Etusivu Tutki Apua
Kirjaudu sisään
lenn
/
grpc1.45.2
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: bef6e57d0d
Haarat Tagit
grpc1.45.2
/
third_party
/
boringssl-with-bazel
/
win-aarch64
/
crypto
/
fipsmodule
/
armv8-mont.S

armv8-mont.S 30 KB
Historia Raaka

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441 
  1. // This file is generated from a similarly-named Perl script in the BoringSSL
    2. 

  2. // source tree. Do not edit by hand.
    3. 

  3. 

  4. #if !defined(__has_feature)
    5. 

  5. #define __has_feature(x) 0
    6. 

  6. #endif
    7. 

  7. #if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM)
    8. 

  8. #define OPENSSL_NO_ASM
    9. 

  9. #endif
    10. 

  10. 

  11. #if !defined(OPENSSL_NO_ASM)
    12. 

  12. #if defined(__aarch64__)
    13. 

  13. #if defined(BORINGSSL_PREFIX)
    14. 

  14. #include <boringssl_prefix_symbols_asm.h>
    15. 

  15. #endif
    16. 

  16. #include <openssl/arm_arch.h>
    17. 

  17. 

  18. .text
    19. 

  19. 

  20. .globl	bn_mul_mont
    21. 

  21. 

  22. .def bn_mul_mont
    23. 

  23.    .type 32
    24. 

  24. .endef
    25. 

  25. .align	5
    26. 

  26. bn_mul_mont:
    27. 

  27. 	AARCH64_SIGN_LINK_REGISTER
    28. 

  28. 	tst	x5,#7
    29. 

  29. 	b.eq	__bn_sqr8x_mont
    30. 

  30. 	tst	x5,#3
    31. 

  31. 	b.eq	__bn_mul4x_mont
    32. 

  32. Lmul_mont:
    33. 

  33. 	stp	x29,x30,[sp,#-64]!
    34. 

  34. 	add	x29,sp,#0
    35. 

  35. 	stp	x19,x20,[sp,#16]
    36. 

  36. 	stp	x21,x22,[sp,#32]
    37. 

  37. 	stp	x23,x24,[sp,#48]
    38. 

  38. 

  39. 	ldr	x9,[x2],#8		// bp[0]
    40. 

  40. 	sub	x22,sp,x5,lsl#3
    41. 

  41. 	ldp	x7,x8,[x1],#16	// ap[0..1]
    42. 

  42. 	lsl	x5,x5,#3
    43. 

  43. 	ldr	x4,[x4]		// *n0
    44. 

  44. 	and	x22,x22,#-16		// ABI says so
    45. 

  45. 	ldp	x13,x14,[x3],#16	// np[0..1]
    46. 

  46. 

  47. 	mul	x6,x7,x9		// ap[0]*bp[0]
    48. 

  48. 	sub	x21,x5,#16		// j=num-2
    49. 

  49. 	umulh	x7,x7,x9
    50. 

  50. 	mul	x10,x8,x9		// ap[1]*bp[0]
    51. 

  51. 	umulh	x11,x8,x9
    52. 

  52. 

  53. 	mul	x15,x6,x4		// "tp[0]"*n0
    54. 

  54. 	mov	sp,x22			// alloca
    55. 

  55. 

  56. 	// (*)	mul	x12,x13,x15	// np[0]*m1
    57. 

  57. 	umulh	x13,x13,x15
    58. 

  58. 	mul	x16,x14,x15		// np[1]*m1
    59. 

  59. 	// (*)	adds	x12,x12,x6	// discarded
    60. 

  60. 	// (*)	As for removal of first multiplication and addition
    61. 

  61. 	//	instructions. The outcome of first addition is
    62. 

  62. 	//	guaranteed to be zero, which leaves two computationally
    63. 

  63. 	//	significant outcomes: it either carries or not. Then
    64. 

  64. 	//	question is when does it carry? Is there alternative
    65. 

  65. 	//	way to deduce it? If you follow operations, you can
    66. 

  66. 	//	observe that condition for carry is quite simple:
    67. 

  67. 	//	x6 being non-zero. So that carry can be calculated
    68. 

  68. 	//	by adding -1 to x6. That's what next instruction does.
    69. 

  69. 	subs	xzr,x6,#1		// (*)
    70. 

  70. 	umulh	x17,x14,x15
    71. 

  71. 	adc	x13,x13,xzr
    72. 

  72. 	cbz	x21,L1st_skip
    73. 

  73. 

  74. L1st:
    75. 

  75. 	ldr	x8,[x1],#8
    76. 

  76. 	adds	x6,x10,x7
    77. 

  77. 	sub	x21,x21,#8		// j--
    78. 

  78. 	adc	x7,x11,xzr
    79. 

  79. 

  80. 	ldr	x14,[x3],#8
    81. 

  81. 	adds	x12,x16,x13
    82. 

  82. 	mul	x10,x8,x9		// ap[j]*bp[0]
    83. 

  83. 	adc	x13,x17,xzr
    84. 

  84. 	umulh	x11,x8,x9
    85. 

  85. 

  86. 	adds	x12,x12,x6
    87. 

  87. 	mul	x16,x14,x15		// np[j]*m1
    88. 

  88. 	adc	x13,x13,xzr
    89. 

  89. 	umulh	x17,x14,x15
    90. 

  90. 	str	x12,[x22],#8		// tp[j-1]
    91. 

  91. 	cbnz	x21,L1st
    92. 

  92. 

  93. L1st_skip:
    94. 

  94. 	adds	x6,x10,x7
    95. 

  95. 	sub	x1,x1,x5		// rewind x1
    96. 

  96. 	adc	x7,x11,xzr
    97. 

  97. 

  98. 	adds	x12,x16,x13
    99. 

  99. 	sub	x3,x3,x5		// rewind x3
    100. 

  100. 	adc	x13,x17,xzr
    101. 

  101. 

  102. 	adds	x12,x12,x6
    103. 

  103. 	sub	x20,x5,#8		// i=num-1
    104. 

  104. 	adcs	x13,x13,x7
    105. 

  105. 

  106. 	adc	x19,xzr,xzr		// upmost overflow bit
    107. 

  107. 	stp	x12,x13,[x22]
    108. 

  108. 

  109. Louter:
    110. 

  110. 	ldr	x9,[x2],#8		// bp[i]
    111. 

  111. 	ldp	x7,x8,[x1],#16
    112. 

  112. 	ldr	x23,[sp]		// tp[0]
    113. 

  113. 	add	x22,sp,#8
    114. 

  114. 

  115. 	mul	x6,x7,x9		// ap[0]*bp[i]
    116. 

  116. 	sub	x21,x5,#16		// j=num-2
    117. 

  117. 	umulh	x7,x7,x9
    118. 

  118. 	ldp	x13,x14,[x3],#16
    119. 

  119. 	mul	x10,x8,x9		// ap[1]*bp[i]
    120. 

  120. 	adds	x6,x6,x23
    121. 

  121. 	umulh	x11,x8,x9
    122. 

  122. 	adc	x7,x7,xzr
    123. 

  123. 

  124. 	mul	x15,x6,x4
    125. 

  125. 	sub	x20,x20,#8		// i--
    126. 

  126. 

  127. 	// (*)	mul	x12,x13,x15	// np[0]*m1
    128. 

  128. 	umulh	x13,x13,x15
    129. 

  129. 	mul	x16,x14,x15		// np[1]*m1
    130. 

  130. 	// (*)	adds	x12,x12,x6
    131. 

  131. 	subs	xzr,x6,#1		// (*)
    132. 

  132. 	umulh	x17,x14,x15
    133. 

  133. 	cbz	x21,Linner_skip
    134. 

  134. 

  135. Linner:
    136. 

  136. 	ldr	x8,[x1],#8
    137. 

  137. 	adc	x13,x13,xzr
    138. 

  138. 	ldr	x23,[x22],#8		// tp[j]
    139. 

  139. 	adds	x6,x10,x7
    140. 

  140. 	sub	x21,x21,#8		// j--
    141. 

  141. 	adc	x7,x11,xzr
    142. 

  142. 

  143. 	adds	x12,x16,x13
    144. 

  144. 	ldr	x14,[x3],#8
    145. 

  145. 	adc	x13,x17,xzr
    146. 

  146. 

  147. 	mul	x10,x8,x9		// ap[j]*bp[i]
    148. 

  148. 	adds	x6,x6,x23
    149. 

  149. 	umulh	x11,x8,x9
    150. 

  150. 	adc	x7,x7,xzr
    151. 

  151. 

  152. 	mul	x16,x14,x15		// np[j]*m1
    153. 

  153. 	adds	x12,x12,x6
    154. 

  154. 	umulh	x17,x14,x15
    155. 

  155. 	str	x12,[x22,#-16]		// tp[j-1]
    156. 

  156. 	cbnz	x21,Linner
    157. 

  157. 

  158. Linner_skip:
    159. 

  159. 	ldr	x23,[x22],#8		// tp[j]
    160. 

  160. 	adc	x13,x13,xzr
    161. 

  161. 	adds	x6,x10,x7
    162. 

  162. 	sub	x1,x1,x5		// rewind x1
    163. 

  163. 	adc	x7,x11,xzr
    164. 

  164. 

  165. 	adds	x12,x16,x13
    166. 

  166. 	sub	x3,x3,x5		// rewind x3
    167. 

  167. 	adcs	x13,x17,x19
    168. 

  168. 	adc	x19,xzr,xzr
    169. 

  169. 

  170. 	adds	x6,x6,x23
    171. 

  171. 	adc	x7,x7,xzr
    172. 

  172. 

  173. 	adds	x12,x12,x6
    174. 

  174. 	adcs	x13,x13,x7
    175. 

  175. 	adc	x19,x19,xzr		// upmost overflow bit
    176. 

  176. 	stp	x12,x13,[x22,#-16]
    177. 

  177. 

  178. 	cbnz	x20,Louter
    179. 

  179. 

  180. 	// Final step. We see if result is larger than modulus, and
    181. 

  181. 	// if it is, subtract the modulus. But comparison implies
    182. 

  182. 	// subtraction. So we subtract modulus, see if it borrowed,
    183. 

  183. 	// and conditionally copy original value.
    184. 

  184. 	ldr	x23,[sp]		// tp[0]
    185. 

  185. 	add	x22,sp,#8
    186. 

  186. 	ldr	x14,[x3],#8		// np[0]
    187. 

  187. 	subs	x21,x5,#8		// j=num-1 and clear borrow
    188. 

  188. 	mov	x1,x0
    189. 

  189. Lsub:
    190. 

  190. 	sbcs	x8,x23,x14		// tp[j]-np[j]
    191. 

  191. 	ldr	x23,[x22],#8
    192. 

  192. 	sub	x21,x21,#8		// j--
    193. 

  193. 	ldr	x14,[x3],#8
    194. 

  194. 	str	x8,[x1],#8		// rp[j]=tp[j]-np[j]
    195. 

  195. 	cbnz	x21,Lsub
    196. 

  196. 

  197. 	sbcs	x8,x23,x14
    198. 

