3 # ====================================================================
4 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
10 # On PA-7100LC this module performs ~90-50% better, less for longer
11 # keys, than code generated by gcc 3.2 for PA-RISC 1.1. Latter means
12 # that compiler utilized xmpyu instruction to perform 32x32=64-bit
13 # multiplication, which in turn means that "baseline" performance was
14 # optimal in respect to instruction set capabilities. Fair comparison
15 # with vendor compiler is problematic, because OpenSSL doesn't define
16 # BN_LLONG [presumably] for historical reasons, which drives compiler
17 # toward 4 times 16x16=32-bit multiplicatons [plus complementary
18 # shifts and additions] instead. This means that you should observe
19 # several times improvement over code generated by vendor compiler
20 # for PA-RISC 1.1, but the "baseline" is far from optimal. The actual
21 # improvement coefficient was never collected on PA-7100LC, or any
22 # other 1.1 CPU, because I don't have access to such machine with
23 # vendor compiler. But to give you a taste, PA-RISC 1.1 code path
24 # reportedly outperformed code generated by cc +DA1.1 +O3 by factor
27 # On PA-RISC 2.0 it has to compete with pa-risc2[W].s, which is
28 # reportedly ~2x faster than vendor compiler generated code [according
29 # to comment in pa-risc2[W].s]. Here comes a catch. Execution core of
30 # this implementation is actually 32-bit one, in the sense that it
31 # operates on 32-bit values. But pa-risc2[W].s operates on arrays of
32 # 64-bit BN_LONGs... How do they interoperate then? No problem. This
33 # module picks halves of 64-bit values in reverse order and pretends
34 # they were 32-bit BN_LONGs. But can 32-bit core compete with "pure"
35 # 64-bit code such as pa-risc2[W].s then? Well, the thing is that
36 # 32x32=64-bit multiplication is the best even PA-RISC 2.0 can do,
37 # i.e. there is no "wider" multiplication like on most other 64-bit
38 # platforms. This means that even being effectively 32-bit, this
39 # implementation performs "64-bit" computational task in same amount
40 # of arithmetic operations, most notably multiplications. It requires
41 # more memory references, most notably to tp[num], but this doesn't
42 # seem to exhaust memory port capacity. And indeed, dedicated PA-RISC
43 # 2.0 code path provides virtually same performance as pa-risc2[W].s:
44 # it's ~10% better for shortest key length and ~10% worse for longest
47 # In case it wasn't clear. The module has two distinct code paths:
48 # PA-RISC 1.1 and PA-RISC 2.0 ones. Latter features carry-free 64-bit
49 # additions and 64-bit integer loads, not to mention specific
50 # instruction scheduling. In 64-bit build naturally only 2.0 code path
51 # is assembled. In 32-bit application context both code paths are
52 # assembled, PA-RISC 2.0 CPU is detected at run-time and proper path
53 # is taken automatically. Also, in 32-bit build the module imposes
54 # couple of limitations: vector lengths has to be even and vector
55 # addresses has to be 64-bit aligned. Normally neither is a problem:
56 # most common key lengths are even and vectors are commonly malloc-ed,
57 # which ensures alignment.
59 # Special thanks to polarhome.com for providing HP-UX account on
60 # PA-RISC 1.1 machine, and to correspondent who chose to remain
61 # anonymous for testing the code on PA-RISC 2.0 machine.
