3 # ====================================================================
4 # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
12 # Montgomery multiplication routine for x86_64. While it gives modest
13 # 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more
14 # than twice, >2x, as fast. Most common rsa1024 sign is improved by
15 # respectful 50%. It remains to be seen if loop unrolling and
16 # dedicated squaring routine can provide further improvement...
20 # Add dedicated squaring procedure. Performance improvement varies
21 # from platform to platform, but in average it's ~5%/15%/25%/33%
22 # for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
26 # Unroll and modulo-schedule inner loops in such manner that they
27 # are "fallen through" for input lengths of 8, which is critical for
28 # 1024-bit RSA *sign*. Average performance improvement in comparison
29 # to *initial* version of this module from 2005 is ~0%/30%/40%/45%
30 # for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
34 # Optimize reduction in squaring procedure and improve 1024+-bit RSA
35 # sign performance by 10-16% on Intel Sandy Bridge and later
36 # (virtually same on non-Intel processors).
40 # Add MULX/ADOX/ADCX code path.
44 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
46 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
48 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
49 ( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
50 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
51 die "can't locate x86_64-xlate.pl";
53 open OUT,"| \"$^X\" $xlate $flavour $output";
56 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
57 =~ /GNU assembler version ([2-9]\.[0-9]+)/) {
61 if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
62 `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) {
66 if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
67 `ml64 2>&1` =~ /Version ([0-9]+)\./) {
71 if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
72 my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
77 $rp="%rdi"; # BN_ULONG *rp,
78 $ap="%rsi"; # const BN_ULONG *ap,
79 $bp="%rdx"; # const BN_ULONG *bp,
80 $np="%rcx"; # const BN_ULONG *np,
81 $n0="%r8"; # const BN_ULONG *n0,
82 $num="%r9"; # int num);
94 .extern OPENSSL_ia32cap_P
97 .type bn_mul_mont,\@function,6
107 $code.=<<___ if ($addx);
108 mov OPENSSL_ia32cap_P+8(%rip),%r11d
128 lea -16(%rsp,$num,8),%r10 # future alloca(8*(num+2))
129 neg $num # restore $num
130 and \$-1024,%r10 # minimize TLB usage
132 # Some OSes, *cough*-dows, insist on stack being "wired" to
133 # physical memory in strictly sequential manner, i.e. if stack
134 # allocation spans two pages, then reference to farmost one can
135 # be punishable by SEGV. But page walking can do good even on
136 # other OSes, because it guarantees that villain thread hits
137 # the guard page before it can make damage to innocent one...
144 jmp .Lmul_page_walk_done
152 .Lmul_page_walk_done:
154 mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
156 mov $bp,%r12 # reassign $bp
160 mov ($n0),$n0 # pull n0[0] value
161 mov ($bp),$m0 # m0=bp[0]
168 mulq $m0 # ap[0]*bp[0]
172 imulq $lo0,$m1 # "tp[0]"*n0
176 add %rax,$lo0 # discarded
189 add $hi0,$hi1 # np[j]*m1+ap[j]*bp[0]
192 mov $hi1,-16(%rsp,$j,8) # tp[j-1]
196 mulq $m0 # ap[j]*bp[0]
208 mov ($ap),%rax # ap[0]
210 add $hi0,$hi1 # np[j]*m1+ap[j]*bp[0]
212 mov $hi1,-16(%rsp,$j,8) # tp[j-1]
219 mov $hi1,-8(%rsp,$num,8)
220 mov %rdx,(%rsp,$num,8) # store upmost overflow bit
226 mov ($bp,$i,8),$m0 # m0=bp[i]
230 mulq $m0 # ap[0]*bp[i]
231 add %rax,$lo0 # ap[0]*bp[i]+tp[0]
235 imulq $lo0,$m1 # tp[0]*n0
239 add %rax,$lo0 # discarded
242 mov 8(%rsp),$lo0 # tp[1]
253 add $lo0,$hi1 # np[j]*m1+ap[j]*bp[i]+tp[j]
256 mov $hi1,-16(%rsp,$j,8) # tp[j-1]
260 mulq $m0 # ap[j]*bp[i]
264 add $hi0,$lo0 # ap[j]*bp[i]+tp[j]
274 mov ($ap),%rax # ap[0]
276 add $lo0,$hi1 # np[j]*m1+ap[j]*bp[i]+tp[j]
279 mov $hi1,-16(%rsp,$j,8) # tp[j-1]
285 add $lo0,$hi1 # pull upmost overflow bit
287 mov $hi1,-8(%rsp,$num,8)
288 mov %rdx,(%rsp,$num,8) # store upmost overflow bit
294 xor $i,$i # i=0 and clear CF!
