From d23c6590dd4f85086cbdf6f91973454bebdb4179 Mon Sep 17 00:00:00 2001 From: Autoroller Date: Mon, 14 May 2018 14:44:20 -0700 Subject: [PATCH] Roll chromium_revision f7f609d28c..3dc058abd9 (558320:558478) Change log: https://chromium.googlesource.com/chromium/src/+log/f7f609d28c..3dc058abd9 Full diff: https://chromium.googlesource.com/chromium/src/+/f7f609d28c..3dc058abd9 Roll chromium third_party 70ec6906a5..257f2e30a3 Change log: https://chromium.googlesource.com/chromium/src/third_party/+log/70ec6906a5..257f2e30a3 Changed dependencies: * src/base: https://chromium.googlesource.com/chromium/src/base/+log/deb9ad0180..2711aa7a26 * src/build: https://chromium.googlesource.com/chromium/src/build/+log/27de0fa05e..c5b7918c1b * src/ios: https://chromium.googlesource.com/chromium/src/ios/+log/f1ab343a06..0cfd7f5c39 * src/testing: https://chromium.googlesource.com/chromium/src/testing/+log/81ba8e08f4..6084f9bd41 * src/third_party/boringssl/src: https://boringssl.googlesource.com/boringssl.git/+log/8e75ae4880..69271b5d4f * src/third_party/catapult: https://chromium.googlesource.com/catapult.git/+log/195c52dc70..a67f1510e7 * src/third_party/depot_tools: https://chromium.googlesource.com/chromium/tools/depot_tools.git/+log/d1de725e0b..babd098f36 * src/third_party/freetype/src: https://chromium.googlesource.com/chromium/src/third_party/freetype2.git/+log/2157d8fa6f..9e345c9117 * src/tools: https://chromium.googlesource.com/chromium/src/tools/+log/9d42b89d62..1975b1c78c DEPS diff: https://chromium.googlesource.com/chromium/src/+/f7f609d28c..3dc058abd9/DEPS No update to Clang. TBR=buildbot@webrtc.org, BUG=None CQ_INCLUDE_TRYBOTS=master.internal.tryserver.corp.webrtc:linux_internal Change-Id: I26b88ce0de10327c11ad416ab0dbd192b6993970 Reviewed-on: https://webrtc-review.googlesource.com/76511 Commit-Queue: WebRTC Buildbot Reviewed-by: WebRTC Buildbot Cr-Commit-Position: refs/heads/master@{#23222} --- DEPS | 22 +- third_party/boringssl/BUILD.generated.gni | 2 + third_party/boringssl/crypto_test_data.cc | 79 +- third_party/boringssl/err_data.c | 1240 ++++++----- .../ios-arm/crypto/fipsmodule/armv4-mont.S | 15 +- .../linux-arm/crypto/fipsmodule/armv4-mont.S | 15 +- .../linux-x86/crypto/fipsmodule/x86-mont.S | 16 +- .../crypto/fipsmodule/p256-x86_64-asm.S | 1914 ++++++++++++++++ .../crypto/fipsmodule/rsaz-avx2.S | 5 + .../crypto/fipsmodule/x86_64-mont.S | 454 +++- .../crypto/fipsmodule/x86_64-mont5.S | 1380 +++++++++++- .../mac-x86/crypto/fipsmodule/x86-mont.S | 16 +- .../crypto/fipsmodule/p256-x86_64-asm.S | 1884 ++++++++++++++++ .../mac-x86_64/crypto/fipsmodule/rsaz-avx2.S | 5 + .../crypto/fipsmodule/x86_64-mont.S | 453 +++- .../crypto/fipsmodule/x86_64-mont5.S | 1380 +++++++++++- .../win-x86/crypto/fipsmodule/x86-mont.asm | 16 +- .../crypto/fipsmodule/p256-x86_64-asm.asm | 1982 +++++++++++++++++ .../crypto/fipsmodule/rsaz-avx2.asm | 5 + .../crypto/fipsmodule/x86_64-mont.asm | 475 +++- .../crypto/fipsmodule/x86_64-mont5.asm | 1424 +++++++++++- .../externs/file_manager_private.js | 4 +- third_party/freetype/README.chromium | 4 +- third_party/freetype/roll-freetype.sh | 5 +- 24 files changed, 11962 insertions(+), 833 deletions(-) diff --git a/DEPS b/DEPS index 08ac7f0b73..e0bdac6635 100644 --- a/DEPS +++ b/DEPS @@ -10,7 +10,7 @@ vars = { 'checkout_configuration': 'default', 'checkout_instrumented_libraries': 'checkout_linux and checkout_configuration == "default"', 'webrtc_git': 'https://webrtc.googlesource.com', - 'chromium_revision': 'f7f609d28c4d78e68712a710c66e9e4d45eef1fe', + 'chromium_revision': '3dc058abd908f38f596616fda596cbf8ded48338', 'boringssl_git': 'https://boringssl.googlesource.com', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling swarming_client @@ -19,7 +19,7 @@ vars = { # Three lines of non-changing comments so that # the commit queue can handle CLs rolling BoringSSL # and whatever else without interference from each other. - 'boringssl_revision': '8e75ae488047c519f14f2c08b02a55bf7712fa1d', + 'boringssl_revision': '69271b5d4fed328eb61b86b013937ce22549fee5', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling lss # and whatever else without interference from each other. @@ -27,7 +27,7 @@ vars = { # Three lines of non-changing comments so that # the commit queue can handle CLs rolling catapult # and whatever else without interference from each other. - 'catapult_revision': '195c52dc7098d106a56b89fb84184720a1941e28', + 'catapult_revision': 'a67f1510e710d44d18eeeb07bb66fed6f1d0f360', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling libFuzzer # and whatever else without interference from each other. @@ -35,7 +35,7 @@ vars = { # Three lines of non-changing comments so that # the commit queue can handle CLs rolling freetype # and whatever else without interference from each other. - 'freetype_revision': '2157d8fa6f7e12063ca166476ed2223d24234db7', + 'freetype_revision': '9e345c911714ed62250be13d03d72e25d91fbc77', # Three lines of non-changing comments so that # the commit queue can handle CLs rolling HarfBuzz # and whatever else without interference from each other. @@ -43,15 +43,15 @@ vars = { # Three lines of non-changing comments so that # the commit queue can handle CLs rolling Chromium third_party # and whatever else without interference from each other. - 'chromium_third_party_revision': '70ec6906a5480c5dee38e293a8d148beff7cc9e0', + 'chromium_third_party_revision': '257f2e30a34aa982756752e39d7eac95eded7782', } deps = { # TODO(kjellander): Move this to be Android-only once the libevent dependency # in base/third_party/libevent is solved. 'src/base': - Var('chromium_git') + '/chromium/src/base' + '@' + 'deb9ad01806013c66b37c0d519f88d079a08536a', + Var('chromium_git') + '/chromium/src/base' + '@' + '2711aa7a2673990d8304babdad7b772e3f5e05bf', 'src/build': - Var('chromium_git') + '/chromium/src/build' + '@' + '27de0fa05efe2019fd41b0dc4f5dce526f2cab7d', + Var('chromium_git') + '/chromium/src/build' + '@' + 'c5b7918c1b701a7625cd162251d1c90b05f9a369', 'src/buildtools': Var('chromium_git') + '/chromium/buildtools.git' + '@' + 'a9e946f166b73f9dc170129f6586a1e68efb0ab3', # Gradle 4.3-rc4. Used for testing Android Studio project generation for WebRTC. @@ -61,11 +61,11 @@ deps = { 'condition': 'checkout_android', }, 'src/ios': { - 'url': Var('chromium_git') + '/chromium/src/ios' + '@' + 'f1ab343a062b963a5d3e1f33a9bc0c8cb68c2221', + 'url': Var('chromium_git') + '/chromium/src/ios' + '@' + '0cfd7f5c396a0a9f6eb0ab666ad62cd41e4310a3', 'condition': 'checkout_ios', }, 'src/testing': - Var('chromium_git') + '/chromium/src/testing' + '@' + '81ba8e08f43b55ecf9a08375da6eb52dbde3cfdb', + Var('chromium_git') + '/chromium/src/testing' + '@' + '6084f9bd41abf8e9920798bcf9a266e494d96cd6', # This entry is used for chromium third_party rolling into webrtc third_party only. 'src/third_party_chromium': { 'url': Var('chromium_git') + '/chromium/src/third_party' + '@' + Var('chromium_third_party_revision'), @@ -94,7 +94,7 @@ deps = { 'src/third_party/colorama/src': Var('chromium_git') + '/external/colorama.git' + '@' + '799604a1041e9b3bc5d2789ecbd7e8db2e18e6b8', 'src/third_party/depot_tools': - Var('chromium_git') + '/chromium/tools/depot_tools.git' + '@' + 'd1de725e0b53f5f0bb331471e5673aee0e72a5b7', + Var('chromium_git') + '/chromium/tools/depot_tools.git' + '@' + 'babd098f3684f1bc965a0f72f96cb701eec91e52', 'src/third_party/errorprone/lib': { 'url': Var('chromium_git') + '/chromium/third_party/errorprone.git' + '@' + '980d49e839aa4984015efed34b0134d4b2c9b6d7', 'condition': 'checkout_android', @@ -175,7 +175,7 @@ deps = { 'src/third_party/yasm/source/patched-yasm': Var('chromium_git') + '/chromium/deps/yasm/patched-yasm.git' + '@' + 'b98114e18d8b9b84586b10d24353ab8616d4c5fc', 'src/tools': - Var('chromium_git') + '/chromium/src/tools' + '@' + '9d42b89d6236832b511fef61e04097be0b3230a8', + Var('chromium_git') + '/chromium/src/tools' + '@' + '1975b1c78c7a502d0403840feff30a44371a5125', 'src/tools/gyp': Var('chromium_git') + '/external/gyp.git' + '@' + 'd61a9397e668fa9843c4aa7da9e79460fe590bfb', 'src/tools/swarming_client': diff --git a/third_party/boringssl/BUILD.generated.gni b/third_party/boringssl/BUILD.generated.gni index 000348962d..64551fccc0 100644 --- a/third_party/boringssl/BUILD.generated.gni +++ b/third_party/boringssl/BUILD.generated.gni @@ -57,6 +57,7 @@ crypto_sources = [ "src/crypto/bytestring/cbb.c", "src/crypto/bytestring/cbs.c", "src/crypto/bytestring/internal.h", + "src/crypto/bytestring/unicode.c", "src/crypto/chacha/chacha.c", "src/crypto/cipher_extra/cipher_extra.c", "src/crypto/cipher_extra/derive_key.c", @@ -290,6 +291,7 @@ crypto_headers = [ "src/include/openssl/dh.h", "src/include/openssl/digest.h", "src/include/openssl/dsa.h", + "src/include/openssl/e_os2.h", "src/include/openssl/ec.h", "src/include/openssl/ec_key.h", "src/include/openssl/ecdh.h", diff --git a/third_party/boringssl/crypto_test_data.cc b/third_party/boringssl/crypto_test_data.cc index f19576e06c..09bf203196 100644 --- a/third_party/boringssl/crypto_test_data.cc +++ b/third_party/boringssl/crypto_test_data.cc @@ -67,21 +67,22 @@ * crypto/x509/some_names1.pem \ * crypto/x509/some_names2.pem \ * crypto/x509/some_names3.pem \ - * third_party/wycheproof/aes_cbc_pkcs5_test.txt \ - * third_party/wycheproof/aes_gcm_siv_test.txt \ - * third_party/wycheproof/aes_gcm_test.txt \ - * third_party/wycheproof/chacha20_poly1305_test.txt \ - * third_party/wycheproof/dsa_test.txt \ - * third_party/wycheproof/ecdh_test.txt \ - * third_party/wycheproof/ecdsa_secp224r1_sha224_test.txt \ - * third_party/wycheproof/ecdsa_secp224r1_sha256_test.txt \ - * third_party/wycheproof/ecdsa_secp256r1_sha256_test.txt \ - * third_party/wycheproof/ecdsa_secp384r1_sha384_test.txt \ - * third_party/wycheproof/ecdsa_secp384r1_sha512_test.txt \ - * third_party/wycheproof/ecdsa_secp521r1_sha512_test.txt \ - * third_party/wycheproof/eddsa_test.txt \ - * third_party/wycheproof/rsa_signature_test.txt \ - * third_party/wycheproof/x25519_test.txt */ + * third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt \ + * third_party/wycheproof_testvectors/aes_gcm_siv_test.txt \ + * third_party/wycheproof_testvectors/aes_gcm_test.txt \ + * third_party/wycheproof_testvectors/chacha20_poly1305_test.txt \ + * third_party/wycheproof_testvectors/dsa_test.txt \ + * third_party/wycheproof_testvectors/ecdh_test.txt \ + * third_party/wycheproof_testvectors/ecdsa_secp224r1_sha224_test.txt \ + * third_party/wycheproof_testvectors/ecdsa_secp224r1_sha256_test.txt \ + * third_party/wycheproof_testvectors/ecdsa_secp256r1_sha256_test.txt \ + * third_party/wycheproof_testvectors/ecdsa_secp384r1_sha384_test.txt \ + * third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt \ + * third_party/wycheproof_testvectors/ecdsa_secp521r1_sha512_test.txt \ + * third_party/wycheproof_testvectors/eddsa_test.txt \ + * third_party/wycheproof_testvectors/kw_test.txt \ + * third_party/wycheproof_testvectors/rsa_signature_test.txt \ + * third_party/wycheproof_testvectors/x25519_test.txt */ /* clang-format off */ @@ -3019,6 +3020,15 @@ static const char *kData65[] = { static const size_t kLen65 = 33154; static const char *kData66[] = { + "# Imported from Wycheproof's kw_test.json.\n# This file is generated by convert_wycheproof.go. Do not edit by hand.\n#\n# Algorithm: KW\n# Generator version: 0.4.2\n\n[keySize = 128]\n\n# tcId = 1\nct = 9de453ced5d4ab46a5601708eeefefb5e593e6ae8e86b26b\nkey = 6f67486d1e914419cb43c28509c7c1ea\nmsg = 8dc0632d92ee0be4f740028410b08270\nresult = valid\n\n# tcId = 2\nct = 8c3aba85cc0ae1ae10b36658b068f595baf8caafb745ef3c\nkey = a0b17172bb296db7f5c869e9a36b5ce3\nmsg = 615dd022d607c910f20178cbdf42060f\nresult = valid\n\n# tcId = 3\nct = 1de093654826f18fcd0f3fd499416ff22ed75ee12fe0b624\nkey = 0e49d571c19b5250effd41d94bde39d6\nmsg = f25e4de8caca363fd5f29442eb147b55\nresult = valid\n\n# tcId = 4\n# wrapped key is longer than wrapping key\nct = 9c3ddc23827b7b3c13105f9e8b11523baccdfb6c8b7e7825496e7a840bd32aec\nkey = e0e12959109103e30ae8b5684a22e662\nmsg = dbb0f2bb2be912a20430972d9842ce3fd3b928e573e1ac8e\nresult = acceptable\n\n# tcId = 5\n# wrapped key is longer than wrapping key\nct = afb744aaf746dcc0b57f8b378c404cbe877f44cf3d45140d60814eda3f541f01\nkey = dd583d9f1059861430ec8b5d8a180e9b\nmsg = f2e34f356362a31b51d6e02bcd333c9e6170494ca5ff5487\nresult = acceptable\n\n# tcId = 6\n# wrapped key is longer than wrapping key\nct = cff98cd64cb51ab99b81aee82cee4274d0df3e1b6a4943d39236ea989846d0cc\nkey = faf5ccfae42b43cee2c5f0f3177a7c5d\nmsg = 4e02084833660c463830483b36dab866c64c8cf7429cac3d\nresult = acceptable\n\n# tcId = 7\n# wrapped key is longer than wrapping key\nct = 58dcfb0e7ec4d3bc8003418d865fbd520c6b24b2bde35b1be5b1c5ff32a130f33d035e5932616083\nkey = c2b9d23f2831ddcdeb456853d4014db9\nmsg = f4cfea98e58b939cc859554385cf3a6c7f8217f728efb431c964786de8274907\nresult = acceptable\n\n# tcId = 8\n# wrapped key is longer than wrapping key\nct = 4ee47bd68d418586c447a39111e2ec1502ff0f1726ea91c5d97370409d89b8e66e889b638ac40ced\nkey = 620a08f320cdedbf7ae551add348d95e\nmsg = cec34eaf8e67e1ce619ddfc309531c42f16033a7e2cbc4f5eb3a548164e9b291\nresult = acceptable\n\n# tcId = 9\n# wrapped key is longer than wrapping key\nct = d3b093fd822ce454ebc251c6f21fa71c3858ee7e623ecbfbbf887398a30b40c55d0565c7a15e4015\nkey = ed089ac274f8c7cea2415671a94b5e53\nmsg = 6065e41df14daeeefacac5daeb7674cdc9c1f686013b797153e80ef215893299\nresult = acceptable\n\n# tcId = 10\n# Round counter overflows 256\nct = 222deadde6efb760cae42fa188310e0c07e7d557529766444a9efb330907d42f0dd8f3d17b3a38bf40d68c095a9cce19daf907bf2c92f1e59b18b277ff0397fc50f45f582db936aa8afb943de01b58abfdc81daef4e038c99e4c1eb3ee447464bb8f89a4ea81e56556cc26c72883c06a7fe850d04347d68bbadc4a06775030676db8cc34aeb07e39c7f059c2bff76a7f2baf076749004ef7189f887f89029f88c5c1d0f5ee62320b423048e2ad8186e63be23c553f5576a40d967e8b527ccd783c41abc64bea1aec8a76deb3e9c9a6656756e1dac38bd25ff008888a5591af763fd73f5addd749794817070990484654a46ef442adaeacab14d12daaf87bcb91661a21593717d9b93529d813ea5fc812d708c0d8e9b68122d9f5e6267cde363780a45d07e4caa5bf14f2334f25b9d177632bb80a82894aa47b6f360b2da1138dedd4331f077c900554c7a68b5d154980bb3517ac20a78a51f6f21e42b2c4c960d31cbd22bd610819182c5e456ba7d7e903f5e60f6e0c4cc014feb4f81973ce48ad6f4dab8da51eb7\nkey = 31cacbb17d6dbbecae40727c5048fe0c\nmsg = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nresult = acceptable\n\n# tcId = 11\n# empty keys cannot be wrapped\nct = a6a6a6a6a6a6a6a6\nkey = 574957151fc2afe0fa3dc7a9a7da6495\nmsg = \nresult = invalid\n\n# tcId = 12\n# keys of size 8 byte cannot be wrapped\nct = dc26fb6911d71971df0356d6bb9ed6e6\nkey = 574957151fc2afe0fa3dc7a9a7da6495\nmsg = 0001020304050607\nresult = invalid\n\n# tcId = 13\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495\nmsg = 00\nresult = invalid\n\n# tcId = 14\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495\nmsg = 0001\nresult = invalid\n\n# tcId = 15\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495\nmsg = 000102\nresult = invalid\n\n# tcId = 16\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495\nmsg = 00010203\nresult = invalid\n\n# tcId = 17\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495\nmsg = 0001020304\nresult = invalid\n\n# tcId = 18\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495\nmsg = 000102030405\nresult = invalid\n\n# tcId = 19\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495\nmsg = 00010203040506\nresult = invalid\n\n# tcId = 20\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495\nmsg = 000102030405060708090a0b0c0d0e0f10111213\nresult = invalid\n\n# tcId = 21\n# invalid size of wrapped key\nct = \nkey = fe60fc8df7d9f4ebb5416ca4e82182f7\nmsg = \nresult = invalid\n\n# tcId = 22\n# invalid size of wrapped key\nct = 9f\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7\nmsg = \nresult = invalid\n\n# tcId = 23\n# invalid size of wrapped key\nct = dc9e9580\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7\nmsg = \nresult = invalid\n\n# tcId = 24\n# invalid size of wrapped key\nct = b9b282d138693000\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7\nmsg = \nresult = invalid\n\n# tcId = 25\n# invalid size of wrapped key\nct = 0efc635b2d61e244056b9d4591ca6b\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7\nmsg = \nresult = invalid\n\n# tcId = 26\n# invalid size of wrapped key\nct = 4a305dae087b0d24d62af41831338f33ae\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7\nmsg = \nresult = invalid\n\n# tcId = 27\n# invalid size of wrapped key\nct = 82cb927097cf31ea4affea440b0d8ca6a240b900\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7\nmsg = \nresult = invalid\n\n# tcId = 28\n# bytes appended to wrapped key\nct = 9790ab51fbcb850df6764e011ae97c85785bed2633aea66500\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7\nmsg = 000102030405060708090a0b0c0d0e0f\nresult = invalid\n\n# tcId = 29\n# Incorrect IV\nct = 0aac329ccd513edbdd6367df67999eaac9e7b51984c4d38d\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 30\n# Incorrect IV\nct = 5a55dc429749ca49bb4ab01d966b19ea9a9e1402e6ab2962\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 31\n# Incorrect IV\nct = 45f533f6072f640eb7e1e512d56072085567f4ad6012a97a\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 32\n# Incorrect IV\nct = 84f284565df47c409107f7a0a71bc370a8ed4489d414b9e9\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 33\n# Incorrect IV\nct = 3941c366554fc896e9fe52f02493ca03d439eb17c236146d\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 34\n# Incorrect IV\nct = 45c9d42363d981d086a972728e130a42f5dd90bda562a85a\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 35\n# Incorrect IV\nct = 037d17859519d6c0728a9eb6e64113e86919decabd3bbb88\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 36\n# Incorrect IV\nct = 1ad10af7f6c042b267a0c7bc4d25d27c003deb50e2cc566a\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 37\n# Incorrect IV\nct = 630c571b7fb8647ac5360a255f9f5d3645795ac45285cbaa\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 38\n# Incorrect IV\nct = 16db553e467d4029d0fea62b2c440e5df6c6591f0497a99d\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 39\n# Incorrect IV\nct = 097991090a156047d4784b757f262e12ce57e13a3d5d286", + "c\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 40\n# Incorrect IV\nct = 3957c338b750a3285eb7b65c9cfe77053dd7d8149f42caa1\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 41\n# RFC 3394\nct = 1fa68b0a8112b447aef34bd8fb5a7b829d3e862371d2cfe5\nkey = 000102030405060708090a0b0c0d0e0f\nmsg = 00112233445566778899aabbccddeeff\nresult = valid\n\n[keySize = 192]\n\n# tcId = 42\nct = 00be1caddfd5ad7697877017795f9cee4bce5a61687a6126\nkey = f75a2f49a630c7dc91626b00ce029f0bd2981d7c74a93ebe\nmsg = 9adbc00c710b1101bdf6a4ed65b32d72\nresult = valid\n\n# tcId = 43\nct = 54e7f278b5a1fb4c31a0d79ac1f615edd910bf22015a0668\nkey = b713f6b7814f98894d7b153974684359f1460213eb74be68\nmsg = 78585f0c49922e82caf17ebc3721b4db\nresult = valid\n\n# tcId = 44\nct = 510455bd9c078ac1f07bb3752cbd04e421b0dd635190fa62\nkey = 13ecf423211caa334ba6db37259a535c20de8ad10fc8c432\nmsg = 4fc75d0f221e22408a37e11265d49a05\nresult = valid\n\n# tcId = 45\nct = 880da5b410f913ad72cc93f46344f1152165bdea14664fd2d3afbd87b8cc5cfd\nkey = 4417fbbea51bdd91818d74051957dd70e135c5cf3732bdf1\nmsg = f5357da9f8fd4a1190f36e9fa09a90fcf14d87d62332f1a5\nresult = valid\n\n# tcId = 46\nct = 27654cf6a63d6004ae83da54c2e5d7b5fad20878f350087ddd17ac44a2be868f\nkey = b3f26d8a22fdd61f709841231fbde695b3f28dddced6d41e\nmsg = 0d0af955d2e3829cc3d643219b301e64e0510dfbc428119a\nresult = valid\n\n# tcId = 47\nct = ad7ca66ad4664f43e4dd09296a6e6f02d5af4408f225c0abeb0d9b76c8d1e982\nkey = f70cfb262c729a18206c8afd74356ec7e049d10b44a6e000\nmsg = 241cedfa64c4e7bec541a2eb4c368269e0f0ddebc58267ea\nresult = valid\n\n# tcId = 48\n# wrapped key is longer than wrapping key\nct = e245c90a6b46caece94f47117d608331958c8f75f531ebcdc902c0213d9105f2155af07daa62d132\nkey = 1639f9f81e53e2eeb677a249e5eced3af108971301601a7b\nmsg = ec3c6a1f1a9585327fe658490c74635e5300876da5846a629398984fb551d691\nresult = acceptable\n\n# tcId = 49\n# wrapped key is longer than wrapping key\nct = 8a32b9f207ae5aaedb7e8a0d945107412c1bd06999bc5ac83c1f958dfb77ebdcf9d98c60dbd4650a\nkey = 1f22d5658aa685b8ba8659dc342880d5b2399e6a815005b0\nmsg = 50be4c1b2f29a63f44d7fc63737f600f0194ea3fb36e173d2ddd19f218656380\nresult = acceptable\n\n# tcId = 50\n# wrapped key is longer than wrapping key\nct = 4a5842b10d2db96ea1039ef4785ce722555b3751a9b6dd39126ad363378c72320d83ea7adb81615a\nkey = 3a2f4aa50441954bba5a1836294ce071f9296b23dbed6771\nmsg = 65da02ff21b483a1e39575490b4319e84ae0299f1f00b3859fbe2e74b3ec2aaf\nresult = acceptable\n\n# tcId = 51\n# Round counter overflows 256\nct = e2192598e6124f2791b2751f930958435bb1d02e98aa1e09781bba0b159435db659fa73fa310111704692c68e16ddf4be06022c52fe9dba6279aad1aeb814125d0ddf33f31e58e625af32305050cfea390d8782d32caac558889ca8e641908208da6976542b40dbd090178e2a6812a436c18a5e891ac8083176ace1ddfee4d382856a59c80c643ecd5c1ab68c66b2b8984ce6e0e386f6554a9cb91d363bb4accf028878ec20b8b2e37214f7b12dbcd78fb38f711a90fe262c78491b9058354e27b34fc92ef0d7028594cb08259f86b54cb1d317ec55f2ef2ab7e8b141671f8bcb1a90bb7d82bc8cb4fb02c9ce430ef4ae0dc847e91e7d4fb463eb9dd87fc9dc9568f3a4ef504d74c134dcb60ca01b36ce10cb467268ea297c0518a50d12cc025cfeea1381ddd7dd63e4ac94890a0eae9dbd8db244625a3c8af2e1aff6a8112c4d3d98e8263588ee1dd9063b709b8ec00474c4ea413a802b8cde814e7b3731410809ed000060fb7b9b0bf8509ef17515f333e868b188ea16445f380b3a7d42774f6456cdf724246fa\nkey = 31cacbb17d6dbbecae40727c5048fe0c01bc53b23ab63502\nmsg = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nresult = acceptable\n\n# tcId = 52\n# empty keys cannot be wrapped\nct = a6a6a6a6a6a6a6a6\nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76\nmsg = \nresult = invalid\n\n# tcId = 53\n# keys of size 8 byte cannot be wrapped\nct = 38d8238cdb0d9a2da28d6d56194f2e78\nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76\nmsg = 0001020304050607\nresult = invalid\n\n# tcId = 54\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76\nmsg = 00\nresult = invalid\n\n# tcId = 55\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76\nmsg = 0001\nresult = invalid\n\n# tcId = 56\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76\nmsg = 000102\nresult = invalid\n\n# tcId = 57\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76\nmsg = 00010203\nresult = invalid\n\n# tcId = 58\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76\nmsg = 0001020304\nresult = invalid\n\n# tcId = 59\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76\nmsg = 000102030405\nresult = invalid\n\n# tcId = 60\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76\nmsg = 00010203040506\nresult = invalid\n\n# tcId = 61\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76\nmsg = 000102030405060708090a0b0c0d0e0f10111213\nresult = invalid\n\n# tcId = 62\n# invalid size of wrapped key\nct = \nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd97\nmsg = \nresult = invalid\n\n# tcId = 63\n# invalid size of wrapped key\nct = 9f\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd97\nmsg = \nresult = invalid\n\n# tcId = 64\n# invalid size of wrapped key\nct = dc9e9580\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd97\nmsg = \nresult = invalid\n\n# tcId = 65\n# invalid size of wrapped key\nct = b9b282d138693000\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd97\nmsg = \nresult = invalid\n\n# tcId = 66\n# invalid size of wrapped key\nct = 0efc635b2d61e244056b9d4591ca6b\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd97\nmsg = \nresult = invalid\n\n# tcId = 67\n# invalid size of wrapped key\nct = 4a305dae087b0d24d62af41831338f33ae\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd97\nmsg = \nresult = invalid\n\n# tcId = 68\n# invalid size of wrapped key\nct = 82cb927097cf31ea4affea440b0d8ca6a240b900\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd97\nmsg = \nresult = invalid\n\n# tcId = 69\n# bytes appended to wrapped key\nct = 55dfb2f7e0c1ea04fead897c451c0505921dc47f308c491700\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd97\nmsg = 000102030405060708090a0b0c0d0e0f\nresult = invalid\n\n# tcId = 70\n# Incorrect IV\nct = 9b1593fd7d4fe25a660bbc1976ea4ab68bcc53f848a8eb9d\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 71\n# Incorrect IV\nct = e7edb847fa91e2deded726edf3ab93da91151697425fee28\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 72\n# Incorrect IV\nct = 1b51a7c033c1efb5ee2994259c40f03bb57d8cc09e507e6e\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 73\n# Incorrect IV\nct = c40b614a5062f5fd049c5379b3e8141614c2da97893589fb\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 74\n# Incorrect IV\nct = d7575ef02df54b3086eb49035eeafbce0e08336e89b35ab0\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 75\n# Incorrect IV\nct = 0d617f1c12485a35917d2a941e949d2fdbf03a346889b850\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 76\n# Incorrect IV\nct = c7df34729174db2e83ee16c6de74d5eb9766715fad049b40\nkey = 4f7", + "10eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 77\n# Incorrect IV\nct = c3ed38d6f9ccb9bf3c56bb3176f00d3ce9887521f8d4c70b\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 78\n# Incorrect IV\nct = 6582b5f4652744b0537e97e7cdae0f443130140dbaea604c\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 79\n# Incorrect IV\nct = fc9b9bdf25f2b48ad79934c8d34897cdbf4c846f8cb4b11d\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 80\n# Incorrect IV\nct = fc23c7f4fe20aa81105efc1a7105a5316b23399ac792c824\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 81\n# Incorrect IV\nct = 37b4a261b96bcec9cc93eef5b2fbbbe84634f978c5893dda\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 82\n# Incorrect IV\nct = 1831109847d17d010bfcd93fb46f3150cdafd52733db74c221b034fe8e1552c0\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 83\n# Incorrect IV\nct = 2b2b89c3c6b2db4903877ad4622ca33f3a3cb7e6701d1340e6afc0fdab7dbd72\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 84\n# Incorrect IV\nct = 3c6903f37da57161af6706050a2ed747cd55344d869189fd49d2536ff948129d\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 85\n# Incorrect IV\nct = 8a8dc8b131c6b968b60c1dd819a655392d1a96d6cafa48e30fb1146f096229c6\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 86\n# Incorrect IV\nct = 303e0b3602d514a7d52edba3306d7383e8999e7c652a510335a8949efb42eb66\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 87\n# Incorrect IV\nct = 319befbf2ddbb475723fb2fa30f2ae7fc1ceb1e6f361715eca7209608873c7fc\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 88\n# Incorrect IV\nct = 9b3e440341c5da131559959db6b3553a534691162f4f009327bf2c21d6fe5ada\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 89\n# Incorrect IV\nct = eba6cc0959e6a56339b141629840add80f4565656dc687a3b996960c994dfd26\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 90\n# Incorrect IV\nct = b703b6cf4587709353c7e4004d3da61ce5f5deaf7163ca9d6158dde919e0ac34\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 91\n# Incorrect IV\nct = 72549d52d6f4ff912d833c74136d90634ce8afa4f84412bbee8074084d4cecff\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 92\n# Incorrect IV\nct = 1337c8bd6c8a5dd43aba8d298864ffe76ad6ea909f3488157a15e6c46acf2214\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 93\n# Incorrect IV\nct = 4aaffaca5fe85814d040aa2a306ba4d1d44746cfe46c978aa057b53fd25316c1\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 94\n# RFC 3394\nct = 96778b25ae6ca435f92b5b97c050aed2468ab8a17ad84e5d\nkey = 000102030405060708090a0b0c0d0e0f1011121314151617\nmsg = 00112233445566778899aabbccddeeff\nresult = valid\n\n# tcId = 95\n# RFC 3394\nct = 031d33264e15d33268f24ec260743edce1c6c7ddee725a936ba814915c6762d2\nkey = 000102030405060708090a0b0c0d0e0f1011121314151617\nmsg = 00112233445566778899aabbccddeeff0001020304050607\nresult = valid\n\n[keySize = 256]\n\n# tcId = 96\nct = 940b1c580e0c7233a791b0f192438d2eace14214cee455b7\nkey = fce0429c610658ef8e7cfb0154c51de2239a8a317f5af5b6714f985fb5c4d75c\nmsg = 287326b5ed0078e7ca0164d748f667e7\nresult = valid\n\n# tcId = 97\nct = 939b3389336fea4a9751bf014ef18011323090e8a0500bc4\nkey = 0dda6da5123e2c37c6fa16ba0d334cd01acd652f8994211751dfab4faac2fc22\nmsg = b40b6828729b456322a8d065abc0d081\nresult = valid\n\n# tcId = 98\nct = 59ee8e5198861237f682edec6ba906526c016d4d935942bd\nkey = d6925914cd06308f81ad91e23073593d99d4e50351b20eb2a8d1a1ac4ced6588\nmsg = 037b27b3dc95b19d15bd4091e320bfe1\nresult = valid\n\n# tcId = 99\nct = 1ab53a065d8f776a08b33e51383071b6f154612116655137bd3b7ec29b70fd56\nkey = 07518a82cbc8da1dcec55f3763a206d277487abd03cedd0b8bef9ee2fb157121\nmsg = faa4664d79fce3c7d2fdd462f6c1c423c2f8e6b69be2e071\nresult = valid\n\n# tcId = 100\nct = a1bf8e73e3fa1db759f0ab2ab0b1ca6f2c85b63d83e25f7a0b5293d0a216a2b7\nkey = ea46991d4e71f53dd624e7fe7fde11944a7c5942d232369b8065d42b8cd2dde1\nmsg = dffc5cf1dd5411d015d84601fa38df5effe885c7f26a4825\nresult = valid\n\n# tcId = 101\nct = 27308a0e1a6c0a1d15d6174ab7d68675207b615df16fcf7a3c69b25f551cca9f\nkey = fdcfa902c6f222f527af84da533b14b52e2615da3a89d1d35708b0cd49f60d87\nmsg = 966b07047354966a703e79607b556032f4f596b7f9206f05\nresult = valid\n\n# tcId = 102\nct = 7155ee932b0358d98182a23f7f427c774ab340a4757d0b6a63facd3de90578438cf03201c3f88057\nkey = 38e1b1d075d9d852b9a6c01c8ff6965af01bac457a4e339ae3e1d7b2ffacc0cd\nmsg = 80ad6820f1c90981e2ca42b817a345c1179d0a11d8e23a8adc0505e13d87295a\nresult = valid\n\n# tcId = 103\nct = f20b9b553bc0847529f8d4379fa909211e68249bd429f436c615c4c4a5d9f1a1968f0b89c5237b30\nkey = c641f1689d81caa8ba37d895272240664054ed974cfffc40e6c5c0cad1b916c7\nmsg = 3fd0ba19955e46749f54d88e99d080b7339d588fe612ec0f4021ca3ca2104270\nresult = valid\n\n# tcId = 104\nct = 2811716854a214aecdd318c6670b9b2a7511713c9a0c0fa805230ff05cf84af795dd72f6c1a44512\nkey = aa0ab9d68ed4a04e723f81b44c0c88d0bcde7a80cfd476eb4b8836d9aa01ec4c\nmsg = 57faa8766f6d6a0aa1cf643f857c150df5b31303b50af480e21c4b5e8c8a15d5\nresult = valid\n\n# tcId = 105\n# Round counter overflows 256\nct = 5322bc62bd8379abbb75f69688b8f00e31962b8f9ae1e89771952d8a2a749e1352ec33b5435a674271b314760ab9f753b16726185ec7d319ac60531355344c1d53c7903000a8039eb40f70564a0ad3f41b2355ea5dfa6a1d46392f1d106a5da569bfb0493bf7c12dff04bafeae377df4bb47cd440b6f60fbab2a54a98551b76273e02cac8d7be9f2343d3abb2a23af1c91a7011c67a7907260116b67d510aabe5c7ca46c1c20f77106c45966583b3e4ed799a47ee19bb4223209265c2b1ac8183a678ff43bc9a3470a50b9ee4d10f60674268d72c68be003a0d9dd6849aba836fe8a1792b81c90e12945bfe1f27a9c6b2af66a063cdb7721a7f23fb30afdbd8b18db377dd1697f157be81c1578d08b066c71b0c5ca7feecac1cdd938cf9ad525f74844660908194b28e54eddb158f6e4c921b811d90db71a92ff872db2250dcc3f847fc752b66d77e33c85084d3fa53b4f30503d2a06e6cabb9033d59fc1dc15e32f19846a039b91597b0ba3141a7d9717630062170117b2131dab77406e9ed7d66b2c754d849c60\nkey = 31cacbb17d6dbbecae40727c5048fe0c01bc53b23ab635025cbac1ecf52ca495\nmsg = 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\nresult = acceptable\n\n# tcId = 106\n# empty keys cannot be wrapped\nct = a6a6a6a6a6a6a6a6\nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76a51aac96038ad692\nmsg = \nresult = invalid\n\n# tcId = 107\n# keys of size 8 byte cannot be wrapped\nct = 181ba6a3a4392469e3de98ddbbdd2432\nkey = 574957151fc2afe0fa3dc", + "7a9a7da6495398f18ea0d8eed76a51aac96038ad692\nmsg = 0001020304050607\nresult = invalid\n\n# tcId = 108\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76a51aac96038ad692\nmsg = 00\nresult = invalid\n\n# tcId = 109\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76a51aac96038ad692\nmsg = 0001\nresult = invalid\n\n# tcId = 110\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76a51aac96038ad692\nmsg = 000102\nresult = invalid\n\n# tcId = 111\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76a51aac96038ad692\nmsg = 00010203\nresult = invalid\n\n# tcId = 112\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76a51aac96038ad692\nmsg = 0001020304\nresult = invalid\n\n# tcId = 113\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76a51aac96038ad692\nmsg = 000102030405\nresult = invalid\n\n# tcId = 114\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76a51aac96038ad692\nmsg = 00010203040506\nresult = invalid\n\n# tcId = 115\n# wrapped key size must be divisible by 8\nct = \nkey = 574957151fc2afe0fa3dc7a9a7da6495398f18ea0d8eed76a51aac96038ad692\nmsg = 000102030405060708090a0b0c0d0e0f10111213\nresult = invalid\n\n# tcId = 116\n# invalid size of wrapped key\nct = \nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd978e3bd2defc1c10d7\nmsg = \nresult = invalid\n\n# tcId = 117\n# invalid size of wrapped key\nct = 9f\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd978e3bd2defc1c10d7\nmsg = \nresult = invalid\n\n# tcId = 118\n# invalid size of wrapped key\nct = dc9e9580\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd978e3bd2defc1c10d7\nmsg = \nresult = invalid\n\n# tcId = 119\n# invalid size of wrapped key\nct = b9b282d138693000\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd978e3bd2defc1c10d7\nmsg = \nresult = invalid\n\n# tcId = 120\n# invalid size of wrapped key\nct = 0efc635b2d61e244056b9d4591ca6b\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd978e3bd2defc1c10d7\nmsg = \nresult = invalid\n\n# tcId = 121\n# invalid size of wrapped key\nct = 4a305dae087b0d24d62af41831338f33ae\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd978e3bd2defc1c10d7\nmsg = \nresult = invalid\n\n# tcId = 122\n# invalid size of wrapped key\nct = 82cb927097cf31ea4affea440b0d8ca6a240b900\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd978e3bd2defc1c10d7\nmsg = \nresult = invalid\n\n# tcId = 123\n# bytes appended to wrapped key\nct = 7dfbd7cf6158d75bb5900b3bf1e3871003402a6508b1912800\nkey = fe60fc8df7d9f4ebb5416ca4e82182f7e9923a746110fd978e3bd2defc1c10d7\nmsg = 000102030405060708090a0b0c0d0e0f\nresult = invalid\n\n# tcId = 124\n# Incorrect IV\nct = a417671bc62a23c7a65543092124024df72c048d8db330c7\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 125\n# Incorrect IV\nct = 9518d0f99d7a73ed4a502b449c14c285971b0e6177ce0eca\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 126\n# Incorrect IV\nct = f3511f0491bd74ae1defb5307f0e18db864b57b5c404d428\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 127\n# Incorrect IV\nct = 6c03ce779259661c43d41d5d0e45687f874353bba516c73e\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 128\n# Incorrect IV\nct = 8df01969a11c87026535bfccf72b1d064c86ecc7e5227157\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 129\n# Incorrect IV\nct = 8ed1cde228d9c8d046dca65c7a27aef2edf8ae90c705d1e9\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 130\n# Incorrect IV\nct = d69b3e34e9de38d44de1998992362a6fa1f696b5acab3f10\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 131\n# Incorrect IV\nct = 67865122af3294b8da0588775125cbd6dc19d5e5cab97b6d\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 132\n# Incorrect IV\nct = 9f0fa52363dd55df472d867e6faf5da8eb204a1d6d497030\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 133\n# Incorrect IV\nct = c399f999c96a4204325e7f08d6a4de256faf21ec2c007ddf\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 134\n# Incorrect IV\nct = 282082264a87dc35ce1cc5b9931b77d80d82fcacc0927f85\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 135\n# Incorrect IV\nct = c192c90b83003ca96744498014b6ad6bedda837955269819\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5\nresult = invalid\n\n# tcId = 136\n# Incorrect IV\nct = 30a983cd9e69d561acc95c42b252aba4185f8392f2e6c935c8eb105af8082e34\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 137\n# Incorrect IV\nct = 4de9a639b799630b45b49e28dbfc44dabb9843ee588a8cff286b8d5fbd7b32ee\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 138\n# Incorrect IV\nct = d915b2cdfb769d9d82259dc3d124646bbf972b83efd4c2eae9b9f751073f78d6\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 139\n# Incorrect IV\nct = 117d653f480b69fce564f1fe99572492945189ed5af789ce05a2651baf90bb5e\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 140\n# Incorrect IV\nct = 8226d07a2f919e24ada1081c69a75520be895e3a2bda9b805d9747773ddeaa38\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 141\n# Incorrect IV\nct = b0a74345bedf8865348daf45d054b99ce515ea8be136270d1cf71e1cfa7aa4a2\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 142\n# Incorrect IV\nct = a261db77f17f7ec736d1a8be16e5f9ae432fe2a17012e5a6f07c5426a9f0ca59\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 143\n# Incorrect IV\nct = c53acb5e096b54548e1385b2ff18eaef68d235c95b0194e74a2383d3a7a530dc\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 144\n# Incorrect IV\nct = faef482d99ebb180e5bc5e3cf775ba292c2a3b6c44aa4a21ad400906f11af392\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 145\n# Incorrect IV\nct = 73a450b63b07b3aece9d1ae5bf097a3dd3fcf73e3ec2f1bd8fc3b5586cb9bd73\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 146\n# Incorrect IV\nct = d34b6ee184d387c9aa4b2d180ae0a89498014e55fe8e416be4f826fcf7d56522\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 147\n# Incorrect IV\nct = 2af823d1602803740bfa9040c2c4e769a5b6de919d403cfba9ad360f63af1113\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa", + "01d070a5f0a17a0c462be4f1\nresult = invalid\n\n# tcId = 148\n# Incorrect IV\nct = dd78ebd3091c55a5da5b24504200f7fadd1b3ac6ad35f814f733e603c13936245d69d83f262f6b1e\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 149\n# Incorrect IV\nct = 3d8338eae7de322399e1d1b4a3df54326b242b563612ea4b27da22a041d3c80966911bc009911761\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 150\n# Incorrect IV\nct = d04bf75cadd3b5f099c34b27a91e64a8f2dbcf08e8c5c1c9f07a777eeb805d5d0e8c5c01afc43944\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 151\n# Incorrect IV\nct = be0c5d193b61c5137a8fd8a6d7d1ed8f0fa28cec516f544697c12add4f8f4d5cfca65edeb1019974\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 152\n# Incorrect IV\nct = a83ebcbeb2be9d6807b5cfc31c89849d1343dd4eb22e5bfe9e2b2b3790ad8900601f1f5d54fd472f\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 153\n# Incorrect IV\nct = 416221485a6cb98ad1342ea9a12926a9a133ead8bd919323fe789bb8f89a4fcaf81e1be54f9d358e\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 154\n# Incorrect IV\nct = bf6a53286fac48e7f25d89b7056b27aa917d5b54c0d3171dff369f7249153bf09da5891eb4dc2d88\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 155\n# Incorrect IV\nct = 99d517a1321bb633b0d5f3afda2372d3abf68b41d13cbfdffc78f173b88bc4b97efcab2b2904788d\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 156\n# Incorrect IV\nct = d92456bc77a268ef71cba76064a1b772d1fee2ae4f0ee3bb932a2adb2b031796b9eadb51753f2868\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 157\n# Incorrect IV\nct = 5bb54630ab8d73a040f0f87e70e263d1aeb2358bcdc0dce6994d0d874452bbd8741b7ec1d59d8298\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 158\n# Incorrect IV\nct = 4581d6536039db1b23da50c648777e90c82d6128bb92e28b2974bae1141543a19a1592fda1fbd61f\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 159\n# Incorrect IV\nct = d35bc67e62064c34f48150999ba30ded475d8c75978f45737320f23edaaa7a40d7803fc61add34a4\nkey = 4f710eb6b5e28703becfc3dc52fa8bc1dd44a4a6d38a84b4f94e89ac32d987e7\nmsg = a828cbda9b5ff0ae374f84fa01d070a5f0a17a0c462be4f1acce34973526908c\nresult = invalid\n\n# tcId = 160\n# RFC 3394\nct = 64e8c3f9ce0f5ba263e9777905818a2a93c8191e7d6e8ae7\nkey = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f\nmsg = 00112233445566778899aabbccddeeff\nresult = valid\n\n# tcId = 161\n# RFC 3394\nct = a8f9bc1612c68b3ff6e6f4fbe30e71e4769c8b80a32cb8958cd5d17d6b254da1\nkey = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f\nmsg = 00112233445566778899aabbccddeeff0001020304050607\nresult = valid\n\n# tcId = 162\n# RFC 3394\nct = 28c9f404c4b810f4cbccb35cfb87f8263f5786e2d80ed326cbc7f0e71a99f43bfb988b9b7a02dd21\nkey = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f\nmsg = 00112233445566778899aabbccddeeff000102030405060708090a0b0c0d0e0f\nresult = valid\n\n", +}; +static const size_t kLen66 = 36807; + +static const char *kData67[] = { "# Imported from Wycheproof's rsa_signature_test.json.\n# This file is generated by convert_wycheproof.go. Do not edit by hand.