[thirdparty/openssl.git] / crypto / bn / asm / ppc-mont.pl

#!/usr/bin/env perl

# ====================================================================
# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
# project. The module is, however, dual licensed under OpenSSL and
# CRYPTOGAMS licenses depending on where you obtain it. For further
# details see http://www.openssl.org/~appro/cryptogams/.
# ====================================================================

# April 2006

# "Teaser" Montgomery multiplication module for PowerPC. It's possible
# to gain a bit more by modulo-scheduling outer loop, then dedicated
# squaring procedure should give further 20% and code can be adapted
# for 32-bit application running on 64-bit CPU. As for the latter.
# It won't be able to achieve "native" 64-bit performance, because in
# 32-bit application context every addc instruction will have to be
# expanded as addc, twice right shift by 32 and finally adde, etc.
# So far RSA *sign* performance improvement over pre-bn_mul_mont asm
# for 64-bit application running on PPC970/G5 is:
#
# 512-bit	+65%	
# 1024-bit	+35%
# 2048-bit	+18%
# 4096-bit	+4%

$flavour = shift;

if ($flavour =~ /32/) {
	$BITS=	32;
	$BNSZ=	$BITS/8;
	$SIZE_T=4;
	$RZONE=	224;

	$LD=	"lwz";		# load
	$LDU=	"lwzu";		# load and update
	$LDX=	"lwzx";		# load indexed
	$ST=	"stw";		# store
	$STU=	"stwu";		# store and update
	$STX=	"stwx";		# store indexed
	$STUX=	"stwux";	# store indexed and update
	$UMULL=	"mullw";	# unsigned multiply low
	$UMULH=	"mulhwu";	# unsigned multiply high
	$UCMP=	"cmplw";	# unsigned compare
	$SHRI=	"srwi";		# unsigned shift right by immediate	
	$PUSH=	$ST;
	$POP=	$LD;
} elsif ($flavour =~ /64/) {
	$BITS=	64;
	$BNSZ=	$BITS/8;
	$SIZE_T=8;
	$RZONE=	288;

	# same as above, but 64-bit mnemonics...
	$LD=	"ld";		# load
	$LDU=	"ldu";		# load and update
	$LDX=	"ldx";		# load indexed
	$ST=	"std";		# store
	$STU=	"stdu";		# store and update
	$STX=	"stdx";		# store indexed
	$STUX=	"stdux";	# store indexed and update
	$UMULL=	"mulld";	# unsigned multiply low
	$UMULH=	"mulhdu";	# unsigned multiply high
	$UCMP=	"cmpld";	# unsigned compare
	$SHRI=	"srdi";		# unsigned shift right by immediate	
	$PUSH=	$ST;
	$POP=	$LD;
} else { die "nonsense $flavour"; }

$FRAME=8*$SIZE_T+$RZONE;
$LOCALS=8*$SIZE_T;

$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
die "can't locate ppc-xlate.pl";

open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";

$sp="r1";
$toc="r2";
$rp="r3";	$ovf="r3";
$ap="r4";
$bp="r5";
$np="r6";
$n0="r7";
$num="r8";
$rp="r9";	# $rp is reassigned
$aj="r10";
$nj="r11";
$tj="r12";
# non-volatile registers
$i="r20";
$j="r21";
$tp="r22";
$m0="r23";
$m1="r24";
$lo0="r25";
$hi0="r26";
$lo1="r27";
$hi1="r28";
$alo="r29";
$ahi="r30";
$nlo="r31";
#
$nhi="r0";

$code=<<___;
.machine "any"
.text

.globl	.bn_mul_mont_int
.align	4
.bn_mul_mont_int:
	cmpwi	$num,4
	mr	$rp,r3		; $rp is reassigned
	li	r3,0
	bltlr
___
$code.=<<___ if ($BNSZ==4);
	cmpwi	$num,32		; longer key performance is not better
	bgelr
___
$code.=<<___;
	slwi	$num,$num,`log($BNSZ)/log(2)`
	li	$tj,-4096
	addi	$ovf,$num,$FRAME
	subf	$ovf,$ovf,$sp	; $sp-$ovf
	and	$ovf,$ovf,$tj	; minimize TLB usage
	subf	$ovf,$sp,$ovf	; $ovf-$sp
	mr	$tj,$sp
	srwi	$num,$num,`log($BNSZ)/log(2)`
	$STUX	$sp,$sp,$ovf

