Bug 1613238 - POWER SHA-2 digest vector acceleration. r=jcj,kjacobs

Differential Revision: https://phabricator.services.mozilla.com/D70519
author: Lauri Kasanen <cand@gmx.com> 2020-04-21 16:41:54 +0000
committer: Lauri Kasanen <cand@gmx.com> 2020-04-21 16:41:54 +0000
commit: 8a4ebeb36417249ebb14911683607968d93a40f9 (patch)
tree: 52591cc90a66018b8dc79bec3f16c840a53770c1
parent: 1341c7c22ce500a11d92350131baa5f28dc1390d (diff)
download: nss-hg-8a4ebeb36417249ebb14911683607968d93a40f9.tar.gz
11 files changed, 1940 insertions, 100 deletions
diff --git a/lib/freebl/Makefile b/lib/freebl/Makefile
index 898a0b9e0..3e75dbff7 100644
--- a/lib/freebl/Makefile
+++ b/lib/freebl/Makefile
@@ -267,6 +267,7 @@ ifeq ($(CPU_ARCH),arm)
 endif
 ifeq ($(CPU_ARCH),ppc)
     EXTRA_SRCS += gcm-ppc.c
+    ASFILES += sha512-p8.s
 ifdef USE_64
     DEFINES += -DNSS_NO_INIT_SUPPORT
 endif # USE_64
@@ -794,6 +795,8 @@ ifndef NSS_DISABLE_ALTIVEC
 $(OBJDIR)/$(PROG_PREFIX)gcm-ppc$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx
 $(OBJDIR)/$(PROG_PREFIX)gcm$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx
 $(OBJDIR)/$(PROG_PREFIX)rijndael$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx
+$(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx \
+					-funroll-loops -fpeel-loops
 endif
 endif
 
diff --git a/lib/freebl/freebl.gyp b/lib/freebl/freebl.gyp
index 5975b76cd..dd9446da6 100644
--- a/lib/freebl/freebl.gyp
+++ b/lib/freebl/freebl.gyp
@@ -258,7 +258,8 @@
       'target_name': 'gcm-aes-ppc_c_lib',
       'type': 'static_library',
       'sources': [
-        'gcm-ppc.c'
+        'gcm-ppc.c',
+        'sha512-p8.s',
       ],
       'dependencies': [
         '<(DEPTH)/exports.gyp:nss_exports'
@@ -270,7 +271,58 @@
       'cflags_mozilla': [
         '-mcrypto',
         '-maltivec'
-      ]
+      ],
+    },
+    {
+      'target_name': 'gcm-sha512-nodepend-ppc_c_lib',
+      'type': 'static_library',
+      'sources': [
+        'sha512.c',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ],
+      'cflags': [
+        '-mcrypto',
+        '-maltivec',
+        '-mvsx',
+        '-funroll-loops',
+        '-fpeel-loops',
+      ],
+      'cflags_mozilla': [
+        '-mcrypto',
+        '-maltivec',
+        '-mvsx',
+        '-funroll-loops',
+        '-fpeel-loops',
+      ],
+    },
+    {
+      'target_name': 'gcm-sha512-ppc_c_lib',
+      'type': 'static_library',
+      'sources': [
+        'sha512.c',
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ],
+      'cflags': [
+        '-mcrypto',
+        '-maltivec',
+        '-mvsx',
+        '-funroll-loops',
+        '-fpeel-loops',
+      ],
+      'cflags_mozilla': [
+        '-mcrypto',
+        '-maltivec',
+        '-mvsx',
+        '-funroll-loops',
+        '-fpeel-loops',
+      ],
+      'defines!': [
+        'FREEBL_NO_DEPEND',
+      ],
     },
     {
       'target_name': 'armv8_c_lib',
@@ -355,6 +407,7 @@
         [ 'disable_altivec==0 and (target_arch=="ppc64" or target_arch=="ppc64le")', {
           'dependencies': [
             'gcm-aes-ppc_c_lib',
+            'gcm-sha512-ppc_c_lib',
           ],
         }],
         [ 'disable_altivec==1 and (target_arch=="ppc64" or target_arch=="ppc64le")', {
@@ -422,6 +475,7 @@
         [ 'disable_altivec==0 and (target_arch=="ppc64" or target_arch=="ppc64le")', {
           'dependencies': [
             'gcm-aes-ppc_c_lib',
+            'gcm-sha512-nodepend-ppc_c_lib',
           ],
         }],
         [ 'disable_altivec==1 and (target_arch=="ppc64" or target_arch=="ppc64le")', {
diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi
index cd21567eb..43a4c2671 100644
--- a/lib/freebl/freebl_base.gypi
+++ b/lib/freebl/freebl_base.gypi
@@ -56,7 +56,6 @@
     'rsa.c',
     'rsapkcs.c',
     'seed.c',
-    'sha512.c',
     'sha_fast.c',
     'shvfy.c',
     'sysrand.c',
@@ -146,6 +145,13 @@
         'ecl/curve25519_32.c',
       ],
     }],
+    ['(target_arch!="ppc64" and target_arch!="ppc64le") or disable_altivec==1', {
+      'sources': [
+        # Gyp does not support per-file cflags, so working around like this.
+        # ppc performance greatly benefits from specific flags.
+        'sha512.c',
+      ],
+    }],
     [ 'disable_chachapoly==0', {
       # The ChaCha20 code is linked in through the static ssse3-crypto lib on
       # all platforms that support SSSE3. There are runtime checks in place to
diff --git a/lib/freebl/gcm.h b/lib/freebl/gcm.h
index 38b066580..21792e0b3 100644
--- a/lib/freebl/gcm.h
+++ b/lib/freebl/gcm.h
@@ -31,26 +31,8 @@
 #include <arm_neon.h>
 #endif
 
-#if defined(__powerpc64__) && !defined(NSS_DISABLE_ALTIVEC)
-#include "altivec-types.h"
-
-/* The ghash freebl test tries to use this in C++, and gcc defines conflict. */
-#ifdef __cplusplus
-#undef pixel
-#undef vector
-#undef bool
-#endif
-
-/*
- * PPC CRYPTO requires at least gcc 8 or clang. The LE check is purely
- * because it's only been tested on LE. If you're interested in BE,
- * please send a patch.
- */
-#if (defined(__clang__) || (defined(__GNUC__) && __GNUC__ >= 8)) && \
-    defined(IS_LITTLE_ENDIAN)
-#define USE_PPC_CRYPTO
-#endif
-
+#if defined(__powerpc64__)
+#include "ppc-crypto.h"
 #endif
 