  198. 	sbcs	x19,x19,xzr		// did it borrow?
    199. 

  199. 	str	x8,[x1],#8		// rp[num-1]
    200. 

  200. 

  201. 	ldr	x23,[sp]		// tp[0]
    202. 

  202. 	add	x22,sp,#8
    203. 

  203. 	ldr	x8,[x0],#8		// rp[0]
    204. 

  204. 	sub	x5,x5,#8		// num--
    205. 

  205. 	nop
    206. 

  206. Lcond_copy:
    207. 

  207. 	sub	x5,x5,#8		// num--
    208. 

  208. 	csel	x14,x23,x8,lo		// did it borrow?
    209. 

  209. 	ldr	x23,[x22],#8
    210. 

  210. 	ldr	x8,[x0],#8
    211. 

  211. 	str	xzr,[x22,#-16]		// wipe tp
    212. 

  212. 	str	x14,[x0,#-16]
    213. 

  213. 	cbnz	x5,Lcond_copy
    214. 

  214. 

  215. 	csel	x14,x23,x8,lo
    216. 

  216. 	str	xzr,[x22,#-8]		// wipe tp
    217. 

  217. 	str	x14,[x0,#-8]
    218. 

  218. 

  219. 	ldp	x19,x20,[x29,#16]
    220. 

  220. 	mov	sp,x29
    221. 

  221. 	ldp	x21,x22,[x29,#32]
    222. 

  222. 	mov	x0,#1
    223. 

  223. 	ldp	x23,x24,[x29,#48]
    224. 

  224. 	ldr	x29,[sp],#64
    225. 

  225. 	AARCH64_VALIDATE_LINK_REGISTER
    226. 

  226. 	ret
    227. 

  227. 

  228. .def __bn_sqr8x_mont
    229. 

  229.    .type 32
    230. 

  230. .endef
    231. 

  231. .align	5
    232. 

  232. __bn_sqr8x_mont:
    233. 

  233. 	// Not adding AARCH64_SIGN_LINK_REGISTER here because __bn_sqr8x_mont is jumped to
    234. 

  234. 	// only from bn_mul_mont which has already signed the return address.
    235. 

  235. 	cmp	x1,x2
    236. 

  236. 	b.ne	__bn_mul4x_mont
    237. 

  237. Lsqr8x_mont:
    238. 

  238. 	stp	x29,x30,[sp,#-128]!
    239. 

  239. 	add	x29,sp,#0
    240. 

  240. 	stp	x19,x20,[sp,#16]
    241. 

  241. 	stp	x21,x22,[sp,#32]
    242. 

  242. 	stp	x23,x24,[sp,#48]
    243. 

  243. 	stp	x25,x26,[sp,#64]
    244. 

  244. 	stp	x27,x28,[sp,#80]
    245. 

  245. 	stp	x0,x3,[sp,#96]	// offload rp and np
    246. 

  246. 

  247. 	ldp	x6,x7,[x1,#8*0]
    248. 

  248. 	ldp	x8,x9,[x1,#8*2]
    249. 

  249. 	ldp	x10,x11,[x1,#8*4]
    250. 

  250. 	ldp	x12,x13,[x1,#8*6]
    251. 

  251. 

  252. 	sub	x2,sp,x5,lsl#4
    253. 

  253. 	lsl	x5,x5,#3
    254. 

  254. 	ldr	x4,[x4]		// *n0
    255. 

  255. 	mov	sp,x2			// alloca
    256. 

  256. 	sub	x27,x5,#8*8
    257. 

  257. 	b	Lsqr8x_zero_start
    258. 

  258. 

  259. Lsqr8x_zero:
    260. 

  260. 	sub	x27,x27,#8*8
    261. 

  261. 	stp	xzr,xzr,[x2,#8*0]
    262. 

  262. 	stp	xzr,xzr,[x2,#8*2]
    263. 

  263. 	stp	xzr,xzr,[x2,#8*4]
    264. 

  264. 	stp	xzr,xzr,[x2,#8*6]
    265. 

  265. Lsqr8x_zero_start:
    266. 

  266. 	stp	xzr,xzr,[x2,#8*8]
    267. 

  267. 	stp	xzr,xzr,[x2,#8*10]
    268. 

  268. 	stp	xzr,xzr,[x2,#8*12]
    269. 

  269. 	stp	xzr,xzr,[x2,#8*14]
    270. 

  270. 	add	x2,x2,#8*16
    271. 

  271. 	cbnz	x27,Lsqr8x_zero
    272. 

  272. 

  273. 	add	x3,x1,x5
    274. 

  274. 	add	x1,x1,#8*8
    275. 

  275. 	mov	x19,xzr
    276. 

  276. 	mov	x20,xzr
    277. 

  277. 	mov	x21,xzr
    278. 

  278. 	mov	x22,xzr
    279. 

  279. 	mov	x23,xzr
    280. 

  280. 	mov	x24,xzr
    281. 

  281. 	mov	x25,xzr
    282. 

  282. 	mov	x26,xzr
    283. 

  283. 	mov	x2,sp
    284. 

  284. 	str	x4,[x29,#112]		// offload n0
    285. 

  285. 

  286. 	// Multiply everything but a[i]*a[i]
    287. 

  287. .align	4
    288. 

  288. Lsqr8x_outer_loop:
    289. 

  289.         //                                                 a[1]a[0]	(i)
    290. 

  290.         //                                             a[2]a[0]
    291. 

  291.         //                                         a[3]a[0]
    292. 

  292.         //                                     a[4]a[0]
    293. 

  293.         //                                 a[5]a[0]
    294. 

  294.         //                             a[6]a[0]
    295. 

  295.         //                         a[7]a[0]
    296. 

  296.         //                                         a[2]a[1]		(ii)
    297. 

  297.         //                                     a[3]a[1]
    298. 

  298.         //                                 a[4]a[1]
    299. 

  299.         //                             a[5]a[1]
    300. 

  300.         //                         a[6]a[1]
    301. 

  301.         //                     a[7]a[1]
    302. 

  302.         //                                 a[3]a[2]			(iii)
    303. 

  303.         //                             a[4]a[2]
    304. 

  304.         //                         a[5]a[2]
    305. 

  305.         //                     a[6]a[2]
    306. 

  306.         //                 a[7]a[2]
    307. 

  307.         //                         a[4]a[3]				(iv)
    308. 

  308.         //                     a[5]a[3]
    309. 

  309.         //                 a[6]a[3]
    310. 

  310.         //             a[7]a[3]
    311. 

  311.         //                 a[5]a[4]					(v)
    312. 

  312.         //             a[6]a[4]
    313. 

  313.         //         a[7]a[4]
    314. 

  314.         //         a[6]a[5]						(vi)
    315. 

  315.         //     a[7]a[5]
    316. 

  316.         // a[7]a[6]							(vii)
    317. 

  317. 

  318. 	mul	x14,x7,x6		// lo(a[1..7]*a[0])		(i)
    319. 

  319. 	mul	x15,x8,x6
    320. 

  320. 	mul	x16,x9,x6
    321. 

  321. 	mul	x17,x10,x6
    322. 

  322. 	adds	x20,x20,x14		// t[1]+lo(a[1]*a[0])
    323. 

  323. 	mul	x14,x11,x6
    324. 

  324. 	adcs	x21,x21,x15
    325. 

  325. 	mul	x15,x12,x6
    326. 

  326. 	adcs	x22,x22,x16
    327. 

  327. 	mul	x16,x13,x6
    328. 

  328. 	adcs	x23,x23,x17
    329. 

  329. 	umulh	x17,x7,x6		// hi(a[1..7]*a[0])
    330. 

  330. 	adcs	x24,x24,x14
    331. 

  331. 	umulh	x14,x8,x6
    332. 

  332. 	adcs	x25,x25,x15
    333. 

  333. 	umulh	x15,x9,x6
    334. 

  334. 	adcs	x26,x26,x16
    335. 

  335. 	umulh	x16,x10,x6
    336. 

  336. 	stp	x19,x20,[x2],#8*2	// t[0..1]
    337. 

  337. 	adc	x19,xzr,xzr		// t[8]
    338. 

  338. 	adds	x21,x21,x17		// t[2]+lo(a[1]*a[0])
    339. 

  339. 	umulh	x17,x11,x6
    340. 

  340. 	adcs	x22,x22,x14
    341. 

  341. 	umulh	x14,x12,x6
    342. 

  342. 	adcs	x23,x23,x15
    343. 

  343. 	umulh	x15,x13,x6
    344. 

  344. 	adcs	x24,x24,x16
    345. 

  345. 	mul	x16,x8,x7		// lo(a[2..7]*a[1])		(ii)
    346. 

  346. 	adcs	x25,x25,x17
    347. 

  347. 	mul	x17,x9,x7
    348. 

  348. 	adcs	x26,x26,x14
    349. 

  349. 	mul	x14,x10,x7
    350. 

  350. 	adc	x19,x19,x15
    351. 

  351. 

  352. 	mul	x15,x11,x7
    353. 

  353. 	adds	x22,x22,x16
    354. 

  354. 	mul	x16,x12,x7
    355. 

  355. 	adcs	x23,x23,x17
    356. 

  356. 	mul	x17,x13,x7
    357. 

  357. 	adcs	x24,x24,x14
    358. 

  358. 	umulh	x14,x8,x7		// hi(a[2..7]*a[1])
    359. 

  359. 	adcs	x25,x25,x15
    360. 

  360. 	umulh	x15,x9,x7
    361. 

  361. 	adcs	x26,x26,x16
    362. 

  362. 	umulh	x16,x10,x7
    363. 

  363. 	adcs	x19,x19,x17
    364. 

  364. 	umulh	x17,x11,x7
    365. 

  365. 	stp	x21,x22,[x2],#8*2	// t[2..3]
    366. 

  366. 	adc	x20,xzr,xzr		// t[9]
    367. 

  367. 	adds	x23,x23,x14
    368. 

  368. 	umulh	x14,x12,x7
    369. 

  369. 	adcs	x24,x24,x15
    370. 

  370. 	umulh	x15,x13,x7
    371. 

  371. 	adcs	x25,x25,x16
    372. 

  372. 	mul	x16,x9,x8		// lo(a[3..7]*a[2])		(iii)
    373. 

  373. 	adcs	x26,x26,x17
    374. 

  374. 	mul	x17,x10,x8
    375. 

  375. 	adcs	x19,x19,x14
    376. 

  376. 	mul	x14,x11,x8
    377. 

  377. 	adc	x20,x20,x15
    378. 

  378. 

  379. 	mul	x15,x12,x8
    380. 

  380. 	adds	x24,x24,x16
    381. 

  381. 	mul	x16,x13,x8
    382. 

  382. 	adcs	x25,x25,x17
    383. 

  383. 	umulh	x17,x9,x8		// hi(a[3..7]*a[2])
    384. 

  384. 	adcs	x26,x26,x14
    385. 

  385. 	umulh	x14,x10,x8
    386. 

  386. 	adcs	x19,x19,x15
    387. 