	$PUSH	r20,`-12*$SIZE_T`($tj)
	$PUSH	r21,`-11*$SIZE_T`($tj)
	$PUSH	r22,`-10*$SIZE_T`($tj)
	$PUSH	r23,`-9*$SIZE_T`($tj)
	$PUSH	r24,`-8*$SIZE_T`($tj)
	$PUSH	r25,`-7*$SIZE_T`($tj)
	$PUSH	r26,`-6*$SIZE_T`($tj)
	$PUSH	r27,`-5*$SIZE_T`($tj)
	$PUSH	r28,`-4*$SIZE_T`($tj)
	$PUSH	r29,`-3*$SIZE_T`($tj)
	$PUSH	r30,`-2*$SIZE_T`($tj)
	$PUSH	r31,`-1*$SIZE_T`($tj)

	$LD	$n0,0($n0)	; pull n0[0] value
	addi	$num,$num,-2	; adjust $num for counter register
\f
	$LD	$m0,0($bp)	; m0=bp[0]
	$LD	$aj,0($ap)	; ap[0]
	addi	$tp,$sp,$LOCALS
	$UMULL	$lo0,$aj,$m0	; ap[0]*bp[0]
	$UMULH	$hi0,$aj,$m0

	$LD	$aj,$BNSZ($ap)	; ap[1]
	$LD	$nj,0($np)	; np[0]

	$UMULL	$m1,$lo0,$n0	; "tp[0]"*n0

	$UMULL	$alo,$aj,$m0	; ap[1]*bp[0]
	$UMULH	$ahi,$aj,$m0

	$UMULL	$lo1,$nj,$m1	; np[0]*m1
	$UMULH	$hi1,$nj,$m1
	$LD	$nj,$BNSZ($np)	; np[1]
	addc	$lo1,$lo1,$lo0
	addze	$hi1,$hi1

	$UMULL	$nlo,$nj,$m1	; np[1]*m1
	$UMULH	$nhi,$nj,$m1

	mtctr	$num
	li	$j,`2*$BNSZ`
.align	4
L1st:
	$LDX	$aj,$ap,$j	; ap[j]
	addc	$lo0,$alo,$hi0
	$LDX	$nj,$np,$j	; np[j]
	addze	$hi0,$ahi
	$UMULL	$alo,$aj,$m0	; ap[j]*bp[0]
	addc	$lo1,$nlo,$hi1
	$UMULH	$ahi,$aj,$m0
	addze	$hi1,$nhi
	$UMULL	$nlo,$nj,$m1	; np[j]*m1
	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[0]
	$UMULH	$nhi,$nj,$m1
	addze	$hi1,$hi1
	$ST	$lo1,0($tp)	; tp[j-1]

	addi	$j,$j,$BNSZ	; j++
	addi	$tp,$tp,$BNSZ	; tp++
	bdnz-	L1st
;L1st
	addc	$lo0,$alo,$hi0
	addze	$hi0,$ahi

	addc	$lo1,$nlo,$hi1
	addze	$hi1,$nhi
	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[0]
	addze	$hi1,$hi1
	$ST	$lo1,0($tp)	; tp[j-1]

