xref: /freebsd-9.3-release/crypto/openssl/crypto/bn/asm/ppc.pl

#!/usr/bin/env perl
#
# Implemented as a Perl wrapper as we want to support several different
# architectures with single file. We pick up the target based on the
# file name we are asked to generate.
#
# It should be noted though that this perl code is nothing like
# <openssl>/crypto/perlasm/x86*. In this case perl is used pretty much
# as pre-processor to cover for platform differences in name decoration,
# linker tables, 32-/64-bit instruction sets...
#
# As you might know there're several PowerPC ABI in use. Most notably
# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs
# are similar enough to implement leaf(!) functions, which would be ABI
# neutral. And that's what you find here: ABI neutral leaf functions.
# In case you wonder what that is...
#
#       AIX performance
#
#	MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e.
#
#	The following is the performance of 32-bit compiler
#	generated code:
#
#	OpenSSL 0.9.6c 21 dec 2001
#	built on: Tue Jun 11 11:06:51 EDT 2002
#	options:bn(64,32) ...
#compiler: cc -DTHREADS  -DAIX -DB_ENDIAN -DBN_LLONG -O3
#                  sign    verify    sign/s verify/s
#rsa  512 bits   0.0098s   0.0009s    102.0   1170.6
#rsa 1024 bits   0.0507s   0.0026s     19.7    387.5
#rsa 2048 bits   0.3036s   0.0085s      3.3    117.1
#rsa 4096 bits   2.0040s   0.0299s      0.5     33.4
#dsa  512 bits   0.0087s   0.0106s    114.3     94.5
#dsa 1024 bits   0.0256s   0.0313s     39.0     32.0
#
#	Same bechmark with this assembler code:
#
#rsa  512 bits   0.0056s   0.0005s    178.6   2049.2
#rsa 1024 bits   0.0283s   0.0015s     35.3    674.1
#rsa 2048 bits   0.1744s   0.0050s      5.7    201.2
#rsa 4096 bits   1.1644s   0.0179s      0.9     55.7
#dsa  512 bits   0.0052s   0.0062s    191.6    162.0
#dsa 1024 bits   0.0149s   0.0180s     67.0     55.5
#
#	Number of operations increases by at almost 75%
#
#	Here are performance numbers for 64-bit compiler
#	generated code:
#
#	OpenSSL 0.9.6g [engine] 9 Aug 2002
#	built on: Fri Apr 18 16:59:20 EDT 2003
#	options:bn(64,64) ...
#	compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3
#                  sign    verify    sign/s verify/s
#rsa  512 bits   0.0028s   0.0003s    357.1   3844.4
#rsa 1024 bits   0.0148s   0.0008s     67.5   1239.7
#rsa 2048 bits   0.0963s   0.0028s     10.4    353.0
#rsa 4096 bits   0.6538s   0.0102s      1.5     98.1
#dsa  512 bits   0.0026s   0.0032s    382.5    313.7
#dsa 1024 bits   0.0081s   0.0099s    122.8    100.6
#
#	Same benchmark with this assembler code:
#
#rsa  512 bits   0.0020s   0.0002s    510.4   6273.7
#rsa 1024 bits   0.0088s   0.0005s    114.1   2128.3
#rsa 2048 bits   0.0540s   0.0016s     18.5    622.5
#rsa 4096 bits   0.3700s   0.0058s      2.7    171.0
#dsa  512 bits   0.0016s   0.0020s    610.7    507.1
#dsa 1024 bits   0.0047s   0.0058s    212.5    173.2
#
#	Again, performance increases by at about 75%
#
#       Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code)
#       OpenSSL 0.9.7c 30 Sep 2003
#
#       Original code.
#
#rsa  512 bits   0.0011s   0.0001s    906.1  11012.5
#rsa 1024 bits   0.0060s   0.0003s    166.6   3363.1
#rsa 2048 bits   0.0370s   0.0010s     27.1    982.4
#rsa 4096 bits   0.2426s   0.0036s      4.1    280.4
#dsa  512 bits   0.0010s   0.0012s   1038.1    841.5
#dsa 1024 bits   0.0030s   0.0037s    329.6    269.7
#dsa 2048 bits   0.0101s   0.0127s     98.9     78.6
#
#       Same benchmark with this assembler code:
#
#rsa  512 bits   0.0007s   0.0001s   1416.2  16645.9
#rsa 1024 bits   0.0036s   0.0002s    274.4   5380.6
#rsa 2048 bits   0.0222s   0.0006s     45.1   1589.5
#rsa 4096 bits   0.1469s   0.0022s      6.8    449.6
#dsa  512 bits   0.0006s   0.0007s   1664.2   1376.2
#dsa 1024 bits   0.0018s   0.0023s    545.0    442.2
#dsa 2048 bits   0.0061s   0.0075s    163.5    132.8
#
#        Performance increase of ~60%
#
#	If you have comments or suggestions to improve code send
#	me a note at schari@us.ibm.com
#