  387. 	umulh	x15,x11,x8
    388. 

  388. 	adcs	x20,x20,x16
    389. 

  389. 	umulh	x16,x12,x8
    390. 

  390. 	stp	x23,x24,[x2],#8*2	// t[4..5]
    391. 

  391. 	adc	x21,xzr,xzr		// t[10]
    392. 

  392. 	adds	x25,x25,x17
    393. 

  393. 	umulh	x17,x13,x8
    394. 

  394. 	adcs	x26,x26,x14
    395. 

  395. 	mul	x14,x10,x9		// lo(a[4..7]*a[3])		(iv)
    396. 

  396. 	adcs	x19,x19,x15
    397. 

  397. 	mul	x15,x11,x9
    398. 

  398. 	adcs	x20,x20,x16
    399. 

  399. 	mul	x16,x12,x9
    400. 

  400. 	adc	x21,x21,x17
    401. 

  401. 

  402. 	mul	x17,x13,x9
    403. 

  403. 	adds	x26,x26,x14
    404. 

  404. 	umulh	x14,x10,x9		// hi(a[4..7]*a[3])
    405. 

  405. 	adcs	x19,x19,x15
    406. 

  406. 	umulh	x15,x11,x9
    407. 

  407. 	adcs	x20,x20,x16
    408. 

  408. 	umulh	x16,x12,x9
    409. 

  409. 	adcs	x21,x21,x17
    410. 

  410. 	umulh	x17,x13,x9
    411. 

  411. 	stp	x25,x26,[x2],#8*2	// t[6..7]
    412. 

  412. 	adc	x22,xzr,xzr		// t[11]
    413. 

  413. 	adds	x19,x19,x14
    414. 

  414. 	mul	x14,x11,x10		// lo(a[5..7]*a[4])		(v)
    415. 

  415. 	adcs	x20,x20,x15
    416. 

  416. 	mul	x15,x12,x10
    417. 

  417. 	adcs	x21,x21,x16
    418. 

  418. 	mul	x16,x13,x10
    419. 

  419. 	adc	x22,x22,x17
    420. 

  420. 

  421. 	umulh	x17,x11,x10		// hi(a[5..7]*a[4])
    422. 

  422. 	adds	x20,x20,x14
    423. 

  423. 	umulh	x14,x12,x10
    424. 

  424. 	adcs	x21,x21,x15
    425. 

  425. 	umulh	x15,x13,x10
    426. 

  426. 	adcs	x22,x22,x16
    427. 

  427. 	mul	x16,x12,x11		// lo(a[6..7]*a[5])		(vi)
    428. 

  428. 	adc	x23,xzr,xzr		// t[12]
    429. 

  429. 	adds	x21,x21,x17
    430. 

  430. 	mul	x17,x13,x11
    431. 

  431. 	adcs	x22,x22,x14
    432. 

  432. 	umulh	x14,x12,x11		// hi(a[6..7]*a[5])
    433. 

  433. 	adc	x23,x23,x15
    434. 

  434. 

  435. 	umulh	x15,x13,x11
    436. 

  436. 	adds	x22,x22,x16
    437. 

  437. 	mul	x16,x13,x12		// lo(a[7]*a[6])		(vii)
    438. 

  438. 	adcs	x23,x23,x17
    439. 

  439. 	umulh	x17,x13,x12		// hi(a[7]*a[6])
    440. 

  440. 	adc	x24,xzr,xzr		// t[13]
    441. 

  441. 	adds	x23,x23,x14
    442. 

  442. 	sub	x27,x3,x1	// done yet?
    443. 

  443. 	adc	x24,x24,x15
    444. 

  444. 

  445. 	adds	x24,x24,x16
    446. 

  446. 	sub	x14,x3,x5	// rewinded ap
    447. 

  447. 	adc	x25,xzr,xzr		// t[14]
    448. 

  448. 	add	x25,x25,x17
    449. 

  449. 

  450. 	cbz	x27,Lsqr8x_outer_break
    451. 

  451. 

  452. 	mov	x4,x6
    453. 

  453. 	ldp	x6,x7,[x2,#8*0]
    454. 

  454. 	ldp	x8,x9,[x2,#8*2]
    455. 

  455. 	ldp	x10,x11,[x2,#8*4]
    456. 

  456. 	ldp	x12,x13,[x2,#8*6]
    457. 

  457. 	adds	x19,x19,x6
    458. 

  458. 	adcs	x20,x20,x7
    459. 

  459. 	ldp	x6,x7,[x1,#8*0]
    460. 

  460. 	adcs	x21,x21,x8
    461. 

  461. 	adcs	x22,x22,x9
    462. 

  462. 	ldp	x8,x9,[x1,#8*2]
    463. 

  463. 	adcs	x23,x23,x10
    464. 

  464. 	adcs	x24,x24,x11
    465. 

  465. 	ldp	x10,x11,[x1,#8*4]
    466. 

  466. 	adcs	x25,x25,x12
    467. 

  467. 	mov	x0,x1
    468. 

  468. 	adcs	x26,xzr,x13
    469. 

  469. 	ldp	x12,x13,[x1,#8*6]
    470. 

  470. 	add	x1,x1,#8*8
    471. 

  471. 	//adc	x28,xzr,xzr		// moved below
    472. 

  472. 	mov	x27,#-8*8
    473. 

  473. 

  474. 	//                                                         a[8]a[0]
    475. 

  475. 	//                                                     a[9]a[0]
    476. 

  476. 	//                                                 a[a]a[0]
    477. 

  477. 	//                                             a[b]a[0]
    478. 

  478. 	//                                         a[c]a[0]
    479. 

  479. 	//                                     a[d]a[0]
    480. 

  480. 	//                                 a[e]a[0]
    481. 

  481. 	//                             a[f]a[0]
    482. 

  482. 	//                                                     a[8]a[1]
    483. 

  483. 	//                         a[f]a[1]........................
    484. 

  484. 	//                                                 a[8]a[2]
    485. 

  485. 	//                     a[f]a[2]........................
    486. 

  486. 	//                                             a[8]a[3]
    487. 

  487. 	//                 a[f]a[3]........................
    488. 

  488. 	//                                         a[8]a[4]
    489. 

  489. 	//             a[f]a[4]........................
    490. 

  490. 	//                                     a[8]a[5]
    491. 

  491. 	//         a[f]a[5]........................
    492. 

  492. 	//                                 a[8]a[6]
    493. 

  493. 	//     a[f]a[6]........................
    494. 

  494. 	//                             a[8]a[7]
    495. 

  495. 	// a[f]a[7]........................
    496. 

  496. Lsqr8x_mul:
    497. 

  497. 	mul	x14,x6,x4
    498. 

  498. 	adc	x28,xzr,xzr		// carry bit, modulo-scheduled
    499. 

  499. 	mul	x15,x7,x4
    500. 

  500. 	add	x27,x27,#8
    501. 

  501. 	mul	x16,x8,x4
    502. 

  502. 	mul	x17,x9,x4
    503. 

  503. 	adds	x19,x19,x14
    504. 

  504. 	mul	x14,x10,x4
    505. 

  505. 	adcs	x20,x20,x15
    506. 

  506. 	mul	x15,x11,x4
    507. 

  507. 	adcs	x21,x21,x16
    508. 

  508. 	mul	x16,x12,x4
    509. 

  509. 	adcs	x22,x22,x17
    510. 

  510. 	mul	x17,x13,x4
    511. 

  511. 	adcs	x23,x23,x14
    512. 

  512. 	umulh	x14,x6,x4
    513. 

  513. 	adcs	x24,x24,x15
    514. 

  514. 	umulh	x15,x7,x4
    515. 

  515. 	adcs	x25,x25,x16
    516. 

  516. 	umulh	x16,x8,x4
    517. 

  517. 	adcs	x26,x26,x17
    518. 

  518. 	umulh	x17,x9,x4
    519. 

  519. 	adc	x28,x28,xzr
    520. 

  520. 	str	x19,[x2],#8
    521. 

  521. 	adds	x19,x20,x14
    522. 

  522. 	umulh	x14,x10,x4
    523. 

  523. 	adcs	x20,x21,x15
    524. 

  524. 	umulh	x15,x11,x4
    525. 

  525. 	adcs	x21,x22,x16
    526. 

  526. 	umulh	x16,x12,x4
    527. 

  527. 	adcs	x22,x23,x17
    528. 

  528. 	umulh	x17,x13,x4
    529. 

  529. 	ldr	x4,[x0,x27]
    530. 

  530. 	adcs	x23,x24,x14
    531. 

  531. 	adcs	x24,x25,x15
    532. 

  532. 	adcs	x25,x26,x16
    533. 

  533. 	adcs	x26,x28,x17
    534. 

  534. 	//adc	x28,xzr,xzr		// moved above
    535. 

  535. 	cbnz	x27,Lsqr8x_mul
    536. 

  536. 					// note that carry flag is guaranteed
    537. 

  537. 					// to be zero at this point
    538. 

  538. 	cmp	x1,x3		// done yet?
    539. 

  539. 	b.eq	Lsqr8x_break
    540. 

  540. 

  541. 	ldp	x6,x7,[x2,#8*0]
    542. 

  542. 	ldp	x8,x9,[x2,#8*2]
    543. 

  543. 	ldp	x10,x11,[x2,#8*4]
    544. 

  544. 	ldp	x12,x13,[x2,#8*6]
    545. 

  545. 	adds	x19,x19,x6
    546. 

  546. 	ldr	x4,[x0,#-8*8]
    547. 

  547. 	adcs	x20,x20,x7
    548. 

  548. 	ldp	x6,x7,[x1,#8*0]
    549. 

  549. 	adcs	x21,x21,x8
    550. 

  550. 	adcs	x22,x22,x9
    551. 

  551. 	ldp	x8,x9,[x1,#8*2]
    552. 

  552. 	adcs	x23,x23,x10
    553. 

  553. 	adcs	x24,x24,x11
    554. 

  554. 	ldp	x10,x11,[x1,#8*4]
    555. 

  555. 	adcs	x25,x25,x12
    556. 

  556. 	mov	x27,#-8*8
    557. 

  557. 	adcs	x26,x26,x13
    558. 

  558. 	ldp	x12,x13,[x1,#8*6]
    559. 

  559. 	add	x1,x1,#8*8
    560. 

  560. 	//adc	x28,xzr,xzr		// moved above
    561. 

  561. 	b	Lsqr8x_mul
    562. 

  562. 

  563. .align	4
    564. 

  564. Lsqr8x_break:
    565. 

  565. 	ldp	x6,x7,[x0,#8*0]
    566. 

  566. 	add	x1,x0,#8*8
    567. 

  567. 	ldp	x8,x9,[x0,#8*2]
    568. 

  568. 	sub	x14,x3,x1		// is it last iteration?
    569. 

  569. 	ldp	x10,x11,[x0,#8*4]
    570. 

  570. 	sub	x15,x2,x14
    571. 

  571. 	ldp	x12,x13,[x0,#8*6]
    572. 

  572. 	cbz	x14,Lsqr8x_outer_loop
    573. 