	li	$ovf,0
	addc	$hi1,$hi1,$hi0
	addze	$ovf,$ovf	; upmost overflow bit
	$ST	$hi1,$BNSZ($tp)
\f
	li	$i,$BNSZ
.align	4
Louter:
	$LDX	$m0,$bp,$i	; m0=bp[i]
	$LD	$aj,0($ap)	; ap[0]
	addi	$tp,$sp,$LOCALS
	$LD	$tj,$LOCALS($sp); tp[0]
	$UMULL	$lo0,$aj,$m0	; ap[0]*bp[i]
	$UMULH	$hi0,$aj,$m0
	$LD	$aj,$BNSZ($ap)	; ap[1]
	$LD	$nj,0($np)	; np[0]
	addc	$lo0,$lo0,$tj	; ap[0]*bp[i]+tp[0]
	$UMULL	$alo,$aj,$m0	; ap[j]*bp[i]
	addze	$hi0,$hi0
	$UMULL	$m1,$lo0,$n0	; tp[0]*n0
	$UMULH	$ahi,$aj,$m0
	$UMULL	$lo1,$nj,$m1	; np[0]*m1
	$UMULH	$hi1,$nj,$m1
	$LD	$nj,$BNSZ($np)	; np[1]
	addc	$lo1,$lo1,$lo0
	$UMULL	$nlo,$nj,$m1	; np[1]*m1
	addze	$hi1,$hi1
	$UMULH	$nhi,$nj,$m1
\f
	mtctr	$num
	li	$j,`2*$BNSZ`
.align	4
Linner:
	$LDX	$aj,$ap,$j	; ap[j]
	addc	$lo0,$alo,$hi0
	$LD	$tj,$BNSZ($tp)	; tp[j]
	addze	$hi0,$ahi
	$LDX	$nj,$np,$j	; np[j]
	addc	$lo1,$nlo,$hi1
	$UMULL	$alo,$aj,$m0	; ap[j]*bp[i]
	addze	$hi1,$nhi
	$UMULH	$ahi,$aj,$m0
	addc	$lo0,$lo0,$tj	; ap[j]*bp[i]+tp[j]
	$UMULL	$nlo,$nj,$m1	; np[j]*m1
	addze	$hi0,$hi0
	$UMULH	$nhi,$nj,$m1
	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[i]+tp[j]
	addi	$j,$j,$BNSZ	; j++
	addze	$hi1,$hi1
	$ST	$lo1,0($tp)	; tp[j-1]
	addi	$tp,$tp,$BNSZ	; tp++
	bdnz-	Linner
;Linner
	$LD	$tj,$BNSZ($tp)	; tp[j]
	addc	$lo0,$alo,$hi0
	addze	$hi0,$ahi
	addc	$lo0,$lo0,$tj	; ap[j]*bp[i]+tp[j]
	addze	$hi0,$hi0

	addc	$lo1,$nlo,$hi1
	addze	$hi1,$nhi
	addc	$lo1,$lo1,$lo0	; np[j]*m1+ap[j]*bp[i]+tp[j]
	addze	$hi1,$hi1
	$ST	$lo1,0($tp)	; tp[j-1]

	addic	$ovf,$ovf,-1	; move upmost overflow to XER[CA]
	li	$ovf,0
	adde	$hi1,$hi1,$hi0
	addze	$ovf,$ovf
	$ST	$hi1,$BNSZ($tp)
;
	slwi	$tj,$num,`log($BNSZ)/log(2)`
	$UCMP	$i,$tj
	addi	$i,$i,$BNSZ
	ble-	Louter
\f
	addi	$num,$num,2	; restore $num
	subfc	$j,$j,$j	; j=0 and "clear" XER[CA]
	addi	$tp,$sp,$LOCALS
	mtctr	$num

.align	4
Lsub:	$LDX	$tj,$tp,$j
	$LDX	$nj,$np,$j
	subfe	$aj,$nj,$tj	; tp[j]-np[j]
	$STX	$aj,$rp,$j
	addi	$j,$j,$BNSZ
	bdnz-	Lsub

	li	$j,0
	mtctr	$num
	subfe	$ovf,$j,$ovf	; handle upmost overflow bit
	and	$ap,$tp,$ovf
	andc	$np,$rp,$ovf
	or	$ap,$ap,$np	; ap=borrow?tp:rp

.align	4
Lcopy:				; copy or in-place refresh
	$LDX	$tj,$ap,$j
	$STX	$tj,$rp,$j
	$STX	$j,$tp,$j	; zap at once
	addi	$j,$j,$BNSZ
	bdnz-	Lcopy

	$POP	$tj,0($sp)
	li	r3,1
	$POP	r20,`-12*$SIZE_T`($tj)
	$POP	r21,`-11*$SIZE_T`($tj)
	$POP	r22,`-10*$SIZE_T`($tj)
	$POP	r23,`-9*$SIZE_T`($tj)
	$POP	r24,`-8*$SIZE_T`($tj)
	$POP	r25,`-7*$SIZE_T`($tj)
	$POP	r26,`-6*$SIZE_T`($tj)
	$POP	r27,`-5*$SIZE_T`($tj)
	$POP	r28,`-4*$SIZE_T`($tj)
	$POP	r29,`-3*$SIZE_T`($tj)
	$POP	r30,`-2*$SIZE_T`($tj)
	$POP	r31,`-1*$SIZE_T`($tj)
	mr	$sp,$tj
	blr
	.long	0
	.byte	0,12,4,0,0x80,12,6,0
	.long	0
.size	.bn_mul_mont_int,.-.bn_mul_mont_int