\n#\n# Algorithm: RSASig\n# Generator version: 0.4\n\n[e = 10001]\n[keyAsn = 30818902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203010001]\n[keyDer = 30819f300d06092a864886f70d010101050003818d0030818902818100ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f0203010001]\n[keysize = 1024]\n[n = 0ab9014dc47d44b6d260fc1fef9ab022042fd9566e9d7b60c54100cb6e1d4edc98590467d0502c17fce69d00ac5efb40b2cb167d8a44ab93d73c4d0f109fb5a26c2f8823236ff517cf84412e173679cfae42e043b6fec81f9d984b562517e6febe1f72295dbc3fdfc19d3240aa75515563f31dad83563f3a315acf9a0b351a23f]\n[sha = SHA-256]\n\n# tcId = 1\n# Legacy:missing NULL\nmsg = 54657374\npadding = 302f300b06096086480165030402010420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = acceptable\nsig = 253e1d19bbe91064f2364c1e7db3ba8eb6dc5b19202e440eab6fbdf28c8c6ec05b812983713c338c72b6e99b8edf506a89ff9fc8e5c2c52362097a56dc228060eca01e1ff318c6c81617691438703411c1f953b21cd74331f87c9b8b189fdffdfe8550bd2bd1d47be915f8604a0f472199dd705e19b1b815f99b68d60bc257c7\n# Some legacy implementation of RSA PKCS#1 signatures did omit the parameter\n# field instead of using an ASN NULL. Some libraries still accept these legacy\n# signatures. This test vector contains such a legacy signature\n\n# tcId = 2\n# valid\nmsg = 54657374\npadding = 3031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = valid\nsig = 68ea71ee1911687eb54b3d19cedcfd44719d0b24accccc59bdafd84e4eba48ef0be7f115e7073f9f273286a7dcee3b94cdbe208e30ae496987479d3aa12ab0e12685ab592d7693a494e6ad27d526ed3ab5912c7f81e09983931794c2165c22fd859e0f9af1a93a4dfe144098c562731e6059d236b52cb865996c87a9baf7f103\n\n# tcId = 3\n# long form encoding of length\nmsg = 54657374\npadding = 308131300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 52f46d508e31f030b17c537888585f919037562e15f1924543601a41f9b701ee416ad73d6576b4eaaa64e685289dc478751dfe2d7e588252bfe2d43f4b3a31c6c6c39a9df884a2fc2e45f09c2150a830974b1c9d26090830b37bf06f1d57be1da34ebb016e9db7ce2c34e94872c89567ff6f2ab35a1a9fb6632e100c7d7af834\n\n# tcId = 4\n# long form encoding of length\nmsg = 54657374\npadding = 303230810d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 3f34017b3172aaeec72d208308e9b83150699f86634b948847eab56f0169fef51b5636a96866f4f0f4c649400489e047803a91f2b2f32ab715065e20770c4e2788946b85aca5c90efdd6a9458dd9b6f797f96a3de88d2e4896afe147d8c0389943828100061903a30eaff1dadd98d3e49dba56cdcfa5f215d9c615f974f4a0bc\n\n# tcId = 5\n# long form encoding of length\nmsg = 54657374\npadding = 3032300e06810960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 1478337676aa47ca72ea7557facff06f6c777f56063f4487d345e43dc56a6bc5f8a891085d53a32c9d1c3cf7f469e7f56847b0b1b9b5b784526078271f21d0550afc40f81e2b8e8dec851d87511cace965edceb83cb96c8d6616e1ee75bb22c54412fc942a6f71c9fc609a31a69d34b774a97c1ba4f85cca28d9993db8543f75\n\n# tcId = 6\n# long form encoding of length\nmsg = 54657374\npadding = 3032300e06096086480165030402010581000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 77ba423e600bdd761ed10e7c00698a87fe1322f5f42b2902a0be7a24b1cf44f613fa55edeb2ded0475f8e1a13e5368f9a2bfc4f2f926ef289a2207bf3689fc1c8ec3e5463064a7f51bbc993966cc4016319b7c95f282372f1ff848d7fca753a81d905b3341b0fbf60ba186e750f3171cfc84288eff8742bda432bd6c8dc04f9f\n\n# tcId = 7\n# long form encoding of length\nmsg = 54657374\npadding = 3032300d06096086480165030402010500048120532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 9460ee79bb990bc3fe28cfca92363e6ff6900e3b61b3a402f06024a72b7a65d62094b4419e93900995eb121327f72b26b139bab3e5e2bd0c82e0cf6357f3b16f1c1dd4407a9a820f20e3baaa2259614d9ee3e015e1c1778befa13aff1e545ea1758cba4713631d63180a91b52df394294441642964a024f45b2251c90e002ec0\n\n# tcId = 8\n# length contains leading 0\nmsg = 54657374\npadding = 30820031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 96ac043d3cada45aed0dbdc4662dcf7855553a5effa1077048b51c7e9bfff7c2bb3486ea42894d4b4afb26a3b3bd32cb68d5c4d8ca2622f50d8c56fdc25baf83b9909ecb096419ddc13578dcc8121007f7204ee82c517ae03de70fa23ef2390602029a0cbc8a96c5b781d857dbf12802aa561f5f41ea35aa0babb91b9f891762\n\n# tcId = 9\n# length contains leading 0\nmsg = 54657374\npadding = 30333082000d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 2a70643572a7cda975d9e2c0827837e60eaa78c297b1ff75b84f654a91fe33294ccbeda52676ece50fcc03018151e66c24940bd0574ab85a6599231d587f4a6e0ae841cb6696e7dcfd182cb75001304e36887bc4fe3b373828f8b0e62ac2300a626c9e6a2cd05bb7910e74da2978dae1948f855b3b455cd30367160e21581cab\n\n# tcId = 10\n# length contains leading 0\nmsg = 54657374\npadding = 3033300f0682000960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 27778e39b45dee1e7003f1d315d3466fc111791187ddc056784c158df92097e123021e11918b6df8d905304db732e83d904bc914271b03def4ee129c3fc8adcc4f81b690e09e70e46c8b920093f304e64ecb7358740e976d28538a9eecf09ec1e1cd47df9107968207b21538cabe076bcc07c3862c46a793fcf638c70a972885\n\n# tcId = 11\n# length contains leading 0\nmsg = 54657374\npadding = 3033300f0609608648016503040201058200000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 3a879e9f883b158908014f3617cae3315d47afdadd30840494f68d91c04dfe81bd16a40c7d21238cd1816928d989a232a3492325ab0f95d4426e3fb7d58c9908191dc557d8779dabb282287b7860c30e0796283428e0276447235809882ee990deb0f4312c01e7ddf0690406eeacb660acc6957bb670904cfd8d04df5e3ebda2\n\n# tcId = 12\n# length contains leading 0\nmsg = 54657374\npadding = 3033300d0609608648016503040201050004820020532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 2b82155f363a3b283ae455f59e41c29dec2fbd8c7438b0e347aec5b38c7c895cb7d326870e4fbdb935fcbb561f223bd926dbe8b95ef5eaab27920dbe30c641e99f526a9bc356af54198b459b59383135a82cd5b6edab7da0b1a51d939b2f9951e1432d637c4f04a3546ed9c890143ae364602b94eabdaa2a45e4bdf0b5bdfa71\n\n# tcId = 13\n# wrong length\nmsg = 54657374\npadding = 3032300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 1dda56dc953aeee7fd76ae7166d92ab9e3d1d9759e76f8f1d7634a73cbf69e39d8249153d7c2d83c9664db13552f0c78df34b8a67e7b6c10bcc61b5ead7ba62ce0ec7ba8ac78d146f7e4cadee6f6250e0bc3100660e7afbe3afa17fa288d97549b4c8cacc00ac5c942673485739f89c9e5e63ad2be97a8f2313f5c5b095e7542\n\n# tcId = 14\n# wrong length\nmsg = 54657374\npadding = 3030300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 692c143b82196a391a3546607336e6f3bc047412645cf0def0d62d1b42234c14da138bb7f451b45073bbda2aba23412e83bc40d4e7de3e0684f2cad7d059f2d6831aa3d2ece4964ca75cd41dce23c5ba495c15345b36947b4b5a051fe1b84e148b5ae21f112d2245b1acbaeef9dc4a0c408829b9d2b1b5ab1d3a40af0a27b99e\n\n# tcId = 15\n# wrong length\nmsg = 54657374\npadding = 3031300e060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 66c31a45b2287425a20f65c3eba9cc58c370882f5fc62921935491fbd516df9baf9b28304a21d9008b61a92779ecfb3b0c03f6d74354f5159956e3fc1d35bd7376289378f05d7a71e05ab32794f2566a54635e8dc64740acbe10a293ceddbebe8499b520f406023a134eb9927ebb788b92488f036d109ec0a40ac52372e847b3\n\n# tcId = 16\n# wrong length\nmsg = 54657374\npadding = 3031300c060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nre", "sult = invalid\nsig = 7b85536bdcda4ad3fc40129f2ff9dc85d9ec049913784064e7358686640446278a2006d93fb33429407597e5d8c783e3f7aee8a7791d69139f3c802a6547f01bf987415eec2447b0e8c4f3aee7ae2085d141fa34ca6634bc109dede93285d5c40cfcd98bd47ceb9cc1890dfff53b7ebb8038533580c7a67fe14c0c422e20cd64\n\n# tcId = 17\n# wrong length\nmsg = 54657374\npadding = 3031300d060a60864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 5d77fba3cbb1905d83aa532fcc3227a95d7931bf0c2ab51f8118824de9dc029bd2470adf48b41c694ec7359d00a1336990c30ee368dd40bd681ba74794415d3997e7a756659397bf6abd44ca91c12a8580a3f5d1cdbc7f3be0c23c72334ce9b1419e6540dab73f5ff8ab57d0bbbe92b688bd3495f9344822b622042c2491bc41\n\n# tcId = 18\n# wrong length\nmsg = 54657374\npadding = 3031300d060860864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 7b5476fb78f389d1131764e7a13322f86008924c8c098f6d74f2df4dcc5a504cd786b3eaae33295cd1e87a2bbd1a06cb385674d465110a9a990d52de9a67f1c13ecaaa86383d489423c084fae9ecd2e9b109f4f04b8c013e3409128f3a079c068c1ad27bc2a20e76ad149325b7b0f0bd804a4e33949a98aac49076260702b0b0\n\n# tcId = 19\n# wrong length\nmsg = 54657374\npadding = 3031300d060960864801650304020105010420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 6034e1253e4860a29096e392076794cfcea166a30b340cc09f77baa5952c06d148bd89b750c3112930ef210a50a7d3f6569da89912b5e50e824116e73a15536958f75779506d07e67ec9c0cd8de4b51dfbb0fe56926feed18ffbd83b0cdd50d56326c54adf97e629378ae5f0f02fcda3da1aa98cb1d1990946edec711a85a0d8\n\n# tcId = 20\n# wrong length\nmsg = 54657374\npadding = 3031300d060960864801650304020105000421532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = a44cd265e1ecea83fc74e9eef746ef173277cc96f69a1798590ddee7ce5b5c34a82ad58a5c042db19005e04eec4159900ea764c0d008c52b94577d1c438661fb767902d9d1bbd6a90bdc4df685ec5951eac81d8b4dd36bceef7b6f919e85b6c994c7cf22a804f15cebe63b77f47b3bc2c2aaa68c6362c27a574b849efafe72e9\n\n# tcId = 21\n# wrong length\nmsg = 54657374\npadding = 3031300d06096086480165030402010500041f532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = a160aa43f4873cada34bea5ccd2be9dce07940ee1c08eaad524a5019993bc753ce92cccada706b483f106ff20b327b35e7c83955ad3bbff3f26ced3489877d1b5bf285d61afcb30219c02a440da61030e301aadb901a525345d1a651a21c31a62ac9fb71738c3e215a8941ca9a3c4910679c5e774530c28788f6eddd7a31c024\n\n# tcId = 22\n# uint32 overflow in length\nmsg = 54657374\npadding = 30850100000031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 1369c78f816a9baf027e255de0c258125be90f35b8daafee87f2ffef2d465e0694af4401cc5cdc7ca78b08d5688ceefbddc02abc5495d47c6829d696f8370ea427e7e0225eaf22cda720bbb5881edd16b19bbf2ca86654c65b4ad481c13fb38af00d77922f46b311f936c51f4610f6bdb514b366aa05f029c1e63e3cfcf9763d\n\n# tcId = 23\n# uint32 overflow in length\nmsg = 54657374\npadding = 30363085010000000d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 41d4c1ea43cb207af8bfc1552e31da7ca5744b68c4e00c3bf55f4edd4c81e91c01f44fa05290dbaa1fdcdcc775f6032a049b4965345c16aac6994b06cda9e0387dbff96cdb115e014f69bb057faca2f618c70a31edd0beaef7acdcc0fb7c83b2f07a8b9de48aa04b7c973920af5b8dc20aac343251ddf4c2277985c3db1dac2f\n\n# tcId = 24\n# uint32 overflow in length\nmsg = 54657374\npadding = 303630120685010000000960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 76bae6c330b9ab33aa9f2abe8559c51fb95f953a75e48053ab99078069214b509dd1b5080ac6819e32912619372d71a9ff1a67449dd699e5bc6ec0e18d1893dfb5bd571d933926d05b0d9fd7036ba4556e209369d1c57ec49cd9075e583c257c6fd4899c2a8bbb157547812cc692f264bf54712c71ee090b974d99b4d1629696\n\n# tcId = 25\n# uint32 overflow in length\nmsg = 54657374\npadding = 303630120609608648016503040201058501000000000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 3480a5c22f092f259b5bc4fdb9a33c044c24a645b57d61920effde1dc0bbfe53738023f16025841f9323b40f72c11091941bbdfaf7c2fbf77ad6626dbd6a3b7abb3ee916d96a922b11c86ce80ee67dec619bb98e9246d35a33b11b3a4e2a3a130e8b57ed4bcdd4b4e73aec3f9e3d50d3db5e29cffeb186846c72d09468d018ed\n\n# tcId = 26\n# uint32 overflow in length\nmsg = 54657374\npadding = 3036300d0609608648016503040201050004850100000020532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 5b3d3a198d4b36c6d9641db181fff59407a25bf1571f85e47bad1eaf138079872b93b9eb51aae09b48d6f4ef56badd96a6584277d8f3c6e4a4e11275f72021b50a1665ddaaa56a2a7caa7da6b4d502c5214e17042811154d411dd2197c250264bb69ba43adf668d4f7b81d932afa55e378214bb19ddeb431f702a91dd11e23bb\n\n# tcId = 27\n# uint64 overflow in length\nmsg = 54657374\npadding = 3089010000000000000031300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 1cc5577d04e34550e7f3d136064547efa30b9413e2c423b5a320eaaaf11cbebb91e13bbe3874e4650e057a8e38c8a366c473f35e0de82b22f846721a09e3f279ebdf54c8df395a9041333f09cb7bed5291bc1842857c4ce6ad5a1c2c476c1efddd5fe42824c25e0581aa7bb8f621d3b53566637c6266bb1bd0a5b7fb79c72616\n\n# tcId = 28\n# uint64 overflow in length\nmsg = 54657374\npadding = 303a308901000000000000000d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 6e56d1746105344b34fb8299d173f4a5032cbce3556ca9d1eee35f8b31818efc121a1a9599c24fef8531243016dd6288d67b4bf9fdbf2c90fba5b1661be03531b5e15385ea465d1376010f0af761e8fb1afff7823dcef8dc100d97c192e9a7d03c82321d83fd8ecf67207c65cf182e1104ec5669536070cf1e3fe73c5e27edeb\n\n# tcId = 29\n# uint64 overflow in length\nmsg = 54657374\npadding = 303a3016068901000000000000000960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 37a413f9202591b8860cd9d68515ab522ae800e9a71793b479f1fb74ab8c9b07e72fe82dabe1189d028b813610e5e57c055af2d32837551fdb0cd93d7669a3c02a14c460f4c92136a4d11cfb7dcc76401bb5b699fbc64d302736d68c3591ecd59220107cd63f55c83edd38c4568e6f7749c0d9baebfb7c8ae1bf2179101745a9\n\n# tcId = 30\n# uint64 overflow in length\nmsg = 54657374\npadding = 303a3016060960864801650304020105890100000000000000000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 9fa8aac224bb50697103d457e7fc870853b23670ee5b8c7395d68ed82b30db18ae34a569abdcdf19238ffca8f5e435327dbe605bdc1a6dd3eaa3c2beb33f00642984a2034bf3b3e8de3ec7009e35069d5b27253c4aadcb4f163148e157252e3b9334abb6cf0299161c12908529f52de9416ec6218af7a6963fcc987c5024ea71\n\n# tcId = 31\n# uint64 overflow in length\nmsg = 54657374\npadding = 303a300d060960864801650304020105000489010000000000000020532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 0f50bc6b1b94aeb6805dee51c92860693de47c4925ab90b57a46e0485a9afeed45083eade73bee684cd07048e632d1dd24aa2efc42c1f85e4fd7b7058dbeafb53a3d5b1cb1e7dded3352c3c92ded891839263a501afaa78fedfd04546c43d16f7a52b800abc9ab1ef827ae0eb19d9b52def2435f1477a48dff61800b4db830e4\n\n# tcId = 32\n# length = 2**31 - 1\nmsg = 54657374\npadding = 30847fffffff300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 9dcc651cc0a1b4d406112c0d1ebd7a9fb5a2c9d9f9cffbeab2d2821e5ed01efa9d191665794649bd1f588b729e8fba1eaa37a5a736a5863973c338a92b2665d6ead13b72a19d2da778febb94b150e8d750340a3b856fca8b3b6e3cbfecb9c397c23f46912ba546ab0f64ed88404ce317f8fb2278b68950e9712d6b11f5cdfcaa\n\n# tcId = 33\n# length = 2**31 - 1\nmsg = 54657374\npadding = 303530847fffffff060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 0397d14205c2f52423ef69c874294dc2b37d5be5d5647f7e83f1dd6783cb41cce52e6de1dc8c9e93ca1ef887d4c0ea79cd8b26391d638bbd8080bce830bf1bd7fb1de31346f28d609874fafd4a34fb7bee900441f55589ec3c5e190106d8816cadfcfb445834739cafaaa3903ed93cedc41a76aa0ce18fb49a3a73b7b5928735\n\n# tcId = 34\n# length = 2**31 - 1\nmsg = 54657374\npadding = 3035301106847fffffff60864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 2c3ffd881c1", "c0ce2e4c98282d6011179a89b1e84b17072bcbbb64164e5e05410d0414a1fdbbc04564f3d80f3891f28c3f02e92bf97b4339b5bd4699614e236d4223cef0688c44b297eb9c0e22246b4cb28983b102a446dc76671206c3b77af6897f2f445512abda37bc9c37257dd4f1c6f0e6ec40929eb6b0058682b9d2f6c66\n\n# tcId = 35\n# length = 2**31 - 1\nmsg = 54657374\npadding = 30353011060960864801650304020105847fffffff0420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 668bd06eafe953fca6a17b0da0f9006ceadb09ad904786b7530148df7eedc146d20a5472c39677d65e59934c00227fb662b3474596e6072f56d2c00c3d31e66f0da85f4670e75c3f2c910c0fec8c98bc31fb2eceff80350b78aec0d316e9bbb331544d8a3d0b1649291396c717e350bebba3d3c3a0b1d55f010879b8c7b7d4f9\n\n# tcId = 36\n# length = 2**31 - 1\nmsg = 54657374\npadding = 3035300d0609608648016503040201050004847fffffff532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 87482257ae1d18d0357428b756ae35a48549536a3439ca3c148eee64f4c096d896219097d55c14a25eb1490779f6b1471aed238cc0d6aaf265c12ac086d04de9b79a37518056dfacc12cb4916c17505fc7e2e6c1e0db720a286ea65bde4d3da1d2dcb8d0276e8ce73f3f923209149955285c602572cfd24c82e8d96d45f569e6\n\n# tcId = 37\n# length = 2**32 - 1\nmsg = 54657374\npadding = 3084ffffffff300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 03aadd447f36952dfe73ae89e5c656b7d37ec92535e547cca62a7747f3831f2f613c7dc094f3d5c4c6b9e02b21ed4626930ef3948b42ed41f4cf468d2474acadf1c75599c5619e4872e6d3dfd93abe92234165135ed265e0c0f64fddf23e50c1f9fdcede8778a8ca008ab00f8afa887da3f4699df9f1140953232f36d035b03f\n\n# tcId = 38\n# length = 2**32 - 1\nmsg = 54657374\npadding = 30353084ffffffff060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 31afd9a0d827755352b16de04de42e98a8c72f08919ed475530a00c762b8a03bde22634dd856a7eede4b4947d780cb3efe55775e16d7f46f209dbcb5569b2d9469cc271aa850f74960f7c741928055925349821e32e1e0fe5a040010a39a4b6a343f7f35c204106b3617e528a99dcaea8a93766adcfe7be31cdb98f7f7f14669\n\n# tcId = 39\n# length = 2**32 - 1\nmsg = 54657374\npadding = 303530110684ffffffff60864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 16ac0aa2d727ef5fbf0305259ee6fa40827c92419f819673fd64cc2dc2dbfe7ce1cfcf06e26d45f59cb3d9afd30d7a6265863fe856e0a0b1b9508b1e7a2dfb0f87f5ebfc444bbdae504abde7daa33bffb991551940df682c8e2c45edef0563b34d4f11e1955e83c2145ee321165517d1532abd64dc613a280fc30670bba1f898\n\n# tcId = 40\n# length = 2**32 - 1\nmsg = 54657374\npadding = 3035301106096086480165030402010584ffffffff0420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 0fe0c75dae62462e66e7277b03c9113727419f7d4db7b2a567c0c189fb6328e1f73d5d44e2196b436f4c2f0f12950d419774c8a51c55f9b2217f904c4f03d5f5754174719dfb85f62795ef75e6d54e703bf231fd8472250f529f85294f29f6c5653ef585079c3b3d8f931da80a46c8afeef37696fb0e7986d413bb1996b8ad57\n\n# tcId = 41\n# length = 2**32 - 1\nmsg = 54657374\npadding = 3035300d060960864801650304020105000484ffffffff532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 9ef993e6ccf015b0b0de75b51213a1c3efcaf66bf83655287484ef28d984806226a7af1704fa6a7fc02984b44449f83ae24761021e49ba6117505c1e609406b002215de27d696643c3354fb48e6c64e7300944edaeb96e4872275f75532f5aab94358d4954522fc7903439e99223d8124e79a3f519050b6b576b77d5abe7c3e3\n\n# tcId = 42\n# length = 2**40 - 1\nmsg = 54657374\npadding = 3085ffffffffff300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 0fbc20d18ef2dce383ef9640232e44fc287cd97bdb1a18614a77a6d72da5db05df264fff4964b3395445a5b75f4098be8c923ec613efa49e87877c08ce52e9e8b491eaab77ed2336179f1e447bc53e0d9fb9cbd2f2c5e180acdc946df4cdb0a878f27dc010adb1d080330e0bed852181bf97dc4372049ac6ab5802c0d650ffa9\n\n# tcId = 43\n# length = 2**40 - 1\nmsg = 54657374\npadding = 30363085ffffffffff060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 3df42c382b86647a466ffc743dc4713259bd7dfdc909939738e59e3d1eb11d104537762c50eb55d4677a005f7f925ffc7ef0751ffe0c4320a6cf0733e738a404b2672f3dd11fa97bf9d84b786a47c63bbc962d52873765a6de3a57590c2cec68118af81d7dac4f7ce6c101811f2fa364a34fe704d674be5a28531d6e8c4fe120\n\n# tcId = 44\n# length = 2**40 - 1\nmsg = 54657374\npadding = 303630120685ffffffffff60864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = a66d9848a3db7e49d8053c4a3869415c0bb58fd265276c99a66ed1df84e162cfe8f0820229d2ac2f99d9753eed39af46649409cf559ca6edc8c47e550b7a4cf24fac756389e365ad73ddfa67e72d042ec494644c5f277f60864dc90d6cbfdf556396c795192077f51f173477b934871e2a960f7ac3e6e8c8039956a5061bccf2\n\n# tcId = 45\n# length = 2**40 - 1\nmsg = 54657374\npadding = 3036301206096086480165030402010585ffffffffff0420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 7561668d5b2f8fd3190be8244d4d0550043dc0a7e80dfac83eb6f6ddbf448d424082fafc332e473d434b37ce7605352594ce632f4d5de30951581af907fff6c01814022c31a31b3d130673a56b4ef7763bad595053af0174df395b802722f5046e408c978e2b5a9a63f8ea80e932f76513928253f432c8bdc7ee51872d315b7a\n\n# tcId = 46\n# length = 2**40 - 1\nmsg = 54657374\npadding = 3036300d060960864801650304020105000485ffffffffff532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 5a836168587968425c4e103bae20603e0ae6f714ccdc603a865bb3541b65eee9dd0d9ee21cc66c7a83403fce2413b97f1c1239947e94614f6f2eb731387c8b9d956242bd9fb0545eb2c874ca1a167222034649894b41fd0fa935cf52e583a5e9a4b503cf9f2b238c025bf2e22ed78e7a64bcac1d38302cc2361c71b854e79123\n\n# tcId = 47\n# length = 2**64 - 1\nmsg = 54657374\npadding = 3088ffffffffffffffff300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 97c602416f2131d34f2a57acecf26365a30c12f77e5beac095533848ce227302092c6f44b47f011d6eb0a91f8024d1935d8bb274c42b57875115a94281fd3cb198f9334758d3200c1c721f6babef332c02a89968a7089f7783993bdd54f809f8372437798d2364040c1faabfb00faabf28cd6ae4ffea29ae2c08a6a7e6074700\n\n# tcId = 48\n# length = 2**64 - 1\nmsg = 54657374\npadding = 30393088ffffffffffffffff060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 2a970dc291a1dc935cca6985dda703bcc1ece2e40817ce8fa79b6e8fe84e113686e6e65570d46bf22147bcbc389cb5f86f92dc185f556d15e7614cef119fcd7305a31fd2f8710812f35f9f0bd8a1a6e5be3163de644370c67181b7575635dfb9f717f78631d62db714b2a19cea7079ff13c8926ae0c601e4befb6541b02a7e20\n\n# tcId = 49\n# length = 2**64 - 1\nmsg = 54657374\npadding = 303930150688ffffffffffffffff60864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 6e16d110235cd11e32b114ca9dac0cd6a1b041a6d2c61941d49bb458241281f62a4e2b1bf3cebc3e67e8c062ec67a51a599a553b09732e23e1d09fb2b20be7fd311a7122414d535651718a1421d4239276c227b96506729a09e3ff2779dd1c79de4d402623039b826e2bb4d26d1b56775fce14ed0203a9ebd8f042d981705a77\n\n# tcId = 50\n# length = 2**64 - 1\nmsg = 54657374\npadding = 3039301506096086480165030402010588ffffffffffffffff0420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 0716d252488e08f10a25cec94714e6105bd4e13ff019431190864cb0f4378d315f4bd0fdf186e1f2d45a6e97eb04fb2013273e178ce4f82a0b67bf9d021b1d8ab73d753adf2073ee1ad6190b2163139db63778a3670b7cce23f45efb601bd59644a431cbe534ecdf4c4c58ed02ed03863ee32d296b5736c010305fec655b1a44\n\n# tcId = 51\n# length = 2**64 - 1\nmsg = 54657374\npadding = 3039300d060960864801650304020105000488ffffffffffffffff532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 03e52a2ed638bfb9184a0ee3698502af3a19bb959a984957de5101e6f7a62cccc2ec2a6293fa9d76fabf3ce7e4bf35c65a5f864bc003686a1e05b57c5af6ad588e05a5225479422d7b78c5bedddaec7f4b8c1e9ab7478c1ee253847324e025434b76a01b82a40123ab31ec9862c6016885dc6cbfe97801503369fd3688bdaaf8\n\n# tcId = 52\n# incorrect length\nmsg = 54657374\npadding = 30ff300d060960864801650304020105000420532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25\nresult = invalid\nsig = 9c4217830da16424a6c80a62e1e1cc0c589e3324267b4498e89af96998f8352", @@ -3043,14 +3053,14 @@ static const char *kData66[] = { "0cc5d9d0abf0\nresult = invalid\nsig = 350274641f0d1af9b1574ad9c8b907ffcb5240825488a15f811abf56920c6b71d1c4d0fdec8322fbceedb2189bd7932738902830162171cb67243096ff0d42f7dddb3416eca5cd9b6a86e504a2351e4d87c75c2ab6bfdb005208afeb1cb6e542da32490aa5a0509db3926df6aec56fef56ebee5543d61f7cc3a35984a43c1a9d\n\n# tcId = 394\n# longer oid\nmsg = 48656c6c6f\npadding = 30283010060c32623065303330323161303105000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 1ffcf9548a1c98d254f3be4aaa250650fb5f95d10b6468406c9a7498aa84213117b99a82f40727504f6a563bd471c1987aa45a13cd6b6a6c501a8e455516f29fb5cfe9e4703fb9529a06010a557353ca13efd3b1cbc7f0381a84e14690a54879f8c9a3da6d8aa19d3f372d7f1a87badcdd871179abe6bcbe1c18f4b38f87a3af\n\n# tcId = 395\n# oid with modified node\nmsg = 48656c6c6f\npadding = 3026300e060a3262306530333032326105000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 17bd4b3bb00dd491d68c76810f5779e996eec04bc50606ad30166d9e26948c308ff766246cb5bbb362dc33129865a241a505332a0f46fcb882acead6c6bb5c1b8300381e3f9dcf89938b081e0c6106c51e8857252907d5b5998a0689335340b2d8bf186cd091753858f4c9f72faf4db828c3f23bb99fd1235d665b7703a9945d\n\n# tcId = 396\n# oid with modified node\nmsg = 48656c6c6f\npadding = 302e3016061232623065303330323838383038303830316105000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 2bd908594b8677b6359473f30a827ced749a0b81e6bc060fc71f5ca8c54f26176394efc3b9dd34b6b425269afaf601a2402f5db7c1fbb95bf4d9a90f58af7dbf5c11e9993f3a6373df216dc9e51b25bbdca70e32f6a96cbe42d5efbf67f4c6cf64e0a5c6b5ee80aa0ff7976184a5ce33b7a7c2c8a079a207ba7b7e1c8a2ddf2b\n\n# tcId = 397\n# large integer in oid\nmsg = 48656c6c6f\npadding = 30383020061c3262306530333032383238303830383038303830383038303830316105000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 13e8d2f76b24fac71cdfdf7bfc448ce55ca7a25b58feca2a51a3e9e40b3c75bad26a04e3799c66edd5871fd4dd62c7b35d0b062e1c0f7b05ba4b0e9c6635a40236abef106f3b3d862ff1bca0ee290f3283dd38c081db0df39573134d40693835f56b4b97387f3e3cc3fa3d9f9155611a5bd413d34857c774331223301e2d0207\n\n# tcId = 398\n# oid with invalid node\nmsg = 48656c6c6f\npadding = 30293011060d3262306530333032316165303305000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 1d847fccddad46487b0fcf75f743e9550e4c6e68fabe27e55374cf5ef9240bb37490041d24ae74bae0ac5e49196057cb150abcbaea8fabf3f936b0b2cf6d91c49f3bdaca01689b70fa34152580bcb22c67196c5b9634fb2f0d75f523fc7050a6134d870190e528cc18e6960d288e5b597930888a36ca4e6c455f5b88300ac160\n\n# tcId = 399\n# oid with invalid node\nmsg = 48656c6c6f\npadding = 3022300a06062b800e03021a05000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 4738deff4b32a30dd68b0abc1971dd2af9a500b5f6922558b96ac9b1ab4a50328b2ba9a48e7c207a02ddf642728930f4004d337483eaa0a01fb038a7a6c289672bdaf1016120f2faea563f179d3d623d3ec9bb5d936ea2a7f74d2bd70a06c83e904df55f5142c5c6b6f75221397dabcb19e069436b94ca764a5016141496503d\n\n# tcId = 400\n# appending 0's to null\nmsg = 48656c6c6f\npadding = 3023300b06052b0e03021a050200000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 977a5c762a4dcbe9551a4a0bcfe96114aa59187e6dd0164cbbec2d28ff9d11e413a1de7f274704c24229c99ce9b5a3d98872db56310be7259a2fa44e652c4d02f8802360d3a29ded2a7de0a183001e74b3aa3fe594867294461d6a23160481ecdee9c05c28ce066021847a23366cb147013f57ce53a24791dd1873527f1323f0\n\n# tcId = 401\n# composed null\nmsg = 48656c6c6f\npadding = 3027300f06052b0e03021a2580aa00bb0000000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 79a42d1f294f82bd6ad48818f1f634733fbefea7def5ea32a1ed56de994ac047011695a0c8a11813d042ee6784cb172da76aa0ed892e53d4bf99fc21301a91181e7c93a56646190aeeb4a1c212d34d17484521580d84adb41b2a5cc285963509d0c832e5a2252e5cb028839d9db7bdabb7689219b97d699277ed004ca6389b61\n\n# tcId = 402\n# appending 0's to digest\nmsg = 48656c6c6f\npadding = 3023300906052b0e03021a05000416f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf00000\nresult = invalid\nsig = 37ddb1b141539dfc350974039429b948cfd8acc40ecab7270b3e560f0876cec68fa22c8dbf09c8c25955819a5cfc6d251ab99cd06c013792207caa2ada95d4fc01a6d89329e211869c02c648a64b721e92ef3aa767569ba2f0c7c376772926a95ededa5d3f0ce10ab3b2b25f70fee1702dfedb0605ef6401f3f44c464ee98110\n\n# tcId = 403\n# prepending 0's to digest\nmsg = 48656c6c6f\npadding = 3023300906052b0e03021a050004160000f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 85c2c430e7cc2e989e729186cb1256a5f7e78bbb6e135b36a43059389f57cc7fd67ccf20becc0d9e63731ae4ee77e926754ee5226991f9bd46203f7fb88562b00974dad035b1a0f39cba567dc0ed3cb3f7bf51326e62b0f82d8aaf8cc8dfb96c08c64235dc2a4f612bc29a8d4fb4b1edff1cd517d1c981a809ce9708a547a765\n\n# tcId = 404\n# Replacing digest with NULL\nmsg = 48656c6c6f\npadding = 300d300906052b0e03021a05000500\nresult = invalid\nsig = 5cd36e6403f666a5392101235b8f94dc80a87c03cffceaf72a9b6c37189bd028f94df3d6df776bc35f7090d2e0048d5e2ad327d4f6c4defe83538d7500b650aa47162e0d1536136a43cdc4cb9e12780496f696e781ede83fff94626f98d7f4d3c8ef865aa3d042b85a1c00b70c31757ab27c68f79bbb709e714a41558216ceaa\n\n# tcId = 405\n# dropping value of digest\nmsg = 48656c6c6f\npadding = 300d300906052b0e03021a05000400\nresult = invalid\nsig = 708e3d4577c0ced7b4d729b5124169f67836738bc18f82537dbe1c9a48054769ed0888751a823eedd05408ed934a555655d473dcec0fb5c6f19aee82f1dedf3f4fa14171c3ccbd3f1f9920f233a21be4341134f25636cbdd55918e9da76568c3ba55c630ee3e9eaa4dba7bd989fe0534925d1c47592214eb4869bcd42b60c92d\n\n# tcId = 406\n# modify first byte of digest\nmsg = 48656c6c6f\npadding = 3021300906052b0e03021a05000414f5ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 82bc0a32f50b69da0533a0b7d966f86597c2685bbc9b44fc1d58518ef8c161efe6e6369945f1806ff709304c9f60430699b22c550d1f5f4d773c1d31667afbbc4cc824e75f0aab92d9d513e2f86f414d853e5dadf34893b6525765c11f67ca4b2dfae48584a760637016e3231fb89031d549ddbe6fa1bb90c7bc792e3f13f8a9\n\n# tcId = 407\n# modify last byte of digest\nmsg = 48656c6c6f\npadding = 3021300906052b0e03021a05000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0ab70\nresult = invalid\nsig = 44b0c75a3abc8f2bd7575787b1349ddda91a5e432b85333030562e7c391344cb1e6dfe328f11491b92c2eefe38ee5fd8aefef2e02b0527fd35a9556e23dc9c1d6eb20bfe3b21bd8b2992c076d7c228821fe5b36f2af42d1c365f49219184c4ee11d2beac7dc08860cd57dc80484cc5702d49d1b9cf6e7cd3f7cccf05bf701c4b\n\n# tcId = 408\n# truncate digest\nmsg = 48656c6c6f\npadding = 3020300906052b0e03021a05000413f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0ab\nresult = invalid\nsig = 313624a0449c7f2f19878797dab59c91ed45ca0910aed355737635283d56edc7f470628e119a70f7d40b238e0ead042ec1c1c377272fa3ca975cc21eeec934f758ce70f19e00f592a0e5a4aad8e9956d9fd7dbbc126b6a001f20c42b517ba54511630382612f2bacb9711c87d9a19897c8c44f7905f548b558fada6a2c9912c7\n\n# tcId = 409\n# truncate digest\nmsg = 48656c6c6f\npadding = 3020300906052b0e03021a05000413ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 4a3539eaceb4691d856020b9acc11854892df705ad7994759dea2efe0c5384e8f86ebeb3f4360ab0bc7d35c8ca520c8d0a1c869f3979ddedbb60437e798332a0ef7a52ca86b430ebc6aa57114f6057c8f18066ca1483cbe8a8ad3a1e96476a21d53ac6f6a4e18ee965371ebe58184fdcec67f0d42cd16d6ce6800ec87978b759\n\n# tcId = 410\n# wrong hash in padding\nmsg = 48656c6c6f\npadding = 3024300c06082a864886f70d020505000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 1d8eb339d60f873bf3dd07816dbd8a5b5e61805e26654e5a5869fcbef176a61a3b2c173778ce5fb7323dee2f4e42a272474576e8942ce04c66a17d2ccc093e529df580d047159f7c1266af51b7a7f07f43a28e309111540a80fa76b25b6d86f9d2fc99a28d1715567545509f80beb700fe9cfb82be7bc801794b7d32eb9b584d\n\n# tcId = 411\n# wrong hash in padding\nmsg = 48656c6c6f\npadding = 3025300d060960864801650304020105000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 949fecb83ddc236d3c622c9b6118fe0bf524080594c731636eb735e7d1285b5b6c527a2346b51c42fcf706184c4edd79ac98750dcf35973920aa19dee689cb7654b4785d2755b0dde4113c293e301f4e0331cf166bd8c7ae07031165fa4c02a3d6d70422fe42c7c6077a1f1dcbdc0de257363d51951ed1e2b8cb66684d42a8b4\n\n# tcId = 412\n# wrong hash in padding\nmsg = 48656c6c6f\npadding = 3025300d060960864801650304020205000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 3b2ead8d64cf96e26db3ba9d1ff63a187a715d04e3a7dfcf6c85790896793bc19c0ea6c5266cd4ebc25b859a07ad6459942eb46f3efcb9adbc29f3fa5acf0013d5baf3089e3ec5cd3401ae282670d27493b0ee33e391a9d32283b2", "24036405c9d61bbb470dc8a69762bc35483d3d26c1c8e16c311e5d3e284f1d51383ce7bdcb\n\n# tcId = 413\n# wrong hash in padding\nmsg = 48656c6c6f\npadding = 3025300d060960864801650304020305000414f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0\nresult = invalid\nsig = 6b23ad94314f022d64a7b525aa933b7aef8184b66473572bf41c00f899dbeeb95755da7c749a0ce5cb09d3567ebd4ceb0033a1b16cfa13e85fd1745640a5306229a14a9c67c07f75058ad1dfebee25c44ba3bbf75fa053ef74717ea7f972dcf7d7d23901a3aed841e0ca419aa570a605e0d189d2b51ce3f00497c0bf16998ade\n\n# tcId = 414\n# wrong hash in signature\nmsg = 48656c6c6f\npadding = 3020300c06082a864886f70d0205050004108b1a9953c4611296a827abf8c47804d7\nresult = invalid\nsig = 53ee28bf3582045ff9a6f7d813b9453fc5813245b198d98cb141f6f36202240746b9d3778006aa4cd3905bffed0fde38157d8e8809228871fb48037706ddaaebd31ecebe3dae0516539509bfaea18dc1fc3c7f29620f3214db5d70005e1323094aa8f94ac9d64d9d02ff2010178425027145740b40640a43ff24db043a7a2d2b\n\n# tcId = 415\n# wrong hash in signature\nmsg = 48656c6c6f\npadding = 3031300d060960864801650304020105000420185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969\nresult = invalid\nsig = 171b1a7fa8cf97283809515866708d449f184d675613cbd33e91586f8e238946f860915f0fb6a390bc7cedfcf7d1621f49f3c6f39b7412d75660fbe3c2326c48399b7d41dfceeadabf0cbfc4b7dd756d8bdc38d28e80fb60e743fdf6d81973959d2c6b111fa0d8f3c9c8677c0c8030001b12f3e2c5990822154b1b762162dd7d\n\n# tcId = 416\n# wrong hash in signature\nmsg = 48656c6c6f\npadding = 3041300d0609608648016503040202050004303519fe5ad2c596efe3e276a6f351b8fc0b03db861782490d45f7598ebd0ab5fd5520ed102f38c4a5ec834e98668035fc\nresult = invalid\nsig = 9810d39416595ad79cf376b41e6e5f94fb89f61ae78bc5a0c710fab15d369dd7f050b035e5c2b8cdfe10d06be739bae08b47afd0b7dd2b226905f3ee718ccd5b5fb5b951558a62d83a2f3ba5dd1990d2d3e05c461e33ccaa1bbc22350c3ca157351a5b88ad3b1f524fc5cec5c1714a8ab3ef709e462434a6048133846fd1d85b\n\n# tcId = 417\n# wrong hash in signature\nmsg = 48656c6c6f\npadding = 3051300d0609608648016503040203050004403615f80c9d293ed7402687f94b22d58e529b8cc7916f8fac7fddf7fbd5af4cf777d3d795a7a00a16bf7e7f3fb9561ee9baae480da9fe7a18769e71886b03f315\nresult = invalid\nsig = 57532194f33bfddba2e848b9342342114e2c6dcffe228cb97b72ac9e26b77cd336a6fa5c8152db0d536c6fb3cc48487a89cfcf42990593fd0dad420b46fa87ea2b9c9962025dcc2b8a6d5a0476408a62d9c276fb5eb8e97e5f1726918fef41c0d12ad420525a803d804002061c3bf355a3c4fee4ce42016cb0e0531d2657726d\n\n# tcId = 418\n# using PKCS#1 encryption padding\nmsg = 48656c6c6f\npadding = 0002ff...00\nresult = invalid\nsig = 572ecc55660cc4f8888559092f54e4ee0dc6a57d0722bcba6b608869bc0e86ed53f8d88180b40c006ff10dbf32ba2c6bf3558e22a688f7d68a6d38740b99dd2a2eaa6fc94fe9fa76a0bf775c0eca5751ce7837a3da3db7dc648fb94ed0def4996eb40e168d49417dfd82c86f2c586fc49dfa37a6335b8a76aee84c755610948b\n\n# tcId = 419\n# using PKCS#1 encryption padding\nmsg = 48656c6c6f\npadding = 0002ff...00\nresult = invalid\nsig = 849f48195c7ae50b762ff93e350bacdf52e3eef5f86dbec5115d74ccfb2c9a49cc91115f6935b71deb424865666ba070299e17e64c3ce5019e1481ee195cffb4fc1f92f026cea579bbe9f78d7c665dd7f65af7c3221bae50d5c0b50ede25a3993979d167a86db511b9ace4f11c331f892f06e72d17e934da9a83a3c703b3409b\n\n# tcId = 420\n# invalid PKCS#1 signature padding\nmsg = 48656c6c6f\npadding = 0001ff...ee00\nresult = invalid\nsig = 29b9b831e6694768910397fbe53e0a6868f75e3910d600e3421349bc4321d93067c78f6294b00e52e9c2fafdef67e0a460c3d76e6196fec6aab5c4964a4782c5da021466908d106193ec1b6b0bae4c9a5e3fcc4a355565c1dcfb76c489b4c3ad11b6f2182188470edf748eaf81646fcc164c60c1a55e9334076d8b5ce3d09808\n\n# tcId = 421\n# PKCS#1 padding too short\nmsg = 48656c6c6f\npadding = 000001ff...\nresult = invalid\nsig = 583dc8ac657ac9d55c74b6505f1a7a4b2225c038f36cc66d76a7eb8c818195b138e8bb2b26ac5a01ce32aa3f590815f0ecdf693877bdb12c5dd55b947b91f83d66639874ca263d1227dd0b6531e3eedf0b1e87a92b8db4be7c3c40d70865f56c8e0b6cf6607d47ed44acff9c4360d65f847f4ae947a13e4a56dff1d11503bc9b\n\n# tcId = 422\n# CVE-2017-11185\nmsg = 48656c6c6f\npadding = n\nresult = invalid\nsig = 9e62337ef7d4fabec2561bb45a18a362022b23666571bbc762c1c717a14a46d8f58119072aa26245e71fc6945540335163798fcbdea04b3104ee23f2c3874bbfb3e7e0c1ba5f1fca909265274414db6957a5eb668e0e36a388784355d528e51a6a4a9a9c6b6ab912812a268dac9dcacf1c13507768e63b1f82f8af29c3786a17\n\n# tcId = 423\n# invalid length\nmsg = 48656c6c6f\npadding = 2 bytes too long\nresult = invalid\nsig = 9e62337ef7d4fabec2561bb45a18a362022b23666571bbc762c1c717a14a46d8f58119072aa26245e71fc6945540335163798fcbdea04b3104ee23f2c3874bbfb3e7e0c1ba5f1fca909265274414db6957a5eb668e0e36a388784355d528e51a6a4a9a9c6b6ab912812a268dac9dcacf1c13507768e63b1f82f8af29c3786a170000\n\n# tcId = 424\n# empty signature\nmsg = 48656c6c6f\npadding = \nresult = invalid\nsig = \n\n# tcId = 425\n# 0\nmsg = 48656c6c6f\npadding = \nresult = invalid\nsig = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 426\n# 1\nmsg = 48656c6c6f\npadding = \nresult = invalid\nsig = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001\n\n# tcId = 427\n# 2\nmsg = 48656c6c6f\npadding = \nresult = invalid\nsig = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002\n\n# tcId = 428\n# n-1\nmsg = 48656c6c6f\npadding = \nresult = invalid\nsig = 9e62337ef7d4fabec2561bb45a18a362022b23666571bbc762c1c717a14a46d8f58119072aa26245e71fc6945540335163798fcbdea04b3104ee23f2c3874bbfb3e7e0c1ba5f1fca909265274414db6957a5eb668e0e36a388784355d528e51a6a4a9a9c6b6ab912812a268dac9dcacf1c13507768e63b1f82f8af29c3786a16\n\n# tcId = 429\n# n+1\nmsg = 48656c6c6f\npadding = \nresult = invalid\nsig = 9e62337ef7d4fabec2561bb45a18a362022b23666571bbc762c1c717a14a46d8f58119072aa26245e71fc6945540335163798fcbdea04b3104ee23f2c3874bbfb3e7e0c1ba5f1fca909265274414db6957a5eb668e0e36a388784355d528e51a6a4a9a9c6b6ab912812a268dac9dcacf1c13507768e63b1f82f8af29c3786a18\n\n# tcId = 430\n# -1\nmsg = 48656c6c6f\npadding = \nresult = invalid\nsig = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\n\n", }; -static const size_t kLen66 = 186818; +static const size_t kLen67 = 186818; -static const char *kData67[] = { +static const char *kData68[] = { "# Imported from Wycheproof's x25519_test.json.\n# This file is generated by convert_wycheproof.go. Do not edit by hand.\n#\n# Algorithm: X25519\n# Generator version: 0.4\n\n[curve = curve25519]\n\n# tcId = 1\n# normal case\ncurve = curve25519\nprivate = 4852834d9d6b77dadeabaaf2e11dca66d19fe74993a7bec36c6e16a0983feaba\npublic = 9c647d9ae589b9f58fdc3ca4947efbc915c4b2e08e744a0edf469dac59c8f85a\nresult = valid\nshared = 87b7f212b627f7a54ca5e0bcdaddd5389d9de6156cdbcf8ebe14ffbcfb436551\n\n# tcId = 2\n# public key on twist\ncurve = curve25519\nprivate = 588c061a50804ac488ad774ac716c3f5ba714b2712e048491379a500211998a8\npublic = 63aa40c6e38346c5caf23a6df0a5e6c80889a08647e551b3563449befcfc9733\nresult = acceptable\nshared = b1a707519495ffffb298ff941716b06dfab87cf8d91123fe2be9a233dda22212\n# Public keys are either points on curve25519 or points on its twist.\n# Implementations may either reject such keys or compute X25519 using the twist.\n# If a point multiplication is performed then it is important that the result is\n# correct, since otherwise attacks with invalid keys are possible.\n\n# tcId = 3\n# public key on twist\ncurve = curve25519\nprivate = b05bfd32e55325d9fd648cb302848039000b390e44d521e58aab3b29a6960ba8\npublic = 0f83c36fded9d32fadf4efa3ae93a90bb5cfa66893bc412c43fa7287dbb99779\nresult = acceptable\nshared = 67dd4a6e165533534c0e3f172e4ab8576bca923a5f07b2c069b4c310ff2e935b\n# Public keys are either points on curve25519 or points on its twist.\n# Implementations may either reject such keys or compute X25519 using the twist.\n# If a point multiplication is performed then it is important that the result is\n# correct, since otherwise attacks with invalid keys are possible.\n\n# tcId = 4\n# public key on twist\ncurve = curve25519\nprivate = 70e34bcbe1f47fbc0fddfd7c1e1aa53d57bfe0f66d243067b424bb6210bed19c\npublic = 0b8211a2b6049097f6871c6c052d3c5fc1ba17da9e32ae458403b05bb283092a\nresult = acceptable\nshared = 4a0638cfaa9ef1933b47f8939296a6b25be541ef7f70e844c0bcc00b134de64a\n# Public keys are either points on curve25519 or points on its twist.\n# Implementations may either reject such keys or compute X25519 using the twist.\n# If a point multiplication is performed then it is important that the result is\n# correct, since otherwise attacks with invalid keys are possible.\n\n# tcId = 5\n# public key on twist\ncurve = curve25519\nprivate = 68c1f3a653a4cdb1d37bba94738f8b957a57beb24d646e994dc29a276aad458d\npublic = 343ac20a3b9c6a27b1008176509ad30735856ec1c8d8fcae13912d08d152f46c\nresult = acceptable\nshared = 399491fce8dfab73b4f9f611de8ea0b27b28f85994250b0f475d585d042ac207\n# Public keys are either points on curve25519 or points on its twist.\n# Implementations may either reject such keys or compute X25519 using the twist.\n# If a point multiplication is performed then it is important that the result is\n# correct, since otherwise attacks with invalid keys are possible.\n\n# tcId = 6\n# public key on twist\ncurve = curve25519\nprivate = d877b26d06dff9d9f7fd4c5b3769f8cdd5b30516a5ab806be324ff3eb69ea0b2\npublic = fa695fc7be8d1be5bf704898f388c452bafdd3b8eae805f8681a8d15c2d4e142\nresult = acceptable\nshared = 2c4fe11d490a53861776b13b4354abd4cf5a97699db6e6c68c1626d07662f758\n# Public keys are either points on curve25519 or points on its twist.\n# Implementations may either reject such keys or compute X25519 using the twist.\n# If a point multiplication is performed then it is important that the result is\n# correct, since otherwise attacks with invalid keys are possible.