  573. 

  574. 	stp	x19,x20,[x2,#8*0]
    575. 

  575. 	ldp	x19,x20,[x15,#8*0]
    576. 

  576. 	stp	x21,x22,[x2,#8*2]
    577. 

  577. 	ldp	x21,x22,[x15,#8*2]
    578. 

  578. 	stp	x23,x24,[x2,#8*4]
    579. 

  579. 	ldp	x23,x24,[x15,#8*4]
    580. 

  580. 	stp	x25,x26,[x2,#8*6]
    581. 

  581. 	mov	x2,x15
    582. 

  582. 	ldp	x25,x26,[x15,#8*6]
    583. 

  583. 	b	Lsqr8x_outer_loop
    584. 

  584. 

  585. .align	4
    586. 

  586. Lsqr8x_outer_break:
    587. 

  587. 	// Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0]
    588. 

  588. 	ldp	x7,x9,[x14,#8*0]	// recall that x14 is &a[0]
    589. 

  589. 	ldp	x15,x16,[sp,#8*1]
    590. 

  590. 	ldp	x11,x13,[x14,#8*2]
    591. 

  591. 	add	x1,x14,#8*4
    592. 

  592. 	ldp	x17,x14,[sp,#8*3]
    593. 

  593. 

  594. 	stp	x19,x20,[x2,#8*0]
    595. 

  595. 	mul	x19,x7,x7
    596. 

  596. 	stp	x21,x22,[x2,#8*2]
    597. 

  597. 	umulh	x7,x7,x7
    598. 

  598. 	stp	x23,x24,[x2,#8*4]
    599. 

  599. 	mul	x8,x9,x9
    600. 

  600. 	stp	x25,x26,[x2,#8*6]
    601. 

  601. 	mov	x2,sp
    602. 

  602. 	umulh	x9,x9,x9
    603. 

  603. 	adds	x20,x7,x15,lsl#1
    604. 

  604. 	extr	x15,x16,x15,#63
    605. 

  605. 	sub	x27,x5,#8*4
    606. 

  606. 

  607. Lsqr4x_shift_n_add:
    608. 

  608. 	adcs	x21,x8,x15
    609. 

  609. 	extr	x16,x17,x16,#63
    610. 

  610. 	sub	x27,x27,#8*4
    611. 

  611. 	adcs	x22,x9,x16
    612. 

  612. 	ldp	x15,x16,[x2,#8*5]
    613. 

  613. 	mul	x10,x11,x11
    614. 

  614. 	ldp	x7,x9,[x1],#8*2
    615. 

  615. 	umulh	x11,x11,x11
    616. 

  616. 	mul	x12,x13,x13
    617. 

  617. 	umulh	x13,x13,x13
    618. 

  618. 	extr	x17,x14,x17,#63
    619. 

  619. 	stp	x19,x20,[x2,#8*0]
    620. 

  620. 	adcs	x23,x10,x17
    621. 

  621. 	extr	x14,x15,x14,#63
    622. 

  622. 	stp	x21,x22,[x2,#8*2]
    623. 

  623. 	adcs	x24,x11,x14
    624. 

  624. 	ldp	x17,x14,[x2,#8*7]
    625. 

  625. 	extr	x15,x16,x15,#63
    626. 

  626. 	adcs	x25,x12,x15
    627. 

  627. 	extr	x16,x17,x16,#63
    628. 

  628. 	adcs	x26,x13,x16
    629. 

  629. 	ldp	x15,x16,[x2,#8*9]
    630. 

  630. 	mul	x6,x7,x7
    631. 

  631. 	ldp	x11,x13,[x1],#8*2
    632. 

  632. 	umulh	x7,x7,x7
    633. 

  633. 	mul	x8,x9,x9
    634. 

  634. 	umulh	x9,x9,x9
    635. 

  635. 	stp	x23,x24,[x2,#8*4]
    636. 

  636. 	extr	x17,x14,x17,#63
    637. 

  637. 	stp	x25,x26,[x2,#8*6]
    638. 

  638. 	add	x2,x2,#8*8
    639. 

  639. 	adcs	x19,x6,x17
    640. 

  640. 	extr	x14,x15,x14,#63
    641. 

  641. 	adcs	x20,x7,x14
    642. 

  642. 	ldp	x17,x14,[x2,#8*3]
    643. 

  643. 	extr	x15,x16,x15,#63
    644. 

  644. 	cbnz	x27,Lsqr4x_shift_n_add
    645. 

  645. 	ldp	x1,x4,[x29,#104]	// pull np and n0
    646. 

  646. 

  647. 	adcs	x21,x8,x15
    648. 

  648. 	extr	x16,x17,x16,#63
    649. 

  649. 	adcs	x22,x9,x16
    650. 

  650. 	ldp	x15,x16,[x2,#8*5]
    651. 

  651. 	mul	x10,x11,x11
    652. 

  652. 	umulh	x11,x11,x11
    653. 

  653. 	stp	x19,x20,[x2,#8*0]
    654. 

  654. 	mul	x12,x13,x13
    655. 

  655. 	umulh	x13,x13,x13
    656. 

  656. 	stp	x21,x22,[x2,#8*2]
    657. 

  657. 	extr	x17,x14,x17,#63
    658. 

  658. 	adcs	x23,x10,x17
    659. 

  659. 	extr	x14,x15,x14,#63
    660. 

  660. 	ldp	x19,x20,[sp,#8*0]
    661. 

  661. 	adcs	x24,x11,x14
    662. 

  662. 	extr	x15,x16,x15,#63
    663. 

  663. 	ldp	x6,x7,[x1,#8*0]
    664. 

  664. 	adcs	x25,x12,x15
    665. 

  665. 	extr	x16,xzr,x16,#63
    666. 

  666. 	ldp	x8,x9,[x1,#8*2]
    667. 

  667. 	adc	x26,x13,x16
    668. 

  668. 	ldp	x10,x11,[x1,#8*4]
    669. 

  669. 

  670. 	// Reduce by 512 bits per iteration
    671. 

  671. 	mul	x28,x4,x19		// t[0]*n0
    672. 

  672. 	ldp	x12,x13,[x1,#8*6]
    673. 

  673. 	add	x3,x1,x5
    674. 

  674. 	ldp	x21,x22,[sp,#8*2]
    675. 

  675. 	stp	x23,x24,[x2,#8*4]
    676. 

  676. 	ldp	x23,x24,[sp,#8*4]
    677. 

  677. 	stp	x25,x26,[x2,#8*6]
    678. 

  678. 	ldp	x25,x26,[sp,#8*6]
    679. 

  679. 	add	x1,x1,#8*8
    680. 

  680. 	mov	x30,xzr		// initial top-most carry
    681. 

  681. 	mov	x2,sp
    682. 

  682. 	mov	x27,#8
    683. 

  683. 

  684. Lsqr8x_reduction:
    685. 

  685. 	// (*)	mul	x14,x6,x28	// lo(n[0-7])*lo(t[0]*n0)
    686. 

  686. 	mul	x15,x7,x28
    687. 

  687. 	sub	x27,x27,#1
    688. 

  688. 	mul	x16,x8,x28
    689. 

  689. 	str	x28,[x2],#8		// put aside t[0]*n0 for tail processing
    690. 

  690. 	mul	x17,x9,x28
    691. 

  691. 	// (*)	adds	xzr,x19,x14
    692. 

  692. 	subs	xzr,x19,#1		// (*)
    693. 

  693. 	mul	x14,x10,x28
    694. 

  694. 	adcs	x19,x20,x15
    695. 

  695. 	mul	x15,x11,x28
    696. 

  696. 	adcs	x20,x21,x16
    697. 

  697. 	mul	x16,x12,x28
    698. 

  698. 	adcs	x21,x22,x17
    699. 

  699. 	mul	x17,x13,x28
    700. 

  700. 	adcs	x22,x23,x14
    701. 

  701. 	umulh	x14,x6,x28		// hi(n[0-7])*lo(t[0]*n0)
    702. 

  702. 	adcs	x23,x24,x15
    703. 

  703. 	umulh	x15,x7,x28
    704. 

  704. 	adcs	x24,x25,x16
    705. 

  705. 	umulh	x16,x8,x28
    706. 

  706. 	adcs	x25,x26,x17
    707. 

  707. 	umulh	x17,x9,x28
    708. 

  708. 	adc	x26,xzr,xzr
    709. 

  709. 	adds	x19,x19,x14
    710. 

  710. 	umulh	x14,x10,x28
    711. 

  711. 	adcs	x20,x20,x15
    712. 

  712. 	umulh	x15,x11,x28
    713. 

  713. 	adcs	x21,x21,x16
    714. 

  714. 	umulh	x16,x12,x28
    715. 

  715. 	adcs	x22,x22,x17
    716. 

  716. 	umulh	x17,x13,x28
    717. 

  717. 	mul	x28,x4,x19		// next t[0]*n0
    718. 

  718. 	adcs	x23,x23,x14
    719. 

  719. 	adcs	x24,x24,x15
    720. 

  720. 	adcs	x25,x25,x16
    721. 

  721. 	adc	x26,x26,x17
    722. 

  722. 	cbnz	x27,Lsqr8x_reduction
    723. 

  723. 

  724. 	ldp	x14,x15,[x2,#8*0]
    725. 

  725. 	ldp	x16,x17,[x2,#8*2]
    726. 

  726. 	mov	x0,x2
    727. 

  727. 	sub	x27,x3,x1	// done yet?
    728. 

  728. 	adds	x19,x19,x14
    729. 

  729. 	adcs	x20,x20,x15
    730. 

  730. 	ldp	x14,x15,[x2,#8*4]
    731. 

  731. 	adcs	x21,x21,x16
    732. 

  732. 	adcs	x22,x22,x17
    733. 

  733. 	ldp	x16,x17,[x2,#8*6]
    734. 

  734. 	adcs	x23,x23,x14
    735. 

  735. 	adcs	x24,x24,x15
    736. 

  736. 	adcs	x25,x25,x16
    737. 

  737. 	adcs	x26,x26,x17
    738. 

  738. 	//adc	x28,xzr,xzr		// moved below
    739. 

  739. 	cbz	x27,Lsqr8x8_post_condition
    740. 

  740. 

  741. 	ldr	x4,[x2,#-8*8]
    742. 

  742. 	ldp	x6,x7,[x1,#8*0]
    743. 

  743. 	ldp	x8,x9,[x1,#8*2]
    744. 

  744. 	ldp	x10,x11,[x1,#8*4]
    745. 

  745. 	mov	x27,#-8*8
    746. 

  746. 	ldp	x12,x13,[x1,#8*6]
    747. 

  747. 	add	x1,x1,#8*8
    748. 

  748. 

  749. Lsqr8x_tail:
    750. 

  750. 	mul	x14,x6,x4
    751. 

  751. 	adc	x28,xzr,xzr		// carry bit, modulo-scheduled
    752. 

  752. 	mul	x15,x7,x4
    753. 

  753. 	add	x27,x27,#8
    754. 

  754. 	mul	x16,x8,x4
    755. 