 SEC_BEGIN_PROTOS
diff --git a/lib/freebl/ppc-crypto.h b/lib/freebl/ppc-crypto.h
new file mode 100644
index 000000000..518f8968d
--- /dev/null
+++ b/lib/freebl/ppc-crypto.h
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PPC_CRYPTO_H
+#define PPC_CRYPTO_H 1
+
+#if defined(__powerpc64__) && !defined(NSS_DISABLE_ALTIVEC)
+#include "altivec-types.h"
+
+/* The ghash freebl test tries to use this in C++, and gcc defines conflict. */
+#ifdef __cplusplus
+#undef pixel
+#undef vector
+#undef bool
+#endif
+
+/*
+ * PPC CRYPTO requires at least gcc 8 or clang. The LE check is purely
+ * because it's only been tested on LE. If you're interested in BE,
+ * please send a patch.
+ */
+#if (defined(__clang__) || (defined(__GNUC__) && __GNUC__ >= 8)) && \
+    defined(IS_LITTLE_ENDIAN)
+#define USE_PPC_CRYPTO
+#endif
+
+#endif /* defined(__powerpc64__) && !defined(NSS_DISABLE_ALTIVEC) */
+
+#endif
diff --git a/lib/freebl/scripts/LICENSE b/lib/freebl/scripts/LICENSE
new file mode 100644
index 000000000..a9335c22f
--- /dev/null
+++ b/lib/freebl/scripts/LICENSE
@@ -0,0 +1,36 @@
+Copyright (c) 2006, CRYPTOGAMS by <appro@openssl.org>
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+      *	Redistributions of source code must retain copyright notices,
+	this list of conditions and the following disclaimer.
+
+      *	Redistributions in binary form must reproduce the above
+	copyright notice, this list of conditions and the following
+	disclaimer in the documentation and/or other materials
+	provided with the distribution.
+
+      *	Neither the name of the CRYPTOGAMS nor the names of its
+	copyright holder and contributors may be used to endorse or
+	promote products derived from this software without specific
+	prior written permission.
+
+ALTERNATIVELY, provided that this notice is retained in full, this
+product may be distributed under the terms of the GNU General Public
+License (GPL), in which case the provisions of the GPL apply INSTEAD OF
+those given above.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/lib/freebl/scripts/gen.sh b/lib/freebl/scripts/gen.sh
new file mode 100755
index 000000000..ea415cc94
--- /dev/null
+++ b/lib/freebl/scripts/gen.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# Run the scripts in this folder, generating the assembly,
+#
+
+perl sha512p8-ppc.pl linux64le sha512-p8.s
+
+# Add the license mention
+cat > hdr << "EOF"
+# Copyright (c) 2006, CRYPTOGAMS by <appro@openssl.org>
+# All rights reserved.
+# See the full LICENSE under scripts/.
+
+EOF
+
+cat hdr sha512-p8.s > ../sha512-p8.s
+
+# Cleanup
+rm hdr sha512-p8.s
diff --git a/lib/freebl/scripts/ppc-xlate.pl b/lib/freebl/scripts/ppc-xlate.pl
new file mode 100644
index 000000000..a0fcf6a31
--- /dev/null
+++ b/lib/freebl/scripts/ppc-xlate.pl
@@ -0,0 +1,352 @@
+#!/usr/bin/env perl
+
+# PowerPC assembler distiller by \@dot-asm.
+
+################################################################
+# Recognized "flavour"-s are:
+#
+# linux{32|64}[le]  GNU assembler and ELF symbol decorations,
+#                   with little-endian option
+# linux64v2         GNU asssembler and big-endian instantiation
+#                   of latest ELF specification
+# aix{32|64}        AIX assembler and symbol decorations
+# osx{32|64}        Mac OS X assembler and symbol decoratons
+
+my $flavour = shift;
+my $output = shift;
+open STDOUT,">$output" || die "can't open $output: $!";
+
+my %GLOBALS;
+my %TYPES;
+my $dotinlocallabels=($flavour=~/linux/)?1:0;
+
+################################################################
+# directives which need special treatment on different platforms
+################################################################
+my $type = sub {
+    my ($dir,$name,$type) = @_;
+
+    $TYPES{$name} = $type;
+    if ($flavour =~ /linux/) {
+	$name =~ s|^\.||;
+	".type	$name,$type";
+    } else {
+	"";
+    }
+};
+my $globl = sub {
+    my $junk = shift;
+    my $name = shift;
+    my $global = \$GLOBALS{$name};
+    my $type = \$TYPES{$name};
+    my $ret;
+
+    $name =~ s|^\.||;
+
+    SWITCH: for ($flavour) {
+	/aix/		&& do { if (!$$type) {
+				    $$type = "\@function";
+				}
+				if ($$type =~ /function/) {
+				    $name = ".$name";
+				}
+				last;
+			      };
+	/osx/		&& do { $name = "_$name";
+				last;
+			      };
+	/linux.*(32|64(le|v2))/
+			&& do {	$ret .= ".globl	$name";
+				if (!$$type) {
+				    $ret .= "\n.type	$name,\@function";
+				    $$type = "\@function";
+				}
+				last;
+			      };
+	/linux.*64/	&& do {	$ret .= ".globl	$name";
+				if (!$$type) {
+				    $ret .= "\n.type	$name,\@function";
+				    $$type = "\@function";
+				}
+				if ($$type =~ /function/) {
+				    $ret .= "\n.section	\".opd\",\"aw\"";
+				    $ret .= "\n.align	3";
+				    $ret .= "\n$name:";
+				    $ret .= "\n.quad	.$name,.TOC.\@tocbase,0";
+				    $ret .= "\n.previous";
+				    $name = ".$name";
+				}
+				last;
+			      };
+    }
+
+    $ret = ".globl	$name" if (!$ret);
+    $$global = $name;
+    $ret;
+};
+my $text = sub {
+    my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text";
+    $ret = ".abiversion	2\n".$ret	if ($flavour =~ /linux.*64(le|v2)/);
+    $ret;
+};
+my $machine = sub {
+    my $junk = shift;
+    my $arch = shift;
+    if ($flavour =~ /osx/)
+    {	$arch =~ s/\"//g;
+	$arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any");
+    }
+    ".machine	$arch";
+};
+my $size = sub {
+    if ($flavour =~ /linux/)
+    {	shift;
+	my $name = shift;
+	my $real = $GLOBALS{$name} ? \$GLOBALS{$name} : \$name;
+	my $ret  = ".size	$$real,.-$$real";
+	$name =~ s|^\.||;
+	if ($$real ne $name) {
+	    $ret .= "\n.size	$name,.-$$real";
+	}
+	$ret;
+    }
+    else
+    {	"";	}
+};
+my $asciz = sub {
+    shift;
+    my $line = join(",",@_);
+    if ($line =~ /^"(.*)"$/)
+    {	".byte	" . join(",",unpack("C*",$1),0) . "\n.align	2";	}
+    else
+    {	"";	}
+};
+my $quad = sub {
+    shift;
+    my @ret;
+    my ($hi,$lo);
+    for (@_) {
+	if (/^0x([0-9a-f]*?)([0-9a-f]{1,8})$/io)
+	{  $hi=$1?"0x$1":"0"; $lo="0x$2";  }
+	elsif (/^([0-9]+)$/o)
+	{  $hi=$1>>32; $lo=$1&0xffffffff;  } # error-prone with 32-bit perl
+	else
+	{  $hi=undef; $lo=$_; }
+
+	if (defined($hi))
+	{  push(@ret,$flavour=~/le$/o?".long\t$lo,$hi":".long\t$hi,$lo");  }
+	else
+	{  push(@ret,".quad	$lo");  }
+    }
+    join("\n",@ret);
+};
+
+################################################################
+# simplified mnemonics not handled by at least one assembler
+################################################################
+my $cmplw = sub {
+    my $f = shift;
+    my $cr = 0; $cr = shift if ($#_>1);
+    # Some out-of-date 32-bit GNU assembler just can't handle cmplw...
+    ($flavour =~ /linux.*32/) ?
+	"	.long	".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 :
+	"	cmplw	".join(',',$cr,@_);
+};
+my $bdnz = sub {
+    my $f = shift;
+    my $bo = $f=~/[\+\-]/ ? 16+9 : 16;	# optional "to be taken" hint
+    "	bc	$bo,0,".shift;
+} if ($flavour!~/linux/);
+my $bltlr = sub {
+    my $f = shift;
+    my $bo = $f=~/\-/ ? 12+2 : 12;	# optional "not to be taken" hint
+    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