\n\n# tcId = 7\n# public key = 0\ncurve = curve25519\nprivate = 207494038f2bb811d47805bcdf04a2ac585ada7f2f23389bfd4658f9ddd4debc\npublic = 0000000000000000000000000000000000000000000000000000000000000000\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 8\n# public key = 1\ncurve = curve25519\nprivate = 202e8972b61c7e61930eb9450b5070eae1c670475685541f0476217e4818cfab\npublic = 0100000000000000000000000000000000000000000000000000000000000000\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 9\n# edge case on twist\ncurve = curve25519\nprivate = 38dde9f3e7b799045f9ac3793d4a9277dadeadc41bec0290f81f744f73775f84\npublic = 0200000000000000000000000000000000000000000000000000000000000000\nresult = acceptable\nshared = 9a2cfe84ff9c4a9739625cae4a3b82a906877a441946f8d7b3d795fe8f5d1639\n\n# tcId = 10\n# edge case on twist\ncurve = curve25519\nprivate = 9857a914e3c29036fd9a442ba526b5cdcdf28216153e636c10677acab6bd6aa5\npublic = 0300000000000000000000000000000000000000000000000000000000000000\nresult = acceptable\nshared = 4da4e0aa072c232ee2f0fa4e519ae50b52c1edd08a534d4ef346c2e106d21d60\n\n# tcId = 11\n# edge case on twist\ncurve = curve25519\nprivate = 48e2130d723305ed05e6e5894d398a5e33367a8c6aac8fcdf0a88e4b42820db7\npublic = ffffff030000f8ffff1f0000c0ffffff000000feffff070000f0ffff3f000000\nresult = acceptable\nshared = 9ed10c53747f647f82f45125d3de15a1e6b824496ab40410ffcc3cfe95760f3b\n\n# tcId = 12\n# edge case on twist\ncurve = curve25519\nprivate = 28f41011691851b3a62b641553b30d0dfddcb8fffcf53700a7be2f6a872e9fb0\npublic = 000000fcffff070000e0ffff3f000000ffffff010000f8ffff0f0000c0ffff7f\nresult = acceptable\nshared = cf72b4aa6aa1c9f894f4165b86109aa468517648e1f0cc70e1ab08460176506b\n\n# tcId = 13\n# edge case on twist\ncurve = curve25519\nprivate = 18a93b6499b9f6b3225ca02fef410e0adec23532321d2d8ef1a6d602a8c65b83\npublic = 00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffff7f\nresult = acceptable\nshared = 5d50b62836bb69579410386cf7bb811c14bf85b1c7b17e5924c7ffea91ef9e12\n\n# tcId = 14\n# edge case on twist\ncurve = curve25519\nprivate = c01d1305a1338a1fcac2ba7e2e032b427e0b04903165aca957d8d0553d8717b0\npublic = eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\nresult = acceptable\nshared = 19230eb148d5d67c3c22ab1daeff80a57eae4265ce2872657b2c8099fc698e50\n\n# tcId = 15\n# edge case for public key\ncurve = curve25519\nprivate = 386f7f16c50731d64f82e6a170b142a4e34f31fd7768fcb8902925e7d1e21abe\npublic = 0400000000000000000000000000000000000000000000000000000000000000\nresult = valid\nshared = 0fcab5d842a078d7a71fc59b57bfb4ca0be6873b49dcdb9f44e14ae8fbdfa542\n\n# tcId = 16\n# edge case for public key\ncurve = curve25519\nprivate = e023a289bd5e90fa2804ddc019a05ef3e79d434bb6ea2f522ecb643a75296e95\npublic = ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000\nresult = valid\nshared = 54ce8f2275c077e3b1306a3939c5e03eef6bbb88060544758d9fef59b0bc3e4f\n\n# tcId = 17\n# edge case for public key\ncurve = curve25519\nprivate = 68f010d62ee8d926053a361c3a75c6ea4ebdc8606ab285003a6f8f4076b01e83\npublic = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03\nresult = valid\nshared = f136775c5beb0af8110af10b20372332043cab752419678775a223df57c9d30d\n\n# tcId = 18\n# edge case for public key\ncurve = curve25519\nprivate = 58ebcb35b0f8845caf1ec630f96576b62c4b7b6c36b29deb2cb0084651755c96\npublic = fffffffbfffffbffffdfffffdffffffffefffffefffff7fffff7ffffbfffff3f\nresult = valid\nshared = bf9affd06b844085586460962ef2146ff3d4533d9444aab006eb88cc3054407d\n\n# tcId = 19\n# edge case for public key\ncurve = curve25519\nprivate = 188c4bc5b9c44b38bb658b9b2ae82d5b01015e093184b17cb7863503a783e1bb\npublic = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f\nresult = valid\nshared = d480de04f699cb3be0684a9cc2e31281ea0bc5a9dcc157d3d20158d46ca5246d\n\n# tcId = 20\n# edge case for public key\ncurve = curve25519\nprivate = e06c11bb2e13ce3dc7673f67f5482242909423a9ae95ee986a988d98faee23a2\npublic = fffffffffeffff7ffffffffffeffff7ffffffffffeffff7ffffffffffeffff7f\nresult = valid\nshared = 4c4401cce6b51e4cb18f2790246c9bf914db667750a1cb89069092af07292276\n\n# tcId = 21\n# edge case for public key\ncurve = curve25519\nprivate = c0658c46dde18129293877535b1162b6f9f5414a23cf4d2cbc140a4d99da2b8f\npublic = ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\nresult = valid\nshared = 578ba8cc2dbdc575afcf9df2b3ee6189f5337d6854c79b4ce165ea12293b3a0f\n\n# tcId = 22\n# public key with low order\ncurve = curve25519\nprivate = 10255c9230a97a30a458ca284a629669293a31890cda9d147febc7d1e22d6bb1\npublic = e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId", " = 23\n# public key with low order\ncurve = curve25519\nprivate = 78f1e8edf14481b389448dac8f59c70b038e7cf92ef2c7eff57a72466e115296\npublic = 5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 24\n# public key with low order\ncurve = curve25519\nprivate = a0a05a3e8f9f44204d5f8059a94ac7dfc39a49ac016dd743dbfa43c5d671fd88\npublic = ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 25\n# public key with low order\ncurve = curve25519\nprivate = d0dbb3ed1906663f15420af31f4eaf6509d9a9949723500605ad7c1c6e7450a9\npublic = edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 26\n# public key with low order\ncurve = curve25519\nprivate = c0b1d0eb22b244fe3291140072cdd9d989b5f0ecd96c100feb5bca241c1d9f8f\npublic = eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 27\n# public key with low order\ncurve = curve25519\nprivate = 480bf45f594942a8bc0f3353c6e8b8853d77f351f1c2ca6c2d1abf8a00b4229c\npublic = 0000000000000000000000000000000000000000000000000000000000000080\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 28\n# public key with low order\ncurve = curve25519\nprivate = 30f993fcf8514fc89bd8db14cd43ba0d4b2530e73c4276a05e1b145d420cedb4\npublic = 0100000000000000000000000000000000000000000000000000000000000080\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 29\n# public key with low order\ncurve = curve25519\nprivate = c04974b758380e2a5b5df6eb09bb2f6b3434f982722a8e676d3da251d1b3de83\npublic = e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 30\n# public key with low order\ncurve = curve25519\nprivate = 502a31373db32446842fe5add3e024022ea54f274182afc3d9f1bb3d39534eb5\npublic = 5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 31\n# public key with low order\ncurve = curve25519\nprivate = 90fa6417b0e37030fd6e43eff2abaef14c6793117a039cf621318ba90f4e98be\npublic = ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 32\n# public key with low order\ncurve = curve25519\nprivate = 78ad3f26027f1c9fdd975a1613b947779bad2cf2b741ade01840885a30bb979c\npublic = edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 33\n# public key with low order\ncurve = curve25519\nprivate = 98e23de7b1e0926ed9c87e7b14baf55f497a1d7096f93977680e44dc1c7b7b8b\npublic = eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 34\n# public key >= p\ncurve = curve25519\nprivate = f01e48dafac9d7bcf589cbc382c878d18bda3550589ffb5d50b523bebe329dae\npublic = efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\nresult = acceptable\nshared = bd36a0790eb883098c988b21786773de0b3a4df162282cf110de18dd484ce74b\n\n# tcId = 35\n# public key >= p\ncurve = curve25519\nprivate = 288796bc5aff4b81a37501757bc0753a3c21964790d38699308debc17a6eaf8d\npublic = f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\nresult = acceptable\nshared = b4e0dd76da7b071728b61f856771aa356e57eda78a5b1655cc3820fb5f854c5c\n\n# tcId = 36\n# public key >= p\ncurve = curve25519\nprivate = 98df845f6651bf1138221f119041f72b6dbc3c4ace7143d99fd55ad867480da8\npublic = f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\nresult = acceptable\nshared = 6fdf6c37611dbd5304dc0f2eb7c9517eb3c50e12fd050ac6dec27071d4bfc034\n\n# tcId = 37\n# public key >= p\ncurve = curve25519\nprivate = f09498e46f02f878829e78b803d316a2ed695d0498a08abdf8276930e24edcb0\npublic = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\nresult = acceptable\nshared = 4c8fc4b1c6ab88fb21f18f6d4c810240d4e94651ba44f7a2c863cec7dc56602d\n\n# tcId = 38\n# public key >= p\ncurve = curve25519\nprivate = 1813c10a5c7f21f96e17f288c0cc37607c04c5f5aea2db134f9e2ffc66bd9db8\npublic = 0200000000000000000000000000000000000000000000000000000000000080\nresult = acceptable\nshared = 1cd0b28267dc541c642d6d7dca44a8b38a63736eef5c4e6501ffbbb1780c033c\n\n# tcId = 39\n# public key >= p\ncurve = curve25519\nprivate = 7857fb808653645a0beb138a64f5f4d733a45ea84c3cda11a9c06f7e7139149e\npublic = 0300000000000000000000000000000000000000000000000000000000000080\nresult = acceptable\nshared = 8755be01c60a7e825cff3e0e78cb3aa4333861516aa59b1c51a8b2a543dfa822\n\n# tcId = 40\n# public key >= p\ncurve = curve25519\nprivate = e03aa842e2abc56e81e87b8b9f417b2a1e5913c723eed28d752f8d47a59f498f\npublic = 0400000000000000000000000000000000000000000000000000000000000080\nresult = acceptable\nshared = 54c9a1ed95e546d27822a360931dda60a1df049da6f904253c0612bbdc087476\n\n# tcId = 41\n# public key >= p\ncurve = curve25519\nprivate = f8f707b7999b18cb0d6b96124f2045972ca274bfc154ad0c87038c24c6d0d4b2\npublic = daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = cc1f40d743cdc2230e1043daba8b75e810f1fbab7f255269bd9ebb29e6bf494f\n\n# tcId = 42\n# public key >= p\ncurve = curve25519\nprivate = a034f684fa631e1a348118c1ce4c98231f2d9eec9ba5365b4a05d69a785b0796\npublic = dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = 54998ee43a5b007bf499f078e736524400a8b5c7e9b9b43771748c7cdf880412\n\n# tcId = 43\n# public key >= p\ncurve = curve25519\nprivate = 30b6c6a0f2ffa680768f992ba89e152d5bc9893d38c9119be4f767bfab6e0ca5\npublic = dcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = ead9b38efdd723637934e55ab717a7ae09eb86a21dc36a3feeb88b759e391e09\n\n# tcId = 44\n# public key >= p\ncurve = curve25519\nprivate = 901b9dcf881e01e027575035d40b43bdc1c5242e030847495b0c7286469b6591\npublic = eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = 602ff40789b54b41805915fe2a6221f07a50ffc2c3fc94cf61f13d7904e88e0e\n\n# tcId = 45\n# public key >= p\ncurve = curve25519\nprivate = 8046677c28fd82c9a1bdb71a1a1a34faba1225e2507fe3f54d10bd5b0d865f8e\npublic = ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = e00ae8b143471247ba24f12c885536c3cb981b58e1e56b2baf35c12ae1f79c26\n\n# tcId = 46\n# public key >= p\ncurve = curve25519\nprivate = 602f7e2f68a846b82cc269b1d48e939886ae54fd636c1fe074d710127d472491\npublic = efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = 98cb9b50dd3fc2b0d4f2d2bf7c5cfdd10c8fcd31fc40af1ad44f47c131376362\n\n# tcId = 47\n# public key >= p\ncurve = curve25519\nprivate = 60887b3dc72443026ebedbbbb70665f42b87add1440e7768fbd7e8e2ce5f639d\npublic = f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = 38d6304c4a7e6d9f7959334fb5245bd2c754525d4c91db950206926234c1f633\n\n# tcId = 48\n# public key >= p\ncurve = curve25519\nprivate = 78d31dfa854497d72d8def8a1b7fb006cec2d8c4924647c93814ae56faeda495\npublic = f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = 786cd54996f014a5a031ec14db812ed08355061fdb5de680a800ac521f318e23\n\n# tcId = 49\n# public key >= p\ncurve = curve25519\nprivate = c04c5baefa8302ddded6a4bb957761b4eb97aefa4fc3b8043085f96a5659b3a5\npublic = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\nresult = acceptable\nshared = 29ae8bc73e9b10a08b4f681c43c3e0ac1a171d31b38f1a48efba29ae639ea134\n\n# tcId = 50\n# RFC 7748\ncurve = curve25519\nprivate = a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44\npublic = e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a", "903a6d0ab1c4c\nresult = valid\nshared = c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552\n\n# tcId = 51\n# RFC 7748\ncurve = curve25519\nprivate = 4866e9d4d1b4673c5ad22691957d6af5c11b6421e0ea01d42ca4169e7918ba4d\npublic = e5210f12786811d3f4b7959d0538ae2c31dbe7106fc03c3efc4cd549c715a413\nresult = valid\nshared = 95cbde9476e8907d7aade45cb4b873f88b595a68799fa152e6f8f7647aac7957\n\n# tcId = 52\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = 0ab4e76380d84dde4f6833c58f2a9fb8f83bb0169b172be4b6e0592887741a36\nresult = acceptable\nshared = 0200000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 53\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = 89e10d5701b4337d2d032181538b1064bd4084401ceca1fd12663a1959388000\nresult = valid\nshared = 0900000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 54\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = 2b55d3aa4a8f80c8c0b2ae5f933e85af49beac36c2fa7394bab76c8933f8f81d\nresult = valid\nshared = 1000000000000000000000000000000000000000000000000000000000000000\n\n# tcId = 55\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = 63e5b1fe9601fe84385d8866b0421262f78fbfa5aff9585e626679b18547d959\nresult = acceptable\nshared = feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f\n\n# tcId = 56\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = e428f3dac17809f827a522ce32355058d07369364aa78902ee10139b9f9dd653\nresult = valid\nshared = fcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f\n\n# tcId = 57\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = b3b50e3ed3a407b95de942ef74575b5ab8a10c09ee103544d60bdfed8138ab2b\nresult = acceptable\nshared = f9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f\n\n# tcId = 58\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = 213fffe93d5ea8cd242e462844029922c43c77c9e3e42f562f485d24c501a20b\nresult = valid\nshared = f3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f\n\n# tcId = 59\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = 91b232a178b3cd530932441e6139418f72172292f1da4c1834fc5ebfefb51e3f\nresult = valid\nshared = ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03\n\n# tcId = 60\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = 045c6e11c5d332556c7822fe94ebf89b56a3878dc27ca079103058849fabcb4f\nresult = acceptable\nshared = e5ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\n\n# tcId = 61\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = 1ca2190b71163539063c35773bda0c9c928e9136f0620aeb093f099197b7f74e\nresult = acceptable\nshared = e3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\n\n# tcId = 62\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = f76e9010ac33c5043b2d3b76a842171000c4916222e9e85897a0aec7f6350b3c\nresult = valid\nshared = ddffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\n\n# tcId = 63\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = bb72688d8f8aa7a39cd6060cd5c8093cdec6fe341937c3886a99346cd07faa55\nresult = acceptable\nshared = dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f\n\n# tcId = 64\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = 88fddea193391c6a5933ef9b71901549447205aae9da928a6b91a352ba10f41f\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000000002\n\n# tcId = 65\n# edge case for shared secret\ncurve = curve25519\nprivate = a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63\npublic = 303b392f153116cad9cc682a00ccc44c95ff0d3bbe568beb6c4e739bafdc2c68\nresult = acceptable\nshared = 0000000000000000000000000000000000000000000000000000000000008000\n\n# tcId = 66\n# checking for overflow\ncurve = curve25519\nprivate = c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2\npublic = fd300aeb40e1fa582518412b49b208a7842b1e1f056a040178ea4141534f652d\nresult = valid\nshared = b734105dc257585d73b566ccb76f062795ccbec89128e52b02f3e59639f13c46\n\n# tcId = 67\n# checking for overflow\ncurve = curve25519\nprivate = c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2\npublic = c8ef79b514d7682677bc7931e06ee5c27c9b392b4ae9484473f554e6678ecc2e\nresult = valid\nshared = 647a46b6fc3f40d62141ee3cee706b4d7a9271593a7b143e8e2e2279883e4550\n\n# tcId = 68\n# checking for overflow\ncurve = curve25519\nprivate = c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2\npublic = 64aeac2504144861532b7bbcb6c87d67dd4c1f07ebc2e06effb95aecc6170b2c\nresult = valid\nshared = 4ff03d5fb43cd8657a3cf37c138cadcecce509e4eba089d0ef40b4e4fb946155\n\n# tcId = 69\n# checking for overflow\ncurve = curve25519\nprivate = c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2\npublic = bf68e35e9bdb7eee1b50570221860f5dcdad8acbab031b14974cc49013c49831\nresult = valid\nshared = 21cee52efdbc812e1d021a4af1e1d8bc4db3c400e4d2a2c56a3926db4d99c65b\n\n# tcId = 70\n# checking for overflow\ncurve = curve25519\nprivate = c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2\npublic = 5347c491331a64b43ddc683034e677f53dc32b52a52a577c15a83bf298e99f19\nresult = valid\nshared = 18cb89e4e20c0c2bd324305245266c9327690bbe79acb88f5b8fb3f74eca3e52\n\n# tcId = 71\n# private key == -1 (mod order)\ncurve = curve25519\nprivate = a023cdd083ef5bb82f10d62e59e15a6800000000000000000000000000000050\npublic = 258e04523b8d253ee65719fc6906c657192d80717edc828fa0af21686e2faa75\nresult = valid\nshared = 258e04523b8d253ee65719fc6906c657192d80717edc828fa0af21686e2faa75\n\n# tcId = 72\n# private key == 1 (mod order) on twist\ncurve = curve25519\nprivate = 58083dd261ad91eff952322ec824c682ffffffffffffffffffffffffffffff5f\npublic = 2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035\nresult = acceptable\nshared = 2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035\n\n", }; -static const size_t kLen67 = 23096; +static const size_t kLen68 = 23096; static std::string AssembleString(const char **data, size_t len) { std::string ret; @@ -3224,51 +3234,54 @@ std::string GetTestData(const char *path) { if (strcmp(path, "crypto/x509/some_names3.pem") == 0) { return AssembleString(kData52, kLen52); } - if (strcmp(path, "third_party/wycheproof/aes_cbc_pkcs5_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt") == 0) { return AssembleString(kData53, kLen53); } - if (strcmp(path, "third_party/wycheproof/aes_gcm_siv_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/aes_gcm_siv_test.txt") == 0) { return AssembleString(kData54, kLen54); } - if (strcmp(path, "third_party/wycheproof/aes_gcm_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/aes_gcm_test.txt") == 0) { return AssembleString(kData55, kLen55); } - if (strcmp(path, "third_party/wycheproof/chacha20_poly1305_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/chacha20_poly1305_test.txt") == 0) { return AssembleString(kData56, kLen56); } - if (strcmp(path, "third_party/wycheproof/dsa_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/dsa_test.txt") == 0) { return AssembleString(kData57, kLen57); } - if (strcmp(path, "third_party/wycheproof/ecdh_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/ecdh_test.txt") == 0) { return AssembleString(kData58, kLen58); } - if (strcmp(path, "third_party/wycheproof/ecdsa_secp224r1_sha224_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/ecdsa_secp224r1_sha224_test.txt") == 0) { return AssembleString(kData59, kLen59); } - if (strcmp(path, "third_party/wycheproof/ecdsa_secp224r1_sha256_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/ecdsa_secp224r1_sha256_test.txt") == 0) { return AssembleString(kData60, kLen60); } - if (strcmp(path, "third_party/wycheproof/ecdsa_secp256r1_sha256_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/ecdsa_secp256r1_sha256_test.txt") == 0) { return AssembleString(kData61, kLen61); } - if (strcmp(path, "third_party/wycheproof/ecdsa_secp384r1_sha384_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/ecdsa_secp384r1_sha384_test.txt") == 0) { return AssembleString(kData62, kLen62); } - if (strcmp(path, "third_party/wycheproof/ecdsa_secp384r1_sha512_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt") == 0) { return AssembleString(kData63, kLen63); } - if (strcmp(path, "third_party/wycheproof/ecdsa_secp521r1_sha512_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/ecdsa_secp521r1_sha512_test.txt") == 0) { return AssembleString(kData64, kLen64); } - if (strcmp(path, "third_party/wycheproof/eddsa_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/eddsa_test.txt") == 0) { return AssembleString(kData65, kLen65); } - if (strcmp(path, "third_party/wycheproof/rsa_signature_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/kw_test.txt") == 0) { return AssembleString(kData66, kLen66); } - if (strcmp(path, "third_party/wycheproof/x25519_test.txt") == 0) { + if (strcmp(path, "third_party/wycheproof_testvectors/rsa_signature_test.txt") == 0) { return AssembleString(kData67, kLen67); } + if (strcmp(path, "third_party/wycheproof_testvectors/x25519_test.txt") == 0) { + return AssembleString(kData68, kLen68); + } fprintf(stderr, "File not embedded: %s.\n", path); abort(); } diff --git a/third_party/boringssl/err_data.c b/third_party/boringssl/err_data.c index afb6a80266..4c4ba42d89 100644 --- a/third_party/boringssl/err_data.c +++ b/third_party/boringssl/err_data.c @@ -54,175 +54,175 @@ OPENSSL_COMPILE_ASSERT(ERR_LIB_USER == 32, library_values_changed_32); OPENSSL_COMPILE_ASSERT(ERR_NUM_LIBS == 33, library_values_changed_num); const uint32_t kOpenSSLReasonValues[] = { - 0xc320848, - 0xc328862, - 0xc330871, - 0xc338881, - 0xc340890, - 0xc3488a9, - 0xc3508b5, - 0xc3588d2, - 0xc3608f2, - 0xc368900, - 0xc370910, - 0xc37891d, - 0xc38092d, - 0xc388938, - 0xc39094e, - 0xc39895d, - 0xc3a0971, - 0xc3a8855, + 0xc32083a, + 0xc328854, + 0xc330863, + 0xc338873, + 0xc340882, + 0xc34889b, + 0xc3508a7, + 0xc3588c4, + 0xc3608e4, + 0xc3688f2, + 0xc370902, + 0xc37890f, + 0xc38091f, + 0xc38892a, + 0xc390940, + 0xc39894f, + 0xc3a0963, + 0xc3a8847, 0xc3b00ea, - 0xc3b88e4, - 0x10320855, - 0x10329545, - 0x10331551, - 0x1033956a, - 0x1034157d, - 0x10348f0c, - 0x10350c6e, - 0x10359590, - 0x103615a5, - 0x103695b8, - 0x103715d7, - 0x103795f0, - 0x10381605, - 0x10389623, - 0x10391632, - 0x1039964e, - 0x103a1669, - 0x103a9678, - 0x103b1694, - 0x103b96af, - 0x103c16d5, + 0xc3b88d6, + 0x10320847, + 0x1032955e, + 0x1033156a, + 0x10339583, + 0x10341596, + 0x10348efe, + 0x10350c60, + 0x103595a9, + 0x103615be, + 0x103695d1, + 0x103715f0, + 0x10379609, + 0x1038161e, + 0x1038963c, + 0x1039164b, + 0x10399667, + 0x103a1682, + 0x103a9691, + 0x103b16ad, + 0x103b96c8, + 0x103c16ee, 0x103c80ea, - 0x103d16e6, - 0x103d96fa, - 0x103e1719, - 0x103e9728, - 0x103f173f, - 0x103f9752, - 0x10400c32, - 0x10409765, - 0x10411783, - 0x10419796, - 0x104217b0, - 0x104297c0, - 0x104317d4, - 0x104397ea, - 0x10441802, - 0x10449817, - 0x1045182b, - 0x1045983d, - 0x1046060b, - 0x1046895d, - 0x10471852, - 0x10479869, - 0x1048187e, - 0x1048988c, - 0x10490e6e, - 0x104996c6, - 0x14320c15, - 0x14328c23, - 0x14330c32, - 0x14338c44, + 0x103d16ff, + 0x103d9713, + 0x103e1732, + 0x103e9741, + 0x103f1758, + 0x103f976b, + 0x10400c24, + 0x1040977e, + 0x1041179c, + 0x104197af, + 0x104217c9, + 0x104297d9, + 0x104317ed, + 0x10439803, + 0x1044181b, + 0x10449830, + 0x10451844, + 0x10459856, + 0x104605fd, + 0x1046894f, + 0x1047186b, + 0x10479882, + 0x10481897, + 0x104898a5, + 0x10490e60, + 0x104996df, + 0x14320c07, + 0x14328c15, + 0x14330c24, + 0x14338c36, 0x143400ac, 0x143480ea, 0x18320083, - 0x18328f62, + 0x18328f54, 0x183300ac, - 0x18338f78, - 0x18340f8c, + 0x18338f6a, + 0x18340f7e, 0x183480ea, - 0x18350fa1, - 0x18358fb9, - 0x18360fce, - 0x18368fe2, - 0x18371006, - 0x1837901c, - 0x18381030, - 0x18389040, - 0x18390a83, - 0x18399050, - 0x183a1078, - 0x183a909e, - 0x183b0c7a, - 0x183b90d3, - 0x183c10e5, - 0x183c90f0, - 0x183d1100, - 0x183d9111, - 0x183e1122, - 0x183e9134, - 0x183f115d, - 0x183f9176, - 0x1840118e, - 0x184086e3, - 0x184110c1, - 0x1841908c, - 0x184210ab, - 0x18429065, - 0x203211c8, - 0x203291b5, - 0x243211d4, - 0x243289a3, - 0x243311e6, - 0x243391f3, - 0x24341200, - 0x24349212, - 0x24351221, - 0x2435923e, - 0x2436124b, - 0x24369259, - 0x24371267, - 0x24379275, - 0x2438127e, - 0x2438928b, - 0x2439129e, - 0x28320c62, - 0x28328c7a, - 0x28330c32, - 0x28338c8d, - 0x28340c6e, + 0x18350f93, + 0x18358fab, + 0x18360fc0, + 0x18368fd4, + 0x18370ff8, + 0x1837900e, + 0x18381022, + 0x18389032, + 0x18390a75, + 0x18399042, + 0x183a106a, + 0x183a9090, + 0x183b0c6c, + 0x183b90c5, + 0x183c10d7, + 0x183c90e2, + 0x183d10f2, + 0x183d9103, + 0x183e1114, + 0x183e9126, + 0x183f114f, + 0x183f9168, + 0x18401180, + 0x184086d5, + 0x184110b3, + 0x1841907e, + 0x1842109d, + 0x18429057, + 0x203211ba, + 0x203291a7, + 0x243211c6, + 0x24328995, + 0x243311d8, + 0x243391e5, + 0x243411f2, + 0x24349204, + 0x24351213, + 0x24359230, + 0x2436123d, + 0x2436924b, + 0x24371259, + 0x24379267, + 0x24381270, + 0x2438927d, + 0x24391290, + 0x28320c54, + 0x28328c6c, + 0x28330c24, + 0x28338c7f, + 0x28340c60, 0x283480ac, 0x283500ea, - 0x2c322d16, - 0x2c3292b5, - 0x2c332d24, - 0x2c33ad36, - 0x2c342d4a, - 0x2c34ad5c, - 0x2c352d77, - 0x2c35ad89, - 0x2c362d9c, + 0x2c322d61, + 0x2c3292a7, + 0x2c332d6f, + 0x2c33ad81, + 0x2c342d95, + 0x2c34ada7, + 0x2c352dc2, + 0x2c35add4, + 0x2c362de7, 0x2c36832d, - 0x2c372da9, - 0x2c37adbb, - 0x2c382de0, - 0x2c38adf7, - 0x2c392e05, - 0x2c39ae15, - 0x2c3a2e27, - 0x2c3aae3b, - 0x2c3b2e4c, - 0x2c3bae6b, - 0x2c3c12c7, - 0x2c3c92dd, - 0x2c3d2e7f, - 0x2c3d92f6, - 0x2c3e2e9c, - 0x2c3eaeaa, - 0x2c3f2ec2, - 0x2c3faeda, - 0x2c402ee7, - 0x2c4091c8, - 0x2c412ef8, - 0x2c41af0b, - 0x2c42118e, - 0x2c42af1c, - 0x2c430730, - 0x2c43ae5d, - 0x2c442dce, + 0x2c372df4, + 0x2c37ae06, + 0x2c382e2b, + 0x2c38ae42, + 0x2c392e50, + 0x2c39ae60, + 0x2c3a2e72, + 0x2c3aae86, + 0x2c3b2e97, + 0x2c3baeb6, + 0x2c3c12b9, + 0x2c3c92cf, + 0x2c3d2eca, + 0x2c3d92e8, + 0x2c3e2ee7, + 0x2c3eaef5, + 0x2c3f2f0d, + 0x2c3faf25, + 0x2c402f32, + 0x2c4091ba, + 0x2c412f43, + 0x2c41af56, + 0x2c421180, + 0x2c42af67, + 0x2c430722, + 0x2c43aea8, + 0x2c442e19, 0x30320000, 0x30328015, 0x3033001f, @@ -266,472 +266,476 @@ const uint32_t kOpenSSLReasonValues[] = { 0x30460312, 0x3046832d, 0x3047034a, - 0x30478363, - 0x30480371, - 0x30488382, - 0x30490391, - 0x304983a9, - 0x304a03bb, - 0x304a83cf, - 0x304b03ee, - 0x304b8401, - 0x304c040c, - 0x304c841d, - 0x304d0429, - 0x304d843f, - 0x304e044d, - 0x304e8463, - 0x304f0475, - 0x304f8487, - 0x305004aa, - 0x305084bd, - 0x305104ce, - 0x305184de, - 0x305204f6, - 0x3052850b, - 0x30530523, - 0x30538537, - 0x3054054f, - 0x30548568, - 0x30550581, - 0x3055859e, - 0x305605a9, - 0x305685c1, - 0x305705d1, - 0x305785e2, - 0x305805f5, - 0x3058860b, - 0x30590614, - 0x30598629, - 0x305a063c, - 0x305a864b, - 0x305b066b, - 0x305b867a, - 0x305c069b, - 0x305c86b7, - 0x305d06c3, - 0x305d86e3, - 0x305e06ff, - 0x305e8710, - 0x305f0726, - 0x305f8730, - 0x3060049a, - 0x34320b73, - 0x34328b87, - 0x34330ba4, - 0x34338bb7, - 0x34340bc6, - 0x34348bff, - 0x34350be3, + 0x3047835c, + 0x3048036a, + 0x3048837b, + 0x3049038a, + 0x304983a2, + 0x304a03b4, + 0x304a83c8, + 0x304b03e0, + 0x304b83f3, + 0x304c03fe, + 0x304c840f, + 0x304d041b, + 0x304d8431, + 0x304e043f, + 0x304e8455, + 0x304f0467, + 0x304f8479, + 0x3050049c, + 0x305084af, + 0x305104c0, + 0x305184d0, + 0x305204e8, + 0x305284fd, + 0x30530515, + 0x30538529, + 0x30540541, + 0x3054855a, + 0x30550573, + 0x30558590, + 0x3056059b, + 0x305685b3, + 0x305705c3, + 0x305785d4, + 0x305805e7, + 0x305885fd, + 0x30590606, + 0x3059861b, + 0x305a062e, + 0x305a863d, + 0x305b065d, + 0x305b866c, + 0x305c068d, + 0x305c86a9, + 0x305d06b5, + 0x305d86d5, + 0x305e06f1, + 0x305e8702, + 0x305f0718, + 0x305f8722, + 0x3060048c, + 0x34320b65, + 0x34328b79, + 0x34330b96, + 0x34338ba9, + 0x34340bb8, + 0x34348bf1, + 0x34350bd5, 0x3c320083, - 0x3c328cb7, - 0x3c330cd0, - 0x3c338ceb, - 0x3c340d08, - 0x3c348d32, - 0x3c350d4d, - 0x3c358d73, - 0x3c360d8c, - 0x3c368da4, - 0x3c370db5, - 0x3c378dc3, - 0x3c380dd0, - 0x3c388de4, - 0x3c390c7a, - 0x3c398e07, - 0x3c3a0e1b, - 0x3c3a891d, - 0x3c3b0e2b, - 0x3c3b8e46, - 0x3c3c0e58, - 0x3c3c8e8b, - 0x3c3d0e95, - 0x3c3d8ea9, - 0x3c3e0eb7, - 0x3c3e8edc, - 0x3c3f0ca3, - 0x3c3f8ec5, + 0x3c328ca9, + 0x3c330cc2, + 0x3c338cdd, + 0x3c340cfa, + 0x3c348d24, + 0x3c350d3f, + 0x3c358d65, + 0x3c360d7e, + 0x3c368d96, + 0x3c370da7, + 0x3c378db5, + 0x3c380dc2, + 0x3c388dd6, + 0x3c390c6c, + 0x3c398df9, + 0x3c3a0e0d, + 0x3c3a890f, + 0x3c3b0e1d, + 0x3c3b8e38, + 0x3c3c0e4a, + 0x3c3c8e7d, + 0x3c3d0e87, + 0x3c3d8e9b, + 0x3c3e0ea9, + 0x3c3e8ece, + 0x3c3f0c95, + 0x3c3f8eb7, 0x3c4000ac, 0x3c4080ea, - 0x3c410d23, - 0x3c418d62, - 0x3c420e6e, - 0x3c428df8, - 0x403218e5, - 0x403298fb, - 0x40331929, - 0x40339933, - 0x4034194a, - 0x40349968, - 0x40351978, - 0x4035998a, - 0x40361997, - 0x403699a3, - 0x403719b8, - 0x403799ca, - 0x403819d5, - 0x403899e7, - 0x40390f0c, - 0x403999f7, - 0x403a1a0a, - 0x403a9a2b, - 0x403b1a3c, - 0x403b9a4c, + 0x3c410d15, + 0x3c418d54, + 0x3c420e60, + 0x3c428dea, + 0x403218fe, + 0x40329914, + 0x40331942, + 0x4033994c, + 0x40341963, + 0x40349981, + 0x40351991, + 0x403599a3, + 0x403619b0, + 0x403699bc, + 0x403719d1, + 0x403799e3, + 0x403819ee, + 0x40389a00, + 0x40390efe, + 0x40399a10, + 0x403a1a23, + 0x403a9a44, + 0x403b1a55, + 0x403b9a65, 0x403c0064, 0x403c8083, - 0x403d1ad0, - 0x403d9ae6, - 0x403e1af5, - 0x403e9b2d, - 0x403f1b47, - 0x403f9b55, - 0x40401b6a, - 0x40409b7e, - 0x40411b9b, - 0x40419bb6, - 0x40421bcf, - 0x40429be2, - 0x40431bf6, - 0x40439c0e, - 0x40441c25, + 0x403d1ae9, + 0x403d9aff, + 0x403e1b0e, + 0x403e9b46, + 0x403f1b60, + 0x403f9b6e, + 0x40401b83, + 0x40409b97, + 0x40411bb4, + 0x40419bcf, + 0x40421be8, + 0x40429bfb, + 0x40431c0f, + 0x40439c27, + 0x40441c3e, 0x404480ac, - 0x40451c3a, - 0x40459c4c, - 0x40461c70, - 0x40469c90, - 0x40471c9e, - 0x40479cc5, - 0x40481d18, - 0x40489d4b, - 0x40491d62, - 0x40499d7c, - 0x404a1d93, - 0x404a9db1, - 0x404b1dc9, - 0x404b9de0, - 0x404c1df6, - 0x404c9e08, - 0x404d1e29, - 0x404d9e62, - 0x404e1e76, - 0x404e9e83, - 0x404f1eb0, - 0x404f9ed9, - 0x40501f14, - 0x40509f28, - 0x40511f43, - 0x40521f53, - 0x40529f77, - 0x40531f8f, - 0x40539fa2, - 0x40541fb7, - 0x40549fda, - 0x40551fe8, - 0x4055a025, - 0x40562032, - 0x4056a04b, - 0x40572063, - 0x4057a076, - 0x4058208b, - 0x4058a0b2, - 0x405920e1, - 0x4059a10e, - 0x405a2122, - 0x405aa132, - 0x405b214a, - 0x405ba15b, - 0x405c216e, - 0x405ca1ad, - 0x405d21ba, - 0x405da1d1, - 0x405e220f, - 0x405e8ac1, - 0x405f2230, - 0x405fa23d, - 0x4060224b, - 0x4060a26d, - 0x406122ce, - 0x4061a306, - 0x4062231d, - 0x4062a32e, - 0x4063233f, - 0x4063a354, - 0x4064236b, - 0x4064a397, - 0x406523b2, - 0x4065a3c9, - 0x406623e1, - 0x4066a40b, - 0x40672436, - 0x4067a457, - 0x4068249f, - 0x4068a4c0, - 0x406924f2, - 0x4069a520, - 0x406a2541, - 0x406aa561, - 0x406b26e9, - 0x406ba70c, - 0x406c2722, - 0x406ca99d, - 0x406d29cc, - 0x406da9f4, - 0x406e2a22, - 0x406eaa6f, - 0x406f2a8e, - 0x406faac6, - 0x40702ad9, - 0x4070aaf6, - 0x40710810, - 0x4071ab08, - 0x40722b1b, - 0x4072ab34, - 0x40732b4c, - 0x407394b4, - 0x40742b60, - 0x4074ab7a, - 0x40752b8b, - 0x4075ab9f, - 0x40762bad, - 0x4076928b, - 0x40772bd2, - 0x4077abf4, - 0x40782c0f, - 0x4078ac48, - 0x40792c5f, - 0x4079ac75, - 0x407a2c81, - 0x407aac94, - 0x407b2ca9, - 0x407bacbb, - 0x407c2cec, - 0x407cacf5, - 0x407d24db, - 0x407d9ee9, - 0x407e2c24, - 0x407ea0c2, - 0x407f1cb2, - 0x407f9a72, - 0x40801ec0, - 0x40809cda, - 0x40811f65, - 0x40819e9a, - 0x40822a0d, - 0x40829a58, - 0x4083209d, - 0x4083a37c, - 0x40841cee, - 0x4084a0fa, - 0x4085217f, - 0x4085a295, - 0x408621f1, - 0x40869f03, - 0x40872a53, - 0x4087a2e3, - 0x40881ab9, - 0x4088a46a, - 0x40891b08, - 0x40899a95, - 0x408a2742, - 0x408a98a3, - 0x408b2cd0, - 0x408baaa3, - 0x408c218f, - 0x408c98bf, - 0x408d1d31, - 0x408d9d02, - 0x408e1e4b, - 0x408ea005, - 0x408f247e, - 0x408fa2b1, - 0x41f42614, - 0x41f926a6, - 0x41fe2599, - 0x41fea78e, - 0x41ff287f, - 0x4203262d, - 0x4208264f, - 0x4208a68b, - 0x4209257d, - 0x4209a6c5, - 0x420a25d4, - 0x420aa5b4, - 0x420b25f4, - 0x420ba66d, - 0x420c289b, - 0x420ca75b, - 0x420d2775, - 0x420da7ac, - 0x421227c6, - 0x42172862, - 0x4217a808, - 0x421c282a, - 0x421f27e5, - 0x422128b2, - 0x42262845, - 0x422b2981, - 0x422ba92f, - 0x422c2969, - 0x422ca8ee, - 0x422d28cd, - 0x422da94e, - 0x422e2914, - 0x422eaa3a, - 0x4432073b, - 0x4432874a, - 0x44330756, - 0x44338764, - 0x44340777, - 0x44348788, - 0x4435078f, - 0x44358799, - 0x443607ac, - 0x443687c2, - 0x443707d4, - 0x443787e1, - 0x443807f0, - 0x443887f8, - 0x44390810, - 0x4439881e, - 0x443a0831, - 0x483212b5, - 0x483292c7, - 0x483312dd, - 0x483392f6, - 0x4c32131b, - 0x4c32932b, - 0x4c33133e, - 0x4c33935e, + 0x40451c53, + 0x40459c65, + 0x40461c89, + 0x40469ca9, + 0x40471cb7, + 0x40479cde, + 0x40481d31, + 0x40489d64, + 0x40491d7b, + 0x40499d95, + 0x404a1dac, + 0x404a9dca, + 0x404b1de2, + 0x404b9df9, + 0x404c1e0f, + 0x404c9e21, + 0x404d1e42, + 0x404d9e7b, + 0x404e1e8f, + 0x404e9e9c, + 0x404f1ec9, + 0x404f9ef2, + 0x40501f2d, + 0x40509f41, + 0x40511f5c, + 0x40521f6c, + 0x40529f90, + 0x40531fa8, + 0x40539fbb, + 0x40541fd0, + 0x40549ff3, + 0x40552001, + 0x4055a03e, + 0x4056204b, + 0x4056a064, + 0x4057207c, + 0x4057a08f, + 0x405820a4, + 0x4058a0cb, + 0x405920fa, + 0x4059a127, + 0x405a213b, + 0x405aa14b, + 0x405b2163, + 0x405ba174, + 0x405c2187, + 0x405ca1c6, + 0x405d21d3, + 0x405da1f8, + 0x405e2236, + 0x405e8ab3, + 0x405f2257, + 0x405fa264, + 0x40602272, + 0x4060a294, + 0x406122f5, + 0x4061a32d, + 0x40622344, + 0x4062a355, + 0x40632366, + 0x4063a37b, + 0x40642392, + 0x4064a3be, + 0x406523d9, + 0x4065a3f0, + 0x40662408, + 0x4066a432, + 0x4067245d, + 0x4067a4a2, + 0x406824ea, + 0x4068a50b, + 0x4069253d, + 0x4069a56b, + 0x406a258c, + 0x406aa5ac, + 0x406b2734, + 0x406ba757, + 0x406c276d, + 0x406ca9e8, + 0x406d2a17, + 0x406daa3f, + 0x406e2a6d, + 0x406eaaba, + 0x406f2ad9, + 0x406fab11, + 0x40702b24, + 0x4070ab41, + 0x40710802, + 0x4071ab53, + 0x40722b66, + 0x4072ab7f, + 0x40732b97, + 0x407394b9, + 0x40742bab, + 0x4074abc5, + 0x40752bd6, + 0x4075abea, + 0x40762bf8, + 0x4076927d, + 0x40772c1d, + 0x4077ac3f, + 0x40782c5a, + 0x4078ac93, + 0x40792caa, + 0x4079acc0, + 0x407a2ccc, + 0x407aacdf, + 0x407b2cf4, + 0x407bad06, + 0x407c2d37, + 0x407cad40, + 0x407d2526, + 0x407d9f02, + 0x407e2c6f, + 0x407ea0db, + 0x407f1ccb, + 0x407f9a8b, + 0x40801ed9, + 0x40809cf3, + 0x40811f7e, + 0x40819eb3, + 0x40822a58, + 0x40829a71, + 0x408320b6, + 0x4083a3a3, + 0x40841d07, + 0x4084a113, + 0x40852198, + 0x4085a2bc, + 0x40862218, + 0x40869f1c, + 0x40872a9e, + 0x4087a30a, + 0x40881ad2, + 0x4088a4b5, + 0x40891b21, + 0x40899aae, + 0x408a278d, + 0x408a98bc, + 0x408b2d1b, + 0x408baaee, + 0x408c21a8, + 0x408c98d8, + 0x408d1d4a, + 0x408d9d1b, + 0x408e1e64, + 0x408ea01e, + 0x408f24c9, + 0x408fa2d8, + 0x4090247e, + 0x4090a1ea, + 0x41f4265f, + 0x41f926f1, + 0x41fe25e4, + 0x41fea7d9, + 0x41ff28ca, + 0x42032678, + 0x4208269a, + 0x4208a6d6, + 0x420925c8, + 0x4209a710, + 0x420a261f, + 0x420aa5ff, + 0x420b263f, + 0x420ba6b8, + 0x420c28e6, + 0x420ca7a6, + 0x420d27c0, + 0x420da7f7, + 0x42122811, + 0x421728ad, + 0x4217a853, + 0x421c2875, + 0x421f2830, + 0x422128fd, + 0x42262890, + 0x422b29cc, + 0x422ba97a, + 0x422c29b4, + 0x422ca939, + 0x422d2918, + 0x422da999, + 0x422e295f, + 0x422eaa85, + 0x4432072d, + 0x4432873c, + 0x44330748, + 0x44338756, + 0x44340769, + 0x4434877a, + 0x44350781, + 0x4435878b, + 0x4436079e, + 0x443687b4, + 0x443707c6, + 0x443787d3, + 0x443807e2, + 0x443887ea, + 0x44390802, + 0x44398810, + 0x443a0823, + 0x483212a7, + 0x483292b9, + 0x483312cf, + 0x483392e8, + 0x4c32130d, + 0x4c32931d, + 0x4c331330, + 0x4c339350, 0x4c3400ac, 0x4c3480ea, - 0x4c35136a, - 0x4c359378, - 0x4c361394, - 0x4c3693a7, - 0x4c3713b6, - 0x4c3793c4, - 0x4c3813d9, - 0x4c3893e5, - 0x4c391405, - 0x4c39942f, - 0x4c3a1448, - 0x4c3a9461, - 0x4c3b060b, - 0x4c3b947a, - 0x4c3c148c, - 0x4c3c949b, - 0x4c3d14b4, - 0x4c3d8c55, - 0x4c3e150d, - 0x4c3e94c3, - 0x4c3f152f, - 0x4c3f928b, - 0x4c4014d9, - 0x4c409307, - 0x4c4114fd, - 0x50322f2e, - 0x5032af3d, - 0x50332f48, - 0x5033af58, - 0x50342f71, - 0x5034af8b, - 0x50352f99, - 0x5035afaf, - 0x50362fc1, - 0x5036afd7, - 0x50372ff0, - 0x5037b003, - 0x5038301b, - 0x5038b02c, - 0x50393041, - 0x5039b055, - 0x503a3075, - 0x503ab08b, - 0x503b30a3, - 0x503bb0b5, - 0x503c30d1, - 0x503cb0e8, - 0x503d3101, - 0x503db117, - 0x503e3124, - 0x503eb13a, - 0x503f314c, - 0x503f8382, - 0x5040315f, - 0x5040b16f, - 0x50413189, - 0x5041b198, - 0x504231b2, - 0x5042b1cf, - 0x504331df, - 0x5043b1ef, - 0x504431fe, - 0x5044843f, - 0x50453212, - 0x5045b230, - 0x50463243, - 0x5046b259, - 0x5047326b, - 0x5047b280, - 0x504832a6, - 0x5048b2b4, - 0x504932c7, - 0x5049b2dc, - 0x504a32f2, - 0x504ab302, - 0x504b3322, - 0x504bb335, - 0x504c3358, - 0x504cb386, - 0x504d3398, - 0x504db3b5, - 0x504e33d0, - 0x504eb3ec, - 0x504f33fe, - 0x504fb415, - 0x50503424, - 0x505086ff, - 0x50513437, - 0x58320f4a, - 0x68320f0c, - 0x68328c7a, - 0x68330c8d, - 0x68338f1a, - 0x68340f2a, + 0x4c35135c, + 0x4c35936a, + 0x4c361386, + 0x4c3693ac, + 0x4c3713bb, + 0x4c3793c9, + 0x4c3813de, + 0x4c3893ea, + 0x4c39140a, + 0x4c399434, + 0x4c3a144d, + 0x4c3a9466, + 0x4c3b05fd, + 0x4c3b947f, + 0x4c3c1491, + 0x4c3c94a0, + 0x4c3d14b9, + 0x4c3d8c47, + 0x4c3e1526, + 0x4c3e94c8, + 0x4c3f1548, + 0x4c3f927d, + 0x4c4014de, + 0x4c4092f9, + 0x4c411516, + 0x4c419399, + 0x4c421502, + 0x50322f79, + 0x5032af88, + 0x50332f93, + 0x5033afa3, + 0x50342fbc, + 0x5034afd6, + 0x50352fe4, + 0x5035affa, + 0x5036300c, + 0x5036b022, + 0x5037303b, + 0x5037b04e, + 0x50383066, + 0x5038b077, + 0x5039308c, + 0x5039b0a0, + 0x503a30c0, + 0x503ab0d6, + 0x503b30ee, + 0x503bb100, + 0x503c311c, + 0x503cb133, + 0x503d314c, + 0x503db162, + 0x503e316f, + 0x503eb185, + 0x503f3197, + 0x503f837b, + 0x504031aa, + 0x5040b1ba, + 0x504131d4, + 0x5041b1e3, + 0x504231fd, + 0x5042b21a, + 0x5043322a, + 0x5043b23a, + 0x50443249, + 0x50448431, + 0x5045325d, + 0x5045b27b, + 0x5046328e, + 0x5046b2a4, + 0x504732b6, + 0x5047b2cb, + 0x504832f1, + 0x5048b2ff, + 0x50493312, + 0x5049b327, + 0x504a333d, + 0x504ab34d, + 0x504b336d, + 0x504bb380, + 0x504c33a3, + 0x504cb3d1, + 0x504d33e3, + 0x504db400, + 0x504e341b, + 0x504eb437, + 0x504f3449, + 0x504fb460, + 0x5050346f, + 0x505086f1, + 0x50513482, + 0x58320f3c, + 0x68320efe, + 0x68328c6c, + 0x68330c7f, + 0x68338f0c, + 0x68340f1c, 0x683480ea, - 0x6c320ee8, - 0x6c328c44, - 0x6c330ef3, - 0x74320a29, + 0x6c320eda, + 0x6c328c36, + 0x6c330ee5, + 0x74320a1b, 0x743280ac, - 0x74330c55, - 0x7832098e, - 0x783289a3, - 0x783309af, + 0x74330c47, + 0x78320980, + 0x78328995, + 0x783309a1, 0x78338083, - 0x783409be, - 0x783489d3, - 0x783509f2, - 0x78358a14, - 0x78360a29, - 0x78368a3f, - 0x78370a4f, - 0x78378a70, - 0x78380a83, - 0x78388a95, - 0x78390aa2, - 0x78398ac1, - 0x783a0ad6, - 0x783a8ae4, - 0x783b0aee, - 0x783b8b02, - 0x783c0b19, - 0x783c8b2e, - 0x783d0b45, - 0x783d8b5a, - 0x783e0ab0, - 0x783e8a62, - 0x7c3211a4, + 0x783409b0, + 0x783489c5, + 0x783509e4, + 0x78358a06, + 0x78360a1b, + 0x78368a31, + 0x78370a41, + 0x78378a62, + 0x78380a75, + 0x78388a87, + 0x78390a94, + 0x78398ab3, + 0x783a0ac8, + 0x783a8ad6, + 0x783b0ae0, + 0x783b8af4, + 0x783c0b0b, + 0x783c8b20, + 0x783d0b37, + 0x783d8b4c, + 0x783e0aa2, + 0x783e8a54, + 0x7c321196, }; const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); @@ -779,14 +783,14 @@ const char kOpenSSLReasonStringData[] = "INTEGER_NOT_ASCII_FORMAT\0" "INTEGER_TOO_LARGE_FOR_LONG\0" "INVALID_BIT_STRING_BITS_LEFT\0" - "INVALID_BMPSTRING_LENGTH\0" + "INVALID_BMPSTRING\0" "INVALID_DIGIT\0" "INVALID_MODIFIER\0" "INVALID_NUMBER\0" "INVALID_OBJECT_ENCODING\0" "INVALID_SEPARATOR\0" "INVALID_TIME_FORMAT\0" - "INVALID_UNIVERSALSTRING_LENGTH\0" + "INVALID_UNIVERSALSTRING\0" "INVALID_UTF8STRING\0" "LIST_ERROR\0" "MISSING_ASN1_EOS\0" @@ -999,6 +1003,7 @@ const char kOpenSSLReasonStringData[] = "ENCRYPT_ERROR\0" "ERROR_SETTING_CIPHER_PARAMS\0" "INCORRECT_PASSWORD\0" + "INVALID_CHARACTERS\0" "KEYGEN_FAILURE\0" "KEY_GEN_ERROR\0" "METHOD_NOT_SUPPORTED\0" @@ -1014,6 +1019,7 @@ const char kOpenSSLReasonStringData[] = "UNKNOWN_DIGEST\0" "UNSUPPORTED_KEYLENGTH\0" "UNSUPPORTED_KEY_DERIVATION_FUNCTION\0" + "UNSUPPORTED_OPTIONS\0" "UNSUPPORTED_PRF\0" "UNSUPPORTED_PRIVATE_KEY_ALGORITHM\0" "UNSUPPORTED_SALT_TYPE\0" @@ -1163,6 +1169,7 @@ const char kOpenSSLReasonStringData[] = "NO_SUPPORTED_VERSIONS_ENABLED\0" "NULL_SSL_CTX\0" "NULL_SSL_METHOD_PASSED\0" + "OCSP_CB_ERROR\0" "OLD_SESSION_CIPHER_NOT_RETURNED\0" "OLD_SESSION_PRF_HASH_MISMATCH\0" "OLD_SESSION_VERSION_NOT_RETURNED\0" @@ -1187,6 +1194,7 @@ const char kOpenSSLReasonStringData[] = "RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION\0" "RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION\0" "SCSV_RECEIVED_WHEN_RENEGOTIATING\0" + "SECOND_SERVERHELLO_VERSION_MISMATCH\0" "SERVERHELLO_TLSEXT\0" "SERVER_CERT_CHANGED\0" "SERVER_ECHOED_INVALID_SESSION_ID\0" diff --git a/third_party/boringssl/ios-arm/crypto/fipsmodule/armv4-mont.S b/third_party/boringssl/ios-arm/crypto/fipsmodule/armv4-mont.S index fbb341fd60..f1de8933c4 100644 --- a/third_party/boringssl/ios-arm/crypto/fipsmodule/armv4-mont.S +++ b/third_party/boringssl/ios-arm/crypto/fipsmodule/armv4-mont.S @@ -172,14 +172,15 @@ Lsub: ldr r7,[r4],#4 mov r4,sp @ "rewind" r4 sub r2,r2,r5 @ "rewind" r2 - and r1,r4,r14 - bic r3,r2,r14 - orr r1,r1,r3 @ ap=borrow?tp:rp - -Lcopy: ldr r7,[r1],#4 @ copy or in-place refresh +Lcopy: ldr r7,[r4] @ conditional copy + ldr r5,[r2] str sp,[r4],#4 @ zap tp - str r7,[r2],#4 - cmp r4,r0 +#ifdef __thumb2__ + it cc +#endif + movcc r5,r7 + str r5,[r2],#4 + teq r4,r0 @ preserve carry bne Lcopy mov sp,r0 diff --git a/third_party/boringssl/linux-arm/crypto/fipsmodule/armv4-mont.S b/third_party/boringssl/linux-arm/crypto/fipsmodule/armv4-mont.S index 1181a45166..d5685f8f8c 100644 --- a/third_party/boringssl/linux-arm/crypto/fipsmodule/armv4-mont.S +++ b/third_party/boringssl/linux-arm/crypto/fipsmodule/armv4-mont.S @@ -171,14 +171,15 @@ bn_mul_mont: mov r4,sp @ "rewind" r4 sub r2,r2,r5 @ "rewind" r2 - and r1,r4,r14 - bic r3,r2,r14 - orr r1,r1,r3 @ ap=borrow?tp:rp - -.Lcopy: ldr r7,[r1],#4 @ copy or in-place refresh +.Lcopy: ldr r7,[r4] @ conditional copy + ldr r5,[r2] str sp,[r4],#4 @ zap tp - str r7,[r2],#4 - cmp r4,r0 +#ifdef __thumb2__ + it cc +#endif + movcc r5,r7 + str r5,[r2],#4 + teq r4,r0 @ preserve carry bne .Lcopy mov sp,r0 diff --git a/third_party/boringssl/linux-x86/crypto/fipsmodule/x86-mont.S b/third_party/boringssl/linux-x86/crypto/fipsmodule/x86-mont.S index 3fb668826b..3ec24e2932 100644 --- a/third_party/boringssl/linux-x86/crypto/fipsmodule/x86-mont.S +++ b/third_party/boringssl/linux-x86/crypto/fipsmodule/x86-mont.S @@ -446,16 +446,18 @@ bn_mul_mont: leal 1(%edx),%edx jge .L017sub sbbl $0,%eax - andl %eax,%esi - notl %eax - movl %edi,%ebp - andl %eax,%ebp - orl %ebp,%esi + movl $-1,%edx + xorl %eax,%edx + jmp .L018copy .align 16 .L018copy: - movl (%esi,%ebx,4),%eax - movl %eax,(%edi,%ebx,4) + movl 32(%esp,%ebx,4),%esi + movl (%edi,%ebx,4),%ebp movl %ecx,32(%esp,%ebx,4) + andl %eax,%esi + andl %edx,%ebp + orl %esi,%ebp + movl %ebp,(%edi,%ebx,4) decl %ebx jge .L018copy movl 24(%esp),%esp diff --git a/third_party/boringssl/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S b/third_party/boringssl/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S index 7422d2ac52..46a9483867 100644 --- a/third_party/boringssl/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +++ b/third_party/boringssl/linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S @@ -93,6 +93,11 @@ ecp_nistz256_neg: .align 32 ecp_nistz256_ord_mul_mont: .cfi_startproc + leaq OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx + cmpl $0x80100,%ecx + je .Lecp_nistz256_ord_mul_montx pushq %rbp .cfi_adjust_cfa_offset 8 .cfi_offset %rbp,-16 @@ -422,6 +427,11 @@ ecp_nistz256_ord_mul_mont: .align 32 ecp_nistz256_ord_sqr_mont: .cfi_startproc + leaq OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx + cmpl $0x80100,%ecx + je .Lecp_nistz256_ord_sqr_montx pushq %rbp .cfi_adjust_cfa_offset 8 .cfi_offset %rbp,-16 @@ -709,6 +719,462 @@ ecp_nistz256_ord_sqr_mont: .cfi_endproc .size ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont +.type ecp_nistz256_ord_mul_montx,@function +.align 32 +ecp_nistz256_ord_mul_montx: +.cfi_startproc +.Lecp_nistz256_ord_mul_montx: + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-16 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 +.Lord_mulx_body: + + movq %rdx,%rbx + movq 0(%rdx),%rdx + movq 0(%rsi),%r9 + movq 8(%rsi),%r10 + movq 16(%rsi),%r11 + movq 24(%rsi),%r12 + leaq -128(%rsi),%rsi + leaq .Lord-128(%rip),%r14 + movq .LordK(%rip),%r15 + + + mulxq %r9,%r8,%r9 + mulxq %r10,%rcx,%r10 + mulxq %r11,%rbp,%r11 + addq %rcx,%r9 + mulxq %r12,%rcx,%r12 + movq %r8,%rdx + mulxq %r15,%rdx,%rax + adcq %rbp,%r10 + adcq %rcx,%r11 + adcq $0,%r12 + + + xorq %r13,%r13 + mulxq 0+128(%r14),%rcx,%rbp + adcxq %rcx,%r8 + adoxq %rbp,%r9 + + mulxq 8+128(%r14),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + + mulxq 16+128(%r14),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 24+128(%r14),%rcx,%rbp + movq 8(%rbx),%rdx + adcxq %rcx,%r11 + adoxq %rbp,%r12 + adcxq %r8,%r12 + adoxq %r8,%r13 + adcq $0,%r13 + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r9,%rdx + mulxq %r15,%rdx,%rax + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + adcxq %r8,%r13 + adoxq %r8,%r8 + adcq $0,%r8 + + + mulxq 0+128(%r14),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + + mulxq 8+128(%r14),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 16+128(%r14),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 24+128(%r14),%rcx,%rbp + movq 16(%rbx),%rdx + adcxq %rcx,%r12 + adoxq %rbp,%r13 + adcxq %r9,%r13 + adoxq %r9,%r8 + adcq $0,%r8 + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r10,%rdx + mulxq %r15,%rdx,%rax + adcxq %rcx,%r13 + adoxq %rbp,%r8 + + adcxq %r9,%r8 + adoxq %r9,%r9 + adcq $0,%r9 + + + mulxq 0+128(%r14),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 8+128(%r14),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 16+128(%r14),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 24+128(%r14),%rcx,%rbp + movq 24(%rbx),%rdx + adcxq %rcx,%r13 + adoxq %rbp,%r8 + adcxq %r10,%r8 + adoxq %r10,%r9 + adcq $0,%r9 + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r13 + adoxq %rbp,%r8 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r11,%rdx + mulxq %r15,%rdx,%rax + adcxq %rcx,%r8 + adoxq %rbp,%r9 + + adcxq %r10,%r9 + adoxq %r10,%r10 + adcq $0,%r10 + + + mulxq 0+128(%r14),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 8+128(%r14),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 16+128(%r14),%rcx,%rbp + adcxq %rcx,%r13 + adoxq %rbp,%r8 + + mulxq 24+128(%r14),%rcx,%rbp + leaq 128(%r14),%r14 + movq %r12,%rbx + adcxq %rcx,%r8 + adoxq %rbp,%r9 + movq %r13,%rdx + adcxq %r11,%r9 + adoxq %r11,%r10 + adcq $0,%r10 + + + + movq %r8,%rcx + subq 0(%r14),%r12 + sbbq 8(%r14),%r13 + sbbq 16(%r14),%r8 + movq %r9,%rbp + sbbq 24(%r14),%r9 + sbbq $0,%r10 + + cmovcq %rbx,%r12 + cmovcq %rdx,%r13 + cmovcq %rcx,%r8 + cmovcq %rbp,%r9 + + movq %r12,0(%rdi) + movq %r13,8(%rdi) + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + movq 0(%rsp),%r15 +.cfi_restore %r15 + movq 8(%rsp),%r14 +.cfi_restore %r14 + movq 16(%rsp),%r13 +.cfi_restore %r13 + movq 24(%rsp),%r12 +.cfi_restore %r12 + movq 32(%rsp),%rbx +.cfi_restore %rbx + movq 40(%rsp),%rbp +.cfi_restore %rbp + leaq 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 +.Lord_mulx_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size ecp_nistz256_ord_mul_montx,.