.asciz  "Montgomery Multiplication for PPC, CRYPTOGAMS by <appro\@openssl.org>"
___

$code =~ s/\`([^\`]*)\`/eval $1/gem;
print $code;
close STDOUT;
Commit	Line	Data
2c5d4daa AP	1	#!/usr/bin/env perl
	2
	3	# ====================================================================
	4	# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
7d9cf7c0 AP	5	# project. The module is, however, dual licensed under OpenSSL and
	6	# CRYPTOGAMS licenses depending on where you obtain it. For further
	7	# details see http://www.openssl.org/~appro/cryptogams/.
2c5d4daa AP	8	# ====================================================================
	9
	10	# April 2006
	11
	12	# "Teaser" Montgomery multiplication module for PowerPC. It's possible
	13	# to gain a bit more by modulo-scheduling outer loop, then dedicated
	14	# squaring procedure should give further 20% and code can be adapted
	15	# for 32-bit application running on 64-bit CPU. As for the latter.
	16	# It won't be able to achieve "native" 64-bit performance, because in
	17	# 32-bit application context every addc instruction will have to be
	18	# expanded as addc, twice right shift by 32 and finally adde, etc.
	19	# So far RSA sign performance improvement over pre-bn_mul_mont asm
	20	# for 64-bit application running on PPC970/G5 is:
	21	#
	22	# 512-bit +65%
	23	# 1024-bit +35%
	24	# 2048-bit +18%
	25	# 4096-bit +4%
	26
addd641f	27	$flavour = shift;
2c5d4daa	28
addd641f	29	if ($flavour =~ /32/) {
2c5d4daa AP	30	$BITS= 32;
	31	$BNSZ= $BITS/8;
	32	$SIZE_T=4;
	33	$RZONE= 224;
2c5d4daa AP	34
	35	$LD= "lwz"; # load
	36	$LDU= "lwzu"; # load and update
	37	$LDX= "lwzx"; # load indexed
	38	$ST= "stw"; # store
	39	$STU= "stwu"; # store and update
	40	$STX= "stwx"; # store indexed
	41	$STUX= "stwux"; # store indexed and update
	42	$UMULL= "mullw"; # unsigned multiply low
	43	$UMULH= "mulhwu"; # unsigned multiply high
	44	$UCMP= "cmplw"; # unsigned compare
7d9cf7c0	45	$SHRI= "srwi"; # unsigned shift right by immediate
2c5d4daa AP	46	$PUSH= $ST;
2c5d4daa AP	47	$POP= $LD;
addd641f	48	} elsif ($flavour =~ /64/) {
2c5d4daa AP	49	$BITS= 64;
	50	$BNSZ= $BITS/8;
	51	$SIZE_T=8;
	52	$RZONE= 288;
2c5d4daa AP	53
	54	# same as above, but 64-bit mnemonics...
	55	$LD= "ld"; # load
	56	$LDU= "ldu"; # load and update
	57	$LDX= "ldx"; # load indexed
	58	$ST= "std"; # store
	59	$STU= "stdu"; # store and update
	60	$STX= "stdx"; # store indexed
	61	$STUX= "stdux"; # store indexed and update
	62	$UMULL= "mulld"; # unsigned multiply low
	63	$UMULH= "mulhdu"; # unsigned multiply high
