3 # ====================================================================
4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
10 # sha1_block procedure for x86_64.
12 # It was brought to my attention that on EM64T compiler-generated code
13 # was far behind 32-bit assembler implementation. This is unlike on
14 # Opteron where compiler-generated code was only 15% behind 32-bit
15 # assembler, which originally made it hard to motivate the effort.
16 # There was suggestion to mechanically translate 32-bit code, but I
17 # dismissed it, reasoning that x86_64 offers enough register bank
18 # capacity to fully utilize SHA-1 parallelism. Therefore this fresh
19 # implementation:-) However! While 64-bit code does perform better
20 # on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
21 # x86_64 does offer larger *addressable* bank, but out-of-order core
22 # reaches for even more registers through dynamic aliasing, and EM64T
23 # core must have managed to run-time optimize even 32-bit code just as
24 # good as 64-bit one. Performance improvement is summarized in the
27 # gcc 3.4 32-bit asm cycles/byte
28 # Opteron +45% +20% 6.8
29 # Xeon P4 +65% +0% 9.9
34 # The code was revised to minimize code size and to maximize
35 # "distance" between instructions producing input to 'lea'
36 # instruction and the 'lea' instruction itself, which is essential
37 # for Intel Atom core.
41 # Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
42 # is to offload message schedule denoted by Wt in NIST specification,
43 # or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module
44 # for background and implementation details. The only difference from
45 # 32-bit code is that 64-bit code doesn't have to spill @X[] elements
46 # to free temporary registers.
50 # Add AVX code path. See sha1-586.pl for further information.
52 ######################################################################
53 # Current performance is summarized in following table. Numbers are
54 # CPU clock cycles spent to process single byte (less is better).
59 # Core2 6.70 6.05/+11% -
60 # Westmere 7.08 5.49/+29% -
61 # Sandy Bridge 7.93 6.16/+28% 4.99/+59%
62 # Ivy Bridge 6.30 4.63/+36% 4.60/+37%
63 # Bulldozer 10.9 5.95/+82%
64 # VIA Nano 10.2 7.46/+37%
69 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
71 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
73 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
74 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
75 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
76 die "can't locate x86_64-xlate.pl";
78 $avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
79 =~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
81 $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
82 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
84 $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
85 `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
88 open OUT,"| \"$^X\" $xlate $flavour $output";
91 $ctx="%rdi"; # 1st arg
92 $inp="%rsi"; # 2nd arg
93 $num="%rdx"; # 3rd arg
95 # reassign arguments in order to produce more compact code
113 my ($i,$a,$b,$c,$d,$e)=@_;
115 $code.=<<___ if ($i==0);
116 mov `4*$i`($inp),$xi[0]
118 mov $xi[0],`4*$i`(%rsp)
120 $code.=<<___ if ($i<15);
122 mov `4*$j`($inp),$xi[1]
127 lea 0x5a827999($xi[0],$e),$e
129 mov $xi[1],`4*$j`(%rsp)
135 $code.=<<___ if ($i>=15);
136 mov `4*($j%16)`(%rsp),$xi[1]