+	"	.long	".sprintf "0x%x",19<<26|$bo<<21|16<<1 :
+	"	bclr	$bo,0";
+};
+my $bnelr = sub {
+    my $f = shift;
+    my $bo = $f=~/\-/ ? 4+2 : 4;	# optional "not to be taken" hint
+    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
+	"	.long	".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 :
+	"	bclr	$bo,2";
+};
+my $beqlr = sub {
+    my $f = shift;
+    my $bo = $f=~/-/ ? 12+2 : 12;	# optional "not to be taken" hint
+    ($flavour =~ /linux/) ?		# GNU as doesn't allow most recent hints
+	"	.long	".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 :
+	"	bclr	$bo,2";
+};
+# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two
+# arguments is 64, with "operand out of range" error.
+my $extrdi = sub {
+    my ($f,$ra,$rs,$n,$b) = @_;
+    $b = ($b+$n)&63; $n = 64-$n;
+    "	rldicl	$ra,$rs,$b,$n";
+};
+my $vmr = sub {
+    my ($f,$vx,$vy) = @_;
+    "	vor	$vx,$vy,$vy";
+};
+
+# Some ABIs specify vrsave, special-purpose register #256, as reserved
+# for system use.
+my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/);
+my $mtspr = sub {
+    my ($f,$idx,$ra) = @_;
+    if ($idx == 256 && $no_vrsave) {
+	"	or	$ra,$ra,$ra";
+    } else {
+	"	mtspr	$idx,$ra";
+    }
+};
+my $mfspr = sub {
+    my ($f,$rd,$idx) = @_;
+    if ($idx == 256 && $no_vrsave) {
+	"	li	$rd,-1";
+    } else {
+	"	mfspr	$rd,$idx";
+    }
+};
+
+# PowerISA 2.06 stuff
+sub vsxmem_op {
+    my ($f, $vrt, $ra, $rb, $op) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|($rb<<11)|($op*2+1);
+}
+# made-up unaligned memory reference AltiVec/VMX instructions
+my $lvx_u	= sub {	vsxmem_op(@_, 844); };	# lxvd2x
+my $stvx_u	= sub {	vsxmem_op(@_, 972); };	# stxvd2x
+my $lvdx_u	= sub {	vsxmem_op(@_, 588); };	# lxsdx
+my $stvdx_u	= sub {	vsxmem_op(@_, 716); };	# stxsdx
+my $lvx_4w	= sub { vsxmem_op(@_, 780); };	# lxvw4x
+my $stvx_4w	= sub { vsxmem_op(@_, 908); };	# stxvw4x
+my $lvx_splt	= sub { vsxmem_op(@_, 332); };	# lxvdsx
+# VSX instruction[s] masqueraded as made-up AltiVec/VMX
+my $vpermdi	= sub {				# xxpermdi
+    my ($f, $vrt, $vra, $vrb, $dm) = @_;
+    $dm = oct($dm) if ($dm =~ /^0/);
+    "	.long	".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7;
+};
+
+# PowerISA 2.07 stuff
+sub vcrypto_op {
+    my ($f, $vrt, $vra, $vrb, $op) = @_;
+    "	.long	".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|$op;
+}
+sub vfour {
+    my ($f, $vrt, $vra, $vrb, $vrc, $op) = @_;
+    "	.long	".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|$op;
+};
+my $vcipher	= sub { vcrypto_op(@_, 1288); };
+my $vcipherlast	= sub { vcrypto_op(@_, 1289); };
+my $vncipher	= sub { vcrypto_op(@_, 1352); };
+my $vncipherlast= sub { vcrypto_op(@_, 1353); };
+my $vsbox	= sub { vcrypto_op(@_, 0, 1480); };
+my $vshasigmad	= sub { my ($st,$six)=splice(@_,-2); vcrypto_op(@_, $st<<4|$six, 1730); };
+my $vshasigmaw	= sub { my ($st,$six)=splice(@_,-2); vcrypto_op(@_, $st<<4|$six, 1666); };
+my $vpmsumb	= sub { vcrypto_op(@_, 1032); };
+my $vpmsumd	= sub { vcrypto_op(@_, 1224); };
+my $vpmsubh	= sub { vcrypto_op(@_, 1096); };
+my $vpmsumw	= sub { vcrypto_op(@_, 1160); };
+# These are not really crypto, but vcrypto_op template works
+my $vaddudm	= sub { vcrypto_op(@_, 192);  };
+my $vadduqm	= sub { vcrypto_op(@_, 256);  };
+my $vmuleuw	= sub { vcrypto_op(@_, 648);  };
+my $vmulouw	= sub { vcrypto_op(@_, 136);  };
+my $vrld	= sub { vcrypto_op(@_, 196);  };
+my $vsld	= sub { vcrypto_op(@_, 1476); };
+my $vsrd	= sub { vcrypto_op(@_, 1732); };
+my $vsubudm	= sub { vcrypto_op(@_, 1216); };
+my $vaddcuq	= sub { vcrypto_op(@_, 320);  };
+my $vaddeuqm	= sub { vfour(@_,60); };
+my $vaddecuq	= sub { vfour(@_,61); };
+my $vmrgew	= sub { vfour(@_,0,1932); };
+my $vmrgow	= sub { vfour(@_,0,1676); };
+
+my $mtsle	= sub {
+    my ($f, $arg) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($arg<<21)|(147*2);
+};
+
+# VSX instructions masqueraded as AltiVec/VMX
+my $mtvrd	= sub {
+    my ($f, $vrt, $ra) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(179<<1)|1;
+};
+my $mtvrwz	= sub {
+    my ($f, $vrt, $ra) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(243<<1)|1;
+};
+my $lvwzx_u	= sub { vsxmem_op(@_, 12); };	# lxsiwzx
+my $stvwx_u	= sub { vsxmem_op(@_, 140); };	# stxsiwx
+
+# PowerISA 3.0 stuff
+my $maddhdu	= sub { vfour(@_,49); };
+my $maddld	= sub { vfour(@_,51); };
+my $darn = sub {
+    my ($f, $rt, $l) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($l<<16)|(755<<1);
+};
+my $iseleq = sub {
+    my ($f, $rt, $ra, $rb) = @_;
+    "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|(2<<6)|30;
+};
+# VSX instruction[s] masqueraded as made-up AltiVec/VMX
+my $vspltib	= sub {				# xxspltib
+    my ($f, $vrt, $imm8) = @_;
+    $imm8 = oct($imm8) if ($imm8 =~ /^0/);
+    $imm8 &= 0xff;
+    "	.long	".sprintf "0x%X",(60<<26)|($vrt<<21)|($imm8<<11)|(360<<1)|1;
+};
+
+# PowerISA 3.0B stuff
+my $addex = sub {
+    my ($f, $rt, $ra, $rb, $cy) = @_;	# only cy==0 is specified in 3.0B
+    "	.long	".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($cy<<9)|(170<<1);
+};
+my $vmsumudm	= sub { vfour(@_,35); };
+
+while($line=<>) {
+
+    $line =~ s|[#!;].*$||;	# get rid of asm-style comments...
+    $line =~ s|/\*.*\*/||;	# ... and C-style comments...
+    $line =~ s|^\s+||;		# ... and skip white spaces in beginning...
+    $line =~ s|\s+$||;		# ... and at the end
+
+    {
+	$line =~ s|\.L(\w+)|L$1|g;	# common denominator for Locallabel
+	$line =~ s|\bL(\w+)|\.L$1|g	if ($dotinlocallabels);
+    }
+
+    {
+	$line =~ s|(^[\.\w]+)\:\s*||;
+	my $label = $1;
+	if ($label) {
+	    my $xlated = ($GLOBALS{$label} or $label);
+	    print "$xlated:";
+	    if ($flavour =~ /linux.*64(le|v2)/) {
+		if ($TYPES{$label} =~ /function/) {
+		    printf "\n.localentry	%s,0\n",$xlated;
+		}
+	    }
+	}
+    }
+
+    {
+	$line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||;
+	my $c = $1; $c = "\t" if ($c eq "");
+	my $mnemonic = $2;
+	my $f = $3;
+	my $opcode = eval("\$$mnemonic");
+	$line =~ s/\b(c?[rf]|v|vs)([0-9]+)\b/$2/g if ($c ne "." and $flavour !~ /osx/);
+	if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(/,\s*/,$line)); }
+	elsif ($mnemonic)           { $line = $c.$mnemonic.$f."\t".$line; }
+    }
+
+    print $line if ($line);
+    print "\n";
+}
+
+close STDOUT;
diff --git a/lib/freebl/scripts/sha512p8-ppc.pl b/lib/freebl/scripts/sha512p8-ppc.pl
new file mode 100644
index 000000000..3bef98be7
--- /dev/null
+++ b/lib/freebl/scripts/sha512p8-ppc.pl
@@ -0,0 +1,413 @@
+#!/usr/bin/env perl
+
+# ====================================================================
+# Written by Andy Polyakov, @dot-asm, initially for use in the OpenSSL
+# project. The module is dual licensed under OpenSSL and CRYPTOGAMS
+# licenses depending on where you obtain it. For further details see
+# https://github.com/dot-asm/cryptogams/.
+# ====================================================================
+
+# SHA256/512 for PowerISA v2.07.
+#
+# Accurate performance measurements are problematic, because it's
+# always virtualized setup with possibly throttled processor.
+# Relative comparison is therefore more informative. This module is
+# ~60% faster than integer-only sha512-ppc.pl. To anchor to something
