3 # ====================================================================
4 # Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
5 # project. The module is, however, dual licensed under OpenSSL and
6 # CRYPTOGAMS licenses depending on where you obtain it. For further
7 # details see http://www.openssl.org/~appro/cryptogams/.
8 # ====================================================================
10 # On 21264 RSA sign performance improves by 70/35/20/15 percent for
11 # 512/1024/2048/4096 bit key lengths. This is against vendor compiler
12 # instructed to '-tune host' code with in-line assembler. Other
13 # benchmarks improve by 15-20%. To anchor it to something else, the
14 # code provides approximately the same performance per GHz as AMD64.
15 # I.e. if you compare 1GHz 21264 and 2GHz Opteron, you'll observe ~2x
19 $rp="a0"; # BN_ULONG *rp,
20 $ap="a1"; # const BN_ULONG *ap,
21 $bp="a2"; # const BN_ULONG *bp,
22 $np="a3"; # const BN_ULONG *np,
23 $n0="a4"; # const BN_ULONG *n0,
24 $num="a5"; # int num);
44 #include <machine/asm.h>
73 ldq
$hi0,0($ap) # ap[0]
77 ldq
$bi,0($bp) # bp[0]
78 lda AT
,-4096(zero
) # mov -4096,AT
83 ldq
$hi1,0($np) # np[0]
198 s8addq
$j,$np,$nj #U0
202 addq
$alo,$hi0,$lo0 #L1
205 mulq
$aj,$bi,$alo #U1
206 cmpult
$lo0,$hi0,AT
#L0
207 addq
$nlo,$hi1,$lo1 #L1
210 mulq
$nj,$m1,$nlo #U1
211 addq
$ahi,AT
,$hi0 #L0
212 addq
$lo0,$tj,$lo0 #L1
213 cmpult
$lo1,$hi1,v0
#U0
215 umulh
$aj,$bi,$ahi #U1
216 cmpult
$lo0,$tj,AT
#L0
217 addq
$lo1,$lo0,$lo1 #L1
218 addq
$nhi,v0
,$hi1 #U0
220 umulh
$nj,$m1,$nhi #U1
221 s8addq
$j,$ap,$aj #L0
222 cmpult
$lo1,$lo0,v0
#L1
223 cmplt
$j,$num,$tj #U0 # borrow $tj
225 addq
$hi0,AT
,$hi0 #L0
226 addq
$hi1,v0
,$hi1 #U1
250 cmpult
$lo1,$hi0,$hi1
256 cmplt
$i,$num,$tj # borrow $tj
260 s8addq
$num,sp
,$tj # &tp[num]
261 mov
$rp,$bp # put rp aside
264 mov
0,$hi0 # clear borrow bit
267 .Lsub
: ldq
$lo0,0($tp)
271 subq
$lo0,$lo1,$lo1 # tp[i]-np[i]
274 cmpult
$lo1,$lo0,$hi0
281 subq
$hi1,$hi0,$hi0 # handle upmost overflow bit
283 mov
$bp,$rp # restore rp
287 bis
$bp,$ap,$ap # ap=borrow?tp:rp
290 .Lcopy
: ldq
$aj,0($ap) # copy or in-place refresh
294 stq zero
,-8($tp) # zap tp
311 .ascii
"Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"