139 xor `4*(($j+2)%16)`(%rsp),$xi[1]
142 xor `4*(($j+8)%16)`(%rsp),$xi[1]
144 lea 0x5a827999($xi[0],$e),$e
145 xor `4*(($j+13)%16)`(%rsp),$xi[1]
150 mov $xi[1],`4*($j%16)`(%rsp)
153 unshift(@xi,pop(@xi));
157 my ($i,$a,$b,$c,$d,$e)=@_;
159 my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
160 $code.=<<___ if ($i<79);
161 mov `4*($j%16)`(%rsp),$xi[1]
164 xor `4*(($j+2)%16)`(%rsp),$xi[1]
168 xor `4*(($j+8)%16)`(%rsp),$xi[1]
171 xor `4*(($j+13)%16)`(%rsp),$xi[1]
176 $code.=<<___ if ($i<76);
177 mov $xi[1],`4*($j%16)`(%rsp)
179 $code.=<<___ if ($i==79);
190 unshift(@xi,pop(@xi));
194 my ($i,$a,$b,$c,$d,$e)=@_;
197 mov `4*($j%16)`(%rsp),$xi[1]
200 xor `4*(($j+2)%16)`(%rsp),$xi[1]
203 xor `4*(($j+8)%16)`(%rsp),$xi[1]
205 lea 0x8f1bbcdc($xi[0],$e),$e
207 xor `4*(($j+13)%16)`(%rsp),$xi[1]
213 mov $xi[1],`4*($j%16)`(%rsp)
216 unshift(@xi,pop(@xi));
221 .extern OPENSSL_ia32cap_P
223 .globl sha1_block_data_order
224 .type sha1_block_data_order,\@function,3
226 sha1_block_data_order:
227 mov OPENSSL_ia32cap_P+0(%rip),%r9d
228 mov OPENSSL_ia32cap_P+4(%rip),%r8d
229 test \$`1<<9`,%r8d # check SSSE3 bit
232 $code.=<<___ if ($avx);
233 and \$`1<<28`,%r8d # mask AVX bit
234 and \$`1<<30`,%r9d # mask "Intel CPU" bit
236 cmp \$`1<<28|1<<30`,%r8d
249 mov %rdi,$ctx # reassigned argument
251 mov %rsi,$inp # reassigned argument
253 mov %rdx,$num # reassigned argument
254 mov %r11,`16*4`(%rsp)
267 for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
268 for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
269 for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
270 for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
284 lea `16*4`($inp),$inp
287 mov `16*4`(%rsp),%rsi
295 .size sha1_block_data_order,.-sha1_block_data_order
299 my @X=map("%xmm$_",(4..7,0..3));
300 my @Tx=map("%xmm$_",(8..10));
302 my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization
303 my @T=("%esi","%edi");
308 my $_rol=sub { &rol(@_) };
309 my $_ror=sub { &ror(@_) };
312 .type sha1_block_data_order_ssse3,\@function,3
314 sha1_block_data_order_ssse3:
319 lea `-64-($win64?6*16:0)`(%rsp),%rsp
321 $code.=<<___ if ($win64);
322 movaps %xmm6,64+0(%rsp)
323 movaps %xmm7,64+16(%rsp)
324 movaps %xmm8,64+32(%rsp)
325 movaps %xmm9,64+48(%rsp)
326 movaps %xmm10,64+64(%rsp)
327 movaps %xmm11,64+80(%rsp)
331 mov %rdi,$ctx # reassigned argument
332 mov %rsi,$inp # reassigned argument
333 mov %rdx,$num # reassigned argument
337 lea K_XX_XX(%rip),$K_XX_XX
339 mov 0($ctx),$A # load context
343 mov $B,@T[0] # magic seed
349 movdqa 64($K_XX_XX),@X[2] # pbswap mask
350 movdqa 0($K_XX_XX),@Tx[1] # K_00_19
351 movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3]
352 movdqu 16($inp),@X[-3&7]
353 movdqu 32($inp),@X[-2&7]
354 movdqu 48($inp),@X[-1&7]
355 pshufb @X[2],@X[-4&7] # byte swap
357 pshufb @X[2],@X[-3&7]
358 pshufb @X[2],@X[-2&7]
359 pshufb @X[2],@X[-1&7]
360 paddd @Tx[1],@X[-4&7] # add K_00_19
361 paddd @Tx[1],@X[-3&7]
362 paddd @Tx[1],@X[-2&7]
363 movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU
364 psubd @Tx[1],@X[-4&7] # restore X[]
365 movdqa @X[-3&7],16(%rsp)
366 psubd @Tx[1],@X[-3&7]
367 movdqa @X[-2&7],32(%rsp)
368 psubd @Tx[1],@X[-2&7]
372 sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm
373 { my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
375 $arg = "\$$arg" if ($arg*1 eq $arg);
376 $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