295 mov (%rsp),%rax # tp[0]
296 lea (%rsp),$ap # borrow ap for tp
300 .Lsub: sbb ($np,$i,8),%rax
301 mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i]
302 mov 8($ap,$i,8),%rax # tp[i+1]
304 dec $j # doesnn't affect CF!
307 sbb \$0,%rax # handle upmost overflow bit
314 or $np,$ap # ap=borrow?tp:rp
316 .Lcopy: # copy or in-place refresh
318 mov $i,(%rsp,$i,8) # zap temporary vector
319 mov %rax,($rp,$i,8) # rp[i]=tp[i]
324 mov 8(%rsp,$num,8),%rsi # restore %rsp
335 .size bn_mul_mont,.-bn_mul_mont
338 my @A=("%r10","%r11");
339 my @N=("%r13","%rdi");
341 .type bn_mul4x_mont,\@function,6
348 $code.=<<___ if ($addx);
363 lea -32(%rsp,$num,8),%r10 # future alloca(8*(num+4))
365 and \$-1024,%r10 # minimize TLB usage
373 jmp .Lmul4x_page_walk_done
380 .Lmul4x_page_walk_done:
382 mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp
384 mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp
385 mov %rdx,%r12 # reassign $bp
389 mov ($n0),$n0 # pull n0[0] value
390 mov ($bp),$m0 # m0=bp[0]
397 mulq $m0 # ap[0]*bp[0]
401 imulq $A[0],$m1 # "tp[0]"*n0
405 add %rax,$A[0] # discarded
428 mulq $m0 # ap[j]*bp[0]
430 mov -16($np,$j,8),%rax
436 mov -8($ap,$j,8),%rax
438 add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0]
440 mov $N[0],-24(%rsp,$j,8) # tp[j-1]
443 mulq $m0 # ap[j]*bp[0]
445 mov -8($np,$j,8),%rax
453 add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0]
455 mov $N[1],-16(%rsp,$j,8) # tp[j-1]
458 mulq $m0 # ap[j]*bp[0]
468 add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0]
470 mov $N[0],-8(%rsp,$j,8) # tp[j-1]
473 mulq $m0 # ap[j]*bp[0]
482 mov -16($ap,$j,8),%rax
484 add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0]
486 mov $N[1],-32(%rsp,$j,8) # tp[j-1]
491 mulq $m0 # ap[j]*bp[0]
493 mov -16($np,$j,8),%rax
499 mov -8($ap,$j,8),%rax
501 add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0]
503 mov $N[0],-24(%rsp,$j,8) # tp[j-1]
506 mulq $m0 # ap[j]*bp[0]
508 mov -8($np,$j,8),%rax
514 mov ($ap),%rax # ap[0]
516 add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0]
518 mov $N[1],-16(%rsp,$j,8) # tp[j-1]
524 mov $N[0],-8(%rsp,$j,8)
525 mov $N[1],(%rsp,$j,8) # store upmost overflow bit
530 mov ($bp,$i,8),$m0 # m0=bp[i]
534 mulq $m0 # ap[0]*bp[i]
535 add %rax,$A[0] # ap[0]*bp[i]+tp[0]
539 imulq $A[0],$m1 # tp[0]*n0
543 add %rax,$A[0] # "$N[0]", discarded
548 mulq $m0 # ap[j]*bp[i]
552 add 8(%rsp),$A[1] # +tp[1]
560 add $A[1],$N[1] # np[j]*m1+ap[j]*bp[i]+tp[j]
563 mov $N[1],(%rsp) # tp[j-1]
568 mulq $m0 # ap[j]*bp[i]
570 mov -16($np,$j,8),%rax
572 add -16(%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j]
578 mov -8($ap,$j,8),%rax
582 mov $N[0],-24(%rsp,$j,8) # tp[j-1]
585 mulq $m0 # ap[j]*bp[i]
587 mov -8($np,$j,8),%rax
589 add -8(%rsp,$j,8),$A[1]
599 mov $N[1],-16(%rsp,$j,8) # tp[j-1]
602 mulq $m0 # ap[j]*bp[i]
606 add (%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j]