  755. 	mul	x17,x9,x4
    756. 

  756. 	adds	x19,x19,x14
    757. 

  757. 	mul	x14,x10,x4
    758. 

  758. 	adcs	x20,x20,x15
    759. 

  759. 	mul	x15,x11,x4
    760. 

  760. 	adcs	x21,x21,x16
    761. 

  761. 	mul	x16,x12,x4
    762. 

  762. 	adcs	x22,x22,x17
    763. 

  763. 	mul	x17,x13,x4
    764. 

  764. 	adcs	x23,x23,x14
    765. 

  765. 	umulh	x14,x6,x4
    766. 

  766. 	adcs	x24,x24,x15
    767. 

  767. 	umulh	x15,x7,x4
    768. 

  768. 	adcs	x25,x25,x16
    769. 

  769. 	umulh	x16,x8,x4
    770. 

  770. 	adcs	x26,x26,x17
    771. 

  771. 	umulh	x17,x9,x4
    772. 

  772. 	adc	x28,x28,xzr
    773. 

  773. 	str	x19,[x2],#8
    774. 

  774. 	adds	x19,x20,x14
    775. 

  775. 	umulh	x14,x10,x4
    776. 

  776. 	adcs	x20,x21,x15
    777. 

  777. 	umulh	x15,x11,x4
    778. 

  778. 	adcs	x21,x22,x16
    779. 

  779. 	umulh	x16,x12,x4
    780. 

  780. 	adcs	x22,x23,x17
    781. 

  781. 	umulh	x17,x13,x4
    782. 

  782. 	ldr	x4,[x0,x27]
    783. 

  783. 	adcs	x23,x24,x14
    784. 

  784. 	adcs	x24,x25,x15
    785. 

  785. 	adcs	x25,x26,x16
    786. 

  786. 	adcs	x26,x28,x17
    787. 

  787. 	//adc	x28,xzr,xzr		// moved above
    788. 

  788. 	cbnz	x27,Lsqr8x_tail
    789. 

  789. 					// note that carry flag is guaranteed
    790. 

  790. 					// to be zero at this point
    791. 

  791. 	ldp	x6,x7,[x2,#8*0]
    792. 

  792. 	sub	x27,x3,x1	// done yet?
    793. 

  793. 	sub	x16,x3,x5	// rewinded np
    794. 

  794. 	ldp	x8,x9,[x2,#8*2]
    795. 

  795. 	ldp	x10,x11,[x2,#8*4]
    796. 

  796. 	ldp	x12,x13,[x2,#8*6]
    797. 

  797. 	cbz	x27,Lsqr8x_tail_break
    798. 

  798. 

  799. 	ldr	x4,[x0,#-8*8]
    800. 

  800. 	adds	x19,x19,x6
    801. 

  801. 	adcs	x20,x20,x7
    802. 

  802. 	ldp	x6,x7,[x1,#8*0]
    803. 

  803. 	adcs	x21,x21,x8
    804. 

  804. 	adcs	x22,x22,x9
    805. 

  805. 	ldp	x8,x9,[x1,#8*2]
    806. 

  806. 	adcs	x23,x23,x10
    807. 

  807. 	adcs	x24,x24,x11
    808. 

  808. 	ldp	x10,x11,[x1,#8*4]
    809. 

  809. 	adcs	x25,x25,x12
    810. 

  810. 	mov	x27,#-8*8
    811. 

  811. 	adcs	x26,x26,x13
    812. 

  812. 	ldp	x12,x13,[x1,#8*6]
    813. 

  813. 	add	x1,x1,#8*8
    814. 

  814. 	//adc	x28,xzr,xzr		// moved above
    815. 

  815. 	b	Lsqr8x_tail
    816. 

  816. 

  817. .align	4
    818. 

  818. Lsqr8x_tail_break:
    819. 

  819. 	ldr	x4,[x29,#112]		// pull n0
    820. 

  820. 	add	x27,x2,#8*8		// end of current t[num] window
    821. 

  821. 

  822. 	subs	xzr,x30,#1		// "move" top-most carry to carry bit
    823. 

  823. 	adcs	x14,x19,x6
    824. 

  824. 	adcs	x15,x20,x7
    825. 

  825. 	ldp	x19,x20,[x0,#8*0]
    826. 

  826. 	adcs	x21,x21,x8
    827. 

  827. 	ldp	x6,x7,[x16,#8*0]	// recall that x16 is &n[0]
    828. 

  828. 	adcs	x22,x22,x9
    829. 

  829. 	ldp	x8,x9,[x16,#8*2]
    830. 

  830. 	adcs	x23,x23,x10
    831. 

  831. 	adcs	x24,x24,x11
    832. 

  832. 	ldp	x10,x11,[x16,#8*4]
    833. 

  833. 	adcs	x25,x25,x12
    834. 

  834. 	adcs	x26,x26,x13
    835. 

  835. 	ldp	x12,x13,[x16,#8*6]
    836. 

  836. 	add	x1,x16,#8*8
    837. 

  837. 	adc	x30,xzr,xzr	// top-most carry
    838. 

  838. 	mul	x28,x4,x19
    839. 

  839. 	stp	x14,x15,[x2,#8*0]
    840. 

  840. 	stp	x21,x22,[x2,#8*2]
    841. 

  841. 	ldp	x21,x22,[x0,#8*2]
    842. 

  842. 	stp	x23,x24,[x2,#8*4]
    843. 

  843. 	ldp	x23,x24,[x0,#8*4]
    844. 

  844. 	cmp	x27,x29		// did we hit the bottom?
    845. 

  845. 	stp	x25,x26,[x2,#8*6]
    846. 

  846. 	mov	x2,x0			// slide the window
    847. 

  847. 	ldp	x25,x26,[x0,#8*6]
    848. 

  848. 	mov	x27,#8
    849. 

  849. 	b.ne	Lsqr8x_reduction
    850. 

  850. 

  851. 	// Final step. We see if result is larger than modulus, and
    852. 

  852. 	// if it is, subtract the modulus. But comparison implies
    853. 

  853. 	// subtraction. So we subtract modulus, see if it borrowed,
    854. 

  854. 	// and conditionally copy original value.
    855. 

  855. 	ldr	x0,[x29,#96]		// pull rp
    856. 

  856. 	add	x2,x2,#8*8
    857. 

  857. 	subs	x14,x19,x6
    858. 

  858. 	sbcs	x15,x20,x7
    859. 

  859. 	sub	x27,x5,#8*8
    860. 

  860. 	mov	x3,x0		// x0 copy
    861. 

  861. 

  862. Lsqr8x_sub:
    863. 

  863. 	sbcs	x16,x21,x8
    864. 

  864. 	ldp	x6,x7,[x1,#8*0]
    865. 

  865. 	sbcs	x17,x22,x9
    866. 

  866. 	stp	x14,x15,[x0,#8*0]
    867. 

  867. 	sbcs	x14,x23,x10
    868. 

  868. 	ldp	x8,x9,[x1,#8*2]
    869. 

  869. 	sbcs	x15,x24,x11
    870. 

  870. 	stp	x16,x17,[x0,#8*2]
    871. 

  871. 	sbcs	x16,x25,x12
    872. 

  872. 	ldp	x10,x11,[x1,#8*4]
    873. 

  873. 	sbcs	x17,x26,x13
    874. 

  874. 	ldp	x12,x13,[x1,#8*6]
    875. 

  875. 	add	x1,x1,#8*8
    876. 

  876. 	ldp	x19,x20,[x2,#8*0]
    877. 

  877. 	sub	x27,x27,#8*8
    878. 

  878. 	ldp	x21,x22,[x2,#8*2]
    879. 

  879. 	ldp	x23,x24,[x2,#8*4]
    880. 

  880. 	ldp	x25,x26,[x2,#8*6]
    881. 

  881. 	add	x2,x2,#8*8
    882. 

  882. 	stp	x14,x15,[x0,#8*4]
    883. 

  883. 	sbcs	x14,x19,x6
    884. 

  884. 	stp	x16,x17,[x0,#8*6]
    885. 

  885. 	add	x0,x0,#8*8
    886. 

  886. 	sbcs	x15,x20,x7
    887. 

  887. 	cbnz	x27,Lsqr8x_sub
    888. 

  888. 

  889. 	sbcs	x16,x21,x8
    890. 

  890. 	mov	x2,sp
    891. 

  891. 	add	x1,sp,x5
    892. 

  892. 	ldp	x6,x7,[x3,#8*0]
    893. 

  893. 	sbcs	x17,x22,x9
    894. 

  894. 	stp	x14,x15,[x0,#8*0]
    895. 

  895. 	sbcs	x14,x23,x10
    896. 

  896. 	ldp	x8,x9,[x3,#8*2]
    897. 

  897. 	sbcs	x15,x24,x11
    898. 

  898. 	stp	x16,x17,[x0,#8*2]
    899. 

  899. 	sbcs	x16,x25,x12
    900. 

  900. 	ldp	x19,x20,[x1,#8*0]
    901. 

  901. 	sbcs	x17,x26,x13
    902. 

  902. 	ldp	x21,x22,[x1,#8*2]
    903. 

  903. 	sbcs	xzr,x30,xzr	// did it borrow?
    904. 

  904. 	ldr	x30,[x29,#8]		// pull return address
    905. 

  905. 	stp	x14,x15,[x0,#8*4]
    906. 

  906. 	stp	x16,x17,[x0,#8*6]
    907. 

  907. 

  908. 	sub	x27,x5,#8*4
    909. 

  909. Lsqr4x_cond_copy:
    910. 

  910. 	sub	x27,x27,#8*4
    911. 

  911. 	csel	x14,x19,x6,lo
    912. 

  912. 	stp	xzr,xzr,[x2,#8*0]
    913. 

  913. 	csel	x15,x20,x7,lo
    914. 

  914. 	ldp	x6,x7,[x3,#8*4]
    915. 

  915. 	ldp	x19,x20,[x1,#8*4]
    916. 

  916. 	csel	x16,x21,x8,lo
    917. 

  917. 	stp	xzr,xzr,[x2,#8*2]
    918. 

  918. 	add	x2,x2,#8*4
    919. 

  919. 	csel	x17,x22,x9,lo
    920. 

  920. 	ldp	x8,x9,[x3,#8*6]
    921. 

  921. 	ldp	x21,x22,[x1,#8*6]
    922. 

  922. 	add	x1,x1,#8*4
    923. 

  923. 	stp	x14,x15,[x3,#8*0]
    924. 

  924. 	stp	x16,x17,[x3,#8*2]
    925. 

  925. 	add	x3,x3,#8*4
    926. 

  926. 	stp	xzr,xzr,[x1,#8*0]
    927. 

  927. 	stp	xzr,xzr,[x1,#8*2]
    928. 

  928. 	cbnz	x27,Lsqr4x_cond_copy
    929. 

  929. 

  930. 	csel	x14,x19,x6,lo
    931. 

  931. 	stp	xzr,xzr,[x2,#8*0]
    932. 

  932. 	csel	x15,x20,x7,lo
    933. 

