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
+.word 0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
+.word 0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
+.word 0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
+.word 0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
+.word 0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
+.word 0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
+.word 0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
+.word 0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
+.word 0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
+.word 0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
+.word 0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
.size K512,.-K512
-.LOPENSSL_armcap:
-.word OPENSSL_armcap_P-sha512_block_data_order
-.skip 32-4
.global sha512_block_data_order
.type sha512_block_data_order,%function
sha512_block_data_order:
sub r3,pc,#8 @ sha512_block_data_order
add $len,$inp,$len,lsl#7 @ len to point at the end of inp
-#if __ARM_ARCH__>=7
- ldr r12,.LOPENSSL_armcap
- ldr r12,[r3,r12] @ OPENSSL_armcap_P
- tst r12,#1
- bne .LNEON
-#endif
stmdb sp!,{r4-r12,lr}
- sub $Ktbl,r3,#672 @ K512
+ sub $Ktbl,r3,#640 @ K512
sub sp,sp,#9*8
ldr $Elo,[$ctx,#$Eoff+$lo]
@@ -270,7 +234,6 @@ sha512_block_data_order:
str $Thi,[sp,#$Foff+4]
.L00_15:
-#if __ARM_ARCH__<7
ldrb $Tlo,[$inp,#7]
ldrb $t0, [$inp,#6]
ldrb $t1, [$inp,#5]
@@ -285,30 +248,26 @@ sha512_block_data_order:
orr $Thi,$Thi,$t3,lsl#8
orr $Thi,$Thi,$t0,lsl#16
orr $Thi,$Thi,$t1,lsl#24
-#else
- ldr $Tlo,[$inp,#4]
- ldr $Thi,[$inp],#8
-#ifdef __ARMEL__
- rev $Tlo,$Tlo
- rev $Thi,$Thi
-#endif
-#endif
+ str $Tlo,[sp,#$Xoff+0]
+ str $Thi,[sp,#$Xoff+4]
___
&BODY_00_15(0x94);
$code.=<<___;
tst $Ktbl,#1
beq .L00_15
- ldr $t0,[sp,#`$Xoff+8*(16-1)`+0]
- ldr $t1,[sp,#`$Xoff+8*(16-1)`+4]
bic $Ktbl,$Ktbl,#1
+
.L16_79:
+ ldr $t0,[sp,#`$Xoff+8*(16-1)`+0]
+ ldr $t1,[sp,#`$Xoff+8*(16-1)`+4]
+ ldr $t2,[sp,#`$Xoff+8*(16-14)`+0]
+ ldr $t3,[sp,#`$Xoff+8*(16-14)`+4]
+
@ sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
@ LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
@ HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7
mov $Tlo,$t0,lsr#1
- ldr $t2,[sp,#`$Xoff+8*(16-14)`+0]
mov $Thi,$t1,lsr#1
- ldr $t3,[sp,#`$Xoff+8*(16-14)`+4]
eor $Tlo,$Tlo,$t1,lsl#31
