| #
2f1112b2 |
| 30-Jun-2022 |
Rohan McLure |
Fix unrolled montgomery multiplication for POWER9
In the reference C implementation in bn_asm.c, tp[num + 1] contains the
carry bit for accumulations into tp[num]. tp[num + 1] is only ev
Fix unrolled montgomery multiplication for POWER9
In the reference C implementation in bn_asm.c, tp[num + 1] contains the
carry bit for accumulations into tp[num]. tp[num + 1] is only ever
assigned, never itself incremented.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18883)
show more ...
|
| #
eae70100 |
| 27-Jun-2022 |
Rohan McLure |
Revert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication""
This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e.
Reviewed-by: Hugo Landau <hlandau@
Revert "Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication""
This reverts commit 712d9cc90e355b2c98a959d4e9398610d2269c9e.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18883)
show more ...
|
| #
712d9cc9 |
| 09-Jun-2022 |
Tomas Mraz |
Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication"
This reverts commit 0d40ca47bd86e74a95c3a2f5fb6c67cdbee93c79.
It was found that the computation produces
Revert "bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication"
This reverts commit 0d40ca47bd86e74a95c3a2f5fb6c67cdbee93c79.
It was found that the computation produces incorrect results in some
cases.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18512)
show more ...
|
| #
e7370fa0 |
| 01-Jul-2021 |
Martin Schwenke |
bn: Fix .size directive
This requires the text address.
Fixes #15923
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
bn: Fix .size directive
This requires the text address.
Fixes #15923
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)
show more ...
|
| #
bf9b7821 |
| 01-Jul-2021 |
Martin Schwenke |
bn: Use a basic branch-if-not-zero
Ancient toolchains fail the build because they don't like the hints,
newer ISAs recommend not using the hints and relying on dynamic branch
predict
bn: Use a basic branch-if-not-zero
Ancient toolchains fail the build because they don't like the hints,
newer ISAs recommend not using the hints and relying on dynamic branch
prediction.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)
show more ...
|
| #
3f55ff6a |
| 16-Jun-2021 |
Martin Schwenke |
bn: save/restore registers to/from stack
mtvsrd/mfvsrd are ISA >= 2.07 only, so this won't work for older
CPUs.
It would be possible to use this scheme only in the ISA >= 3.0
bn: save/restore registers to/from stack
mtvsrd/mfvsrd are ISA >= 2.07 only, so this won't work for older
CPUs.
It would be possible to use this scheme only in the ISA >= 3.0
implementation. However, in the future it may be possible for newer
ISAs to allow CPU implementations without a vector unit, so don't
bother. The performance improvement versus using the stack was small
anyway.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
show more ...
|
| #
5b7f9864 |
| 16-Jun-2021 |
Martin Schwenke |
bn: Switch $i to be unused r9
No need to save/restore because it is volatile.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
bn: Switch $i to be unused r9
No need to save/restore because it is volatile.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
show more ...
|
| #
77bd294b |
| 16-Jun-2021 |
Martin Schwenke |
bn: Drop unnecessary use of r9
This is done in other versions due to the possibility of an early
return. However, there is no early return here.
Signed-off-by: Martin Schwenke
bn: Drop unnecessary use of r9
This is done in other versions due to the possibility of an early
return. However, there is no early return here.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
show more ...
|
| #
450d9804 |
| 16-Jun-2021 |
Martin Schwenke |
bn: Update .align pseudo-ops to match convention
64-bit alignment at the beginning of functions, 32-bit alignment for
loop targets.
Signed-off-by: Martin Schwenke <martin@meltin
bn: Update .align pseudo-ops to match convention
64-bit alignment at the beginning of functions, 32-bit alignment for
loop targets.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
show more ...
|
| #
7f98eaab |
| 16-Jun-2021 |
Martin Schwenke |
bn: Drop use of .p2align pseudo-op
This works on Linux but breaks the build on AIX.
Fixes #15748
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay
bn: Drop use of .p2align pseudo-op
This works on Linux but breaks the build on AIX.
Fixes #15748
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15 |
|
| #
0d40ca47 |
| 14-Apr-2021 |
Martin Schwenke |
bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
Overall improvement for p384 of ~18% on Power 9, compared to existing
Power assembling code. See comment in code for m
bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication
Overall improvement for p384 of ~18% on Power 9, compared to existing
Power assembling code. See comment in code for more details.
Multiple unrolled versions could be generated for values other than
6. However, for TLS 1.3 the only other ECC algorithms that might use
Montgomery Multiplication are p256 and p521, but these have custom
algorithms that don't use Montgomery Multiplication. Non-ECC
algorithms are likely to use larger key lengths that won't fit into
the n <= 10 length limitation of this code.
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>
Signed-off-by: Alastair D'Silva <alastair@d-silva.org>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15175)
show more ...
|