+# else, SHA256 is 24% slower than sha1-ppc.pl and 2.5x slower than
+# hardware-assisted aes-128-cbc encrypt. SHA512 is 20% faster than
+# sha1-ppc.pl and 1.6x slower than aes-128-cbc. Another interesting
+# result is degree of computational resources' utilization. POWER8 is
+# "massively multi-threaded chip" and difference between single- and
+# maximum multi-process benchmark results tells that utilization is
+# whooping 94%. For sha512-ppc.pl we get [not unimpressive] 84% and
+# for sha1-ppc.pl - 73%. 100% means that multi-process result equals
+# to single-process one, given that all threads end up on the same
+# physical core.
+#
+######################################################################
+# Believed-to-be-accurate results in cycles per processed byte [on
+# little-endian system]. Numbers in square brackets are for 64-bit
+# build of sha512-ppc.pl, presented for reference.
+#
+#		POWER8		POWER9
+# SHA256	9.7 [15.8]	11.2 [12.5]
+# SHA512	6.1 [10.3]	7.0 [7.9]
+
+$flavour=shift;
+$output =shift;
+
+if ($flavour =~ /64/) {
+	$SIZE_T=8;
+	$LRSAVE=2*$SIZE_T;
+	$STU="stdu";
+	$POP="ld";
+	$PUSH="std";
+} elsif ($flavour =~ /32/) {
+	$SIZE_T=4;
+	$LRSAVE=$SIZE_T;
+	$STU="stwu";
+	$POP="lwz";
+	$PUSH="stw";
+} else { die "nonsense $flavour"; }
+
+$LENDIAN=($flavour=~/le/);
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
+die "can't locate ppc-xlate.pl";
+
+open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!";
+
+if ($output =~ /512/) {
+	$bits=512;
+	$SZ=8;
+	$sz="d";
+	$rounds=80;
+} else {
+	$bits=256;
+	$SZ=4;
+	$sz="w";
+	$rounds=64;
+}
+
+$func="sha${bits}_block_p8";
+$LOCALS=8*$SIZE_T+8*16;
+$FRAME=$LOCALS+9*16+6*$SIZE_T;
+
+$sp ="r1";
+$toc="r2";
+$ctx="r3";
+$inp="r4";
+$num="r5";
+$Tbl="r6";
+$idx="r7";
+$lrsave="r8";
+$offload="r11";
+$vrsave="r12";
+@I = ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70) = (0,map("r$_",(10,26..31)));
+
+@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7));
+@X=map("v$_",(8..19,24..27));
+($Ki,$Func,$Sigma,$lemask)=map("v$_",(28..31));
+
+sub ROUND {
+my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my $j=($i+1)%16;
+my $k=($i+2)%8;
+
+$code.=<<___		if ($i<15 && ($i%(16/$SZ))==(16/$SZ-1));
+	lvx_u		@X[$i+1],0,$inp		; load X[i] in advance
+	addi		$inp,$inp,16
+___
+$code.=<<___		if ($i<16 && ($i%(16/$SZ)));
+	vsldoi		@X[$i],@X[$i-1],@X[$i-1],$SZ
+___
+$code.=<<___		if ($LENDIAN && $i<16 && ($i%(16/$SZ))==0);
+	vperm		@X[$i],@X[$i],@X[$i],$lemask
+___
+$code.=<<___		if ($i>=15);
+	vshasigma${sz}	$Sigma,@X[($j+1)%16],0,0
+	vaddu${sz}m	@X[$j],@X[$j],$Sigma
+	vshasigma${sz}	$Sigma,@X[($j+14)%16],0,15
+	vaddu${sz}m	@X[$j],@X[$j],$Sigma
+	vaddu${sz}m	@X[$j],@X[$j],@X[($j+9)%16]
+___
+$code.=<<___;
+	vaddu${sz}m	$h,$h,@X[$i%16]		; h+=X[i]
+	vsel		$Func,$g,$f,$e		; Ch(e,f,g)
+	vaddu${sz}m	$g,$g,$Ki		; future h+=K[i]
+	vaddu${sz}m	$h,$h,$Func		; h+=Ch(e,f,g)
+	vshasigma${sz}	$Sigma,$e,1,15		; Sigma1(e)
+	vaddu${sz}m	$h,$h,$Sigma		; h+=Sigma1(e)
+	vxor		$Func,$a,$b
+	vsel		$Func,$b,$c,$Func	; Maj(a,b,c)
+	vaddu${sz}m	$d,$d,$h		; d+=h
+	vshasigma${sz}	$Sigma,$a,1,0		; Sigma0(a)
+	vaddu${sz}m	$Sigma,$Sigma,$Func	; Sigma0(a)+Maj(a,b,c)
+	vaddu${sz}m	$h,$h,$Sigma		; h+=Sigma0(a)+Maj(a,b,c)
+	lvx		$Ki,@I[$k],$idx		; load next K[i]
+___
+$code.=<<___		if ($k == 7);
+	addi		$idx,$idx,0x80
+___
+}
+
+$code=<<___;
+.machine	"any"
+.text
+
+.globl	$func
+.align	6
+$func:
+	$STU		$sp,-$FRAME($sp)
+	mflr		$lrsave
+	li		r10,`$LOCALS+15`
+	li		r11,`$LOCALS+31`
+	stvx		v24,r10,$sp		# ABI says so
+	addi		r10,r10,32
+	mfspr		$vrsave,256
+	stvx		v25,r11,$sp
+	addi		r11,r11,32
+	stvx		v26,r10,$sp
+	addi		r10,r10,32
+	stvx		v27,r11,$sp
+	addi		r11,r11,32
+	stvx		v28,r10,$sp
+	addi		r10,r10,32
+	stvx		v29,r11,$sp
+	addi		r11,r11,32
+	stvx		v30,r10,$sp
+	stvx		v31,r11,$sp
+	li		r11,-4096+255		# 0xfffff0ff
+	stw		$vrsave,`$FRAME-6*$SIZE_T-4`($sp)	# save vrsave
+	li		$x10,0x10
+	$PUSH		r26,`$FRAME-6*$SIZE_T`($sp)
+	li		$x20,0x20
+	$PUSH		r27,`$FRAME-5*$SIZE_T`($sp)
+	li		$x30,0x30
+	$PUSH		r28,`$FRAME-4*$SIZE_T`($sp)
+	li		$x40,0x40
+	$PUSH		r29,`$FRAME-3*$SIZE_T`($sp)
+	li		$x50,0x50
+	$PUSH		r30,`$FRAME-2*$SIZE_T`($sp)
+	li		$x60,0x60
+	$PUSH		r31,`$FRAME-1*$SIZE_T`($sp)
+	li		$x70,0x70
+	$PUSH		$lrsave,`$FRAME+$LRSAVE`($sp)
+	mtspr		256,r11
+
+	bl		LPICmeup
+	addi		$offload,$sp,`8*$SIZE_T+15`
+___
+$code.=<<___		if ($LENDIAN);
+	li		$idx,8
+	lvsl		$lemask,0,$idx
+	vspltisb	$Ki,0x0f
+	vxor		$lemask,$lemask,$Ki
+___
+$code.=<<___		if ($SZ==4);
+	lvx_4w		$A,$x00,$ctx
+	lvx_4w		$E,$x10,$ctx
+	vsldoi		$B,$A,$A,4		# unpack
+	vsldoi		$C,$A,$A,8
+	vsldoi		$D,$A,$A,12
+	vsldoi		$F,$E,$E,4
+	vsldoi		$G,$E,$E,8
+	vsldoi		$H,$E,$E,12
+___
+$code.=<<___		if ($SZ==8);
+	lvx_u		$A,$x00,$ctx
+	lvx_u		$C,$x10,$ctx
+	lvx_u		$E,$x20,$ctx
+	vsldoi		$B,$A,$A,8		# unpack
+	lvx_u		$G,$x30,$ctx
+	vsldoi		$D,$C,$C,8
+	vsldoi		$F,$E,$E,8
+	vsldoi		$H,$G,$G,8
+___
+$code.=<<___;
+	li		r0,`($rounds-16)/16`	# inner loop counter
+	b		Loop
+.align	5
+Loop:
+	lvx		$Ki,$x00,$Tbl
+	lvx_u		@X[0],0,$inp
+	addi		$inp,$inp,16
+	mr		$idx,$Tbl		# copy $Tbl
+	stvx		$A,$x00,$offload	# offload $A-$H
+	stvx		$B,$x10,$offload
+	stvx		$C,$x20,$offload
+	stvx		$D,$x30,$offload
+	stvx		$E,$x40,$offload
+	stvx		$F,$x50,$offload
+	stvx		$G,$x60,$offload
+	stvx		$H,$x70,$offload
+	vaddu${sz}m	$H,$H,$Ki		# h+K[i]
+	lvx		$Ki,$x10,$Tbl
+___
+for ($i=0;$i<16;$i++)	{ &ROUND($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	mtctr		r0
+	b		L16_xx
+.align	5
+L16_xx:
+___
+for (;$i<32;$i++)	{ &ROUND($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+	bdnz		L16_xx
+
+	lvx		@X[2],$x00,$offload
+	subic.		$num,$num,1
+	lvx		@X[3],$x10,$offload
+	vaddu${sz}m	$A,$A,@X[2]
+	lvx		@X[4],$x20,$offload
+	vaddu${sz}m	$B,$B,@X[3]
+	lvx		@X[5],$x30,$offload
+	vaddu${sz}m	$C,$C,@X[4]
+	lvx		@X[6],$x40,$offload
+	vaddu${sz}m	$D,$D,@X[5]
+	lvx		@X[7],$x50,$offload
+	vaddu${sz}m	$E,$E,@X[6]
+	lvx		@X[8],$x60,$offload
+	vaddu${sz}m	$F,$F,@X[7]
+	lvx		@X[9],$x70,$offload
+	vaddu${sz}m	$G,$G,@X[8]
+	vaddu${sz}m	$H,$H,@X[9]
+	bne		Loop
+___
+$code.=<<___		if ($SZ==4);
+	lvx		@X[0],$x20,$idx
+	vperm		$A,$A,$B,$Ki		# pack the answer
+	lvx		@X[1],$x30,$idx
+	vperm		$E,$E,$F,$Ki
+	vperm		$A,$A,$C,@X[0]
+	vperm		$E,$E,$G,@X[0]
+	vperm		$A,$A,$D,@X[1]
+	vperm		$E,$E,$H,@X[1]
+	stvx_4w		$A,$x00,$ctx
+	stvx_4w		$E,$x10,$ctx
+___
+$code.=<<___		if ($SZ==8);
+	vperm		$A,$A,$B,$Ki		# pack the answer
+	vperm		$C,$C,$D,$Ki
+	vperm		$E,$E,$F,$Ki
+	vperm		$G,$G,$H,$Ki
+	stvx_u		$A,$x00,$ctx
+	stvx_u		$C,$x10,$ctx
+	stvx_u		$E,$x20,$ctx
+	stvx_u		$G,$x30,$ctx
+___
+$code.=<<___;
+	addi		$offload,$sp,`$LOCALS+15`
+	mtlr		$lrsave
+	mtspr		256,$vrsave
+	lvx		v24,$x00,$offload	# ABI says so
+	lvx		v25,$x10,$offload
+	lvx		v26,$x20,$offload
+	lvx		v27,$x30,$offload
+	lvx		v28,$x40,$offload
+	lvx		v29,$x50,$offload
+	lvx		v30,$x60,$offload
+	lvx		v31,$x70,$offload
+	$POP		r26,`$FRAME-6*$SIZE_T`($sp)
+	$POP		r27,`$FRAME-5*$SIZE_T`($sp)
+	$POP		r28,`$FRAME-4*$SIZE_T`($sp)
+	$POP		r29,`$FRAME-3*$SIZE_T`($sp)
+	$POP		r30,`$FRAME-2*$SIZE_T`($sp)
+	$POP		r31,`$FRAME-1*$SIZE_T`($sp)
+	addi		$sp,$sp,$FRAME
+	blr
+	.long		0
+	.byte		0,12,4,1,0x80,6,3,0