63 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
68 open STDOUT,">$output";
70 if ($flavour =~ /64/) {
81 $LEVEL ="1.1"; #$LEVEL.="\n\t.ALLOW\t2.0";
90 if (open CONF,"<${dir}../../opensslconf.h") {
92 if (m/#\s*define\s+SIXTY_FOUR_BIT/) {
102 $FRAME=8*$SIZE_T+$FRAME_MARKER; # 8 saved regs + frame marker
103 # [+ argument transfer]
104 $LOCALS=$FRAME-$FRAME_MARKER;
105 $FRAME+=32; # local variables
115 $n0="%r22"; # passed through stack in 32-bit
116 $num="%r21"; # passed through stack in 32-bit
129 $xfer=$n0; # accomodates [-16..15] offset in fld[dw]s
131 $fm0="%fr4"; $fti=$fm0;
134 $fai="%fr6"; $fab0="%fr7"; $fab1="%fr8";
135 $fni="%fr9"; $fnm0="%fr10"; $fnm1="%fr11";
140 .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY
142 .EXPORT bn_mul_mont,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR
146 .CALLINFO FRAME=`$FRAME-8*$SIZE_T`,NO_CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=6
148 $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue
149 $PUSHMA %r3,$FRAME(%sp)
150 $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp)
151 $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp)
152 $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp)
153 $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp)
154 $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp)
155 $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp)
156 $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp)
159 $code.=<<___ if ($SIZE_T==4);
160 ldw `-$FRAME_MARKER-4`($fp),$n0
161 ldw `-$FRAME_MARKER-8`($fp),$num
165 $code.=<<___ if ($BN_SZ==4);
166 comiclr,<= 6,$num,%r0 ; are vectors long enough?
168 ldi 0,%r28 ; signal "unhandled"
169 add,ev %r0,$num,$num ; is $num even?
173 extru,= $ti1,31,3,%r0 ; are ap and np 64-bit aligned?
180 fldws,ma 4($bp),${fbi} ; bp[0]
182 $code.=<<___ if ($BN_SZ==8);
183 comib,> 3,$num,L\$abort ; are vectors long enough?
184 ldi 0,%r28 ; signal "unhandled"
185 addl $num,$num,$num ; I operate on 32-bit values
187 fldws 4($n0),${fn0} ; only low part of n0
188 fldws 4($bp),${fbi} ; bp[0] in flipped word order
191 fldds 0($ap),${fai} ; ap[0,1]
192 fldds 0($np),${fni} ; np[0,1]
194 sh2addl $num,%r0,$arrsz
196 ldo 36($arrsz),$hi1 ; space for tp[num+1]
197 andcm $hi1,$hi0,$hi1 ; align
199 $PUSH $fp,-$SIZE_T(%sp)
201 ldo `$LOCALS+16`($fp),$xfer
202 ldo `$LOCALS+32+4`($fp),$tp
204 xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[0]
205 xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[0]
206 xmpyu ${fn0},${fab0}R,${fm0}
208 addl $arrsz,$ap,$ap ; point at the end
210 subi 0,$arrsz,$idx ; j=0
211 ldo 8($idx),$idx ; j++++
213 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[0]*m
214 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[1]*m
215 fstds ${fab0},-16($xfer)
216 fstds ${fnm0},-8($xfer)
217 fstds ${fab1},0($xfer)
218 fstds ${fnm1},8($xfer)
219 flddx $idx($ap),${fai} ; ap[2,3]
220 flddx $idx($np),${fni} ; np[2,3]
222 $code.=<<___ if ($BN_SZ==4);
223 mtctl $hi0,%cr11 ; $hi0 still holds 31