616 mov $N[0],-8(%rsp,$j,8) # tp[j-1]
619 mulq $m0 # ap[j]*bp[i]
623 add 8(%rsp,$j,8),$A[1]
630 mov -16($ap,$j,8),%rax
634 mov $N[1],-32(%rsp,$j,8) # tp[j-1]
639 mulq $m0 # ap[j]*bp[i]
641 mov -16($np,$j,8),%rax
643 add -16(%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j]
649 mov -8($ap,$j,8),%rax
653 mov $N[0],-24(%rsp,$j,8) # tp[j-1]
656 mulq $m0 # ap[j]*bp[i]
658 mov -8($np,$j,8),%rax
660 add -8(%rsp,$j,8),$A[1]
667 mov ($ap),%rax # ap[0]
671 mov $N[1],-16(%rsp,$j,8) # tp[j-1]
677 add (%rsp,$num,8),$N[0] # pull upmost overflow bit
679 mov $N[0],-8(%rsp,$j,8)
680 mov $N[1],(%rsp,$j,8) # store upmost overflow bit
686 my @ri=("%rax","%rdx",$m0,$m1);
688 mov 16(%rsp,$num,8),$rp # restore $rp
689 mov 0(%rsp),@ri[0] # tp[0]
691 mov 8(%rsp),@ri[1] # tp[1]
692 shr \$2,$num # num/=4
693 lea (%rsp),$ap # borrow ap for tp
694 xor $i,$i # i=0 and clear CF!
697 mov 16($ap),@ri[2] # tp[2]
698 mov 24($ap),@ri[3] # tp[3]
700 lea -1($num),$j # j=num/4-1
704 mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i]
705 mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i]
706 sbb 16($np,$i,8),@ri[2]
707 mov 32($ap,$i,8),@ri[0] # tp[i+1]
708 mov 40($ap,$i,8),@ri[1]
709 sbb 24($np,$i,8),@ri[3]
710 mov @ri[2],16($rp,$i,8) # rp[i]=tp[i]-np[i]
711 mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i]
712 sbb 32($np,$i,8),@ri[0]
713 mov 48($ap,$i,8),@ri[2]
714 mov 56($ap,$i,8),@ri[3]
715 sbb 40($np,$i,8),@ri[1]
717 dec $j # doesnn't affect CF!
720 mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i]
721 mov 32($ap,$i,8),@ri[0] # load overflow bit
722 sbb 16($np,$i,8),@ri[2]
723 mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i]
724 sbb 24($np,$i,8),@ri[3]
725 mov @ri[2],16($rp,$i,8) # rp[i]=tp[i]-np[i]
727 sbb \$0,@ri[0] # handle upmost overflow bit
728 mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i]
735 or $np,$ap # ap=borrow?tp:rp
742 .Lcopy4x: # copy or in-place refresh
743 movdqu 16($ap,$i),%xmm2
744 movdqu 32($ap,$i),%xmm1
745 movdqa %xmm0,16(%rsp,$i)
746 movdqu %xmm2,16($rp,$i)
747 movdqa %xmm0,32(%rsp,$i)
748 movdqu %xmm1,32($rp,$i)
754 movdqu 16($ap,$i),%xmm2
755 movdqa %xmm0,16(%rsp,$i)
756 movdqu %xmm2,16($rp,$i)
760 mov 8(%rsp,$num,8),%rsi # restore %rsp
771 .size bn_mul4x_mont,.-bn_mul4x_mont
775 ######################################################################
776 # void bn_sqr8x_mont(
777 my $rptr="%rdi"; # const BN_ULONG *rptr,
778 my $aptr="%rsi"; # const BN_ULONG *aptr,
779 my $bptr="%rdx"; # not used
780 my $nptr="%rcx"; # const BN_ULONG *nptr,
781 my $n0 ="%r8"; # const BN_ULONG *n0);
782 my $num ="%r9"; # int num, has to be divisible by 8
784 my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
785 my @A0=("%r10","%r11");
786 my @A1=("%r12","%r13");
787 my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
789 $code.=<<___ if ($addx);