-ecp_nistz256_ord_mul_montx + +.type ecp_nistz256_ord_sqr_montx,@function +.align 32 +ecp_nistz256_ord_sqr_montx: +.cfi_startproc +.Lecp_nistz256_ord_sqr_montx: + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-16 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 +.Lord_sqrx_body: + + movq %rdx,%rbx + movq 0(%rsi),%rdx + movq 8(%rsi),%r14 + movq 16(%rsi),%r15 + movq 24(%rsi),%r8 + leaq .Lord(%rip),%rsi + jmp .Loop_ord_sqrx + +.align 32 +.Loop_ord_sqrx: + mulxq %r14,%r9,%r10 + mulxq %r15,%rcx,%r11 + movq %rdx,%rax +.byte 102,73,15,110,206 + mulxq %r8,%rbp,%r12 + movq %r14,%rdx + addq %rcx,%r10 +.byte 102,73,15,110,215 + adcq %rbp,%r11 + adcq $0,%r12 + xorq %r13,%r13 + + mulxq %r15,%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq %r8,%rcx,%rbp + movq %r15,%rdx + adcxq %rcx,%r12 + adoxq %rbp,%r13 + adcq $0,%r13 + + mulxq %r8,%rcx,%r14 + movq %rax,%rdx +.byte 102,73,15,110,216 + xorq %r15,%r15 + adcxq %r9,%r9 + adoxq %rcx,%r13 + adcxq %r10,%r10 + adoxq %r15,%r14 + + + mulxq %rdx,%r8,%rbp +.byte 102,72,15,126,202 + adcxq %r11,%r11 + adoxq %rbp,%r9 + adcxq %r12,%r12 + mulxq %rdx,%rcx,%rax +.byte 102,72,15,126,210 + adcxq %r13,%r13 + adoxq %rcx,%r10 + adcxq %r14,%r14 + mulxq %rdx,%rcx,%rbp +.byte 0x67 +.byte 102,72,15,126,218 + adoxq %rax,%r11 + adcxq %r15,%r15 + adoxq %rcx,%r12 + adoxq %rbp,%r13 + mulxq %rdx,%rcx,%rax + adoxq %rcx,%r14 + adoxq %rax,%r15 + + + movq %r8,%rdx + mulxq 32(%rsi),%rdx,%rcx + + xorq %rax,%rax + mulxq 0(%rsi),%rcx,%rbp + adcxq %rcx,%r8 + adoxq %rbp,%r9 + mulxq 8(%rsi),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + mulxq 16(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + mulxq 24(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r8 + adcxq %rax,%r8 + + + movq %r9,%rdx + mulxq 32(%rsi),%rdx,%rcx + + mulxq 0(%rsi),%rcx,%rbp + adoxq %rcx,%r9 + adcxq %rbp,%r10 + mulxq 8(%rsi),%rcx,%rbp + adoxq %rcx,%r10 + adcxq %rbp,%r11 + mulxq 16(%rsi),%rcx,%rbp + adoxq %rcx,%r11 + adcxq %rbp,%r8 + mulxq 24(%rsi),%rcx,%rbp + adoxq %rcx,%r8 + adcxq %rbp,%r9 + adoxq %rax,%r9 + + + movq %r10,%rdx + mulxq 32(%rsi),%rdx,%rcx + + mulxq 0(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + mulxq 8(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r8 + mulxq 16(%rsi),%rcx,%rbp + adcxq %rcx,%r8 + adoxq %rbp,%r9 + mulxq 24(%rsi),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + adcxq %rax,%r10 + + + movq %r11,%rdx + mulxq 32(%rsi),%rdx,%rcx + + mulxq 0(%rsi),%rcx,%rbp + adoxq %rcx,%r11 + adcxq %rbp,%r8 + mulxq 8(%rsi),%rcx,%rbp + adoxq %rcx,%r8 + adcxq %rbp,%r9 + mulxq 16(%rsi),%rcx,%rbp + adoxq %rcx,%r9 + adcxq %rbp,%r10 + mulxq 24(%rsi),%rcx,%rbp + adoxq %rcx,%r10 + adcxq %rbp,%r11 + adoxq %rax,%r11 + + + addq %r8,%r12 + adcq %r13,%r9 + movq %r12,%rdx + adcq %r14,%r10 + adcq %r15,%r11 + movq %r9,%r14 + adcq $0,%rax + + + subq 0(%rsi),%r12 + movq %r10,%r15 + sbbq 8(%rsi),%r9 + sbbq 16(%rsi),%r10 + movq %r11,%r8 + sbbq 24(%rsi),%r11 + sbbq $0,%rax + + cmovncq %r12,%rdx + cmovncq %r9,%r14 + cmovncq %r10,%r15 + cmovncq %r11,%r8 + + decq %rbx + jnz .Loop_ord_sqrx + + movq %rdx,0(%rdi) + movq %r14,8(%rdi) + pxor %xmm1,%xmm1 + movq %r15,16(%rdi) + pxor %xmm2,%xmm2 + movq %r8,24(%rdi) + pxor %xmm3,%xmm3 + + movq 0(%rsp),%r15 +.cfi_restore %r15 + movq 8(%rsp),%r14 +.cfi_restore %r14 + movq 16(%rsp),%r13 +.cfi_restore %r13 + movq 24(%rsp),%r12 +.cfi_restore %r12 + movq 32(%rsp),%rbx +.cfi_restore %rbx + movq 40(%rsp),%rbp +.cfi_restore %rbp + leaq 48(%rsp),%rsp +.cfi_adjust_cfa_offset -48 +.Lord_sqrx_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size ecp_nistz256_ord_sqr_montx,.-ecp_nistz256_ord_sqr_montx + @@ -720,6 +1186,9 @@ ecp_nistz256_ord_sqr_mont: .align 32 ecp_nistz256_mul_mont: .cfi_startproc + leaq OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx .Lmul_mont: pushq %rbp .cfi_adjust_cfa_offset 8 @@ -740,6 +1209,8 @@ ecp_nistz256_mul_mont: .cfi_adjust_cfa_offset 8 .cfi_offset %r15,-56 .Lmul_body: + cmpl $0x80100,%ecx + je .Lmul_montx movq %rdx,%rbx movq 0(%rdx),%rax movq 0(%rsi),%r9 @@ -748,6 +1219,19 @@ ecp_nistz256_mul_mont: movq 24(%rsi),%r12 call __ecp_nistz256_mul_montq + jmp .Lmul_mont_done + +.align 32 +.Lmul_montx: + movq %rdx,%rbx + movq 0(%rdx),%rdx + movq 0(%rsi),%r9 + movq 8(%rsi),%r10 + movq 16(%rsi),%r11 + movq 24(%rsi),%r12 + leaq -128(%rsi),%rsi + + call __ecp_nistz256_mul_montx .Lmul_mont_done: movq 0(%rsp),%r15 .cfi_restore %r15 @@ -997,6 +1481,9 @@ __ecp_nistz256_mul_montq: .align 32 ecp_nistz256_sqr_mont: .cfi_startproc + leaq OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx pushq %rbp .cfi_adjust_cfa_offset 8 .cfi_offset %rbp,-16 @@ -1016,12 +1503,25 @@ ecp_nistz256_sqr_mont: .cfi_adjust_cfa_offset 8 .cfi_offset %r15,-56 .Lsqr_body: + cmpl $0x80100,%ecx + je .Lsqr_montx movq 0(%rsi),%rax movq 8(%rsi),%r14 movq 16(%rsi),%r15 movq 24(%rsi),%r8 call __ecp_nistz256_sqr_montq + jmp .Lsqr_mont_done + +.align 32 +.Lsqr_montx: + movq 0(%rsi),%rdx + movq 8(%rsi),%r14 + movq 16(%rsi),%r15 + movq 24(%rsi),%r8 + leaq -128(%rsi),%rsi + + call __ecp_nistz256_sqr_montx .Lsqr_mont_done: movq 0(%rsp),%r15 .cfi_restore %r15 @@ -1203,6 +1703,300 @@ __ecp_nistz256_sqr_montq: .byte 0xf3,0xc3 .size __ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq +.type __ecp_nistz256_mul_montx,@function +.align 32 +__ecp_nistz256_mul_montx: + + + mulxq %r9,%r8,%r9 + mulxq %r10,%rcx,%r10 + movq $32,%r14 + xorq %r13,%r13 + mulxq %r11,%rbp,%r11 + movq .Lpoly+24(%rip),%r15 + adcq %rcx,%r9 + mulxq %r12,%rcx,%r12 + movq %r8,%rdx + adcq %rbp,%r10 + shlxq %r14,%r8,%rbp + adcq %rcx,%r11 + shrxq %r14,%r8,%rcx + adcq $0,%r12 + + + + addq %rbp,%r9 + adcq %rcx,%r10 + + mulxq %r15,%rcx,%rbp + movq 8(%rbx),%rdx + adcq %rcx,%r11 + adcq %rbp,%r12 + adcq $0,%r13 + xorq %r8,%r8 + + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r9,%rdx + adcxq %rcx,%r12 + shlxq %r14,%r9,%rcx + adoxq %rbp,%r13 + shrxq %r14,%r9,%rbp + + adcxq %r8,%r13 + adoxq %r8,%r8 + adcq $0,%r8 + + + + addq %rcx,%r10 + adcq %rbp,%r11 + + mulxq %r15,%rcx,%rbp + movq 16(%rbx),%rdx + adcq %rcx,%r12 + adcq %rbp,%r13 + adcq $0,%r8 + xorq %r9,%r9 + + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r10,%rdx + adcxq %rcx,%r13 + shlxq %r14,%r10,%rcx + adoxq %rbp,%r8 + shrxq %r14,%r10,%rbp + + adcxq %r9,%r8 + adoxq %r9,%r9 + adcq $0,%r9 + + + + addq %rcx,%r11 + adcq %rbp,%r12 + + mulxq %r15,%rcx,%rbp + movq 24(%rbx),%rdx + adcq %rcx,%r13 + adcq %rbp,%r8 + adcq $0,%r9 + xorq %r10,%r10 + + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r13 + adoxq %rbp,%r8 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r11,%rdx + adcxq %rcx,%r8 + shlxq %r14,%r11,%rcx + adoxq %rbp,%r9 + shrxq %r14,%r11,%rbp + + adcxq %r10,%r9 + adoxq %r10,%r10 + adcq $0,%r10 + + + + addq %rcx,%r12 + adcq %rbp,%r13 + + mulxq %r15,%rcx,%rbp + movq %r12,%rbx + movq .Lpoly+8(%rip),%r14 + adcq %rcx,%r8 + movq %r13,%rdx + adcq %rbp,%r9 + adcq $0,%r10 + + + + xorl %eax,%eax + movq %r8,%rcx + sbbq $-1,%r12 + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%rbp + sbbq %r15,%r9 + sbbq $0,%r10 + + cmovcq %rbx,%r12 + cmovcq %rdx,%r13 + movq %r12,0(%rdi) + cmovcq %rcx,%r8 + movq %r13,8(%rdi) + cmovcq %rbp,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 +.size __ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx + +.type __ecp_nistz256_sqr_montx,@function +.align 32 +__ecp_nistz256_sqr_montx: + mulxq %r14,%r9,%r10 + mulxq %r15,%rcx,%r11 + xorl %eax,%eax + adcq %rcx,%r10 + mulxq %r8,%rbp,%r12 + movq %r14,%rdx + adcq %rbp,%r11 + adcq $0,%r12 + xorq %r13,%r13 + + + mulxq %r15,%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq %r8,%rcx,%rbp + movq %r15,%rdx + adcxq %rcx,%r12 + adoxq %rbp,%r13 + adcq $0,%r13 + + + mulxq %r8,%rcx,%r14 + movq 0+128(%rsi),%rdx + xorq %r15,%r15 + adcxq %r9,%r9 + adoxq %rcx,%r13 + adcxq %r10,%r10 + adoxq %r15,%r14 + + mulxq %rdx,%r8,%rbp + movq 8+128(%rsi),%rdx + adcxq %r11,%r11 + adoxq %rbp,%r9 + adcxq %r12,%r12 + mulxq %rdx,%rcx,%rax + movq 16+128(%rsi),%rdx + adcxq %r13,%r13 + adoxq %rcx,%r10 + adcxq %r14,%r14 +.byte 0x67 + mulxq %rdx,%rcx,%rbp + movq 24+128(%rsi),%rdx + adoxq %rax,%r11 + adcxq %r15,%r15 + adoxq %rcx,%r12 + movq $32,%rsi + adoxq %rbp,%r13 +.byte 0x67,0x67 + mulxq %rdx,%rcx,%rax + movq .Lpoly+24(%rip),%rdx + adoxq %rcx,%r14 + shlxq %rsi,%r8,%rcx + adoxq %rax,%r15 + shrxq %rsi,%r8,%rax + movq %rdx,%rbp + + + addq %rcx,%r9 + adcq %rax,%r10 + + mulxq %r8,%rcx,%r8 + adcq %rcx,%r11 + shlxq %rsi,%r9,%rcx + adcq $0,%r8 + shrxq %rsi,%r9,%rax + + + addq %rcx,%r10 + adcq %rax,%r11 + + mulxq %r9,%rcx,%r9 + adcq %rcx,%r8 + shlxq %rsi,%r10,%rcx + adcq $0,%r9 + shrxq %rsi,%r10,%rax + + + addq %rcx,%r11 + adcq %rax,%r8 + + mulxq %r10,%rcx,%r10 + adcq %rcx,%r9 + shlxq %rsi,%r11,%rcx + adcq $0,%r10 + shrxq %rsi,%r11,%rax + + + addq %rcx,%r8 + adcq %rax,%r9 + + mulxq %r11,%rcx,%r11 + adcq %rcx,%r10 + adcq $0,%r11 + + xorq %rdx,%rdx + addq %r8,%r12 + movq .Lpoly+8(%rip),%rsi + adcq %r9,%r13 + movq %r12,%r8 + adcq %r10,%r14 + adcq %r11,%r15 + movq %r13,%r9 + adcq $0,%rdx + + subq $-1,%r12 + movq %r14,%r10 + sbbq %rsi,%r13 + sbbq $0,%r14 + movq %r15,%r11 + sbbq %rbp,%r15 + sbbq $0,%rdx + + cmovcq %r8,%r12 + cmovcq %r9,%r13 + movq %r12,0(%rdi) + cmovcq %r10,%r14 + movq %r13,8(%rdi) + cmovcq %r11,%r15 + movq %r14,16(%rdi) + movq %r15,24(%rdi) + + .byte 0xf3,0xc3 +.size __ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx .globl ecp_nistz256_select_w5 @@ -1588,6 +2382,11 @@ __ecp_nistz256_mul_by_2q: .align 32 ecp_nistz256_point_double: .cfi_startproc + leaq OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx + cmpl $0x80100,%ecx + je .Lpoint_doublex pushq %rbp .cfi_adjust_cfa_offset 8 .cfi_offset %rbp,-16 @@ -1817,6 +2616,11 @@ ecp_nistz256_point_double: .align 32 ecp_nistz256_point_add: .cfi_startproc + leaq OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx + cmpl $0x80100,%ecx + je .Lpoint_addx pushq %rbp .cfi_adjust_cfa_offset 8 .cfi_offset %rbp,-16 @@ -2240,6 +3044,11 @@ ecp_nistz256_point_add: .align 32 ecp_nistz256_point_add_affine: .cfi_startproc + leaq OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx + cmpl $0x80100,%ecx + je .Lpoint_add_affinex pushq %rbp .cfi_adjust_cfa_offset 8 .cfi_offset %rbp,-16 @@ -2563,4 +3372,1109 @@ ecp_nistz256_point_add_affine: .byte 0xf3,0xc3 .cfi_endproc .size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine +.type __ecp_nistz256_add_tox,@function +.align 32 +__ecp_nistz256_add_tox: + xorq %r11,%r11 + adcq 0(%rbx),%r12 + adcq 8(%rbx),%r13 + movq %r12,%rax + adcq 16(%rbx),%r8 + adcq 24(%rbx),%r9 + movq %r13,%rbp + adcq $0,%r11 + + xorq %r10,%r10 + sbbq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + sbbq $0,%r11 + + cmovcq %rax,%r12 + cmovcq %rbp,%r13 + movq %r12,0(%rdi) + cmovcq %rcx,%r8 + movq %r13,8(%rdi) + cmovcq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 +.size __ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox + +.type __ecp_nistz256_sub_fromx,@function +.align 32 +__ecp_nistz256_sub_fromx: + xorq %r11,%r11 + sbbq 0(%rbx),%r12 + sbbq 8(%rbx),%r13 + movq %r12,%rax + sbbq 16(%rbx),%r8 + sbbq 24(%rbx),%r9 + movq %r13,%rbp + sbbq $0,%r11 + + xorq %r10,%r10 + adcq $-1,%r12 + movq %r8,%rcx + adcq %r14,%r13 + adcq $0,%r8 + movq %r9,%r10 + adcq %r15,%r9 + + btq $0,%r11 + cmovncq %rax,%r12 + cmovncq %rbp,%r13 + movq %r12,0(%rdi) + cmovncq %rcx,%r8 + movq %r13,8(%rdi) + cmovncq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 +.size __ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx + +.type __ecp_nistz256_subx,@function +.align 32 +__ecp_nistz256_subx: + xorq %r11,%r11 + sbbq %r12,%rax + sbbq %r13,%rbp + movq %rax,%r12 + sbbq %r8,%rcx + sbbq %r9,%r10 + movq %rbp,%r13 + sbbq $0,%r11 + + xorq %r9,%r9 + adcq $-1,%rax + movq %rcx,%r8 + adcq %r14,%rbp + adcq $0,%rcx + movq %r10,%r9 + adcq %r15,%r10 + + btq $0,%r11 + cmovcq %rax,%r12 + cmovcq %rbp,%r13 + cmovcq %rcx,%r8 + cmovcq %r10,%r9 + + .byte 0xf3,0xc3 +.size __ecp_nistz256_subx,.-__ecp_nistz256_subx + +.type __ecp_nistz256_mul_by_2x,@function +.align 32 +__ecp_nistz256_mul_by_2x: + xorq %r11,%r11 + adcq %r12,%r12 + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + adcq $0,%r11 + + xorq %r10,%r10 + sbbq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + sbbq $0,%r11 + + cmovcq %rax,%r12 + cmovcq %rbp,%r13 + movq %r12,0(%rdi) + cmovcq %rcx,%r8 + movq %r13,8(%rdi) + cmovcq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 +.size __ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x +.type ecp_nistz256_point_doublex,@function +.align 32 +ecp_nistz256_point_doublex: +.cfi_startproc +.Lpoint_doublex: + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-16 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 + subq $160+8,%rsp +.cfi_adjust_cfa_offset 32*5+8 +.Lpoint_doublex_body: + +.Lpoint_double_shortcutx: + movdqu 0(%rsi),%xmm0 + movq %rsi,%rbx + movdqu 16(%rsi),%xmm1 + movq 32+0(%rsi),%r12 + movq 32+8(%rsi),%r13 + movq 32+16(%rsi),%r8 + movq 32+24(%rsi),%r9 + movq .Lpoly+8(%rip),%r14 + movq .Lpoly+24(%rip),%r15 + movdqa %xmm0,96(%rsp) + movdqa %xmm1,96+16(%rsp) + leaq 32(%rdi),%r10 + leaq 64(%rdi),%r11 +.byte 102,72,15,110,199 +.byte 102,73,15,110,202 +.byte 102,73,15,110,211 + + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_by_2x + + movq 64+0(%rsi),%rdx + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + leaq 64-128(%rsi),%rsi + leaq 64(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 0+0(%rsp),%rdx + movq 8+0(%rsp),%r14 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 + leaq 0(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 32(%rbx),%rdx + movq 64+0(%rbx),%r9 + movq 64+8(%rbx),%r10 + movq 64+16(%rbx),%r11 + movq 64+24(%rbx),%r12 + leaq 64-128(%rbx),%rsi + leaq 32(%rbx),%rbx +.byte 102,72,15,126,215 + call __ecp_nistz256_mul_montx + call __ecp_nistz256_mul_by_2x + + movq 96+0(%rsp),%r12 + movq 96+8(%rsp),%r13 + leaq 64(%rsp),%rbx + movq 96+16(%rsp),%r8 + movq 96+24(%rsp),%r9 + leaq 32(%rsp),%rdi + call __ecp_nistz256_add_tox + + movq 96+0(%rsp),%r12 + movq 96+8(%rsp),%r13 + leaq 64(%rsp),%rbx + movq 96+16(%rsp),%r8 + movq 96+24(%rsp),%r9 + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 0+0(%rsp),%rdx + movq 8+0(%rsp),%r14 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 +.byte 102,72,15,126,207 + call __ecp_nistz256_sqr_montx + xorq %r9,%r9 + movq %r12,%rax + addq $-1,%r12 + movq %r13,%r10 + adcq %rsi,%r13 + movq %r14,%rcx + adcq $0,%r14 + movq %r15,%r8 + adcq %rbp,%r15 + adcq $0,%r9 + xorq %rsi,%rsi + testq $1,%rax + + cmovzq %rax,%r12 + cmovzq %r10,%r13 + cmovzq %rcx,%r14 + cmovzq %r8,%r15 + cmovzq %rsi,%r9 + + movq %r13,%rax + shrq $1,%r12 + shlq $63,%rax + movq %r14,%r10 + shrq $1,%r13 + orq %rax,%r12 + shlq $63,%r10 + movq %r15,%rcx + shrq $1,%r14 + orq %r10,%r13 + shlq $63,%rcx + movq %r12,0(%rdi) + shrq $1,%r15 + movq %r13,8(%rdi) + shlq $63,%r9 + orq %rcx,%r14 + orq %r9,%r15 + movq %r14,16(%rdi) + movq %r15,24(%rdi) + movq 64(%rsp),%rdx + leaq 64(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_by_2x + + leaq 32(%rsp),%rbx + leaq 32(%rsp),%rdi + call __ecp_nistz256_add_tox + + movq 96(%rsp),%rdx + leaq 96(%rsp),%rbx + movq 0+0(%rsp),%r9 + movq 8+0(%rsp),%r10 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r11 + movq 24+0(%rsp),%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_by_2x + + movq 0+32(%rsp),%rdx + movq 8+32(%rsp),%r14 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r15 + movq 24+32(%rsp),%r8 +.byte 102,72,15,126,199 + call __ecp_nistz256_sqr_montx + + leaq 128(%rsp),%rbx + movq %r14,%r8 + movq %r15,%r9 + movq %rsi,%r14 + movq %rbp,%r15 + call __ecp_nistz256_sub_fromx + + movq 0+0(%rsp),%rax + movq 0+8(%rsp),%rbp + movq 0+16(%rsp),%rcx + movq 0+24(%rsp),%r10 + leaq 0(%rsp),%rdi + call __ecp_nistz256_subx + + movq 32(%rsp),%rdx + leaq 32(%rsp),%rbx + movq %r12,%r14 + xorl %ecx,%ecx + movq %r12,0+0(%rsp) + movq %r13,%r10 + movq %r13,0+8(%rsp) + cmovzq %r8,%r11 + movq %r8,0+16(%rsp) + leaq 0-128(%rsp),%rsi + cmovzq %r9,%r12 + movq %r9,0+24(%rsp) + movq %r14,%r9 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + +.byte 102,72,15,126,203 +.byte 102,72,15,126,207 + call __ecp_nistz256_sub_fromx + + leaq 160+56(%rsp),%rsi +.cfi_def_cfa %rsi,8 + movq -48(%rsi),%r15 +.cfi_restore %r15 + movq -40(%rsi),%r14 +.cfi_restore %r14 + movq -32(%rsi),%r13 +.cfi_restore %r13 + movq -24(%rsi),%r12 +.cfi_restore %r12 + movq -16(%rsi),%rbx +.cfi_restore %rbx + movq -8(%rsi),%rbp +.cfi_restore %rbp + leaq (%rsi),%rsp +.cfi_def_cfa_register %rsp +.Lpoint_doublex_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size ecp_nistz256_point_doublex,.-ecp_nistz256_point_doublex +.type ecp_nistz256_point_addx,@function +.align 32 +ecp_nistz256_point_addx: +.cfi_startproc +.Lpoint_addx: + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-16 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 + subq $576+8,%rsp +.cfi_adjust_cfa_offset 32*18+8 +.Lpoint_addx_body: + + movdqu 0(%rsi),%xmm0 + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + movdqu 48(%rsi),%xmm3 + movdqu 64(%rsi),%xmm4 + movdqu 80(%rsi),%xmm5 + movq %rsi,%rbx + movq %rdx,%rsi + movdqa %xmm0,384(%rsp) + movdqa %xmm1,384+16(%rsp) + movdqa %xmm2,416(%rsp) + movdqa %xmm3,416+16(%rsp) + movdqa %xmm4,448(%rsp) + movdqa %xmm5,448+16(%rsp) + por %xmm4,%xmm5 + + movdqu 0(%rsi),%xmm0 + pshufd $0xb1,%xmm5,%xmm3 + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + por %xmm3,%xmm5 + movdqu 48(%rsi),%xmm3 + movq 64+0(%rsi),%rdx + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + movdqa %xmm0,480(%rsp) + pshufd $0x1e,%xmm5,%xmm4 + movdqa %xmm1,480+16(%rsp) + movdqu 64(%rsi),%xmm0 + movdqu 80(%rsi),%xmm1 + movdqa %xmm2,512(%rsp) + movdqa %xmm3,512+16(%rsp) + por %xmm4,%xmm5 + pxor %xmm4,%xmm4 + por %xmm0,%xmm1 +.byte 102,72,15,110,199 + + leaq 64-128(%rsi),%rsi + movq %rdx,544+0(%rsp) + movq %r14,544+8(%rsp) + movq %r15,544+16(%rsp) + movq %r8,544+24(%rsp) + leaq 96(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + pcmpeqd %xmm4,%xmm5 + pshufd $0xb1,%xmm1,%xmm4 + por %xmm1,%xmm4 + pshufd $0,%xmm5,%xmm5 + pshufd $0x1e,%xmm4,%xmm3 + por %xmm3,%xmm4 + pxor %xmm3,%xmm3 + pcmpeqd %xmm3,%xmm4 + pshufd $0,%xmm4,%xmm4 + movq 64+0(%rbx),%rdx + movq 64+8(%rbx),%r14 + movq 64+16(%rbx),%r15 + movq 64+24(%rbx),%r8 +.byte 102,72,15,110,203 + + leaq 64-128(%rbx),%rsi + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 544(%rsp),%rdx + leaq 544(%rsp),%rbx + movq 0+96(%rsp),%r9 + movq 8+96(%rsp),%r10 + leaq -128+96(%rsp),%rsi + movq 16+96(%rsp),%r11 + movq 24+96(%rsp),%r12 + leaq 224(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 448(%rsp),%rdx + leaq 448(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 416(%rsp),%rdx + leaq 416(%rsp),%rbx + movq 0+224(%rsp),%r9 + movq 8+224(%rsp),%r10 + leaq -128+224(%rsp),%rsi + movq 16+224(%rsp),%r11 + movq 24+224(%rsp),%r12 + leaq 224(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 512(%rsp),%rdx + leaq 512(%rsp),%rbx + movq 0+256(%rsp),%r9 + movq 8+256(%rsp),%r10 + leaq -128+256(%rsp),%rsi + movq 16+256(%rsp),%r11 + movq 24+256(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 224(%rsp),%rbx + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + orq %r13,%r12 + movdqa %xmm4,%xmm2 + orq %r8,%r12 + orq %r9,%r12 + por %xmm5,%xmm2 +.byte 102,73,15,110,220 + + movq 384(%rsp),%rdx + leaq 384(%rsp),%rbx + movq 0+96(%rsp),%r9 + movq 8+96(%rsp),%r10 + leaq -128+96(%rsp),%rsi + movq 16+96(%rsp),%r11 + movq 24+96(%rsp),%r12 + leaq 160(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 480(%rsp),%rdx + leaq 480(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 192(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 160(%rsp),%rbx + leaq 0(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + orq %r13,%r12 + orq %r8,%r12 + orq %r9,%r12 + +.byte 0x3e + jnz .Ladd_proceedx +.byte 102,73,15,126,208 +.byte 102,73,15,126,217 + testq %r8,%r8 + jnz .Ladd_proceedx + testq %r9,%r9 + jz .Ladd_doublex + +.byte 102,72,15,126,199 + pxor %xmm0,%xmm0 + movdqu %xmm0,0(%rdi) + movdqu %xmm0,16(%rdi) + movdqu %xmm0,32(%rdi) + movdqu %xmm0,48(%rdi) + movdqu %xmm0,64(%rdi) + movdqu %xmm0,80(%rdi) + jmp .Ladd_donex + +.align 32 +.Ladd_doublex: +.byte 102,72,15,126,206 +.byte 102,72,15,126,199 + addq $416,%rsp + jmp .Lpoint_double_shortcutx + +.align 32 +.Ladd_proceedx: + movq 0+64(%rsp),%rdx + movq 8+64(%rsp),%r14 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r15 + movq 24+64(%rsp),%r8 + leaq 96(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 448(%rsp),%rdx + leaq 448(%rsp),%rbx + movq 0+0(%rsp),%r9 + movq 8+0(%rsp),%r10 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r11 + movq 24+0(%rsp),%r12 + leaq 352(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 0+0(%rsp),%rdx + movq 8+0(%rsp),%r14 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 544(%rsp),%rdx + leaq 544(%rsp),%rbx + movq 0+352(%rsp),%r9 + movq 8+352(%rsp),%r10 + leaq -128+352(%rsp),%rsi + movq 16+352(%rsp),%r11 + movq 24+352(%rsp),%r12 + leaq 352(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 0(%rsp),%rdx + leaq 0(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 160(%rsp),%rdx + leaq 160(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 192(%rsp),%rdi + call __ecp_nistz256_mul_montx + + + + + xorq %r11,%r11 + addq %r12,%r12 + leaq 96(%rsp),%rsi + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + adcq $0,%r11 + + subq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + sbbq $0,%r11 + + cmovcq %rax,%r12 + movq 0(%rsi),%rax + cmovcq %rbp,%r13 + movq 8(%rsi),%rbp + cmovcq %rcx,%r8 + movq 16(%rsi),%rcx + cmovcq %r10,%r9 + movq 24(%rsi),%r10 + + call __ecp_nistz256_subx + + leaq 128(%rsp),%rbx + leaq 288(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 192+0(%rsp),%rax + movq 192+8(%rsp),%rbp + movq 192+16(%rsp),%rcx + movq 192+24(%rsp),%r10 + leaq 320(%rsp),%rdi + + call __ecp_nistz256_subx + + movq %r12,0(%rdi) + movq %r13,8(%rdi) + movq %r8,16(%rdi) + movq %r9,24(%rdi) + movq 128(%rsp),%rdx + leaq 128(%rsp),%rbx + movq 0+224(%rsp),%r9 + movq 8+224(%rsp),%r10 + leaq -128+224(%rsp),%rsi + movq 16+224(%rsp),%r11 + movq 24+224(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 320(%rsp),%rdx + leaq 320(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 320(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 256(%rsp),%rbx + leaq 320(%rsp),%rdi + call __ecp_nistz256_sub_fromx + +.byte 102,72,15,126,199 + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 352(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 352+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 544(%rsp),%xmm2 + pand 544+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 448(%rsp),%xmm2 + pand 448+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,64(%rdi) + movdqu %xmm3,80(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 288(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 288+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 480(%rsp),%xmm2 + pand 480+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 384(%rsp),%xmm2 + pand 384+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,0(%rdi) + movdqu %xmm3,16(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 320(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 320+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 512(%rsp),%xmm2 + pand 512+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 416(%rsp),%xmm2 + pand 416+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,32(%rdi) + movdqu %xmm3,48(%rdi) + +.Ladd_donex: + leaq 576+56(%rsp),%rsi +.cfi_def_cfa %rsi,8 + movq -48(%rsi),%r15 +.cfi_restore %r15 + movq -40(%rsi),%r14 +.cfi_restore %r14 + movq -32(%rsi),%r13 +.cfi_restore %r13 + movq -24(%rsi),%r12 +.cfi_restore %r12 + movq -16(%rsi),%rbx +.cfi_restore %rbx + movq -8(%rsi),%rbp +.cfi_restore %rbp + leaq (%rsi),%rsp +.cfi_def_cfa_register %rsp +.Lpoint_addx_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size ecp_nistz256_point_addx,.-ecp_nistz256_point_addx +.type ecp_nistz256_point_add_affinex,@function +.align 32 +ecp_nistz256_point_add_affinex: +.cfi_startproc +.Lpoint_add_affinex: + pushq %rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbp,-16 + pushq %rbx +.cfi_adjust_cfa_offset 8 +.cfi_offset %rbx,-24 + pushq %r12 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_adjust_cfa_offset 8 +.cfi_offset %r15,-56 + subq $480+8,%rsp +.cfi_adjust_cfa_offset 32*15+8 +.Ladd_affinex_body: + + movdqu 0(%rsi),%xmm0 + movq %rdx,%rbx + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + movdqu 48(%rsi),%xmm3 + movdqu 64(%rsi),%xmm4 + movdqu 80(%rsi),%xmm5 + movq 64+0(%rsi),%rdx + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + movdqa %xmm0,320(%rsp) + movdqa %xmm1,320+16(%rsp) + movdqa %xmm2,352(%rsp) + movdqa %xmm3,352+16(%rsp) + movdqa %xmm4,384(%rsp) + movdqa %xmm5,384+16(%rsp) + por %xmm4,%xmm5 + + movdqu 0(%rbx),%xmm0 + pshufd $0xb1,%xmm5,%xmm3 + movdqu 16(%rbx),%xmm1 + movdqu 32(%rbx),%xmm2 + por %xmm3,%xmm5 + movdqu 48(%rbx),%xmm3 + movdqa %xmm0,416(%rsp) + pshufd $0x1e,%xmm5,%xmm4 + movdqa %xmm1,416+16(%rsp) + por %xmm0,%xmm1 +.byte 102,72,15,110,199 + movdqa %xmm2,448(%rsp) + movdqa %xmm3,448+16(%rsp) + por %xmm2,%xmm3 + por %xmm4,%xmm5 + pxor %xmm4,%xmm4 + por %xmm1,%xmm3 + + leaq 64-128(%rsi),%rsi + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + pcmpeqd %xmm4,%xmm5 + pshufd $0xb1,%xmm3,%xmm4 + movq 0(%rbx),%rdx + + movq %r12,%r9 + por %xmm3,%xmm4 + pshufd $0,%xmm5,%xmm5 + pshufd $0x1e,%xmm4,%xmm3 + movq %r13,%r10 + por %xmm3,%xmm4 + pxor %xmm3,%xmm3 + movq %r14,%r11 + pcmpeqd %xmm3,%xmm4 + pshufd $0,%xmm4,%xmm4 + + leaq 32-128(%rsp),%rsi + movq %r15,%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 320(%rsp),%rbx + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 384(%rsp),%rdx + leaq 384(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 384(%rsp),%rdx + leaq 384(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 288(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 448(%rsp),%rdx + leaq 448(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 352(%rsp),%rbx + leaq 96(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 0+64(%rsp),%rdx + movq 8+64(%rsp),%r14 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r15 + movq 24+64(%rsp),%r8 + leaq 128(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 0+96(%rsp),%rdx + movq 8+96(%rsp),%r14 + leaq -128+96(%rsp),%rsi + movq 16+96(%rsp),%r15 + movq 24+96(%rsp),%r8 + leaq 192(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 128(%rsp),%rdx + leaq 128(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 160(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 320(%rsp),%rdx + leaq 320(%rsp),%rbx + movq 0+128(%rsp),%r9 + movq 8+128(%rsp),%r10 + leaq -128+128(%rsp),%rsi + movq 16+128(%rsp),%r11 + movq 24+128(%rsp),%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + + + + + xorq %r11,%r11 + addq %r12,%r12 + leaq 192(%rsp),%rsi + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + adcq $0,%r11 + + subq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + sbbq $0,%r11 + + cmovcq %rax,%r12 + movq 0(%rsi),%rax + cmovcq %rbp,%r13 + movq 8(%rsi),%rbp + cmovcq %rcx,%r8 + movq 16(%rsi),%rcx + cmovcq %r10,%r9 + movq 24(%rsi),%r10 + + call __ecp_nistz256_subx + + leaq 160(%rsp),%rbx + leaq 224(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 0+0(%rsp),%rax + movq 0+8(%rsp),%rbp + movq 0+16(%rsp),%rcx + movq 0+24(%rsp),%r10 + leaq 64(%rsp),%rdi + + call __ecp_nistz256_subx + + movq %r12,0(%rdi) + movq %r13,8(%rdi) + movq %r8,16(%rdi) + movq %r9,24(%rdi) + movq 352(%rsp),%rdx + leaq 352(%rsp),%rbx + movq 0+160(%rsp),%r9 + movq 8+160(%rsp),%r10 + leaq -128+160(%rsp),%rsi + movq 16+160(%rsp),%r11 + movq 24+160(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 96(%rsp),%rdx + leaq 96(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 64(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 32(%rsp),%rbx + leaq 256(%rsp),%rdi + call __ecp_nistz256_sub_fromx + +.byte 102,72,15,126,199 + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 288(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 288+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand .LONE_mont(%rip),%xmm2 + pand .LONE_mont+16(%rip),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 384(%rsp),%xmm2 + pand 384+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,64(%rdi) + movdqu %xmm3,80(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 224(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 224+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 416(%rsp),%xmm2 + pand 416+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 320(%rsp),%xmm2 + pand 320+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,0(%rdi) + movdqu %xmm3,16(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 256(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 256+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 448(%rsp),%xmm2 + pand 448+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 352(%rsp),%xmm2 + pand 352+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,32(%rdi) + movdqu %xmm3,48(%rdi) + + leaq 480+56(%rsp),%rsi +.cfi_def_cfa %rsi,8 + movq -48(%rsi),%r15 +.cfi_restore %r15 + movq -40(%rsi),%r14 +.cfi_restore %r14 + movq -32(%rsi),%r13 +.cfi_restore %r13 + movq -24(%rsi),%r12 +.cfi_restore %r12 + movq -16(%rsi),%rbx +.cfi_restore %rbx + movq -8(%rsi),%rbp +.cfi_restore %rbp + leaq (%rsi),%rsp +.cfi_def_cfa_register %rsp +.Ladd_affinex_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size ecp_nistz256_point_add_affinex,.-ecp_nistz256_point_add_affinex #endif diff --git a/third_party/boringssl/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S b/third_party/boringssl/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S index 89b81ed88d..e6db7f6ef5 100644 --- a/third_party/boringssl/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S +++ b/third_party/boringssl/linux-x86_64/crypto/fipsmodule/rsaz-avx2.S @@ -1724,6 +1724,11 @@ rsaz_1024_gather5_avx2: rsaz_avx2_eligible: leaq OPENSSL_ia32cap_P(%rip),%rax movl 8(%rax),%eax + movl $524544,%ecx + movl $0,%edx + andl %eax,%ecx + cmpl $524544,%ecx + cmovel %edx,%eax andl $32,%eax shrl $5,%eax .byte 0xf3,0xc3 diff --git a/third_party/boringssl/linux-x86_64/crypto/fipsmodule/x86_64-mont.S b/third_party/boringssl/linux-x86_64/crypto/fipsmodule/x86_64-mont.S index 1f673ef816..3d867cd1af 100644 --- a/third_party/boringssl/linux-x86_64/crypto/fipsmodule/x86_64-mont.S +++ b/third_party/boringssl/linux-x86_64/crypto/fipsmodule/x86_64-mont.S @@ -17,6 +17,8 @@ bn_mul_mont: jnz .Lmul_enter cmpl $8,%r9d jb .Lmul_enter + leaq OPENSSL_ia32cap_P(%rip),%r11 + movl 8(%r11),%r11d cmpq %rsi,%rdx jne .Lmul4x_enter testl $7,%r9d @@ -208,30 +210,30 @@ bn_mul_mont: xorq %r14,%r14 movq (%rsp),%rax - leaq (%rsp),%rsi movq %r9,%r15 - jmp .Lsub + .align 16 .Lsub: sbbq (%rcx,%r14,8),%rax movq %rax,(%rdi,%r14,8) - movq 8(%rsi,%r14,8),%rax + movq 8(%rsp,%r14,8),%rax leaq 1(%r14),%r14 decq %r15 jnz .Lsub sbbq $0,%rax + movq $-1,%rbx + xorq %rax,%rbx xorq %r14,%r14 - andq %rax,%rsi - notq %rax - movq %rdi,%rcx - andq %rax,%rcx movq %r9,%r15 - orq %rcx,%rsi -.align 16 + .Lcopy: - movq (%rsi,%r14,8),%rax - movq %r14,(%rsp,%r14,8) - movq %rax,(%rdi,%r14,8) + movq (%rdi,%r14,8),%rcx + movq (%rsp,%r14,8),%rdx + andq %rbx,%rcx + andq %rax,%rdx + movq %r9,(%rsp,%r14,8) + orq %rcx,%rdx + movq %rdx,(%rdi,%r14,8) leaq 1(%r14),%r14 subq $1,%r15 jnz .Lcopy @@ -265,6 +267,9 @@ bn_mul4x_mont: movq %rsp,%rax .cfi_def_cfa_register %rax .Lmul4x_enter: + andl $0x80100,%r11d + cmpl $0x80100,%r11d + je .Lmulx4x_enter pushq %rbx .cfi_offset %rbx,-16 pushq %rbp @@ -602,7 +607,6 @@ bn_mul4x_mont: movq 16(%rsp,%r9,8),%rdi leaq -4(%r9),%r15 movq 0(%rsp),%rax - pxor %xmm0,%xmm0 movq 8(%rsp),%rdx shrq $2,%r15 leaq (%rsp),%rsi @@ -612,8 +616,7 @@ bn_mul4x_mont: movq 16(%rsi),%rbx movq 24(%rsi),%rbp sbbq 8(%rcx),%rdx - jmp .Lsub4x -.align 16 + .Lsub4x: movq %rax,0(%rdi,%r14,8) movq %rdx,8(%rdi,%r14,8) @@ -640,34 +643,35 @@ bn_mul4x_mont: sbbq $0,%rax movq %rbp,24(%rdi,%r14,8) - xorq %r14,%r14 - andq %rax,%rsi - notq %rax - movq %rdi,%rcx - andq %rax,%rcx - leaq -4(%r9),%r15 - orq %rcx,%rsi + pxor %xmm0,%xmm0 +.byte 102,72,15,110,224 + pcmpeqd %xmm5,%xmm5 + pshufd $0,%xmm4,%xmm4 + movq %r9,%r15 + pxor %xmm4,%xmm5 shrq $2,%r15 + xorl %eax,%eax - movdqu (%rsi),%xmm1 - movdqa %xmm0,(%rsp) - movdqu %xmm1,(%rdi) jmp .Lcopy4x .align 16 .Lcopy4x: - movdqu 16(%rsi,%r14,1),%xmm2 - movdqu 32(%rsi,%r14,1),%xmm1 - movdqa %xmm0,16(%rsp,%r14,1) - movdqu %xmm2,16(%rdi,%r14,1) - movdqa %xmm0,32(%rsp,%r14,1) - movdqu %xmm1,32(%rdi,%r14,1) - leaq 32(%r14),%r14 + movdqa (%rsp,%rax,1),%xmm1 + movdqu (%rdi,%rax,1),%xmm2 + pand %xmm4,%xmm1 + pand %xmm5,%xmm2 + movdqa 16(%rsp,%rax,1),%xmm3 + movdqa %xmm0,(%rsp,%rax,1) + por %xmm2,%xmm1 + movdqu 16(%rdi,%rax,1),%xmm2 + movdqu %xmm1,(%rdi,%rax,1) + pand %xmm4,%xmm3 + pand %xmm5,%xmm2 + movdqa %xmm0,16(%rsp,%rax,1) + por %xmm2,%xmm3 + movdqu %xmm3,16(%rdi,%rax,1) + leaq 32(%rax),%rax decq %r15 jnz .Lcopy4x - - movdqu 16(%rsi,%r14,1),%xmm2 - movdqa %xmm0,16(%rsp,%r14,1) - movdqu %xmm2,16(%rdi,%r14,1) movq 8(%rsp,%r9,8),%rsi .cfi_def_cfa %rsi, 8 movq $1,%rax @@ -689,6 +693,8 @@ bn_mul4x_mont: .byte 0xf3,0xc3 .cfi_endproc .size bn_mul4x_mont,.-bn_mul4x_mont +.extern bn_sqrx8x_internal +.hidden bn_sqrx8x_internal .extern bn_sqr8x_internal .hidden bn_sqr8x_internal @@ -773,6 +779,26 @@ bn_sqr8x_mont: pxor %xmm0,%xmm0 .byte 102,72,15,110,207 .byte 102,73,15,110,218 + leaq OPENSSL_ia32cap_P(%rip),%rax + movl 8(%rax),%eax + andl $0x80100,%eax + cmpl $0x80100,%eax + jne .Lsqr8x_nox + + call bn_sqrx8x_internal + + + + + leaq (%r8,%rcx,1),%rbx + movq %rcx,%r9 + movq %rcx,%rdx +.byte 102,72,15,126,207 + sarq $3+2,%rcx + jmp .Lsqr8x_sub + +.align 32 +.Lsqr8x_nox: call bn_sqr8x_internal @@ -860,6 +886,362 @@ bn_sqr8x_mont: .byte 0xf3,0xc3 .cfi_endproc .size bn_sqr8x_mont,.-bn_sqr8x_mont +.type bn_mulx4x_mont,@function +.align 32 +bn_mulx4x_mont: +.cfi_startproc + movq %rsp,%rax +.cfi_def_cfa_register %rax +.Lmulx4x_enter: + pushq %rbx +.cfi_offset %rbx,-16 + pushq %rbp +.cfi_offset %rbp,-24 + pushq %r12 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_offset %r15,-56 +.Lmulx4x_prologue: + + shll $3,%r9d + xorq %r10,%r10 + subq %r9,%r10 + movq (%r8),%r8 + leaq -72(%rsp,%r10,1),%rbp + andq $-128,%rbp + movq %rsp,%r11 + subq %rbp,%r11 + andq $-4096,%r11 + leaq (%r11,%rbp,1),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja .Lmulx4x_page_walk + jmp .Lmulx4x_page_walk_done + +.align 16 +.Lmulx4x_page_walk: + leaq -4096(%rsp),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja .Lmulx4x_page_walk +.Lmulx4x_page_walk_done: + + leaq (%rdx,%r9,1),%r10 + + + + + + + + + + + + + movq %r9,0(%rsp) + shrq $5,%r9 + movq %r10,16(%rsp) + subq $1,%r9 + movq %r8,24(%rsp) + movq %rdi,32(%rsp) + movq %rax,40(%rsp) +.cfi_escape 0x0f,0x05,0x77,0x28,0x06,0x23,0x08 + movq %r9,48(%rsp) + jmp .Lmulx4x_body + +.align 32 +.Lmulx4x_body: + leaq 8(%rdx),%rdi + movq (%rdx),%rdx + leaq 64+32(%rsp),%rbx + movq %rdx,%r9 + + mulxq 0(%rsi),%r8,%rax + mulxq 8(%rsi),%r11,%r14 + addq %rax,%r11 + movq %rdi,8(%rsp) + mulxq 16(%rsi),%r12,%r13 + adcq %r14,%r12 + adcq $0,%r13 + + movq %r8,%rdi + imulq 24(%rsp),%r8 + xorq %rbp,%rbp + + mulxq 24(%rsi),%rax,%r14 + movq %r8,%rdx + leaq 32(%rsi),%rsi + adcxq %rax,%r13 + adcxq %rbp,%r14 + + mulxq 0(%rcx),%rax,%r10 + adcxq %rax,%rdi + adoxq %r11,%r10 + mulxq 8(%rcx),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 +.byte 0xc4,0x62,0xfb,0xf6,0xa1,0x10,0x00,0x00,0x00 + movq 48(%rsp),%rdi + movq %r10,-32(%rbx) + adcxq %rax,%r11 + adoxq %r13,%r12 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r11,-24(%rbx) + adcxq %rax,%r12 + adoxq %rbp,%r15 + leaq 32(%rcx),%rcx + movq %r12,-16(%rbx) + + jmp .Lmulx4x_1st + +.align 32 +.Lmulx4x_1st: + adcxq %rbp,%r15 + mulxq 0(%rsi),%r10,%rax + adcxq %r14,%r10 + mulxq 8(%rsi),%r11,%r14 + adcxq %rax,%r11 + mulxq 16(%rsi),%r12,%rax + adcxq %r14,%r12 + mulxq 24(%rsi),%r13,%r14 +.byte 0x67,0x67 + movq %r8,%rdx + adcxq %rax,%r13 + adcxq %rbp,%r14 + leaq 32(%rsi),%rsi + leaq 32(%rbx),%rbx + + adoxq %r15,%r10 + mulxq 0(%rcx),%rax,%r15 + adcxq %rax,%r10 + adoxq %r15,%r11 + mulxq 8(%rcx),%rax,%r15 + adcxq %rax,%r11 + adoxq %r15,%r12 + mulxq 16(%rcx),%rax,%r15 + movq %r10,-40(%rbx) + adcxq %rax,%r12 + movq %r11,-32(%rbx) + adoxq %r15,%r13 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r12,-24(%rbx) + adcxq %rax,%r13 + adoxq %rbp,%r15 + leaq 32(%rcx),%rcx + movq %r13,-16(%rbx) + + decq %rdi + jnz .Lmulx4x_1st + + movq 0(%rsp),%rax + movq 8(%rsp),%rdi + adcq %rbp,%r15 + addq %r15,%r14 + sbbq %r15,%r15 + movq %r14,-8(%rbx) + jmp .Lmulx4x_outer + +.align 32 +.Lmulx4x_outer: + movq (%rdi),%rdx + leaq 8(%rdi),%rdi + subq %rax,%rsi + movq %r15,(%rbx) + leaq 64+32(%rsp),%rbx + subq %rax,%rcx + + mulxq 0(%rsi),%r8,%r11 + xorl %ebp,%ebp + movq %rdx,%r9 + mulxq 8(%rsi),%r14,%r12 + adoxq -32(%rbx),%r8 + adcxq %r14,%r11 + mulxq 16(%rsi),%r15,%r13 + adoxq -24(%rbx),%r11 + adcxq %r15,%r12 + adoxq -16(%rbx),%r12 + adcxq %rbp,%r13 + adoxq %rbp,%r13 + + movq %rdi,8(%rsp) + movq %r8,%r15 + imulq 24(%rsp),%r8 + xorl %ebp,%ebp + + mulxq 24(%rsi),%rax,%r14 + movq %r8,%rdx + adcxq %rax,%r13 + adoxq -8(%rbx),%r13 + adcxq %rbp,%r14 + leaq 32(%rsi),%rsi + adoxq %rbp,%r14 + + mulxq 0(%rcx),%rax,%r10 + adcxq %rax,%r15 + adoxq %r11,%r10 + mulxq 8(%rcx),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 + mulxq 16(%rcx),%rax,%r12 + movq %r10,-32(%rbx) + adcxq %rax,%r11 + adoxq %r13,%r12 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r11,-24(%rbx) + leaq 32(%rcx),%rcx + adcxq %rax,%r12 + adoxq %rbp,%r15 + movq 48(%rsp),%rdi + movq %r12,-16(%rbx) + + jmp .Lmulx4x_inner + +.align 32 +.Lmulx4x_inner: + mulxq 0(%rsi),%r10,%rax + adcxq %rbp,%r15 + adoxq %r14,%r10 + mulxq 8(%rsi),%r11,%r14 + adcxq 0(%rbx),%r10 + adoxq %rax,%r11 + mulxq 16(%rsi),%r12,%rax + adcxq 8(%rbx),%r11 + adoxq %r14,%r12 + mulxq 24(%rsi),%r13,%r14 + movq %r8,%rdx + adcxq 16(%rbx),%r12 + adoxq %rax,%r13 + adcxq 24(%rbx),%r13 + adoxq %rbp,%r14 + leaq 32(%rsi),%rsi + leaq 32(%rbx),%rbx + adcxq %rbp,%r14 + + adoxq %r15,%r10 + mulxq 0(%rcx),%rax,%r15 + adcxq %rax,%r10 + adoxq %r15,%r11 + mulxq 8(%rcx),%rax,%r15 + adcxq %rax,%r11 + adoxq %r15,%r12 + mulxq 16(%rcx),%rax,%r15 + movq %r10,-40(%rbx) + adcxq %rax,%r12 + adoxq %r15,%r13 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r11,-32(%rbx) + movq %r12,-24(%rbx) + adcxq %rax,%r13 + adoxq %rbp,%r15 + leaq 32(%rcx),%rcx + movq %r13,-16(%rbx) + + decq %rdi + jnz .Lmulx4x_inner + + movq 0(%rsp),%rax + movq 8(%rsp),%rdi + adcq %rbp,%r15 + subq 0(%rbx),%rbp + adcq %r15,%r14 + sbbq %r15,%r15 + movq %r14,-8(%rbx) + + cmpq 16(%rsp),%rdi + jne .Lmulx4x_outer + + leaq 64(%rsp),%rbx + subq %rax,%rcx + negq %r15 + movq %rax,%rdx + shrq $3+2,%rax + movq 32(%rsp),%rdi + jmp .Lmulx4x_sub + +.align 32 +.Lmulx4x_sub: + movq 0(%rbx),%r11 + movq 8(%rbx),%r12 + movq 16(%rbx),%r13 + movq 24(%rbx),%r14 + leaq 32(%rbx),%rbx + sbbq 0(%rcx),%r11 + sbbq 8(%rcx),%r12 + sbbq 16(%rcx),%r13 + sbbq 24(%rcx),%r14 + leaq 32(%rcx),%rcx + movq %r11,0(%rdi) + movq %r12,8(%rdi) + movq %r13,16(%rdi) + movq %r14,24(%rdi) + leaq 32(%rdi),%rdi + decq %rax + jnz .Lmulx4x_sub + + sbbq $0,%r15 + leaq 64(%rsp),%rbx + subq %rdx,%rdi + +.byte 102,73,15,110,207 + pxor %xmm0,%xmm0 + pshufd $0,%xmm1,%xmm1 + movq 40(%rsp),%rsi +.cfi_def_cfa %rsi,8 + jmp .Lmulx4x_cond_copy + +.align 32 +.Lmulx4x_cond_copy: + movdqa 0(%rbx),%xmm2 + movdqa 16(%rbx),%xmm3 + leaq 32(%rbx),%rbx + movdqu 0(%rdi),%xmm4 + movdqu 16(%rdi),%xmm5 + leaq 32(%rdi),%rdi + movdqa %xmm0,-32(%rbx) + movdqa %xmm0,-16(%rbx) + pcmpeqd %xmm1,%xmm0 + pand %xmm1,%xmm2 + pand %xmm1,%xmm3 + pand %xmm0,%xmm4 + pand %xmm0,%xmm5 + pxor %xmm0,%xmm0 + por %xmm2,%xmm4 + por %xmm3,%xmm5 + movdqu %xmm4,-32(%rdi) + movdqu %xmm5,-16(%rdi) + subq $32,%rdx + jnz .Lmulx4x_cond_copy + + movq %rdx,(%rbx) + + movq $1,%rax + movq -48(%rsi),%r15 +.cfi_restore %r15 + movq -40(%rsi),%r14 +.cfi_restore %r14 + movq -32(%rsi),%r13 +.cfi_restore %r13 + movq -24(%rsi),%r12 +.cfi_restore %r12 + movq -16(%rsi),%rbp +.cfi_restore %rbp + movq -8(%rsi),%rbx +.cfi_restore %rbx + leaq (%rsi),%rsp +.cfi_def_cfa_register %rsp +.Lmulx4x_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size bn_mulx4x_mont,.-bn_mulx4x_mont .byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 16 #endif diff --git a/third_party/boringssl/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S b/third_party/boringssl/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S index 1ec58ca072..bc4e27472c 100644 --- a/third_party/boringssl/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S +++ b/third_party/boringssl/linux-x86_64/crypto/fipsmodule/x86_64-mont5.S @@ -15,6 +15,8 @@ bn_mul_mont_gather5: .cfi_def_cfa_register %rax testl $7,%r9d jnz .Lmul_enter + leaq OPENSSL_ia32cap_P(%rip),%r11 + movl 8(%r11),%r11d jmp .Lmul4x_enter .align 16 @@ -404,18 +406,19 @@ bn_mul_mont_gather5: jnz .Lsub sbbq $0,%rax + movq $-1,%rbx + xorq %rax,%rbx xorq %r14,%r14 - andq %rax,%rsi - notq %rax - movq %rdi,%rcx - andq %rax,%rcx movq %r9,%r15 - orq %rcx,%rsi -.align 16 + .Lcopy: - movq (%rsi,%r14,8),%rax + movq (%rdi,%r14,8),%rcx + movq (%rsp,%r14,8),%rdx + andq %rbx,%rcx + andq %rax,%rdx movq %r14,(%rsp,%r14,8) - movq %rax,(%rdi,%r14,8) + orq %rcx,%rdx + movq %rdx,(%rdi,%r14,8) leaq 1(%r14),%r14 subq $1,%r15 jnz .Lcopy @@ -450,6 +453,9 @@ bn_mul4x_mont_gather5: movq %rsp,%rax .cfi_def_cfa_register %rax .Lmul4x_enter: + andl $0x80108,%r11d + cmpl $0x80108,%r11d + je .Lmulx4x_enter pushq %rbx .cfi_offset %rbx,-16 pushq %rbp @@ -1078,6 +1084,11 @@ bn_power5: .cfi_startproc movq %rsp,%rax .cfi_def_cfa_register %rax + leaq OPENSSL_ia32cap_P(%rip),%r11 + movl 8(%r11),%r11d + andl $0x80108,%r11d + cmpl $0x80108,%r11d + je .Lpowerx5_enter pushq %rbx .cfi_offset %rbx,-16 pushq %rbp @@ -2163,6 +2174,22 @@ bn_from_mont8x: .byte 0x67 movq %rcx,%rbp .byte 102,73,15,110,218 + leaq OPENSSL_ia32cap_P(%rip),%r11 + movl 8(%r11),%r11d + andl $0x80108,%r11d + cmpl $0x80108,%r11d + jne .Lfrom_mont_nox + + leaq (%rax,%r9,1),%rdi + call __bn_sqrx8x_reduction + call __bn_postx4x_internal + + pxor %xmm0,%xmm0 + leaq 48(%rsp),%rax + jmp .Lfrom_mont_zero + +.align 32 +.Lfrom_mont_nox: call __bn_sqr8x_reduction call __bn_post4x_internal @@ -2201,6 +2228,1343 @@ bn_from_mont8x: .byte 0xf3,0xc3 .cfi_endproc .size bn_from_mont8x,.