224 extrd,u,*= $hi0,%sar,1,$hi0 ; executes on PA-RISC 1.0
228 $code.=<<___; # PA-RISC 2.0 code-path
229 xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0]
230 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m
232 fstds ${fab0},-16($xfer)
234 extrd,u $ab0,31,32,$hi0
235 extrd,u $ab0,63,32,$ab0
237 fstds ${fnm0},-8($xfer)
238 ldo 8($idx),$idx ; j++++
239 addl $ab0,$nm0,$nm0 ; low part is discarded
240 extrd,u $nm0,31,32,$hi1
243 xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[0]
244 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m
246 fstds ${fab1},0($xfer)
248 extrd,u $ab1,31,32,$hi0
250 fstds ${fnm1},8($xfer)
251 extrd,u $ab1,63,32,$ab1
253 flddx $idx($ap),${fai} ; ap[j,j+1]
254 flddx $idx($np),${fni} ; np[j,j+1]
256 extrd,u $nm1,31,32,$hi1
258 xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0]
259 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m
261 fstds ${fab0},-16($xfer)
263 extrd,u $ab0,31,32,$hi0
265 fstds ${fnm0},-8($xfer)
266 extrd,u $ab0,63,32,$ab0
268 stw $nm1,-4($tp) ; tp[j-1]
270 stw,ma $nm0,8($tp) ; tp[j-1]
271 addib,<> 8,$idx,L\$1st ; j++++
272 extrd,u $nm0,31,32,$hi1
274 xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[0]
275 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m
277 fstds ${fab1},0($xfer)
279 extrd,u $ab1,31,32,$hi0
281 fstds ${fnm1},8($xfer)
282 extrd,u $ab1,63,32,$ab1
287 extrd,u $nm1,31,32,$hi1
290 extrd,u $ab0,31,32,$hi0
291 stw $nm1,-4($tp) ; tp[j-1]
292 extrd,u $ab0,63,32,$ab0
297 extrd,u $nm0,31,32,$hi1
298 stw,ma $nm0,8($tp) ; tp[j-1]
300 ldo -1($num),$num ; i--
301 subi 0,$arrsz,$idx ; j=0
303 $code.=<<___ if ($BN_SZ==4);
304 fldws,ma 4($bp),${fbi} ; bp[1]
306 $code.=<<___ if ($BN_SZ==8);
307 fldws 0($bp),${fbi} ; bp[1] in flipped word order
310 flddx $idx($ap),${fai} ; ap[0,1]
311 flddx $idx($np),${fni} ; np[0,1]
312 fldws 8($xfer),${fti}R ; tp[0]
314 extrd,u $ab1,31,32,$hi0
315 extrd,u $ab1,63,32,$ab1
316 ldo 8($idx),$idx ; j++++
317 xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[1]
318 xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[1]
321 extrd,u $nm1,31,32,$hi1
322 fstws,mb ${fab0}L,-8($xfer) ; save high part
323 stw $nm1,-4($tp) ; tp[j-1]
325 fcpy,sgl %fr0,${fti}L ; zero high part
326 fcpy,sgl %fr0,${fab0}L
328 extrd,u $hi0,31,32,$hi1
329 fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double
330 fcnvxf,dbl,dbl ${fab0},${fab0}
334 fadd,dbl ${fti},${fab0},${fab0} ; add tp[0]
335 fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int
336 xmpyu ${fn0},${fab0}R,${fm0}
337 ldo `$LOCALS+32+4`($fp),$tp
339 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[0]*m
340 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[1]*m
341 fstds ${fab0},-16($xfer) ; 33-bit value
342 fstds ${fnm0},-8($xfer)
343 flddx $idx($ap),${fai} ; ap[2]
344 flddx $idx($np),${fni} ; np[2]
345 ldo 8($idx),$idx ; j++++
346 ldd -16($xfer),$ab0 ; 33-bit value
348 ldw 0($xfer),$hi0 ; high part
350 xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i]