eor $Thi,$Thi,$t0,lsl#31
eor $Tlo,$Tlo,$t0,lsr#8
@@ -332,24 +291,25 @@ $code.=<<___;
eor $t1,$t1,$t3,lsl#3
eor $t0,$t0,$t2,lsr#6
eor $t1,$t1,$t3,lsr#6
- ldr $t2,[sp,#`$Xoff+8*(16-9)`+0]
eor $t0,$t0,$t3,lsl#26
+ ldr $t2,[sp,#`$Xoff+8*(16-9)`+0]
ldr $t3,[sp,#`$Xoff+8*(16-9)`+4]
adds $Tlo,$Tlo,$t0
- ldr $t0,[sp,#`$Xoff+8*16`+0]
adc $Thi,$Thi,$t1
+ ldr $t0,[sp,#`$Xoff+8*16`+0]
ldr $t1,[sp,#`$Xoff+8*16`+4]
adds $Tlo,$Tlo,$t2
adc $Thi,$Thi,$t3
adds $Tlo,$Tlo,$t0
adc $Thi,$Thi,$t1
+ str $Tlo,[sp,#$Xoff+0]
+ str $Thi,[sp,#$Xoff+4]
___
&BODY_00_15(0x17);
$code.=<<___;
- ldreq $t0,[sp,#`$Xoff+8*(16-1)`+0]
- ldreq $t1,[sp,#`$Xoff+8*(16-1)`+4]
+ tst $Ktbl,#1
beq .L16_79
bic $Ktbl,$Ktbl,#1
@@ -360,12 +320,12 @@ $code.=<<___;
ldr $t2, [$ctx,#$Boff+$lo]
ldr $t3, [$ctx,#$Boff+$hi]
adds $t0,$Alo,$t0
- str $t0, [$ctx,#$Aoff+$lo]
adc $t1,$Ahi,$t1
- str $t1, [$ctx,#$Aoff+$hi]
adds $t2,$Tlo,$t2
- str $t2, [$ctx,#$Boff+$lo]
adc $t3,$Thi,$t3
+ str $t0, [$ctx,#$Aoff+$lo]
+ str $t1, [$ctx,#$Aoff+$hi]
+ str $t2, [$ctx,#$Boff+$lo]
str $t3, [$ctx,#$Boff+$hi]
ldr $Alo,[sp,#$Coff+0]
@@ -377,12 +337,12 @@ $code.=<<___;
ldr $t2, [$ctx,#$Doff+$lo]
ldr $t3, [$ctx,#$Doff+$hi]
adds $t0,$Alo,$t0
- str $t0, [$ctx,#$Coff+$lo]
adc $t1,$Ahi,$t1
- str $t1, [$ctx,#$Coff+$hi]
adds $t2,$Tlo,$t2
- str $t2, [$ctx,#$Doff+$lo]
adc $t3,$Thi,$t3
+ str $t0, [$ctx,#$Coff+$lo]
+ str $t1, [$ctx,#$Coff+$hi]
+ str $t2, [$ctx,#$Doff+$lo]
str $t3, [$ctx,#$Doff+$hi]
ldr $Tlo,[sp,#$Foff+0]
@@ -392,12 +352,12 @@ $code.=<<___;
ldr $t2, [$ctx,#$Foff+$lo]
ldr $t3, [$ctx,#$Foff+$hi]
adds $Elo,$Elo,$t0
- str $Elo,[$ctx,#$Eoff+$lo]
adc $Ehi,$Ehi,$t1
- str $Ehi,[$ctx,#$Eoff+$hi]
adds $t2,$Tlo,$t2
- str $t2, [$ctx,#$Foff+$lo]
adc $t3,$Thi,$t3
+ str $Elo,[$ctx,#$Eoff+$lo]
+ str $Ehi,[$ctx,#$Eoff+$hi]
+ str $t2, [$ctx,#$Foff+$lo]
str $t3, [$ctx,#$Foff+$hi]
ldr $Alo,[sp,#$Goff+0]
@@ -409,12 +369,12 @@ $code.=<<___;
ldr $t2, [$ctx,#$Hoff+$lo]
ldr $t3, [$ctx,#$Hoff+$hi]
adds $t0,$Alo,$t0
- str $t0, [$ctx,#$Goff+$lo]
adc $t1,$Ahi,$t1
- str $t1, [$ctx,#$Goff+$hi]
adds $t2,$Tlo,$t2
- str $t2, [$ctx,#$Hoff+$lo]
adc $t3,$Thi,$t3
+ str $t0, [$ctx,#$Goff+$lo]
+ str $t1, [$ctx,#$Goff+$hi]
+ str $t2, [$ctx,#$Hoff+$lo]
str $t3, [$ctx,#$Hoff+$hi]
add sp,sp,#640
@@ -424,156 +384,13 @@ $code.=<<___;
bne .Loop
add sp,sp,#8*9 @ destroy frame
-#if __ARM_ARCH__>=5