790 .extern bn_sqrx8x_internal # see x86_64-mont5 module
793 .extern bn_sqr8x_internal # see x86_64-mont5 module
795 .type bn_sqr8x_mont,\@function,6
809 shl \$3,${num}d # convert $num to bytes
810 shl \$3+2,%r10 # 4*$num
813 ##############################################################
814 # ensure that stack frame doesn't alias with $aptr modulo
815 # 4096. this is done to allow memory disambiguation logic
818 lea -64(%rsp,$num,2),%r11
825 sub %r11,%rbp # align with $aptr
826 lea -64(%rbp,$num,2),%rbp # future alloca(frame+2*$num)
831 lea 4096-64(,$num,2),%r10 # 4096-frame-2*$num
832 lea -64(%rbp,$num,2),%rbp # future alloca(frame+2*$num)
846 jmp .Lsqr8x_page_walk_done
854 .Lsqr8x_page_walk_done:
860 mov %rax, 40(%rsp) # save original %rsp
863 movq $nptr, %xmm2 # save pointer to modulus
865 movq $rptr,%xmm1 # save $rptr
866 movq %r10, %xmm3 # -$num
868 $code.=<<___ if ($addx);
869 mov OPENSSL_ia32cap_P+8(%rip),%eax
874 call bn_sqrx8x_internal # see x86_64-mont5 module
875 # %rax top-most carry
878 # %r8 end of tp[2*num]
883 sar \$3+2,%rcx # %cf=0
890 call bn_sqr8x_internal # see x86_64-mont5 module
891 # %rax top-most carry
894 # %rdi end of tp[2*num]
899 sar \$3+2,%rcx # %cf=0
919 inc %rcx # preserves %cf
922 sbb \$0,%rax # top-most carry
923 lea (%rbx,$num),%rbx # rewind
924 lea ($rptr,$num),$rptr # rewind
928 pshufd \$0,%xmm1,%xmm1
929 mov 40(%rsp),%rsi # restore %rsp
930 jmp .Lsqr8x_cond_copy
934 movdqa 16*0(%rbx),%xmm2
935 movdqa 16*1(%rbx),%xmm3
937 movdqu 16*0($rptr),%xmm4
938 movdqu 16*1($rptr),%xmm5
939 lea 16*2($rptr),$rptr
940 movdqa %xmm0,-16*2(%rbx) # zero tp
941 movdqa %xmm0,-16*1(%rbx)
942 movdqa %xmm0,-16*2(%rbx,%rdx)
943 movdqa %xmm0,-16*1(%rbx,%rdx)
952 movdqu %xmm4,-16*2($rptr)
953 movdqu %xmm5,-16*1($rptr)
955 jnz .Lsqr8x_cond_copy
967 .size bn_sqr8x_mont,.-bn_sqr8x_mont
972 my $bp="%rdx"; # original value
975 .type bn_mulx4x_mont,\@function,6
988 shl \$3,${num}d # convert $num to bytes
990 sub $num,%r10 # -$num
992 lea -72(%rsp,%r10),%rbp # future alloca(frame+$num+8)
1000 ja .Lmulx4x_page_walk
1001 jmp .Lmulx4x_page_walk_done
1005 lea -4096(%rsp),%rsp
1008 ja .Lmulx4x_page_walk
1009 .Lmulx4x_page_walk_done:
1012 ##############################################################
1015 # +8 off-loaded &b[i]
1024 mov $num,0(%rsp) # save $num
1026 mov %r10,16(%rsp) # end of b[num]
1028 mov $n0, 24(%rsp) # save *n0
1029 mov $rp, 32(%rsp) # save $rp
1030 mov %rax,40(%rsp) # save original %rsp
1031 mov $num,48(%rsp) # inner counter
1037 my ($aptr, $bptr, $nptr, $tptr, $mi, $bi, $zero, $num)=
1038 ("%rsi","%rdi","%rcx","%rbx","%r8","%r9","%rbp","%rax");
1042 mov ($bp),%rdx # b[0], $bp==%rdx actually
1043 lea 64+32(%rsp),$tptr
1046 mulx 0*8($aptr),$mi,%rax # a[0]*b[0]
1047 mulx 1*8($aptr),%r11,%r14 # a[1]*b[0]
1049 mov $bptr,8(%rsp) # off-load &b[i]
1050 mulx 2*8($aptr),%r12,%r13 # ...