	64	$UCMP= "cmpld"; # unsigned compare
7d9cf7c0	65	$SHRI= "srdi"; # unsigned shift right by immediate
2c5d4daa AP	66	$PUSH= $ST;
2c5d4daa AP	67	$POP= $LD;
addd641f	68	} else { die "nonsense $flavour"; }
2c5d4daa	69
67150340 AP	70	$FRAME=8*$SIZE_T+$RZONE;
	71	$LOCALS=8*$SIZE_T;
	72
addd641f AP	73	$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
	74	( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
	75	( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
	76	die "can't locate ppc-xlate.pl";
	77
	78	open STDOUT,"\| $^X $xlate $flavour ".shift \|\| die "can't call $xlate: $!";
2c5d4daa AP	79
	80	$sp="r1";
	81	$toc="r2";
	82	$rp="r3"; $ovf="r3";
	83	$ap="r4";
	84	$bp="r5";
	85	$np="r6";
	86	$n0="r7";
	87	$num="r8";
	88	$rp="r9"; # $rp is reassigned
	89	$aj="r10";
	90	$nj="r11";
	91	$tj="r12";
	92	# non-volatile registers
67150340 AP	93	$i="r20";
	94	$j="r21";
	95	$tp="r22";
	96	$m0="r23";
	97	$m1="r24";
	98	$lo0="r25";
	99	$hi0="r26";
	100	$lo1="r27";
	101	$hi1="r28";
	102	$alo="r29";
	103	$ahi="r30";
	104	$nlo="r31";
2c5d4daa AP	105	#
	106	$nhi="r0";
	107
	108	$code=<<___;
67d99090	109	.machine "any"
2c5d4daa AP	110	.text
2c5d4daa AP	111
b4b48a10	112	.globl .bn_mul_mont_int
2c5d4daa	113	.align 4
b4b48a10	114	.bn_mul_mont_int:
2c5d4daa AP	115	cmpwi $num,4
	116	mr $rp,r3 ; $rp is reassigned
	117	li r3,0
	118	bltlr
b4b48a10 AP	119	___
	120	$code.=<<___ if ($BNSZ==4);
	121	cmpwi $num,32 ; longer key performance is not better
	122	bgelr
	123	___
	124	$code.=<<___;
2c5d4daa AP	125	slwi $num,$num,`log($BNSZ)/log(2)`
2c5d4daa AP	126	li $tj,-4096
67150340	127	addi $ovf,$num,$FRAME
2c5d4daa AP	128	subf $ovf,$ovf,$sp ; $sp-$ovf
	129	and $ovf,$ovf,$tj ; minimize TLB usage
	130	subf $ovf,$sp,$ovf ; $ovf-$sp
67150340	131	mr $tj,$sp
2c5d4daa AP	132	srwi $num,$num,`log($BNSZ)/log(2)`
	133	$STUX $sp,$sp,$ovf
	134
67150340 AP	135	$PUSH r20,`-12*$SIZE_T`($tj)
	136	$PUSH r21,`-11*$SIZE_T`($tj)
	137	$PUSH r22,`-10*$SIZE_T`($tj)
	138	$PUSH r23,`-9*$SIZE_T`($tj)
	139	$PUSH r24,`-8*$SIZE_T`($tj)
	140	$PUSH r25,`-7*$SIZE_T`($tj)
	141	$PUSH r26,`-6*$SIZE_T`($tj)
	142	$PUSH r27,`-5*$SIZE_T`($tj)
	143	$PUSH r28,`-4*$SIZE_T`($tj)
	144	$PUSH r29,`-3*$SIZE_T`($tj)
	145	$PUSH r30,`-2*$SIZE_T`($tj)
	146	$PUSH r31,`-1*$SIZE_T`($tj)
2c5d4daa AP	147
	148	$LD $n0,0($n0) ; pull n0[0] value
	149	addi $num,$num,-2 ; adjust $num for counter register
	150	\f
	151	$LD $m0,0($bp) ; m0=bp[0]
	152	$LD $aj,0($ap) ; ap[0]
67150340	153	addi $tp,$sp,$LOCALS
2c5d4daa AP	154	$UMULL $lo0,$aj,$m0 ; ap[0]*bp[0]