+	.long		0
+.size	$func,.-$func
+___
+
+# Ugly hack here, because PPC assembler syntax seem to vary too
+# much from platforms to platform...
+$code.=<<___;
+.align	6
+LPICmeup:
+	mflr	r0
+	bcl	20,31,\$+4
+	mflr	$Tbl	; vvvvvv "distance" between . and 1st data entry
+	addi	$Tbl,$Tbl,`64-8`
+	mtlr	r0
+	blr
+	.long	0
+	.byte	0,12,0x14,0,0,0,0,0
+	.space	`64-9*4`
+___
+
+if ($SZ==8) {
+    local *table = sub {
+	foreach(@_) { $code.=".quad	$_,$_\n"; }
+    };
+    table(
+	"0x428a2f98d728ae22","0x7137449123ef65cd",
+	"0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc",
+	"0x3956c25bf348b538","0x59f111f1b605d019",
+	"0x923f82a4af194f9b","0xab1c5ed5da6d8118",
+	"0xd807aa98a3030242","0x12835b0145706fbe",
+	"0x243185be4ee4b28c","0x550c7dc3d5ffb4e2",
+	"0x72be5d74f27b896f","0x80deb1fe3b1696b1",
+	"0x9bdc06a725c71235","0xc19bf174cf692694",
+	"0xe49b69c19ef14ad2","0xefbe4786384f25e3",
+	"0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65",
+	"0x2de92c6f592b0275","0x4a7484aa6ea6e483",
+	"0x5cb0a9dcbd41fbd4","0x76f988da831153b5",
+	"0x983e5152ee66dfab","0xa831c66d2db43210",
+	"0xb00327c898fb213f","0xbf597fc7beef0ee4",
+	"0xc6e00bf33da88fc2","0xd5a79147930aa725",
+	"0x06ca6351e003826f","0x142929670a0e6e70",
+	"0x27b70a8546d22ffc","0x2e1b21385c26c926",
+	"0x4d2c6dfc5ac42aed","0x53380d139d95b3df",
+	"0x650a73548baf63de","0x766a0abb3c77b2a8",
+	"0x81c2c92e47edaee6","0x92722c851482353b",
+	"0xa2bfe8a14cf10364","0xa81a664bbc423001",
+	"0xc24b8b70d0f89791","0xc76c51a30654be30",
+	"0xd192e819d6ef5218","0xd69906245565a910",
+	"0xf40e35855771202a","0x106aa07032bbd1b8",
+	"0x19a4c116b8d2d0c8","0x1e376c085141ab53",
+	"0x2748774cdf8eeb99","0x34b0bcb5e19b48a8",
+	"0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb",
+	"0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3",
+	"0x748f82ee5defb2fc","0x78a5636f43172f60",
+	"0x84c87814a1f0ab72","0x8cc702081a6439ec",
+	"0x90befffa23631e28","0xa4506cebde82bde9",
+	"0xbef9a3f7b2c67915","0xc67178f2e372532b",
+	"0xca273eceea26619c","0xd186b8c721c0c207",
+	"0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178",
+	"0x06f067aa72176fba","0x0a637dc5a2c898a6",
+	"0x113f9804bef90dae","0x1b710b35131c471b",
+	"0x28db77f523047d84","0x32caab7b40c72493",
+	"0x3c9ebe0a15c9bebc","0x431d67c49c100d4c",
+	"0x4cc5d4becb3e42b6","0x597f299cfc657e2a",
+	"0x5fcb6fab3ad6faec","0x6c44198c4a475817","0");
+$code.=<<___	if (!$LENDIAN);
+.quad	0x0001020304050607,0x1011121314151617
+___
+$code.=<<___	if ($LENDIAN);	# quad-swapped
+.quad	0x1011121314151617,0x0001020304050607
+___
+} else {
+    local *table = sub {
+	foreach(@_) { $code.=".long	$_,$_,$_,$_\n"; }
+    };
+    table(
+	"0x428a2f98","0x71374491","0xb5c0fbcf","0xe9b5dba5",
+	"0x3956c25b","0x59f111f1","0x923f82a4","0xab1c5ed5",
+	"0xd807aa98","0x12835b01","0x243185be","0x550c7dc3",
+	"0x72be5d74","0x80deb1fe","0x9bdc06a7","0xc19bf174",
+	"0xe49b69c1","0xefbe4786","0x0fc19dc6","0x240ca1cc",
+	"0x2de92c6f","0x4a7484aa","0x5cb0a9dc","0x76f988da",
+	"0x983e5152","0xa831c66d","0xb00327c8","0xbf597fc7",
+	"0xc6e00bf3","0xd5a79147","0x06ca6351","0x14292967",
+	"0x27b70a85","0x2e1b2138","0x4d2c6dfc","0x53380d13",
+	"0x650a7354","0x766a0abb","0x81c2c92e","0x92722c85",
+	"0xa2bfe8a1","0xa81a664b","0xc24b8b70","0xc76c51a3",
+	"0xd192e819","0xd6990624","0xf40e3585","0x106aa070",
+	"0x19a4c116","0x1e376c08","0x2748774c","0x34b0bcb5",
+	"0x391c0cb3","0x4ed8aa4a","0x5b9cca4f","0x682e6ff3",
+	"0x748f82ee","0x78a5636f","0x84c87814","0x8cc70208",
+	"0x90befffa","0xa4506ceb","0xbef9a3f7","0xc67178f2","0");
+$code.=<<___	if (!$LENDIAN);
+.long	0x00010203,0x10111213,0x10111213,0x10111213
+.long	0x00010203,0x04050607,0x10111213,0x10111213
+.long	0x00010203,0x04050607,0x08090a0b,0x10111213
+___
+$code.=<<___	if ($LENDIAN);	# word-swapped
+.long	0x10111213,0x10111213,0x10111213,0x00010203
+.long	0x10111213,0x10111213,0x04050607,0x00010203
+.long	0x10111213,0x08090a0b,0x04050607,0x00010203
+___
+}
+$code.=<<___;
+.asciz	"SHA${bits} for PowerISA 2.07, CRYPTOGAMS by <appro\@openssl.org>"
+.align	2
+___
+
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+print $code;
+close STDOUT;
diff --git a/lib/freebl/sha512-p8.s b/lib/freebl/sha512-p8.s
new file mode 100644
index 000000000..d84ec0478
--- /dev/null
+++ b/lib/freebl/sha512-p8.s
@@ -0,0 +1,851 @@
+# Copyright (c) 2006, CRYPTOGAMS by <appro@openssl.org>
+# All rights reserved.
+# See the full LICENSE under scripts/.
+
+.machine	"any"
+.abiversion	2
+.text
+
+.globl	sha512_block_p8
+.type	sha512_block_p8,@function
+.align	6
+sha512_block_p8:
+.localentry	sha512_block_p8,0
+
+	stdu	1,-384(1)
+	mflr	8
+	li	10,207
+	li	11,223
+	stvx	24,10,1
+	addi	10,10,32
+	li	12,-1
+	stvx	25,11,1
+	addi	11,11,32
+	stvx	26,10,1
+	addi	10,10,32
+	stvx	27,11,1
+	addi	11,11,32
+	stvx	28,10,1
+	addi	10,10,32
+	stvx	29,11,1
+	addi	11,11,32
+	stvx	30,10,1
+	stvx	31,11,1
+	li	11,-4096+255
+	stw	12,332(1)
+	li	10,0x10
+	std	26,336(1)
+	li	26,0x20
+	std	27,344(1)
+	li	27,0x30
+	std	28,352(1)
+	li	28,0x40
+	std	29,360(1)
+	li	29,0x50
+	std	30,368(1)
+	li	30,0x60
+	std	31,376(1)
+	li	31,0x70
+	std	8,400(1)
+	or	11,11,11
+
+	bl	.LPICmeup
+	addi	11,1,79
+	li	7,8
+	lvsl	31,0,7
+	vspltisb	28,0x0f
+	vxor	31,31,28
+	.long	0x7C001E99
+	.long	0x7C4A1E99
+	.long	0x7C9A1E99
+	vsldoi	1,0,0,8
+	.long	0x7CDB1E99
+	vsldoi	3,2,2,8
+	vsldoi	5,4,4,8
+	vsldoi	7,6,6,8
+	li	0,4
+	b	.Loop
+.align	5
+.Loop:
+	lvx	28,0,6
+	.long	0x7D002699
+	addi	4,4,16
+	mr	7,6
+	stvx	0,0,11
+	stvx	1,10,11
+	stvx	2,26,11
+	stvx	3,27,11
+	stvx	4,28,11
+	stvx	5,29,11
+	stvx	6,30,11
+	stvx	7,31,11
+	.long	0x10E7E0C0
+	lvx	28,10,6
+	vperm	8,8,8,31
+	.long	0x10E740C0
+	vsel	29,6,5,4
+	.long	0x10C6E0C0
+	.long	0x10E7E8C0
+	.long	0x13C4FEC2
+	.long	0x10E7F0C0
+	vxor	29,0,1
+	vsel	29,1,2,29
+	.long	0x106338C0
+	.long	0x13C086C2
+	.long	0x13DEE8C0
+	.long	0x10E7F0C0
+	lvx	28,26,7
+	.long	0x7D402699
+	addi	4,4,16
+	vsldoi	9,8,8,8
+	.long	0x10C648C0
+	vsel	29,5,4,3
+	.long	0x10A5E0C0
+	.long	0x10C6E8C0
+	.long	0x13C3FEC2
+	.long	0x10C6F0C0
+	vxor	29,7,0
+	vsel	29,0,1,29
+	.long	0x104230C0
+	.long	0x13C786C2
+	.long	0x13DEE8C0
+	.long	0x10C6F0C0
+	lvx	28,27,7
+	vperm	10,10,10,31
+	.long	0x10A550C0
+	vsel	29,4,3,2
+	.long	0x1084E0C0
+	.long	0x10A5E8C0
+	.long	0x13C2FEC2
+	.long	0x10A5F0C0
+	vxor	29,6,7
+	vsel	29,7,0,29
+	.long	0x102128C0
+	.long	0x13C686C2
+	.long	0x13DEE8C0
+	.long	0x10A5F0C0
+	lvx	28,28,7
+	.long	0x7D802699
+	addi	4,4,16
+	vsldoi	11,10,10,8
+	.long	0x108458C0
+	vsel	29,3,2,1
+	.long	0x1063E0C0
+	.long	0x1084E8C0
+	.long	0x13C1FEC2
+	.long	0x1084F0C0
+	vxor	29,5,6
+	vsel	29,6,7,29
+	.long	0x100020C0
+	.long	0x13C586C2
+	.long	0x13DEE8C0
+	.long	0x1084F0C0
+	lvx	28,29,7
+	vperm	12,12,12,31
+	.long	0x106360C0
+	vsel	29,2,1,0
+	.long	0x1042E0C0
+	.long	0x1063E8C0
+	.long	0x13C0FEC2
+	.long	0x1063F0C0
+	vxor	29,4,5
+	vsel	29,5,6,29
+	.long	0x10E718C0
+	.long	0x13C486C2
+	.long	0x13DEE8C0
+	.long	0x1063F0C0
+	lvx	28,30,7
+	.long	0x7DC02699
+	addi	4,4,16
+	vsldoi	13,12,12,8
+	.long	0x104268C0
+	vsel	29,1,0,7
+	.long	0x1021E0C0
+	.long	0x1042E8C0
+	.long	0x13C7FEC2
+	.long	0x1042F0C0
+	vxor	29,3,4
+	vsel	29,4,5,29
+	.long	0x10C610C0
+	.long	0x13C386C2
+	.long	0x13DEE8C0
+	.long	0x1042F0C0
