ghash-armv4.pl: excuse myself from implementing "528B" flavour.

author Andy Polyakov <appro@openssl.org>

Fri, 2 Jul 2010 08:14:12 +0000 (08:14 +0000)

committer Andy Polyakov <appro@openssl.org>

Fri, 2 Jul 2010 08:14:12 +0000 (08:14 +0000)
author Andy Polyakov <appro@openssl.org>
Fri, 2 Jul 2010 08:14:12 +0000 (08:14 +0000)
committer Andy Polyakov <appro@openssl.org>
Fri, 2 Jul 2010 08:14:12 +0000 (08:14 +0000)
diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl

index b3c0f7ee5a5126e0c38d981edc082c226f75d44b..5385d39d5bc7da8722f4720101e39c55946386b3 100644 (file)
--- a/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/modes/asm/ghash-armv4.pl
@@ -19,6 +19,16 @@
  # loop, this assembler loop body was found to be ~3x smaller than
  # compiler-generated one...
  #
+# Note about "528B" variant. In ARM case it makes lesser sense to
+# implement it for following reasons:
+#
+# - performance improvement won't be anywhere near 50%, because 128-
+#   bit shift operation is neatly fused with 128-bit xor here, and
+#   "538B" variant would eliminate only 4-5 instructions out of 32
+#   in the inner loop (meaning that estimated improvement is ~15%);
+# - ARM-based systems are often embedded ones and extra memory
+#   consumption might be unappreciated (for so little improvement);
+#
  # Byte order [in]dependence. =========================================
  #
  # Caller is expected to maintain specific *dword* order in Htable,
author	Andy Polyakov <appro@openssl.org>
	Fri, 2 Jul 2010 08:14:12 +0000 (08:14 +0000)
committer	Andy Polyakov <appro@openssl.org>
	Fri, 2 Jul 2010 08:14:12 +0000 (08:14 +0000)