379 sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4
382 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
385 &movdqa (@X[0],@X[-3&7]);
388 &movdqa (@Tx[0],@X[-1&7]);
389 &palignr(@X[0],@X[-4&7],8); # compose "X[-14]" in "X[0]"
393 &paddd (@Tx[1],@X[-1&7]);
396 &psrldq (@Tx[0],4); # "X[-3]", 3 dwords
399 &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
403 &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
409 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
412 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
416 &movdqa (@Tx[2],@X[0]);
417 &movdqa (@Tx[0],@X[0]);
423 &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword
424 &paddd (@X[0],@X[0]);
433 &movdqa (@Tx[1],@Tx[2]);
438 &por (@X[0],@Tx[0]); # "X[0]"<<<=1
445 &pxor (@X[0],@Tx[2]);
448 &movdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX
452 &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2
454 foreach (@insns) { eval; } # remaining instructions [if any]
456 $Xi++; push(@X,shift(@X)); # "rotate" X[]
457 push(@Tx,shift(@Tx));
460 sub Xupdate_ssse3_32_79()
463 my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions
466 &movdqa (@Tx[0],@X[-1&7]) if ($Xi==8);
467 eval(shift(@insns)); # body_20_39
468 &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
469 &palignr(@Tx[0],@X[-2&7],8); # compose "X[-6]"
472 eval(shift(@insns)); # rol
474 &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
476 eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/);
478 &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
479 } else { # ... or load next one
480 &movdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
482 &paddd (@Tx[1],@X[-1&7]);
483 eval(shift(@insns)); # ror
486 &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]"
487 eval(shift(@insns)); # body_20_39
490 eval(shift(@insns)); # rol
492 &movdqa (@Tx[0],@X[0]);
493 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
496 eval(shift(@insns)); # ror
500 eval(shift(@insns)); # body_20_39
504 eval(shift(@insns)); # rol
507 eval(shift(@insns)); # ror
510 &por (@X[0],@Tx[0]); # "X[0]"<<<=2
511 eval(shift(@insns)); # body_20_39
513 &movdqa (@Tx[1],@X[0]) if ($Xi<19);
515 eval(shift(@insns)); # rol
518 eval(shift(@insns)); # rol
521 foreach (@insns) { eval; } # remaining instructions
523 $Xi++; push(@X,shift(@X)); # "rotate" X[]
524 push(@Tx,shift(@Tx));
527 sub Xuplast_ssse3_80()
530 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
534 &paddd (@Tx[1],@X[-1&7]);
540 &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
542 foreach (@insns) { eval; } # remaining instructions
545 &je (".Ldone_ssse3");
547 unshift(@Tx,pop(@Tx));
549 &movdqa (@X[2],"64($K_XX_XX)"); # pbswap mask
550 &movdqa (@Tx[1],"0($K_XX_XX)"); # K_00_19
551 &movdqu (@X[-4&7],"0($inp)"); # load input
552 &movdqu (@X[-3&7],"16($inp)");
553 &movdqu (@X[-2&7],"32($inp)");
554 &movdqu (@X[-1&7],"48($inp)");
555 &pshufb (@X[-4&7],@X[2]); # byte swap
564 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
569 &pshufb (@X[($Xi-3)&7],@X[2]);
572 &paddd (@X[($Xi-4)&7],@Tx[1]);
577 &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU
580 &psubd (@X[($Xi-4)&7],@Tx[1]);
582 foreach (@insns) { eval; }
589 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
592 foreach (@insns) { eval; }
595 sub body_00_19 () { # ((c^d)&b)^d
596 # on start @T[0]=(c^d)&b
597 return &body_20_39() if ($rx==19); $rx++;
599 '($a,$b,$c,$d,$e)=@V;'.