+	lvx	28,31,7
+	addi	7,7,0x80
+	vperm	14,14,14,31
+	.long	0x102170C0
+	vsel	29,0,7,6
+	.long	0x1000E0C0
+	.long	0x1021E8C0
+	.long	0x13C6FEC2
+	.long	0x1021F0C0
+	vxor	29,2,3
+	vsel	29,3,4,29
+	.long	0x10A508C0
+	.long	0x13C286C2
+	.long	0x13DEE8C0
+	.long	0x1021F0C0
+	lvx	28,0,7
+	.long	0x7E002699
+	addi	4,4,16
+	vsldoi	15,14,14,8
+	.long	0x100078C0
+	vsel	29,7,6,5
+	.long	0x10E7E0C0
+	.long	0x1000E8C0
+	.long	0x13C5FEC2
+	.long	0x1000F0C0
+	vxor	29,1,2
+	vsel	29,2,3,29
+	.long	0x108400C0
+	.long	0x13C186C2
+	.long	0x13DEE8C0
+	.long	0x1000F0C0
+	lvx	28,10,7
+	vperm	16,16,16,31
+	.long	0x10E780C0
+	vsel	29,6,5,4
+	.long	0x10C6E0C0
+	.long	0x10E7E8C0
+	.long	0x13C4FEC2
+	.long	0x10E7F0C0
+	vxor	29,0,1
+	vsel	29,1,2,29
+	.long	0x106338C0
+	.long	0x13C086C2
+	.long	0x13DEE8C0
+	.long	0x10E7F0C0
+	lvx	28,26,7
+	.long	0x7E402699
+	addi	4,4,16
+	vsldoi	17,16,16,8
+	.long	0x10C688C0
+	vsel	29,5,4,3
+	.long	0x10A5E0C0
+	.long	0x10C6E8C0
+	.long	0x13C3FEC2
+	.long	0x10C6F0C0
+	vxor	29,7,0
+	vsel	29,0,1,29
+	.long	0x104230C0
+	.long	0x13C786C2
+	.long	0x13DEE8C0
+	.long	0x10C6F0C0
+	lvx	28,27,7
+	vperm	18,18,18,31
+	.long	0x10A590C0
+	vsel	29,4,3,2
+	.long	0x1084E0C0
+	.long	0x10A5E8C0
+	.long	0x13C2FEC2
+	.long	0x10A5F0C0
+	vxor	29,6,7
+	vsel	29,7,0,29
+	.long	0x102128C0
+	.long	0x13C686C2
+	.long	0x13DEE8C0
+	.long	0x10A5F0C0
+	lvx	28,28,7
+	.long	0x7F002699
+	addi	4,4,16
+	vsldoi	19,18,18,8
+	.long	0x108498C0
+	vsel	29,3,2,1
+	.long	0x1063E0C0
+	.long	0x1084E8C0
+	.long	0x13C1FEC2
+	.long	0x1084F0C0
+	vxor	29,5,6
+	vsel	29,6,7,29
+	.long	0x100020C0
+	.long	0x13C586C2
+	.long	0x13DEE8C0
+	.long	0x1084F0C0
+	lvx	28,29,7
+	vperm	24,24,24,31
+	.long	0x1063C0C0
+	vsel	29,2,1,0
+	.long	0x1042E0C0
+	.long	0x1063E8C0
+	.long	0x13C0FEC2
+	.long	0x1063F0C0
+	vxor	29,4,5
+	vsel	29,5,6,29
+	.long	0x10E718C0
+	.long	0x13C486C2
+	.long	0x13DEE8C0
+	.long	0x1063F0C0
+	lvx	28,30,7
+	.long	0x7F402699
+	addi	4,4,16
+	vsldoi	25,24,24,8
+	.long	0x1042C8C0
+	vsel	29,1,0,7
+	.long	0x1021E0C0
+	.long	0x1042E8C0
+	.long	0x13C7FEC2
+	.long	0x1042F0C0
+	vxor	29,3,4
+	vsel	29,4,5,29
+	.long	0x10C610C0
+	.long	0x13C386C2
+	.long	0x13DEE8C0
+	.long	0x1042F0C0
+	lvx	28,31,7
+	addi	7,7,0x80
+	vperm	26,26,26,31
+	.long	0x1021D0C0
+	vsel	29,0,7,6
+	.long	0x1000E0C0
+	.long	0x1021E8C0
+	.long	0x13C6FEC2
+	.long	0x1021F0C0
+	vxor	29,2,3
+	vsel	29,3,4,29
+	.long	0x10A508C0
+	.long	0x13C286C2
+	.long	0x13DEE8C0
+	.long	0x1021F0C0
+	lvx	28,0,7
+	vsldoi	27,26,26,8
+	.long	0x13C906C2
+	.long	0x1108F0C0
+	.long	0x13DA7EC2
+	.long	0x1108F0C0
+	.long	0x110888C0
+	.long	0x1000D8C0
+	vsel	29,7,6,5
+	.long	0x10E7E0C0
+	.long	0x1000E8C0
+	.long	0x13C5FEC2
+	.long	0x1000F0C0
+	vxor	29,1,2
+	vsel	29,2,3,29
+	.long	0x108400C0
+	.long	0x13C186C2
+	.long	0x13DEE8C0
+	.long	0x1000F0C0
+	lvx	28,10,7
+	mtctr	0
+	b	.L16_xx
+.align	5
+.L16_xx:
+	.long	0x13CA06C2
+	.long	0x1129F0C0
+	.long	0x13DB7EC2
+	.long	0x1129F0C0
+	.long	0x112990C0
+	.long	0x10E740C0
+	vsel	29,6,5,4
+	.long	0x10C6E0C0
+	.long	0x10E7E8C0
+	.long	0x13C4FEC2
+	.long	0x10E7F0C0
+	vxor	29,0,1
+	vsel	29,1,2,29
+	.long	0x106338C0
+	.long	0x13C086C2
+	.long	0x13DEE8C0
+	.long	0x10E7F0C0
+	lvx	28,26,7
+	.long	0x13CB06C2
+	.long	0x114AF0C0
+	.long	0x13C87EC2
+	.long	0x114AF0C0
+	.long	0x114A98C0
+	.long	0x10C648C0
+	vsel	29,5,4,3
+	.long	0x10A5E0C0
+	.long	0x10C6E8C0
+	.long	0x13C3FEC2
+	.long	0x10C6F0C0
+	vxor	29,7,0
+	vsel	29,0,1,29
+	.long	0x104230C0
+	.long	0x13C786C2
+	.long	0x13DEE8C0
+	.long	0x10C6F0C0
+	lvx	28,27,7
+	.long	0x13CC06C2
+	.long	0x116BF0C0
+	.long	0x13C97EC2
+	.long	0x116BF0C0
+	.long	0x116BC0C0
+	.long	0x10A550C0
+	vsel	29,4,3,2
+	.long	0x1084E0C0
+	.long	0x10A5E8C0
+	.long	0x13C2FEC2
+	.long	0x10A5F0C0
+	vxor	29,6,7
+	vsel	29,7,0,29
+	.long	0x102128C0
+	.long	0x13C686C2
+	.long	0x13DEE8C0
+	.long	0x10A5F0C0
+	lvx	28,28,7
+	.long	0x13CD06C2
+	.long	0x118CF0C0
+	.long	0x13CA7EC2
+	.long	0x118CF0C0
+	.long	0x118CC8C0
+	.long	0x108458C0
+	vsel	29,3,2,1
+	.long	0x1063E0C0
+	.long	0x1084E8C0
+	.long	0x13C1FEC2
+	.long	0x1084F0C0
+	vxor	29,5,6
+	vsel	29,6,7,29
+	.long	0x100020C0
+	.long	0x13C586C2
+	.long	0x13DEE8C0
+	.long	0x1084F0C0
+	lvx	28,29,7
+	.long	0x13CE06C2
+	.long	0x11ADF0C0
+	.long	0x13CB7EC2
+	.long	0x11ADF0C0
+	.long	0x11ADD0C0
+	.long	0x106360C0
+	vsel	29,2,1,0
+	.long	0x1042E0C0
+	.long	0x1063E8C0
+	.long	0x13C0FEC2
+	.long	0x1063F0C0
+	vxor	29,4,5
+	vsel	29,5,6,29
+	.long	0x10E718C0
+	.long	0x13C486C2
+	.long	0x13DEE8C0
+	.long	0x1063F0C0
+	lvx	28,30,7
+	.long	0x13CF06C2
+	.long	0x11CEF0C0
+	.long	0x13CC7EC2
+	.long	0x11CEF0C0
+	.long	0x11CED8C0
+	.long	0x104268C0
+	vsel	29,1,0,7
+	.long	0x1021E0C0
+	.long	0x1042E8C0
+	.long	0x13C7FEC2
+	.long	0x1042F0C0
+	vxor	29,3,4
+	vsel	29,4,5,29
+	.long	0x10C610C0
+	.long	0x13C386C2
+	.long	0x13DEE8C0
+	.long	0x1042F0C0
+	lvx	28,31,7
+	addi	7,7,0x80
+	.long	0x13D006C2
+	.long	0x11EFF0C0
+	.long	0x13CD7EC2
+	.long	0x11EFF0C0
+	.long	0x11EF40C0
+	.long	0x102170C0
+	vsel	29,0,7,6
+	.long	0x1000E0C0
+	.long	0x1021E8C0
+	.long	0x13C6FEC2
+	.long	0x1021F0C0
+	vxor	29,2,3
+	vsel	29,3,4,29
+	.long	0x10A508C0
+	.long	0x13C286C2
+	.long	0x13DEE8C0
+	.long	0x1021F0C0
+	lvx	28,0,7
+	.long	0x13D106C2
+	.long	0x1210F0C0
+	.long	0x13CE7EC2
+	.long	0x1210F0C0
+	.long	0x121048C0
+	.long	0x100078C0
+	vsel	29,7,6,5
+	.long	0x10E7E0C0
+	.long	0x1000E8C0
+	.long	0x13C5FEC2
+	.long	0x1000F0C0
+	vxor	29,1,2
+	vsel	29,2,3,29
+	.long	0x108400C0
+	.long	0x13C186C2
+	.long	0x13DEE8C0
+	.long	0x1000F0C0
+	lvx	28,10,7
+	.long	0x13D206C2
+	.long	0x1231F0C0
+	.long	0x13CF7EC2
+	.long	0x1231F0C0
+	.long	0x123150C0
+	.long	0x10E780C0
+	vsel	29,6,5,4
+	.long	0x10C6E0C0
+	.long	0x10E7E8C0
+	.long	0x13C4FEC2
+	.long	0x10E7F0C0
+	vxor	29,0,1
+	vsel	29,1,2,29
+	.long	0x106338C0
+	.long	0x13C086C2
+	.long	0x13DEE8C0
+	.long	0x10E7F0C0
+	lvx	28,26,7
+	.long	0x13D306C2
+	.long	0x1252F0C0
+	.long	0x13D07EC2
+	.long	0x1252F0C0
+	.long	0x125258C0
+	.long	0x10C688C0
+	vsel	29,5,4,3
+	.long	0x10A5E0C0
+	.long	0x10C6E8C0
+	.long	0x13C3FEC2
+	.long	0x10C6F0C0
+	vxor	29,7,0
+	vsel	29,0,1,29
+	.long	0x104230C0
+	.long	0x13C786C2
+	.long	0x13DEE8C0
+	.long	0x10C6F0C0
+	lvx	28,27,7
+	.long	0x13D806C2
+	.long	0x1273F0C0
+	.long	0x13D17EC2
+	.long	0x1273F0C0
+	.long	0x127360C0
+	.long	0x10A590C0
+	vsel	29,4,3,2
+	.long	0x1084E0C0
+	.long	0x10A5E8C0
+	.long	0x13C2FEC2
+	.long	0x10A5F0C0
+	vxor	29,6,7
+	vsel	29,7,0,29
+	.long	0x102128C0
+	.long	0x13C686C2
+	.long	0x13DEE8C0
+	.long	0x10A5F0C0
+	lvx	28,28,7
+	.long	0x13D906C2
+	.long	0x1318F0C0
+	.long	0x13D27EC2
+	.long	0x1318F0C0
+	.long	0x131868C0
+	.long	0x108498C0
+	vsel	29,3,2,1
+	.long	0x1063E0C0
+	.long	0x1084E8C0
+	.long	0x13C1FEC2
+	.long	0x1084F0C0
+	vxor	29,5,6
+	vsel	29,6,7,29
+	.long	0x100020C0
+	.long	0x13C586C2
+	.long	0x13DEE8C0
+	.long	0x1084F0C0
+	lvx	28,29,7
+	.long	0x13DA06C2
+	.long	0x1339F0C0
+	.long	0x13D37EC2
+	.long	0x1339F0C0
+	.long	0x133970C0
+	.long	0x1063C0C0
+	vsel	29,2,1,0
+	.long	0x1042E0C0
+	.long	0x1063E8C0
+	.long	0x13C0FEC2
+	.long	0x1063F0C0
+	vxor	29,4,5
+	vsel	29,5,6,29
+	.long	0x10E718C0
+	.long	0x13C486C2
+	.long	0x13DEE8C0
+	.long	0x1063F0C0
+	lvx	28,30,7
+	.long	0x13DB06C2
+	.long	0x135AF0C0
+	.long	0x13D87EC2