	155	$UMULH $hi0,$aj,$m0
	156
	157	$LD $aj,$BNSZ($ap) ; ap[1]
	158	$LD $nj,0($np) ; np[0]
	159
	160	$UMULL $m1,$lo0,$n0 ; "tp[0]"*n0
	161
	162	$UMULL $alo,$aj,$m0 ; ap[1]*bp[0]
	163	$UMULH $ahi,$aj,$m0
	164
	165	$UMULL $lo1,$nj,$m1 ; np[0]*m1
	166	$UMULH $hi1,$nj,$m1
	167	$LD $nj,$BNSZ($np) ; np[1]
	168	addc $lo1,$lo1,$lo0
	169	addze $hi1,$hi1
	170
	171	$UMULL $nlo,$nj,$m1 ; np[1]*m1
	172	$UMULH $nhi,$nj,$m1
	173
	174	mtctr $num
	175	li $j,`2*$BNSZ`
	176	.align 4
	177	L1st:
	178	$LDX $aj,$ap,$j ; ap[j]
2c5d4daa	179	addc $lo0,$alo,$hi0
8ea975d0	180	$LDX $nj,$np,$j ; np[j]
2c5d4daa AP	181	addze $hi0,$ahi
2c5d4daa AP	182	$UMULL $alo,$aj,$m0 ; ap[j]*bp[0]
2c5d4daa	183	addc $lo1,$nlo,$hi1
8ea975d0	184	$UMULH $ahi,$aj,$m0
2c5d4daa AP	185	addze $hi1,$nhi
2c5d4daa AP	186	$UMULL $nlo,$nj,$m1 ; np[j]*m1
2c5d4daa	187	addc $lo1,$lo1,$lo0 ; np[j]m1+ap[j]bp[0]
8ea975d0	188	$UMULH $nhi,$nj,$m1
2c5d4daa AP	189	addze $hi1,$hi1
	190	$ST $lo1,0($tp) ; tp[j-1]
	191
	192	addi $j,$j,$BNSZ ; j++
	193	addi $tp,$tp,$BNSZ ; tp++
	194	bdnz- L1st
	195	;L1st
	196	addc $lo0,$alo,$hi0
	197	addze $hi0,$ahi
	198
	199	addc $lo1,$nlo,$hi1
	200	addze $hi1,$nhi
	201	addc $lo1,$lo1,$lo0 ; np[j]m1+ap[j]bp[0]
	202	addze $hi1,$hi1
	203	$ST $lo1,0($tp) ; tp[j-1]
	204
	205	li $ovf,0
	206	addc $hi1,$hi1,$hi0
	207	addze $ovf,$ovf ; upmost overflow bit
	208	$ST $hi1,$BNSZ($tp)
	209	\f
	210	li $i,$BNSZ
	211	.align 4
	212	Louter:
	213	$LDX $m0,$bp,$i ; m0=bp[i]
	214	$LD $aj,0($ap) ; ap[0]
67150340 AP	215	addi $tp,$sp,$LOCALS
67150340 AP	216	$LD $tj,$LOCALS($sp); tp[0]
2c5d4daa AP	217	$UMULL $lo0,$aj,$m0 ; ap[0]*bp[i]
	218	$UMULH $hi0,$aj,$m0
	219	$LD $aj,$BNSZ($ap) ; ap[1]
	220	$LD $nj,0($np) ; np[0]
	221	addc $lo0,$lo0,$tj ; ap[0]*bp[i]+tp[0]
8ea975d0	222	$UMULL $alo,$aj,$m0 ; ap[j]*bp[i]
2c5d4daa	223	addze $hi0,$hi0
2c5d4daa	224	$UMULL $m1,$lo0,$n0 ; tp[0]*n0
2c5d4daa	225	$UMULH $ahi,$aj,$m0
2c5d4daa AP	226	$UMULL $lo1,$nj,$m1 ; np[0]*m1
	227	$UMULH $hi1,$nj,$m1
	228	$LD $nj,$BNSZ($np) ; np[1]
	229	addc $lo1,$lo1,$lo0
2c5d4daa	230	$UMULL $nlo,$nj,$m1 ; np[1]*m1
8ea975d0	231	addze $hi1,$hi1
2c5d4daa AP	232	$UMULH $nhi,$nj,$m1
	233	\f
	234	mtctr $num
	235	li $j,`2*$BNSZ`
	236	.align 4
	237	Linner:
	238	$LDX $aj,$ap,$j ; ap[j]
2c5d4daa	239	addc $lo0,$alo,$hi0
8ea975d0	240	$LD $tj,$BNSZ($tp) ; tp[j]
2c5d4daa AP	241	addze $hi0,$ahi
2c5d4daa AP	242	$LDX $nj,$np,$j ; np[j]
2c5d4daa	243	addc $lo1,$nlo,$hi1
8ea975d0	244	$UMULL $alo,$aj,$m0 ; ap[j]*bp[i]
2c5d4daa	245	addze $hi1,$nhi
8ea975d0 AP	246	$UMULH $ahi,$aj,$m0