1054 mov $mi,$bptr # borrow $bptr
1055 imulq 24(%rsp),$mi # "t[0]"*n0
1056 xor $zero,$zero # cf=0, of=0
1058 mulx 3*8($aptr),%rax,%r14
1060 lea 4*8($aptr),$aptr
1062 adcx $zero,%r14 # cf=0
1064 mulx 0*8($nptr),%rax,%r10
1065 adcx %rax,$bptr # discarded
1067 mulx 1*8($nptr),%rax,%r11
1070 .byte 0xc4,0x62,0xfb,0xf6,0xa1,0x10,0x00,0x00,0x00 # mulx 2*8($nptr),%rax,%r12
1071 mov 48(%rsp),$bptr # counter value
1072 mov %r10,-4*8($tptr)
1075 mulx 3*8($nptr),%rax,%r15
1077 mov %r11,-3*8($tptr)
1079 adox $zero,%r15 # of=0
1080 lea 4*8($nptr),$nptr
1081 mov %r12,-2*8($tptr)
1087 adcx $zero,%r15 # cf=0, modulo-scheduled
1088 mulx 0*8($aptr),%r10,%rax # a[4]*b[0]
1090 mulx 1*8($aptr),%r11,%r14 # a[5]*b[0]
1092 mulx 2*8($aptr),%r12,%rax # ...
1094 mulx 3*8($aptr),%r13,%r14
1098 adcx $zero,%r14 # cf=0
1099 lea 4*8($aptr),$aptr
1100 lea 4*8($tptr),$tptr
1103 mulx 0*8($nptr),%rax,%r15
1106 mulx 1*8($nptr),%rax,%r15
1109 mulx 2*8($nptr),%rax,%r15
1110 mov %r10,-5*8($tptr)
1112 mov %r11,-4*8($tptr)
1114 mulx 3*8($nptr),%rax,%r15
1116 mov %r12,-3*8($tptr)
1119 lea 4*8($nptr),$nptr
1120 mov %r13,-2*8($tptr)
1122 dec $bptr # of=0, pass cf
1125 mov 0(%rsp),$num # load num
1126 mov 8(%rsp),$bptr # re-load &b[i]
1127 adc $zero,%r15 # modulo-scheduled
1129 sbb %r15,%r15 # top-most carry
1130 mov %r14,-1*8($tptr)
1135 mov ($bptr),%rdx # b[i]
1136 lea 8($bptr),$bptr # b++
1137 sub $num,$aptr # rewind $aptr
1138 mov %r15,($tptr) # save top-most carry
1139 lea 64+4*8(%rsp),$tptr
1140 sub $num,$nptr # rewind $nptr
1142 mulx 0*8($aptr),$mi,%r11 # a[0]*b[i]
1143 xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0
1145 mulx 1*8($aptr),%r14,%r12 # a[1]*b[i]
1146 adox -4*8($tptr),$mi
1148 mulx 2*8($aptr),%r15,%r13 # ...
1149 adox -3*8($tptr),%r11
1151 adox -2*8($tptr),%r12
1155 mov $bptr,8(%rsp) # off-load &b[i]
1157 imulq 24(%rsp),$mi # "t[0]"*n0
1158 xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0
1160 mulx 3*8($aptr),%rax,%r14
1163 adox -1*8($tptr),%r13
1165 lea 4*8($aptr),$aptr
1168 mulx 0*8($nptr),%rax,%r10
1169 adcx %rax,%r15 # discarded
1171 mulx 1*8($nptr),%rax,%r11
1174 mulx 2*8($nptr),%rax,%r12
1175 mov %r10,-4*8($tptr)
1178 mulx 3*8($nptr),%rax,%r15
1180 mov %r11,-3*8($tptr)
1181 lea 4*8($nptr),$nptr
1183 adox $zero,%r15 # of=0
1184 mov 48(%rsp),$bptr # counter value
1185 mov %r12,-2*8($tptr)
1191 mulx 0*8($aptr),%r10,%rax # a[4]*b[i]
1192 adcx $zero,%r15 # cf=0, modulo-scheduled
1194 mulx 1*8($aptr),%r11,%r14 # a[5]*b[i]
1195 adcx 0*8($tptr),%r10
1197 mulx 2*8($aptr),%r12,%rax # ...