- ldmia sp!,{r4-r12,pc}
-#else
ldmia sp!,{r4-r12,lr}
tst lr,#1
moveq pc,lr @ be binary compatible with V4, yet
bx lr @ interoperable with Thumb ISA:-)
-#endif
-___
-
-{
-my @Sigma0=(28,34,39);
-my @Sigma1=(14,18,41);
-my @sigma0=(1, 8, 7);
-my @sigma1=(19,61,6);
-
-my $Ktbl="r3";
-my $cnt="r12"; # volatile register known as ip, intra-procedure-call scratch
-
-my @X=map("d$_",(0..15));
-my @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("d$_",(16..23));
-
-sub NEON_00_15() {
-my $i=shift;
-my ($a,$b,$c,$d,$e,$f,$g,$h)=@_;
-my ($t0,$t1,$t2,$T1,$K,$Ch,$Maj)=map("d$_",(24..31)); # temps
-
-$code.=<<___ if ($i<16 || $i&1);
- vshr.u64 $t0,$e,#@Sigma1[0] @ $i
-#if $i<16
- vld1.64 {@X[$i%16]},[$inp]! @ handles unaligned
-#endif
- vshr.u64 $t1,$e,#@Sigma1[1]
- vshr.u64 $t2,$e,#@Sigma1[2]
-___
-$code.=<<___;
- vld1.64 {$K},[$Ktbl,:64]! @ K[i++]
- vsli.64 $t0,$e,#`64-@Sigma1[0]`
- vsli.64 $t1,$e,#`64-@Sigma1[1]`
- vsli.64 $t2,$e,#`64-@Sigma1[2]`
-#if $i<16 && defined(__ARMEL__)
- vrev64.8 @X[$i],@X[$i]
-#endif
- vadd.i64 $T1,$K,$h
- veor $Ch,$f,$g
- veor $t0,$t1
- vand $Ch,$e
- veor $t0,$t2 @ Sigma1(e)
- veor $Ch,$g @ Ch(e,f,g)
- vadd.i64 $T1,$t0
- vshr.u64 $t0,$a,#@Sigma0[0]
- vadd.i64 $T1,$Ch
- vshr.u64 $t1,$a,#@Sigma0[1]
- vshr.u64 $t2,$a,#@Sigma0[2]
- vsli.64 $t0,$a,#`64-@Sigma0[0]`
- vsli.64 $t1,$a,#`64-@Sigma0[1]`
- vsli.64 $t2,$a,#`64-@Sigma0[2]`
- vadd.i64 $T1,@X[$i%16]
- vorr $Maj,$a,$c
- vand $Ch,$a,$c
- veor $h,$t0,$t1
- vand $Maj,$b
- veor $h,$t2 @ Sigma0(a)
- vorr $Maj,$Ch @ Maj(a,b,c)
- vadd.i64 $h,$T1
- vadd.i64 $d,$T1
- vadd.i64 $h,$Maj
-___
-}
-
-sub NEON_16_79() {
-my $i=shift;
-
-if ($i&1) { &NEON_00_15($i,@_); return; }
-
-# 2x-vectorized, therefore runs every 2nd round
-my @X=map("q$_",(0..7)); # view @X as 128-bit vector
-my ($t0,$t1,$s0,$s1) = map("q$_",(12..15)); # temps
-my ($d0,$d1,$d2) = map("d$_",(24..26)); # temps from NEON_00_15
-my $e=@_[4]; # $e from NEON_00_15
-$i /= 2;
-$code.=<<___;
- vshr.u64 $t0,@X[($i+7)%8],#@sigma1[0]
- vshr.u64 $t1,@X[($i+7)%8],#@sigma1[1]
- vshr.u64 $s1,@X[($i+7)%8],#@sigma1[2]
- vsli.64 $t0,@X[($i+7)%8],#`64-@sigma1[0]`
- vext.8 $s0,@X[$i%8],@X[($i+1)%8],#8 @ X[i+1]
- vsli.64 $t1,@X[($i+7)%8],#`64-@sigma1[1]`
- veor $s1,$t0
- vshr.u64 $t0,$s0,#@sigma0[0]
- veor $s1,$t1 @ sigma1(X[i+14])
- vshr.u64 $t1,$s0,#@sigma0[1]
- vadd.i64 @X[$i%8],$s1