$opf = shift;

if ($opf =~ /32\.s/) {
	$BITS=	32;
	$BNSZ=	$BITS/8;
	$ISA=	"\"ppc\"";

	$LD=	"lwz";		# load
	$LDU=	"lwzu";		# load and update
	$ST=	"stw";		# store
	$STU=	"stwu";		# store and update
	$UMULL=	"mullw";	# unsigned multiply low
	$UMULH=	"mulhwu";	# unsigned multiply high
	$UDIV=	"divwu";	# unsigned divide
	$UCMPI=	"cmplwi";	# unsigned compare with immediate
	$UCMP=	"cmplw";	# unsigned compare
	$CNTLZ=	"cntlzw";	# count leading zeros
	$SHL=	"slw";		# shift left
	$SHR=	"srw";		# unsigned shift right
	$SHRI=	"srwi";		# unsigned shift right by immediate
	$SHLI=	"slwi";		# shift left by immediate
	$CLRU=	"clrlwi";	# clear upper bits
	$INSR=	"insrwi";	# insert right
	$ROTL=	"rotlwi";	# rotate left by immediate
	$TR=	"tw";		# conditional trap
} elsif ($opf =~ /64\.s/) {
	$BITS=	64;
	$BNSZ=	$BITS/8;
	$ISA=	"\"ppc64\"";

	# same as above, but 64-bit mnemonics...
	$LD=	"ld";		# load
	$LDU=	"ldu";		# load and update
	$ST=	"std";		# store
	$STU=	"stdu";		# store and update
	$UMULL=	"mulld";	# unsigned multiply low
	$UMULH=	"mulhdu";	# unsigned multiply high
	$UDIV=	"divdu";	# unsigned divide
	$UCMPI=	"cmpldi";	# unsigned compare with immediate
	$UCMP=	"cmpld";	# unsigned compare
	$CNTLZ=	"cntlzd";	# count leading zeros
	$SHL=	"sld";		# shift left
	$SHR=	"srd";		# unsigned shift right
	$SHRI=	"srdi";		# unsigned shift right by immediate
	$SHLI=	"sldi";		# shift left by immediate
	$CLRU=	"clrldi";	# clear upper bits
	$INSR=	"insrdi";	# insert right
	$ROTL=	"rotldi";	# rotate left by immediate
	$TR=	"td";		# conditional trap
} else { die "nonsense $opf"; }

( defined shift || open STDOUT,">$opf" ) || die "can't open $opf: $!";

# function entry points from the AIX code
#
# There are other, more elegant, ways to handle this. We (IBM) chose
# this approach as it plays well with scripts we run to 'namespace'
# OpenSSL .i.e. we add a prefix to all the public symbols so we can
# co-exist in the same process with other implementations of OpenSSL.
# 'cleverer' ways of doing these substitutions tend to hide data we
# need to be obvious.
#
my @items = ("bn_sqr_comba4",
	     "bn_sqr_comba8",
	     "bn_mul_comba4",
	     "bn_mul_comba8",
	     "bn_sub_words",
	     "bn_add_words",
	     "bn_div_words",
	     "bn_sqr_words",
	     "bn_mul_words",
	     "bn_mul_add_words");

if    ($opf =~ /linux/)	{  do_linux();	}
elsif ($opf =~ /aix/)	{  do_aix();	}
elsif ($opf =~ /osx/)	{  do_osx();	}
else			{  do_bsd();	}