1198 adcx 1*8($tptr),%r11
1200 mulx 3*8($aptr),%r13,%r14
1202 adcx 2*8($tptr),%r12
1204 adcx 3*8($tptr),%r13
1205 adox $zero,%r14 # of=0
1206 lea 4*8($aptr),$aptr
1207 lea 4*8($tptr),$tptr
1208 adcx $zero,%r14 # cf=0
1211 mulx 0*8($nptr),%rax,%r15
1214 mulx 1*8($nptr),%rax,%r15
1217 mulx 2*8($nptr),%rax,%r15
1218 mov %r10,-5*8($tptr)
1221 mulx 3*8($nptr),%rax,%r15
1223 mov %r11,-4*8($tptr)
1224 mov %r12,-3*8($tptr)
1227 lea 4*8($nptr),$nptr
1228 mov %r13,-2*8($tptr)
1230 dec $bptr # of=0, pass cf
1233 mov 0(%rsp),$num # load num
1234 mov 8(%rsp),$bptr # re-load &b[i]
1235 adc $zero,%r15 # modulo-scheduled
1236 sub 0*8($tptr),$zero # pull top-most carry
1238 sbb %r15,%r15 # top-most carry
1239 mov %r14,-1*8($tptr)
1245 sub $num,$nptr # rewind $nptr
1248 shr \$3+2,$num # %cf=0
1249 mov 32(%rsp),$rptr # restore rp
1258 lea 8*4($tptr),$tptr
1263 lea 8*4($nptr),$nptr
1268 lea 8*4($rptr),$rptr
1269 dec $num # preserves %cf
1272 sbb \$0,%r15 # top-most carry
1274 sub %rdx,$rptr # rewind
1278 pshufd \$0,%xmm1,%xmm1
1279 mov 40(%rsp),%rsi # restore %rsp
1280 jmp .Lmulx4x_cond_copy
1284 movdqa 16*0($tptr),%xmm2
1285 movdqa 16*1($tptr),%xmm3
1286 lea 16*2($tptr),$tptr
1287 movdqu 16*0($rptr),%xmm4
1288 movdqu 16*1($rptr),%xmm5
1289 lea 16*2($rptr),$rptr
1290 movdqa %xmm0,-16*2($tptr) # zero tp
1291 movdqa %xmm0,-16*1($tptr)
1300 movdqu %xmm4,-16*2($rptr)
1301 movdqu %xmm5,-16*1($rptr)
1303 jnz .Lmulx4x_cond_copy
1317 .size bn_mulx4x_mont,.-bn_mulx4x_mont
1321 .asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
1325 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
1326 # CONTEXT *context,DISPATCHER_CONTEXT *disp)
1334 .extern __imp_RtlVirtualUnwind
1335 .type mul_handler,\@abi-omnipotent
1349 mov 120($context),%rax # pull context->Rax
1350 mov 248($context),%rbx # pull context->Rip
1352 mov 8($disp),%rsi # disp->ImageBase
1353 mov 56($disp),%r11 # disp->HandlerData
1355 mov 0(%r11),%r10d # HandlerData[0]
1356 lea (%rsi,%r10),%r10 # end of prologue label
1357 cmp %r10,%rbx # context->Rip<end of prologue label
1358 jb .Lcommon_seh_tail
1360 mov 152($context),%rax # pull context->Rsp
1362 mov 4(%r11),%r10d # HandlerData[1]
1363 lea (%rsi,%r10),%r10 # epilogue label
1364 cmp %r10,%rbx # context->Rip>=epilogue label
1365 jae .Lcommon_seh_tail
1367 mov 192($context),%r10 # pull $num
1368 mov 8(%rax,%r10,8),%rax # pull saved stack pointer
1370 jmp .Lcommon_pop_regs
1371 .size mul_handler,.-mul_handler
1373 .type sqr_handler,\@abi-omnipotent
1387 mov 120($context),%rax # pull context->Rax
1388 mov 248($context),%rbx # pull context->Rip
1390 mov 8($disp),%rsi # disp->ImageBase
1391 mov 56($disp),%r11 # disp->HandlerData