  933. 	stp	xzr,xzr,[x2,#8*2]
    934. 

  934. 	csel	x16,x21,x8,lo
    935. 

  935. 	csel	x17,x22,x9,lo
    936. 

  936. 	stp	x14,x15,[x3,#8*0]
    937. 

  937. 	stp	x16,x17,[x3,#8*2]
    938. 

  938. 

  939. 	b	Lsqr8x_done
    940. 

  940. 

  941. .align	4
    942. 

  942. Lsqr8x8_post_condition:
    943. 

  943. 	adc	x28,xzr,xzr
    944. 

  944. 	ldr	x30,[x29,#8]		// pull return address
    945. 

  945. 	// x19-7,x28 hold result, x6-7 hold modulus
    946. 

  946. 	subs	x6,x19,x6
    947. 

  947. 	ldr	x1,[x29,#96]		// pull rp
    948. 

  948. 	sbcs	x7,x20,x7
    949. 

  949. 	stp	xzr,xzr,[sp,#8*0]
    950. 

  950. 	sbcs	x8,x21,x8
    951. 

  951. 	stp	xzr,xzr,[sp,#8*2]
    952. 

  952. 	sbcs	x9,x22,x9
    953. 

  953. 	stp	xzr,xzr,[sp,#8*4]
    954. 

  954. 	sbcs	x10,x23,x10
    955. 

  955. 	stp	xzr,xzr,[sp,#8*6]
    956. 

  956. 	sbcs	x11,x24,x11
    957. 

  957. 	stp	xzr,xzr,[sp,#8*8]
    958. 

  958. 	sbcs	x12,x25,x12
    959. 

  959. 	stp	xzr,xzr,[sp,#8*10]
    960. 

  960. 	sbcs	x13,x26,x13
    961. 

  961. 	stp	xzr,xzr,[sp,#8*12]
    962. 

  962. 	sbcs	x28,x28,xzr	// did it borrow?
    963. 

  963. 	stp	xzr,xzr,[sp,#8*14]
    964. 

  964. 

  965. 	// x6-7 hold result-modulus
    966. 

  966. 	csel	x6,x19,x6,lo
    967. 

  967. 	csel	x7,x20,x7,lo
    968. 

  968. 	csel	x8,x21,x8,lo
    969. 

  969. 	csel	x9,x22,x9,lo
    970. 

  970. 	stp	x6,x7,[x1,#8*0]
    971. 

  971. 	csel	x10,x23,x10,lo
    972. 

  972. 	csel	x11,x24,x11,lo
    973. 

  973. 	stp	x8,x9,[x1,#8*2]
    974. 

  974. 	csel	x12,x25,x12,lo
    975. 

  975. 	csel	x13,x26,x13,lo
    976. 

  976. 	stp	x10,x11,[x1,#8*4]
    977. 

  977. 	stp	x12,x13,[x1,#8*6]
    978. 

  978. 

  979. Lsqr8x_done:
    980. 

  980. 	ldp	x19,x20,[x29,#16]
    981. 

  981. 	mov	sp,x29
    982. 

  982. 	ldp	x21,x22,[x29,#32]
    983. 

  983. 	mov	x0,#1
    984. 

  984. 	ldp	x23,x24,[x29,#48]
    985. 

  985. 	ldp	x25,x26,[x29,#64]
    986. 

  986. 	ldp	x27,x28,[x29,#80]
    987. 

  987. 	ldr	x29,[sp],#128
    988. 

  988. 	// x30 is popped earlier
    989. 

  989. 	AARCH64_VALIDATE_LINK_REGISTER
    990. 

  990. 	ret
    991. 

  991. 

  992. .def __bn_mul4x_mont
    993. 

  993.    .type 32
    994. 

  994. .endef
    995. 

  995. .align	5
    996. 

  996. __bn_mul4x_mont:
    997. 

  997. 	// Not adding AARCH64_SIGN_LINK_REGISTER here because __bn_mul4x_mont is jumped to
    998. 

  998. 	// only from bn_mul_mont or __bn_mul8x_mont which have already signed the
    999. 

  999. 	// return address.
    1000. 

  1000. 	stp	x29,x30,[sp,#-128]!
    1001. 

  1001. 	add	x29,sp,#0
    1002. 

  1002. 	stp	x19,x20,[sp,#16]
    1003. 

  1003. 	stp	x21,x22,[sp,#32]
    1004. 

  1004. 	stp	x23,x24,[sp,#48]
    1005. 

  1005. 	stp	x25,x26,[sp,#64]
    1006. 

  1006. 	stp	x27,x28,[sp,#80]
    1007. 

  1007. 

  1008. 	sub	x26,sp,x5,lsl#3
    1009. 

  1009. 	lsl	x5,x5,#3
    1010. 

  1010. 	ldr	x4,[x4]		// *n0
    1011. 

  1011. 	sub	sp,x26,#8*4		// alloca
    1012. 

  1012. 

  1013. 	add	x10,x2,x5
    1014. 

  1014. 	add	x27,x1,x5
    1015. 

  1015. 	stp	x0,x10,[x29,#96]	// offload rp and &b[num]
    1016. 

  1016. 

  1017. 	ldr	x24,[x2,#8*0]		// b[0]
    1018. 

  1018. 	ldp	x6,x7,[x1,#8*0]	// a[0..3]
    1019. 

  1019. 	ldp	x8,x9,[x1,#8*2]
    1020. 

  1020. 	add	x1,x1,#8*4
    1021. 

  1021. 	mov	x19,xzr
    1022. 

  1022. 	mov	x20,xzr
    1023. 

  1023. 	mov	x21,xzr
    1024. 

  1024. 	mov	x22,xzr
    1025. 

  1025. 	ldp	x14,x15,[x3,#8*0]	// n[0..3]
    1026. 

  1026. 	ldp	x16,x17,[x3,#8*2]
    1027. 

  1027. 	adds	x3,x3,#8*4		// clear carry bit
    1028. 

  1028. 	mov	x0,xzr
    1029. 

  1029. 	mov	x28,#0
    1030. 

  1030. 	mov	x26,sp
    1031. 

  1031. 

  1032. Loop_mul4x_1st_reduction:
    1033. 

  1033. 	mul	x10,x6,x24		// lo(a[0..3]*b[0])
    1034. 

  1034. 	adc	x0,x0,xzr	// modulo-scheduled
    1035. 

  1035. 	mul	x11,x7,x24
    1036. 

  1036. 	add	x28,x28,#8
    1037. 

  1037. 	mul	x12,x8,x24
    1038. 

  1038. 	and	x28,x28,#31
    1039. 

  1039. 	mul	x13,x9,x24
    1040. 

  1040. 	adds	x19,x19,x10
    1041. 

  1041. 	umulh	x10,x6,x24		// hi(a[0..3]*b[0])
    1042. 

  1042. 	adcs	x20,x20,x11
    1043. 

  1043. 	mul	x25,x19,x4		// t[0]*n0
    1044. 

  1044. 	adcs	x21,x21,x12
    1045. 

  1045. 	umulh	x11,x7,x24
    1046. 

  1046. 	adcs	x22,x22,x13
    1047. 

  1047. 	umulh	x12,x8,x24
    1048. 

  1048. 	adc	x23,xzr,xzr
    1049. 

  1049. 	umulh	x13,x9,x24
    1050. 

  1050. 	ldr	x24,[x2,x28]		// next b[i] (or b[0])
    1051. 

  1051. 	adds	x20,x20,x10
    1052. 

  1052. 	// (*)	mul	x10,x14,x25	// lo(n[0..3]*t[0]*n0)
    1053. 

  1053. 	str	x25,[x26],#8		// put aside t[0]*n0 for tail processing
    1054. 

  1054. 	adcs	x21,x21,x11
    1055. 

  1055. 	mul	x11,x15,x25
    1056. 

  1056. 	adcs	x22,x22,x12
    1057. 

  1057. 	mul	x12,x16,x25
    1058. 

  1058. 	adc	x23,x23,x13		// can't overflow
    1059. 

  1059. 	mul	x13,x17,x25
    1060. 

  1060. 	// (*)	adds	xzr,x19,x10
    1061. 

  1061. 	subs	xzr,x19,#1		// (*)
    1062. 

  1062. 	umulh	x10,x14,x25		// hi(n[0..3]*t[0]*n0)
    1063. 

  1063. 	adcs	x19,x20,x11
    1064. 

  1064. 	umulh	x11,x15,x25
    1065. 

  1065. 	adcs	x20,x21,x12
    1066. 

  1066. 	umulh	x12,x16,x25
    1067. 

  1067. 	adcs	x21,x22,x13
    1068. 

  1068. 	umulh	x13,x17,x25
    1069. 

  1069. 	adcs	x22,x23,x0
    1070. 

  1070. 	adc	x0,xzr,xzr
    1071. 

  1071. 	adds	x19,x19,x10
    1072. 

  1072. 	sub	x10,x27,x1
    1073. 

  1073. 	adcs	x20,x20,x11
    1074. 

  1074. 	adcs	x21,x21,x12
    1075. 

  1075. 	adcs	x22,x22,x13
    1076. 

  1076. 	//adc	x0,x0,xzr
    1077. 

  1077. 	cbnz	x28,Loop_mul4x_1st_reduction
    1078. 

  1078. 

  1079. 	cbz	x10,Lmul4x4_post_condition
    1080. 

  1080. 

  1081. 	ldp	x6,x7,[x1,#8*0]	// a[4..7]
    1082. 

  1082. 	ldp	x8,x9,[x1,#8*2]
    1083. 

  1083. 	add	x1,x1,#8*4
    1084. 

  1084. 	ldr	x25,[sp]		// a[0]*n0
    1085. 

  1085. 	ldp	x14,x15,[x3,#8*0]	// n[4..7]
    1086. 

  1086. 	ldp	x16,x17,[x3,#8*2]
    1087. 

  1087. 	add	x3,x3,#8*4
    1088. 

  1088. 

  1089. Loop_mul4x_1st_tail:
    1090. 

  1090. 	mul	x10,x6,x24		// lo(a[4..7]*b[i])
    1091. 

  1091. 	adc	x0,x0,xzr	// modulo-scheduled
    1092. 

  1092. 	mul	x11,x7,x24
    1093. 

  1093. 	add	x28,x28,#8
    1094. 

  1094. 	mul	x12,x8,x24
    1095. 

  1095. 	and	x28,x28,#31
    1096. 

  1096. 	mul	x13,x9,x24
    1097. 

  1097. 	adds	x19,x19,x10
    1098. 

  1098. 	umulh	x10,x6,x24		// hi(a[4..7]*b[i])
    1099. 

  1099. 	adcs	x20,x20,x11
    1100. 

  1100. 	umulh	x11,x7,x24
    1101. 

  1101. 	adcs	x21,x21,x12
    1102. 

  1102. 	umulh	x12,x8,x24
    1103. 

  1103. 	adcs	x22,x22,x13
    1104. 

  1104. 	umulh	x13,x9,x24
    1105. 

  1105. 	adc	x23,xzr,xzr
    1106. 