+	.long	0x135AF0C0
+	.long	0x135A78C0
+	.long	0x1042C8C0
+	vsel	29,1,0,7
+	.long	0x1021E0C0
+	.long	0x1042E8C0
+	.long	0x13C7FEC2
+	.long	0x1042F0C0
+	vxor	29,3,4
+	vsel	29,4,5,29
+	.long	0x10C610C0
+	.long	0x13C386C2
+	.long	0x13DEE8C0
+	.long	0x1042F0C0
+	lvx	28,31,7
+	addi	7,7,0x80
+	.long	0x13C806C2
+	.long	0x137BF0C0
+	.long	0x13D97EC2
+	.long	0x137BF0C0
+	.long	0x137B80C0
+	.long	0x1021D0C0
+	vsel	29,0,7,6
+	.long	0x1000E0C0
+	.long	0x1021E8C0
+	.long	0x13C6FEC2
+	.long	0x1021F0C0
+	vxor	29,2,3
+	vsel	29,3,4,29
+	.long	0x10A508C0
+	.long	0x13C286C2
+	.long	0x13DEE8C0
+	.long	0x1021F0C0
+	lvx	28,0,7
+	.long	0x13C906C2
+	.long	0x1108F0C0
+	.long	0x13DA7EC2
+	.long	0x1108F0C0
+	.long	0x110888C0
+	.long	0x1000D8C0
+	vsel	29,7,6,5
+	.long	0x10E7E0C0
+	.long	0x1000E8C0
+	.long	0x13C5FEC2
+	.long	0x1000F0C0
+	vxor	29,1,2
+	vsel	29,2,3,29
+	.long	0x108400C0
+	.long	0x13C186C2
+	.long	0x13DEE8C0
+	.long	0x1000F0C0
+	lvx	28,10,7
+	bdnz	.L16_xx
+
+	lvx	10,0,11
+	subic.	5,5,1
+	lvx	11,10,11
+	.long	0x100050C0
+	lvx	12,26,11
+	.long	0x102158C0
+	lvx	13,27,11
+	.long	0x104260C0
+	lvx	14,28,11
+	.long	0x106368C0
+	lvx	15,29,11
+	.long	0x108470C0
+	lvx	16,30,11
+	.long	0x10A578C0
+	lvx	17,31,11
+	.long	0x10C680C0
+	.long	0x10E788C0
+	bne	.Loop
+	vperm	0,0,1,28
+	vperm	2,2,3,28
+	vperm	4,4,5,28
+	vperm	6,6,7,28
+	.long	0x7C001F99
+	.long	0x7C4A1F99
+	.long	0x7C9A1F99
+	.long	0x7CDB1F99
+	addi	11,1,207
+	mtlr	8
+	or	12,12,12
+	lvx	24,0,11
+	lvx	25,10,11
+	lvx	26,26,11
+	lvx	27,27,11
+	lvx	28,28,11
+	lvx	29,29,11
+	lvx	30,30,11
+	lvx	31,31,11
+	ld	26,336(1)
+	ld	27,344(1)
+	ld	28,352(1)
+	ld	29,360(1)
+	ld	30,368(1)
+	ld	31,376(1)
+	addi	1,1,384
+	blr	
+.long	0
+.byte	0,12,4,1,0x80,6,3,0
+.long	0
+.size	sha512_block_p8,.-sha512_block_p8
+.align	6
+.LPICmeup:
+	mflr	0
+	bcl	20,31,$+4
+	mflr	6
+	addi	6,6,56
+	mtlr	0
+	blr	
+.long	0
+.byte	0,12,0x14,0,0,0,0,0
+.space	28
+.long	0xd728ae22,0x428a2f98
+.long	0xd728ae22,0x428a2f98
+.long	0x23ef65cd,0x71374491
+.long	0x23ef65cd,0x71374491
+.long	0xec4d3b2f,0xb5c0fbcf
+.long	0xec4d3b2f,0xb5c0fbcf
+.long	0x8189dbbc,0xe9b5dba5
+.long	0x8189dbbc,0xe9b5dba5
+.long	0xf348b538,0x3956c25b
+.long	0xf348b538,0x3956c25b
+.long	0xb605d019,0x59f111f1
+.long	0xb605d019,0x59f111f1
+.long	0xaf194f9b,0x923f82a4
+.long	0xaf194f9b,0x923f82a4
+.long	0xda6d8118,0xab1c5ed5
+.long	0xda6d8118,0xab1c5ed5
+.long	0xa3030242,0xd807aa98
+.long	0xa3030242,0xd807aa98
+.long	0x45706fbe,0x12835b01
+.long	0x45706fbe,0x12835b01
+.long	0x4ee4b28c,0x243185be
+.long	0x4ee4b28c,0x243185be
+.long	0xd5ffb4e2,0x550c7dc3
+.long	0xd5ffb4e2,0x550c7dc3
+.long	0xf27b896f,0x72be5d74
+.long	0xf27b896f,0x72be5d74
+.long	0x3b1696b1,0x80deb1fe
+.long	0x3b1696b1,0x80deb1fe
+.long	0x25c71235,0x9bdc06a7
+.long	0x25c71235,0x9bdc06a7
+.long	0xcf692694,0xc19bf174
+.long	0xcf692694,0xc19bf174
+.long	0x9ef14ad2,0xe49b69c1
+.long	0x9ef14ad2,0xe49b69c1
+.long	0x384f25e3,0xefbe4786
+.long	0x384f25e3,0xefbe4786
+.long	0x8b8cd5b5,0x0fc19dc6
+.long	0x8b8cd5b5,0x0fc19dc6
+.long	0x77ac9c65,0x240ca1cc
+.long	0x77ac9c65,0x240ca1cc
+.long	0x592b0275,0x2de92c6f
+.long	0x592b0275,0x2de92c6f
+.long	0x6ea6e483,0x4a7484aa
+.long	0x6ea6e483,0x4a7484aa
+.long	0xbd41fbd4,0x5cb0a9dc
+.long	0xbd41fbd4,0x5cb0a9dc
+.long	0x831153b5,0x76f988da
+.long	0x831153b5,0x76f988da
+.long	0xee66dfab,0x983e5152
+.long	0xee66dfab,0x983e5152
+.long	0x2db43210,0xa831c66d
+.long	0x2db43210,0xa831c66d
+.long	0x98fb213f,0xb00327c8
+.long	0x98fb213f,0xb00327c8
+.long	0xbeef0ee4,0xbf597fc7
+.long	0xbeef0ee4,0xbf597fc7
+.long	0x3da88fc2,0xc6e00bf3
+.long	0x3da88fc2,0xc6e00bf3
+.long	0x930aa725,0xd5a79147
+.long	0x930aa725,0xd5a79147
+.long	0xe003826f,0x06ca6351
+.long	0xe003826f,0x06ca6351
+.long	0x0a0e6e70,0x14292967
+.long	0x0a0e6e70,0x14292967
+.long	0x46d22ffc,0x27b70a85
+.long	0x46d22ffc,0x27b70a85
+.long	0x5c26c926,0x2e1b2138
+.long	0x5c26c926,0x2e1b2138
+.long	0x5ac42aed,0x4d2c6dfc
+.long	0x5ac42aed,0x4d2c6dfc
+.long	0x9d95b3df,0x53380d13
+.long	0x9d95b3df,0x53380d13
+.long	0x8baf63de,0x650a7354
+.long	0x8baf63de,0x650a7354
+.long	0x3c77b2a8,0x766a0abb
+.long	0x3c77b2a8,0x766a0abb
+.long	0x47edaee6,0x81c2c92e
+.long	0x47edaee6,0x81c2c92e
+.long	0x1482353b,0x92722c85
+.long	0x1482353b,0x92722c85
+.long	0x4cf10364,0xa2bfe8a1
+.long	0x4cf10364,0xa2bfe8a1
+.long	0xbc423001,0xa81a664b
+.long	0xbc423001,0xa81a664b
+.long	0xd0f89791,0xc24b8b70
+.long	0xd0f89791,0xc24b8b70
+.long	0x0654be30,0xc76c51a3
+.long	0x0654be30,0xc76c51a3
+.long	0xd6ef5218,0xd192e819
+.long	0xd6ef5218,0xd192e819
+.long	0x5565a910,0xd6990624
+.long	0x5565a910,0xd6990624
+.long	0x5771202a,0xf40e3585
+.long	0x5771202a,0xf40e3585
+.long	0x32bbd1b8,0x106aa070
+.long	0x32bbd1b8,0x106aa070
+.long	0xb8d2d0c8,0x19a4c116
+.long	0xb8d2d0c8,0x19a4c116
+.long	0x5141ab53,0x1e376c08
+.long	0x5141ab53,0x1e376c08
+.long	0xdf8eeb99,0x2748774c
+.long	0xdf8eeb99,0x2748774c
+.long	0xe19b48a8,0x34b0bcb5
+.long	0xe19b48a8,0x34b0bcb5
+.long	0xc5c95a63,0x391c0cb3
+.long	0xc5c95a63,0x391c0cb3
+.long	0xe3418acb,0x4ed8aa4a
+.long	0xe3418acb,0x4ed8aa4a
+.long	0x7763e373,0x5b9cca4f
+.long	0x7763e373,0x5b9cca4f
+.long	0xd6b2b8a3,0x682e6ff3
+.long	0xd6b2b8a3,0x682e6ff3
+.long	0x5defb2fc,0x748f82ee
+.long	0x5defb2fc,0x748f82ee
+.long	0x43172f60,0x78a5636f
+.long	0x43172f60,0x78a5636f
+.long	0xa1f0ab72,0x84c87814
+.long	0xa1f0ab72,0x84c87814
+.long	0x1a6439ec,0x8cc70208
+.long	0x1a6439ec,0x8cc70208
+.long	0x23631e28,0x90befffa
+.long	0x23631e28,0x90befffa
+.long	0xde82bde9,0xa4506ceb
+.long	0xde82bde9,0xa4506ceb
+.long	0xb2c67915,0xbef9a3f7
+.long	0xb2c67915,0xbef9a3f7
+.long	0xe372532b,0xc67178f2
+.long	0xe372532b,0xc67178f2
+.long	0xea26619c,0xca273ece
+.long	0xea26619c,0xca273ece
+.long	0x21c0c207,0xd186b8c7
+.long	0x21c0c207,0xd186b8c7
+.long	0xcde0eb1e,0xeada7dd6
+.long	0xcde0eb1e,0xeada7dd6
+.long	0xee6ed178,0xf57d4f7f
+.long	0xee6ed178,0xf57d4f7f
+.long	0x72176fba,0x06f067aa
+.long	0x72176fba,0x06f067aa
+.long	0xa2c898a6,0x0a637dc5
+.long	0xa2c898a6,0x0a637dc5
+.long	0xbef90dae,0x113f9804
+.long	0xbef90dae,0x113f9804
+.long	0x131c471b,0x1b710b35
+.long	0x131c471b,0x1b710b35
+.long	0x23047d84,0x28db77f5
+.long	0x23047d84,0x28db77f5
+.long	0x40c72493,0x32caab7b
+.long	0x40c72493,0x32caab7b
+.long	0x15c9bebc,0x3c9ebe0a
+.long	0x15c9bebc,0x3c9ebe0a
+.long	0x9c100d4c,0x431d67c4
+.long	0x9c100d4c,0x431d67c4
+.long	0xcb3e42b6,0x4cc5d4be
+.long	0xcb3e42b6,0x4cc5d4be
+.long	0xfc657e2a,0x597f299c
+.long	0xfc657e2a,0x597f299c
+.long	0x3ad6faec,0x5fcb6fab
+.long	0x3ad6faec,0x5fcb6fab
+.long	0x4a475817,0x6c44198c
+.long	0x4a475817,0x6c44198c
+.long	0,0
+.long	0,0
+.long	0x14151617,0x10111213
+.long	0x04050607,0x00010203
+.byte	83,72,65,53,49,50,32,102,111,114,32,80,111,119,101,114,73,83,65,32,50,46,48,55,44,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	2
+.align	2
diff --git a/lib/freebl/sha512.c b/lib/freebl/sha512.c
index c1cfb7376..f2a1a33ca 100644
--- a/lib/freebl/sha512.c
+++ b/lib/freebl/sha512.c
@@ -18,8 +18,10 @@
 #include "prlong.h"
 #include "secport.h" /* for PORT_XXX */
 #include "blapi.h"
+#include "blapii.h"
 #include "sha256.h" /* for struct SHA256ContextStr */
 #include "crypto_primitives.h"
+#include "ppc-crypto.h" /* for USE_PPC_CRYPTO */
 