351 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m
352 extrd,u $ab0,31,32,$ti0 ; carry bit
353 extrd,u $ab0,63,32,$ab0
354 fstds ${fab1},0($xfer)
355 addl $ti0,$hi0,$hi0 ; account carry bit
356 fstds ${fnm1},8($xfer)
357 addl $ab0,$nm0,$nm0 ; low part is discarded
358 ldw 0($tp),$ti1 ; tp[1]
359 extrd,u $nm0,31,32,$hi1
360 fstds ${fab0},-16($xfer)
361 fstds ${fnm0},-8($xfer)
364 xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[i]
365 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m
367 fstds ${fab1},0($xfer)
371 fstds ${fnm1},8($xfer)
372 extrd,u $ab1,31,32,$hi0
373 extrd,u $ab1,63,32,$ab1
374 flddx $idx($ap),${fai} ; ap[j,j+1]
375 flddx $idx($np),${fni} ; np[j,j+1]
378 ldw 4($tp),$ti0 ; tp[j]
379 stw $nm1,-4($tp) ; tp[j-1]
381 xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i]
382 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m
384 fstds ${fab0},-16($xfer)
388 fstds ${fnm0},-8($xfer)
389 extrd,u $ab0,31,32,$hi0
390 extrd,u $nm1,31,32,$hi1
391 ldw 8($tp),$ti1 ; tp[j]
392 extrd,u $ab0,63,32,$ab0
395 stw,ma $nm0,8($tp) ; tp[j-1]
396 addib,<> 8,$idx,L\$inner ; j++++
397 extrd,u $nm0,31,32,$hi1
399 xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[i]
400 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m
402 fstds ${fab1},0($xfer)
406 fstds ${fnm1},8($xfer)
407 extrd,u $ab1,31,32,$hi0
408 extrd,u $ab1,63,32,$ab1
409 ldw 4($tp),$ti0 ; tp[j]
414 extrd,u $nm1,31,32,$hi1
418 stw $nm1,-4($tp) ; tp[j-1]
419 extrd,u $ab0,31,32,$hi0
420 ldw 8($tp),$ti1 ; tp[j]
421 extrd,u $ab0,63,32,$ab0
426 extrd,u $nm0,31,32,$hi1
427 stw,ma $nm0,8($tp) ; tp[j-1]
429 addib,= -1,$num,L\$outerdone ; i--
430 subi 0,$arrsz,$idx ; j=0
432 $code.=<<___ if ($BN_SZ==4);
433 fldws,ma 4($bp),${fbi} ; bp[i]
435 $code.=<<___ if ($BN_SZ==8);
436 ldi 12,$ti0 ; bp[i] in flipped word order
437 addl,ev %r0,$num,$num
443 flddx $idx($ap),${fai} ; ap[0]
445 flddx $idx($np),${fni} ; np[0]
446 fldws 8($xfer),${fti}R ; tp[0]
448 extrd,u $ab1,31,32,$hi0
449 extrd,u $ab1,63,32,$ab1
451 ldo 8($idx),$idx ; j++++
452 xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[i]
453 xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[i]
454 ldw 4($tp),$ti0 ; tp[j]
457 fstws,mb ${fab0}L,-8($xfer) ; save high part
459 extrd,u $nm1,31,32,$hi1
460 fcpy,sgl %fr0,${fti}L ; zero high part
461 fcpy,sgl %fr0,${fab0}L
462 stw $nm1,-4($tp) ; tp[j-1]
464 fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double
465 fcnvxf,dbl,dbl ${fab0},${fab0}
467 fadd,dbl ${fti},${fab0},${fab0} ; add tp[0]
469 extrd,u $hi0,31,32,$hi1
470 fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int
473 xmpyu ${fn0},${fab0}R,${fm0}
476 ldo `$LOCALS+32+4`($fp),$tp
481 extrd,u $ab1,31,32,$hi0
482 extrd,u $ab1,63,32,$ab1
484 ldw 4($tp),$ti0 ; tp[j]
488 extrd,u $nm1,31,32,$hi1
489 stw $nm1,-4($tp) ; tp[j-1]
493 extrd,u $hi0,31,32,$hi1
497 ldo `$LOCALS+32`($fp),$tp
498 sub %r0,%r0,%r0 ; clear borrow
500 $code.=<<___ if ($BN_SZ==4);
502 extru,= $rp,31,3,%r0 ; is rp 64-bit aligned?