600 '&$_ror ($b,$j?7:2)', # $b>>>2
602 '&mov (@T[1],$a)', # $b for next round
604 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
605 '&xor ($b,$c)', # $c^$d for next round
609 '&and (@T[1],$b)', # ($b&($c^$d)) for next round
611 '&xor ($b,$c)', # restore $b
612 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
616 sub body_20_39 () { # b^d^c
618 return &body_40_59() if ($rx==39); $rx++;
620 '($a,$b,$c,$d,$e)=@V;'.
621 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
622 '&xor (@T[0],$d) if($j==19);'.
623 '&xor (@T[0],$c) if($j> 19)', # ($b^$d^$c)
624 '&mov (@T[1],$a)', # $b for next round
628 '&xor (@T[1],$c) if ($j< 79)', # $b^$d for next round
630 '&$_ror ($b,7)', # $b>>>2
631 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
635 sub body_40_59 () { # ((b^c)&(c^d))^c
636 # on entry @T[0]=(b^c), (c^=d)
639 '($a,$b,$c,$d,$e)=@V;'.
640 '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer
641 '&and (@T[0],$c) if ($j>=40)', # (b^c)&(c^d)
642 '&xor ($c,$d) if ($j>=40)', # restore $c
644 '&$_ror ($b,7)', # $b>>>2
645 '&mov (@T[1],$a)', # $b for next round
650 '&xor (@T[1],$c) if ($j==59);'.
651 '&xor (@T[1],$b) if ($j< 59)', # b^c for next round
653 '&xor ($b,$c) if ($j< 59)', # c^d for next round
654 '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
661 &Xupdate_ssse3_16_31(\&body_00_19);
662 &Xupdate_ssse3_16_31(\&body_00_19);
663 &Xupdate_ssse3_16_31(\&body_00_19);
664 &Xupdate_ssse3_16_31(\&body_00_19);
665 &Xupdate_ssse3_32_79(\&body_00_19);
666 &Xupdate_ssse3_32_79(\&body_20_39);
667 &Xupdate_ssse3_32_79(\&body_20_39);
668 &Xupdate_ssse3_32_79(\&body_20_39);
669 &Xupdate_ssse3_32_79(\&body_20_39);
670 &Xupdate_ssse3_32_79(\&body_20_39);
671 &Xupdate_ssse3_32_79(\&body_40_59);
672 &Xupdate_ssse3_32_79(\&body_40_59);
673 &Xupdate_ssse3_32_79(\&body_40_59);
674 &Xupdate_ssse3_32_79(\&body_40_59);
675 &Xupdate_ssse3_32_79(\&body_40_59);
676 &Xupdate_ssse3_32_79(\&body_20_39);
677 &Xuplast_ssse3_80(\&body_20_39); # can jump to "done"
679 $saved_j=$j; @saved_V=@V;
681 &Xloop_ssse3(\&body_20_39);
682 &Xloop_ssse3(\&body_20_39);
683 &Xloop_ssse3(\&body_20_39);
686 add 0($ctx),$A # update context
693 mov @T[0],$B # magic seed
705 $j=$saved_j; @V=@saved_V;
707 &Xtail_ssse3(\&body_20_39);
708 &Xtail_ssse3(\&body_20_39);
709 &Xtail_ssse3(\&body_20_39);
712 add 0($ctx),$A # update context
723 $code.=<<___ if ($win64);
724 movaps 64+0(%rsp),%xmm6
725 movaps 64+16(%rsp),%xmm7
726 movaps 64+32(%rsp),%xmm8
727 movaps 64+48(%rsp),%xmm9
728 movaps 64+64(%rsp),%xmm10
729 movaps 64+80(%rsp),%xmm11
732 lea `64+($win64?6*16:0)`(%rsp),%rsi
739 .size sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
743 $Xi=4; # reset variables
744 @X=map("%xmm$_",(4..7,0..3));
745 @Tx=map("%xmm$_",(8..10));
749 my $done_avx_label=".Ldone_avx";
751 my $_rol=sub { &shld(@_[0],@_) };
752 my $_ror=sub { &shrd(@_[0],@_) };
755 .type sha1_block_data_order_avx,\@function,3
757 sha1_block_data_order_avx:
762 lea `-64-($win64?6*16:0)`(%rsp),%rsp
764 $code.=<<___ if ($win64);
765 movaps %xmm6,64+0(%rsp)
766 movaps %xmm7,64+16(%rsp)
767 movaps %xmm8,64+32(%rsp)
768 movaps %xmm9,64+48(%rsp)