  1106. 	ldr	x24,[x2,x28]		// next b[i] (or b[0])
    1107. 

  1107. 	adds	x20,x20,x10
    1108. 

  1108. 	mul	x10,x14,x25		// lo(n[4..7]*a[0]*n0)
    1109. 

  1109. 	adcs	x21,x21,x11
    1110. 

  1110. 	mul	x11,x15,x25
    1111. 

  1111. 	adcs	x22,x22,x12
    1112. 

  1112. 	mul	x12,x16,x25
    1113. 

  1113. 	adc	x23,x23,x13		// can't overflow
    1114. 

  1114. 	mul	x13,x17,x25
    1115. 

  1115. 	adds	x19,x19,x10
    1116. 

  1116. 	umulh	x10,x14,x25		// hi(n[4..7]*a[0]*n0)
    1117. 

  1117. 	adcs	x20,x20,x11
    1118. 

  1118. 	umulh	x11,x15,x25
    1119. 

  1119. 	adcs	x21,x21,x12
    1120. 

  1120. 	umulh	x12,x16,x25
    1121. 

  1121. 	adcs	x22,x22,x13
    1122. 

  1122. 	adcs	x23,x23,x0
    1123. 

  1123. 	umulh	x13,x17,x25
    1124. 

  1124. 	adc	x0,xzr,xzr
    1125. 

  1125. 	ldr	x25,[sp,x28]		// next t[0]*n0
    1126. 

  1126. 	str	x19,[x26],#8		// result!!!
    1127. 

  1127. 	adds	x19,x20,x10
    1128. 

  1128. 	sub	x10,x27,x1		// done yet?
    1129. 

  1129. 	adcs	x20,x21,x11
    1130. 

  1130. 	adcs	x21,x22,x12
    1131. 

  1131. 	adcs	x22,x23,x13
    1132. 

  1132. 	//adc	x0,x0,xzr
    1133. 

  1133. 	cbnz	x28,Loop_mul4x_1st_tail
    1134. 

  1134. 

  1135. 	sub	x11,x27,x5	// rewinded x1
    1136. 

  1136. 	cbz	x10,Lmul4x_proceed
    1137. 

  1137. 

  1138. 	ldp	x6,x7,[x1,#8*0]
    1139. 

  1139. 	ldp	x8,x9,[x1,#8*2]
    1140. 

  1140. 	add	x1,x1,#8*4
    1141. 

  1141. 	ldp	x14,x15,[x3,#8*0]
    1142. 

  1142. 	ldp	x16,x17,[x3,#8*2]
    1143. 

  1143. 	add	x3,x3,#8*4
    1144. 

  1144. 	b	Loop_mul4x_1st_tail
    1145. 

  1145. 

  1146. .align	5
    1147. 

  1147. Lmul4x_proceed:
    1148. 

  1148. 	ldr	x24,[x2,#8*4]!		// *++b
    1149. 

  1149. 	adc	x30,x0,xzr
    1150. 

  1150. 	ldp	x6,x7,[x11,#8*0]	// a[0..3]
    1151. 

  1151. 	sub	x3,x3,x5		// rewind np
    1152. 

  1152. 	ldp	x8,x9,[x11,#8*2]
    1153. 

  1153. 	add	x1,x11,#8*4
    1154. 

  1154. 

  1155. 	stp	x19,x20,[x26,#8*0]	// result!!!
    1156. 

  1156. 	ldp	x19,x20,[sp,#8*4]	// t[0..3]
    1157. 

  1157. 	stp	x21,x22,[x26,#8*2]	// result!!!
    1158. 

  1158. 	ldp	x21,x22,[sp,#8*6]
    1159. 

  1159. 

  1160. 	ldp	x14,x15,[x3,#8*0]	// n[0..3]
    1161. 

  1161. 	mov	x26,sp
    1162. 

  1162. 	ldp	x16,x17,[x3,#8*2]
    1163. 

  1163. 	adds	x3,x3,#8*4		// clear carry bit
    1164. 

  1164. 	mov	x0,xzr
    1165. 

  1165. 

  1166. .align	4
    1167. 

  1167. Loop_mul4x_reduction:
    1168. 

  1168. 	mul	x10,x6,x24		// lo(a[0..3]*b[4])
    1169. 

  1169. 	adc	x0,x0,xzr	// modulo-scheduled
    1170. 

  1170. 	mul	x11,x7,x24
    1171. 

  1171. 	add	x28,x28,#8
    1172. 

  1172. 	mul	x12,x8,x24
    1173. 

  1173. 	and	x28,x28,#31
    1174. 

  1174. 	mul	x13,x9,x24
    1175. 

  1175. 	adds	x19,x19,x10
    1176. 

  1176. 	umulh	x10,x6,x24		// hi(a[0..3]*b[4])
    1177. 

  1177. 	adcs	x20,x20,x11
    1178. 

  1178. 	mul	x25,x19,x4		// t[0]*n0
    1179. 

  1179. 	adcs	x21,x21,x12
    1180. 

  1180. 	umulh	x11,x7,x24
    1181. 

  1181. 	adcs	x22,x22,x13
    1182. 

  1182. 	umulh	x12,x8,x24
    1183. 

  1183. 	adc	x23,xzr,xzr
    1184. 

  1184. 	umulh	x13,x9,x24
    1185. 

  1185. 	ldr	x24,[x2,x28]		// next b[i]
    1186. 

  1186. 	adds	x20,x20,x10
    1187. 

  1187. 	// (*)	mul	x10,x14,x25
    1188. 

  1188. 	str	x25,[x26],#8		// put aside t[0]*n0 for tail processing
    1189. 

  1189. 	adcs	x21,x21,x11
    1190. 

  1190. 	mul	x11,x15,x25		// lo(n[0..3]*t[0]*n0
    1191. 

  1191. 	adcs	x22,x22,x12
    1192. 

  1192. 	mul	x12,x16,x25
    1193. 

  1193. 	adc	x23,x23,x13		// can't overflow
    1194. 

  1194. 	mul	x13,x17,x25
    1195. 

  1195. 	// (*)	adds	xzr,x19,x10
    1196. 

  1196. 	subs	xzr,x19,#1		// (*)
    1197. 

  1197. 	umulh	x10,x14,x25		// hi(n[0..3]*t[0]*n0
    1198. 

  1198. 	adcs	x19,x20,x11
    1199. 

  1199. 	umulh	x11,x15,x25
    1200. 

  1200. 	adcs	x20,x21,x12
    1201. 

  1201. 	umulh	x12,x16,x25
    1202. 

  1202. 	adcs	x21,x22,x13
    1203. 

  1203. 	umulh	x13,x17,x25
    1204. 

  1204. 	adcs	x22,x23,x0
    1205. 

  1205. 	adc	x0,xzr,xzr
    1206. 

  1206. 	adds	x19,x19,x10
    1207. 

  1207. 	adcs	x20,x20,x11
    1208. 

  1208. 	adcs	x21,x21,x12
    1209. 

  1209. 	adcs	x22,x22,x13
    1210. 

  1210. 	//adc	x0,x0,xzr
    1211. 

  1211. 	cbnz	x28,Loop_mul4x_reduction
    1212. 

  1212. 

  1213. 	adc	x0,x0,xzr
    1214. 

  1214. 	ldp	x10,x11,[x26,#8*4]	// t[4..7]
    1215. 

  1215. 	ldp	x12,x13,[x26,#8*6]
    1216. 

  1216. 	ldp	x6,x7,[x1,#8*0]	// a[4..7]
    1217. 

  1217. 	ldp	x8,x9,[x1,#8*2]
    1218. 

  1218. 	add	x1,x1,#8*4
    1219. 

  1219. 	adds	x19,x19,x10
    1220. 

  1220. 	adcs	x20,x20,x11
    1221. 

  1221. 	adcs	x21,x21,x12
    1222. 

  1222. 	adcs	x22,x22,x13
    1223. 

  1223. 	//adc	x0,x0,xzr
    1224. 

  1224. 

  1225. 	ldr	x25,[sp]		// t[0]*n0
    1226. 

  1226. 	ldp	x14,x15,[x3,#8*0]	// n[4..7]
    1227. 

  1227. 	ldp	x16,x17,[x3,#8*2]
    1228. 

  1228. 	add	x3,x3,#8*4
    1229. 

  1229. 

  1230. .align	4
    1231. 

  1231. Loop_mul4x_tail:
    1232. 

  1232. 	mul	x10,x6,x24		// lo(a[4..7]*b[4])
    1233. 

  1233. 	adc	x0,x0,xzr	// modulo-scheduled
    1234. 

  1234. 	mul	x11,x7,x24
    1235. 

  1235. 	add	x28,x28,#8
    1236. 

  1236. 	mul	x12,x8,x24
    1237. 

  1237. 	and	x28,x28,#31
    1238. 

  1238. 	mul	x13,x9,x24
    1239. 

  1239. 	adds	x19,x19,x10
    1240. 

  1240. 	umulh	x10,x6,x24		// hi(a[4..7]*b[4])
    1241. 

  1241. 	adcs	x20,x20,x11
    1242. 

  1242. 	umulh	x11,x7,x24
    1243. 

  1243. 	adcs	x21,x21,x12
    1244. 

  1244. 	umulh	x12,x8,x24
    1245. 

  1245. 	adcs	x22,x22,x13
    1246. 

  1246. 	umulh	x13,x9,x24
    1247. 

  1247. 	adc	x23,xzr,xzr
    1248. 

  1248. 	ldr	x24,[x2,x28]		// next b[i]
    1249. 

  1249. 	adds	x20,x20,x10
    1250. 

  1250. 	mul	x10,x14,x25		// lo(n[4..7]*t[0]*n0)
    1251. 

  1251. 	adcs	x21,x21,x11
    1252. 

  1252. 	mul	x11,x15,x25
    1253. 

  1253. 	adcs	x22,x22,x12
    1254. 

  1254. 	mul	x12,x16,x25
    1255. 

  1255. 	adc	x23,x23,x13		// can't overflow
    1256. 

  1256. 	mul	x13,x17,x25
    1257. 

  1257. 	adds	x19,x19,x10
    1258. 

  1258. 	umulh	x10,x14,x25		// hi(n[4..7]*t[0]*n0)
    1259. 

  1259. 	adcs	x20,x20,x11
    1260. 

  1260. 	umulh	x11,x15,x25
    1261. 

  1261. 	adcs	x21,x21,x12
    1262. 

  1262. 	umulh	x12,x16,x25
    1263. 

  1263. 	adcs	x22,x22,x13
    1264. 

  1264. 	umulh	x13,x17,x25
    1265. 

  1265. 	adcs	x23,x23,x0
    1266. 

  1266. 	ldr	x25,[sp,x28]		// next a[0]*n0
    1267. 

  1267. 	adc	x0,xzr,xzr
    1268. 

  1268. 	str	x19,[x26],#8		// result!!!
    1269. 

  1269. 	adds	x19,x20,x10
    1270. 

  1270. 	sub	x10,x27,x1		// done yet?
    1271. 