sub do_linux {
    $d=&data();

    if ($BITS==64) {
      foreach $t (@items) {
        $d =~ s/\.$t:/\
\t.section\t".opd","aw"\
\t.align\t3\
\t.globl\t$t\
$t:\
\t.quad\t.$t,.TOC.\@tocbase,0\
\t.size\t$t,24\
\t.previous\n\
\t.type\t.$t,\@function\
\t.globl\t.$t\
.$t:/g;
      }
    }
    else {
      foreach $t (@items) {
        $d=~s/\.$t/$t/g;
      }
    }
    # hide internal labels to avoid pollution of name table...
    $d=~s/Lppcasm_/.Lppcasm_/gm;
    print $d;
}

sub do_aix {
    # AIX assembler is smart enough to please the linker without
    # making us do something special...
    print &data();
}

# MacOSX 32 bit
sub do_osx {
    $d=&data();
    # Change the bn symbol prefix from '.' to '_'
    foreach $t (@items) {
      $d=~s/\.$t/_$t/g;
    }
    # Change .machine to something OS X asm will accept
    $d=~s/\.machine.*/.text/g;
    $d=~s/\#/;/g; # change comment from '#' to ';'
    print $d;
}

# BSD (Untested)
sub do_bsd {
    $d=&data();
    foreach $t (@items) {
      $d=~s/\.$t/_$t/g;
    }
    print $d;
}

sub data {
	local($data)=<<EOF;
#--------------------------------------------------------------------
#
#
#
#
#	File:		ppc32.s
#
#	Created by:	Suresh Chari
#			IBM Thomas J. Watson Research Library
#			Hawthorne, NY
#
#
#	Description:	Optimized assembly routines for OpenSSL crypto
#			on the 32 bitPowerPC platform.
#
#
#	Version History
#
#	2. Fixed bn_add,bn_sub and bn_div_words, added comments,
#	   cleaned up code. Also made a single version which can
#	   be used for both the AIX and Linux compilers. See NOTE
#	   below.
#				12/05/03		Suresh Chari
#			(with lots of help from)        Andy Polyakov
##
#	1. Initial version	10/20/02		Suresh Chari
#
#
#	The following file works for the xlc,cc
#	and gcc compilers.
#
#	NOTE:	To get the file to link correctly with the gcc compiler
#	        you have to change the names of the routines and remove
#		the first .(dot) character. This should automatically
#		be done in the build process.
#
#	Hand optimized assembly code for the following routines
#
#	bn_sqr_comba4
#	bn_sqr_comba8
#	bn_mul_comba4
#	bn_mul_comba8
#	bn_sub_words
#	bn_add_words
#	bn_div_words
#	bn_sqr_words
#	bn_mul_words
#	bn_mul_add_words
#
#	NOTE:	It is possible to optimize this code more for
#	specific PowerPC or Power architectures. On the Northstar
#	architecture the optimizations in this file do
#	 NOT provide much improvement.
#
#	If you have comments or suggestions to improve code send
#	me a note at schari\@us.ibm.com
#
#--------------------------------------------------------------------------
#
#	Defines to be used in the assembly code.
#
.set r0,0	# we use it as storage for value of 0
.set SP,1	# preserved
.set RTOC,2	# preserved
.set r3,3	# 1st argument/return value
.set r4,4	# 2nd argument/volatile register
.set r5,5	# 3rd argument/volatile register
.set r6,6	# ...
.set r7,7
.set r8,8
.set r9,9
.set r10,10
.set r11,11
.set r12,12
.set r13,13	# not used, nor any other "below" it...

.set BO_IF_NOT,4
.set BO_IF,12
.set BO_dCTR_NZERO,16
.set BO_dCTR_ZERO,18
.set BO_ALWAYS,20
.set CR0_LT,0;
.set CR0_GT,1;
.set CR0_EQ,2
.set CR1_FX,4;
.set CR1_FEX,5;
.set CR1_VX,6
.set LR,8

#	Declare function names to be global
#	NOTE:	For gcc these names MUST be changed to remove
#	        the first . i.e. for example change ".bn_sqr_comba4"
#		to "bn_sqr_comba4". This should be automatically done
#		in the build.

