Hi, > This patch is a contribution to OpenSSL. It offers an efficient > implementations > of AES-GCM. The implementation uses Intel's AES and PCLMULQDQ instructions > (AES-NI), > and is designed for the current (and future) Intel Core Processors, with the > AVX > instruction set (the 2nd, the 3rd, and the (future) 4th Generation Intel > Core). > The reduction method that is used in this patch is described in [4], and is > especially suitable for architectures that have fast PCLMULQDQ performance.
Trouble with GCM stitches is that no published result was observed to be *significantly* better performance than sum of GCM components. I've also attempted implementation using radically different parameters and the only platform where improvement was notable was Westmere with 10%. And recent developments, i.e. improvements to aesni_ctr32_encrypt_blocks and ghash [which by the way uses reduction algorithms suggested here], so to say officially render effort unjustifiable, at least for contemporary u-architectures. http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4e049c52599d4a3fd918ba8570f49d88159e551b adds Haswell-specific code which is based on combination of *multiple* submissions, including this one, and reportedly provides better performance. A lot of thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