509 addib,<> 4,$idx,L\$sub
514 $code.=<<___ if ($BN_SZ==8);
518 shrpd $ti0,$ti0,32,$ti0 ; flip word order
519 std $ti0,-8($tp) ; save flipped value
520 sub,db $ti0,$hi0,$hi1
522 addib,<> 8,$idx,L\$sub
525 extrd,u $ti0,31,32,$ti0 ; carry in flipped word order
529 ldo `$LOCALS+32`($fp),$tp
530 sub $rp,$arrsz,$rp ; rewind rp
538 addib,<> 8,$idx,L\$copy
542 if ($BN_SZ==4) { # PA-RISC 1.1 code-path
556 xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0]
557 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m
562 fstds ${fab0},-16($xfer)
563 fstds ${fnm0},-8($xfer)
565 ldo 8($idx),$idx ; j++++
566 add $ablo,$nmlo0,$nmlo0 ; discarded
573 xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[0]
574 flddx $idx($ap),${fai} ; ap[j,j+1]
575 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m
576 flddx $idx($np),${fni} ; np[j,j+1]
581 add $ablo,$nmlo1,$nmlo1
582 fstds ${fab1},0($xfer)
583 addc %r0,$nmhi1,$nmhi1
584 fstds ${fnm1},8($xfer)
585 add $hi1,$nmlo1,$nmlo1
590 xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0]
592 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m
595 stw $nmlo1,-4($tp) ; tp[j-1]
597 fstds ${fab0},-16($xfer)
598 add $ablo,$nmlo0,$nmlo0
599 fstds ${fnm0},-8($xfer)
600 addc %r0,$nmhi0,$nmhi0
602 add $hi1,$nmlo0,$nmlo0
604 stws,ma $nmlo0,8($tp) ; tp[j-1]
605 addib,<> 8,$idx,L\$1st_pa11 ; j++++
610 xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[0]
611 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m
613 fstds ${fab1},0($xfer)
615 fstds ${fnm1},8($xfer)
616 add $ablo,$nmlo1,$nmlo1
618 addc %r0,$nmhi1,$nmhi1
620 add $hi1,$nmlo1,$nmlo1
626 stw $nmlo1,-4($tp) ; tp[j-1]
629 add $ablo,$nmlo0,$nmlo0
631 addc %r0,$nmhi0,$nmhi0
632 ldws,mb 8($xfer),$nmhi1
633 add $hi1,$nmlo0,$nmlo0
636 stws,ma $nmlo0,8($tp) ; tp[j-1]
638 ldo -1($num),$num ; i--
639 subi 0,$arrsz,$idx ; j=0
641 fldws,ma 4($bp),${fbi} ; bp[1]
642 flddx $idx($ap),${fai} ; ap[0,1]
643 flddx $idx($np),${fni} ; np[0,1]
644 fldws 8($xfer),${fti}R ; tp[0]
647 ldo 8($idx),$idx ; j++++
648 xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[1]
649 xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[1]
650 add $hi1,$nmlo1,$nmlo1
651 addc %r0,$nmhi1,$nmhi1
652 add $ablo,$nmlo1,$nmlo1
654 fstws,mb ${fab0}L,-8($xfer) ; save high part
655 stw $nmlo1,-4($tp) ; tp[j-1]
657 fcpy,sgl %fr0,${fti}L ; zero high part
658 fcpy,sgl %fr0,${fab0}L
661 fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double
662 fcnvxf,dbl,dbl ${fab0},${fab0}
666 fadd,dbl ${fti},${fab0},${fab0} ; add tp[0]
667 fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int
668 xmpyu ${fn0},${fab0}R,${fm0}
669 ldo `$LOCALS+32+4`($fp),$tp
671 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[0]*m
672 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[1]*m
673 fstds ${fab0},-16($xfer) ; 33-bit value
674 fstds ${fnm0},-8($xfer)
675 flddx $idx($ap),${fai} ; ap[2,3]
676 flddx $idx($np),${fni} ; np[2,3]
677 ldw -16($xfer),$abhi ; carry bit actually
678 ldo 8($idx),$idx ; j++++
682 ldw 0($xfer),$hi0 ; high part
684 xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i]
685 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m