1393 mov 0(%r11),%r10d # HandlerData[0]
1394 lea (%rsi,%r10),%r10 # end of prologue label
1395 cmp %r10,%rbx # context->Rip<.Lsqr_body
1396 jb .Lcommon_seh_tail
1398 mov 4(%r11),%r10d # HandlerData[1]
1399 lea (%rsi,%r10),%r10 # body label
1400 cmp %r10,%rbx # context->Rip>=.Lsqr_epilogue
1401 jb .Lcommon_pop_regs
1403 mov 152($context),%rax # pull context->Rsp
1405 mov 8(%r11),%r10d # HandlerData[2]
1406 lea (%rsi,%r10),%r10 # epilogue label
1407 cmp %r10,%rbx # context->Rip>=.Lsqr_epilogue
1408 jae .Lcommon_seh_tail
1410 mov 40(%rax),%rax # pull saved stack pointer
1419 mov %rbx,144($context) # restore context->Rbx
1420 mov %rbp,160($context) # restore context->Rbp
1421 mov %r12,216($context) # restore context->R12
1422 mov %r13,224($context) # restore context->R13
1423 mov %r14,232($context) # restore context->R14
1424 mov %r15,240($context) # restore context->R15
1429 mov %rax,152($context) # restore context->Rsp
1430 mov %rsi,168($context) # restore context->Rsi
1431 mov %rdi,176($context) # restore context->Rdi
1433 mov 40($disp),%rdi # disp->ContextRecord
1434 mov $context,%rsi # context
1435 mov \$154,%ecx # sizeof(CONTEXT)
1436 .long 0xa548f3fc # cld; rep movsq
1439 xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER
1440 mov 8(%rsi),%rdx # arg2, disp->ImageBase
1441 mov 0(%rsi),%r8 # arg3, disp->ControlPc
1442 mov 16(%rsi),%r9 # arg4, disp->FunctionEntry
1443 mov 40(%rsi),%r10 # disp->ContextRecord
1444 lea 56(%rsi),%r11 # &disp->HandlerData
1445 lea 24(%rsi),%r12 # &disp->EstablisherFrame
1446 mov %r10,32(%rsp) # arg5
1447 mov %r11,40(%rsp) # arg6
1448 mov %r12,48(%rsp) # arg7
1449 mov %rcx,56(%rsp) # arg8, (NULL)
1450 call *__imp_RtlVirtualUnwind(%rip)
1452 mov \$1,%eax # ExceptionContinueSearch
1464 .size sqr_handler,.-sqr_handler
1468 .rva .LSEH_begin_bn_mul_mont
1469 .rva .LSEH_end_bn_mul_mont
1470 .rva .LSEH_info_bn_mul_mont
1472 .rva .LSEH_begin_bn_mul4x_mont
1473 .rva .LSEH_end_bn_mul4x_mont
1474 .rva .LSEH_info_bn_mul4x_mont
1476 .rva .LSEH_begin_bn_sqr8x_mont
1477 .rva .LSEH_end_bn_sqr8x_mont
1478 .rva .LSEH_info_bn_sqr8x_mont
1480 $code.=<<___ if ($addx);
1481 .rva .LSEH_begin_bn_mulx4x_mont
1482 .rva .LSEH_end_bn_mulx4x_mont
1483 .rva .LSEH_info_bn_mulx4x_mont
1488 .LSEH_info_bn_mul_mont:
1491 .rva .Lmul_body,.Lmul_epilogue # HandlerData[]
1492 .LSEH_info_bn_mul4x_mont:
1495 .rva .Lmul4x_body,.Lmul4x_epilogue # HandlerData[]
1496 .LSEH_info_bn_sqr8x_mont:
1499 .rva .Lsqr8x_prologue,.Lsqr8x_body,.Lsqr8x_epilogue # HandlerData[]
1502 $code.=<<___ if ($addx);
1503 .LSEH_info_bn_mulx4x_mont:
1506 .rva .Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue # HandlerData[]
projects / openssl.git / blob