	.globl	.bn_sqr_comba4
	.globl	.bn_sqr_comba8
	.globl	.bn_mul_comba4
	.globl	.bn_mul_comba8
	.globl	.bn_sub_words
	.globl	.bn_add_words
	.globl	.bn_div_words
	.globl	.bn_sqr_words
	.globl	.bn_mul_words
	.globl	.bn_mul_add_words

# .text section

	.machine	$ISA

#
#	NOTE:	The following label name should be changed to
#		"bn_sqr_comba4" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_sqr_comba4:
#
# Optimized version of bn_sqr_comba4.
#
# void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
# r3 contains r
# r4 contains a
#
# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:
#
# r5,r6 are the two BN_ULONGs being multiplied.
# r7,r8 are the results of the 32x32 giving 64 bit multiply.
# r9,r10, r11 are the equivalents of c1,c2, c3.
# Here's the assembly
#
#
	xor		r0,r0,r0		# set r0 = 0. Used in the addze
						# instructions below

						#sqr_add_c(a,0,c1,c2,c3)
	$LD		r5,`0*$BNSZ`(r4)
	$UMULL		r9,r5,r5
	$UMULH		r10,r5,r5		#in first iteration. No need
						#to add since c1=c2=c3=0.
						# Note c3(r11) is NOT set to 0
						# but will be.

	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;
						# sqr_add_c2(a,1,0,c2,c3,c1);
	$LD		r6,`1*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r7,r7,r7		# compute (r7,r8)=2*(r7,r8)
	adde		r8,r8,r8
	addze		r9,r0			# catch carry if any.
						# r9= r0(=0) and carry

	addc		r10,r7,r10		# now add to temp result.
	addze		r11,r8                  # r8 added to r11 which is 0
	addze		r9,r9

	$ST		r10,`1*$BNSZ`(r3)	#r[1]=c2;
						#sqr_add_c(a,1,c3,c1,c2)
	$UMULL		r7,r6,r6
	$UMULH		r8,r6,r6
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r0
						#sqr_add_c2(a,2,0,c3,c1,c2)
	$LD		r6,`2*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r7,r7,r7
	adde		r8,r8,r8
	addze		r10,r10

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3
						#sqr_add_c2(a,3,0,c1,c2,c3);
	$LD		r6,`3*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r7,r7,r7
	adde		r8,r8,r8
	addze		r11,r0

	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
						#sqr_add_c2(a,2,1,c1,c2,c3);
	$LD		r5,`1*$BNSZ`(r4)
	$LD		r6,`2*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r7,r7,r7
	adde		r8,r8,r8
	addze		r11,r11
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1
						#sqr_add_c(a,2,c2,c3,c1);
	$UMULL		r7,r6,r6
	$UMULH		r8,r6,r6
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r0
						#sqr_add_c2(a,3,1,c2,c3,c1);
	$LD		r6,`3*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r7,r7,r7
	adde		r8,r8,r8
	addze		r9,r9

	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2
						#sqr_add_c2(a,3,2,c3,c1,c2);
	$LD		r5,`2*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r7,r7,r7
	adde		r8,r8,r8
	addze		r10,r0

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
	$ST		r11,`5*$BNSZ`(r3)	#r[5] = c3
						#sqr_add_c(a,3,c1,c2,c3);
	$UMULL		r7,r6,r6
	$UMULH		r8,r6,r6
	addc		r9,r7,r9
	adde		r10,r8,r10

	$ST		r9,`6*$BNSZ`(r3)	#r[6]=c1
	$ST		r10,`7*$BNSZ`(r3)	#r[7]=c2
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_sqr_comba8" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_sqr_comba8:
#
# This is an optimized version of the bn_sqr_comba8 routine.
# Tightly uses the adde instruction
#
#
# void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
# r3 contains r
# r4 contains a
#
# Freely use registers r5,r6,r7,r8,r9,r10,r11 as follows:
#
# r5,r6 are the two BN_ULONGs being multiplied.
# r7,r8 are the results of the 32x32 giving 64 bit multiply.
# r9,r10, r11 are the equivalents of c1,c2, c3.
#
# Possible optimization of loading all 8 longs of a into registers
# doesnt provide any speedup
#

	xor		r0,r0,r0		#set r0 = 0.Used in addze
						#instructions below.

