From: Andy Polyakov <appro@openssl.org>
Date: Fri, 2 Jul 2010 08:14:12 +0000 (+0000)
Subject: ghash-armv4.pl: excuse myself from implementing "528B" flavour.
X-Git-Tag: OpenSSL-fips-2_0-rc1~1063
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=acbcc271b103e3e578b5ed316720c6b4f69facc9;p=openssl

ghash-armv4.pl: excuse myself from implementing "528B" flavour.
---

diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
index b3c0f7ee5a..5385d39d5b 100644
--- a/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/modes/asm/ghash-armv4.pl
@@ -19,6 +19,16 @@
 # loop, this assembler loop body was found to be ~3x smaller than
 # compiler-generated one...
 #
+# Note about "528B" variant. In ARM case it makes lesser sense to
+# implement it for following reasons:
+#
+# - performance improvement won't be anywhere near 50%, because 128-
+#   bit shift operation is neatly fused with 128-bit xor here, and
+#   "538B" variant would eliminate only 4-5 instructions out of 32
+#   in the inner loop (meaning that estimated improvement is ~15%);
+# - ARM-based systems are often embedded ones and extra memory
+#   consumption might be unappreciated (for so little improvement);
+#
 # Byte order [in]dependence. =========================================
 #
 # Caller is expected to maintain specific *dword* order in Htable,