- vshr.u64 $s1,$s0,#@sigma0[2]
- vsli.64 $t0,$s0,#`64-@sigma0[0]`
- vsli.64 $t1,$s0,#`64-@sigma0[1]`
- vext.8 $s0,@X[($i+4)%8],@X[($i+5)%8],#8 @ X[i+9]
- veor $s1,$t0
- vshr.u64 $d0,$e,#@Sigma1[0] @ from NEON_00_15
- vadd.i64 @X[$i%8],$s0
- vshr.u64 $d1,$e,#@Sigma1[1] @ from NEON_00_15
- veor $s1,$t1 @ sigma0(X[i+1])
- vshr.u64 $d2,$e,#@Sigma1[2] @ from NEON_00_15
- vadd.i64 @X[$i%8],$s1
-___
- &NEON_00_15(2*$i,@_);
-}
-
-$code.=<<___;
-#if __ARM_ARCH__>=7
-.fpu neon
-
-.align 4
-.LNEON:
- dmb @ errata #451034 on early Cortex A8
- vstmdb sp!,{d8-d15} @ ABI specification says so
- sub $Ktbl,r3,#672 @ K512
- vldmia $ctx,{$A-$H} @ load context
-.Loop_neon:
-___
-for($i=0;$i<16;$i++) { &NEON_00_15($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
- mov $cnt,#4
-.L16_79_neon:
- subs $cnt,#1
-___
-for(;$i<32;$i++) { &NEON_16_79($i,@V); unshift(@V,pop(@V)); }
-$code.=<<___;
- bne .L16_79_neon
-
- vldmia $ctx,{d24-d31} @ load context to temp
- vadd.i64 q8,q12 @ vectorized accumulate
- vadd.i64 q9,q13
- vadd.i64 q10,q14
- vadd.i64 q11,q15
- vstmia $ctx,{$A-$H} @ save context
- teq $inp,$len
- sub $Ktbl,#640 @ rewind K512
- bne .Loop_neon
-
- vldmia sp!,{d8-d15} @ epilogue
- bx lr
-#endif
-___
-}
-$code.=<<___;
-.size sha512_block_data_order,.-sha512_block_data_order
-.asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
+.size sha512_block_data_order,.-sha512_block_data_order
+.asciz "SHA512 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
-.comm OPENSSL_armcap_P,4,4
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl b/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl
index 079a3fc78ab..e7ef2d5a9f5 100644
--- a/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha512-s390x.pl
@@ -26,26 +26,6 @@
# favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster
# than software.
-# November 2010.
-#
-# Adapt for -m31 build. If kernel supports what's called "highgprs"
-# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
-# instructions and achieve "64-bit" performance even in 31-bit legacy
-# application context. The feature is not specific to any particular
-# processor, as long as it's "z-CPU". Latter implies that the code
-# remains z/Architecture specific. On z900 SHA256 was measured to
-# perform 2.4x and SHA512 - 13x better than code generated by gcc 4.3.