769 movaps %xmm10,64+64(%rsp)
770 movaps %xmm11,64+80(%rsp)
774 mov %rdi,$ctx # reassigned argument
775 mov %rsi,$inp # reassigned argument
776 mov %rdx,$num # reassigned argument
781 lea K_XX_XX(%rip),$K_XX_XX
783 mov 0($ctx),$A # load context
787 mov $B,@T[0] # magic seed
793 vmovdqa 64($K_XX_XX),@X[2] # pbswap mask
794 vmovdqa 0($K_XX_XX),$Kx # K_00_19
795 vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3]
796 vmovdqu 16($inp),@X[-3&7]
797 vmovdqu 32($inp),@X[-2&7]
798 vmovdqu 48($inp),@X[-1&7]
799 vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap
801 vpshufb @X[2],@X[-3&7],@X[-3&7]
802 vpshufb @X[2],@X[-2&7],@X[-2&7]
803 vpshufb @X[2],@X[-1&7],@X[-1&7]
804 vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19
805 vpaddd $Kx,@X[-3&7],@X[1]
806 vpaddd $Kx,@X[-2&7],@X[2]
807 vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU
808 vmovdqa @X[1],16(%rsp)
809 vmovdqa @X[2],32(%rsp)
813 sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4
816 my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
821 &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]"
825 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
828 &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords
831 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]"
835 &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]"
841 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]"
844 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
848 &vpsrld (@Tx[0],@X[0],31);
854 &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword
855 &vpaddd (@X[0],@X[0],@X[0]);
861 &vpsrld (@Tx[1],@Tx[2],30);
862 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1
868 &vpslld (@Tx[2],@Tx[2],2);
869 &vpxor (@X[0],@X[0],@Tx[1]);
875 &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2
878 &vmovdqa ($Kx,eval(16*(($Xi)/5))."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX
883 foreach (@insns) { eval; } # remaining instructions [if any]
885 $Xi++; push(@X,shift(@X)); # "rotate" X[]
888 sub Xupdate_avx_32_79()
891 my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions
894 &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]"
895 &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
896 eval(shift(@insns)); # body_20_39
899 eval(shift(@insns)); # rol
901 &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
903 eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/);
904 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
905 &vmovdqa ($Kx,eval(16*($Xi/5))."($K_XX_XX)") if ($Xi%5==0);
906 eval(shift(@insns)); # ror
909 &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]"
910 eval(shift(@insns)); # body_20_39
913 eval(shift(@insns)); # rol
915 &vpsrld (@Tx[0],@X[0],30);
916 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
919 eval(shift(@insns)); # ror
922 &vpslld (@X[0],@X[0],2);
923 eval(shift(@insns)); # body_20_39
926 eval(shift(@insns)); # rol
929 eval(shift(@insns)); # ror
932 &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2
933 eval(shift(@insns)); # body_20_39
936 eval(shift(@insns)); # rol
939 eval(shift(@insns)); # rol
942 foreach (@insns) { eval; } # remaining instructions