686 fstds ${fab1},0($xfer)
687 addl $abhi,$hi0,$hi0 ; account carry bit
688 fstds ${fnm1},8($xfer)
689 add $ablo,$nmlo0,$nmlo0 ; discarded
690 ldw 0($tp),$ti1 ; tp[1]
692 fstds ${fab0},-16($xfer)
693 fstds ${fnm0},-8($xfer)
698 xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[i]
699 flddx $idx($ap),${fai} ; ap[j,j+1]
700 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m
701 flddx $idx($np),${fni} ; np[j,j+1]
703 ldw 4($tp),$ti0 ; tp[j]
709 fstds ${fab1},0($xfer)
710 add $ablo,$nmlo1,$nmlo1
711 fstds ${fnm1},8($xfer)
712 addc %r0,$nmhi1,$nmhi1
714 add $hi1,$nmlo1,$nmlo1
718 xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i]
719 ldw 8($tp),$ti1 ; tp[j]
720 xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m
725 stw $nmlo1,-4($tp) ; tp[j-1]
727 fstds ${fab0},-16($xfer)
729 fstds ${fnm0},-8($xfer)
730 add $ablo,$nmlo0,$nmlo0
732 addc %r0,$nmhi0,$nmhi0
734 add $hi1,$nmlo0,$nmlo0
735 stws,ma $nmlo0,8($tp) ; tp[j-1]
736 addib,<> 8,$idx,L\$inner_pa11 ; j++++
739 xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[i]
741 xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m
744 ldw 4($tp),$ti0 ; tp[j]
746 fstds ${fab1},0($xfer)
748 fstds ${fnm1},8($xfer)
751 add $ablo,$nmlo1,$nmlo1
753 addc %r0,$nmhi1,$nmhi1
755 add $hi1,$nmlo1,$nmlo1
760 stw $nmlo1,-4($tp) ; tp[j-1]
763 ldw 8($tp),$ti1 ; tp[j]
766 add $ablo,$nmlo0,$nmlo0
768 addc %r0,$nmhi0,$nmhi0
769 ldws,mb 8($xfer),$nmhi1
770 add $hi1,$nmlo0,$nmlo0
773 stws,ma $nmlo0,8($tp) ; tp[j-1]
775 addib,= -1,$num,L\$outerdone_pa11; i--
776 subi 0,$arrsz,$idx ; j=0
778 fldws,ma 4($bp),${fbi} ; bp[i]
779 flddx $idx($ap),${fai} ; ap[0]
782 flddx $idx($np),${fni} ; np[0]
783 fldws 8($xfer),${fti}R ; tp[0]
787 ldo 8($idx),$idx ; j++++
788 xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[i]
789 xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[i]
790 ldw 4($tp),$ti0 ; tp[j]
792 add $hi1,$nmlo1,$nmlo1
793 addc %r0,$nmhi1,$nmhi1
794 fstws,mb ${fab0}L,-8($xfer) ; save high part
795 add $ablo,$nmlo1,$nmlo1
797 fcpy,sgl %fr0,${fti}L ; zero high part
798 fcpy,sgl %fr0,${fab0}L
799 stw $nmlo1,-4($tp) ; tp[j-1]
801 fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double
802 fcnvxf,dbl,dbl ${fab0},${fab0}
805 fadd,dbl ${fti},${fab0},${fab0} ; add tp[0]
808 fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int
811 xmpyu ${fn0},${fab0}R,${fm0}
814 ldo `$LOCALS+32+4`($fp),$tp
822 ldw 4($tp),$ti0 ; tp[j]
824 add $hi1,$nmlo1,$nmlo1
825 addc %r0,$nmhi1,$nmhi1
826 add $ablo,$nmlo1,$nmlo1
828 stw $nmlo1,-4($tp) ; tp[j-1]
837 ldo `$LOCALS+32+4`($fp),$tp
838 sub %r0,%r0,%r0 ; clear borrow
845 addib,<> 4,$idx,L\$sub_pa11
850 ldo `$LOCALS+32`($fp),$tp
851 sub $rp,$arrsz,$rp ; rewind rp
859 addib,<> 4,$idx,L\$copy_pa11
868 ldi 1,%r28 ; signal "handled"
869 ldo $FRAME($fp),%sp ; destroy tp[num+1]
871 $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue
872 $POP `-$FRAME+1*$SIZE_T`(%sp),%r4
873 $POP `-$FRAME+2*$SIZE_T`(%sp),%r5
874 $POP `-$FRAME+3*$SIZE_T`(%sp),%r6
875 $POP `-$FRAME+4*$SIZE_T`(%sp),%r7
876 $POP `-$FRAME+5*$SIZE_T`(%sp),%r8
877 $POP `-$FRAME+6*$SIZE_T`(%sp),%r9
878 $POP `-$FRAME+7*$SIZE_T`(%sp),%r10