8ea975d0 AP	247	addc $lo0,$lo0,$tj ; ap[j]*bp[i]+tp[j]
2c5d4daa	248	$UMULL $nlo,$nj,$m1 ; np[j]*m1
8ea975d0	249	addze $hi0,$hi0
2c5d4daa AP	250	$UMULH $nhi,$nj,$m1
2c5d4daa AP	251	addc $lo1,$lo1,$lo0 ; np[j]m1+ap[j]bp[i]+tp[j]
8ea975d0	252	addi $j,$j,$BNSZ ; j++
2c5d4daa AP	253	addze $hi1,$hi1
2c5d4daa AP	254	$ST $lo1,0($tp) ; tp[j-1]
2c5d4daa AP	255	addi $tp,$tp,$BNSZ ; tp++
	256	bdnz- Linner
	257	;Linner
	258	$LD $tj,$BNSZ($tp) ; tp[j]
	259	addc $lo0,$alo,$hi0
	260	addze $hi0,$ahi
	261	addc $lo0,$lo0,$tj ; ap[j]*bp[i]+tp[j]
	262	addze $hi0,$hi0
	263
	264	addc $lo1,$nlo,$hi1
	265	addze $hi1,$nhi
	266	addc $lo1,$lo1,$lo0 ; np[j]m1+ap[j]bp[i]+tp[j]
	267	addze $hi1,$hi1
	268	$ST $lo1,0($tp) ; tp[j-1]
	269
	270	addic $ovf,$ovf,-1 ; move upmost overflow to XER[CA]
	271	li $ovf,0
	272	adde $hi1,$hi1,$hi0
	273	addze $ovf,$ovf
	274	$ST $hi1,$BNSZ($tp)
	275	;
	276	slwi $tj,$num,`log($BNSZ)/log(2)`
	277	$UCMP $i,$tj
	278	addi $i,$i,$BNSZ
	279	ble- Louter
	280	\f
	281	addi $num,$num,2 ; restore $num
7d9cf7c0	282	subfc $j,$j,$j ; j=0 and "clear" XER[CA]
67150340	283	addi $tp,$sp,$LOCALS
2c5d4daa	284	mtctr $num
7d9cf7c0 AP	285
	286	.align 4
	287	Lsub: $LDX $tj,$tp,$j
	288	$LDX $nj,$np,$j
	289	subfe $aj,$nj,$tj ; tp[j]-np[j]
	290	$STX $aj,$rp,$j
	291	addi $j,$j,$BNSZ
	292	bdnz- Lsub
	293
2c5d4daa	294	li $j,0
7d9cf7c0 AP	295	mtctr $num
	296	subfe $ovf,$j,$ovf ; handle upmost overflow bit
	297	and $ap,$tp,$ovf
	298	andc $np,$rp,$ovf
	299	or $ap,$ap,$np ; ap=borrow?tp:rp
2c5d4daa	300
2c5d4daa	301	.align 4
7d9cf7c0 AP	302	Lcopy: ; copy or in-place refresh
7d9cf7c0 AP	303	$LDX $tj,$ap,$j
2c5d4daa AP	304	$STX $tj,$rp,$j
	305	$STX $j,$tp,$j ; zap at once
	306	addi $j,$j,$BNSZ
	307	bdnz- Lcopy
	308
67150340	309	$POP $tj,0($sp)
2c5d4daa	310	li r3,1
67150340 AP	311	$POP r20,`-12*$SIZE_T`($tj)
	312	$POP r21,`-11*$SIZE_T`($tj)
	313	$POP r22,`-10*$SIZE_T`($tj)
	314	$POP r23,`-9*$SIZE_T`($tj)
	315	$POP r24,`-8*$SIZE_T`($tj)
	316	$POP r25,`-7*$SIZE_T`($tj)
	317	$POP r26,`-6*$SIZE_T`($tj)
	318	$POP r27,`-5*$SIZE_T`($tj)
	319	$POP r28,`-4*$SIZE_T`($tj)
	320	$POP r29,`-3*$SIZE_T`($tj)
	321	$POP r30,`-2*$SIZE_T`($tj)
	322	$POP r31,`-1*$SIZE_T`($tj)
	323	mr $sp,$tj
2c5d4daa AP	324	blr
2c5d4daa AP	325	.long 0
67150340 AP	326	.byte 0,12,4,0,0x80,12,6,0
67150340 AP	327	.long 0
d6019e16	328	.size .bn_mul_mont_int,.-.bn_mul_mont_int
67150340 AP	329
67150340 AP	330	.asciz "Montgomery Multiplication for PPC, CRYPTOGAMS by <appro\@openssl.org>"
2c5d4daa AP	331	___
	332
	333	$code =~ s/\`([^\`]*)\`/eval $1/gem;
	334	print $code;
	335	close STDOUT;