 /* ============= Common constants and defines ======================= */
 
@@ -43,7 +45,7 @@ static const PRUint8 pad[240] = {
 /* ============= SHA256 implementation ================================== */
 
 /* SHA-256 constants, K256. */
-static const PRUint32 K256[64] = {
+pre_align static const PRUint32 K256[64] post_align = {
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
     0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
     0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
@@ -177,9 +179,162 @@ SHA256_Begin(SHA256Context *ctx)
     memcpy(H, H256, sizeof H256);
 }
 
+#if defined(USE_PPC_CRYPTO)
+
+#define ROUND(n, a, b, c, d, e, f, g, h)         \
+    s0 = __builtin_crypto_vshasigmaw(e, 1, 0xf); \
+    h += s0 + vec_sel(g, f, e) + w[n / 4];       \
+    d += h;                                      \
+    s0 = __builtin_crypto_vshasigmaw(a, 1, 0);   \
+    h += s0 + vec_sel(b, c, vec_xor(a, b));      \
+    if (n % 4 != 3)                              \
+        w[n / 4] = vec_sro(w[n / 4], rshift);
+
+#else
+
+#define ROUND(n, a, b, c, d, e, f, g, h)       \
+    h += S1(e) + Ch(e, f, g) + K256[n] + W[n]; \
+    d += h;                                    \
+    h += S0(a) + Maj(a, b, c);
+
+#endif
+
+#define SHA256_UNROLLED_ROUNDS        \
+    ROUND(0, a, b, c, d, e, f, g, h)  \
+    ROUND(1, h, a, b, c, d, e, f, g)  \
+    ROUND(2, g, h, a, b, c, d, e, f)  \
+    ROUND(3, f, g, h, a, b, c, d, e)  \
+    ROUND(4, e, f, g, h, a, b, c, d)  \
+    ROUND(5, d, e, f, g, h, a, b, c)  \
+    ROUND(6, c, d, e, f, g, h, a, b)  \
+    ROUND(7, b, c, d, e, f, g, h, a)  \
+                                      \
+    ROUND(8, a, b, c, d, e, f, g, h)  \
+    ROUND(9, h, a, b, c, d, e, f, g)  \
+    ROUND(10, g, h, a, b, c, d, e, f) \
+    ROUND(11, f, g, h, a, b, c, d, e) \
+    ROUND(12, e, f, g, h, a, b, c, d) \
+    ROUND(13, d, e, f, g, h, a, b, c) \
+    ROUND(14, c, d, e, f, g, h, a, b) \
+    ROUND(15, b, c, d, e, f, g, h, a) \
+                                      \
+    ROUND(16, a, b, c, d, e, f, g, h) \
+    ROUND(17, h, a, b, c, d, e, f, g) \
+    ROUND(18, g, h, a, b, c, d, e, f) \
+    ROUND(19, f, g, h, a, b, c, d, e) \
+    ROUND(20, e, f, g, h, a, b, c, d) \
+    ROUND(21, d, e, f, g, h, a, b, c) \
+    ROUND(22, c, d, e, f, g, h, a, b) \
+    ROUND(23, b, c, d, e, f, g, h, a) \
+                                      \
+    ROUND(24, a, b, c, d, e, f, g, h) \
+    ROUND(25, h, a, b, c, d, e, f, g) \
+    ROUND(26, g, h, a, b, c, d, e, f) \
+    ROUND(27, f, g, h, a, b, c, d, e) \
+    ROUND(28, e, f, g, h, a, b, c, d) \
+    ROUND(29, d, e, f, g, h, a, b, c) \
+    ROUND(30, c, d, e, f, g, h, a, b) \
+    ROUND(31, b, c, d, e, f, g, h, a) \
+                                      \
+    ROUND(32, a, b, c, d, e, f, g, h) \
+    ROUND(33, h, a, b, c, d, e, f, g) \
+    ROUND(34, g, h, a, b, c, d, e, f) \
+    ROUND(35, f, g, h, a, b, c, d, e) \
+    ROUND(36, e, f, g, h, a, b, c, d) \
+    ROUND(37, d, e, f, g, h, a, b, c) \
+    ROUND(38, c, d, e, f, g, h, a, b) \
+    ROUND(39, b, c, d, e, f, g, h, a) \
+                                      \
+    ROUND(40, a, b, c, d, e, f, g, h) \
+    ROUND(41, h, a, b, c, d, e, f, g) \
+    ROUND(42, g, h, a, b, c, d, e, f) \
+    ROUND(43, f, g, h, a, b, c, d, e) \
+    ROUND(44, e, f, g, h, a, b, c, d) \
+    ROUND(45, d, e, f, g, h, a, b, c) \
+    ROUND(46, c, d, e, f, g, h, a, b) \
+    ROUND(47, b, c, d, e, f, g, h, a) \
+                                      \
+    ROUND(48, a, b, c, d, e, f, g, h) \
+    ROUND(49, h, a, b, c, d, e, f, g) \
+    ROUND(50, g, h, a, b, c, d, e, f) \
+    ROUND(51, f, g, h, a, b, c, d, e) \
+    ROUND(52, e, f, g, h, a, b, c, d) \
+    ROUND(53, d, e, f, g, h, a, b, c) \
+    ROUND(54, c, d, e, f, g, h, a, b) \
+    ROUND(55, b, c, d, e, f, g, h, a) \
+                                      \
+    ROUND(56, a, b, c, d, e, f, g, h) \
+    ROUND(57, h, a, b, c, d, e, f, g) \
+    ROUND(58, g, h, a, b, c, d, e, f) \
+    ROUND(59, f, g, h, a, b, c, d, e) \
+    ROUND(60, e, f, g, h, a, b, c, d) \
+    ROUND(61, d, e, f, g, h, a, b, c) \
+    ROUND(62, c, d, e, f, g, h, a, b) \
+    ROUND(63, b, c, d, e, f, g, h, a)
+
 static void
 SHA256_Compress(SHA256Context *ctx)
 {
+#if defined(USE_PPC_CRYPTO)
+    vec_u32 w[16], s0, s1;
+    const vec_u8 rshift = (vec_u8)vec_splats(4 << 3);
+    const vec_u8 shifthalf = (vec_u8)vec_splats(8 << 3);
+    const vec_u8 bswap4 = (vec_u8){
+        3, 2, 1, 0, 7, 6, 5, 4, 11,
+        10, 9, 8, 15, 14, 13, 12,
+    };
+    unsigned i;
+
+    for (i = 0; i < 4; i++) {
+        w[i] = vec_vsx_ld(0, &W[i * 4]);
+        w[i] = vec_perm(w[i], w[i], bswap4);
+    }
+
+    /* prepare the message schedule */
+    for (i = 4; i < 16; i++) {
+        vec_u32 off1 = vec_sld(w[i - 3], w[i - 4], 12);
+        vec_u32 off2 = vec_sld(w[i - 1], w[i - 2], 12);
+        s0 = __builtin_crypto_vshasigmaw(off1, 0, 0);
+        /* first half, s1 depends on two prior ints */
+        s1 = __builtin_crypto_vshasigmaw(w[i - 1], 0, 0xf);
+        s1 = vec_sro(s1, shifthalf);
+        w[i] = w[i - 4] + s0 + off2 + s1;
+
+        /* second half s1 */
+        s1 = __builtin_crypto_vshasigmaw(w[i], 0, 0xf);
+        s1 = vec_slo(s1, shifthalf);
+        w[i] += s1;
+    }
+
+    for (i = 0; i < 16; i++) {
+        w[i] += vec_ld(0, &K256[i * 4]);
+    }
+
+    vec_u32 a, b, c, d, e, f, g, h;
+    a = vec_splats(H[0]);
+    b = vec_splats(H[1]);
+    c = vec_splats(H[2]);
+    d = vec_splats(H[3]);
+    e = vec_splats(H[4]);
+    f = vec_splats(H[5]);
+    g = vec_splats(H[6]);
+    h = vec_splats(H[7]);
+
+    SHA256_UNROLLED_ROUNDS;
+
+    H[0] += a[0];
+    H[1] += b[0];
+    H[2] += c[0];
+    H[3] += d[0];
+    H[4] += e[0];
+    H[5] += f[0];
+    H[6] += g[0];
+    H[7] += h[0];
+
+#undef ROUND
+
+#else /* USE_PPC_CRYPTO*/
+
     {
 #if defined(IS_LITTLE_ENDIAN)
         BYTESWAP4(W[0]);
@@ -280,11 +435,6 @@ SHA256_Compress(SHA256Context *ctx)
         g = H[6];
         h = H[7];
 
-#define ROUND(n, a, b, c, d, e, f, g, h)       \
-    h += S1(e) + Ch(e, f, g) + K256[n] + W[n]; \
-    d += h;                                    \
-    h += S0(a) + Maj(a, b, c);
-
 #ifdef NOUNROLL256
         {
             int t;
@@ -300,77 +450,7 @@ SHA256_Compress(SHA256Context *ctx)
             }
         }
 #else
-        ROUND(0, a, b, c, d, e, f, g, h)
-        ROUND(1, h, a, b, c, d, e, f, g)
-        ROUND(2, g, h, a, b, c, d, e, f)
-        ROUND(3, f, g, h, a, b, c, d, e)
-        ROUND(4, e, f, g, h, a, b, c, d)
-        ROUND(5, d, e, f, g, h, a, b, c)
-        ROUND(6, c, d, e, f, g, h, a, b)
-        ROUND(7, b, c, d, e, f, g, h, a)
-
-        ROUND(8, a, b, c, d, e, f, g, h)
-        ROUND(9, h, a, b, c, d, e, f, g)
-        ROUND(10, g, h, a, b, c, d, e, f)
-        ROUND(11, f, g, h, a, b, c, d, e)
-        ROUND(12, e, f, g, h, a, b, c, d)
-        ROUND(13, d, e, f, g, h, a, b, c)
-        ROUND(14, c, d, e, f, g, h, a, b)
-        ROUND(15, b, c, d, e, f, g, h, a)
-
-        ROUND(16, a, b, c, d, e, f, g, h)
-        ROUND(17, h, a, b, c, d, e, f, g)
-        ROUND(18, g, h, a, b, c, d, e, f)
-        ROUND(19, f, g, h, a, b, c, d, e)
-        ROUND(20, e, f, g, h, a, b, c, d)
-        ROUND(21, d, e, f, g, h, a, b, c)
-        ROUND(22, c, d, e, f, g, h, a, b)
-        ROUND(23, b, c, d, e, f, g, h, a)
-
-        ROUND(24, a, b, c, d, e, f, g, h)
-        ROUND(25, h, a, b, c, d, e, f, g)
-        ROUND(26, g, h, a, b, c, d, e, f)
-        ROUND(27, f, g, h, a, b, c, d, e)
-        ROUND(28, e, f, g, h, a, b, c, d)
-        ROUND(29, d, e, f, g, h, a, b, c)
-        ROUND(30, c, d, e, f, g, h, a, b)
-        ROUND(31, b, c, d, e, f, g, h, a)
-
-        ROUND(32, a, b, c, d, e, f, g, h)
-        ROUND(33, h, a, b, c, d, e, f, g)
-        ROUND(34, g, h, a, b, c, d, e, f)
-        ROUND(35, f, g, h, a, b, c, d, e)
-        ROUND(36, e, f, g, h, a, b, c, d)
-        ROUND(37, d, e, f, g, h, a, b, c)
-        ROUND(38, c, d, e, f, g, h, a, b)
-        ROUND(39, b, c, d, e, f, g, h, a)
-
-        ROUND(40, a, b, c, d, e, f, g, h)
-        ROUND(41, h, a, b, c, d, e, f, g)
-        ROUND(42, g, h, a, b, c, d, e, f)
-        ROUND(43, f, g, h, a, b, c, d, e)
-        ROUND(44, e, f, g, h, a, b, c, d)
-        ROUND(45, d, e, f, g, h, a, b, c)
-        ROUND(46, c, d, e, f, g, h, a, b)
-        ROUND(47, b, c, d, e, f, g, h, a)
-
-        ROUND(48, a, b, c, d, e, f, g, h)
-        ROUND(49, h, a, b, c, d, e, f, g)
-        ROUND(50, g, h, a, b, c, d, e, f)
-        ROUND(51, f, g, h, a, b, c, d, e)
-        ROUND(52, e, f, g, h, a, b, c, d)
-        ROUND(53, d, e, f, g, h, a, b, c)
-        ROUND(54, c, d, e, f, g, h, a, b)
-        ROUND(55, b, c, d, e, f, g, h, a)
-
-        ROUND(56, a, b, c, d, e, f, g, h)
-        ROUND(57, h, a, b, c, d, e, f, g)
-        ROUND(58, g, h, a, b, c, d, e, f)
-        ROUND(59, f, g, h, a, b, c, d, e)
-        ROUND(60, e, f, g, h, a, b, c, d)
-        ROUND(61, d, e, f, g, h, a, b, c)
-        ROUND(62, c, d, e, f, g, h, a, b)
-        ROUND(63, b, c, d, e, f, g, h, a)
+        SHA256_UNROLLED_ROUNDS;
 #endif
 
         H[0] += a;
@@ -383,6 +463,7 @@ SHA256_Compress(SHA256Context *ctx)
         H[7] += h;
     }
 #undef ROUND
+#endif /* !USE_PPC_CRYPTO */
 }
 
 #undef s0
@@ -691,6 +772,11 @@ SHA224_Clone(SHA224Context *dest, SHA224Context *src)
 
 #endif
 
+#if defined(USE_PPC_CRYPTO)
+void sha512_block_p8(void *ctx, const void *inp, size_t len);
+
+#else /* USE_PPC_CRYPTO */
+
 /* SHA-384 and SHA-512 constants, K512. */
 static const PRUint64 K512[80] = {
 #if PR_BYTES_PER_LONG == 8
@@ -778,6 +864,8 @@ static const PRUint64 K512[80] = {
 #endif
 };
 
+#endif /* !USE_PPC_CRYPTO */
+
 struct SHA512ContextStr {
     union {
         PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */
@@ -932,6 +1020,10 @@ SHA512_Begin(SHA512Context *ctx)
 static void
 SHA512_Compress(SHA512Context *ctx)
 {
+#if defined(USE_PPC_CRYPTO)
+    sha512_block_p8(&H[0], &W[0], 1);
+#else /* USE_PPC_CRYPTO */
+
 #if defined(IS_LITTLE_ENDIAN)
     {
         BYTESWAP8(W[0]);
@@ -1174,6 +1266,8 @@ SHA512_Compress(SHA512Context *ctx)
         ADDTO(g, H[6]);
         ADDTO(h, H[7]);
     }
+
+#endif /* !USE_PPC_CRYPTO */
 }
 
 void
author	Lauri Kasanen <cand@gmx.com>	2020-04-21 16:41:54 +0000
committer	Lauri Kasanen <cand@gmx.com>	2020-04-21 16:41:54 +0000
commit	8a4ebeb36417249ebb14911683607968d93a40f9 (patch)
tree	52591cc90a66018b8dc79bec3f16c840a53770c1
parent	1341c7c22ce500a11d92350131baa5f28dc1390d (diff)
download	nss-hg-8a4ebeb36417249ebb14911683607968d93a40f9.tar.gz