882 $POPMB -$FRAME(%sp),%r3
884 .STRINGZ "Montgomery Multiplication for PA-RISC, CRYPTOGAMS by <appro\@openssl.org>"
887 # Explicitly encode PA-RISC 2.0 instructions used in this module, so
888 # that it can be compiled with .LEVEL 1.0. It should be noted that I
889 # wouldn't have to do this, if GNU assembler understood .ALLOW 2.0
893 my ($mod,$args) = @_;
894 my $orig = "ldd$mod\t$args";
896 if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 4
897 { my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3;
898 sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
900 elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 5
901 { my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3;
902 $opcode|=(($1&0xF)<<17)|(($1&0x10)<<12); # encode offset
903 $opcode|=(1<<5) if ($mod =~ /^,m/);
904 $opcode|=(1<<13) if ($mod =~ /^,mb/);
905 sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
911 my ($mod,$args) = @_;
912 my $orig = "std$mod\t$args";
914 if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 6
915 { my $opcode=(0x03<<26)|($3<<21)|($1<<16)|(1<<12)|(0xB<<6);
916 $opcode|=(($2&0xF)<<1)|(($2&0x10)>>4); # encode offset
917 $opcode|=(1<<5) if ($mod =~ /^,m/);
918 $opcode|=(1<<13) if ($mod =~ /^,mb/);
919 sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
925 my ($mod,$args) = @_;
926 my $orig = "extrd$mod\t$args";
928 # I only have ",u" completer, it's implicitly encoded...
929 if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/) # format 15
930 { my $opcode=(0x36<<26)|($1<<21)|($4<<16);
932 $opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5); # encode pos
933 $opcode |= (($len&0x20)<<7)|($len&0x1f); # encode len
934 sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
936 elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/) # format 12
937 { my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9);
939 $opcode |= (($len&0x20)<<3)|($len&0x1f); # encode len
940 $opcode |= (1<<13) if ($mod =~ /,\**=/);
941 sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
947 my ($mod,$args) = @_;
948 my $orig = "shrpd$mod\t$args";
950 if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/) # format 14
951 { my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4;
953 $opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5); # encode sa
954 sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig;
960 my ($mod,$args) = @_;
961 my $orig = "sub$mod\t$args";
963 if ($mod eq ",db" && $args =~ /%r([0-9]+),%r([0-9]+),%r([0-9]+)/) {
964 my $opcode=(0x02<<26)|($2<<21)|($1<<16)|$3;
965 $opcode|=(1<<10); # e1
966 $opcode|=(1<<8); # e2
968 sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig
974 my ($mnemonic,$mod,$args)=@_;
975 my $opcode = eval("\$$mnemonic");
977 ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args";
980 foreach (split("\n",$code)) {
981 s/\`([^\`]*)\`/eval $1/ge;
982 # flip word order in 64-bit mode...
983 s/(xmpyu\s+)($fai|$fni)([LR])/$1.$2.($3 eq "L"?"R":"L")/e if ($BN_SZ==8);
984 # assemble 2.0 instructions in 32-bit mode...
985 s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4);
987 s/\bbv\b/bve/gm if ($SIZE_T==8);
projects / openssl.git / blob