-
-$flavour = shift;
-
-if ($flavour =~ /3[12]/) {
- $SIZE_T=4;
- $g="";
-} else {
- $SIZE_T=8;
- $g="g";
-}
-
$t0="%r0";
$t1="%r1";
$ctx="%r2"; $t2="%r2";
@@ -64,7 +44,7 @@ $tbl="%r13";
$T1="%r14";
$sp="%r15";
-while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+$output=shift;
open STDOUT,">$output";
if ($output =~ /512/) {
@@ -98,8 +78,7 @@ if ($output =~ /512/) {
}
$Func="sha${label}_block_data_order";
$Table="K${label}";
-$stdframe=16*$SIZE_T+4*8;
-$frame=$stdframe+16*$SZ;
+$frame=160+16*$SZ;
sub BODY_00_15 {
my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
@@ -114,9 +93,9 @@ $code.=<<___;
xgr $t0,$t1
$ROT $t1,$t1,`$Sigma1[2]-$Sigma1[1]`
xgr $t2,$g
- $ST $T1,`$stdframe+$SZ*($i%16)`($sp)
+ $ST $T1,`160+$SZ*($i%16)`($sp)
xgr $t0,$t1 # Sigma1(e)
- algr $T1,$h # T1+=h
+ la $T1,0($T1,$h) # T1+=h
ngr $t2,$e
lgr $t1,$a
algr $T1,$t0 # T1+=Sigma1(e)
@@ -134,7 +113,7 @@ $code.=<<___;
ngr $t2,$b
algr $h,$T1 # h+=T1
ogr $t2,$t1 # Maj(a,b,c)
- algr $d,$T1 # d+=T1
+ la $d,0($d,$T1) # d+=T1
algr $h,$t2 # h+=Maj(a,b,c)
___
}
@@ -143,19 +122,19 @@ sub BODY_16_XX {
my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
$code.=<<___;
- $LD $T1,`$stdframe+$SZ*(($i+1)%16)`($sp) ### $i
- $LD $t1,`$stdframe+$SZ*(($i+14)%16)`($sp)
+ $LD $T1,`160+$SZ*(($i+1)%16)`($sp) ### $i
+ $LD $t1,`160+$SZ*(($i+14)%16)`($sp)
$ROT $t0,$T1,$sigma0[0]
$SHR $T1,$sigma0[2]
$ROT $t2,$t0,`$sigma0[1]-$sigma0[0]`
xgr $T1,$t0
$ROT $t0,$t1,$sigma1[0]
- xgr $T1,$t2 # sigma0(X[i+1])
+ xgr $T1,$t2 # sigma0(X[i+1])
$SHR $t1,$sigma1[2]
- $ADD $T1,`$stdframe+$SZ*($i%16)`($sp) # +=X[i]
+ $ADD $T1,`160+$SZ*($i%16)`($sp) # +=X[i]
xgr $t1,$t0
$ROT $t0,$t0,`$sigma1[1]-$sigma1[0]`
- $ADD $T1,`$stdframe+$SZ*(($i+9)%16)`($sp) # +=X[i+9]
+ $ADD $T1,`160+$SZ*(($i+9)%16)`($sp) # +=X[i+9]
xgr $t1,$t0 # sigma1(X[i+14])
algr $T1,$t1 # +=sigma1(X[i+14])
___
@@ -233,7 +212,6 @@ $code.=<<___;
.globl $Func
.type $Func,\@function
$Func:
- sllg $len,$len,`log(16*$SZ)/log(2)`
___
$code.=<<___ if ($kimdfunc);
larl %r1,OPENSSL_s390xcap_P
@@ -241,15 +219,15 @@ $code.=<<___ if ($kimdfunc);
tmhl %r0,0x4000 # check for message-security assist
jz .Lsoftware
lghi %r0,0
- la %r1,`2*$SIZE_T`($sp)
+ la %r1,16($sp)
.long 0xb93e0002 # kimd %r0,%r2
- lg %r0,`2*$SIZE_T`($sp)
+ lg %r0,16($sp)
tmhh %r0,`0x8000>>$kimdfunc`
jz .Lsoftware
lghi %r0,$kimdfunc
lgr %r1,$ctx
lgr %r2,$inp
- lgr %r3,$len
+ sllg %r3,$len,`log(16*$SZ)/log(2)`
.long 0xb93e0002 # kimd %r0,%r2
brc 1,.-4 # pay attention to "partial completion"
br %r14
@@ -257,12 +235,13 @@ $code.=<<___ if ($kimdfunc);
.Lsoftware:
___
$code.=<<___;
+ sllg $len,$len,`log(16*$SZ)/log(2)`
lghi %r1,-$frame
- la $len,0($len,$inp)
- stm${g} $ctx,%r15,`2*$SIZE_T`($sp)
+ agr $len,$inp
+ stmg $ctx,%r15,16($sp)
lgr %r0,$sp
la $sp,0(%r1,$sp)
- st${g} %r0,0($sp)
+ stg %r0,0($sp)
larl $tbl,$Table
$LD $A,`0*$SZ`($ctx)
@@ -286,7 +265,7 @@ $code.=<<___;
clgr $len,$t0
jne .Lrounds_16_xx
- l${g} $ctx,`$frame+2*$SIZE_T`($sp)
+ lg $ctx,`$frame+16`($sp)
la $inp,`16*$SZ`($inp)
$ADD $A,`0*$SZ`($ctx)
$ADD $B,`1*$SZ`($ctx)
@@ -304,14 +283,14 @@ $code.=<<___;