						#sqr_add_c(a,0,c1,c2,c3);
	$LD		r5,`0*$BNSZ`(r4)
	$UMULL		r9,r5,r5		#1st iteration:	no carries.
	$UMULH		r10,r5,r5
	$ST		r9,`0*$BNSZ`(r3)	# r[0]=c1;
						#sqr_add_c2(a,1,0,c2,c3,c1);
	$LD		r6,`1*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r10,r7,r10		#add the two register number
	adde		r11,r8,r0 		# (r8,r7) to the three register
	addze		r9,r0			# number (r9,r11,r10).NOTE:r0=0

	addc		r10,r7,r10		#add the two register number
	adde		r11,r8,r11 		# (r8,r7) to the three register
	addze		r9,r9			# number (r9,r11,r10).

	$ST		r10,`1*$BNSZ`(r3)	# r[1]=c2

						#sqr_add_c(a,1,c3,c1,c2);
	$UMULL		r7,r6,r6
	$UMULH		r8,r6,r6
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r0
						#sqr_add_c2(a,2,0,c3,c1,c2);
	$LD		r6,`2*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10

	$ST		r11,`2*$BNSZ`(r3)	#r[2]=c3
						#sqr_add_c2(a,3,0,c1,c2,c3);
	$LD		r6,`3*$BNSZ`(r4)	#r6 = a[3]. r5 is already a[0].
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r0

	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
						#sqr_add_c2(a,2,1,c1,c2,c3);
	$LD		r5,`1*$BNSZ`(r4)
	$LD		r6,`2*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11

	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11

	$ST		r9,`3*$BNSZ`(r3)	#r[3]=c1;
						#sqr_add_c(a,2,c2,c3,c1);
	$UMULL		r7,r6,r6
	$UMULH		r8,r6,r6

	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r0
						#sqr_add_c2(a,3,1,c2,c3,c1);
	$LD		r6,`3*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9

	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
						#sqr_add_c2(a,4,0,c2,c3,c1);
	$LD		r5,`0*$BNSZ`(r4)
	$LD		r6,`4*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9

	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
	$ST		r10,`4*$BNSZ`(r3)	#r[4]=c2;
						#sqr_add_c2(a,5,0,c3,c1,c2);
	$LD		r6,`5*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r0

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
						#sqr_add_c2(a,4,1,c3,c1,c2);
	$LD		r5,`1*$BNSZ`(r4)
	$LD		r6,`4*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
						#sqr_add_c2(a,3,2,c3,c1,c2);
	$LD		r5,`2*$BNSZ`(r4)
	$LD		r6,`3*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
	$ST		r11,`5*$BNSZ`(r3)	#r[5]=c3;
						#sqr_add_c(a,3,c1,c2,c3);
	$UMULL		r7,r6,r6
	$UMULH		r8,r6,r6
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r0
						#sqr_add_c2(a,4,2,c1,c2,c3);
	$LD		r6,`4*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11

	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
						#sqr_add_c2(a,5,1,c1,c2,c3);
	$LD		r5,`1*$BNSZ`(r4)
	$LD		r6,`5*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11

	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
						#sqr_add_c2(a,6,0,c1,c2,c3);
	$LD		r5,`0*$BNSZ`(r4)
	$LD		r6,`6*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
	$ST		r9,`6*$BNSZ`(r3)	#r[6]=c1;
						#sqr_add_c2(a,7,0,c2,c3,c1);
	$LD		r6,`7*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r0
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
						#sqr_add_c2(a,6,1,c2,c3,c1);
	$LD		r5,`1*$BNSZ`(r4)
	$LD		r6,`6*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
						#sqr_add_c2(a,5,2,c2,c3,c1);
	$LD		r5,`2*$BNSZ`(r4)
	$LD		r6,`5*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
						#sqr_add_c2(a,4,3,c2,c3,c1);
	$LD		r5,`3*$BNSZ`(r4)
	$LD		r6,`4*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
	$ST		r10,`7*$BNSZ`(r3)	#r[7]=c2;
						#sqr_add_c(a,4,c3,c1,c2);
	$UMULL		r7,r6,r6
	$UMULH		r8,r6,r6
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r0
						#sqr_add_c2(a,5,3,c3,c1,c2);
	$LD		r6,`5*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
						#sqr_add_c2(a,6,2,c3,c1,c2);
	$LD		r5,`2*$BNSZ`(r4)
	$LD		r6,`6*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10