944 $Xi++; push(@X,shift(@X)); # "rotate" X[]
950 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
954 &vpaddd (@Tx[1],$Kx,@X[-1&7]);
960 &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
962 foreach (@insns) { eval; } # remaining instructions
965 &je ($done_avx_label);
967 &vmovdqa(@X[2],"64($K_XX_XX)"); # pbswap mask
968 &vmovdqa($Kx,"0($K_XX_XX)"); # K_00_19
969 &vmovdqu(@X[-4&7],"0($inp)"); # load input
970 &vmovdqu(@X[-3&7],"16($inp)");
971 &vmovdqu(@X[-2&7],"32($inp)");
972 &vmovdqu(@X[-1&7],"48($inp)");
973 &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap
982 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
987 &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
990 &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],$Kx);
995 &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]); # X[]+K xfer to IALU
999 foreach (@insns) { eval; }
1006 my @insns = (&$body,&$body,&$body,&$body); # 32 instructions
1007 my ($a,$b,$c,$d,$e);
1009 foreach (@insns) { eval; }
1016 &Xupdate_avx_16_31(\&body_00_19);
1017 &Xupdate_avx_16_31(\&body_00_19);
1018 &Xupdate_avx_16_31(\&body_00_19);
1019 &Xupdate_avx_16_31(\&body_00_19);
1020 &Xupdate_avx_32_79(\&body_00_19);
1021 &Xupdate_avx_32_79(\&body_20_39);
1022 &Xupdate_avx_32_79(\&body_20_39);
1023 &Xupdate_avx_32_79(\&body_20_39);
1024 &Xupdate_avx_32_79(\&body_20_39);
1025 &Xupdate_avx_32_79(\&body_20_39);
1026 &Xupdate_avx_32_79(\&body_40_59);
1027 &Xupdate_avx_32_79(\&body_40_59);
1028 &Xupdate_avx_32_79(\&body_40_59);
1029 &Xupdate_avx_32_79(\&body_40_59);
1030 &Xupdate_avx_32_79(\&body_40_59);
1031 &Xupdate_avx_32_79(\&body_20_39);
1032 &Xuplast_avx_80(\&body_20_39); # can jump to "done"
1034 $saved_j=$j; @saved_V=@V;
1036 &Xloop_avx(\&body_20_39);
1037 &Xloop_avx(\&body_20_39);
1038 &Xloop_avx(\&body_20_39);
1041 add 0($ctx),$A # update context
1048 mov @T[0],$B # magic seed
1060 $j=$saved_j; @V=@saved_V;
1062 &Xtail_avx(\&body_20_39);
1063 &Xtail_avx(\&body_20_39);
1064 &Xtail_avx(\&body_20_39);
1069 add 0($ctx),$A # update context
1080 $code.=<<___ if ($win64);
1081 movaps 64+0(%rsp),%xmm6
1082 movaps 64+16(%rsp),%xmm7
1083 movaps 64+32(%rsp),%xmm8
1084 movaps 64+48(%rsp),%xmm9
1085 movaps 64+64(%rsp),%xmm10
1086 movaps 64+80(%rsp),%xmm11
1089 lea `64+($win64?6*16:0)`(%rsp),%rsi
1096 .size sha1_block_data_order_avx,.-sha1_block_data_order_avx
1102 .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
1103 .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39
1104 .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
1105 .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
1106 .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
1110 .asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
1114 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
1115 # CONTEXT *context,DISPATCHER_CONTEXT *disp)
1123 .extern __imp_RtlVirtualUnwind
1124 .type se_handler,\@abi-omnipotent
1138 mov 120($context),%rax # pull context->Rax
1139 mov 248($context),%rbx # pull context->Rip
1141 lea .Lprologue(%rip),%r10
1142 cmp %r10,%rbx # context->Rip<.Lprologue
1143 jb .Lcommon_seh_tail