$ST $F,`5*$SZ`($ctx)
$ST $G,`6*$SZ`($ctx)
$ST $H,`7*$SZ`($ctx)
- cl${g} $inp,`$frame+4*$SIZE_T`($sp)
+ clg $inp,`$frame+32`($sp)
jne .Lloop
- lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp)
+ lmg %r6,%r15,`$frame+48`($sp)
br %r14
.size $Func,.-$Func
.string "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.comm OPENSSL_s390xcap_P,16,8
+.comm OPENSSL_s390xcap_P,8,8
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl b/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl
index 585740789e6..54241aab504 100644
--- a/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl
+++ b/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl
@@ -305,9 +305,9 @@ $code.=<<___;
srlx @X[(($i+9)/2)%8],32,$tmp1 ! X[i+9]
xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14])
srl @X[($i/2)%8],0,$tmp0
- add $tmp2,$tmp1,$tmp1
add $xi,$T1,$T1 ! +=X[i]
xor $tmp0,@X[($i/2)%8],@X[($i/2)%8]
+ add $tmp2,$T1,$T1
add $tmp1,$T1,$T1
srl $T1,0,$T1
@@ -318,9 +318,9 @@ ___
$code.=<<___;
srlx @X[($i/2)%8],32,$tmp1 ! X[i]
xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14])
- add $xi,$T1,$T1 ! +=X[i+9]
- add $tmp2,$tmp1,$tmp1
srl @X[($i/2)%8],0,@X[($i/2)%8]
+ add $xi,$T1,$T1 ! +=X[i+9]
+ add $tmp2,$T1,$T1
add $tmp1,$T1,$T1
sllx $T1,32,$tmp0
@@ -586,7 +586,6 @@ $code.=<<___;
.type sha${label}_block_data_order,#function
.size sha${label}_block_data_order,(.-sha${label}_block_data_order)
.asciz "SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
-.align 4
___
$code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl b/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl
index cb2381c22ba..32cf16380b5 100644
--- a/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl
+++ b/lib/libssl/src/crypto/whrlpool/asm/wp-mmx.pl
@@ -119,7 +119,7 @@ $tbl="ebp";
&mov ("eax",&DWP(0,"esp"));
&mov ("ebx",&DWP(4,"esp"));
for($i=0;$i<8;$i++) {
- my $func = ($i==0)? \&movq : \&pxor;
+ my $func = ($i==0)? movq : pxor;
&movb (&LB("ecx"),&LB("eax"));
&movb (&LB("edx"),&HB("eax"));
&scale ("esi","ecx");
diff --git a/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod b/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod
index 8ff597d44ad..1a9c7954c55 100644
--- a/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod
+++ b/lib/libssl/src/doc/crypto/EVP_PKEY_get_default_digest.pod
@@ -32,7 +32,7 @@ public key algorithm.
L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
+L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
=head1 HISTORY
diff --git a/lib/libssl/src/test/pkits-test.pl b/lib/libssl/src/test/pkits-test.pl
index 5c6b89fcdb0..69dffa16f90 100644
--- a/lib/libssl/src/test/pkits-test.pl
+++ b/lib/libssl/src/test/pkits-test.pl
@@ -784,15 +784,6 @@ my $ossl = "ossl/apps/openssl";
my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
-
-# Check for expiry of trust anchor
-system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0";
-if ($? == 256)
- {
- print STDERR "WARNING: using older expired data\n";
- $ossl_cmd .= "-attime 1291940972 ";
- }
-
$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";