-bn_from_mont8x +.type bn_mulx4x_mont_gather5,@function +.align 32 +bn_mulx4x_mont_gather5: +.cfi_startproc + movq %rsp,%rax +.cfi_def_cfa_register %rax +.Lmulx4x_enter: + pushq %rbx +.cfi_offset %rbx,-16 + pushq %rbp +.cfi_offset %rbp,-24 + pushq %r12 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_offset %r15,-56 +.Lmulx4x_prologue: + + shll $3,%r9d + leaq (%r9,%r9,2),%r10 + negq %r9 + movq (%r8),%r8 + + + + + + + + + + + leaq -320(%rsp,%r9,2),%r11 + movq %rsp,%rbp + subq %rdi,%r11 + andq $4095,%r11 + cmpq %r11,%r10 + jb .Lmulx4xsp_alt + subq %r11,%rbp + leaq -320(%rbp,%r9,2),%rbp + jmp .Lmulx4xsp_done + +.Lmulx4xsp_alt: + leaq 4096-320(,%r9,2),%r10 + leaq -320(%rbp,%r9,2),%rbp + subq %r10,%r11 + movq $0,%r10 + cmovcq %r10,%r11 + subq %r11,%rbp +.Lmulx4xsp_done: + andq $-64,%rbp + movq %rsp,%r11 + subq %rbp,%r11 + andq $-4096,%r11 + leaq (%r11,%rbp,1),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja .Lmulx4x_page_walk + jmp .Lmulx4x_page_walk_done + +.Lmulx4x_page_walk: + leaq -4096(%rsp),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja .Lmulx4x_page_walk +.Lmulx4x_page_walk_done: + + + + + + + + + + + + + + movq %r8,32(%rsp) + movq %rax,40(%rsp) +.cfi_escape 0x0f,0x05,0x77,0x28,0x06,0x23,0x08 +.Lmulx4x_body: + call mulx4x_internal + + movq 40(%rsp),%rsi +.cfi_def_cfa %rsi,8 + movq $1,%rax + + movq -48(%rsi),%r15 +.cfi_restore %r15 + movq -40(%rsi),%r14 +.cfi_restore %r14 + movq -32(%rsi),%r13 +.cfi_restore %r13 + movq -24(%rsi),%r12 +.cfi_restore %r12 + movq -16(%rsi),%rbp +.cfi_restore %rbp + movq -8(%rsi),%rbx +.cfi_restore %rbx + leaq (%rsi),%rsp +.cfi_def_cfa_register %rsp +.Lmulx4x_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size bn_mulx4x_mont_gather5,.-bn_mulx4x_mont_gather5 + +.type mulx4x_internal,@function +.align 32 +mulx4x_internal: + movq %r9,8(%rsp) + movq %r9,%r10 + negq %r9 + shlq $5,%r9 + negq %r10 + leaq 128(%rdx,%r9,1),%r13 + shrq $5+5,%r9 + movd 8(%rax),%xmm5 + subq $1,%r9 + leaq .Linc(%rip),%rax + movq %r13,16+8(%rsp) + movq %r9,24+8(%rsp) + movq %rdi,56+8(%rsp) + movdqa 0(%rax),%xmm0 + movdqa 16(%rax),%xmm1 + leaq 88-112(%rsp,%r10,1),%r10 + leaq 128(%rdx),%rdi + + pshufd $0,%xmm5,%xmm5 + movdqa %xmm1,%xmm4 +.byte 0x67 + movdqa %xmm1,%xmm2 +.byte 0x67 + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm4,%xmm3 + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,112(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,128(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,144(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,160(%r10) + movdqa %xmm4,%xmm3 + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,176(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,192(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,208(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,224(%r10) + movdqa %xmm4,%xmm3 + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,240(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,256(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,272(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,288(%r10) + movdqa %xmm4,%xmm3 +.byte 0x67 + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,304(%r10) + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,320(%r10) + + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,336(%r10) + + pand 64(%rdi),%xmm0 + pand 80(%rdi),%xmm1 + pand 96(%rdi),%xmm2 + movdqa %xmm3,352(%r10) + pand 112(%rdi),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 + movdqa -128(%rdi),%xmm4 + movdqa -112(%rdi),%xmm5 + movdqa -96(%rdi),%xmm2 + pand 112(%r10),%xmm4 + movdqa -80(%rdi),%xmm3 + pand 128(%r10),%xmm5 + por %xmm4,%xmm0 + pand 144(%r10),%xmm2 + por %xmm5,%xmm1 + pand 160(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 + movdqa -64(%rdi),%xmm4 + movdqa -48(%rdi),%xmm5 + movdqa -32(%rdi),%xmm2 + pand 176(%r10),%xmm4 + movdqa -16(%rdi),%xmm3 + pand 192(%r10),%xmm5 + por %xmm4,%xmm0 + pand 208(%r10),%xmm2 + por %xmm5,%xmm1 + pand 224(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 + movdqa 0(%rdi),%xmm4 + movdqa 16(%rdi),%xmm5 + movdqa 32(%rdi),%xmm2 + pand 240(%r10),%xmm4 + movdqa 48(%rdi),%xmm3 + pand 256(%r10),%xmm5 + por %xmm4,%xmm0 + pand 272(%r10),%xmm2 + por %xmm5,%xmm1 + pand 288(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 + pxor %xmm1,%xmm0 + pshufd $0x4e,%xmm0,%xmm1 + por %xmm1,%xmm0 + leaq 256(%rdi),%rdi +.byte 102,72,15,126,194 + leaq 64+32+8(%rsp),%rbx + + movq %rdx,%r9 + mulxq 0(%rsi),%r8,%rax + mulxq 8(%rsi),%r11,%r12 + addq %rax,%r11 + mulxq 16(%rsi),%rax,%r13 + adcq %rax,%r12 + adcq $0,%r13 + mulxq 24(%rsi),%rax,%r14 + + movq %r8,%r15 + imulq 32+8(%rsp),%r8 + xorq %rbp,%rbp + movq %r8,%rdx + + movq %rdi,8+8(%rsp) + + leaq 32(%rsi),%rsi + adcxq %rax,%r13 + adcxq %rbp,%r14 + + mulxq 0(%rcx),%rax,%r10 + adcxq %rax,%r15 + adoxq %r11,%r10 + mulxq 8(%rcx),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 + mulxq 16(%rcx),%rax,%r12 + movq 24+8(%rsp),%rdi + movq %r10,-32(%rbx) + adcxq %rax,%r11 + adoxq %r13,%r12 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r11,-24(%rbx) + adcxq %rax,%r12 + adoxq %rbp,%r15 + leaq 32(%rcx),%rcx + movq %r12,-16(%rbx) + jmp .Lmulx4x_1st + +.align 32 +.Lmulx4x_1st: + adcxq %rbp,%r15 + mulxq 0(%rsi),%r10,%rax + adcxq %r14,%r10 + mulxq 8(%rsi),%r11,%r14 + adcxq %rax,%r11 + mulxq 16(%rsi),%r12,%rax + adcxq %r14,%r12 + mulxq 24(%rsi),%r13,%r14 +.byte 0x67,0x67 + movq %r8,%rdx + adcxq %rax,%r13 + adcxq %rbp,%r14 + leaq 32(%rsi),%rsi + leaq 32(%rbx),%rbx + + adoxq %r15,%r10 + mulxq 0(%rcx),%rax,%r15 + adcxq %rax,%r10 + adoxq %r15,%r11 + mulxq 8(%rcx),%rax,%r15 + adcxq %rax,%r11 + adoxq %r15,%r12 + mulxq 16(%rcx),%rax,%r15 + movq %r10,-40(%rbx) + adcxq %rax,%r12 + movq %r11,-32(%rbx) + adoxq %r15,%r13 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r12,-24(%rbx) + adcxq %rax,%r13 + adoxq %rbp,%r15 + leaq 32(%rcx),%rcx + movq %r13,-16(%rbx) + + decq %rdi + jnz .Lmulx4x_1st + + movq 8(%rsp),%rax + adcq %rbp,%r15 + leaq (%rsi,%rax,1),%rsi + addq %r15,%r14 + movq 8+8(%rsp),%rdi + adcq %rbp,%rbp + movq %r14,-8(%rbx) + jmp .Lmulx4x_outer + +.align 32 +.Lmulx4x_outer: + leaq 16-256(%rbx),%r10 + pxor %xmm4,%xmm4 +.byte 0x67,0x67 + pxor %xmm5,%xmm5 + movdqa -128(%rdi),%xmm0 + movdqa -112(%rdi),%xmm1 + movdqa -96(%rdi),%xmm2 + pand 256(%r10),%xmm0 + movdqa -80(%rdi),%xmm3 + pand 272(%r10),%xmm1 + por %xmm0,%xmm4 + pand 288(%r10),%xmm2 + por %xmm1,%xmm5 + pand 304(%r10),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 + movdqa -64(%rdi),%xmm0 + movdqa -48(%rdi),%xmm1 + movdqa -32(%rdi),%xmm2 + pand 320(%r10),%xmm0 + movdqa -16(%rdi),%xmm3 + pand 336(%r10),%xmm1 + por %xmm0,%xmm4 + pand 352(%r10),%xmm2 + por %xmm1,%xmm5 + pand 368(%r10),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 + movdqa 0(%rdi),%xmm0 + movdqa 16(%rdi),%xmm1 + movdqa 32(%rdi),%xmm2 + pand 384(%r10),%xmm0 + movdqa 48(%rdi),%xmm3 + pand 400(%r10),%xmm1 + por %xmm0,%xmm4 + pand 416(%r10),%xmm2 + por %xmm1,%xmm5 + pand 432(%r10),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 + movdqa 64(%rdi),%xmm0 + movdqa 80(%rdi),%xmm1 + movdqa 96(%rdi),%xmm2 + pand 448(%r10),%xmm0 + movdqa 112(%rdi),%xmm3 + pand 464(%r10),%xmm1 + por %xmm0,%xmm4 + pand 480(%r10),%xmm2 + por %xmm1,%xmm5 + pand 496(%r10),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 + por %xmm5,%xmm4 + pshufd $0x4e,%xmm4,%xmm0 + por %xmm4,%xmm0 + leaq 256(%rdi),%rdi +.byte 102,72,15,126,194 + + movq %rbp,(%rbx) + leaq 32(%rbx,%rax,1),%rbx + mulxq 0(%rsi),%r8,%r11 + xorq %rbp,%rbp + movq %rdx,%r9 + mulxq 8(%rsi),%r14,%r12 + adoxq -32(%rbx),%r8 + adcxq %r14,%r11 + mulxq 16(%rsi),%r15,%r13 + adoxq -24(%rbx),%r11 + adcxq %r15,%r12 + mulxq 24(%rsi),%rdx,%r14 + adoxq -16(%rbx),%r12 + adcxq %rdx,%r13 + leaq (%rcx,%rax,1),%rcx + leaq 32(%rsi),%rsi + adoxq -8(%rbx),%r13 + adcxq %rbp,%r14 + adoxq %rbp,%r14 + + movq %r8,%r15 + imulq 32+8(%rsp),%r8 + + movq %r8,%rdx + xorq %rbp,%rbp + movq %rdi,8+8(%rsp) + + mulxq 0(%rcx),%rax,%r10 + adcxq %rax,%r15 + adoxq %r11,%r10 + mulxq 8(%rcx),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 + mulxq 16(%rcx),%rax,%r12 + adcxq %rax,%r11 + adoxq %r13,%r12 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq 24+8(%rsp),%rdi + movq %r10,-32(%rbx) + adcxq %rax,%r12 + movq %r11,-24(%rbx) + adoxq %rbp,%r15 + movq %r12,-16(%rbx) + leaq 32(%rcx),%rcx + jmp .Lmulx4x_inner + +.align 32 +.Lmulx4x_inner: + mulxq 0(%rsi),%r10,%rax + adcxq %rbp,%r15 + adoxq %r14,%r10 + mulxq 8(%rsi),%r11,%r14 + adcxq 0(%rbx),%r10 + adoxq %rax,%r11 + mulxq 16(%rsi),%r12,%rax + adcxq 8(%rbx),%r11 + adoxq %r14,%r12 + mulxq 24(%rsi),%r13,%r14 + movq %r8,%rdx + adcxq 16(%rbx),%r12 + adoxq %rax,%r13 + adcxq 24(%rbx),%r13 + adoxq %rbp,%r14 + leaq 32(%rsi),%rsi + leaq 32(%rbx),%rbx + adcxq %rbp,%r14 + + adoxq %r15,%r10 + mulxq 0(%rcx),%rax,%r15 + adcxq %rax,%r10 + adoxq %r15,%r11 + mulxq 8(%rcx),%rax,%r15 + adcxq %rax,%r11 + adoxq %r15,%r12 + mulxq 16(%rcx),%rax,%r15 + movq %r10,-40(%rbx) + adcxq %rax,%r12 + adoxq %r15,%r13 + movq %r11,-32(%rbx) + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + leaq 32(%rcx),%rcx + movq %r12,-24(%rbx) + adcxq %rax,%r13 + adoxq %rbp,%r15 + movq %r13,-16(%rbx) + + decq %rdi + jnz .Lmulx4x_inner + + movq 0+8(%rsp),%rax + adcq %rbp,%r15 + subq 0(%rbx),%rdi + movq 8+8(%rsp),%rdi + movq 16+8(%rsp),%r10 + adcq %r15,%r14 + leaq (%rsi,%rax,1),%rsi + adcq %rbp,%rbp + movq %r14,-8(%rbx) + + cmpq %r10,%rdi + jb .Lmulx4x_outer + + movq -8(%rcx),%r10 + movq %rbp,%r8 + movq (%rcx,%rax,1),%r12 + leaq (%rcx,%rax,1),%rbp + movq %rax,%rcx + leaq (%rbx,%rax,1),%rdi + xorl %eax,%eax + xorq %r15,%r15 + subq %r14,%r10 + adcq %r15,%r15 + orq %r15,%r8 + sarq $3+2,%rcx + subq %r8,%rax + movq 56+8(%rsp),%rdx + decq %r12 + movq 8(%rbp),%r13 + xorq %r8,%r8 + movq 16(%rbp),%r14 + movq 24(%rbp),%r15 + jmp .Lsqrx4x_sub_entry +.size mulx4x_internal,.-mulx4x_internal +.type bn_powerx5,@function +.align 32 +bn_powerx5: +.cfi_startproc + movq %rsp,%rax +.cfi_def_cfa_register %rax +.Lpowerx5_enter: + pushq %rbx +.cfi_offset %rbx,-16 + pushq %rbp +.cfi_offset %rbp,-24 + pushq %r12 +.cfi_offset %r12,-32 + pushq %r13 +.cfi_offset %r13,-40 + pushq %r14 +.cfi_offset %r14,-48 + pushq %r15 +.cfi_offset %r15,-56 +.Lpowerx5_prologue: + + shll $3,%r9d + leaq (%r9,%r9,2),%r10 + negq %r9 + movq (%r8),%r8 + + + + + + + + + leaq -320(%rsp,%r9,2),%r11 + movq %rsp,%rbp + subq %rdi,%r11 + andq $4095,%r11 + cmpq %r11,%r10 + jb .Lpwrx_sp_alt + subq %r11,%rbp + leaq -320(%rbp,%r9,2),%rbp + jmp .Lpwrx_sp_done + +.align 32 +.Lpwrx_sp_alt: + leaq 4096-320(,%r9,2),%r10 + leaq -320(%rbp,%r9,2),%rbp + subq %r10,%r11 + movq $0,%r10 + cmovcq %r10,%r11 + subq %r11,%rbp +.Lpwrx_sp_done: + andq $-64,%rbp + movq %rsp,%r11 + subq %rbp,%r11 + andq $-4096,%r11 + leaq (%r11,%rbp,1),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja .Lpwrx_page_walk + jmp .Lpwrx_page_walk_done + +.Lpwrx_page_walk: + leaq -4096(%rsp),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja .Lpwrx_page_walk +.Lpwrx_page_walk_done: + + movq %r9,%r10 + negq %r9 + + + + + + + + + + + + + pxor %xmm0,%xmm0 +.byte 102,72,15,110,207 +.byte 102,72,15,110,209 +.byte 102,73,15,110,218 +.byte 102,72,15,110,226 + movq %r8,32(%rsp) + movq %rax,40(%rsp) +.cfi_escape 0x0f,0x05,0x77,0x28,0x06,0x23,0x08 +.Lpowerx5_body: + + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + + movq %r10,%r9 + movq %rsi,%rdi +.byte 102,72,15,126,209 +.byte 102,72,15,126,226 + movq 40(%rsp),%rax + + call mulx4x_internal + + movq 40(%rsp),%rsi +.cfi_def_cfa %rsi,8 + movq $1,%rax + + movq -48(%rsi),%r15 +.cfi_restore %r15 + movq -40(%rsi),%r14 +.cfi_restore %r14 + movq -32(%rsi),%r13 +.cfi_restore %r13 + movq -24(%rsi),%r12 +.cfi_restore %r12 + movq -16(%rsi),%rbp +.cfi_restore %rbp + movq -8(%rsi),%rbx +.cfi_restore %rbx + leaq (%rsi),%rsp +.cfi_def_cfa_register %rsp +.Lpowerx5_epilogue: + .byte 0xf3,0xc3 +.cfi_endproc +.size bn_powerx5,.-bn_powerx5 + +.globl bn_sqrx8x_internal +.hidden bn_sqrx8x_internal +.hidden bn_sqrx8x_internal +.type bn_sqrx8x_internal,@function +.align 32 +bn_sqrx8x_internal: +__bn_sqrx8x_internal: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + leaq 48+8(%rsp),%rdi + leaq (%rsi,%r9,1),%rbp + movq %r9,0+8(%rsp) + movq %rbp,8+8(%rsp) + jmp .Lsqr8x_zero_start + +.align 32 +.byte 0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00 +.Lsqrx8x_zero: +.byte 0x3e + movdqa %xmm0,0(%rdi) + movdqa %xmm0,16(%rdi) + movdqa %xmm0,32(%rdi) + movdqa %xmm0,48(%rdi) +.Lsqr8x_zero_start: + movdqa %xmm0,64(%rdi) + movdqa %xmm0,80(%rdi) + movdqa %xmm0,96(%rdi) + movdqa %xmm0,112(%rdi) + leaq 128(%rdi),%rdi + subq $64,%r9 + jnz .Lsqrx8x_zero + + movq 0(%rsi),%rdx + + xorq %r10,%r10 + xorq %r11,%r11 + xorq %r12,%r12 + xorq %r13,%r13 + xorq %r14,%r14 + xorq %r15,%r15 + leaq 48+8(%rsp),%rdi + xorq %rbp,%rbp + jmp .Lsqrx8x_outer_loop + +.align 32 +.Lsqrx8x_outer_loop: + mulxq 8(%rsi),%r8,%rax + adcxq %r9,%r8 + adoxq %rax,%r10 + mulxq 16(%rsi),%r9,%rax + adcxq %r10,%r9 + adoxq %rax,%r11 +.byte 0xc4,0xe2,0xab,0xf6,0x86,0x18,0x00,0x00,0x00 + adcxq %r11,%r10 + adoxq %rax,%r12 +.byte 0xc4,0xe2,0xa3,0xf6,0x86,0x20,0x00,0x00,0x00 + adcxq %r12,%r11 + adoxq %rax,%r13 + mulxq 40(%rsi),%r12,%rax + adcxq %r13,%r12 + adoxq %rax,%r14 + mulxq 48(%rsi),%r13,%rax + adcxq %r14,%r13 + adoxq %r15,%rax + mulxq 56(%rsi),%r14,%r15 + movq 8(%rsi),%rdx + adcxq %rax,%r14 + adoxq %rbp,%r15 + adcq 64(%rdi),%r15 + movq %r8,8(%rdi) + movq %r9,16(%rdi) + sbbq %rcx,%rcx + xorq %rbp,%rbp + + + mulxq 16(%rsi),%r8,%rbx + mulxq 24(%rsi),%r9,%rax + adcxq %r10,%r8 + adoxq %rbx,%r9 + mulxq 32(%rsi),%r10,%rbx + adcxq %r11,%r9 + adoxq %rax,%r10 +.byte 0xc4,0xe2,0xa3,0xf6,0x86,0x28,0x00,0x00,0x00 + adcxq %r12,%r10 + adoxq %rbx,%r11 +.byte 0xc4,0xe2,0x9b,0xf6,0x9e,0x30,0x00,0x00,0x00 + adcxq %r13,%r11 + adoxq %r14,%r12 +.byte 0xc4,0x62,0x93,0xf6,0xb6,0x38,0x00,0x00,0x00 + movq 16(%rsi),%rdx + adcxq %rax,%r12 + adoxq %rbx,%r13 + adcxq %r15,%r13 + adoxq %rbp,%r14 + adcxq %rbp,%r14 + + movq %r8,24(%rdi) + movq %r9,32(%rdi) + + mulxq 24(%rsi),%r8,%rbx + mulxq 32(%rsi),%r9,%rax + adcxq %r10,%r8 + adoxq %rbx,%r9 + mulxq 40(%rsi),%r10,%rbx + adcxq %r11,%r9 + adoxq %rax,%r10 +.byte 0xc4,0xe2,0xa3,0xf6,0x86,0x30,0x00,0x00,0x00 + adcxq %r12,%r10 + adoxq %r13,%r11 +.byte 0xc4,0x62,0x9b,0xf6,0xae,0x38,0x00,0x00,0x00 +.byte 0x3e + movq 24(%rsi),%rdx + adcxq %rbx,%r11 + adoxq %rax,%r12 + adcxq %r14,%r12 + movq %r8,40(%rdi) + movq %r9,48(%rdi) + mulxq 32(%rsi),%r8,%rax + adoxq %rbp,%r13 + adcxq %rbp,%r13 + + mulxq 40(%rsi),%r9,%rbx + adcxq %r10,%r8 + adoxq %rax,%r9 + mulxq 48(%rsi),%r10,%rax + adcxq %r11,%r9 + adoxq %r12,%r10 + mulxq 56(%rsi),%r11,%r12 + movq 32(%rsi),%rdx + movq 40(%rsi),%r14 + adcxq %rbx,%r10 + adoxq %rax,%r11 + movq 48(%rsi),%r15 + adcxq %r13,%r11 + adoxq %rbp,%r12 + adcxq %rbp,%r12 + + movq %r8,56(%rdi) + movq %r9,64(%rdi) + + mulxq %r14,%r9,%rax + movq 56(%rsi),%r8 + adcxq %r10,%r9 + mulxq %r15,%r10,%rbx + adoxq %rax,%r10 + adcxq %r11,%r10 + mulxq %r8,%r11,%rax + movq %r14,%rdx + adoxq %rbx,%r11 + adcxq %r12,%r11 + + adcxq %rbp,%rax + + mulxq %r15,%r14,%rbx + mulxq %r8,%r12,%r13 + movq %r15,%rdx + leaq 64(%rsi),%rsi + adcxq %r14,%r11 + adoxq %rbx,%r12 + adcxq %rax,%r12 + adoxq %rbp,%r13 + +.byte 0x67,0x67 + mulxq %r8,%r8,%r14 + adcxq %r8,%r13 + adcxq %rbp,%r14 + + cmpq 8+8(%rsp),%rsi + je .Lsqrx8x_outer_break + + negq %rcx + movq $-8,%rcx + movq %rbp,%r15 + movq 64(%rdi),%r8 + adcxq 72(%rdi),%r9 + adcxq 80(%rdi),%r10 + adcxq 88(%rdi),%r11 + adcq 96(%rdi),%r12 + adcq 104(%rdi),%r13 + adcq 112(%rdi),%r14 + adcq 120(%rdi),%r15 + leaq (%rsi),%rbp + leaq 128(%rdi),%rdi + sbbq %rax,%rax + + movq -64(%rsi),%rdx + movq %rax,16+8(%rsp) + movq %rdi,24+8(%rsp) + + + xorl %eax,%eax + jmp .Lsqrx8x_loop + +.align 32 +.Lsqrx8x_loop: + movq %r8,%rbx + mulxq 0(%rbp),%rax,%r8 + adcxq %rax,%rbx + adoxq %r9,%r8 + + mulxq 8(%rbp),%rax,%r9 + adcxq %rax,%r8 + adoxq %r10,%r9 + + mulxq 16(%rbp),%rax,%r10 + adcxq %rax,%r9 + adoxq %r11,%r10 + + mulxq 24(%rbp),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 + +.byte 0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00 + adcxq %rax,%r11 + adoxq %r13,%r12 + + mulxq 40(%rbp),%rax,%r13 + adcxq %rax,%r12 + adoxq %r14,%r13 + + mulxq 48(%rbp),%rax,%r14 + movq %rbx,(%rdi,%rcx,8) + movl $0,%ebx + adcxq %rax,%r13 + adoxq %r15,%r14 + +.byte 0xc4,0x62,0xfb,0xf6,0xbd,0x38,0x00,0x00,0x00 + movq 8(%rsi,%rcx,8),%rdx + adcxq %rax,%r14 + adoxq %rbx,%r15 + adcxq %rbx,%r15 + +.byte 0x67 + incq %rcx + jnz .Lsqrx8x_loop + + leaq 64(%rbp),%rbp + movq $-8,%rcx + cmpq 8+8(%rsp),%rbp + je .Lsqrx8x_break + + subq 16+8(%rsp),%rbx +.byte 0x66 + movq -64(%rsi),%rdx + adcxq 0(%rdi),%r8 + adcxq 8(%rdi),%r9 + adcq 16(%rdi),%r10 + adcq 24(%rdi),%r11 + adcq 32(%rdi),%r12 + adcq 40(%rdi),%r13 + adcq 48(%rdi),%r14 + adcq 56(%rdi),%r15 + leaq 64(%rdi),%rdi +.byte 0x67 + sbbq %rax,%rax + xorl %ebx,%ebx + movq %rax,16+8(%rsp) + jmp .Lsqrx8x_loop + +.align 32 +.Lsqrx8x_break: + xorq %rbp,%rbp + subq 16+8(%rsp),%rbx + adcxq %rbp,%r8 + movq 24+8(%rsp),%rcx + adcxq %rbp,%r9 + movq 0(%rsi),%rdx + adcq $0,%r10 + movq %r8,0(%rdi) + adcq $0,%r11 + adcq $0,%r12 + adcq $0,%r13 + adcq $0,%r14 + adcq $0,%r15 + cmpq %rcx,%rdi + je .Lsqrx8x_outer_loop + + movq %r9,8(%rdi) + movq 8(%rcx),%r9 + movq %r10,16(%rdi) + movq 16(%rcx),%r10 + movq %r11,24(%rdi) + movq 24(%rcx),%r11 + movq %r12,32(%rdi) + movq 32(%rcx),%r12 + movq %r13,40(%rdi) + movq 40(%rcx),%r13 + movq %r14,48(%rdi) + movq 48(%rcx),%r14 + movq %r15,56(%rdi) + movq 56(%rcx),%r15 + movq %rcx,%rdi + jmp .Lsqrx8x_outer_loop + +.align 32 +.Lsqrx8x_outer_break: + movq %r9,72(%rdi) +.byte 102,72,15,126,217 + movq %r10,80(%rdi) + movq %r11,88(%rdi) + movq %r12,96(%rdi) + movq %r13,104(%rdi) + movq %r14,112(%rdi) + leaq 48+8(%rsp),%rdi + movq (%rsi,%rcx,1),%rdx + + movq 8(%rdi),%r11 + xorq %r10,%r10 + movq 0+8(%rsp),%r9 + adoxq %r11,%r11 + movq 16(%rdi),%r12 + movq 24(%rdi),%r13 + + +.align 32 +.Lsqrx4x_shift_n_add: + mulxq %rdx,%rax,%rbx + adoxq %r12,%r12 + adcxq %r10,%rax +.byte 0x48,0x8b,0x94,0x0e,0x08,0x00,0x00,0x00 +.byte 0x4c,0x8b,0x97,0x20,0x00,0x00,0x00 + adoxq %r13,%r13 + adcxq %r11,%rbx + movq 40(%rdi),%r11 + movq %rax,0(%rdi) + movq %rbx,8(%rdi) + + mulxq %rdx,%rax,%rbx + adoxq %r10,%r10 + adcxq %r12,%rax + movq 16(%rsi,%rcx,1),%rdx + movq 48(%rdi),%r12 + adoxq %r11,%r11 + adcxq %r13,%rbx + movq 56(%rdi),%r13 + movq %rax,16(%rdi) + movq %rbx,24(%rdi) + + mulxq %rdx,%rax,%rbx + adoxq %r12,%r12 + adcxq %r10,%rax + movq 24(%rsi,%rcx,1),%rdx + leaq 32(%rcx),%rcx + movq 64(%rdi),%r10 + adoxq %r13,%r13 + adcxq %r11,%rbx + movq 72(%rdi),%r11 + movq %rax,32(%rdi) + movq %rbx,40(%rdi) + + mulxq %rdx,%rax,%rbx + adoxq %r10,%r10 + adcxq %r12,%rax + jrcxz .Lsqrx4x_shift_n_add_break +.byte 0x48,0x8b,0x94,0x0e,0x00,0x00,0x00,0x00 + adoxq %r11,%r11 + adcxq %r13,%rbx + movq 80(%rdi),%r12 + movq 88(%rdi),%r13 + movq %rax,48(%rdi) + movq %rbx,56(%rdi) + leaq 64(%rdi),%rdi + nop + jmp .Lsqrx4x_shift_n_add + +.align 32 +.Lsqrx4x_shift_n_add_break: + adcxq %r13,%rbx + movq %rax,48(%rdi) + movq %rbx,56(%rdi) + leaq 64(%rdi),%rdi +.byte 102,72,15,126,213 +__bn_sqrx8x_reduction: + xorl %eax,%eax + movq 32+8(%rsp),%rbx + movq 48+8(%rsp),%rdx + leaq -64(%rbp,%r9,1),%rcx + + movq %rcx,0+8(%rsp) + movq %rdi,8+8(%rsp) + + leaq 48+8(%rsp),%rdi + jmp .Lsqrx8x_reduction_loop + +.align 32 +.Lsqrx8x_reduction_loop: + movq 8(%rdi),%r9 + movq 16(%rdi),%r10 + movq 24(%rdi),%r11 + movq 32(%rdi),%r12 + movq %rdx,%r8 + imulq %rbx,%rdx + movq 40(%rdi),%r13 + movq 48(%rdi),%r14 + movq 56(%rdi),%r15 + movq %rax,24+8(%rsp) + + leaq 64(%rdi),%rdi + xorq %rsi,%rsi + movq $-8,%rcx + jmp .Lsqrx8x_reduce + +.align 32 +.Lsqrx8x_reduce: + movq %r8,%rbx + mulxq 0(%rbp),%rax,%r8 + adcxq %rbx,%rax + adoxq %r9,%r8 + + mulxq 8(%rbp),%rbx,%r9 + adcxq %rbx,%r8 + adoxq %r10,%r9 + + mulxq 16(%rbp),%rbx,%r10 + adcxq %rbx,%r9 + adoxq %r11,%r10 + + mulxq 24(%rbp),%rbx,%r11 + adcxq %rbx,%r10 + adoxq %r12,%r11 + +.byte 0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00 + movq %rdx,%rax + movq %r8,%rdx + adcxq %rbx,%r11 + adoxq %r13,%r12 + + mulxq 32+8(%rsp),%rbx,%rdx + movq %rax,%rdx + movq %rax,64+48+8(%rsp,%rcx,8) + + mulxq 40(%rbp),%rax,%r13 + adcxq %rax,%r12 + adoxq %r14,%r13 + + mulxq 48(%rbp),%rax,%r14 + adcxq %rax,%r13 + adoxq %r15,%r14 + + mulxq 56(%rbp),%rax,%r15 + movq %rbx,%rdx + adcxq %rax,%r14 + adoxq %rsi,%r15 + adcxq %rsi,%r15 + +.byte 0x67,0x67,0x67 + incq %rcx + jnz .Lsqrx8x_reduce + + movq %rsi,%rax + cmpq 0+8(%rsp),%rbp + jae .Lsqrx8x_no_tail + + movq 48+8(%rsp),%rdx + addq 0(%rdi),%r8 + leaq 64(%rbp),%rbp + movq $-8,%rcx + adcxq 8(%rdi),%r9 + adcxq 16(%rdi),%r10 + adcq 24(%rdi),%r11 + adcq 32(%rdi),%r12 + adcq 40(%rdi),%r13 + adcq 48(%rdi),%r14 + adcq 56(%rdi),%r15 + leaq 64(%rdi),%rdi + sbbq %rax,%rax + + xorq %rsi,%rsi + movq %rax,16+8(%rsp) + jmp .Lsqrx8x_tail + +.align 32 +.Lsqrx8x_tail: + movq %r8,%rbx + mulxq 0(%rbp),%rax,%r8 + adcxq %rax,%rbx + adoxq %r9,%r8 + + mulxq 8(%rbp),%rax,%r9 + adcxq %rax,%r8 + adoxq %r10,%r9 + + mulxq 16(%rbp),%rax,%r10 + adcxq %rax,%r9 + adoxq %r11,%r10 + + mulxq 24(%rbp),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 + +.byte 0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00 + adcxq %rax,%r11 + adoxq %r13,%r12 + + mulxq 40(%rbp),%rax,%r13 + adcxq %rax,%r12 + adoxq %r14,%r13 + + mulxq 48(%rbp),%rax,%r14 + adcxq %rax,%r13 + adoxq %r15,%r14 + + mulxq 56(%rbp),%rax,%r15 + movq 72+48+8(%rsp,%rcx,8),%rdx + adcxq %rax,%r14 + adoxq %rsi,%r15 + movq %rbx,(%rdi,%rcx,8) + movq %r8,%rbx + adcxq %rsi,%r15 + + incq %rcx + jnz .Lsqrx8x_tail + + cmpq 0+8(%rsp),%rbp + jae .Lsqrx8x_tail_done + + subq 16+8(%rsp),%rsi + movq 48+8(%rsp),%rdx + leaq 64(%rbp),%rbp + adcq 0(%rdi),%r8 + adcq 8(%rdi),%r9 + adcq 16(%rdi),%r10 + adcq 24(%rdi),%r11 + adcq 32(%rdi),%r12 + adcq 40(%rdi),%r13 + adcq 48(%rdi),%r14 + adcq 56(%rdi),%r15 + leaq 64(%rdi),%rdi + sbbq %rax,%rax + subq $8,%rcx + + xorq %rsi,%rsi + movq %rax,16+8(%rsp) + jmp .Lsqrx8x_tail + +.align 32 +.Lsqrx8x_tail_done: + xorq %rax,%rax + addq 24+8(%rsp),%r8 + adcq $0,%r9 + adcq $0,%r10 + adcq $0,%r11 + adcq $0,%r12 + adcq $0,%r13 + adcq $0,%r14 + adcq $0,%r15 + adcq $0,%rax + + subq 16+8(%rsp),%rsi +.Lsqrx8x_no_tail: + adcq 0(%rdi),%r8 +.byte 102,72,15,126,217 + adcq 8(%rdi),%r9 + movq 56(%rbp),%rsi +.byte 102,72,15,126,213 + adcq 16(%rdi),%r10 + adcq 24(%rdi),%r11 + adcq 32(%rdi),%r12 + adcq 40(%rdi),%r13 + adcq 48(%rdi),%r14 + adcq 56(%rdi),%r15 + adcq $0,%rax + + movq 32+8(%rsp),%rbx + movq 64(%rdi,%rcx,1),%rdx + + movq %r8,0(%rdi) + leaq 64(%rdi),%r8 + movq %r9,8(%rdi) + movq %r10,16(%rdi) + movq %r11,24(%rdi) + movq %r12,32(%rdi) + movq %r13,40(%rdi) + movq %r14,48(%rdi) + movq %r15,56(%rdi) + + leaq 64(%rdi,%rcx,1),%rdi + cmpq 8+8(%rsp),%r8 + jb .Lsqrx8x_reduction_loop + .byte 0xf3,0xc3 +.size bn_sqrx8x_internal,.-bn_sqrx8x_internal +.align 32 +__bn_postx4x_internal: + movq 0(%rbp),%r12 + movq %rcx,%r10 + movq %rcx,%r9 + negq %rax + sarq $3+2,%rcx + +.byte 102,72,15,126,202 +.byte 102,72,15,126,206 + decq %r12 + movq 8(%rbp),%r13 + xorq %r8,%r8 + movq 16(%rbp),%r14 + movq 24(%rbp),%r15 + jmp .Lsqrx4x_sub_entry + +.align 16 +.Lsqrx4x_sub: + movq 0(%rbp),%r12 + movq 8(%rbp),%r13 + movq 16(%rbp),%r14 + movq 24(%rbp),%r15 +.Lsqrx4x_sub_entry: + andnq %rax,%r12,%r12 + leaq 32(%rbp),%rbp + andnq %rax,%r13,%r13 + andnq %rax,%r14,%r14 + andnq %rax,%r15,%r15 + + negq %r8 + adcq 0(%rdi),%r12 + adcq 8(%rdi),%r13 + adcq 16(%rdi),%r14 + adcq 24(%rdi),%r15 + movq %r12,0(%rdx) + leaq 32(%rdi),%rdi + movq %r13,8(%rdx) + sbbq %r8,%r8 + movq %r14,16(%rdx) + movq %r15,24(%rdx) + leaq 32(%rdx),%rdx + + incq %rcx + jnz .Lsqrx4x_sub + + negq %r9 + + .byte 0xf3,0xc3 +.size __bn_postx4x_internal,.-__bn_postx4x_internal .globl bn_scatter5 .hidden bn_scatter5 .type bn_scatter5,@function diff --git a/third_party/boringssl/mac-x86/crypto/fipsmodule/x86-mont.S b/third_party/boringssl/mac-x86/crypto/fipsmodule/x86-mont.S index e7353ae252..3b1954d71a 100644 --- a/third_party/boringssl/mac-x86/crypto/fipsmodule/x86-mont.S +++ b/third_party/boringssl/mac-x86/crypto/fipsmodule/x86-mont.S @@ -445,16 +445,18 @@ L017sub: leal 1(%edx),%edx jge L017sub sbbl $0,%eax - andl %eax,%esi - notl %eax - movl %edi,%ebp - andl %eax,%ebp - orl %ebp,%esi + movl $-1,%edx + xorl %eax,%edx + jmp L018copy .align 4,0x90 L018copy: - movl (%esi,%ebx,4),%eax - movl %eax,(%edi,%ebx,4) + movl 32(%esp,%ebx,4),%esi + movl (%edi,%ebx,4),%ebp movl %ecx,32(%esp,%ebx,4) + andl %eax,%esi + andl %edx,%ebp + orl %esi,%ebp + movl %ebp,(%edi,%ebx,4) decl %ebx jge L018copy movl 24(%esp),%esp diff --git a/third_party/boringssl/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S b/third_party/boringssl/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S index bc66e99b26..13658931c1 100644 --- a/third_party/boringssl/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S +++ b/third_party/boringssl/mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S @@ -90,6 +90,11 @@ L$neg_epilogue: .p2align 5 _ecp_nistz256_ord_mul_mont: + leaq _OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx + cmpl $0x80100,%ecx + je L$ecp_nistz256_ord_mul_montx pushq %rbp pushq %rbx @@ -413,6 +418,11 @@ L$ord_mul_epilogue: .p2align 5 _ecp_nistz256_ord_sqr_mont: + leaq _OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx + cmpl $0x80100,%ecx + je L$ecp_nistz256_ord_sqr_montx pushq %rbp pushq %rbx @@ -695,6 +705,450 @@ L$ord_sqr_epilogue: +.p2align 5 +ecp_nistz256_ord_mul_montx: + +L$ecp_nistz256_ord_mul_montx: + pushq %rbp + + pushq %rbx + + pushq %r12 + + pushq %r13 + + pushq %r14 + + pushq %r15 + +L$ord_mulx_body: + + movq %rdx,%rbx + movq 0(%rdx),%rdx + movq 0(%rsi),%r9 + movq 8(%rsi),%r10 + movq 16(%rsi),%r11 + movq 24(%rsi),%r12 + leaq -128(%rsi),%rsi + leaq L$ord-128(%rip),%r14 + movq L$ordK(%rip),%r15 + + + mulxq %r9,%r8,%r9 + mulxq %r10,%rcx,%r10 + mulxq %r11,%rbp,%r11 + addq %rcx,%r9 + mulxq %r12,%rcx,%r12 + movq %r8,%rdx + mulxq %r15,%rdx,%rax + adcq %rbp,%r10 + adcq %rcx,%r11 + adcq $0,%r12 + + + xorq %r13,%r13 + mulxq 0+128(%r14),%rcx,%rbp + adcxq %rcx,%r8 + adoxq %rbp,%r9 + + mulxq 8+128(%r14),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + + mulxq 16+128(%r14),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 24+128(%r14),%rcx,%rbp + movq 8(%rbx),%rdx + adcxq %rcx,%r11 + adoxq %rbp,%r12 + adcxq %r8,%r12 + adoxq %r8,%r13 + adcq $0,%r13 + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r9,%rdx + mulxq %r15,%rdx,%rax + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + adcxq %r8,%r13 + adoxq %r8,%r8 + adcq $0,%r8 + + + mulxq 0+128(%r14),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + + mulxq 8+128(%r14),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 16+128(%r14),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 24+128(%r14),%rcx,%rbp + movq 16(%rbx),%rdx + adcxq %rcx,%r12 + adoxq %rbp,%r13 + adcxq %r9,%r13 + adoxq %r9,%r8 + adcq $0,%r8 + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r10,%rdx + mulxq %r15,%rdx,%rax + adcxq %rcx,%r13 + adoxq %rbp,%r8 + + adcxq %r9,%r8 + adoxq %r9,%r9 + adcq $0,%r9 + + + mulxq 0+128(%r14),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 8+128(%r14),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 16+128(%r14),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 24+128(%r14),%rcx,%rbp + movq 24(%rbx),%rdx + adcxq %rcx,%r13 + adoxq %rbp,%r8 + adcxq %r10,%r8 + adoxq %r10,%r9 + adcq $0,%r9 + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r13 + adoxq %rbp,%r8 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r11,%rdx + mulxq %r15,%rdx,%rax + adcxq %rcx,%r8 + adoxq %rbp,%r9 + + adcxq %r10,%r9 + adoxq %r10,%r10 + adcq $0,%r10 + + + mulxq 0+128(%r14),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 8+128(%r14),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 16+128(%r14),%rcx,%rbp + adcxq %rcx,%r13 + adoxq %rbp,%r8 + + mulxq 24+128(%r14),%rcx,%rbp + leaq 128(%r14),%r14 + movq %r12,%rbx + adcxq %rcx,%r8 + adoxq %rbp,%r9 + movq %r13,%rdx + adcxq %r11,%r9 + adoxq %r11,%r10 + adcq $0,%r10 + + + + movq %r8,%rcx + subq 0(%r14),%r12 + sbbq 8(%r14),%r13 + sbbq 16(%r14),%r8 + movq %r9,%rbp + sbbq 24(%r14),%r9 + sbbq $0,%r10 + + cmovcq %rbx,%r12 + cmovcq %rdx,%r13 + cmovcq %rcx,%r8 + cmovcq %rbp,%r9 + + movq %r12,0(%rdi) + movq %r13,8(%rdi) + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + movq 0(%rsp),%r15 + + movq 8(%rsp),%r14 + + movq 16(%rsp),%r13 + + movq 24(%rsp),%r12 + + movq 32(%rsp),%rbx + + movq 40(%rsp),%rbp + + leaq 48(%rsp),%rsp + +L$ord_mulx_epilogue: + .byte 0xf3,0xc3 + + + + +.p2align 5 +ecp_nistz256_ord_sqr_montx: + +L$ecp_nistz256_ord_sqr_montx: + pushq %rbp + + pushq %rbx + + pushq %r12 + + pushq %r13 + + pushq %r14 + + pushq %r15 + +L$ord_sqrx_body: + + movq %rdx,%rbx + movq 0(%rsi),%rdx + movq 8(%rsi),%r14 + movq 16(%rsi),%r15 + movq 24(%rsi),%r8 + leaq L$ord(%rip),%rsi + jmp L$oop_ord_sqrx + +.p2align 5 +L$oop_ord_sqrx: + mulxq %r14,%r9,%r10 + mulxq %r15,%rcx,%r11 + movq %rdx,%rax +.byte 102,73,15,110,206 + mulxq %r8,%rbp,%r12 + movq %r14,%rdx + addq %rcx,%r10 +.byte 102,73,15,110,215 + adcq %rbp,%r11 + adcq $0,%r12 + xorq %r13,%r13 + + mulxq %r15,%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq %r8,%rcx,%rbp + movq %r15,%rdx + adcxq %rcx,%r12 + adoxq %rbp,%r13 + adcq $0,%r13 + + mulxq %r8,%rcx,%r14 + movq %rax,%rdx +.byte 102,73,15,110,216 + xorq %r15,%r15 + adcxq %r9,%r9 + adoxq %rcx,%r13 + adcxq %r10,%r10 + adoxq %r15,%r14 + + + mulxq %rdx,%r8,%rbp +.byte 102,72,15,126,202 + adcxq %r11,%r11 + adoxq %rbp,%r9 + adcxq %r12,%r12 + mulxq %rdx,%rcx,%rax +.byte 102,72,15,126,210 + adcxq %r13,%r13 + adoxq %rcx,%r10 + adcxq %r14,%r14 + mulxq %rdx,%rcx,%rbp +.byte 0x67 +.byte 102,72,15,126,218 + adoxq %rax,%r11 + adcxq %r15,%r15 + adoxq %rcx,%r12 + adoxq %rbp,%r13 + mulxq %rdx,%rcx,%rax + adoxq %rcx,%r14 + adoxq %rax,%r15 + + + movq %r8,%rdx + mulxq 32(%rsi),%rdx,%rcx + + xorq %rax,%rax + mulxq 0(%rsi),%rcx,%rbp + adcxq %rcx,%r8 + adoxq %rbp,%r9 + mulxq 8(%rsi),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + mulxq 16(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + mulxq 24(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r8 + adcxq %rax,%r8 + + + movq %r9,%rdx + mulxq 32(%rsi),%rdx,%rcx + + mulxq 0(%rsi),%rcx,%rbp + adoxq %rcx,%r9 + adcxq %rbp,%r10 + mulxq 8(%rsi),%rcx,%rbp + adoxq %rcx,%r10 + adcxq %rbp,%r11 + mulxq 16(%rsi),%rcx,%rbp + adoxq %rcx,%r11 + adcxq %rbp,%r8 + mulxq 24(%rsi),%rcx,%rbp + adoxq %rcx,%r8 + adcxq %rbp,%r9 + adoxq %rax,%r9 + + + movq %r10,%rdx + mulxq 32(%rsi),%rdx,%rcx + + mulxq 0(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + mulxq 8(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r8 + mulxq 16(%rsi),%rcx,%rbp + adcxq %rcx,%r8 + adoxq %rbp,%r9 + mulxq 24(%rsi),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + adcxq %rax,%r10 + + + movq %r11,%rdx + mulxq 32(%rsi),%rdx,%rcx + + mulxq 0(%rsi),%rcx,%rbp + adoxq %rcx,%r11 + adcxq %rbp,%r8 + mulxq 8(%rsi),%rcx,%rbp + adoxq %rcx,%r8 + adcxq %rbp,%r9 + mulxq 16(%rsi),%rcx,%rbp + adoxq %rcx,%r9 + adcxq %rbp,%r10 + mulxq 24(%rsi),%rcx,%rbp + adoxq %rcx,%r10 + adcxq %rbp,%r11 + adoxq %rax,%r11 + + + addq %r8,%r12 + adcq %r13,%r9 + movq %r12,%rdx + adcq %r14,%r10 + adcq %r15,%r11 + movq %r9,%r14 + adcq $0,%rax + + + subq 0(%rsi),%r12 + movq %r10,%r15 + sbbq 8(%rsi),%r9 + sbbq 16(%rsi),%r10 + movq %r11,%r8 + sbbq 24(%rsi),%r11 + sbbq $0,%rax + + cmovncq %r12,%rdx + cmovncq %r9,%r14 + cmovncq %r10,%r15 + cmovncq %r11,%r8 + + decq %rbx + jnz L$oop_ord_sqrx + + movq %rdx,0(%rdi) + movq %r14,8(%rdi) + pxor %xmm1,%xmm1 + movq %r15,16(%rdi) + pxor %xmm2,%xmm2 + movq %r8,24(%rdi) + pxor %xmm3,%xmm3 + + movq 0(%rsp),%r15 + + movq 8(%rsp),%r14 + + movq 16(%rsp),%r13 + + movq 24(%rsp),%r12 + + movq 32(%rsp),%rbx + + movq 40(%rsp),%rbp + + leaq 48(%rsp),%rsp + +L$ord_sqrx_epilogue: + .byte 0xf3,0xc3 + + + + @@ -705,6 +1159,9 @@ L$ord_sqr_epilogue: .p2align 5 _ecp_nistz256_mul_mont: + leaq _OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx L$mul_mont: pushq %rbp @@ -719,6 +1176,8 @@ L$mul_mont: pushq %r15 L$mul_body: + cmpl $0x80100,%ecx + je L$mul_montx movq %rdx,%rbx movq 0(%rdx),%rax movq 0(%rsi),%r9 @@ -727,6 +1186,19 @@ L$mul_body: movq 24(%rsi),%r12 call __ecp_nistz256_mul_montq + jmp L$mul_mont_done + +.p2align 5 +L$mul_montx: + movq %rdx,%rbx + movq 0(%rdx),%rdx + movq 0(%rsi),%r9 + movq 8(%rsi),%r10 + movq 16(%rsi),%r11 + movq 24(%rsi),%r12 + leaq -128(%rsi),%rsi + + call __ecp_nistz256_mul_montx L$mul_mont_done: movq 0(%rsp),%r15 @@ -976,6 +1448,9 @@ __ecp_nistz256_mul_montq: .p2align 5 _ecp_nistz256_sqr_mont: + leaq _OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx pushq %rbp pushq %rbx @@ -989,12 +1464,25 @@ _ecp_nistz256_sqr_mont: pushq %r15 L$sqr_body: + cmpl $0x80100,%ecx + je L$sqr_montx movq 0(%rsi),%rax movq 8(%rsi),%r14 movq 16(%rsi),%r15 movq 24(%rsi),%r8 call __ecp_nistz256_sqr_montq + jmp L$sqr_mont_done + +.p2align 5 +L$sqr_montx: + movq 0(%rsi),%rdx + movq 8(%rsi),%r14 + movq 16(%rsi),%r15 + movq 24(%rsi),%r8 + leaq -128(%rsi),%rsi + + call __ecp_nistz256_sqr_montx L$sqr_mont_done: movq 0(%rsp),%r15 @@ -1177,6 +1665,300 @@ __ecp_nistz256_sqr_montq: .byte 0xf3,0xc3 +.p2align 5 +__ecp_nistz256_mul_montx: + + + mulxq %r9,%r8,%r9 + mulxq %r10,%rcx,%r10 + movq $32,%r14 + xorq %r13,%r13 + mulxq %r11,%rbp,%r11 + movq L$poly+24(%rip),%r15 + adcq %rcx,%r9 + mulxq %r12,%rcx,%r12 + movq %r8,%rdx + adcq %rbp,%r10 + shlxq %r14,%r8,%rbp + adcq %rcx,%r11 + shrxq %r14,%r8,%rcx + adcq $0,%r12 + + + + addq %rbp,%r9 + adcq %rcx,%r10 + + mulxq %r15,%rcx,%rbp + movq 8(%rbx),%rdx + adcq %rcx,%r11 + adcq %rbp,%r12 + adcq $0,%r13 + xorq %r8,%r8 + + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r9,%rdx + adcxq %rcx,%r12 + shlxq %r14,%r9,%rcx + adoxq %rbp,%r13 + shrxq %r14,%r9,%rbp + + adcxq %r8,%r13 + adoxq %r8,%r8 + adcq $0,%r8 + + + + addq %rcx,%r10 + adcq %rbp,%r11 + + mulxq %r15,%rcx,%rbp + movq 16(%rbx),%rdx + adcq %rcx,%r12 + adcq %rbp,%r13 + adcq $0,%r8 + xorq %r9,%r9 + + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r10,%rdx + adcxq %rcx,%r13 + shlxq %r14,%r10,%rcx + adoxq %rbp,%r8 + shrxq %r14,%r10,%rbp + + adcxq %r9,%r8 + adoxq %r9,%r9 + adcq $0,%r9 + + + + addq %rcx,%r11 + adcq %rbp,%r12 + + mulxq %r15,%rcx,%rbp + movq 24(%rbx),%rdx + adcq %rcx,%r13 + adcq %rbp,%r8 + adcq $0,%r9 + xorq %r10,%r10 + + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r13 + adoxq %rbp,%r8 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r11,%rdx + adcxq %rcx,%r8 + shlxq %r14,%r11,%rcx + adoxq %rbp,%r9 + shrxq %r14,%r11,%rbp + + adcxq %r10,%r9 + adoxq %r10,%r10 + adcq $0,%r10 + + + + addq %rcx,%r12 + adcq %rbp,%r13 + + mulxq %r15,%rcx,%rbp + movq %r12,%rbx + movq L$poly+8(%rip),%r14 + adcq %rcx,%r8 + movq %r13,%rdx + adcq %rbp,%r9 + adcq $0,%r10 + + + + xorl %eax,%eax + movq %r8,%rcx + sbbq $-1,%r12 + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%rbp + sbbq %r15,%r9 + sbbq $0,%r10 + + cmovcq %rbx,%r12 + cmovcq %rdx,%r13 + movq %r12,0(%rdi) + cmovcq %rcx,%r8 + movq %r13,8(%rdi) + cmovcq %rbp,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_sqr_montx: + mulxq %r14,%r9,%r10 + mulxq %r15,%rcx,%r11 + xorl %eax,%eax + adcq %rcx,%r10 + mulxq %r8,%rbp,%r12 + movq %r14,%rdx + adcq %rbp,%r11 + adcq $0,%r12 + xorq %r13,%r13 + + + mulxq %r15,%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq %r8,%rcx,%rbp + movq %r15,%rdx + adcxq %rcx,%r12 + adoxq %rbp,%r13 + adcq $0,%r13 + + + mulxq %r8,%rcx,%r14 + movq 0+128(%rsi),%rdx + xorq %r15,%r15 + adcxq %r9,%r9 + adoxq %rcx,%r13 + adcxq %r10,%r10 + adoxq %r15,%r14 + + mulxq %rdx,%r8,%rbp + movq 8+128(%rsi),%rdx + adcxq %r11,%r11 + adoxq %rbp,%r9 + adcxq %r12,%r12 + mulxq %rdx,%rcx,%rax + movq 16+128(%rsi),%rdx + adcxq %r13,%r13 + adoxq %rcx,%r10 + adcxq %r14,%r14 +.byte 0x67 + mulxq %rdx,%rcx,%rbp + movq 24+128(%rsi),%rdx + adoxq %rax,%r11 + adcxq %r15,%r15 + adoxq %rcx,%r12 + movq $32,%rsi + adoxq %rbp,%r13 +.byte 0x67,0x67 + mulxq %rdx,%rcx,%rax + movq L$poly+24(%rip),%rdx + adoxq %rcx,%r14 + shlxq %rsi,%r8,%rcx + adoxq %rax,%r15 + shrxq %rsi,%r8,%rax + movq %rdx,%rbp + + + addq %rcx,%r9 + adcq %rax,%r10 + + mulxq %r8,%rcx,%r8 + adcq %rcx,%r11 + shlxq %rsi,%r9,%rcx + adcq $0,%r8 + shrxq %rsi,%r9,%rax + + + addq %rcx,%r10 + adcq %rax,%r11 + + mulxq %r9,%rcx,%r9 + adcq %rcx,%r8 + shlxq %rsi,%r10,%rcx + adcq $0,%r9 + shrxq %rsi,%r10,%rax + + + addq %rcx,%r11 + adcq %rax,%r8 + + mulxq %r10,%rcx,%r10 + adcq %rcx,%r9 + shlxq %rsi,%r11,%rcx + adcq $0,%r10 + shrxq %rsi,%r11,%rax + + + addq %rcx,%r8 + adcq %rax,%r9 + + mulxq %r11,%rcx,%r11 + adcq %rcx,%r10 + adcq $0,%r11 + + xorq %rdx,%rdx + addq %r8,%r12 + movq L$poly+8(%rip),%rsi + adcq %r9,%r13 + movq %r12,%r8 + adcq %r10,%r14 + adcq %r11,%r15 + movq %r13,%r9 + adcq $0,%rdx + + subq $-1,%r12 + movq %r14,%r10 + sbbq %rsi,%r13 + sbbq $0,%r14 + movq %r15,%r11 + sbbq %rbp,%r15 + sbbq $0,%rdx + + cmovcq %r8,%r12 + cmovcq %r9,%r13 + movq %r12,0(%rdi) + cmovcq %r10,%r14 + movq %r13,8(%rdi) + cmovcq %r11,%r15 + movq %r14,16(%rdi) + movq %r15,24(%rdi) + + .byte 0xf3,0xc3 + + .globl _ecp_nistz256_select_w5 .private_extern _ecp_nistz256_select_w5 @@ -1561,6 +2343,11 @@ __ecp_nistz256_mul_by_2q: .p2align 5 _ecp_nistz256_point_double: + leaq _OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx + cmpl $0x80100,%ecx + je L$point_doublex pushq %rbp pushq %rbx @@ -1784,6 +2571,11 @@ L$point_doubleq_epilogue: .p2align 5 _ecp_nistz256_point_add: + leaq _OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx + cmpl $0x80100,%ecx + je L$point_addx pushq %rbp pushq %rbx @@ -2201,6 +2993,11 @@ L$point_addq_epilogue: .p2align 5 _ecp_nistz256_point_add_affine: + leaq _OPENSSL_ia32cap_P(%rip),%rcx + movq 8(%rcx),%rcx + andl $0x80100,%ecx + cmpl $0x80100,%ecx + je L$point_add_affinex pushq %rbp pushq %rbx @@ -2518,4 +3315,1091 @@ L$add_affineq_epilogue: .byte 0xf3,0xc3 + +.p2align 5 +__ecp_nistz256_add_tox: + xorq %r11,%r11 + adcq 0(%rbx),%r12 + adcq 8(%rbx),%r13 + movq %r12,%rax + adcq 16(%rbx),%r8 + adcq 24(%rbx),%r9 + movq %r13,%rbp + adcq $0,%r11 + + xorq %r10,%r10 + sbbq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + sbbq $0,%r11 + + cmovcq %rax,%r12 + cmovcq %rbp,%r13 + movq %r12,0(%rdi) + cmovcq %rcx,%r8 + movq %r13,8(%rdi) + cmovcq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_sub_fromx: + xorq %r11,%r11 + sbbq 0(%rbx),%r12 + sbbq 8(%rbx),%r13 + movq %r12,%rax + sbbq 16(%rbx),%r8 + sbbq 24(%rbx),%r9 + movq %r13,%rbp + sbbq $0,%r11 + + xorq %r10,%r10 + adcq $-1,%r12 + movq %r8,%rcx + adcq %r14,%r13 + adcq $0,%r8 + movq %r9,%r10 + adcq %r15,%r9 + + btq $0,%r11 + cmovncq %rax,%r12 + cmovncq %rbp,%r13 + movq %r12,0(%rdi) + cmovncq %rcx,%r8 + movq %r13,8(%rdi) + cmovncq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_subx: + xorq %r11,%r11 + sbbq %r12,%rax + sbbq %r13,%rbp + movq %rax,%r12 + sbbq %r8,%rcx + sbbq %r9,%r10 + movq %rbp,%r13 + sbbq $0,%r11 + + xorq %r9,%r9 + adcq $-1,%rax + movq %rcx,%r8 + adcq %r14,%rbp + adcq $0,%rcx + movq %r10,%r9 + adcq %r15,%r10 + + btq $0,%r11 + cmovcq %rax,%r12 + cmovcq %rbp,%r13 + cmovcq %rcx,%r8 + cmovcq %r10,%r9 + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_mul_by_2x: + xorq %r11,%r11 + adcq %r12,%r12 + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + adcq $0,%r11 + + xorq %r10,%r10 + sbbq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + sbbq $0,%r11 + + cmovcq %rax,%r12 + cmovcq %rbp,%r13 + movq %r12,0(%rdi) + cmovcq %rcx,%r8 + movq %r13,8(%rdi) + cmovcq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + +.p2align 5 +ecp_nistz256_point_doublex: + +L$point_doublex: + pushq %rbp + + pushq %rbx + + pushq %r12 + + pushq %r13 + + pushq %r14 + + pushq %r15 + + subq $160+8,%rsp + +L$point_doublex_body: + +L$point_double_shortcutx: + movdqu 0(%rsi),%xmm0 + movq %rsi,%rbx + movdqu 16(%rsi),%xmm1 + movq 32+0(%rsi),%r12 + movq 32+8(%rsi),%r13 + movq 32+16(%rsi),%r8 + movq 32+24(%rsi),%r9 + movq L$poly+8(%rip),%r14 + movq L$poly+24(%rip),%r15 + movdqa %xmm0,96(%rsp) + movdqa %xmm1,96+16(%rsp) + leaq 32(%rdi),%r10 + leaq 64(%rdi),%r11 +.byte 102,72,15,110,199 +.byte 102,73,15,110,202 +.byte 102,73,15,110,211 + + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_by_2x + + movq 64+0(%rsi),%rdx + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + leaq 64-128(%rsi),%rsi + leaq 64(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 0+0(%rsp),%rdx + movq 8+0(%rsp),%r14 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 + leaq 0(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 32(%rbx),%rdx + movq 64+0(%rbx),%r9 + movq 64+8(%rbx),%r10 + movq 64+16(%rbx),%r11 + movq 64+24(%rbx),%r12 + leaq 64-128(%rbx),%rsi + leaq 32(%rbx),%rbx +.byte 102,72,15,126,215 + call __ecp_nistz256_mul_montx + call __ecp_nistz256_mul_by_2x + + movq 96+0(%rsp),%r12 + movq 96+8(%rsp),%r13 + leaq 64(%rsp),%rbx + movq 96+16(%rsp),%r8 + movq 96+24(%rsp),%r9 + leaq 32(%rsp),%rdi + call __ecp_nistz256_add_tox + + movq 96+0(%rsp),%r12 + movq 96+8(%rsp),%r13 + leaq 64(%rsp),%rbx + movq 96+16(%rsp),%r8 + movq 96+24(%rsp),%r9 + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 0+0(%rsp),%rdx + movq 8+0(%rsp),%r14 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 +.byte 102,72,15,126,207 + call __ecp_nistz256_sqr_montx + xorq %r9,%r9 + movq %r12,%rax + addq $-1,%r12 + movq %r13,%r10 + adcq %rsi,%r13 + movq %r14,%rcx + adcq $0,%r14 + movq %r15,%r8 + adcq %rbp,%r15 + adcq $0,%r9 + xorq %rsi,%rsi + testq $1,%rax + + cmovzq %rax,%r12 + cmovzq %r10,%r13 + cmovzq %rcx,%r14 + cmovzq %r8,%r15 + cmovzq %rsi,%r9 + + movq %r13,%rax + shrq $1,%r12 + shlq $63,%rax + movq %r14,%r10 + shrq $1,%r13 + orq %rax,%r12 + shlq $63,%r10 + movq %r15,%rcx + shrq $1,%r14 + orq %r10,%r13 + shlq $63,%rcx + movq %r12,0(%rdi) + shrq $1,%r15 + movq %r13,8(%rdi) + shlq $63,%r9 + orq %rcx,%r14 + orq %r9,%r15 + movq %r14,16(%rdi) + movq %r15,24(%rdi) + movq 64(%rsp),%rdx + leaq 64(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_by_2x + + leaq 32(%rsp),%rbx + leaq 32(%rsp),%rdi + call __ecp_nistz256_add_tox + + movq 96(%rsp),%rdx + leaq 96(%rsp),%rbx + movq 0+0(%rsp),%r9 + movq 8+0(%rsp),%r10 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r11 + movq 24+0(%rsp),%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_by_2x + + movq 0+32(%rsp),%rdx + movq 8+32(%rsp),%r14 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r15 + movq 24+32(%rsp),%r8 +.byte 102,72,15,126,199 + call __ecp_nistz256_sqr_montx + + leaq 128(%rsp),%rbx + movq %r14,%r8 + movq %r15,%r9 + movq %rsi,%r14 + movq %rbp,%r15 + call __ecp_nistz256_sub_fromx + + movq 0+0(%rsp),%rax + movq 0+8(%rsp),%rbp + movq 0+16(%rsp),%rcx + movq 0+24(%rsp),%r10 + leaq 0(%rsp),%rdi + call __ecp_nistz256_subx + + movq 32(%rsp),%rdx + leaq 32(%rsp),%rbx + movq %r12,%r14 + xorl %ecx,%ecx + movq %r12,0+0(%rsp) + movq %r13,%r10 + movq %r13,0+8(%rsp) + cmovzq %r8,%r11 + movq %r8,0+16(%rsp) + leaq 0-128(%rsp),%rsi + cmovzq %r9,%r12 + movq %r9,0+24(%rsp) + movq %r14,%r9 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + +.byte 102,72,15,126,203 +.byte 102,72,15,126,207 + call __ecp_nistz256_sub_fromx + + leaq 160+56(%rsp),%rsi + + movq -48(%rsi),%r15 + + movq -40(%rsi),%r14 + + movq -32(%rsi),%r13 + + movq -24(%rsi),%r12 + + movq -16(%rsi),%rbx + + movq -8(%rsi),%rbp + + leaq (%rsi),%rsp + +L$point_doublex_epilogue: + .byte 0xf3,0xc3 + + + +.p2align 5 +ecp_nistz256_point_addx: + +L$point_addx: + pushq %rbp + + pushq %rbx + + pushq %r12 + + pushq %r13 + + pushq %r14 + + pushq %r15 + + subq $576+8,%rsp + +L$point_addx_body: + + movdqu 0(%rsi),%xmm0 + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + movdqu 48(%rsi),%xmm3 + movdqu 64(%rsi),%xmm4 + movdqu 80(%rsi),%xmm5 + movq %rsi,%rbx + movq %rdx,%rsi + movdqa %xmm0,384(%rsp) + movdqa %xmm1,384+16(%rsp) + movdqa %xmm2,416(%rsp) + movdqa %xmm3,416+16(%rsp) + movdqa %xmm4,448(%rsp) + movdqa %xmm5,448+16(%rsp) + por %xmm4,%xmm5 + + movdqu 0(%rsi),%xmm0 + pshufd $0xb1,%xmm5,%xmm3 + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + por %xmm3,%xmm5 + movdqu 48(%rsi),%xmm3 + movq 64+0(%rsi),%rdx + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + movdqa %xmm0,480(%rsp) + pshufd $0x1e,%xmm5,%xmm4 + movdqa %xmm1,480+16(%rsp) + movdqu 64(%rsi),%xmm0 + movdqu 80(%rsi),%xmm1 + movdqa %xmm2,512(%rsp) + movdqa %xmm3,512+16(%rsp) + por %xmm4,%xmm5 + pxor %xmm4,%xmm4 + por %xmm0,%xmm1 +.byte 102,72,15,110,199 + + leaq 64-128(%rsi),%rsi + movq %rdx,544+0(%rsp) + movq %r14,544+8(%rsp) + movq %r15,544+16(%rsp) + movq %r8,544+24(%rsp) + leaq 96(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + pcmpeqd %xmm4,%xmm5 + pshufd $0xb1,%xmm1,%xmm4 + por %xmm1,%xmm4 + pshufd $0,%xmm5,%xmm5 + pshufd $0x1e,%xmm4,%xmm3 + por %xmm3,%xmm4 + pxor %xmm3,%xmm3 + pcmpeqd %xmm3,%xmm4 + pshufd $0,%xmm4,%xmm4 + movq 64+0(%rbx),%rdx + movq 64+8(%rbx),%r14 + movq 64+16(%rbx),%r15 + movq 64+24(%rbx),%r8 +.byte 102,72,15,110,203 + + leaq 64-128(%rbx),%rsi + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 544(%rsp),%rdx + leaq 544(%rsp),%rbx + movq 0+96(%rsp),%r9 + movq 8+96(%rsp),%r10 + leaq -128+96(%rsp),%rsi + movq 16+96(%rsp),%r11 + movq 24+96(%rsp),%r12 + leaq 224(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 448(%rsp),%rdx + leaq 448(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 416(%rsp),%rdx + leaq 416(%rsp),%rbx + movq 0+224(%rsp),%r9 + movq 8+224(%rsp),%r10 + leaq -128+224(%rsp),%rsi + movq 16+224(%rsp),%r11 + movq 24+224(%rsp),%r12 + leaq 224(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 512(%rsp),%rdx + leaq 512(%rsp),%rbx + movq 0+256(%rsp),%r9 + movq 8+256(%rsp),%r10 + leaq -128+256(%rsp),%rsi + movq 16+256(%rsp),%r11 + movq 24+256(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 224(%rsp),%rbx + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + orq %r13,%r12 + movdqa %xmm4,%xmm2 + orq %r8,%r12 + orq %r9,%r12 + por %xmm5,%xmm2 +.byte 102,73,15,110,220 + + movq 384(%rsp),%rdx + leaq 384(%rsp),%rbx + movq 0+96(%rsp),%r9 + movq 8+96(%rsp),%r10 + leaq -128+96(%rsp),%rsi + movq 16+96(%rsp),%r11 + movq 24+96(%rsp),%r12 + leaq 160(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 480(%rsp),%rdx + leaq 480(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 192(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 160(%rsp),%rbx + leaq 0(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + orq %r13,%r12 + orq %r8,%r12 + orq %r9,%r12 + +.byte 0x3e + jnz L$add_proceedx +.byte 102,73,15,126,208 +.byte 102,73,15,126,217 + testq %r8,%r8 + jnz L$add_proceedx + testq %r9,%r9 + jz L$add_doublex + +.byte 102,72,15,126,199 + pxor %xmm0,%xmm0 + movdqu %xmm0,0(%rdi) + movdqu %xmm0,16(%rdi) + movdqu %xmm0,32(%rdi) + movdqu %xmm0,48(%rdi) + movdqu %xmm0,64(%rdi) + movdqu %xmm0,80(%rdi) + jmp L$add_donex + +.p2align 5 +L$add_doublex: +.byte 102,72,15,126,206 +.byte 102,72,15,126,199 + addq $416,%rsp + jmp L$point_double_shortcutx + +.p2align 5 +L$add_proceedx: + movq 0+64(%rsp),%rdx + movq 8+64(%rsp),%r14 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r15 + movq 24+64(%rsp),%r8 + leaq 96(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 448(%rsp),%rdx + leaq 448(%rsp),%rbx + movq 0+0(%rsp),%r9 + movq 8+0(%rsp),%r10 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r11 + movq 24+0(%rsp),%r12 + leaq 352(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 0+0(%rsp),%rdx + movq 8+0(%rsp),%r14 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 544(%rsp),%rdx + leaq 544(%rsp),%rbx + movq 0+352(%rsp),%r9 + movq 8+352(%rsp),%r10 + leaq -128+352(%rsp),%rsi + movq 16+352(%rsp),%r11 + movq 24+352(%rsp),%r12 + leaq 352(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 0(%rsp),%rdx + leaq 0(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 160(%rsp),%rdx + leaq 160(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 192(%rsp),%rdi + call __ecp_nistz256_mul_montx + + + + + xorq %r11,%r11 + addq %r12,%r12 + leaq 96(%rsp),%rsi + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + adcq $0,%r11 + + subq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + sbbq $0,%r11 + + cmovcq %rax,%r12 + movq 0(%rsi),%rax + cmovcq %rbp,%r13 + movq 8(%rsi),%rbp + cmovcq %rcx,%r8 + movq 16(%rsi),%rcx + cmovcq %r10,%r9 + movq 24(%rsi),%r10 + + call __ecp_nistz256_subx + + leaq 128(%rsp),%rbx + leaq 288(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 192+0(%rsp),%rax + movq 192+8(%rsp),%rbp + movq 192+16(%rsp),%rcx + movq 192+24(%rsp),%r10 + leaq 320(%rsp),%rdi + + call __ecp_nistz256_subx + + movq %r12,0(%rdi) + movq %r13,8(%rdi) + movq %r8,16(%rdi) + movq %r9,24(%rdi) + movq 128(%rsp),%rdx + leaq 128(%rsp),%rbx + movq 0+224(%rsp),%r9 + movq 8+224(%rsp),%r10 + leaq -128+224(%rsp),%rsi + movq 16+224(%rsp),%r11 + movq 24+224(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 320(%rsp),%rdx + leaq 320(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 320(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 256(%rsp),%rbx + leaq 320(%rsp),%rdi + call __ecp_nistz256_sub_fromx + +.byte 102,72,15,126,199 + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 352(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 352+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 544(%rsp),%xmm2 + pand 544+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 448(%rsp),%xmm2 + pand 448+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,64(%rdi) + movdqu %xmm3,80(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 288(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 288+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 480(%rsp),%xmm2 + pand 480+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 384(%rsp),%xmm2 + pand 384+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,0(%rdi) + movdqu %xmm3,16(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 320(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 320+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 512(%rsp),%xmm2 + pand 512+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 416(%rsp),%xmm2 + pand 416+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,32(%rdi) + movdqu %xmm3,48(%rdi) + +L$add_donex: + leaq 576+56(%rsp),%rsi + + movq -48(%rsi),%r15 + + movq -40(%rsi),%r14 + + movq -32(%rsi),%r13 + + movq -24(%rsi),%r12 + + movq -16(%rsi),%rbx + + movq -8(%rsi),%rbp + + leaq (%rsi),%rsp + +L$point_addx_epilogue: + .byte 0xf3,0xc3 + + + +.p2align 5 +ecp_nistz256_point_add_affinex: + +L$point_add_affinex: + pushq %rbp + + pushq %rbx + + pushq %r12 + + pushq %r13 + + pushq %r14 + + pushq %r15 + + subq $480+8,%rsp + +L$add_affinex_body: + + movdqu 0(%rsi),%xmm0 + movq %rdx,%rbx + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + movdqu 48(%rsi),%xmm3 + movdqu 64(%rsi),%xmm4 + movdqu 80(%rsi),%xmm5 + movq 64+0(%rsi),%rdx + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + movdqa %xmm0,320(%rsp) + movdqa %xmm1,320+16(%rsp) + movdqa %xmm2,352(%rsp) + movdqa %xmm3,352+16(%rsp) + movdqa %xmm4,384(%rsp) + movdqa %xmm5,384+16(%rsp) + por %xmm4,%xmm5 + + movdqu 0(%rbx),%xmm0 + pshufd $0xb1,%xmm5,%xmm3 + movdqu 16(%rbx),%xmm1 + movdqu 32(%rbx),%xmm2 + por %xmm3,%xmm5 + movdqu 48(%rbx),%xmm3 + movdqa %xmm0,416(%rsp) + pshufd $0x1e,%xmm5,%xmm4 + movdqa %xmm1,416+16(%rsp) + por %xmm0,%xmm1 +.byte 102,72,15,110,199 + movdqa %xmm2,448(%rsp) + movdqa %xmm3,448+16(%rsp) + por %xmm2,%xmm3 + por %xmm4,%xmm5 + pxor %xmm4,%xmm4 + por %xmm1,%xmm3 + + leaq 64-128(%rsi),%rsi + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + pcmpeqd %xmm4,%xmm5 + pshufd $0xb1,%xmm3,%xmm4 + movq 0(%rbx),%rdx + + movq %r12,%r9 + por %xmm3,%xmm4 + pshufd $0,%xmm5,%xmm5 + pshufd $0x1e,%xmm4,%xmm3 + movq %r13,%r10 + por %xmm3,%xmm4 + pxor %xmm3,%xmm3 + movq %r14,%r11 + pcmpeqd %xmm3,%xmm4 + pshufd $0,%xmm4,%xmm4 + + leaq 32-128(%rsp),%rsi + movq %r15,%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 320(%rsp),%rbx + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 384(%rsp),%rdx + leaq 384(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 384(%rsp),%rdx + leaq 384(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 288(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 448(%rsp),%rdx + leaq 448(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 352(%rsp),%rbx + leaq 96(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 0+64(%rsp),%rdx + movq 8+64(%rsp),%r14 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r15 + movq 24+64(%rsp),%r8 + leaq 128(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 0+96(%rsp),%rdx + movq 8+96(%rsp),%r14 + leaq -128+96(%rsp),%rsi + movq 16+96(%rsp),%r15 + movq 24+96(%rsp),%r8 + leaq 192(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 128(%rsp),%rdx + leaq 128(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 160(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 320(%rsp),%rdx + leaq 320(%rsp),%rbx + movq 0+128(%rsp),%r9 + movq 8+128(%rsp),%r10 + leaq -128+128(%rsp),%rsi + movq 16+128(%rsp),%r11 + movq 24+128(%rsp),%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + + + + + xorq %r11,%r11 + addq %r12,%r12 + leaq 192(%rsp),%rsi + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + adcq $0,%r11 + + subq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + sbbq $0,%r11 + + cmovcq %rax,%r12 + movq 0(%rsi),%rax + cmovcq %rbp,%r13 + movq 8(%rsi),%rbp + cmovcq %rcx,%r8 + movq 16(%rsi),%rcx + cmovcq %r10,%r9 + movq 24(%rsi),%r10 + + call __ecp_nistz256_subx + + leaq 160(%rsp),%rbx + leaq 224(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 0+0(%rsp),%rax + movq 0+8(%rsp),%rbp + movq 0+16(%rsp),%rcx + movq 0+24(%rsp),%r10 + leaq 64(%rsp),%rdi + + call __ecp_nistz256_subx + + movq %r12,0(%rdi) + movq %r13,8(%rdi) + movq %r8,16(%rdi) + movq %r9,24(%rdi) + movq 352(%rsp),%rdx + leaq 352(%rsp),%rbx + movq 0+160(%rsp),%r9 + movq 8+160(%rsp),%r10 + leaq -128+160(%rsp),%rsi + movq 16+160(%rsp),%r11 + movq 24+160(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 96(%rsp),%rdx + leaq 96(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 64(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 32(%rsp),%rbx + leaq 256(%rsp),%rdi + call __ecp_nistz256_sub_fromx + +.byte 102,72,15,126,199 + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 288(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 288+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand L$ONE_mont(%rip),%xmm2 + pand L$ONE_mont+16(%rip),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 384(%rsp),%xmm2 + pand 384+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,64(%rdi) + movdqu %xmm3,80(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 224(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 224+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 416(%rsp),%xmm2 + pand 416+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 320(%rsp),%xmm2 + pand 320+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,0(%rdi) + movdqu %xmm3,16(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 256(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 256+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 448(%rsp),%xmm2 + pand 448+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 352(%rsp),%xmm2 + pand 352+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,32(%rdi) + movdqu %xmm3,48(%rdi) + + leaq 480+56(%rsp),%rsi + + movq -48(%rsi),%r15 + + movq -40(%rsi),%r14 + + movq -32(%rsi),%r13 + + movq -24(%rsi),%r12 + + movq -16(%rsi),%rbx + + movq -8(%rsi),%rbp + + leaq (%rsi),%rsp + +L$add_affinex_epilogue: + .byte 0xf3,0xc3 + + #endif diff --git a/third_party/boringssl/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S b/third_party/boringssl/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S index 6dd50affe5..c82c9d6f94 100644 --- a/third_party/boringssl/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S +++ b/third_party/boringssl/mac-x86_64/crypto/fipsmodule/rsaz-avx2.S @@ -1723,6 +1723,11 @@ L$SEH_end_rsaz_1024_gather5: _rsaz_avx2_eligible: leaq _OPENSSL_ia32cap_P(%rip),%rax movl 8(%rax),%eax + movl $524544,%ecx + movl $0,%edx + andl %eax,%ecx + cmpl $524544,%ecx + cmovel %edx,%eax andl $32,%eax shrl $5,%eax .byte 0xf3,0xc3 diff --git a/third_party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont.S b/third_party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont.S index be3d13a651..8bf6d55f7d 100644 --- a/third_party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont.S +++ b/third_party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont.S @@ -16,6 +16,8 @@ _bn_mul_mont: jnz L$mul_enter cmpl $8,%r9d jb L$mul_enter + leaq _OPENSSL_ia32cap_P(%rip),%r11 + movl 8(%r11),%r11d cmpq %rsi,%rdx jne L$mul4x_enter testl $7,%r9d @@ -207,30 +209,30 @@ L$inner_enter: xorq %r14,%r14 movq (%rsp),%rax - leaq (%rsp),%rsi movq %r9,%r15 - jmp L$sub + .p2align 4 L$sub: sbbq (%rcx,%r14,8),%rax movq %rax,(%rdi,%r14,8) - movq 8(%rsi,%r14,8),%rax + movq 8(%rsp,%r14,8),%rax leaq 1(%r14),%r14 decq %r15 jnz L$sub sbbq $0,%rax + movq $-1,%rbx + xorq %rax,%rbx xorq %r14,%r14 - andq %rax,%rsi - notq %rax - movq %rdi,%rcx - andq %rax,%rcx movq %r9,%r15 - orq %rcx,%rsi -.p2align 4 + L$copy: - movq (%rsi,%r14,8),%rax - movq %r14,(%rsp,%r14,8) - movq %rax,(%rdi,%r14,8) + movq (%rdi,%r14,8),%rcx + movq (%rsp,%r14,8),%rdx + andq %rbx,%rcx + andq %rax,%rdx + movq %r9,(%rsp,%r14,8) + orq %rcx,%rdx + movq %rdx,(%rdi,%r14,8) leaq 1(%r14),%r14 subq $1,%r15 jnz L$copy @@ -264,6 +266,9 @@ bn_mul4x_mont: movq %rsp,%rax L$mul4x_enter: + andl $0x80100,%r11d + cmpl $0x80100,%r11d + je L$mulx4x_enter pushq %rbx pushq %rbp @@ -601,7 +606,6 @@ L$inner4x: movq 16(%rsp,%r9,8),%rdi leaq -4(%r9),%r15 movq 0(%rsp),%rax - pxor %xmm0,%xmm0 movq 8(%rsp),%rdx shrq $2,%r15 leaq (%rsp),%rsi @@ -611,8 +615,7 @@ L$inner4x: movq 16(%rsi),%rbx movq 24(%rsi),%rbp sbbq 8(%rcx),%rdx - jmp L$sub4x -.p2align 4 + L$sub4x: movq %rax,0(%rdi,%r14,8) movq %rdx,8(%rdi,%r14,8) @@ -639,34 +642,35 @@ L$sub4x: sbbq $0,%rax movq %rbp,24(%rdi,%r14,8) - xorq %r14,%r14 - andq %rax,%rsi - notq %rax - movq %rdi,%rcx - andq %rax,%rcx - leaq -4(%r9),%r15 - orq %rcx,%rsi + pxor %xmm0,%xmm0 +.byte 102,72,15,110,224 + pcmpeqd %xmm5,%xmm5 + pshufd $0,%xmm4,%xmm4 + movq %r9,%r15 + pxor %xmm4,%xmm5 shrq $2,%r15 + xorl %eax,%eax - movdqu (%rsi),%xmm1 - movdqa %xmm0,(%rsp) - movdqu %xmm1,(%rdi) jmp L$copy4x .p2align 4 L$copy4x: - movdqu 16(%rsi,%r14,1),%xmm2 - movdqu 32(%rsi,%r14,1),%xmm1 - movdqa %xmm0,16(%rsp,%r14,1) - movdqu %xmm2,16(%rdi,%r14,1) - movdqa %xmm0,32(%rsp,%r14,1) - movdqu %xmm1,32(%rdi,%r14,1) - leaq 32(%r14),%r14 + movdqa (%rsp,%rax,1),%xmm1 + movdqu (%rdi,%rax,1),%xmm2 + pand %xmm4,%xmm1 + pand %xmm5,%xmm2 + movdqa 16(%rsp,%rax,1),%xmm3 + movdqa %xmm0,(%rsp,%rax,1) + por %xmm2,%xmm1 + movdqu 16(%rdi,%rax,1),%xmm2 + movdqu %xmm1,(%rdi,%rax,1) + pand %xmm4,%xmm3 + pand %xmm5,%xmm2 + movdqa %xmm0,16(%rsp,%rax,1) + por %xmm2,%xmm3 + movdqu %xmm3,16(%rdi,%rax,1) + leaq 32(%rax),%rax decq %r15 jnz L$copy4x - - movdqu 16(%rsi,%r14,1),%xmm2 - movdqa %xmm0,16(%rsp,%r14,1) - movdqu %xmm2,16(%rdi,%r14,1) movq 8(%rsp,%r9,8),%rsi movq $1,%rax @@ -691,6 +695,7 @@ L$mul4x_epilogue: + .p2align 5 bn_sqr8x_mont: @@ -771,6 +776,26 @@ L$sqr8x_body: pxor %xmm0,%xmm0 .byte 102,72,15,110,207 .byte 102,73,15,110,218 + leaq _OPENSSL_ia32cap_P(%rip),%rax + movl 8(%rax),%eax + andl $0x80100,%eax + cmpl $0x80100,%eax + jne L$sqr8x_nox + + call _bn_sqrx8x_internal + + + + + leaq (%r8,%rcx,1),%rbx + movq %rcx,%r9 + movq %rcx,%rdx +.byte 102,72,15,126,207 + sarq $3+2,%rcx + jmp L$sqr8x_sub + +.p2align 5 +L$sqr8x_nox: call _bn_sqr8x_internal @@ -858,6 +883,362 @@ L$sqr8x_epilogue: .byte 0xf3,0xc3 + +.p2align 5 +bn_mulx4x_mont: + + movq %rsp,%rax + +L$mulx4x_enter: + pushq %rbx + + pushq %rbp + + pushq %r12 + + pushq %r13 + + pushq %r14 + + pushq %r15 + +L$mulx4x_prologue: + + shll $3,%r9d + xorq %r10,%r10 + subq %r9,%r10 + movq (%r8),%r8 + leaq -72(%rsp,%r10,1),%rbp + andq $-128,%rbp + movq %rsp,%r11 + subq %rbp,%r11 + andq $-4096,%r11 + leaq (%r11,%rbp,1),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja L$mulx4x_page_walk + jmp L$mulx4x_page_walk_done + +.p2align 4 +L$mulx4x_page_walk: + leaq -4096(%rsp),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja L$mulx4x_page_walk +L$mulx4x_page_walk_done: + + leaq (%rdx,%r9,1),%r10 + + + + + + + + + + + + + movq %r9,0(%rsp) + shrq $5,%r9 + movq %r10,16(%rsp) + subq $1,%r9 + movq %r8,24(%rsp) + movq %rdi,32(%rsp) + movq %rax,40(%rsp) + + movq %r9,48(%rsp) + jmp L$mulx4x_body + +.p2align 5 +L$mulx4x_body: + leaq 8(%rdx),%rdi + movq (%rdx),%rdx + leaq 64+32(%rsp),%rbx + movq %rdx,%r9 + + mulxq 0(%rsi),%r8,%rax + mulxq 8(%rsi),%r11,%r14 + addq %rax,%r11 + movq %rdi,8(%rsp) + mulxq 16(%rsi),%r12,%r13 + adcq %r14,%r12 + adcq $0,%r13 + + movq %r8,%rdi + imulq 24(%rsp),%r8 + xorq %rbp,%rbp + + mulxq 24(%rsi),%rax,%r14 + movq %r8,%rdx + leaq 32(%rsi),%rsi + adcxq %rax,%r13 + adcxq %rbp,%r14 + + mulxq 0(%rcx),%rax,%r10 + adcxq %rax,%rdi + adoxq %r11,%r10 + mulxq 8(%rcx),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 +.byte 0xc4,0x62,0xfb,0xf6,0xa1,0x10,0x00,0x00,0x00 + movq 48(%rsp),%rdi + movq %r10,-32(%rbx) + adcxq %rax,%r11 + adoxq %r13,%r12 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r11,-24(%rbx) + adcxq %rax,%r12 + adoxq %rbp,%r15 + leaq 32(%rcx),%rcx + movq %r12,-16(%rbx) + + jmp L$mulx4x_1st + +.p2align 5 +L$mulx4x_1st: + adcxq %rbp,%r15 + mulxq 0(%rsi),%r10,%rax + adcxq %r14,%r10 + mulxq 8(%rsi),%r11,%r14 + adcxq %rax,%r11 + mulxq 16(%rsi),%r12,%rax + adcxq %r14,%r12 + mulxq 24(%rsi),%r13,%r14 +.byte 0x67,0x67 + movq %r8,%rdx + adcxq %rax,%r13 + adcxq %rbp,%r14 + leaq 32(%rsi),%rsi + leaq 32(%rbx),%rbx + + adoxq %r15,%r10 + mulxq 0(%rcx),%rax,%r15 + adcxq %rax,%r10 + adoxq %r15,%r11 + mulxq 8(%rcx),%rax,%r15 + adcxq %rax,%r11 + adoxq %r15,%r12 + mulxq 16(%rcx),%rax,%r15 + movq %r10,-40(%rbx) + adcxq %rax,%r12 + movq %r11,-32(%rbx) + adoxq %r15,%r13 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r12,-24(%rbx) + adcxq %rax,%r13 + adoxq %rbp,%r15 + leaq 32(%rcx),%rcx + movq %r13,-16(%rbx) + + decq %rdi + jnz L$mulx4x_1st + + movq 0(%rsp),%rax + movq 8(%rsp),%rdi + adcq %rbp,%r15 + addq %r15,%r14 + sbbq %r15,%r15 + movq %r14,-8(%rbx) + jmp L$mulx4x_outer + +.p2align 5 +L$mulx4x_outer: + movq (%rdi),%rdx + leaq 8(%rdi),%rdi + subq %rax,%rsi + movq %r15,(%rbx) + leaq 64+32(%rsp),%rbx + subq %rax,%rcx + + mulxq 0(%rsi),%r8,%r11 + xorl %ebp,%ebp + movq %rdx,%r9 + mulxq 8(%rsi),%r14,%r12 + adoxq -32(%rbx),%r8 + adcxq %r14,%r11 + mulxq 16(%rsi),%r15,%r13 + adoxq -24(%rbx),%r11 + adcxq %r15,%r12 + adoxq -16(%rbx),%r12 + adcxq %rbp,%r13 + adoxq %rbp,%r13 + + movq %rdi,8(%rsp) + movq %r8,%r15 + imulq 24(%rsp),%r8 + xorl %ebp,%ebp + + mulxq 24(%rsi),%rax,%r14 + movq %r8,%rdx + adcxq %rax,%r13 + adoxq -8(%rbx),%r13 + adcxq %rbp,%r14 + leaq 32(%rsi),%rsi + adoxq %rbp,%r14 + + mulxq 0(%rcx),%rax,%r10 + adcxq %rax,%r15 + adoxq %r11,%r10 + mulxq 8(%rcx),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 + mulxq 16(%rcx),%rax,%r12 + movq %r10,-32(%rbx) + adcxq %rax,%r11 + adoxq %r13,%r12 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r11,-24(%rbx) + leaq 32(%rcx),%rcx + adcxq %rax,%r12 + adoxq %rbp,%r15 + movq 48(%rsp),%rdi + movq %r12,-16(%rbx) + + jmp L$mulx4x_inner + +.p2align 5 +L$mulx4x_inner: + mulxq 0(%rsi),%r10,%rax + adcxq %rbp,%r15 + adoxq %r14,%r10 + mulxq 8(%rsi),%r11,%r14 + adcxq 0(%rbx),%r10 + adoxq %rax,%r11 + mulxq 16(%rsi),%r12,%rax + adcxq 8(%rbx),%r11 + adoxq %r14,%r12 + mulxq 24(%rsi),%r13,%r14 + movq %r8,%rdx + adcxq 16(%rbx),%r12 + adoxq %rax,%r13 + adcxq 24(%rbx),%r13 + adoxq %rbp,%r14 + leaq 32(%rsi),%rsi + leaq 32(%rbx),%rbx + adcxq %rbp,%r14 + + adoxq %r15,%r10 + mulxq 0(%rcx),%rax,%r15 + adcxq %rax,%r10 + adoxq %r15,%r11 + mulxq 8(%rcx),%rax,%r15 + adcxq %rax,%r11 + adoxq %r15,%r12 + mulxq 16(%rcx),%rax,%r15 + movq %r10,-40(%rbx) + adcxq %rax,%r12 + adoxq %r15,%r13 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r11,-32(%rbx) + movq %r12,-24(%rbx) + adcxq %rax,%r13 + adoxq %rbp,%r15 + leaq 32(%rcx),%rcx + movq %r13,-16(%rbx) + + decq %rdi + jnz L$mulx4x_inner + + movq 0(%rsp),%rax + movq 8(%rsp),%rdi + adcq %rbp,%r15 + subq 0(%rbx),%rbp + adcq %r15,%r14 + sbbq %r15,%r15 + movq %r14,-8(%rbx) + + cmpq 16(%rsp),%rdi + jne L$mulx4x_outer + + leaq 64(%rsp),%rbx + subq %rax,%rcx + negq %r15 + movq %rax,%rdx + shrq $3+2,%rax + movq 32(%rsp),%rdi + jmp L$mulx4x_sub + +.p2align 5 +L$mulx4x_sub: + movq 0(%rbx),%r11 + movq 8(%rbx),%r12 + movq 16(%rbx),%r13 + movq 24(%rbx),%r14 + leaq 32(%rbx),%rbx + sbbq 0(%rcx),%r11 + sbbq 8(%rcx),%r12 + sbbq 16(%rcx),%r13 + sbbq 24(%rcx),%r14 + leaq 32(%rcx),%rcx + movq %r11,0(%rdi) + movq %r12,8(%rdi) + movq %r13,16(%rdi) + movq %r14,24(%rdi) + leaq 32(%rdi),%rdi + decq %rax + jnz L$mulx4x_sub + + sbbq $0,%r15 + leaq 64(%rsp),%rbx + subq %rdx,%rdi + +.byte 102,73,15,110,207 + pxor %xmm0,%xmm0 + pshufd $0,%xmm1,%xmm1 + movq 40(%rsp),%rsi + + jmp L$mulx4x_cond_copy + +.p2align 5 +L$mulx4x_cond_copy: + movdqa 0(%rbx),%xmm2 + movdqa 16(%rbx),%xmm3 + leaq 32(%rbx),%rbx + movdqu 0(%rdi),%xmm4 + movdqu 16(%rdi),%xmm5 + leaq 32(%rdi),%rdi + movdqa %xmm0,-32(%rbx) + movdqa %xmm0,-16(%rbx) + pcmpeqd %xmm1,%xmm0 + pand %xmm1,%xmm2 + pand %xmm1,%xmm3 + pand %xmm0,%xmm4 + pand %xmm0,%xmm5 + pxor %xmm0,%xmm0 + por %xmm2,%xmm4 + por %xmm3,%xmm5 + movdqu %xmm4,-32(%rdi) + movdqu %xmm5,-16(%rdi) + subq $32,%rdx + jnz L$mulx4x_cond_copy + + movq %rdx,(%rbx) + + movq $1,%rax + movq -48(%rsi),%r15 + + movq -40(%rsi),%r14 + + movq -32(%rsi),%r13 + + movq -24(%rsi),%r12 + + movq -16(%rsi),%rbp + + movq -8(%rsi),%rbx + + leaq (%rsi),%rsp + +L$mulx4x_epilogue: + .byte 0xf3,0xc3 + + .byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 4 #endif diff --git a/third_party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S b/third_party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S index 91980d89bf..c8c888de2f 100644 --- a/third_party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S +++ b/third_party/boringssl/mac-x86_64/crypto/fipsmodule/x86_64-mont5.S @@ -14,6 +14,8 @@ _bn_mul_mont_gather5: testl $7,%r9d jnz L$mul_enter + leaq _OPENSSL_ia32cap_P(%rip),%r11 + movl 8(%r11),%r11d jmp L$mul4x_enter .p2align 4 @@ -403,18 +405,19 @@ L$sub: sbbq (%rcx,%r14,8),%rax jnz L$sub sbbq $0,%rax + movq $-1,%rbx + xorq %rax,%rbx xorq %r14,%r14 - andq %rax,%rsi - notq %rax - movq %rdi,%rcx - andq %rax,%rcx movq %r9,%r15 - orq %rcx,%rsi -.p2align 4 + L$copy: - movq (%rsi,%r14,8),%rax + movq (%rdi,%r14,8),%rcx + movq (%rsp,%r14,8),%rdx + andq %rbx,%rcx + andq %rax,%rdx movq %r14,(%rsp,%r14,8) - movq %rax,(%rdi,%r14,8) + orq %rcx,%rdx + movq %rdx,(%rdi,%r14,8) leaq 1(%r14),%r14 subq $1,%r15 jnz L$copy @@ -449,6 +452,9 @@ bn_mul4x_mont_gather5: movq %rsp,%rax L$mul4x_enter: + andl $0x80108,%r11d + cmpl $0x80108,%r11d + je L$mulx4x_enter pushq %rbx pushq %rbp @@ -1077,6 +1083,11 @@ _bn_power5: movq %rsp,%rax + leaq _OPENSSL_ia32cap_P(%rip),%r11 + movl 8(%r11),%r11d + andl $0x80108,%r11d + cmpl $0x80108,%r11d + je L$powerx5_enter pushq %rbx pushq %rbp @@ -2162,6 +2173,22 @@ L$mul_by_1: .byte 0x67 movq %rcx,%rbp .byte 102,73,15,110,218 + leaq _OPENSSL_ia32cap_P(%rip),%r11 + movl 8(%r11),%r11d + andl $0x80108,%r11d + cmpl $0x80108,%r11d + jne L$from_mont_nox + + leaq (%rax,%r9,1),%rdi + call __bn_sqrx8x_reduction + call __bn_postx4x_internal + + pxor %xmm0,%xmm0 + leaq 48(%rsp),%rax + jmp L$from_mont_zero + +.p2align 5 +L$from_mont_nox: call __bn_sqr8x_reduction call __bn_post4x_internal @@ -2200,6 +2227,1343 @@ L$from_epilogue: .byte 0xf3,0xc3 + +.p2align 5 +bn_mulx4x_mont_gather5: + + movq %rsp,%rax + +L$mulx4x_enter: + pushq %rbx + + pushq %rbp + + pushq %r12 + + pushq %r13 + + pushq %r14 + + pushq %r15 + +L$mulx4x_prologue: + + shll $3,%r9d + leaq (%r9,%r9,2),%r10 + negq %r9 + movq (%r8),%r8 + + + + + + + + + + + leaq -320(%rsp,%r9,2),%r11 + movq %rsp,%rbp + subq %rdi,%r11 + andq $4095,%r11 + cmpq %r11,%r10 + jb L$mulx4xsp_alt + subq %r11,%rbp + leaq -320(%rbp,%r9,2),%rbp + jmp L$mulx4xsp_done + +L$mulx4xsp_alt: + leaq 4096-320(,%r9,2),%r10 + leaq -320(%rbp,%r9,2),%rbp + subq %r10,%r11 + movq $0,%r10 + cmovcq %r10,%r11 + subq %r11,%rbp +L$mulx4xsp_done: + andq $-64,%rbp + movq %rsp,%r11 + subq %rbp,%r11 + andq $-4096,%r11 + leaq (%r11,%rbp,1),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja L$mulx4x_page_walk + jmp L$mulx4x_page_walk_done + +L$mulx4x_page_walk: + leaq -4096(%rsp),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja L$mulx4x_page_walk +L$mulx4x_page_walk_done: + + + + + + + + + + + + + + movq %r8,32(%rsp) + movq %rax,40(%rsp) + +L$mulx4x_body: + call mulx4x_internal + + movq 40(%rsp),%rsi + + movq $1,%rax + + movq -48(%rsi),%r15 + + movq -40(%rsi),%r14 + + movq -32(%rsi),%r13 + + movq -24(%rsi),%r12 + + movq -16(%rsi),%rbp + + movq -8(%rsi),%rbx + + leaq (%rsi),%rsp + +L$mulx4x_epilogue: + .byte 0xf3,0xc3 + + + + +.p2align 5 +mulx4x_internal: + movq %r9,8(%rsp) + movq %r9,%r10 + negq %r9 + shlq $5,%r9 + negq %r10 + leaq 128(%rdx,%r9,1),%r13 + shrq $5+5,%r9 + movd 8(%rax),%xmm5 + subq $1,%r9 + leaq L$inc(%rip),%rax + movq %r13,16+8(%rsp) + movq %r9,24+8(%rsp) + movq %rdi,56+8(%rsp) + movdqa 0(%rax),%xmm0 + movdqa 16(%rax),%xmm1 + leaq 88-112(%rsp,%r10,1),%r10 + leaq 128(%rdx),%rdi + + pshufd $0,%xmm5,%xmm5 + movdqa %xmm1,%xmm4 +.byte 0x67 + movdqa %xmm1,%xmm2 +.byte 0x67 + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm4,%xmm3 + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,112(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,128(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,144(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,160(%r10) + movdqa %xmm4,%xmm3 + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,176(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,192(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,208(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,224(%r10) + movdqa %xmm4,%xmm3 + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,240(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,256(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,272(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,288(%r10) + movdqa %xmm4,%xmm3 +.byte 0x67 + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,304(%r10) + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,320(%r10) + + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,336(%r10) + + pand 64(%rdi),%xmm0 + pand 80(%rdi),%xmm1 + pand 96(%rdi),%xmm2 + movdqa %xmm3,352(%r10) + pand 112(%rdi),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 + movdqa -128(%rdi),%xmm4 + movdqa -112(%rdi),%xmm5 + movdqa -96(%rdi),%xmm2 + pand 112(%r10),%xmm4 + movdqa -80(%rdi),%xmm3 + pand 128(%r10),%xmm5 + por %xmm4,%xmm0 + pand 144(%r10),%xmm2 + por %xmm5,%xmm1 + pand 160(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 + movdqa -64(%rdi),%xmm4 + movdqa -48(%rdi),%xmm5 + movdqa -32(%rdi),%xmm2 + pand 176(%r10),%xmm4 + movdqa -16(%rdi),%xmm3 + pand 192(%r10),%xmm5 + por %xmm4,%xmm0 + pand 208(%r10),%xmm2 + por %xmm5,%xmm1 + pand 224(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 + movdqa 0(%rdi),%xmm4 + movdqa 16(%rdi),%xmm5 + movdqa 32(%rdi),%xmm2 + pand 240(%r10),%xmm4 + movdqa 48(%rdi),%xmm3 + pand 256(%r10),%xmm5 + por %xmm4,%xmm0 + pand 272(%r10),%xmm2 + por %xmm5,%xmm1 + pand 288(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 + pxor %xmm1,%xmm0 + pshufd $0x4e,%xmm0,%xmm1 + por %xmm1,%xmm0 + leaq 256(%rdi),%rdi +.byte 102,72,15,126,194 + leaq 64+32+8(%rsp),%rbx + + movq %rdx,%r9 + mulxq 0(%rsi),%r8,%rax + mulxq 8(%rsi),%r11,%r12 + addq %rax,%r11 + mulxq 16(%rsi),%rax,%r13 + adcq %rax,%r12 + adcq $0,%r13 + mulxq 24(%rsi),%rax,%r14 + + movq %r8,%r15 + imulq 32+8(%rsp),%r8 + xorq %rbp,%rbp + movq %r8,%rdx + + movq %rdi,8+8(%rsp) + + leaq 32(%rsi),%rsi + adcxq %rax,%r13 + adcxq %rbp,%r14 + + mulxq 0(%rcx),%rax,%r10 + adcxq %rax,%r15 + adoxq %r11,%r10 + mulxq 8(%rcx),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 + mulxq 16(%rcx),%rax,%r12 + movq 24+8(%rsp),%rdi + movq %r10,-32(%rbx) + adcxq %rax,%r11 + adoxq %r13,%r12 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r11,-24(%rbx) + adcxq %rax,%r12 + adoxq %rbp,%r15 + leaq 32(%rcx),%rcx + movq %r12,-16(%rbx) + jmp L$mulx4x_1st + +.p2align 5 +L$mulx4x_1st: + adcxq %rbp,%r15 + mulxq 0(%rsi),%r10,%rax + adcxq %r14,%r10 + mulxq 8(%rsi),%r11,%r14 + adcxq %rax,%r11 + mulxq 16(%rsi),%r12,%rax + adcxq %r14,%r12 + mulxq 24(%rsi),%r13,%r14 +.byte 0x67,0x67 + movq %r8,%rdx + adcxq %rax,%r13 + adcxq %rbp,%r14 + leaq 32(%rsi),%rsi + leaq 32(%rbx),%rbx + + adoxq %r15,%r10 + mulxq 0(%rcx),%rax,%r15 + adcxq %rax,%r10 + adoxq %r15,%r11 + mulxq 8(%rcx),%rax,%r15 + adcxq %rax,%r11 + adoxq %r15,%r12 + mulxq 16(%rcx),%rax,%r15 + movq %r10,-40(%rbx) + adcxq %rax,%r12 + movq %r11,-32(%rbx) + adoxq %r15,%r13 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq %r12,-24(%rbx) + adcxq %rax,%r13 + adoxq %rbp,%r15 + leaq 32(%rcx),%rcx + movq %r13,-16(%rbx) + + decq %rdi + jnz L$mulx4x_1st + + movq 8(%rsp),%rax + adcq %rbp,%r15 + leaq (%rsi,%rax,1),%rsi + addq %r15,%r14 + movq 8+8(%rsp),%rdi + adcq %rbp,%rbp + movq %r14,-8(%rbx) + jmp L$mulx4x_outer + +.p2align 5 +L$mulx4x_outer: + leaq 16-256(%rbx),%r10 + pxor %xmm4,%xmm4 +.byte 0x67,0x67 + pxor %xmm5,%xmm5 + movdqa -128(%rdi),%xmm0 + movdqa -112(%rdi),%xmm1 + movdqa -96(%rdi),%xmm2 + pand 256(%r10),%xmm0 + movdqa -80(%rdi),%xmm3 + pand 272(%r10),%xmm1 + por %xmm0,%xmm4 + pand 288(%r10),%xmm2 + por %xmm1,%xmm5 + pand 304(%r10),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 + movdqa -64(%rdi),%xmm0 + movdqa -48(%rdi),%xmm1 + movdqa -32(%rdi),%xmm2 + pand 320(%r10),%xmm0 + movdqa -16(%rdi),%xmm3 + pand 336(%r10),%xmm1 + por %xmm0,%xmm4 + pand 352(%r10),%xmm2 + por %xmm1,%xmm5 + pand 368(%r10),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 + movdqa 0(%rdi),%xmm0 + movdqa 16(%rdi),%xmm1 + movdqa 32(%rdi),%xmm2 + pand 384(%r10),%xmm0 + movdqa 48(%rdi),%xmm3 + pand 400(%r10),%xmm1 + por %xmm0,%xmm4 + pand 416(%r10),%xmm2 + por %xmm1,%xmm5 + pand 432(%r10),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 + movdqa 64(%rdi),%xmm0 + movdqa 80(%rdi),%xmm1 + movdqa 96(%rdi),%xmm2 + pand 448(%r10),%xmm0 + movdqa 112(%rdi),%xmm3 + pand 464(%r10),%xmm1 + por %xmm0,%xmm4 + pand 480(%r10),%xmm2 + por %xmm1,%xmm5 + pand 496(%r10),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 + por %xmm5,%xmm4 + pshufd $0x4e,%xmm4,%xmm0 + por %xmm4,%xmm0 + leaq 256(%rdi),%rdi +.byte 102,72,15,126,194 + + movq %rbp,(%rbx) + leaq 32(%rbx,%rax,1),%rbx + mulxq 0(%rsi),%r8,%r11 + xorq %rbp,%rbp + movq %rdx,%r9 + mulxq 8(%rsi),%r14,%r12 + adoxq -32(%rbx),%r8 + adcxq %r14,%r11 + mulxq 16(%rsi),%r15,%r13 + adoxq -24(%rbx),%r11 + adcxq %r15,%r12 + mulxq 24(%rsi),%rdx,%r14 + adoxq -16(%rbx),%r12 + adcxq %rdx,%r13 + leaq (%rcx,%rax,1),%rcx + leaq 32(%rsi),%rsi + adoxq -8(%rbx),%r13 + adcxq %rbp,%r14 + adoxq %rbp,%r14 + + movq %r8,%r15 + imulq 32+8(%rsp),%r8 + + movq %r8,%rdx + xorq %rbp,%rbp + movq %rdi,8+8(%rsp) + + mulxq 0(%rcx),%rax,%r10 + adcxq %rax,%r15 + adoxq %r11,%r10 + mulxq 8(%rcx),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 + mulxq 16(%rcx),%rax,%r12 + adcxq %rax,%r11 + adoxq %r13,%r12 + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + movq 24+8(%rsp),%rdi + movq %r10,-32(%rbx) + adcxq %rax,%r12 + movq %r11,-24(%rbx) + adoxq %rbp,%r15 + movq %r12,-16(%rbx) + leaq 32(%rcx),%rcx + jmp L$mulx4x_inner + +.p2align 5 +L$mulx4x_inner: + mulxq 0(%rsi),%r10,%rax + adcxq %rbp,%r15 + adoxq %r14,%r10 + mulxq 8(%rsi),%r11,%r14 + adcxq 0(%rbx),%r10 + adoxq %rax,%r11 + mulxq 16(%rsi),%r12,%rax + adcxq 8(%rbx),%r11 + adoxq %r14,%r12 + mulxq 24(%rsi),%r13,%r14 + movq %r8,%rdx + adcxq 16(%rbx),%r12 + adoxq %rax,%r13 + adcxq 24(%rbx),%r13 + adoxq %rbp,%r14 + leaq 32(%rsi),%rsi + leaq 32(%rbx),%rbx + adcxq %rbp,%r14 + + adoxq %r15,%r10 + mulxq 0(%rcx),%rax,%r15 + adcxq %rax,%r10 + adoxq %r15,%r11 + mulxq 8(%rcx),%rax,%r15 + adcxq %rax,%r11 + adoxq %r15,%r12 + mulxq 16(%rcx),%rax,%r15 + movq %r10,-40(%rbx) + adcxq %rax,%r12 + adoxq %r15,%r13 + movq %r11,-32(%rbx) + mulxq 24(%rcx),%rax,%r15 + movq %r9,%rdx + leaq 32(%rcx),%rcx + movq %r12,-24(%rbx) + adcxq %rax,%r13 + adoxq %rbp,%r15 + movq %r13,-16(%rbx) + + decq %rdi + jnz L$mulx4x_inner + + movq 0+8(%rsp),%rax + adcq %rbp,%r15 + subq 0(%rbx),%rdi + movq 8+8(%rsp),%rdi + movq 16+8(%rsp),%r10 + adcq %r15,%r14 + leaq (%rsi,%rax,1),%rsi + adcq %rbp,%rbp + movq %r14,-8(%rbx) + + cmpq %r10,%rdi + jb L$mulx4x_outer + + movq -8(%rcx),%r10 + movq %rbp,%r8 + movq (%rcx,%rax,1),%r12 + leaq (%rcx,%rax,1),%rbp + movq %rax,%rcx + leaq (%rbx,%rax,1),%rdi + xorl %eax,%eax + xorq %r15,%r15 + subq %r14,%r10 + adcq %r15,%r15 + orq %r15,%r8 + sarq $3+2,%rcx + subq %r8,%rax + movq 56+8(%rsp),%rdx + decq %r12 + movq 8(%rbp),%r13 + xorq %r8,%r8 + movq 16(%rbp),%r14 + movq 24(%rbp),%r15 + jmp L$sqrx4x_sub_entry + + +.p2align 5 +bn_powerx5: + + movq %rsp,%rax + +L$powerx5_enter: + pushq %rbx + + pushq %rbp + + pushq %r12 + + pushq %r13 + + pushq %r14 + + pushq %r15 + +L$powerx5_prologue: + + shll $3,%r9d + leaq (%r9,%r9,2),%r10 + negq %r9 + movq (%r8),%r8 + + + + + + + + + leaq -320(%rsp,%r9,2),%r11 + movq %rsp,%rbp + subq %rdi,%r11 + andq $4095,%r11 + cmpq %r11,%r10 + jb L$pwrx_sp_alt + subq %r11,%rbp + leaq -320(%rbp,%r9,2),%rbp + jmp L$pwrx_sp_done + +.p2align 5 +L$pwrx_sp_alt: + leaq 4096-320(,%r9,2),%r10 + leaq -320(%rbp,%r9,2),%rbp + subq %r10,%r11 + movq $0,%r10 + cmovcq %r10,%r11 + subq %r11,%rbp +L$pwrx_sp_done: + andq $-64,%rbp + movq %rsp,%r11 + subq %rbp,%r11 + andq $-4096,%r11 + leaq (%r11,%rbp,1),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja L$pwrx_page_walk + jmp L$pwrx_page_walk_done + +L$pwrx_page_walk: + leaq -4096(%rsp),%rsp + movq (%rsp),%r10 + cmpq %rbp,%rsp + ja L$pwrx_page_walk +L$pwrx_page_walk_done: + + movq %r9,%r10 + negq %r9 + + + + + + + + + + + + + pxor %xmm0,%xmm0 +.byte 102,72,15,110,207 +.byte 102,72,15,110,209 +.byte 102,73,15,110,218 +.byte 102,72,15,110,226 + movq %r8,32(%rsp) + movq %rax,40(%rsp) + +L$powerx5_body: + + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + + movq %r10,%r9 + movq %rsi,%rdi +.byte 102,72,15,126,209 +.byte 102,72,15,126,226 + movq 40(%rsp),%rax + + call mulx4x_internal + + movq 40(%rsp),%rsi + + movq $1,%rax + + movq -48(%rsi),%r15 + + movq -40(%rsi),%r14 + + movq -32(%rsi),%r13 + + movq -24(%rsi),%r12 + + movq -16(%rsi),%rbp + + movq -8(%rsi),%rbx + + leaq (%rsi),%rsp + +L$powerx5_epilogue: + .byte 0xf3,0xc3 + + + +.globl _bn_sqrx8x_internal +.private_extern _bn_sqrx8x_internal +.private_extern _bn_sqrx8x_internal + +.p2align 5 +_bn_sqrx8x_internal: +__bn_sqrx8x_internal: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + leaq 48+8(%rsp),%rdi + leaq (%rsi,%r9,1),%rbp + movq %r9,0+8(%rsp) + movq %rbp,8+8(%rsp) + jmp L$sqr8x_zero_start + +.p2align 5 +.byte 0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00 +L$sqrx8x_zero: +.byte 0x3e + movdqa %xmm0,0(%rdi) + movdqa %xmm0,16(%rdi) + movdqa %xmm0,32(%rdi) + movdqa %xmm0,48(%rdi) +L$sqr8x_zero_start: + movdqa %xmm0,64(%rdi) + movdqa %xmm0,80(%rdi) + movdqa %xmm0,96(%rdi) + movdqa %xmm0,112(%rdi) + leaq 128(%rdi),%rdi + subq $64,%r9 + jnz L$sqrx8x_zero + + movq 0(%rsi),%rdx + + xorq %r10,%r10 + xorq %r11,%r11 + xorq %r12,%r12 + xorq %r13,%r13 + xorq %r14,%r14 + xorq %r15,%r15 + leaq 48+8(%rsp),%rdi + xorq %rbp,%rbp + jmp L$sqrx8x_outer_loop + +.p2align 5 +L$sqrx8x_outer_loop: + mulxq 8(%rsi),%r8,%rax + adcxq %r9,%r8 + adoxq %rax,%r10 + mulxq 16(%rsi),%r9,%rax + adcxq %r10,%r9 + adoxq %rax,%r11 +.byte 0xc4,0xe2,0xab,0xf6,0x86,0x18,0x00,0x00,0x00 + adcxq %r11,%r10 + adoxq %rax,%r12 +.byte 0xc4,0xe2,0xa3,0xf6,0x86,0x20,0x00,0x00,0x00 + adcxq %r12,%r11 + adoxq %rax,%r13 + mulxq 40(%rsi),%r12,%rax + adcxq %r13,%r12 + adoxq %rax,%r14 + mulxq 48(%rsi),%r13,%rax + adcxq %r14,%r13 + adoxq %r15,%rax + mulxq 56(%rsi),%r14,%r15 + movq 8(%rsi),%rdx + adcxq %rax,%r14 + adoxq %rbp,%r15 + adcq 64(%rdi),%r15 + movq %r8,8(%rdi) + movq %r9,16(%rdi) + sbbq %rcx,%rcx + xorq %rbp,%rbp + + + mulxq 16(%rsi),%r8,%rbx + mulxq 24(%rsi),%r9,%rax + adcxq %r10,%r8 + adoxq %rbx,%r9 + mulxq 32(%rsi),%r10,%rbx + adcxq %r11,%r9 + adoxq %rax,%r10 +.byte 0xc4,0xe2,0xa3,0xf6,0x86,0x28,0x00,0x00,0x00 + adcxq %r12,%r10 + adoxq %rbx,%r11 +.byte 0xc4,0xe2,0x9b,0xf6,0x9e,0x30,0x00,0x00,0x00 + adcxq %r13,%r11 + adoxq %r14,%r12 +.byte 0xc4,0x62,0x93,0xf6,0xb6,0x38,0x00,0x00,0x00 + movq 16(%rsi),%rdx + adcxq %rax,%r12 + adoxq %rbx,%r13 + adcxq %r15,%r13 + adoxq %rbp,%r14 + adcxq %rbp,%r14 + + movq %r8,24(%rdi) + movq %r9,32(%rdi) + + mulxq 24(%rsi),%r8,%rbx + mulxq 32(%rsi),%r9,%rax + adcxq %r10,%r8 + adoxq %rbx,%r9 + mulxq 40(%rsi),%r10,%rbx + adcxq %r11,%r9 + adoxq %rax,%r10 +.byte 0xc4,0xe2,0xa3,0xf6,0x86,0x30,0x00,0x00,0x00 + adcxq %r12,%r10 + adoxq %r13,%r11 +.byte 0xc4,0x62,0x9b,0xf6,0xae,0x38,0x00,0x00,0x00 +.byte 0x3e + movq 24(%rsi),%rdx + adcxq %rbx,%r11 + adoxq %rax,%r12 + adcxq %r14,%r12 + movq %r8,40(%rdi) + movq %r9,48(%rdi) + mulxq 32(%rsi),%r8,%rax + adoxq %rbp,%r13 + adcxq %rbp,%r13 + + mulxq 40(%rsi),%r9,%rbx + adcxq %r10,%r8 + adoxq %rax,%r9 + mulxq 48(%rsi),%r10,%rax + adcxq %r11,%r9 + adoxq %r12,%r10 + mulxq 56(%rsi),%r11,%r12 + movq 32(%rsi),%rdx + movq 40(%rsi),%r14 + adcxq %rbx,%r10 + adoxq %rax,%r11 + movq 48(%rsi),%r15 + adcxq %r13,%r11 + adoxq %rbp,%r12 + adcxq %rbp,%r12 + + movq %r8,56(%rdi) + movq %r9,64(%rdi) + + mulxq %r14,%r9,%rax + movq 56(%rsi),%r8 + adcxq %r10,%r9 + mulxq %r15,%r10,%rbx + adoxq %rax,%r10 + adcxq %r11,%r10 + mulxq %r8,%r11,%rax + movq %r14,%rdx + adoxq %rbx,%r11 + adcxq %r12,%r11 + + adcxq %rbp,%rax + + mulxq %r15,%r14,%rbx + mulxq %r8,%r12,%r13 + movq %r15,%rdx + leaq 64(%rsi),%rsi + adcxq %r14,%r11 + adoxq %rbx,%r12 + adcxq %rax,%r12 + adoxq %rbp,%r13 + +.byte 0x67,0x67 + mulxq %r8,%r8,%r14 + adcxq %r8,%r13 + adcxq %rbp,%r14 + + cmpq 8+8(%rsp),%rsi + je L$sqrx8x_outer_break + + negq %rcx + movq $-8,%rcx + movq %rbp,%r15 + movq 64(%rdi),%r8 + adcxq 72(%rdi),%r9 + adcxq 80(%rdi),%r10 + adcxq 88(%rdi),%r11 + adcq 96(%rdi),%r12 + adcq 104(%rdi),%r13 + adcq 112(%rdi),%r14 + adcq 120(%rdi),%r15 + leaq (%rsi),%rbp + leaq 128(%rdi),%rdi + sbbq %rax,%rax + + movq -64(%rsi),%rdx + movq %rax,16+8(%rsp) + movq %rdi,24+8(%rsp) + + + xorl %eax,%eax + jmp L$sqrx8x_loop + +.p2align 5 +L$sqrx8x_loop: + movq %r8,%rbx + mulxq 0(%rbp),%rax,%r8 + adcxq %rax,%rbx + adoxq %r9,%r8 + + mulxq 8(%rbp),%rax,%r9 + adcxq %rax,%r8 + adoxq %r10,%r9 + + mulxq 16(%rbp),%rax,%r10 + adcxq %rax,%r9 + adoxq %r11,%r10 + + mulxq 24(%rbp),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 + +.byte 0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00 + adcxq %rax,%r11 + adoxq %r13,%r12 + + mulxq 40(%rbp),%rax,%r13 + adcxq %rax,%r12 + adoxq %r14,%r13 + + mulxq 48(%rbp),%rax,%r14 + movq %rbx,(%rdi,%rcx,8) + movl $0,%ebx + adcxq %rax,%r13 + adoxq %r15,%r14 + +.byte 0xc4,0x62,0xfb,0xf6,0xbd,0x38,0x00,0x00,0x00 + movq 8(%rsi,%rcx,8),%rdx + adcxq %rax,%r14 + adoxq %rbx,%r15 + adcxq %rbx,%r15 + +.byte 0x67 + incq %rcx + jnz L$sqrx8x_loop + + leaq 64(%rbp),%rbp + movq $-8,%rcx + cmpq 8+8(%rsp),%rbp + je L$sqrx8x_break + + subq 16+8(%rsp),%rbx +.byte 0x66 + movq -64(%rsi),%rdx + adcxq 0(%rdi),%r8 + adcxq 8(%rdi),%r9 + adcq 16(%rdi),%r10 + adcq 24(%rdi),%r11 + adcq 32(%rdi),%r12 + adcq 40(%rdi),%r13 + adcq 48(%rdi),%r14 + adcq 56(%rdi),%r15 + leaq 64(%rdi),%rdi +.byte 0x67 + sbbq %rax,%rax + xorl %ebx,%ebx + movq %rax,16+8(%rsp) + jmp L$sqrx8x_loop + +.p2align 5 +L$sqrx8x_break: + xorq %rbp,%rbp + subq 16+8(%rsp),%rbx + adcxq %rbp,%r8 + movq 24+8(%rsp),%rcx + adcxq %rbp,%r9 + movq 0(%rsi),%rdx + adcq $0,%r10 + movq %r8,0(%rdi) + adcq $0,%r11 + adcq $0,%r12 + adcq $0,%r13 + adcq $0,%r14 + adcq $0,%r15 + cmpq %rcx,%rdi + je L$sqrx8x_outer_loop + + movq %r9,8(%rdi) + movq 8(%rcx),%r9 + movq %r10,16(%rdi) + movq 16(%rcx),%r10 + movq %r11,24(%rdi) + movq 24(%rcx),%r11 + movq %r12,32(%rdi) + movq 32(%rcx),%r12 + movq %r13,40(%rdi) + movq 40(%rcx),%r13 + movq %r14,48(%rdi) + movq 48(%rcx),%r14 + movq %r15,56(%rdi) + movq 56(%rcx),%r15 + movq %rcx,%rdi + jmp L$sqrx8x_outer_loop + +.p2align 5 +L$sqrx8x_outer_break: + movq %r9,72(%rdi) +.byte 102,72,15,126,217 + movq %r10,80(%rdi) + movq %r11,88(%rdi) + movq %r12,96(%rdi) + movq %r13,104(%rdi) + movq %r14,112(%rdi) + leaq 48+8(%rsp),%rdi + movq (%rsi,%rcx,1),%rdx + + movq 8(%rdi),%r11 + xorq %r10,%r10 + movq 0+8(%rsp),%r9 + adoxq %r11,%r11 + movq 16(%rdi),%r12 + movq 24(%rdi),%r13 + + +.p2align 5 +L$sqrx4x_shift_n_add: + mulxq %rdx,%rax,%rbx + adoxq %r12,%r12 + adcxq %r10,%rax +.byte 0x48,0x8b,0x94,0x0e,0x08,0x00,0x00,0x00 +.byte 0x4c,0x8b,0x97,0x20,0x00,0x00,0x00 + adoxq %r13,%r13 + adcxq %r11,%rbx + movq 40(%rdi),%r11 + movq %rax,0(%rdi) + movq %rbx,8(%rdi) + + mulxq %rdx,%rax,%rbx + adoxq %r10,%r10 + adcxq %r12,%rax + movq 16(%rsi,%rcx,1),%rdx + movq 48(%rdi),%r12 + adoxq %r11,%r11 + adcxq %r13,%rbx + movq 56(%rdi),%r13 + movq %rax,16(%rdi) + movq %rbx,24(%rdi) + + mulxq %rdx,%rax,%rbx + adoxq %r12,%r12 + adcxq %r10,%rax + movq 24(%rsi,%rcx,1),%rdx + leaq 32(%rcx),%rcx + movq 64(%rdi),%r10 + adoxq %r13,%r13 + adcxq %r11,%rbx + movq 72(%rdi),%r11 + movq %rax,32(%rdi) + movq %rbx,40(%rdi) + + mulxq %rdx,%rax,%rbx + adoxq %r10,%r10 + adcxq %r12,%rax + jrcxz L$sqrx4x_shift_n_add_break +.byte 0x48,0x8b,0x94,0x0e,0x00,0x00,0x00,0x00 + adoxq %r11,%r11 + adcxq %r13,%rbx + movq 80(%rdi),%r12 + movq 88(%rdi),%r13 + movq %rax,48(%rdi) + movq %rbx,56(%rdi) + leaq 64(%rdi),%rdi + nop + jmp L$sqrx4x_shift_n_add + +.p2align 5 +L$sqrx4x_shift_n_add_break: + adcxq %r13,%rbx + movq %rax,48(%rdi) + movq %rbx,56(%rdi) + leaq 64(%rdi),%rdi +.byte 102,72,15,126,213 +__bn_sqrx8x_reduction: + xorl %eax,%eax + movq 32+8(%rsp),%rbx + movq 48+8(%rsp),%rdx + leaq -64(%rbp,%r9,1),%rcx + + movq %rcx,0+8(%rsp) + movq %rdi,8+8(%rsp) + + leaq 48+8(%rsp),%rdi + jmp L$sqrx8x_reduction_loop + +.p2align 5 +L$sqrx8x_reduction_loop: + movq 8(%rdi),%r9 + movq 16(%rdi),%r10 + movq 24(%rdi),%r11 + movq 32(%rdi),%r12 + movq %rdx,%r8 + imulq %rbx,%rdx + movq 40(%rdi),%r13 + movq 48(%rdi),%r14 + movq 56(%rdi),%r15 + movq %rax,24+8(%rsp) + + leaq 64(%rdi),%rdi + xorq %rsi,%rsi + movq $-8,%rcx + jmp L$sqrx8x_reduce + +.p2align 5 +L$sqrx8x_reduce: + movq %r8,%rbx + mulxq 0(%rbp),%rax,%r8 + adcxq %rbx,%rax + adoxq %r9,%r8 + + mulxq 8(%rbp),%rbx,%r9 + adcxq %rbx,%r8 + adoxq %r10,%r9 + + mulxq 16(%rbp),%rbx,%r10 + adcxq %rbx,%r9 + adoxq %r11,%r10 + + mulxq 24(%rbp),%rbx,%r11 + adcxq %rbx,%r10 + adoxq %r12,%r11 + +.byte 0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00 + movq %rdx,%rax + movq %r8,%rdx + adcxq %rbx,%r11 + adoxq %r13,%r12 + + mulxq 32+8(%rsp),%rbx,%rdx + movq %rax,%rdx + movq %rax,64+48+8(%rsp,%rcx,8) + + mulxq 40(%rbp),%rax,%r13 + adcxq %rax,%r12 + adoxq %r14,%r13 + + mulxq 48(%rbp),%rax,%r14 + adcxq %rax,%r13 + adoxq %r15,%r14 + + mulxq 56(%rbp),%rax,%r15 + movq %rbx,%rdx + adcxq %rax,%r14 + adoxq %rsi,%r15 + adcxq %rsi,%r15 + +.byte 0x67,0x67,0x67 + incq %rcx + jnz L$sqrx8x_reduce + + movq %rsi,%rax + cmpq 0+8(%rsp),%rbp + jae L$sqrx8x_no_tail + + movq 48+8(%rsp),%rdx + addq 0(%rdi),%r8 + leaq 64(%rbp),%rbp + movq $-8,%rcx + adcxq 8(%rdi),%r9 + adcxq 16(%rdi),%r10 + adcq 24(%rdi),%r11 + adcq 32(%rdi),%r12 + adcq 40(%rdi),%r13 + adcq 48(%rdi),%r14 + adcq 56(%rdi),%r15 + leaq 64(%rdi),%rdi + sbbq %rax,%rax + + xorq %rsi,%rsi + movq %rax,16+8(%rsp) + jmp L$sqrx8x_tail + +.p2align 5 +L$sqrx8x_tail: + movq %r8,%rbx + mulxq 0(%rbp),%rax,%r8 + adcxq %rax,%rbx + adoxq %r9,%r8 + + mulxq 8(%rbp),%rax,%r9 + adcxq %rax,%r8 + adoxq %r10,%r9 + + mulxq 16(%rbp),%rax,%r10 + adcxq %rax,%r9 + adoxq %r11,%r10 + + mulxq 24(%rbp),%rax,%r11 + adcxq %rax,%r10 + adoxq %r12,%r11 + +.byte 0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00 + adcxq %rax,%r11 + adoxq %r13,%r12 + + mulxq 40(%rbp),%rax,%r13 + adcxq %rax,%r12 + adoxq %r14,%r13 + + mulxq 48(%rbp),%rax,%r14 + adcxq %rax,%r13 + adoxq %r15,%r14 + + mulxq 56(%rbp),%rax,%r15 + movq 72+48+8(%rsp,%rcx,8),%rdx + adcxq %rax,%r14 + adoxq %rsi,%r15 + movq %rbx,(%rdi,%rcx,8) + movq %r8,%rbx + adcxq %rsi,%r15 + + incq %rcx + jnz L$sqrx8x_tail + + cmpq 0+8(%rsp),%rbp + jae L$sqrx8x_tail_done + + subq 16+8(%rsp),%rsi + movq 48+8(%rsp),%rdx + leaq 64(%rbp),%rbp + adcq 0(%rdi),%r8 + adcq 8(%rdi),%r9 + adcq 16(%rdi),%r10 + adcq 24(%rdi),%r11 + adcq 32(%rdi),%r12 + adcq 40(%rdi),%r13 + adcq 48(%rdi),%r14 + adcq 56(%rdi),%r15 + leaq 64(%rdi),%rdi + sbbq %rax,%rax + subq $8,%rcx + + xorq %rsi,%rsi + movq %rax,16+8(%rsp) + jmp L$sqrx8x_tail + +.p2align 5 +L$sqrx8x_tail_done: + xorq %rax,%rax + addq 24+8(%rsp),%r8 + adcq $0,%r9 + adcq $0,%r10 + adcq $0,%r11 + adcq $0,%r12 + adcq $0,%r13 + adcq $0,%r14 + adcq $0,%r15 + adcq $0,%rax + + subq 16+8(%rsp),%rsi +L$sqrx8x_no_tail: + adcq 0(%rdi),%r8 +.byte 102,72,15,126,217 + adcq 8(%rdi),%r9 + movq 56(%rbp),%rsi +.byte 102,72,15,126,213 + adcq 16(%rdi),%r10 + adcq 24(%rdi),%r11 + adcq 32(%rdi),%r12 + adcq 40(%rdi),%r13 + adcq 48(%rdi),%r14 + adcq 56(%rdi),%r15 + adcq $0,%rax + + movq 32+8(%rsp),%rbx + movq 64(%rdi,%rcx,1),%rdx + + movq %r8,0(%rdi) + leaq 64(%rdi),%r8 + movq %r9,8(%rdi) + movq %r10,16(%rdi) + movq %r11,24(%rdi) + movq %r12,32(%rdi) + movq %r13,40(%rdi) + movq %r14,48(%rdi) + movq %r15,56(%rdi) + + leaq 64(%rdi,%rcx,1),%rdi + cmpq 8+8(%rsp),%r8 + jb L$sqrx8x_reduction_loop + .byte 0xf3,0xc3 + +.p2align 5 +__bn_postx4x_internal: + movq 0(%rbp),%r12 + movq %rcx,%r10 + movq %rcx,%r9 + negq %rax + sarq $3+2,%rcx + +.byte 102,72,15,126,202 +.byte 102,72,15,126,206 + decq %r12 + movq 8(%rbp),%r13 + xorq %r8,%r8 + movq 16(%rbp),%r14 + movq 24(%rbp),%r15 + jmp L$sqrx4x_sub_entry + +.p2align 4 +L$sqrx4x_sub: + movq 0(%rbp),%r12 + movq 8(%rbp),%r13 + movq 16(%rbp),%r14 + movq 24(%rbp),%r15 +L$sqrx4x_sub_entry: + andnq %rax,%r12,%r12 + leaq 32(%rbp),%rbp + andnq %rax,%r13,%r13 + andnq %rax,%r14,%r14 + andnq %rax,%r15,%r15 + + negq %r8 + adcq 0(%rdi),%r12 + adcq 8(%rdi),%r13 + adcq 16(%rdi),%r14 + adcq 24(%rdi),%r15 + movq %r12,0(%rdx) + leaq 32(%rdi),%rdi + movq %r13,8(%rdx) + sbbq %r8,%r8 + movq %r14,16(%rdx) + movq %r15,24(%rdx) + leaq 32(%rdx),%rdx + + incq %rcx + jnz L$sqrx4x_sub + + negq %r9 + + .byte 0xf3,0xc3 + .globl _bn_scatter5 .private_extern _bn_scatter5 diff --git a/third_party/boringssl/win-x86/crypto/fipsmodule/x86-mont.asm b/third_party/boringssl/win-x86/crypto/fipsmodule/x86-mont.asm index b1a4d59429..befb2fb386 100644 --- a/third_party/boringssl/win-x86/crypto/fipsmodule/x86-mont.asm +++ b/third_party/boringssl/win-x86/crypto/fipsmodule/x86-mont.asm @@ -456,16 +456,18 @@ L$016sub: lea edx,[1+edx] jge NEAR L$016sub sbb eax,0 - and esi,eax - not eax - mov ebp,edi - and ebp,eax - or esi,ebp + mov edx,-1 + xor edx,eax + jmp NEAR L$017copy align 16 L$017copy: - mov eax,DWORD [ebx*4+esi] - mov DWORD [ebx*4+edi],eax + mov esi,DWORD [32+ebx*4+esp] + mov ebp,DWORD [ebx*4+edi] mov DWORD [32+ebx*4+esp],ecx + and esi,eax + and ebp,edx + or ebp,esi + mov DWORD [ebx*4+edi],ebp dec ebx jge NEAR L$017copy mov esp,DWORD [24+esp] diff --git a/third_party/boringssl/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm b/third_party/boringssl/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm index 888a87f977..8027c045d5 100644 --- a/third_party/boringssl/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm +++ b/third_party/boringssl/win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm @@ -111,6 +111,11 @@ $L$SEH_begin_ecp_nistz256_ord_mul_mont: + lea rcx,[OPENSSL_ia32cap_P] + mov rcx,QWORD[8+rcx] + and ecx,0x80100 + cmp ecx,0x80100 + je NEAR $L$ecp_nistz256_ord_mul_montx push rbp push rbx @@ -444,6 +449,11 @@ $L$SEH_begin_ecp_nistz256_ord_sqr_mont: + lea rcx,[OPENSSL_ia32cap_P] + mov rcx,QWORD[8+rcx] + and ecx,0x80100 + cmp ecx,0x80100 + je NEAR $L$ecp_nistz256_ord_sqr_montx push rbp push rbx @@ -728,6 +738,472 @@ $L$ord_sqr_epilogue: $L$SEH_end_ecp_nistz256_ord_sqr_mont: +ALIGN 32 +ecp_nistz256_ord_mul_montx: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi + mov rax,rsp +$L$SEH_begin_ecp_nistz256_ord_mul_montx: + mov rdi,rcx + mov rsi,rdx + mov rdx,r8 + + + +$L$ecp_nistz256_ord_mul_montx: + push rbp + + push rbx + + push r12 + + push r13 + + push r14 + + push r15 + +$L$ord_mulx_body: + + mov rbx,rdx + mov rdx,QWORD[rdx] + mov r9,QWORD[rsi] + mov r10,QWORD[8+rsi] + mov r11,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + lea rsi,[((-128))+rsi] + lea r14,[(($L$ord-128))] + mov r15,QWORD[$L$ordK] + + + mulx r9,r8,r9 + mulx r10,rcx,r10 + mulx r11,rbp,r11 + add r9,rcx + mulx r12,rcx,r12 + mov rdx,r8 + mulx rax,rdx,r15 + adc r10,rbp + adc r11,rcx + adc r12,0 + + + xor r13,r13 + mulx rbp,rcx,QWORD[((0+128))+r14] + adcx r8,rcx + adox r9,rbp + + mulx rbp,rcx,QWORD[((8+128))+r14] + adcx r9,rcx + adox r10,rbp + + mulx rbp,rcx,QWORD[((16+128))+r14] + adcx r10,rcx + adox r11,rbp + + mulx rbp,rcx,QWORD[((24+128))+r14] + mov rdx,QWORD[8+rbx] + adcx r11,rcx + adox r12,rbp + adcx r12,r8 + adox r13,r8 + adc r13,0 + + + mulx rbp,rcx,QWORD[((0+128))+rsi] + adcx r9,rcx + adox r10,rbp + + mulx rbp,rcx,QWORD[((8+128))+rsi] + adcx r10,rcx + adox r11,rbp + + mulx rbp,rcx,QWORD[((16+128))+rsi] + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,QWORD[((24+128))+rsi] + mov rdx,r9 + mulx rax,rdx,r15 + adcx r12,rcx + adox r13,rbp + + adcx r13,r8 + adox r8,r8 + adc r8,0 + + + mulx rbp,rcx,QWORD[((0+128))+r14] + adcx r9,rcx + adox r10,rbp + + mulx rbp,rcx,QWORD[((8+128))+r14] + adcx r10,rcx + adox r11,rbp + + mulx rbp,rcx,QWORD[((16+128))+r14] + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,QWORD[((24+128))+r14] + mov rdx,QWORD[16+rbx] + adcx r12,rcx + adox r13,rbp + adcx r13,r9 + adox r8,r9 + adc r8,0 + + + mulx rbp,rcx,QWORD[((0+128))+rsi] + adcx r10,rcx + adox r11,rbp + + mulx rbp,rcx,QWORD[((8+128))+rsi] + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,QWORD[((16+128))+rsi] + adcx r12,rcx + adox r13,rbp + + mulx rbp,rcx,QWORD[((24+128))+rsi] + mov rdx,r10 + mulx rax,rdx,r15 + adcx r13,rcx + adox r8,rbp + + adcx r8,r9 + adox r9,r9 + adc r9,0 + + + mulx rbp,rcx,QWORD[((0+128))+r14] + adcx r10,rcx + adox r11,rbp + + mulx rbp,rcx,QWORD[((8+128))+r14] + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,QWORD[((16+128))+r14] + adcx r12,rcx + adox r13,rbp + + mulx rbp,rcx,QWORD[((24+128))+r14] + mov rdx,QWORD[24+rbx] + adcx r13,rcx + adox r8,rbp + adcx r8,r10 + adox r9,r10 + adc r9,0 + + + mulx rbp,rcx,QWORD[((0+128))+rsi] + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,QWORD[((8+128))+rsi] + adcx r12,rcx + adox r13,rbp + + mulx rbp,rcx,QWORD[((16+128))+rsi] + adcx r13,rcx + adox r8,rbp + + mulx rbp,rcx,QWORD[((24+128))+rsi] + mov rdx,r11 + mulx rax,rdx,r15 + adcx r8,rcx + adox r9,rbp + + adcx r9,r10 + adox r10,r10 + adc r10,0 + + + mulx rbp,rcx,QWORD[((0+128))+r14] + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,QWORD[((8+128))+r14] + adcx r12,rcx + adox r13,rbp + + mulx rbp,rcx,QWORD[((16+128))+r14] + adcx r13,rcx + adox r8,rbp + + mulx rbp,rcx,QWORD[((24+128))+r14] + lea r14,[128+r14] + mov rbx,r12 + adcx r8,rcx + adox r9,rbp + mov rdx,r13 + adcx r9,r11 + adox r10,r11 + adc r10,0 + + + + mov rcx,r8 + sub r12,QWORD[r14] + sbb r13,QWORD[8+r14] + sbb r8,QWORD[16+r14] + mov rbp,r9 + sbb r9,QWORD[24+r14] + sbb r10,0 + + cmovc r12,rbx + cmovc r13,rdx + cmovc r8,rcx + cmovc r9,rbp + + mov QWORD[rdi],r12 + mov QWORD[8+rdi],r13 + mov QWORD[16+rdi],r8 + mov QWORD[24+rdi],r9 + + mov r15,QWORD[rsp] + + mov r14,QWORD[8+rsp] + + mov r13,QWORD[16+rsp] + + mov r12,QWORD[24+rsp] + + mov rbx,QWORD[32+rsp] + + mov rbp,QWORD[40+rsp] + + lea rsp,[48+rsp] + +$L$ord_mulx_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] + DB 0F3h,0C3h ;repret + +$L$SEH_end_ecp_nistz256_ord_mul_montx: + + +ALIGN 32 +ecp_nistz256_ord_sqr_montx: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi + mov rax,rsp +$L$SEH_begin_ecp_nistz256_ord_sqr_montx: + mov rdi,rcx + mov rsi,rdx + mov rdx,r8 + + + +$L$ecp_nistz256_ord_sqr_montx: + push rbp + + push rbx + + push r12 + + push r13 + + push r14 + + push r15 + +$L$ord_sqrx_body: + + mov rbx,rdx + mov rdx,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r15,QWORD[16+rsi] + mov r8,QWORD[24+rsi] + lea rsi,[$L$ord] + jmp NEAR $L$oop_ord_sqrx + +ALIGN 32 +$L$oop_ord_sqrx: + mulx r10,r9,r14 + mulx r11,rcx,r15 + mov rax,rdx +DB 102,73,15,110,206 + mulx r12,rbp,r8 + mov rdx,r14 + add r10,rcx +DB 102,73,15,110,215 + adc r11,rbp + adc r12,0 + xor r13,r13 + + mulx rbp,rcx,r15 + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,r8 + mov rdx,r15 + adcx r12,rcx + adox r13,rbp + adc r13,0 + + mulx r14,rcx,r8 + mov rdx,rax +DB 102,73,15,110,216 + xor r15,r15 + adcx r9,r9 + adox r13,rcx + adcx r10,r10 + adox r14,r15 + + + mulx rbp,r8,rdx +DB 102,72,15,126,202 + adcx r11,r11 + adox r9,rbp + adcx r12,r12 + mulx rax,rcx,rdx +DB 102,72,15,126,210 + adcx r13,r13 + adox r10,rcx + adcx r14,r14 + mulx rbp,rcx,rdx +DB 0x67 +DB 102,72,15,126,218 + adox r11,rax + adcx r15,r15 + adox r12,rcx + adox r13,rbp + mulx rax,rcx,rdx + adox r14,rcx + adox r15,rax + + + mov rdx,r8 + mulx rcx,rdx,QWORD[32+rsi] + + xor rax,rax + mulx rbp,rcx,QWORD[rsi] + adcx r8,rcx + adox r9,rbp + mulx rbp,rcx,QWORD[8+rsi] + adcx r9,rcx + adox r10,rbp + mulx rbp,rcx,QWORD[16+rsi] + adcx r10,rcx + adox r11,rbp + mulx rbp,rcx,QWORD[24+rsi] + adcx r11,rcx + adox r8,rbp + adcx r8,rax + + + mov rdx,r9 + mulx rcx,rdx,QWORD[32+rsi] + + mulx rbp,rcx,QWORD[rsi] + adox r9,rcx + adcx r10,rbp + mulx rbp,rcx,QWORD[8+rsi] + adox r10,rcx + adcx r11,rbp + mulx rbp,rcx,QWORD[16+rsi] + adox r11,rcx + adcx r8,rbp + mulx rbp,rcx,QWORD[24+rsi] + adox r8,rcx + adcx r9,rbp + adox r9,rax + + + mov rdx,r10 + mulx rcx,rdx,QWORD[32+rsi] + + mulx rbp,rcx,QWORD[rsi] + adcx r10,rcx + adox r11,rbp + mulx rbp,rcx,QWORD[8+rsi] + adcx r11,rcx + adox r8,rbp + mulx rbp,rcx,QWORD[16+rsi] + adcx r8,rcx + adox r9,rbp + mulx rbp,rcx,QWORD[24+rsi] + adcx r9,rcx + adox r10,rbp + adcx r10,rax + + + mov rdx,r11 + mulx rcx,rdx,QWORD[32+rsi] + + mulx rbp,rcx,QWORD[rsi] + adox r11,rcx + adcx r8,rbp + mulx rbp,rcx,QWORD[8+rsi] + adox r8,rcx + adcx r9,rbp + mulx rbp,rcx,QWORD[16+rsi] + adox r9,rcx + adcx r10,rbp + mulx rbp,rcx,QWORD[24+rsi] + adox r10,rcx + adcx r11,rbp + adox r11,rax + + + add r12,r8 + adc r9,r13 + mov rdx,r12 + adc r10,r14 + adc r11,r15 + mov r14,r9 + adc rax,0 + + + sub r12,QWORD[rsi] + mov r15,r10 + sbb r9,QWORD[8+rsi] + sbb r10,QWORD[16+rsi] + mov r8,r11 + sbb r11,QWORD[24+rsi] + sbb rax,0 + + cmovnc rdx,r12 + cmovnc r14,r9 + cmovnc r15,r10 + cmovnc r8,r11 + + dec rbx + jnz NEAR $L$oop_ord_sqrx + + mov QWORD[rdi],rdx + mov QWORD[8+rdi],r14 + pxor xmm1,xmm1 + mov QWORD[16+rdi],r15 + pxor xmm2,xmm2 + mov QWORD[24+rdi],r8 + pxor xmm3,xmm3 + + mov r15,QWORD[rsp] + + mov r14,QWORD[8+rsp] + + mov r13,QWORD[16+rsp] + + mov r12,QWORD[24+rsp] + + mov rbx,QWORD[32+rsp] + + mov rbp,QWORD[40+rsp] + + lea rsp,[48+rsp] + +$L$ord_sqrx_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] + DB 0F3h,0C3h ;repret + +$L$SEH_end_ecp_nistz256_ord_sqr_montx: + + @@ -746,6 +1222,9 @@ $L$SEH_begin_ecp_nistz256_mul_mont: + lea rcx,[OPENSSL_ia32cap_P] + mov rcx,QWORD[8+rcx] + and ecx,0x80100 $L$mul_mont: push rbp @@ -760,6 +1239,8 @@ $L$mul_mont: push r15 $L$mul_body: + cmp ecx,0x80100 + je NEAR $L$mul_montx mov rbx,rdx mov rax,QWORD[rdx] mov r9,QWORD[rsi] @@ -768,6 +1249,19 @@ $L$mul_body: mov r12,QWORD[24+rsi] call __ecp_nistz256_mul_montq + jmp NEAR $L$mul_mont_done + +ALIGN 32 +$L$mul_montx: + mov rbx,rdx + mov rdx,QWORD[rdx] + mov r9,QWORD[rsi] + mov r10,QWORD[8+rsi] + mov r11,QWORD[16+rsi] + mov r12,QWORD[24+rsi] + lea rsi,[((-128))+rsi] + + call __ecp_nistz256_mul_montx $L$mul_mont_done: mov r15,QWORD[rsp] @@ -1026,6 +1520,9 @@ $L$SEH_begin_ecp_nistz256_sqr_mont: + lea rcx,[OPENSSL_ia32cap_P] + mov rcx,QWORD[8+rcx] + and ecx,0x80100 push rbp push rbx @@ -1039,12 +1536,25 @@ $L$SEH_begin_ecp_nistz256_sqr_mont: push r15 $L$sqr_body: + cmp ecx,0x80100 + je NEAR $L$sqr_montx mov rax,QWORD[rsi] mov r14,QWORD[8+rsi] mov r15,QWORD[16+rsi] mov r8,QWORD[24+rsi] call __ecp_nistz256_sqr_montq + jmp NEAR $L$sqr_mont_done + +ALIGN 32 +$L$sqr_montx: + mov rdx,QWORD[rsi] + mov r14,QWORD[8+rsi] + mov r15,QWORD[16+rsi] + mov r8,QWORD[24+rsi] + lea rsi,[((-128))+rsi] + + call __ecp_nistz256_sqr_montx $L$sqr_mont_done: mov r15,QWORD[rsp] @@ -1229,6 +1739,300 @@ __ecp_nistz256_sqr_montq: DB 0F3h,0C3h ;repret +ALIGN 32 +__ecp_nistz256_mul_montx: + + + mulx r9,r8,r9 + mulx r10,rcx,r10 + mov r14,32 + xor r13,r13 + mulx r11,rbp,r11 + mov r15,QWORD[(($L$poly+24))] + adc r9,rcx + mulx r12,rcx,r12 + mov rdx,r8 + adc r10,rbp + shlx rbp,r8,r14 + adc r11,rcx + shrx rcx,r8,r14 + adc r12,0 + + + + add r9,rbp + adc r10,rcx + + mulx rbp,rcx,r15 + mov rdx,QWORD[8+rbx] + adc r11,rcx + adc r12,rbp + adc r13,0 + xor r8,r8 + + + + mulx rbp,rcx,QWORD[((0+128))+rsi] + adcx r9,rcx + adox r10,rbp + + mulx rbp,rcx,QWORD[((8+128))+rsi] + adcx r10,rcx + adox r11,rbp + + mulx rbp,rcx,QWORD[((16+128))+rsi] + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,QWORD[((24+128))+rsi] + mov rdx,r9 + adcx r12,rcx + shlx rcx,r9,r14 + adox r13,rbp + shrx rbp,r9,r14 + + adcx r13,r8 + adox r8,r8 + adc r8,0 + + + + add r10,rcx + adc r11,rbp + + mulx rbp,rcx,r15 + mov rdx,QWORD[16+rbx] + adc r12,rcx + adc r13,rbp + adc r8,0 + xor r9,r9 + + + + mulx rbp,rcx,QWORD[((0+128))+rsi] + adcx r10,rcx + adox r11,rbp + + mulx rbp,rcx,QWORD[((8+128))+rsi] + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,QWORD[((16+128))+rsi] + adcx r12,rcx + adox r13,rbp + + mulx rbp,rcx,QWORD[((24+128))+rsi] + mov rdx,r10 + adcx r13,rcx + shlx rcx,r10,r14 + adox r8,rbp + shrx rbp,r10,r14 + + adcx r8,r9 + adox r9,r9 + adc r9,0 + + + + add r11,rcx + adc r12,rbp + + mulx rbp,rcx,r15 + mov rdx,QWORD[24+rbx] + adc r13,rcx + adc r8,rbp + adc r9,0 + xor r10,r10 + + + + mulx rbp,rcx,QWORD[((0+128))+rsi] + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,QWORD[((8+128))+rsi] + adcx r12,rcx + adox r13,rbp + + mulx rbp,rcx,QWORD[((16+128))+rsi] + adcx r13,rcx + adox r8,rbp + + mulx rbp,rcx,QWORD[((24+128))+rsi] + mov rdx,r11 + adcx r8,rcx + shlx rcx,r11,r14 + adox r9,rbp + shrx rbp,r11,r14 + + adcx r9,r10 + adox r10,r10 + adc r10,0 + + + + add r12,rcx + adc r13,rbp + + mulx rbp,rcx,r15 + mov rbx,r12 + mov r14,QWORD[(($L$poly+8))] + adc r8,rcx + mov rdx,r13 + adc r9,rbp + adc r10,0 + + + + xor eax,eax + mov rcx,r8 + sbb r12,-1 + sbb r13,r14 + sbb r8,0 + mov rbp,r9 + sbb r9,r15 + sbb r10,0 + + cmovc r12,rbx + cmovc r13,rdx + mov QWORD[rdi],r12 + cmovc r8,rcx + mov QWORD[8+rdi],r13 + cmovc r9,rbp + mov QWORD[16+rdi],r8 + mov QWORD[24+rdi],r9 + + DB 0F3h,0C3h ;repret + + + +ALIGN 32 +__ecp_nistz256_sqr_montx: + mulx r10,r9,r14 + mulx r11,rcx,r15 + xor eax,eax + adc r10,rcx + mulx r12,rbp,r8 + mov rdx,r14 + adc r11,rbp + adc r12,0 + xor r13,r13 + + + mulx rbp,rcx,r15 + adcx r11,rcx + adox r12,rbp + + mulx rbp,rcx,r8 + mov rdx,r15 + adcx r12,rcx + adox r13,rbp + adc r13,0 + + + mulx r14,rcx,r8 + mov rdx,QWORD[((0+128))+rsi] + xor r15,r15 + adcx r9,r9 + adox r13,rcx + adcx r10,r10 + adox r14,r15 + + mulx rbp,r8,rdx + mov rdx,QWORD[((8+128))+rsi] + adcx r11,r11 + adox r9,rbp + adcx r12,r12 + mulx rax,rcx,rdx + mov rdx,QWORD[((16+128))+rsi] + adcx r13,r13 + adox r10,rcx + adcx r14,r14 +DB 0x67 + mulx rbp,rcx,rdx + mov rdx,QWORD[((24+128))+rsi] + adox r11,rax + adcx r15,r15 + adox r12,rcx + mov rsi,32 + adox r13,rbp +DB 0x67,0x67 + mulx rax,rcx,rdx + mov rdx,QWORD[(($L$poly+24))] + adox r14,rcx + shlx rcx,r8,rsi + adox r15,rax + shrx rax,r8,rsi + mov rbp,rdx + + + add r9,rcx + adc r10,rax + + mulx r8,rcx,r8 + adc r11,rcx + shlx rcx,r9,rsi + adc r8,0 + shrx rax,r9,rsi + + + add r10,rcx + adc r11,rax + + mulx r9,rcx,r9 + adc r8,rcx + shlx rcx,r10,rsi + adc r9,0 + shrx rax,r10,rsi + + + add r11,rcx + adc r8,rax + + mulx r10,rcx,r10 + adc r9,rcx + shlx rcx,r11,rsi + adc r10,0 + shrx rax,r11,rsi + + + add r8,rcx + adc r9,rax + + mulx r11,rcx,r11 + adc r10,rcx + adc r11,0 + + xor rdx,rdx + add r12,r8 + mov rsi,QWORD[(($L$poly+8))] + adc r13,r9 + mov r8,r12 + adc r14,r10 + adc r15,r11 + mov r9,r13 + adc rdx,0 + + sub r12,-1 + mov r10,r14 + sbb r13,rsi + sbb r14,0 + mov r11,r15 + sbb r15,rbp + sbb rdx,0 + + cmovc r12,r8 + cmovc r13,r9 + mov QWORD[rdi],r12 + cmovc r14,r10 + mov QWORD[8+rdi],r13 + cmovc r15,r11 + mov QWORD[16+rdi],r14 + mov QWORD[24+rdi],r15 + + DB 0F3h,0C3h ;repret + + global ecp_nistz256_select_w5 @@ -1715,6 +2519,11 @@ $L$SEH_begin_ecp_nistz256_point_double: + lea rcx,[OPENSSL_ia32cap_P] + mov rcx,QWORD[8+rcx] + and ecx,0x80100 + cmp ecx,0x80100 + je NEAR $L$point_doublex push rbp push rbx @@ -1948,6 +2757,11 @@ $L$SEH_begin_ecp_nistz256_point_add: + lea rcx,[OPENSSL_ia32cap_P] + mov rcx,QWORD[8+rcx] + and ecx,0x80100 + cmp ecx,0x80100 + je NEAR $L$point_addx push rbp push rbx @@ -2375,6 +3189,11 @@ $L$SEH_begin_ecp_nistz256_point_add_affine: + lea rcx,[OPENSSL_ia32cap_P] + mov rcx,QWORD[8+rcx] + and ecx,0x80100 + cmp ecx,0x80100 + je NEAR $L$point_add_affinex push rbp push rbx @@ -2694,6 +3513,1125 @@ $L$add_affineq_epilogue: DB 0F3h,0C3h ;repret $L$SEH_end_ecp_nistz256_point_add_affine: + +ALIGN 32 +__ecp_nistz256_add_tox: + xor r11,r11 + adc r12,QWORD[rbx] + adc r13,QWORD[8+rbx] + mov rax,r12 + adc r8,QWORD[16+rbx] + adc r9,QWORD[24+rbx] + mov rbp,r13 + adc r11,0 + + xor r10,r10 + sbb r12,-1 + mov rcx,r8 + sbb r13,r14 + sbb r8,0 + mov r10,r9 + sbb r9,r15 + sbb r11,0 + + cmovc r12,rax + cmovc r13,rbp + mov QWORD[rdi],r12 + cmovc r8,rcx + mov QWORD[8+rdi],r13 + cmovc r9,r10 + mov QWORD[16+rdi],r8 + mov QWORD[24+rdi],r9 + + DB 0F3h,0C3h ;repret + + + +ALIGN 32 +__ecp_nistz256_sub_fromx: + xor r11,r11 + sbb r12,QWORD[rbx] + sbb r13,QWORD[8+rbx] + mov rax,r12 + sbb r8,QWORD[16+rbx] + sbb r9,QWORD[24+rbx] + mov rbp,r13 + sbb r11,0 + + xor r10,r10 + adc r12,-1 + mov rcx,r8 + adc r13,r14 + adc r8,0 + mov r10,r9 + adc r9,r15 + + bt r11,0 + cmovnc r12,rax + cmovnc r13,rbp + mov QWORD[rdi],r12 + cmovnc r8,rcx + mov QWORD[8+rdi],r13 + cmovnc r9,r10 + mov QWORD[16+rdi],r8 + mov QWORD[24+rdi],r9 + + DB 0F3h,0C3h ;repret + + + +ALIGN 32 +__ecp_nistz256_subx: + xor r11,r11 + sbb rax,r12 + sbb rbp,r13 + mov r12,rax + sbb rcx,r8 + sbb r10,r9 + mov r13,rbp + sbb r11,0 + + xor r9,r9 + adc rax,-1 + mov r8,rcx + adc rbp,r14 + adc rcx,0 + mov r9,r10 + adc r10,r15 + + bt r11,0 + cmovc r12,rax + cmovc r13,rbp + cmovc r8,rcx + cmovc r9,r10 + + DB 0F3h,0C3h ;repret + + + +ALIGN 32 +__ecp_nistz256_mul_by_2x: + xor r11,r11 + adc r12,r12 + adc r13,r13 + mov rax,r12 + adc r8,r8 + adc r9,r9 + mov rbp,r13 + adc r11,0 + + xor r10,r10 + sbb r12,-1 + mov rcx,r8 + sbb r13,r14 + sbb r8,0 + mov r10,r9 + sbb r9,r15 + sbb r11,0 + + cmovc r12,rax + cmovc r13,rbp + mov QWORD[rdi],r12 + cmovc r8,rcx + mov QWORD[8+rdi],r13 + cmovc r9,r10 + mov QWORD[16+rdi],r8 + mov QWORD[24+rdi],r9 + + DB 0F3h,0C3h ;repret + + +ALIGN 32 +ecp_nistz256_point_doublex: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi + mov rax,rsp +$L$SEH_begin_ecp_nistz256_point_doublex: + mov rdi,rcx + mov rsi,rdx + + + +$L$point_doublex: + push rbp + + push rbx + + push r12 + + push r13 + + push r14 + + push r15 + + sub rsp,32*5+8 + +$L$point_doublex_body: + +$L$point_double_shortcutx: + movdqu xmm0,XMMWORD[rsi] + mov rbx,rsi + movdqu xmm1,XMMWORD[16+rsi] + mov r12,QWORD[((32+0))+rsi] + mov r13,QWORD[((32+8))+rsi] + mov r8,QWORD[((32+16))+rsi] + mov r9,QWORD[((32+24))+rsi] + mov r14,QWORD[(($L$poly+8))] + mov r15,QWORD[(($L$poly+24))] + movdqa XMMWORD[96+rsp],xmm0 + movdqa XMMWORD[(96+16)+rsp],xmm1 + lea r10,[32+rdi] + lea r11,[64+rdi] +DB 102,72,15,110,199 +DB 102,73,15,110,202 +DB 102,73,15,110,211 + + lea rdi,[rsp] + call __ecp_nistz256_mul_by_2x + + mov rdx,QWORD[((64+0))+rsi] + mov r14,QWORD[((64+8))+rsi] + mov r15,QWORD[((64+16))+rsi] + mov r8,QWORD[((64+24))+rsi] + lea rsi,[((64-128))+rsi] + lea rdi,[64+rsp] + call __ecp_nistz256_sqr_montx + + mov rdx,QWORD[((0+0))+rsp] + mov r14,QWORD[((8+0))+rsp] + lea rsi,[((-128+0))+rsp] + mov r15,QWORD[((16+0))+rsp] + mov r8,QWORD[((24+0))+rsp] + lea rdi,[rsp] + call __ecp_nistz256_sqr_montx + + mov rdx,QWORD[32+rbx] + mov r9,QWORD[((64+0))+rbx] + mov r10,QWORD[((64+8))+rbx] + mov r11,QWORD[((64+16))+rbx] + mov r12,QWORD[((64+24))+rbx] + lea rsi,[((64-128))+rbx] + lea rbx,[32+rbx] +DB 102,72,15,126,215 + call __ecp_nistz256_mul_montx + call __ecp_nistz256_mul_by_2x + + mov r12,QWORD[((96+0))+rsp] + mov r13,QWORD[((96+8))+rsp] + lea rbx,[64+rsp] + mov r8,QWORD[((96+16))+rsp] + mov r9,QWORD[((96+24))+rsp] + lea rdi,[32+rsp] + call __ecp_nistz256_add_tox + + mov r12,QWORD[((96+0))+rsp] + mov r13,QWORD[((96+8))+rsp] + lea rbx,[64+rsp] + mov r8,QWORD[((96+16))+rsp] + mov r9,QWORD[((96+24))+rsp] + lea rdi,[64+rsp] + call __ecp_nistz256_sub_fromx + + mov rdx,QWORD[((0+0))+rsp] + mov r14,QWORD[((8+0))+rsp] + lea rsi,[((-128+0))+rsp] + mov r15,QWORD[((16+0))+rsp] + mov r8,QWORD[((24+0))+rsp] +DB 102,72,15,126,207 + call __ecp_nistz256_sqr_montx + xor r9,r9 + mov rax,r12 + add r12,-1 + mov r10,r13 + adc r13,rsi + mov rcx,r14 + adc r14,0 + mov r8,r15 + adc r15,rbp + adc r9,0 + xor rsi,rsi + test rax,1 + + cmovz r12,rax + cmovz r13,r10 + cmovz r14,rcx + cmovz r15,r8 + cmovz r9,rsi + + mov rax,r13 + shr r12,1 + shl rax,63 + mov r10,r14 + shr r13,1 + or r12,rax + shl r10,63 + mov rcx,r15 + shr r14,1 + or r13,r10 + shl rcx,63 + mov QWORD[rdi],r12 + shr r15,1 + mov QWORD[8+rdi],r13 + shl r9,63 + or r14,rcx + or r15,r9 + mov QWORD[16+rdi],r14 + mov QWORD[24+rdi],r15 + mov rdx,QWORD[64+rsp] + lea rbx,[64+rsp] + mov r9,QWORD[((0+32))+rsp] + mov r10,QWORD[((8+32))+rsp] + lea rsi,[((-128+32))+rsp] + mov r11,QWORD[((16+32))+rsp] + mov r12,QWORD[((24+32))+rsp] + lea rdi,[32+rsp] + call __ecp_nistz256_mul_montx + + lea rdi,[128+rsp] + call __ecp_nistz256_mul_by_2x + + lea rbx,[32+rsp] + lea rdi,[32+rsp] + call __ecp_nistz256_add_tox + + mov rdx,QWORD[96+rsp] + lea rbx,[96+rsp] + mov r9,QWORD[((0+0))+rsp] + mov r10,QWORD[((8+0))+rsp] + lea rsi,[((-128+0))+rsp] + mov r11,QWORD[((16+0))+rsp] + mov r12,QWORD[((24+0))+rsp] + lea rdi,[rsp] + call __ecp_nistz256_mul_montx + + lea rdi,[128+rsp] + call __ecp_nistz256_mul_by_2x + + mov rdx,QWORD[((0+32))+rsp] + mov r14,QWORD[((8+32))+rsp] + lea rsi,[((-128+32))+rsp] + mov r15,QWORD[((16+32))+rsp] + mov r8,QWORD[((24+32))+rsp] +DB 102,72,15,126,199 + call __ecp_nistz256_sqr_montx + + lea rbx,[128+rsp] + mov r8,r14 + mov r9,r15 + mov r14,rsi + mov r15,rbp + call __ecp_nistz256_sub_fromx + + mov rax,QWORD[((0+0))+rsp] + mov rbp,QWORD[((0+8))+rsp] + mov rcx,QWORD[((0+16))+rsp] + mov r10,QWORD[((0+24))+rsp] + lea rdi,[rsp] + call __ecp_nistz256_subx + + mov rdx,QWORD[32+rsp] + lea rbx,[32+rsp] + mov r14,r12 + xor ecx,ecx + mov QWORD[((0+0))+rsp],r12 + mov r10,r13 + mov QWORD[((0+8))+rsp],r13 + cmovz r11,r8 + mov QWORD[((0+16))+rsp],r8 + lea rsi,[((0-128))+rsp] + cmovz r12,r9 + mov QWORD[((0+24))+rsp],r9 + mov r9,r14 + lea rdi,[rsp] + call __ecp_nistz256_mul_montx + +DB 102,72,15,126,203 +DB 102,72,15,126,207 + call __ecp_nistz256_sub_fromx + + lea rsi,[((160+56))+rsp] + + mov r15,QWORD[((-48))+rsi] + + mov r14,QWORD[((-40))+rsi] + + mov r13,QWORD[((-32))+rsi] + + mov r12,QWORD[((-24))+rsi] + + mov rbx,QWORD[((-16))+rsi] + + mov rbp,QWORD[((-8))+rsi] + + lea rsp,[rsi] + +$L$point_doublex_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] + DB 0F3h,0C3h ;repret + +$L$SEH_end_ecp_nistz256_point_doublex: + +ALIGN 32 +ecp_nistz256_point_addx: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi + mov rax,rsp +$L$SEH_begin_ecp_nistz256_point_addx: + mov rdi,rcx + mov rsi,rdx + mov rdx,r8 + + + +$L$point_addx: + push rbp + + push rbx + + push r12 + + push r13 + + push r14 + + push r15 + + sub rsp,32*18+8 + +$L$point_addx_body: + + movdqu xmm0,XMMWORD[rsi] + movdqu xmm1,XMMWORD[16+rsi] + movdqu xmm2,XMMWORD[32+rsi] + movdqu xmm3,XMMWORD[48+rsi] + movdqu xmm4,XMMWORD[64+rsi] + movdqu xmm5,XMMWORD[80+rsi] + mov rbx,rsi + mov rsi,rdx + movdqa XMMWORD[384+rsp],xmm0 + movdqa XMMWORD[(384+16)+rsp],xmm1 + movdqa XMMWORD[416+rsp],xmm2 + movdqa XMMWORD[(416+16)+rsp],xmm3 + movdqa XMMWORD[448+rsp],xmm4 + movdqa XMMWORD[(448+16)+rsp],xmm5 + por xmm5,xmm4 + + movdqu xmm0,XMMWORD[rsi] + pshufd xmm3,xmm5,0xb1 + movdqu xmm1,XMMWORD[16+rsi] + movdqu xmm2,XMMWORD[32+rsi] + por xmm5,xmm3 + movdqu xmm3,XMMWORD[48+rsi] + mov rdx,QWORD[((64+0))+rsi] + mov r14,QWORD[((64+8))+rsi] + mov r15,QWORD[((64+16))+rsi] + mov r8,QWORD[((64+24))+rsi] + movdqa XMMWORD[480+rsp],xmm0 + pshufd xmm4,xmm5,0x1e + movdqa XMMWORD[(480+16)+rsp],xmm1 + movdqu xmm0,XMMWORD[64+rsi] + movdqu xmm1,XMMWORD[80+rsi] + movdqa XMMWORD[512+rsp],xmm2 + movdqa XMMWORD[(512+16)+rsp],xmm3 + por xmm5,xmm4 + pxor xmm4,xmm4 + por xmm1,xmm0 +DB 102,72,15,110,199 + + lea rsi,[((64-128))+rsi] + mov QWORD[((544+0))+rsp],rdx + mov QWORD[((544+8))+rsp],r14 + mov QWORD[((544+16))+rsp],r15 + mov QWORD[((544+24))+rsp],r8 + lea rdi,[96+rsp] + call __ecp_nistz256_sqr_montx + + pcmpeqd xmm5,xmm4 + pshufd xmm4,xmm1,0xb1 + por xmm4,xmm1 + pshufd xmm5,xmm5,0 + pshufd xmm3,xmm4,0x1e + por xmm4,xmm3 + pxor xmm3,xmm3 + pcmpeqd xmm4,xmm3 + pshufd xmm4,xmm4,0 + mov rdx,QWORD[((64+0))+rbx] + mov r14,QWORD[((64+8))+rbx] + mov r15,QWORD[((64+16))+rbx] + mov r8,QWORD[((64+24))+rbx] +DB 102,72,15,110,203 + + lea rsi,[((64-128))+rbx] + lea rdi,[32+rsp] + call __ecp_nistz256_sqr_montx + + mov rdx,QWORD[544+rsp] + lea rbx,[544+rsp] + mov r9,QWORD[((0+96))+rsp] + mov r10,QWORD[((8+96))+rsp] + lea rsi,[((-128+96))+rsp] + mov r11,QWORD[((16+96))+rsp] + mov r12,QWORD[((24+96))+rsp] + lea rdi,[224+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[448+rsp] + lea rbx,[448+rsp] + mov r9,QWORD[((0+32))+rsp] + mov r10,QWORD[((8+32))+rsp] + lea rsi,[((-128+32))+rsp] + mov r11,QWORD[((16+32))+rsp] + mov r12,QWORD[((24+32))+rsp] + lea rdi,[256+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[416+rsp] + lea rbx,[416+rsp] + mov r9,QWORD[((0+224))+rsp] + mov r10,QWORD[((8+224))+rsp] + lea rsi,[((-128+224))+rsp] + mov r11,QWORD[((16+224))+rsp] + mov r12,QWORD[((24+224))+rsp] + lea rdi,[224+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[512+rsp] + lea rbx,[512+rsp] + mov r9,QWORD[((0+256))+rsp] + mov r10,QWORD[((8+256))+rsp] + lea rsi,[((-128+256))+rsp] + mov r11,QWORD[((16+256))+rsp] + mov r12,QWORD[((24+256))+rsp] + lea rdi,[256+rsp] + call __ecp_nistz256_mul_montx + + lea rbx,[224+rsp] + lea rdi,[64+rsp] + call __ecp_nistz256_sub_fromx + + or r12,r13 + movdqa xmm2,xmm4 + or r12,r8 + or r12,r9 + por xmm2,xmm5 +DB 102,73,15,110,220 + + mov rdx,QWORD[384+rsp] + lea rbx,[384+rsp] + mov r9,QWORD[((0+96))+rsp] + mov r10,QWORD[((8+96))+rsp] + lea rsi,[((-128+96))+rsp] + mov r11,QWORD[((16+96))+rsp] + mov r12,QWORD[((24+96))+rsp] + lea rdi,[160+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[480+rsp] + lea rbx,[480+rsp] + mov r9,QWORD[((0+32))+rsp] + mov r10,QWORD[((8+32))+rsp] + lea rsi,[((-128+32))+rsp] + mov r11,QWORD[((16+32))+rsp] + mov r12,QWORD[((24+32))+rsp] + lea rdi,[192+rsp] + call __ecp_nistz256_mul_montx + + lea rbx,[160+rsp] + lea rdi,[rsp] + call __ecp_nistz256_sub_fromx + + or r12,r13 + or r12,r8 + or r12,r9 + +DB 0x3e + jnz NEAR $L$add_proceedx +DB 102,73,15,126,208 +DB 102,73,15,126,217 + test r8,r8 + jnz NEAR $L$add_proceedx + test r9,r9 + jz NEAR $L$add_doublex + +DB 102,72,15,126,199 + pxor xmm0,xmm0 + movdqu XMMWORD[rdi],xmm0 + movdqu XMMWORD[16+rdi],xmm0 + movdqu XMMWORD[32+rdi],xmm0 + movdqu XMMWORD[48+rdi],xmm0 + movdqu XMMWORD[64+rdi],xmm0 + movdqu XMMWORD[80+rdi],xmm0 + jmp NEAR $L$add_donex + +ALIGN 32 +$L$add_doublex: +DB 102,72,15,126,206 +DB 102,72,15,126,199 + add rsp,416 + jmp NEAR $L$point_double_shortcutx + +ALIGN 32 +$L$add_proceedx: + mov rdx,QWORD[((0+64))+rsp] + mov r14,QWORD[((8+64))+rsp] + lea rsi,[((-128+64))+rsp] + mov r15,QWORD[((16+64))+rsp] + mov r8,QWORD[((24+64))+rsp] + lea rdi,[96+rsp] + call __ecp_nistz256_sqr_montx + + mov rdx,QWORD[448+rsp] + lea rbx,[448+rsp] + mov r9,QWORD[((0+0))+rsp] + mov r10,QWORD[((8+0))+rsp] + lea rsi,[((-128+0))+rsp] + mov r11,QWORD[((16+0))+rsp] + mov r12,QWORD[((24+0))+rsp] + lea rdi,[352+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[((0+0))+rsp] + mov r14,QWORD[((8+0))+rsp] + lea rsi,[((-128+0))+rsp] + mov r15,QWORD[((16+0))+rsp] + mov r8,QWORD[((24+0))+rsp] + lea rdi,[32+rsp] + call __ecp_nistz256_sqr_montx + + mov rdx,QWORD[544+rsp] + lea rbx,[544+rsp] + mov r9,QWORD[((0+352))+rsp] + mov r10,QWORD[((8+352))+rsp] + lea rsi,[((-128+352))+rsp] + mov r11,QWORD[((16+352))+rsp] + mov r12,QWORD[((24+352))+rsp] + lea rdi,[352+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[rsp] + lea rbx,[rsp] + mov r9,QWORD[((0+32))+rsp] + mov r10,QWORD[((8+32))+rsp] + lea rsi,[((-128+32))+rsp] + mov r11,QWORD[((16+32))+rsp] + mov r12,QWORD[((24+32))+rsp] + lea rdi,[128+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[160+rsp] + lea rbx,[160+rsp] + mov r9,QWORD[((0+32))+rsp] + mov r10,QWORD[((8+32))+rsp] + lea rsi,[((-128+32))+rsp] + mov r11,QWORD[((16+32))+rsp] + mov r12,QWORD[((24+32))+rsp] + lea rdi,[192+rsp] + call __ecp_nistz256_mul_montx + + + + + xor r11,r11 + add r12,r12 + lea rsi,[96+rsp] + adc r13,r13 + mov rax,r12 + adc r8,r8 + adc r9,r9 + mov rbp,r13 + adc r11,0 + + sub r12,-1 + mov rcx,r8 + sbb r13,r14 + sbb r8,0 + mov r10,r9 + sbb r9,r15 + sbb r11,0 + + cmovc r12,rax + mov rax,QWORD[rsi] + cmovc r13,rbp + mov rbp,QWORD[8+rsi] + cmovc r8,rcx + mov rcx,QWORD[16+rsi] + cmovc r9,r10 + mov r10,QWORD[24+rsi] + + call __ecp_nistz256_subx + + lea rbx,[128+rsp] + lea rdi,[288+rsp] + call __ecp_nistz256_sub_fromx + + mov rax,QWORD[((192+0))+rsp] + mov rbp,QWORD[((192+8))+rsp] + mov rcx,QWORD[((192+16))+rsp] + mov r10,QWORD[((192+24))+rsp] + lea rdi,[320+rsp] + + call __ecp_nistz256_subx + + mov QWORD[rdi],r12 + mov QWORD[8+rdi],r13 + mov QWORD[16+rdi],r8 + mov QWORD[24+rdi],r9 + mov rdx,QWORD[128+rsp] + lea rbx,[128+rsp] + mov r9,QWORD[((0+224))+rsp] + mov r10,QWORD[((8+224))+rsp] + lea rsi,[((-128+224))+rsp] + mov r11,QWORD[((16+224))+rsp] + mov r12,QWORD[((24+224))+rsp] + lea rdi,[256+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[320+rsp] + lea rbx,[320+rsp] + mov r9,QWORD[((0+64))+rsp] + mov r10,QWORD[((8+64))+rsp] + lea rsi,[((-128+64))+rsp] + mov r11,QWORD[((16+64))+rsp] + mov r12,QWORD[((24+64))+rsp] + lea rdi,[320+rsp] + call __ecp_nistz256_mul_montx + + lea rbx,[256+rsp] + lea rdi,[320+rsp] + call __ecp_nistz256_sub_fromx + +DB 102,72,15,126,199 + + movdqa xmm0,xmm5 + movdqa xmm1,xmm5 + pandn xmm0,XMMWORD[352+rsp] + movdqa xmm2,xmm5 + pandn xmm1,XMMWORD[((352+16))+rsp] + movdqa xmm3,xmm5 + pand xmm2,XMMWORD[544+rsp] + pand xmm3,XMMWORD[((544+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + + movdqa xmm0,xmm4 + movdqa xmm1,xmm4 + pandn xmm0,xmm2 + movdqa xmm2,xmm4 + pandn xmm1,xmm3 + movdqa xmm3,xmm4 + pand xmm2,XMMWORD[448+rsp] + pand xmm3,XMMWORD[((448+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + movdqu XMMWORD[64+rdi],xmm2 + movdqu XMMWORD[80+rdi],xmm3 + + movdqa xmm0,xmm5 + movdqa xmm1,xmm5 + pandn xmm0,XMMWORD[288+rsp] + movdqa xmm2,xmm5 + pandn xmm1,XMMWORD[((288+16))+rsp] + movdqa xmm3,xmm5 + pand xmm2,XMMWORD[480+rsp] + pand xmm3,XMMWORD[((480+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + + movdqa xmm0,xmm4 + movdqa xmm1,xmm4 + pandn xmm0,xmm2 + movdqa xmm2,xmm4 + pandn xmm1,xmm3 + movdqa xmm3,xmm4 + pand xmm2,XMMWORD[384+rsp] + pand xmm3,XMMWORD[((384+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + movdqu XMMWORD[rdi],xmm2 + movdqu XMMWORD[16+rdi],xmm3 + + movdqa xmm0,xmm5 + movdqa xmm1,xmm5 + pandn xmm0,XMMWORD[320+rsp] + movdqa xmm2,xmm5 + pandn xmm1,XMMWORD[((320+16))+rsp] + movdqa xmm3,xmm5 + pand xmm2,XMMWORD[512+rsp] + pand xmm3,XMMWORD[((512+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + + movdqa xmm0,xmm4 + movdqa xmm1,xmm4 + pandn xmm0,xmm2 + movdqa xmm2,xmm4 + pandn xmm1,xmm3 + movdqa xmm3,xmm4 + pand xmm2,XMMWORD[416+rsp] + pand xmm3,XMMWORD[((416+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + movdqu XMMWORD[32+rdi],xmm2 + movdqu XMMWORD[48+rdi],xmm3 + +$L$add_donex: + lea rsi,[((576+56))+rsp] + + mov r15,QWORD[((-48))+rsi] + + mov r14,QWORD[((-40))+rsi] + + mov r13,QWORD[((-32))+rsi] + + mov r12,QWORD[((-24))+rsi] + + mov rbx,QWORD[((-16))+rsi] + + mov rbp,QWORD[((-8))+rsi] + + lea rsp,[rsi] + +$L$point_addx_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] + DB 0F3h,0C3h ;repret + +$L$SEH_end_ecp_nistz256_point_addx: + +ALIGN 32 +ecp_nistz256_point_add_affinex: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi + mov rax,rsp +$L$SEH_begin_ecp_nistz256_point_add_affinex: + mov rdi,rcx + mov rsi,rdx + mov rdx,r8 + + + +$L$point_add_affinex: + push rbp + + push rbx + + push r12 + + push r13 + + push r14 + + push r15 + + sub rsp,32*15+8 + +$L$add_affinex_body: + + movdqu xmm0,XMMWORD[rsi] + mov rbx,rdx + movdqu xmm1,XMMWORD[16+rsi] + movdqu xmm2,XMMWORD[32+rsi] + movdqu xmm3,XMMWORD[48+rsi] + movdqu xmm4,XMMWORD[64+rsi] + movdqu xmm5,XMMWORD[80+rsi] + mov rdx,QWORD[((64+0))+rsi] + mov r14,QWORD[((64+8))+rsi] + mov r15,QWORD[((64+16))+rsi] + mov r8,QWORD[((64+24))+rsi] + movdqa XMMWORD[320+rsp],xmm0 + movdqa XMMWORD[(320+16)+rsp],xmm1 + movdqa XMMWORD[352+rsp],xmm2 + movdqa XMMWORD[(352+16)+rsp],xmm3 + movdqa XMMWORD[384+rsp],xmm4 + movdqa XMMWORD[(384+16)+rsp],xmm5 + por xmm5,xmm4 + + movdqu xmm0,XMMWORD[rbx] + pshufd xmm3,xmm5,0xb1 + movdqu xmm1,XMMWORD[16+rbx] + movdqu xmm2,XMMWORD[32+rbx] + por xmm5,xmm3 + movdqu xmm3,XMMWORD[48+rbx] + movdqa XMMWORD[416+rsp],xmm0 + pshufd xmm4,xmm5,0x1e + movdqa XMMWORD[(416+16)+rsp],xmm1 + por xmm1,xmm0 +DB 102,72,15,110,199 + movdqa XMMWORD[448+rsp],xmm2 + movdqa XMMWORD[(448+16)+rsp],xmm3 + por xmm3,xmm2 + por xmm5,xmm4 + pxor xmm4,xmm4 + por xmm3,xmm1 + + lea rsi,[((64-128))+rsi] + lea rdi,[32+rsp] + call __ecp_nistz256_sqr_montx + + pcmpeqd xmm5,xmm4 + pshufd xmm4,xmm3,0xb1 + mov rdx,QWORD[rbx] + + mov r9,r12 + por xmm4,xmm3 + pshufd xmm5,xmm5,0 + pshufd xmm3,xmm4,0x1e + mov r10,r13 + por xmm4,xmm3 + pxor xmm3,xmm3 + mov r11,r14 + pcmpeqd xmm4,xmm3 + pshufd xmm4,xmm4,0 + + lea rsi,[((32-128))+rsp] + mov r12,r15 + lea rdi,[rsp] + call __ecp_nistz256_mul_montx + + lea rbx,[320+rsp] + lea rdi,[64+rsp] + call __ecp_nistz256_sub_fromx + + mov rdx,QWORD[384+rsp] + lea rbx,[384+rsp] + mov r9,QWORD[((0+32))+rsp] + mov r10,QWORD[((8+32))+rsp] + lea rsi,[((-128+32))+rsp] + mov r11,QWORD[((16+32))+rsp] + mov r12,QWORD[((24+32))+rsp] + lea rdi,[32+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[384+rsp] + lea rbx,[384+rsp] + mov r9,QWORD[((0+64))+rsp] + mov r10,QWORD[((8+64))+rsp] + lea rsi,[((-128+64))+rsp] + mov r11,QWORD[((16+64))+rsp] + mov r12,QWORD[((24+64))+rsp] + lea rdi,[288+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[448+rsp] + lea rbx,[448+rsp] + mov r9,QWORD[((0+32))+rsp] + mov r10,QWORD[((8+32))+rsp] + lea rsi,[((-128+32))+rsp] + mov r11,QWORD[((16+32))+rsp] + mov r12,QWORD[((24+32))+rsp] + lea rdi,[32+rsp] + call __ecp_nistz256_mul_montx + + lea rbx,[352+rsp] + lea rdi,[96+rsp] + call __ecp_nistz256_sub_fromx + + mov rdx,QWORD[((0+64))+rsp] + mov r14,QWORD[((8+64))+rsp] + lea rsi,[((-128+64))+rsp] + mov r15,QWORD[((16+64))+rsp] + mov r8,QWORD[((24+64))+rsp] + lea rdi,[128+rsp] + call __ecp_nistz256_sqr_montx + + mov rdx,QWORD[((0+96))+rsp] + mov r14,QWORD[((8+96))+rsp] + lea rsi,[((-128+96))+rsp] + mov r15,QWORD[((16+96))+rsp] + mov r8,QWORD[((24+96))+rsp] + lea rdi,[192+rsp] + call __ecp_nistz256_sqr_montx + + mov rdx,QWORD[128+rsp] + lea rbx,[128+rsp] + mov r9,QWORD[((0+64))+rsp] + mov r10,QWORD[((8+64))+rsp] + lea rsi,[((-128+64))+rsp] + mov r11,QWORD[((16+64))+rsp] + mov r12,QWORD[((24+64))+rsp] + lea rdi,[160+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[320+rsp] + lea rbx,[320+rsp] + mov r9,QWORD[((0+128))+rsp] + mov r10,QWORD[((8+128))+rsp] + lea rsi,[((-128+128))+rsp] + mov r11,QWORD[((16+128))+rsp] + mov r12,QWORD[((24+128))+rsp] + lea rdi,[rsp] + call __ecp_nistz256_mul_montx + + + + + xor r11,r11 + add r12,r12 + lea rsi,[192+rsp] + adc r13,r13 + mov rax,r12 + adc r8,r8 + adc r9,r9 + mov rbp,r13 + adc r11,0 + + sub r12,-1 + mov rcx,r8 + sbb r13,r14 + sbb r8,0 + mov r10,r9 + sbb r9,r15 + sbb r11,0 + + cmovc r12,rax + mov rax,QWORD[rsi] + cmovc r13,rbp + mov rbp,QWORD[8+rsi] + cmovc r8,rcx + mov rcx,QWORD[16+rsi] + cmovc r9,r10 + mov r10,QWORD[24+rsi] + + call __ecp_nistz256_subx + + lea rbx,[160+rsp] + lea rdi,[224+rsp] + call __ecp_nistz256_sub_fromx + + mov rax,QWORD[((0+0))+rsp] + mov rbp,QWORD[((0+8))+rsp] + mov rcx,QWORD[((0+16))+rsp] + mov r10,QWORD[((0+24))+rsp] + lea rdi,[64+rsp] + + call __ecp_nistz256_subx + + mov QWORD[rdi],r12 + mov QWORD[8+rdi],r13 + mov QWORD[16+rdi],r8 + mov QWORD[24+rdi],r9 + mov rdx,QWORD[352+rsp] + lea rbx,[352+rsp] + mov r9,QWORD[((0+160))+rsp] + mov r10,QWORD[((8+160))+rsp] + lea rsi,[((-128+160))+rsp] + mov r11,QWORD[((16+160))+rsp] + mov r12,QWORD[((24+160))+rsp] + lea rdi,[32+rsp] + call __ecp_nistz256_mul_montx + + mov rdx,QWORD[96+rsp] + lea rbx,[96+rsp] + mov r9,QWORD[((0+64))+rsp] + mov r10,QWORD[((8+64))+rsp] + lea rsi,[((-128+64))+rsp] + mov r11,QWORD[((16+64))+rsp] + mov r12,QWORD[((24+64))+rsp] + lea rdi,[64+rsp] + call __ecp_nistz256_mul_montx + + lea rbx,[32+rsp] + lea rdi,[256+rsp] + call __ecp_nistz256_sub_fromx + +DB 102,72,15,126,199 + + movdqa xmm0,xmm5 + movdqa xmm1,xmm5 + pandn xmm0,XMMWORD[288+rsp] + movdqa xmm2,xmm5 + pandn xmm1,XMMWORD[((288+16))+rsp] + movdqa xmm3,xmm5 + pand xmm2,XMMWORD[$L$ONE_mont] + pand xmm3,XMMWORD[(($L$ONE_mont+16))] + por xmm2,xmm0 + por xmm3,xmm1 + + movdqa xmm0,xmm4 + movdqa xmm1,xmm4 + pandn xmm0,xmm2 + movdqa xmm2,xmm4 + pandn xmm1,xmm3 + movdqa xmm3,xmm4 + pand xmm2,XMMWORD[384+rsp] + pand xmm3,XMMWORD[((384+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + movdqu XMMWORD[64+rdi],xmm2 + movdqu XMMWORD[80+rdi],xmm3 + + movdqa xmm0,xmm5 + movdqa xmm1,xmm5 + pandn xmm0,XMMWORD[224+rsp] + movdqa xmm2,xmm5 + pandn xmm1,XMMWORD[((224+16))+rsp] + movdqa xmm3,xmm5 + pand xmm2,XMMWORD[416+rsp] + pand xmm3,XMMWORD[((416+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + + movdqa xmm0,xmm4 + movdqa xmm1,xmm4 + pandn xmm0,xmm2 + movdqa xmm2,xmm4 + pandn xmm1,xmm3 + movdqa xmm3,xmm4 + pand xmm2,XMMWORD[320+rsp] + pand xmm3,XMMWORD[((320+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + movdqu XMMWORD[rdi],xmm2 + movdqu XMMWORD[16+rdi],xmm3 + + movdqa xmm0,xmm5 + movdqa xmm1,xmm5 + pandn xmm0,XMMWORD[256+rsp] + movdqa xmm2,xmm5 + pandn xmm1,XMMWORD[((256+16))+rsp] + movdqa xmm3,xmm5 + pand xmm2,XMMWORD[448+rsp] + pand xmm3,XMMWORD[((448+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + + movdqa xmm0,xmm4 + movdqa xmm1,xmm4 + pandn xmm0,xmm2 + movdqa xmm2,xmm4 + pandn xmm1,xmm3 + movdqa xmm3,xmm4 + pand xmm2,XMMWORD[352+rsp] + pand xmm3,XMMWORD[((352+16))+rsp] + por xmm2,xmm0 + por xmm3,xmm1 + movdqu XMMWORD[32+rdi],xmm2 + movdqu XMMWORD[48+rdi],xmm3 + + lea rsi,[((480+56))+rsp] + + mov r15,QWORD[((-48))+rsi] + + mov r14,QWORD[((-40))+rsi] + + mov r13,QWORD[((-32))+rsi] + + mov r12,QWORD[((-24))+rsi] + + mov rbx,QWORD[((-16))+rsi] + + mov rbp,QWORD[((-8))+rsi] + + lea rsp,[rsi] + +$L$add_affinex_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] + DB 0F3h,0C3h ;repret + +$L$SEH_end_ecp_nistz256_point_add_affinex: EXTERN __imp_RtlVirtualUnwind @@ -2839,6 +4777,13 @@ ALIGN 4 DD $L$SEH_begin_ecp_nistz256_ord_sqr_mont wrt ..imagebase DD $L$SEH_end_ecp_nistz256_ord_sqr_mont wrt ..imagebase DD $L$SEH_info_ecp_nistz256_ord_sqr_mont wrt ..imagebase + DD $L$SEH_begin_ecp_nistz256_ord_mul_montx wrt ..imagebase + DD $L$SEH_end_ecp_nistz256_ord_mul_montx wrt ..imagebase + DD $L$SEH_info_ecp_nistz256_ord_mul_montx wrt ..imagebase + + DD $L$SEH_begin_ecp_nistz256_ord_sqr_montx wrt ..imagebase + DD $L$SEH_end_ecp_nistz256_ord_sqr_montx wrt ..imagebase + DD $L$SEH_info_ecp_nistz256_ord_sqr_montx wrt ..imagebase DD $L$SEH_begin_ecp_nistz256_mul_mont wrt ..imagebase DD $L$SEH_end_ecp_nistz256_mul_mont wrt ..imagebase DD $L$SEH_info_ecp_nistz256_mul_mont wrt ..imagebase @@ -2872,6 +4817,17 @@ ALIGN 4 DD $L$SEH_begin_ecp_nistz256_point_add_affine wrt ..imagebase DD $L$SEH_end_ecp_nistz256_point_add_affine wrt ..imagebase DD $L$SEH_info_ecp_nistz256_point_add_affine wrt ..imagebase + DD $L$SEH_begin_ecp_nistz256_point_doublex wrt ..imagebase + DD $L$SEH_end_ecp_nistz256_point_doublex wrt ..imagebase + DD $L$SEH_info_ecp_nistz256_point_doublex wrt ..imagebase + + DD $L$SEH_begin_ecp_nistz256_point_addx wrt ..imagebase + DD $L$SEH_end_ecp_nistz256_point_addx wrt ..imagebase + DD $L$SEH_info_ecp_nistz256_point_addx wrt ..imagebase + + DD $L$SEH_begin_ecp_nistz256_point_add_affinex wrt ..imagebase + DD $L$SEH_end_ecp_nistz256_point_add_affinex wrt ..imagebase + DD $L$SEH_info_ecp_nistz256_point_add_affinex wrt ..imagebase section .xdata rdata align=8 ALIGN 8 @@ -2889,6 +4845,16 @@ DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$ord_sqr_body wrt ..imagebase,$L$ord_sqr_epilogue wrt ..imagebase DD 48,0 +$L$SEH_info_ecp_nistz256_ord_mul_montx: +DB 9,0,0,0 + DD full_handler wrt ..imagebase + DD $L$ord_mulx_body wrt ..imagebase,$L$ord_mulx_epilogue wrt ..imagebase + DD 48,0 +$L$SEH_info_ecp_nistz256_ord_sqr_montx: +DB 9,0,0,0 + DD full_handler wrt ..imagebase + DD $L$ord_sqrx_body wrt ..imagebase,$L$ord_sqrx_epilogue wrt ..imagebase + DD 48,0 $L$SEH_info_ecp_nistz256_mul_mont: DB 9,0,0,0 DD full_handler wrt ..imagebase @@ -2943,3 +4909,19 @@ DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$add_affineq_body wrt ..imagebase,$L$add_affineq_epilogue wrt ..imagebase DD 32*15+56,0 +ALIGN 8 +$L$SEH_info_ecp_nistz256_point_doublex: +DB 9,0,0,0 + DD full_handler wrt ..imagebase + DD $L$point_doublex_body wrt ..imagebase,$L$point_doublex_epilogue wrt ..imagebase + DD 32*5+56,0 +$L$SEH_info_ecp_nistz256_point_addx: +DB 9,0,0,0 + DD full_handler wrt ..imagebase + DD $L$point_addx_body wrt ..imagebase,$L$point_addx_epilogue wrt ..imagebase + DD 32*18+56,0 +$L$SEH_info_ecp_nistz256_point_add_affinex: +DB 9,0,0,0 + DD full_handler wrt ..imagebase + DD $L$add_affinex_body wrt ..imagebase,$L$add_affinex_epilogue wrt ..imagebase + DD 32*15+56,0 diff --git a/third_party/boringssl/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm b/third_party/boringssl/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm index 32624ba061..0c6f6e1f76 100644 --- a/third_party/boringssl/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm +++ b/third_party/boringssl/win-x86_64/crypto/fipsmodule/rsaz-avx2.asm @@ -1817,6 +1817,11 @@ ALIGN 32 rsaz_avx2_eligible: lea rax,[OPENSSL_ia32cap_P] mov eax,DWORD[8+rax] + mov ecx,524544 + mov edx,0 + and ecx,eax + cmp ecx,524544 + cmove eax,edx and eax,32 shr eax,5 DB 0F3h,0C3h ;repret diff --git a/third_party/boringssl/win-x86_64/crypto/fipsmodule/x86_64-mont.asm b/third_party/boringssl/win-x86_64/crypto/fipsmodule/x86_64-mont.asm index 1a9da51230..5385e26af7 100644 --- a/third_party/boringssl/win-x86_64/crypto/fipsmodule/x86_64-mont.asm +++ b/third_party/boringssl/win-x86_64/crypto/fipsmodule/x86_64-mont.asm @@ -31,6 +31,8 @@ $L$SEH_begin_bn_mul_mont: jnz NEAR $L$mul_enter cmp r9d,8 jb NEAR $L$mul_enter + lea r11,[OPENSSL_ia32cap_P] + mov r11d,DWORD[8+r11] cmp rdx,rsi jne NEAR $L$mul4x_enter test r9d,7 @@ -222,30 +224,30 @@ $L$inner_enter: xor r14,r14 mov rax,QWORD[rsp] - lea rsi,[rsp] mov r15,r9 - jmp NEAR $L$sub + ALIGN 16 $L$sub: sbb rax,QWORD[r14*8+rcx] mov QWORD[r14*8+rdi],rax - mov rax,QWORD[8+r14*8+rsi] + mov rax,QWORD[8+r14*8+rsp] lea r14,[1+r14] dec r15 jnz NEAR $L$sub sbb rax,0 + mov rbx,-1 + xor rbx,rax xor r14,r14 - and rsi,rax - not rax - mov rcx,rdi - and rcx,rax mov r15,r9 - or rsi,rcx -ALIGN 16 + $L$copy: - mov rax,QWORD[r14*8+rsi] - mov QWORD[r14*8+rsp],r14 - mov QWORD[r14*8+rdi],rax + mov rcx,QWORD[r14*8+rdi] + mov rdx,QWORD[r14*8+rsp] + and rcx,rbx + and rdx,rax + mov QWORD[r14*8+rsp],r9 + or rdx,rcx + mov QWORD[r14*8+rdi],rdx lea r14,[1+r14] sub r15,1 jnz NEAR $L$copy @@ -293,6 +295,9 @@ $L$SEH_begin_bn_mul4x_mont: mov rax,rsp $L$mul4x_enter: + and r11d,0x80100 + cmp r11d,0x80100 + je NEAR $L$mulx4x_enter push rbx push rbp @@ -630,7 +635,6 @@ $L$inner4x: mov rdi,QWORD[16+r9*8+rsp] lea r15,[((-4))+r9] mov rax,QWORD[rsp] - pxor xmm0,xmm0 mov rdx,QWORD[8+rsp] shr r15,2 lea rsi,[rsp] @@ -640,8 +644,7 @@ $L$inner4x: mov rbx,QWORD[16+rsi] mov rbp,QWORD[24+rsi] sbb rdx,QWORD[8+rcx] - jmp NEAR $L$sub4x -ALIGN 16 + $L$sub4x: mov QWORD[r14*8+rdi],rax mov QWORD[8+r14*8+rdi],rdx @@ -668,34 +671,35 @@ $L$sub4x: sbb rax,0 mov QWORD[24+r14*8+rdi],rbp - xor r14,r14 - and rsi,rax - not rax - mov rcx,rdi - and rcx,rax - lea r15,[((-4))+r9] - or rsi,rcx + pxor xmm0,xmm0 +DB 102,72,15,110,224 + pcmpeqd xmm5,xmm5 + pshufd xmm4,xmm4,0 + mov r15,r9 + pxor xmm5,xmm4 shr r15,2 + xor eax,eax - movdqu xmm1,XMMWORD[rsi] - movdqa XMMWORD[rsp],xmm0 - movdqu XMMWORD[rdi],xmm1 jmp NEAR $L$copy4x ALIGN 16 $L$copy4x: - movdqu xmm2,XMMWORD[16+r14*1+rsi] - movdqu xmm1,XMMWORD[32+r14*1+rsi] - movdqa XMMWORD[16+r14*1+rsp],xmm0 - movdqu XMMWORD[16+r14*1+rdi],xmm2 - movdqa XMMWORD[32+r14*1+rsp],xmm0 - movdqu XMMWORD[32+r14*1+rdi],xmm1 - lea r14,[32+r14] + movdqa xmm1,XMMWORD[rax*1+rsp] + movdqu xmm2,XMMWORD[rax*1+rdi] + pand xmm1,xmm4 + pand xmm2,xmm5 + movdqa xmm3,XMMWORD[16+rax*1+rsp] + movdqa XMMWORD[rax*1+rsp],xmm0 + por xmm1,xmm2 + movdqu xmm2,XMMWORD[16+rax*1+rdi] + movdqu XMMWORD[rax*1+rdi],xmm1 + pand xmm3,xmm4 + pand xmm2,xmm5 + movdqa XMMWORD[16+rax*1+rsp],xmm0 + por xmm3,xmm2 + movdqu XMMWORD[16+rax*1+rdi],xmm3 + lea rax,[32+rax] dec r15 jnz NEAR $L$copy4x - - movdqu xmm2,XMMWORD[16+r14*1+rsi] - movdqa XMMWORD[16+r14*1+rsp],xmm0 - movdqu XMMWORD[16+r14*1+rdi],xmm2 mov rsi,QWORD[8+r9*8+rsp] mov rax,1 @@ -719,6 +723,7 @@ $L$mul4x_epilogue: DB 0F3h,0C3h ;repret $L$SEH_end_bn_mul4x_mont: +EXTERN bn_sqrx8x_internal EXTERN bn_sqr8x_internal @@ -814,6 +819,26 @@ DB 102,72,15,110,209 pxor xmm0,xmm0 DB 102,72,15,110,207 DB 102,73,15,110,218 + lea rax,[OPENSSL_ia32cap_P] + mov eax,DWORD[8+rax] + and eax,0x80100 + cmp eax,0x80100 + jne NEAR $L$sqr8x_nox + + call bn_sqrx8x_internal + + + + + lea rbx,[rcx*1+r8] + mov r9,rcx + mov rdx,rcx +DB 102,72,15,126,207 + sar rcx,3+2 + jmp NEAR $L$sqr8x_sub + +ALIGN 32 +$L$sqr8x_nox: call bn_sqr8x_internal @@ -903,6 +928,376 @@ $L$sqr8x_epilogue: DB 0F3h,0C3h ;repret $L$SEH_end_bn_sqr8x_mont: + +ALIGN 32 +bn_mulx4x_mont: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi + mov rax,rsp +$L$SEH_begin_bn_mulx4x_mont: + mov rdi,rcx + mov rsi,rdx + mov rdx,r8 + mov rcx,r9 + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] + + + + mov rax,rsp + +$L$mulx4x_enter: + push rbx + + push rbp + + push r12 + + push r13 + + push r14 + + push r15 + +$L$mulx4x_prologue: + + shl r9d,3 + xor r10,r10 + sub r10,r9 + mov r8,QWORD[r8] + lea rbp,[((-72))+r10*1+rsp] + and rbp,-128 + mov r11,rsp + sub r11,rbp + and r11,-4096 + lea rsp,[rbp*1+r11] + mov r10,QWORD[rsp] + cmp rsp,rbp + ja NEAR $L$mulx4x_page_walk + jmp NEAR $L$mulx4x_page_walk_done + +ALIGN 16 +$L$mulx4x_page_walk: + lea rsp,[((-4096))+rsp] + mov r10,QWORD[rsp] + cmp rsp,rbp + ja NEAR $L$mulx4x_page_walk +$L$mulx4x_page_walk_done: + + lea r10,[r9*1+rdx] + + + + + + + + + + + + + mov QWORD[rsp],r9 + shr r9,5 + mov QWORD[16+rsp],r10 + sub r9,1 + mov QWORD[24+rsp],r8 + mov QWORD[32+rsp],rdi + mov QWORD[40+rsp],rax + + mov QWORD[48+rsp],r9 + jmp NEAR $L$mulx4x_body + +ALIGN 32 +$L$mulx4x_body: + lea rdi,[8+rdx] + mov rdx,QWORD[rdx] + lea rbx,[((64+32))+rsp] + mov r9,rdx + + mulx rax,r8,QWORD[rsi] + mulx r14,r11,QWORD[8+rsi] + add r11,rax + mov QWORD[8+rsp],rdi + mulx r13,r12,QWORD[16+rsi] + adc r12,r14 + adc r13,0 + + mov rdi,r8 + imul r8,QWORD[24+rsp] + xor rbp,rbp + + mulx r14,rax,QWORD[24+rsi] + mov rdx,r8 + lea rsi,[32+rsi] + adcx r13,rax + adcx r14,rbp + + mulx r10,rax,QWORD[rcx] + adcx rdi,rax + adox r10,r11 + mulx r11,rax,QWORD[8+rcx] + adcx r10,rax + adox r11,r12 +DB 0xc4,0x62,0xfb,0xf6,0xa1,0x10,0x00,0x00,0x00 + mov rdi,QWORD[48+rsp] + mov QWORD[((-32))+rbx],r10 + adcx r11,rax + adox r12,r13 + mulx r15,rax,QWORD[24+rcx] + mov rdx,r9 + mov QWORD[((-24))+rbx],r11 + adcx r12,rax + adox r15,rbp + lea rcx,[32+rcx] + mov QWORD[((-16))+rbx],r12 + + jmp NEAR $L$mulx4x_1st + +ALIGN 32 +$L$mulx4x_1st: + adcx r15,rbp + mulx rax,r10,QWORD[rsi] + adcx r10,r14 + mulx r14,r11,QWORD[8+rsi] + adcx r11,rax + mulx rax,r12,QWORD[16+rsi] + adcx r12,r14 + mulx r14,r13,QWORD[24+rsi] +DB 0x67,0x67 + mov rdx,r8 + adcx r13,rax + adcx r14,rbp + lea rsi,[32+rsi] + lea rbx,[32+rbx] + + adox r10,r15 + mulx r15,rax,QWORD[rcx] + adcx r10,rax + adox r11,r15 + mulx r15,rax,QWORD[8+rcx] + adcx r11,rax + adox r12,r15 + mulx r15,rax,QWORD[16+rcx] + mov QWORD[((-40))+rbx],r10 + adcx r12,rax + mov QWORD[((-32))+rbx],r11 + adox r13,r15 + mulx r15,rax,QWORD[24+rcx] + mov rdx,r9 + mov QWORD[((-24))+rbx],r12 + adcx r13,rax + adox r15,rbp + lea rcx,[32+rcx] + mov QWORD[((-16))+rbx],r13 + + dec rdi + jnz NEAR $L$mulx4x_1st + + mov rax,QWORD[rsp] + mov rdi,QWORD[8+rsp] + adc r15,rbp + add r14,r15 + sbb r15,r15 + mov QWORD[((-8))+rbx],r14 + jmp NEAR $L$mulx4x_outer + +ALIGN 32 +$L$mulx4x_outer: + mov rdx,QWORD[rdi] + lea rdi,[8+rdi] + sub rsi,rax + mov QWORD[rbx],r15 + lea rbx,[((64+32))+rsp] + sub rcx,rax + + mulx r11,r8,QWORD[rsi] + xor ebp,ebp + mov r9,rdx + mulx r12,r14,QWORD[8+rsi] + adox r8,QWORD[((-32))+rbx] + adcx r11,r14 + mulx r13,r15,QWORD[16+rsi] + adox r11,QWORD[((-24))+rbx] + adcx r12,r15 + adox r12,QWORD[((-16))+rbx] + adcx r13,rbp + adox r13,rbp + + mov QWORD[8+rsp],rdi + mov r15,r8 + imul r8,QWORD[24+rsp] + xor ebp,ebp + + mulx r14,rax,QWORD[24+rsi] + mov rdx,r8 + adcx r13,rax + adox r13,QWORD[((-8))+rbx] + adcx r14,rbp + lea rsi,[32+rsi] + adox r14,rbp + + mulx r10,rax,QWORD[rcx] + adcx r15,rax + adox r10,r11 + mulx r11,rax,QWORD[8+rcx] + adcx r10,rax + adox r11,r12 + mulx r12,rax,QWORD[16+rcx] + mov QWORD[((-32))+rbx],r10 + adcx r11,rax + adox r12,r13 + mulx r15,rax,QWORD[24+rcx] + mov rdx,r9 + mov QWORD[((-24))+rbx],r11 + lea rcx,[32+rcx] + adcx r12,rax + adox r15,rbp + mov rdi,QWORD[48+rsp] + mov QWORD[((-16))+rbx],r12 + + jmp NEAR $L$mulx4x_inner + +ALIGN 32 +$L$mulx4x_inner: + mulx rax,r10,QWORD[rsi] + adcx r15,rbp + adox r10,r14 + mulx r14,r11,QWORD[8+rsi] + adcx r10,QWORD[rbx] + adox r11,rax + mulx rax,r12,QWORD[16+rsi] + adcx r11,QWORD[8+rbx] + adox r12,r14 + mulx r14,r13,QWORD[24+rsi] + mov rdx,r8 + adcx r12,QWORD[16+rbx] + adox r13,rax + adcx r13,QWORD[24+rbx] + adox r14,rbp + lea rsi,[32+rsi] + lea rbx,[32+rbx] + adcx r14,rbp + + adox r10,r15 + mulx r15,rax,QWORD[rcx] + adcx r10,rax + adox r11,r15 + mulx r15,rax,QWORD[8+rcx] + adcx r11,rax + adox r12,r15 + mulx r15,rax,QWORD[16+rcx] + mov QWORD[((-40))+rbx],r10 + adcx r12,rax + adox r13,r15 + mulx r15,rax,QWORD[24+rcx] + mov rdx,r9 + mov QWORD[((-32))+rbx],r11 + mov QWORD[((-24))+rbx],r12 + adcx r13,rax + adox r15,rbp + lea rcx,[32+rcx] + mov QWORD[((-16))+rbx],r13 + + dec rdi + jnz NEAR $L$mulx4x_inner + + mov rax,QWORD[rsp] + mov rdi,QWORD[8+rsp] + adc r15,rbp + sub rbp,QWORD[rbx] + adc r14,r15 + sbb r15,r15 + mov QWORD[((-8))+rbx],r14 + + cmp rdi,QWORD[16+rsp] + jne NEAR $L$mulx4x_outer + + lea rbx,[64+rsp] + sub rcx,rax + neg r15 + mov rdx,rax + shr rax,3+2 + mov rdi,QWORD[32+rsp] + jmp NEAR $L$mulx4x_sub + +ALIGN 32 +$L$mulx4x_sub: + mov r11,QWORD[rbx] + mov r12,QWORD[8+rbx] + mov r13,QWORD[16+rbx] + mov r14,QWORD[24+rbx] + lea rbx,[32+rbx] + sbb r11,QWORD[rcx] + sbb r12,QWORD[8+rcx] + sbb r13,QWORD[16+rcx] + sbb r14,QWORD[24+rcx] + lea rcx,[32+rcx] + mov QWORD[rdi],r11 + mov QWORD[8+rdi],r12 + mov QWORD[16+rdi],r13 + mov QWORD[24+rdi],r14 + lea rdi,[32+rdi] + dec rax + jnz NEAR $L$mulx4x_sub + + sbb r15,0 + lea rbx,[64+rsp] + sub rdi,rdx + +DB 102,73,15,110,207 + pxor xmm0,xmm0 + pshufd xmm1,xmm1,0 + mov rsi,QWORD[40+rsp] + + jmp NEAR $L$mulx4x_cond_copy + +ALIGN 32 +$L$mulx4x_cond_copy: + movdqa xmm2,XMMWORD[rbx] + movdqa xmm3,XMMWORD[16+rbx] + lea rbx,[32+rbx] + movdqu xmm4,XMMWORD[rdi] + movdqu xmm5,XMMWORD[16+rdi] + lea rdi,[32+rdi] + movdqa XMMWORD[(-32)+rbx],xmm0 + movdqa XMMWORD[(-16)+rbx],xmm0 + pcmpeqd xmm0,xmm1 + pand xmm2,xmm1 + pand xmm3,xmm1 + pand xmm4,xmm0 + pand xmm5,xmm0 + pxor xmm0,xmm0 + por xmm4,xmm2 + por xmm5,xmm3 + movdqu XMMWORD[(-32)+rdi],xmm4 + movdqu XMMWORD[(-16)+rdi],xmm5 + sub rdx,32 + jnz NEAR $L$mulx4x_cond_copy + + mov QWORD[rbx],rdx + + mov rax,1 + mov r15,QWORD[((-48))+rsi] + + mov r14,QWORD[((-40))+rsi] + + mov r13,QWORD[((-32))+rsi] + + mov r12,QWORD[((-24))+rsi] + + mov rbp,QWORD[((-16))+rsi] + + mov rbx,QWORD[((-8))+rsi] + + lea rsp,[rsi] + +$L$mulx4x_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] + DB 0F3h,0C3h ;repret + +$L$SEH_end_bn_mulx4x_mont: DB 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105 DB 112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56 DB 54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83 @@ -1054,6 +1449,9 @@ ALIGN 4 DD $L$SEH_begin_bn_sqr8x_mont wrt ..imagebase DD $L$SEH_end_bn_sqr8x_mont wrt ..imagebase DD $L$SEH_info_bn_sqr8x_mont wrt ..imagebase + DD $L$SEH_begin_bn_mulx4x_mont wrt ..imagebase + DD $L$SEH_end_bn_mulx4x_mont wrt ..imagebase + DD $L$SEH_info_bn_mulx4x_mont wrt ..imagebase section .xdata rdata align=8 ALIGN 8 $L$SEH_info_bn_mul_mont: @@ -1069,3 +1467,8 @@ DB 9,0,0,0 DD sqr_handler wrt ..imagebase DD $L$sqr8x_prologue wrt ..imagebase,$L$sqr8x_body wrt ..imagebase,$L$sqr8x_epilogue wrt ..imagebase ALIGN 8 +$L$SEH_info_bn_mulx4x_mont: +DB 9,0,0,0 + DD sqr_handler wrt ..imagebase + DD $L$mulx4x_prologue wrt ..imagebase,$L$mulx4x_body wrt ..imagebase,$L$mulx4x_epilogue wrt ..imagebase +ALIGN 8 diff --git a/third_party/boringssl/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm b/third_party/boringssl/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm index b330641017..4902a75aa5 100644 --- a/third_party/boringssl/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm +++ b/third_party/boringssl/win-x86_64/crypto/fipsmodule/x86_64-mont5.asm @@ -29,6 +29,8 @@ $L$SEH_begin_bn_mul_mont_gather5: test r9d,7 jnz NEAR $L$mul_enter + lea r11,[OPENSSL_ia32cap_P] + mov r11d,DWORD[8+r11] jmp NEAR $L$mul4x_enter ALIGN 16 @@ -418,18 +420,19 @@ $L$sub: sbb rax,QWORD[r14*8+rcx] jnz NEAR $L$sub sbb rax,0 + mov rbx,-1 + xor rbx,rax xor r14,r14 - and rsi,rax - not rax - mov rcx,rdi - and rcx,rax mov r15,r9 - or rsi,rcx -ALIGN 16 + $L$copy: - mov rax,QWORD[r14*8+rsi] + mov rcx,QWORD[r14*8+rdi] + mov rdx,QWORD[r14*8+rsp] + and rcx,rbx + and rdx,rax mov QWORD[r14*8+rsp],r14 - mov QWORD[r14*8+rdi],rax + or rdx,rcx + mov QWORD[r14*8+rdi],rdx lea r14,[1+r14] sub r15,1 jnz NEAR $L$copy @@ -478,6 +481,9 @@ DB 0x67 mov rax,rsp $L$mul4x_enter: + and r11d,0x80108 + cmp r11d,0x80108 + je NEAR $L$mulx4x_enter push rbx push rbp @@ -1119,6 +1125,11 @@ $L$SEH_begin_bn_power5: mov rax,rsp + lea r11,[OPENSSL_ia32cap_P] + mov r11d,DWORD[8+r11] + and r11d,0x80108 + cmp r11d,0x80108 + je NEAR $L$powerx5_enter push rbx push rbp @@ -2216,6 +2227,22 @@ DB 102,72,15,110,209 DB 0x67 mov rbp,rcx DB 102,73,15,110,218 + lea r11,[OPENSSL_ia32cap_P] + mov r11d,DWORD[8+r11] + and r11d,0x80108 + cmp r11d,0x80108 + jne NEAR $L$from_mont_nox + + lea rdi,[r9*1+rax] + call __bn_sqrx8x_reduction + call __bn_postx4x_internal + + pxor xmm0,xmm0 + lea rax,[48+rsp] + jmp NEAR $L$from_mont_zero + +ALIGN 32 +$L$from_mont_nox: call __bn_sqr8x_reduction call __bn_post4x_internal @@ -2256,6 +2283,1370 @@ $L$from_epilogue: DB 0F3h,0C3h ;repret $L$SEH_end_bn_from_mont8x: + +ALIGN 32 +bn_mulx4x_mont_gather5: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi + mov rax,rsp +$L$SEH_begin_bn_mulx4x_mont_gather5: + mov rdi,rcx + mov rsi,rdx + mov rdx,r8 + mov rcx,r9 + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] + + + + mov rax,rsp + +$L$mulx4x_enter: + push rbx + + push rbp + + push r12 + + push r13 + + push r14 + + push r15 + +$L$mulx4x_prologue: + + shl r9d,3 + lea r10,[r9*2+r9] + neg r9 + mov r8,QWORD[r8] + + + + + + + + + + + lea r11,[((-320))+r9*2+rsp] + mov rbp,rsp + sub r11,rdi + and r11,4095 + cmp r10,r11 + jb NEAR $L$mulx4xsp_alt + sub rbp,r11 + lea rbp,[((-320))+r9*2+rbp] + jmp NEAR $L$mulx4xsp_done + +$L$mulx4xsp_alt: + lea r10,[((4096-320))+r9*2] + lea rbp,[((-320))+r9*2+rbp] + sub r11,r10 + mov r10,0 + cmovc r11,r10 + sub rbp,r11 +$L$mulx4xsp_done: + and rbp,-64 + mov r11,rsp + sub r11,rbp + and r11,-4096 + lea rsp,[rbp*1+r11] + mov r10,QWORD[rsp] + cmp rsp,rbp + ja NEAR $L$mulx4x_page_walk + jmp NEAR $L$mulx4x_page_walk_done + +$L$mulx4x_page_walk: + lea rsp,[((-4096))+rsp] + mov r10,QWORD[rsp] + cmp rsp,rbp + ja NEAR $L$mulx4x_page_walk +$L$mulx4x_page_walk_done: + + + + + + + + + + + + + + mov QWORD[32+rsp],r8 + mov QWORD[40+rsp],rax + +$L$mulx4x_body: + call mulx4x_internal + + mov rsi,QWORD[40+rsp] + + mov rax,1 + + mov r15,QWORD[((-48))+rsi] + + mov r14,QWORD[((-40))+rsi] + + mov r13,QWORD[((-32))+rsi] + + mov r12,QWORD[((-24))+rsi] + + mov rbp,QWORD[((-16))+rsi] + + mov rbx,QWORD[((-8))+rsi] + + lea rsp,[rsi] + +$L$mulx4x_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] + DB 0F3h,0C3h ;repret + +$L$SEH_end_bn_mulx4x_mont_gather5: + + +ALIGN 32 +mulx4x_internal: + mov QWORD[8+rsp],r9 + mov r10,r9 + neg r9 + shl r9,5 + neg r10 + lea r13,[128+r9*1+rdx] + shr r9,5+5 + movd xmm5,DWORD[56+rax] + sub r9,1 + lea rax,[$L$inc] + mov QWORD[((16+8))+rsp],r13 + mov QWORD[((24+8))+rsp],r9 + mov QWORD[((56+8))+rsp],rdi + movdqa xmm0,XMMWORD[rax] + movdqa xmm1,XMMWORD[16+rax] + lea r10,[((88-112))+r10*1+rsp] + lea rdi,[128+rdx] + + pshufd xmm5,xmm5,0 + movdqa xmm4,xmm1 +DB 0x67 + movdqa xmm2,xmm1 +DB 0x67 + paddd xmm1,xmm0 + pcmpeqd xmm0,xmm5 + movdqa xmm3,xmm4 + paddd xmm2,xmm1 + pcmpeqd xmm1,xmm5 + movdqa XMMWORD[112+r10],xmm0 + movdqa xmm0,xmm4 + + paddd xmm3,xmm2 + pcmpeqd xmm2,xmm5 + movdqa XMMWORD[128+r10],xmm1 + movdqa xmm1,xmm4 + + paddd xmm0,xmm3 + pcmpeqd xmm3,xmm5 + movdqa XMMWORD[144+r10],xmm2 + movdqa xmm2,xmm4 + + paddd xmm1,xmm0 + pcmpeqd xmm0,xmm5 + movdqa XMMWORD[160+r10],xmm3 + movdqa xmm3,xmm4 + paddd xmm2,xmm1 + pcmpeqd xmm1,xmm5 + movdqa XMMWORD[176+r10],xmm0 + movdqa xmm0,xmm4 + + paddd xmm3,xmm2 + pcmpeqd xmm2,xmm5 + movdqa XMMWORD[192+r10],xmm1 + movdqa xmm1,xmm4 + + paddd xmm0,xmm3 + pcmpeqd xmm3,xmm5 + movdqa XMMWORD[208+r10],xmm2 + movdqa xmm2,xmm4 + + paddd xmm1,xmm0 + pcmpeqd xmm0,xmm5 + movdqa XMMWORD[224+r10],xmm3 + movdqa xmm3,xmm4 + paddd xmm2,xmm1 + pcmpeqd xmm1,xmm5 + movdqa XMMWORD[240+r10],xmm0 + movdqa xmm0,xmm4 + + paddd xmm3,xmm2 + pcmpeqd xmm2,xmm5 + movdqa XMMWORD[256+r10],xmm1 + movdqa xmm1,xmm4 + + paddd xmm0,xmm3 + pcmpeqd xmm3,xmm5 + movdqa XMMWORD[272+r10],xmm2 + movdqa xmm2,xmm4 + + paddd xmm1,xmm0 + pcmpeqd xmm0,xmm5 + movdqa XMMWORD[288+r10],xmm3 + movdqa xmm3,xmm4 +DB 0x67 + paddd xmm2,xmm1 + pcmpeqd xmm1,xmm5 + movdqa XMMWORD[304+r10],xmm0 + + paddd xmm3,xmm2 + pcmpeqd xmm2,xmm5 + movdqa XMMWORD[320+r10],xmm1 + + pcmpeqd xmm3,xmm5 + movdqa XMMWORD[336+r10],xmm2 + + pand xmm0,XMMWORD[64+rdi] + pand xmm1,XMMWORD[80+rdi] + pand xmm2,XMMWORD[96+rdi] + movdqa XMMWORD[352+r10],xmm3 + pand xmm3,XMMWORD[112+rdi] + por xmm0,xmm2 + por xmm1,xmm3 + movdqa xmm4,XMMWORD[((-128))+rdi] + movdqa xmm5,XMMWORD[((-112))+rdi] + movdqa xmm2,XMMWORD[((-96))+rdi] + pand xmm4,XMMWORD[112+r10] + movdqa xmm3,XMMWORD[((-80))+rdi] + pand xmm5,XMMWORD[128+r10] + por xmm0,xmm4 + pand xmm2,XMMWORD[144+r10] + por xmm1,xmm5 + pand xmm3,XMMWORD[160+r10] + por xmm0,xmm2 + por xmm1,xmm3 + movdqa xmm4,XMMWORD[((-64))+rdi] + movdqa xmm5,XMMWORD[((-48))+rdi] + movdqa xmm2,XMMWORD[((-32))+rdi] + pand xmm4,XMMWORD[176+r10] + movdqa xmm3,XMMWORD[((-16))+rdi] + pand xmm5,XMMWORD[192+r10] + por xmm0,xmm4 + pand xmm2,XMMWORD[208+r10] + por xmm1,xmm5 + pand xmm3,XMMWORD[224+r10] + por xmm0,xmm2 + por xmm1,xmm3 + movdqa xmm4,XMMWORD[rdi] + movdqa xmm5,XMMWORD[16+rdi] + movdqa xmm2,XMMWORD[32+rdi] + pand xmm4,XMMWORD[240+r10] + movdqa xmm3,XMMWORD[48+rdi] + pand xmm5,XMMWORD[256+r10] + por xmm0,xmm4 + pand xmm2,XMMWORD[272+r10] + por xmm1,xmm5 + pand xmm3,XMMWORD[288+r10] + por xmm0,xmm2 + por xmm1,xmm3 + pxor xmm0,xmm1 + pshufd xmm1,xmm0,0x4e + por xmm0,xmm1 + lea rdi,[256+rdi] +DB 102,72,15,126,194 + lea rbx,[((64+32+8))+rsp] + + mov r9,rdx + mulx rax,r8,QWORD[rsi] + mulx r12,r11,QWORD[8+rsi] + add r11,rax + mulx r13,rax,QWORD[16+rsi] + adc r12,rax + adc r13,0 + mulx r14,rax,QWORD[24+rsi] + + mov r15,r8 + imul r8,QWORD[((32+8))+rsp] + xor rbp,rbp + mov rdx,r8 + + mov QWORD[((8+8))+rsp],rdi + + lea rsi,[32+rsi] + adcx r13,rax + adcx r14,rbp + + mulx r10,rax,QWORD[rcx] + adcx r15,rax + adox r10,r11 + mulx r11,rax,QWORD[8+rcx] + adcx r10,rax + adox r11,r12 + mulx r12,rax,QWORD[16+rcx] + mov rdi,QWORD[((24+8))+rsp] + mov QWORD[((-32))+rbx],r10 + adcx r11,rax + adox r12,r13 + mulx r15,rax,QWORD[24+rcx] + mov rdx,r9 + mov QWORD[((-24))+rbx],r11 + adcx r12,rax + adox r15,rbp + lea rcx,[32+rcx] + mov QWORD[((-16))+rbx],r12 + jmp NEAR $L$mulx4x_1st + +ALIGN 32 +$L$mulx4x_1st: + adcx r15,rbp + mulx rax,r10,QWORD[rsi] + adcx r10,r14 + mulx r14,r11,QWORD[8+rsi] + adcx r11,rax + mulx rax,r12,QWORD[16+rsi] + adcx r12,r14 + mulx r14,r13,QWORD[24+rsi] +DB 0x67,0x67 + mov rdx,r8 + adcx r13,rax + adcx r14,rbp + lea rsi,[32+rsi] + lea rbx,[32+rbx] + + adox r10,r15 + mulx r15,rax,QWORD[rcx] + adcx r10,rax + adox r11,r15 + mulx r15,rax,QWORD[8+rcx] + adcx r11,rax + adox r12,r15 + mulx r15,rax,QWORD[16+rcx] + mov QWORD[((-40))+rbx],r10 + adcx r12,rax + mov QWORD[((-32))+rbx],r11 + adox r13,r15 + mulx r15,rax,QWORD[24+rcx] + mov rdx,r9 + mov QWORD[((-24))+rbx],r12 + adcx r13,rax + adox r15,rbp + lea rcx,[32+rcx] + mov QWORD[((-16))+rbx],r13 + + dec rdi + jnz NEAR $L$mulx4x_1st + + mov rax,QWORD[8+rsp] + adc r15,rbp + lea rsi,[rax*1+rsi] + add r14,r15 + mov rdi,QWORD[((8+8))+rsp] + adc rbp,rbp + mov QWORD[((-8))+rbx],r14 + jmp NEAR $L$mulx4x_outer + +ALIGN 32 +$L$mulx4x_outer: + lea r10,[((16-256))+rbx] + pxor xmm4,xmm4 +DB 0x67,0x67 + pxor xmm5,xmm5 + movdqa xmm0,XMMWORD[((-128))+rdi] + movdqa xmm1,XMMWORD[((-112))+rdi] + movdqa xmm2,XMMWORD[((-96))+rdi] + pand xmm0,XMMWORD[256+r10] + movdqa xmm3,XMMWORD[((-80))+rdi] + pand xmm1,XMMWORD[272+r10] + por xmm4,xmm0 + pand xmm2,XMMWORD[288+r10] + por xmm5,xmm1 + pand xmm3,XMMWORD[304+r10] + por xmm4,xmm2 + por xmm5,xmm3 + movdqa xmm0,XMMWORD[((-64))+rdi] + movdqa xmm1,XMMWORD[((-48))+rdi] + movdqa xmm2,XMMWORD[((-32))+rdi] + pand xmm0,XMMWORD[320+r10] + movdqa xmm3,XMMWORD[((-16))+rdi] + pand xmm1,XMMWORD[336+r10] + por xmm4,xmm0 + pand xmm2,XMMWORD[352+r10] + por xmm5,xmm1 + pand xmm3,XMMWORD[368+r10] + por xmm4,xmm2 + por xmm5,xmm3 + movdqa xmm0,XMMWORD[rdi] + movdqa xmm1,XMMWORD[16+rdi] + movdqa xmm2,XMMWORD[32+rdi] + pand xmm0,XMMWORD[384+r10] + movdqa xmm3,XMMWORD[48+rdi] + pand xmm1,XMMWORD[400+r10] + por xmm4,xmm0 + pand xmm2,XMMWORD[416+r10] + por xmm5,xmm1 + pand xmm3,XMMWORD[432+r10] + por xmm4,xmm2 + por xmm5,xmm3 + movdqa xmm0,XMMWORD[64+rdi] + movdqa xmm1,XMMWORD[80+rdi] + movdqa xmm2,XMMWORD[96+rdi] + pand xmm0,XMMWORD[448+r10] + movdqa xmm3,XMMWORD[112+rdi] + pand xmm1,XMMWORD[464+r10] + por xmm4,xmm0 + pand xmm2,XMMWORD[480+r10] + por xmm5,xmm1 + pand xmm3,XMMWORD[496+r10] + por xmm4,xmm2 + por xmm5,xmm3 + por xmm4,xmm5 + pshufd xmm0,xmm4,0x4e + por xmm0,xmm4 + lea rdi,[256+rdi] +DB 102,72,15,126,194 + + mov QWORD[rbx],rbp + lea rbx,[32+rax*1+rbx] + mulx r11,r8,QWORD[rsi] + xor rbp,rbp + mov r9,rdx + mulx r12,r14,QWORD[8+rsi] + adox r8,QWORD[((-32))+rbx] + adcx r11,r14 + mulx r13,r15,QWORD[16+rsi] + adox r11,QWORD[((-24))+rbx] + adcx r12,r15 + mulx r14,rdx,QWORD[24+rsi] + adox r12,QWORD[((-16))+rbx] + adcx r13,rdx + lea rcx,[rax*1+rcx] + lea rsi,[32+rsi] + adox r13,QWORD[((-8))+rbx] + adcx r14,rbp + adox r14,rbp + + mov r15,r8 + imul r8,QWORD[((32+8))+rsp] + + mov rdx,r8 + xor rbp,rbp + mov QWORD[((8+8))+rsp],rdi + + mulx r10,rax,QWORD[rcx] + adcx r15,rax + adox r10,r11 + mulx r11,rax,QWORD[8+rcx] + adcx r10,rax + adox r11,r12 + mulx r12,rax,QWORD[16+rcx] + adcx r11,rax + adox r12,r13 + mulx r15,rax,QWORD[24+rcx] + mov rdx,r9 + mov rdi,QWORD[((24+8))+rsp] + mov QWORD[((-32))+rbx],r10 + adcx r12,rax + mov QWORD[((-24))+rbx],r11 + adox r15,rbp + mov QWORD[((-16))+rbx],r12 + lea rcx,[32+rcx] + jmp NEAR $L$mulx4x_inner + +ALIGN 32 +$L$mulx4x_inner: + mulx rax,r10,QWORD[rsi] + adcx r15,rbp + adox r10,r14 + mulx r14,r11,QWORD[8+rsi] + adcx r10,QWORD[rbx] + adox r11,rax + mulx rax,r12,QWORD[16+rsi] + adcx r11,QWORD[8+rbx] + adox r12,r14 + mulx r14,r13,QWORD[24+rsi] + mov rdx,r8 + adcx r12,QWORD[16+rbx] + adox r13,rax + adcx r13,QWORD[24+rbx] + adox r14,rbp + lea rsi,[32+rsi] + lea rbx,[32+rbx] + adcx r14,rbp + + adox r10,r15 + mulx r15,rax,QWORD[rcx] + adcx r10,rax + adox r11,r15 + mulx r15,rax,QWORD[8+rcx] + adcx r11,rax + adox r12,r15 + mulx r15,rax,QWORD[16+rcx] + mov QWORD[((-40))+rbx],r10 + adcx r12,rax + adox r13,r15 + mov QWORD[((-32))+rbx],r11 + mulx r15,rax,QWORD[24+rcx] + mov rdx,r9 + lea rcx,[32+rcx] + mov QWORD[((-24))+rbx],r12 + adcx r13,rax + adox r15,rbp + mov QWORD[((-16))+rbx],r13 + + dec rdi + jnz NEAR $L$mulx4x_inner + + mov rax,QWORD[((0+8))+rsp] + adc r15,rbp + sub rdi,QWORD[rbx] + mov rdi,QWORD[((8+8))+rsp] + mov r10,QWORD[((16+8))+rsp] + adc r14,r15 + lea rsi,[rax*1+rsi] + adc rbp,rbp + mov QWORD[((-8))+rbx],r14 + + cmp rdi,r10 + jb NEAR $L$mulx4x_outer + + mov r10,QWORD[((-8))+rcx] + mov r8,rbp + mov r12,QWORD[rax*1+rcx] + lea rbp,[rax*1+rcx] + mov rcx,rax + lea rdi,[rax*1+rbx] + xor eax,eax + xor r15,r15 + sub r10,r14 + adc r15,r15 + or r8,r15 + sar rcx,3+2 + sub rax,r8 + mov rdx,QWORD[((56+8))+rsp] + dec r12 + mov r13,QWORD[8+rbp] + xor r8,r8 + mov r14,QWORD[16+rbp] + mov r15,QWORD[24+rbp] + jmp NEAR $L$sqrx4x_sub_entry + + +ALIGN 32 +bn_powerx5: + mov QWORD[8+rsp],rdi ;WIN64 prologue + mov QWORD[16+rsp],rsi + mov rax,rsp +$L$SEH_begin_bn_powerx5: + mov rdi,rcx + mov rsi,rdx + mov rdx,r8 + mov rcx,r9 + mov r8,QWORD[40+rsp] + mov r9,QWORD[48+rsp] + + + + mov rax,rsp + +$L$powerx5_enter: + push rbx + + push rbp + + push r12 + + push r13 + + push r14 + + push r15 + +$L$powerx5_prologue: + + shl r9d,3 + lea r10,[r9*2+r9] + neg r9 + mov r8,QWORD[r8] + + + + + + + + + lea r11,[((-320))+r9*2+rsp] + mov rbp,rsp + sub r11,rdi + and r11,4095 + cmp r10,r11 + jb NEAR $L$pwrx_sp_alt + sub rbp,r11 + lea rbp,[((-320))+r9*2+rbp] + jmp NEAR $L$pwrx_sp_done + +ALIGN 32 +$L$pwrx_sp_alt: + lea r10,[((4096-320))+r9*2] + lea rbp,[((-320))+r9*2+rbp] + sub r11,r10 + mov r10,0 + cmovc r11,r10 + sub rbp,r11 +$L$pwrx_sp_done: + and rbp,-64 + mov r11,rsp + sub r11,rbp + and r11,-4096 + lea rsp,[rbp*1+r11] + mov r10,QWORD[rsp] + cmp rsp,rbp + ja NEAR $L$pwrx_page_walk + jmp NEAR $L$pwrx_page_walk_done + +$L$pwrx_page_walk: + lea rsp,[((-4096))+rsp] + mov r10,QWORD[rsp] + cmp rsp,rbp + ja NEAR $L$pwrx_page_walk +$L$pwrx_page_walk_done: + + mov r10,r9 + neg r9 + + + + + + + + + + + + + pxor xmm0,xmm0 +DB 102,72,15,110,207 +DB 102,72,15,110,209 +DB 102,73,15,110,218 +DB 102,72,15,110,226 + mov QWORD[32+rsp],r8 + mov QWORD[40+rsp],rax + +$L$powerx5_body: + + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + call __bn_sqrx8x_internal + call __bn_postx4x_internal + + mov r9,r10 + mov rdi,rsi +DB 102,72,15,126,209 +DB 102,72,15,126,226 + mov rax,QWORD[40+rsp] + + call mulx4x_internal + + mov rsi,QWORD[40+rsp] + + mov rax,1 + + mov r15,QWORD[((-48))+rsi] + + mov r14,QWORD[((-40))+rsi] + + mov r13,QWORD[((-32))+rsi] + + mov r12,QWORD[((-24))+rsi] + + mov rbp,QWORD[((-16))+rsi] + + mov rbx,QWORD[((-8))+rsi] + + lea rsp,[rsi] + +$L$powerx5_epilogue: + mov rdi,QWORD[8+rsp] ;WIN64 epilogue + mov rsi,QWORD[16+rsp] + DB 0F3h,0C3h ;repret + +$L$SEH_end_bn_powerx5: + +global bn_sqrx8x_internal + + +ALIGN 32 +bn_sqrx8x_internal: +__bn_sqrx8x_internal: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + lea rdi,[((48+8))+rsp] + lea rbp,[r9*1+rsi] + mov QWORD[((0+8))+rsp],r9 + mov QWORD[((8+8))+rsp],rbp + jmp NEAR $L$sqr8x_zero_start + +ALIGN 32 +DB 0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00 +$L$sqrx8x_zero: +DB 0x3e + movdqa XMMWORD[rdi],xmm0 + movdqa XMMWORD[16+rdi],xmm0 + movdqa XMMWORD[32+rdi],xmm0 + movdqa XMMWORD[48+rdi],xmm0 +$L$sqr8x_zero_start: + movdqa XMMWORD[64+rdi],xmm0 + movdqa XMMWORD[80+rdi],xmm0 + movdqa XMMWORD[96+rdi],xmm0 + movdqa XMMWORD[112+rdi],xmm0 + lea rdi,[128+rdi] + sub r9,64 + jnz NEAR $L$sqrx8x_zero + + mov rdx,QWORD[rsi] + + xor r10,r10 + xor r11,r11 + xor r12,r12 + xor r13,r13 + xor r14,r14 + xor r15,r15 + lea rdi,[((48+8))+rsp] + xor rbp,rbp + jmp NEAR $L$sqrx8x_outer_loop + +ALIGN 32 +$L$sqrx8x_outer_loop: + mulx rax,r8,QWORD[8+rsi] + adcx r8,r9 + adox r10,rax + mulx rax,r9,QWORD[16+rsi] + adcx r9,r10 + adox r11,rax +DB 0xc4,0xe2,0xab,0xf6,0x86,0x18,0x00,0x00,0x00 + adcx r10,r11 + adox r12,rax +DB 0xc4,0xe2,0xa3,0xf6,0x86,0x20,0x00,0x00,0x00 + adcx r11,r12 + adox r13,rax + mulx rax,r12,QWORD[40+rsi] + adcx r12,r13 + adox r14,rax + mulx rax,r13,QWORD[48+rsi] + adcx r13,r14 + adox rax,r15 + mulx r15,r14,QWORD[56+rsi] + mov rdx,QWORD[8+rsi] + adcx r14,rax + adox r15,rbp + adc r15,QWORD[64+rdi] + mov QWORD[8+rdi],r8 + mov QWORD[16+rdi],r9 + sbb rcx,rcx + xor rbp,rbp + + + mulx rbx,r8,QWORD[16+rsi] + mulx rax,r9,QWORD[24+rsi] + adcx r8,r10 + adox r9,rbx + mulx rbx,r10,QWORD[32+rsi] + adcx r9,r11 + adox r10,rax +DB 0xc4,0xe2,0xa3,0xf6,0x86,0x28,0x00,0x00,0x00 + adcx r10,r12 + adox r11,rbx +DB 0xc4,0xe2,0x9b,0xf6,0x9e,0x30,0x00,0x00,0x00 + adcx r11,r13 + adox r12,r14 +DB 0xc4,0x62,0x93,0xf6,0xb6,0x38,0x00,0x00,0x00 + mov rdx,QWORD[16+rsi] + adcx r12,rax + adox r13,rbx + adcx r13,r15 + adox r14,rbp + adcx r14,rbp + + mov QWORD[24+rdi],r8 + mov QWORD[32+rdi],r9 + + mulx rbx,r8,QWORD[24+rsi] + mulx rax,r9,QWORD[32+rsi] + adcx r8,r10 + adox r9,rbx + mulx rbx,r10,QWORD[40+rsi] + adcx r9,r11 + adox r10,rax +DB 0xc4,0xe2,0xa3,0xf6,0x86,0x30,0x00,0x00,0x00 + adcx r10,r12 + adox r11,r13 +DB 0xc4,0x62,0x9b,0xf6,0xae,0x38,0x00,0x00,0x00 +DB 0x3e + mov rdx,QWORD[24+rsi] + adcx r11,rbx + adox r12,rax + adcx r12,r14 + mov QWORD[40+rdi],r8 + mov QWORD[48+rdi],r9 + mulx rax,r8,QWORD[32+rsi] + adox r13,rbp + adcx r13,rbp + + mulx rbx,r9,QWORD[40+rsi] + adcx r8,r10 + adox r9,rax + mulx rax,r10,QWORD[48+rsi] + adcx r9,r11 + adox r10,r12 + mulx r12,r11,QWORD[56+rsi] + mov rdx,QWORD[32+rsi] + mov r14,QWORD[40+rsi] + adcx r10,rbx + adox r11,rax + mov r15,QWORD[48+rsi] + adcx r11,r13 + adox r12,rbp + adcx r12,rbp + + mov QWORD[56+rdi],r8 + mov QWORD[64+rdi],r9 + + mulx rax,r9,r14 + mov r8,QWORD[56+rsi] + adcx r9,r10 + mulx rbx,r10,r15 + adox r10,rax + adcx r10,r11 + mulx rax,r11,r8 + mov rdx,r14 + adox r11,rbx + adcx r11,r12 + + adcx rax,rbp + + mulx rbx,r14,r15 + mulx r13,r12,r8 + mov rdx,r15 + lea rsi,[64+rsi] + adcx r11,r14 + adox r12,rbx + adcx r12,rax + adox r13,rbp + +DB 0x67,0x67 + mulx r14,r8,r8 + adcx r13,r8 + adcx r14,rbp + + cmp rsi,QWORD[((8+8))+rsp] + je NEAR $L$sqrx8x_outer_break + + neg rcx + mov rcx,-8 + mov r15,rbp + mov r8,QWORD[64+rdi] + adcx r9,QWORD[72+rdi] + adcx r10,QWORD[80+rdi] + adcx r11,QWORD[88+rdi] + adc r12,QWORD[96+rdi] + adc r13,QWORD[104+rdi] + adc r14,QWORD[112+rdi] + adc r15,QWORD[120+rdi] + lea rbp,[rsi] + lea rdi,[128+rdi] + sbb rax,rax + + mov rdx,QWORD[((-64))+rsi] + mov QWORD[((16+8))+rsp],rax + mov QWORD[((24+8))+rsp],rdi + + + xor eax,eax + jmp NEAR $L$sqrx8x_loop + +ALIGN 32 +$L$sqrx8x_loop: + mov rbx,r8 + mulx r8,rax,QWORD[rbp] + adcx rbx,rax + adox r8,r9 + + mulx r9,rax,QWORD[8+rbp] + adcx r8,rax + adox r9,r10 + + mulx r10,rax,QWORD[16+rbp] + adcx r9,rax + adox r10,r11 + + mulx r11,rax,QWORD[24+rbp] + adcx r10,rax + adox r11,r12 + +DB 0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00 + adcx r11,rax + adox r12,r13 + + mulx r13,rax,QWORD[40+rbp] + adcx r12,rax + adox r13,r14 + + mulx r14,rax,QWORD[48+rbp] + mov QWORD[rcx*8+rdi],rbx + mov ebx,0 + adcx r13,rax + adox r14,r15 + +DB 0xc4,0x62,0xfb,0xf6,0xbd,0x38,0x00,0x00,0x00 + mov rdx,QWORD[8+rcx*8+rsi] + adcx r14,rax + adox r15,rbx + adcx r15,rbx + +DB 0x67 + inc rcx + jnz NEAR $L$sqrx8x_loop + + lea rbp,[64+rbp] + mov rcx,-8 + cmp rbp,QWORD[((8+8))+rsp] + je NEAR $L$sqrx8x_break + + sub rbx,QWORD[((16+8))+rsp] +DB 0x66 + mov rdx,QWORD[((-64))+rsi] + adcx r8,QWORD[rdi] + adcx r9,QWORD[8+rdi] + adc r10,QWORD[16+rdi] + adc r11,QWORD[24+rdi] + adc r12,QWORD[32+rdi] + adc r13,QWORD[40+rdi] + adc r14,QWORD[48+rdi] + adc r15,QWORD[56+rdi] + lea rdi,[64+rdi] +DB 0x67 + sbb rax,rax + xor ebx,ebx + mov QWORD[((16+8))+rsp],rax + jmp NEAR $L$sqrx8x_loop + +ALIGN 32 +$L$sqrx8x_break: + xor rbp,rbp + sub rbx,QWORD[((16+8))+rsp] + adcx r8,rbp + mov rcx,QWORD[((24+8))+rsp] + adcx r9,rbp + mov rdx,QWORD[rsi] + adc r10,0 + mov QWORD[rdi],r8 + adc r11,0 + adc r12,0 + adc r13,0 + adc r14,0 + adc r15,0 + cmp rdi,rcx + je NEAR $L$sqrx8x_outer_loop + + mov QWORD[8+rdi],r9 + mov r9,QWORD[8+rcx] + mov QWORD[16+rdi],r10 + mov r10,QWORD[16+rcx] + mov QWORD[24+rdi],r11 + mov r11,QWORD[24+rcx] + mov QWORD[32+rdi],r12 + mov r12,QWORD[32+rcx] + mov QWORD[40+rdi],r13 + mov r13,QWORD[40+rcx] + mov QWORD[48+rdi],r14 + mov r14,QWORD[48+rcx] + mov QWORD[56+rdi],r15 + mov r15,QWORD[56+rcx] + mov rdi,rcx + jmp NEAR $L$sqrx8x_outer_loop + +ALIGN 32 +$L$sqrx8x_outer_break: + mov QWORD[72+rdi],r9 +DB 102,72,15,126,217 + mov QWORD[80+rdi],r10 + mov QWORD[88+rdi],r11 + mov QWORD[96+rdi],r12 + mov QWORD[104+rdi],r13 + mov QWORD[112+rdi],r14 + lea rdi,[((48+8))+rsp] + mov rdx,QWORD[rcx*1+rsi] + + mov r11,QWORD[8+rdi] + xor r10,r10 + mov r9,QWORD[((0+8))+rsp] + adox r11,r11 + mov r12,QWORD[16+rdi] + mov r13,QWORD[24+rdi] + + +ALIGN 32 +$L$sqrx4x_shift_n_add: + mulx rbx,rax,rdx + adox r12,r12 + adcx rax,r10 +DB 0x48,0x8b,0x94,0x0e,0x08,0x00,0x00,0x00 +DB 0x4c,0x8b,0x97,0x20,0x00,0x00,0x00 + adox r13,r13 + adcx rbx,r11 + mov r11,QWORD[40+rdi] + mov QWORD[rdi],rax + mov QWORD[8+rdi],rbx + + mulx rbx,rax,rdx + adox r10,r10 + adcx rax,r12 + mov rdx,QWORD[16+rcx*1+rsi] + mov r12,QWORD[48+rdi] + adox r11,r11 + adcx rbx,r13 + mov r13,QWORD[56+rdi] + mov QWORD[16+rdi],rax + mov QWORD[24+rdi],rbx + + mulx rbx,rax,rdx + adox r12,r12 + adcx rax,r10 + mov rdx,QWORD[24+rcx*1+rsi] + lea rcx,[32+rcx] + mov r10,QWORD[64+rdi] + adox r13,r13 + adcx rbx,r11 + mov r11,QWORD[72+rdi] + mov QWORD[32+rdi],rax + mov QWORD[40+rdi],rbx + + mulx rbx,rax,rdx + adox r10,r10 + adcx rax,r12 + jrcxz $L$sqrx4x_shift_n_add_break +DB 0x48,0x8b,0x94,0x0e,0x00,0x00,0x00,0x00 + adox r11,r11 + adcx rbx,r13 + mov r12,QWORD[80+rdi] + mov r13,QWORD[88+rdi] + mov QWORD[48+rdi],rax + mov QWORD[56+rdi],rbx + lea rdi,[64+rdi] + nop + jmp NEAR $L$sqrx4x_shift_n_add + +ALIGN 32 +$L$sqrx4x_shift_n_add_break: + adcx rbx,r13 + mov QWORD[48+rdi],rax + mov QWORD[56+rdi],rbx + lea rdi,[64+rdi] +DB 102,72,15,126,213 +__bn_sqrx8x_reduction: + xor eax,eax + mov rbx,QWORD[((32+8))+rsp] + mov rdx,QWORD[((48+8))+rsp] + lea rcx,[((-64))+r9*1+rbp] + + mov QWORD[((0+8))+rsp],rcx + mov QWORD[((8+8))+rsp],rdi + + lea rdi,[((48+8))+rsp] + jmp NEAR $L$sqrx8x_reduction_loop + +ALIGN 32 +$L$sqrx8x_reduction_loop: + mov r9,QWORD[8+rdi] + mov r10,QWORD[16+rdi] + mov r11,QWORD[24+rdi] + mov r12,QWORD[32+rdi] + mov r8,rdx + imul rdx,rbx + mov r13,QWORD[40+rdi] + mov r14,QWORD[48+rdi] + mov r15,QWORD[56+rdi] + mov QWORD[((24+8))+rsp],rax + + lea rdi,[64+rdi] + xor rsi,rsi + mov rcx,-8 + jmp NEAR $L$sqrx8x_reduce + +ALIGN 32 +$L$sqrx8x_reduce: + mov rbx,r8 + mulx r8,rax,QWORD[rbp] + adcx rax,rbx + adox r8,r9 + + mulx r9,rbx,QWORD[8+rbp] + adcx r8,rbx + adox r9,r10 + + mulx r10,rbx,QWORD[16+rbp] + adcx r9,rbx + adox r10,r11 + + mulx r11,rbx,QWORD[24+rbp] + adcx r10,rbx + adox r11,r12 + +DB 0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00 + mov rax,rdx + mov rdx,r8 + adcx r11,rbx + adox r12,r13 + + mulx rdx,rbx,QWORD[((32+8))+rsp] + mov rdx,rax + mov QWORD[((64+48+8))+rcx*8+rsp],rax + + mulx r13,rax,QWORD[40+rbp] + adcx r12,rax + adox r13,r14 + + mulx r14,rax,QWORD[48+rbp] + adcx r13,rax + adox r14,r15 + + mulx r15,rax,QWORD[56+rbp] + mov rdx,rbx + adcx r14,rax + adox r15,rsi + adcx r15,rsi + +DB 0x67,0x67,0x67 + inc rcx + jnz NEAR $L$sqrx8x_reduce + + mov rax,rsi + cmp rbp,QWORD[((0+8))+rsp] + jae NEAR $L$sqrx8x_no_tail + + mov rdx,QWORD[((48+8))+rsp] + add r8,QWORD[rdi] + lea rbp,[64+rbp] + mov rcx,-8 + adcx r9,QWORD[8+rdi] + adcx r10,QWORD[16+rdi] + adc r11,QWORD[24+rdi] + adc r12,QWORD[32+rdi] + adc r13,QWORD[40+rdi] + adc r14,QWORD[48+rdi] + adc r15,QWORD[56+rdi] + lea rdi,[64+rdi] + sbb rax,rax + + xor rsi,rsi + mov QWORD[((16+8))+rsp],rax + jmp NEAR $L$sqrx8x_tail + +ALIGN 32 +$L$sqrx8x_tail: + mov rbx,r8 + mulx r8,rax,QWORD[rbp] + adcx rbx,rax + adox r8,r9 + + mulx r9,rax,QWORD[8+rbp] + adcx r8,rax + adox r9,r10 + + mulx r10,rax,QWORD[16+rbp] + adcx r9,rax + adox r10,r11 + + mulx r11,rax,QWORD[24+rbp] + adcx r10,rax + adox r11,r12 + +DB 0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00 + adcx r11,rax + adox r12,r13 + + mulx r13,rax,QWORD[40+rbp] + adcx r12,rax + adox r13,r14 + + mulx r14,rax,QWORD[48+rbp] + adcx r13,rax + adox r14,r15 + + mulx r15,rax,QWORD[56+rbp] + mov rdx,QWORD[((72+48+8))+rcx*8+rsp] + adcx r14,rax + adox r15,rsi + mov QWORD[rcx*8+rdi],rbx + mov rbx,r8 + adcx r15,rsi + + inc rcx + jnz NEAR $L$sqrx8x_tail + + cmp rbp,QWORD[((0+8))+rsp] + jae NEAR $L$sqrx8x_tail_done + + sub rsi,QWORD[((16+8))+rsp] + mov rdx,QWORD[((48+8))+rsp] + lea rbp,[64+rbp] + adc r8,QWORD[rdi] + adc r9,QWORD[8+rdi] + adc r10,QWORD[16+rdi] + adc r11,QWORD[24+rdi] + adc r12,QWORD[32+rdi] + adc r13,QWORD[40+rdi] + adc r14,QWORD[48+rdi] + adc r15,QWORD[56+rdi] + lea rdi,[64+rdi] + sbb rax,rax + sub rcx,8 + + xor rsi,rsi + mov QWORD[((16+8))+rsp],rax + jmp NEAR $L$sqrx8x_tail + +ALIGN 32 +$L$sqrx8x_tail_done: + xor rax,rax + add r8,QWORD[((24+8))+rsp] + adc r9,0 + adc r10,0 + adc r11,0 + adc r12,0 + adc r13,0 + adc r14,0 + adc r15,0 + adc rax,0 + + sub rsi,QWORD[((16+8))+rsp] +$L$sqrx8x_no_tail: + adc r8,QWORD[rdi] +DB 102,72,15,126,217 + adc r9,QWORD[8+rdi] + mov rsi,QWORD[56+rbp] +DB 102,72,15,126,213 + adc r10,QWORD[16+rdi] + adc r11,QWORD[24+rdi] + adc r12,QWORD[32+rdi] + adc r13,QWORD[40+rdi] + adc r14,QWORD[48+rdi] + adc r15,QWORD[56+rdi] + adc rax,0 + + mov rbx,QWORD[((32+8))+rsp] + mov rdx,QWORD[64+rcx*1+rdi] + + mov QWORD[rdi],r8 + lea r8,[64+rdi] + mov QWORD[8+rdi],r9 + mov QWORD[16+rdi],r10 + mov QWORD[24+rdi],r11 + mov QWORD[32+rdi],r12 + mov QWORD[40+rdi],r13 + mov QWORD[48+rdi],r14 + mov QWORD[56+rdi],r15 + + lea rdi,[64+rcx*1+rdi] + cmp r8,QWORD[((8+8))+rsp] + jb NEAR $L$sqrx8x_reduction_loop + DB 0F3h,0C3h ;repret + +ALIGN 32 +__bn_postx4x_internal: + mov r12,QWORD[rbp] + mov r10,rcx + mov r9,rcx + neg rax + sar rcx,3+2 + +DB 102,72,15,126,202 +DB 102,72,15,126,206 + dec r12 + mov r13,QWORD[8+rbp] + xor r8,r8 + mov r14,QWORD[16+rbp] + mov r15,QWORD[24+rbp] + jmp NEAR $L$sqrx4x_sub_entry + +ALIGN 16 +$L$sqrx4x_sub: + mov r12,QWORD[rbp] + mov r13,QWORD[8+rbp] + mov r14,QWORD[16+rbp] + mov r15,QWORD[24+rbp] +$L$sqrx4x_sub_entry: + andn r12,r12,rax + lea rbp,[32+rbp] + andn r13,r13,rax + andn r14,r14,rax + andn r15,r15,rax + + neg r8 + adc r12,QWORD[rdi] + adc r13,QWORD[8+rdi] + adc r14,QWORD[16+rdi] + adc r15,QWORD[24+rdi] + mov QWORD[rdx],r12 + lea rdi,[32+rdi] + mov QWORD[8+rdx],r13 + sbb r8,r8 + mov QWORD[16+rdx],r14 + mov QWORD[24+rdx],r15 + lea rdx,[32+rdx] + + inc rcx + jnz NEAR $L$sqrx4x_sub + + neg r9 + + DB 0F3h,0C3h ;repret + global bn_scatter5 ALIGN 16 @@ -2567,6 +3958,13 @@ ALIGN 4 DD $L$SEH_begin_bn_from_mont8x wrt ..imagebase DD $L$SEH_end_bn_from_mont8x wrt ..imagebase DD $L$SEH_info_bn_from_mont8x wrt ..imagebase + DD $L$SEH_begin_bn_mulx4x_mont_gather5 wrt ..imagebase + DD $L$SEH_end_bn_mulx4x_mont_gather5 wrt ..imagebase + DD $L$SEH_info_bn_mulx4x_mont_gather5 wrt ..imagebase + + DD $L$SEH_begin_bn_powerx5 wrt ..imagebase + DD $L$SEH_end_bn_powerx5 wrt ..imagebase + DD $L$SEH_info_bn_powerx5 wrt ..imagebase DD $L$SEH_begin_bn_gather5 wrt ..imagebase DD $L$SEH_end_bn_gather5 wrt ..imagebase DD $L$SEH_info_bn_gather5 wrt ..imagebase @@ -2593,6 +3991,16 @@ DB 9,0,0,0 DD mul_handler wrt ..imagebase DD $L$from_prologue wrt ..imagebase,$L$from_body wrt ..imagebase,$L$from_epilogue wrt ..imagebase ALIGN 8 +$L$SEH_info_bn_mulx4x_mont_gather5: +DB 9,0,0,0 + DD mul_handler wrt ..imagebase + DD $L$mulx4x_prologue wrt ..imagebase,$L$mulx4x_body wrt ..imagebase,$L$mulx4x_epilogue wrt ..imagebase +ALIGN 8 +$L$SEH_info_bn_powerx5: +DB 9,0,0,0 + DD mul_handler wrt ..imagebase + DD $L$powerx5_prologue wrt ..imagebase,$L$powerx5_body wrt ..imagebase,$L$powerx5_epilogue wrt ..imagebase +ALIGN 8 $L$SEH_info_bn_gather5: DB 0x01,0x0b,0x03,0x0a DB 0x0b,0x01,0x21,0x00 diff --git a/third_party/closure_compiler/externs/file_manager_private.js b/third_party/closure_compiler/externs/file_manager_private.js index c64d44ca29..ea7ef4df7a 100644 --- a/third_party/closure_compiler/externs/file_manager_private.js +++ b/third_party/closure_compiler/externs/file_manager_private.js @@ -736,7 +736,9 @@ chrome.fileManagerPrivate.isCrostiniEnabled = function(callback) {}; /** * Starts and mounts crostini container. - * @param {function(boolean)} callback + * @param {function()} callback Callback called after the crostini container + * is started and mounted. + * chrome.runtime.lastError will be set if there was an error. */ chrome.fileManagerPrivate.mountCrostiniContainer = function(callback) {}; diff --git a/third_party/freetype/README.chromium b/third_party/freetype/README.chromium index d206ee44fa..5e0a64bb66 100644 --- a/third_party/freetype/README.chromium +++ b/third_party/freetype/README.chromium @@ -1,7 +1,7 @@ Name: FreeType URL: http://www.freetype.org/ -Version: VER-2-9-67 -Revision: 2157d8fa6f7e12063ca166476ed2223d24234db7 +Version: VER-2-9-1-7 +Revision: 9e345c911714ed62250be13d03d72e25d91fbc77 License: Custom license "inspired by the BSD, Artistic, and IJG (Independent JPEG Group) licenses" License File: src/docs/FTL.TXT diff --git a/third_party/freetype/roll-freetype.sh b/third_party/freetype/roll-freetype.sh index 7e503e974f..7d5cbd3d0c 100755 --- a/third_party/freetype/roll-freetype.sh +++ b/third_party/freetype/roll-freetype.sh @@ -18,11 +18,10 @@ addtrybots() { } addotherprojectbugs() { - STEP="add pdfium and chromiumos bugs" && + STEP="add pdfium bug" && OLD_MSG=$(git show -s --format=%B HEAD) && git commit --amend -m"$OLD_MSG" -m" -PDFium-Issue: pdfium: -ChromiumOS-Issue: chromium:" +PDFium-Issue: pdfium:" } checkmodules() {