1145 mov 152($context),%rax # pull context->Rsp
1147 lea .Lepilogue(%rip),%r10
1148 cmp %r10,%rbx # context->Rip>=.Lepilogue
1149 jae .Lcommon_seh_tail
1151 mov `16*4`(%rax),%rax # pull saved stack pointer
1158 mov %rbx,144($context) # restore context->Rbx
1159 mov %rbp,160($context) # restore context->Rbp
1160 mov %r12,216($context) # restore context->R12
1161 mov %r13,224($context) # restore context->R13
1163 jmp .Lcommon_seh_tail
1164 .size se_handler,.-se_handler
1166 .type ssse3_handler,\@abi-omnipotent
1180 mov 120($context),%rax # pull context->Rax
1181 mov 248($context),%rbx # pull context->Rip
1183 mov 8($disp),%rsi # disp->ImageBase
1184 mov 56($disp),%r11 # disp->HandlerData
1186 mov 0(%r11),%r10d # HandlerData[0]
1187 lea (%rsi,%r10),%r10 # prologue label
1188 cmp %r10,%rbx # context->Rip<prologue label
1189 jb .Lcommon_seh_tail
1191 mov 152($context),%rax # pull context->Rsp
1193 mov 4(%r11),%r10d # HandlerData[1]
1194 lea (%rsi,%r10),%r10 # epilogue label
1195 cmp %r10,%rbx # context->Rip>=epilogue label
1196 jae .Lcommon_seh_tail
1199 lea 512($context),%rdi # &context.Xmm6
1201 .long 0xa548f3fc # cld; rep movsq
1202 lea `24+64+6*16`(%rax),%rax # adjust stack pointer
1207 mov %rbx,144($context) # restore context->Rbx
1208 mov %rbp,160($context) # restore context->Rbp
1209 mov %r12,216($context) # restore cotnext->R12
1214 mov %rax,152($context) # restore context->Rsp
1215 mov %rsi,168($context) # restore context->Rsi
1216 mov %rdi,176($context) # restore context->Rdi
1218 mov 40($disp),%rdi # disp->ContextRecord
1219 mov $context,%rsi # context
1220 mov \$154,%ecx # sizeof(CONTEXT)
1221 .long 0xa548f3fc # cld; rep movsq
1224 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
1225 mov 8(%rsi),%rdx # arg2, disp->ImageBase
1226 mov 0(%rsi),%r8 # arg3, disp->ControlPc
1227 mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
1228 mov 40(%rsi),%r10 # disp->ContextRecord
1229 lea 56(%rsi),%r11 # &disp->HandlerData
1230 lea 24(%rsi),%r12 # &disp->EstablisherFrame
1231 mov %r10,32(%rsp) # arg5
1232 mov %r11,40(%rsp) # arg6
1233 mov %r12,48(%rsp) # arg7
1234 mov %rcx,56(%rsp) # arg8, (NULL)
1235 call *__imp_RtlVirtualUnwind(%rip)
1237 mov \$1,%eax # ExceptionContinueSearch
1249 .size ssse3_handler,.-ssse3_handler
1253 .rva .LSEH_begin_sha1_block_data_order
1254 .rva .LSEH_end_sha1_block_data_order
1255 .rva .LSEH_info_sha1_block_data_order
1256 .rva .LSEH_begin_sha1_block_data_order_ssse3
1257 .rva .LSEH_end_sha1_block_data_order_ssse3
1258 .rva .LSEH_info_sha1_block_data_order_ssse3
1260 $code.=<<___ if ($avx);
1261 .rva .LSEH_begin_sha1_block_data_order_avx
1262 .rva .LSEH_end_sha1_block_data_order_avx
1263 .rva .LSEH_info_sha1_block_data_order_avx
1268 .LSEH_info_sha1_block_data_order:
1271 .LSEH_info_sha1_block_data_order_ssse3:
1274 .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[]
1276 $code.=<<___ if ($avx);
1277 .LSEH_info_sha1_block_data_order_avx:
1280 .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[]
1284 ####################################################################
1286 $code =~ s/\`([^\`]*)\`/eval $1/gem;
projects / openssl.git / blob