  1271. 	adcs	x20,x21,x11
    1272. 

  1272. 	adcs	x21,x22,x12
    1273. 

  1273. 	adcs	x22,x23,x13
    1274. 

  1274. 	//adc	x0,x0,xzr
    1275. 

  1275. 	cbnz	x28,Loop_mul4x_tail
    1276. 

  1276. 

  1277. 	sub	x11,x3,x5		// rewinded np?
    1278. 

  1278. 	adc	x0,x0,xzr
    1279. 

  1279. 	cbz	x10,Loop_mul4x_break
    1280. 

  1280. 

  1281. 	ldp	x10,x11,[x26,#8*4]
    1282. 

  1282. 	ldp	x12,x13,[x26,#8*6]
    1283. 

  1283. 	ldp	x6,x7,[x1,#8*0]
    1284. 

  1284. 	ldp	x8,x9,[x1,#8*2]
    1285. 

  1285. 	add	x1,x1,#8*4
    1286. 

  1286. 	adds	x19,x19,x10
    1287. 

  1287. 	adcs	x20,x20,x11
    1288. 

  1288. 	adcs	x21,x21,x12
    1289. 

  1289. 	adcs	x22,x22,x13
    1290. 

  1290. 	//adc	x0,x0,xzr
    1291. 

  1291. 	ldp	x14,x15,[x3,#8*0]
    1292. 

  1292. 	ldp	x16,x17,[x3,#8*2]
    1293. 

  1293. 	add	x3,x3,#8*4
    1294. 

  1294. 	b	Loop_mul4x_tail
    1295. 

  1295. 

  1296. .align	4
    1297. 

  1297. Loop_mul4x_break:
    1298. 

  1298. 	ldp	x12,x13,[x29,#96]	// pull rp and &b[num]
    1299. 

  1299. 	adds	x19,x19,x30
    1300. 

  1300. 	add	x2,x2,#8*4		// bp++
    1301. 

  1301. 	adcs	x20,x20,xzr
    1302. 

  1302. 	sub	x1,x1,x5		// rewind ap
    1303. 

  1303. 	adcs	x21,x21,xzr
    1304. 

  1304. 	stp	x19,x20,[x26,#8*0]	// result!!!
    1305. 

  1305. 	adcs	x22,x22,xzr
    1306. 

  1306. 	ldp	x19,x20,[sp,#8*4]	// t[0..3]
    1307. 

  1307. 	adc	x30,x0,xzr
    1308. 

  1308. 	stp	x21,x22,[x26,#8*2]	// result!!!
    1309. 

  1309. 	cmp	x2,x13			// done yet?
    1310. 

  1310. 	ldp	x21,x22,[sp,#8*6]
    1311. 

  1311. 	ldp	x14,x15,[x11,#8*0]	// n[0..3]
    1312. 

  1312. 	ldp	x16,x17,[x11,#8*2]
    1313. 

  1313. 	add	x3,x11,#8*4
    1314. 

  1314. 	b.eq	Lmul4x_post
    1315. 

  1315. 

  1316. 	ldr	x24,[x2]
    1317. 

  1317. 	ldp	x6,x7,[x1,#8*0]	// a[0..3]
    1318. 

  1318. 	ldp	x8,x9,[x1,#8*2]
    1319. 

  1319. 	adds	x1,x1,#8*4		// clear carry bit
    1320. 

  1320. 	mov	x0,xzr
    1321. 

  1321. 	mov	x26,sp
    1322. 

  1322. 	b	Loop_mul4x_reduction
    1323. 

  1323. 

  1324. .align	4
    1325. 

  1325. Lmul4x_post:
    1326. 

  1326. 	// Final step. We see if result is larger than modulus, and
    1327. 

  1327. 	// if it is, subtract the modulus. But comparison implies
    1328. 

  1328. 	// subtraction. So we subtract modulus, see if it borrowed,
    1329. 

  1329. 	// and conditionally copy original value.
    1330. 

  1330. 	mov	x0,x12
    1331. 

  1331. 	mov	x27,x12		// x0 copy
    1332. 

  1332. 	subs	x10,x19,x14
    1333. 

  1333. 	add	x26,sp,#8*8
    1334. 

  1334. 	sbcs	x11,x20,x15
    1335. 

  1335. 	sub	x28,x5,#8*4
    1336. 

  1336. 

  1337. Lmul4x_sub:
    1338. 

  1338. 	sbcs	x12,x21,x16
    1339. 

  1339. 	ldp	x14,x15,[x3,#8*0]
    1340. 

  1340. 	sub	x28,x28,#8*4
    1341. 

  1341. 	ldp	x19,x20,[x26,#8*0]
    1342. 

  1342. 	sbcs	x13,x22,x17
    1343. 

  1343. 	ldp	x16,x17,[x3,#8*2]
    1344. 

  1344. 	add	x3,x3,#8*4
    1345. 

  1345. 	ldp	x21,x22,[x26,#8*2]
    1346. 

  1346. 	add	x26,x26,#8*4
    1347. 

  1347. 	stp	x10,x11,[x0,#8*0]
    1348. 

  1348. 	sbcs	x10,x19,x14
    1349. 

  1349. 	stp	x12,x13,[x0,#8*2]
    1350. 

  1350. 	add	x0,x0,#8*4
    1351. 

  1351. 	sbcs	x11,x20,x15
    1352. 

  1352. 	cbnz	x28,Lmul4x_sub
    1353. 

  1353. 

  1354. 	sbcs	x12,x21,x16
    1355. 

  1355. 	mov	x26,sp
    1356. 

  1356. 	add	x1,sp,#8*4
    1357. 

  1357. 	ldp	x6,x7,[x27,#8*0]
    1358. 

  1358. 	sbcs	x13,x22,x17
    1359. 

  1359. 	stp	x10,x11,[x0,#8*0]
    1360. 

  1360. 	ldp	x8,x9,[x27,#8*2]
    1361. 

  1361. 	stp	x12,x13,[x0,#8*2]
    1362. 

  1362. 	ldp	x19,x20,[x1,#8*0]
    1363. 

  1363. 	ldp	x21,x22,[x1,#8*2]
    1364. 

  1364. 	sbcs	xzr,x30,xzr	// did it borrow?
    1365. 

  1365. 	ldr	x30,[x29,#8]		// pull return address
    1366. 

  1366. 

  1367. 	sub	x28,x5,#8*4
    1368. 

  1368. Lmul4x_cond_copy:
    1369. 

  1369. 	sub	x28,x28,#8*4
    1370. 

  1370. 	csel	x10,x19,x6,lo
    1371. 

  1371. 	stp	xzr,xzr,[x26,#8*0]
    1372. 

  1372. 	csel	x11,x20,x7,lo
    1373. 

  1373. 	ldp	x6,x7,[x27,#8*4]
    1374. 

  1374. 	ldp	x19,x20,[x1,#8*4]
    1375. 

  1375. 	csel	x12,x21,x8,lo
    1376. 

  1376. 	stp	xzr,xzr,[x26,#8*2]
    1377. 

  1377. 	add	x26,x26,#8*4
    1378. 

  1378. 	csel	x13,x22,x9,lo
    1379. 

  1379. 	ldp	x8,x9,[x27,#8*6]
    1380. 

  1380. 	ldp	x21,x22,[x1,#8*6]
    1381. 

  1381. 	add	x1,x1,#8*4
    1382. 

  1382. 	stp	x10,x11,[x27,#8*0]
    1383. 

  1383. 	stp	x12,x13,[x27,#8*2]
    1384. 

  1384. 	add	x27,x27,#8*4
    1385. 

  1385. 	cbnz	x28,Lmul4x_cond_copy
    1386. 

  1386. 

  1387. 	csel	x10,x19,x6,lo
    1388. 

  1388. 	stp	xzr,xzr,[x26,#8*0]
    1389. 

  1389. 	csel	x11,x20,x7,lo
    1390. 

  1390. 	stp	xzr,xzr,[x26,#8*2]
    1391. 

  1391. 	csel	x12,x21,x8,lo
    1392. 

  1392. 	stp	xzr,xzr,[x26,#8*3]
    1393. 

  1393. 	csel	x13,x22,x9,lo
    1394. 

  1394. 	stp	xzr,xzr,[x26,#8*4]
    1395. 

  1395. 	stp	x10,x11,[x27,#8*0]
    1396. 

  1396. 	stp	x12,x13,[x27,#8*2]
    1397. 

  1397. 

  1398. 	b	Lmul4x_done
    1399. 

  1399. 

  1400. .align	4
    1401. 

  1401. Lmul4x4_post_condition:
    1402. 

  1402. 	adc	x0,x0,xzr
    1403. 

  1403. 	ldr	x1,[x29,#96]		// pull rp
    1404. 

  1404. 	// x19-3,x0 hold result, x14-7 hold modulus
    1405. 

  1405. 	subs	x6,x19,x14
    1406. 

  1406. 	ldr	x30,[x29,#8]		// pull return address
    1407. 

  1407. 	sbcs	x7,x20,x15
    1408. 

  1408. 	stp	xzr,xzr,[sp,#8*0]
    1409. 

  1409. 	sbcs	x8,x21,x16
    1410. 

  1410. 	stp	xzr,xzr,[sp,#8*2]
    1411. 

  1411. 	sbcs	x9,x22,x17
    1412. 

  1412. 	stp	xzr,xzr,[sp,#8*4]
    1413. 

  1413. 	sbcs	xzr,x0,xzr		// did it borrow?
    1414. 

  1414. 	stp	xzr,xzr,[sp,#8*6]
    1415. 

  1415. 

  1416. 	// x6-3 hold result-modulus
    1417. 

  1417. 	csel	x6,x19,x6,lo
    1418. 

  1418. 	csel	x7,x20,x7,lo
    1419. 

  1419. 	csel	x8,x21,x8,lo
    1420. 

  1420. 	csel	x9,x22,x9,lo
    1421. 

  1421. 	stp	x6,x7,[x1,#8*0]
    1422. 

  1422. 	stp	x8,x9,[x1,#8*2]
    1423. 

  1423. 

  1424. Lmul4x_done:
    1425. 

  1425. 	ldp	x19,x20,[x29,#16]
    1426. 

  1426. 	mov	sp,x29
    1427. 

  1427. 	ldp	x21,x22,[x29,#32]
    1428. 

  1428. 	mov	x0,#1
    1429. 

  1429. 	ldp	x23,x24,[x29,#48]
    1430. 

  1430. 	ldp	x25,x26,[x29,#64]
    1431. 

  1431. 	ldp	x27,x28,[x29,#80]
    1432. 

  1432. 	ldr	x29,[sp],#128
    1433. 

  1433. 	// x30 is popped earlier
    1434. 

  1434. 	AARCH64_VALIDATE_LINK_REGISTER
    1435. 

  1435. 	ret
    1436. 

  1436. 

  1437. .byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
    1438. 

  1438. .align	2
    1439. 

  1439. .align	4
    1440. 

  1440. #endif
    1441. 

  1441. #endif  // !OPENSSL_NO_ASM
    1442.