	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
						#sqr_add_c2(a,7,1,c3,c1,c2);
	$LD		r5,`1*$BNSZ`(r4)
	$LD		r6,`7*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
	$ST		r11,`8*$BNSZ`(r3)	#r[8]=c3;
						#sqr_add_c2(a,7,2,c1,c2,c3);
	$LD		r5,`2*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6

	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r0
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
						#sqr_add_c2(a,6,3,c1,c2,c3);
	$LD		r5,`3*$BNSZ`(r4)
	$LD		r6,`6*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
						#sqr_add_c2(a,5,4,c1,c2,c3);
	$LD		r5,`4*$BNSZ`(r4)
	$LD		r6,`5*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
	$ST		r9,`9*$BNSZ`(r3)	#r[9]=c1;
						#sqr_add_c(a,5,c2,c3,c1);
	$UMULL		r7,r6,r6
	$UMULH		r8,r6,r6
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r0
						#sqr_add_c2(a,6,4,c2,c3,c1);
	$LD		r6,`6*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
						#sqr_add_c2(a,7,3,c2,c3,c1);
	$LD		r5,`3*$BNSZ`(r4)
	$LD		r6,`7*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
	$ST		r10,`10*$BNSZ`(r3)	#r[10]=c2;
						#sqr_add_c2(a,7,4,c3,c1,c2);
	$LD		r5,`4*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r0
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
						#sqr_add_c2(a,6,5,c3,c1,c2);
	$LD		r5,`5*$BNSZ`(r4)
	$LD		r6,`6*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
	addc		r11,r7,r11
	adde		r9,r8,r9
	addze		r10,r10
	$ST		r11,`11*$BNSZ`(r3)	#r[11]=c3;
						#sqr_add_c(a,6,c1,c2,c3);
	$UMULL		r7,r6,r6
	$UMULH		r8,r6,r6
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r0
						#sqr_add_c2(a,7,5,c1,c2,c3)
	$LD		r6,`7*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
	addc		r9,r7,r9
	adde		r10,r8,r10
	addze		r11,r11
	$ST		r9,`12*$BNSZ`(r3)	#r[12]=c1;

						#sqr_add_c2(a,7,6,c2,c3,c1)
	$LD		r5,`6*$BNSZ`(r4)
	$UMULL		r7,r5,r6
	$UMULH		r8,r5,r6
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r0
	addc		r10,r7,r10
	adde		r11,r8,r11
	addze		r9,r9
	$ST		r10,`13*$BNSZ`(r3)	#r[13]=c2;
						#sqr_add_c(a,7,c3,c1,c2);
	$UMULL		r7,r6,r6
	$UMULH		r8,r6,r6
	addc		r11,r7,r11
	adde		r9,r8,r9
	$ST		r11,`14*$BNSZ`(r3)	#r[14]=c3;
	$ST		r9, `15*$BNSZ`(r3)	#r[15]=c1;


	bclr	BO_ALWAYS,CR0_LT

	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_mul_comba4" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_mul_comba4:
#
# This is an optimized version of the bn_mul_comba4 routine.
#
# void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
# r3 contains r
# r4 contains a
# r5 contains b
# r6, r7 are the 2 BN_ULONGs being multiplied.
# r8, r9 are the results of the 32x32 giving 64 multiply.
# r10, r11, r12 are the equivalents of c1, c2, and c3.
#
	xor	r0,r0,r0		#r0=0. Used in addze below.
					#mul_add_c(a[0],b[0],c1,c2,c3);
	$LD	r6,`0*$BNSZ`(r4)
	$LD	r7,`0*$BNSZ`(r5)
	$UMULL	r10,r6,r7
	$UMULH	r11,r6,r7
	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1
					#mul_add_c(a[0],b[1],c2,c3,c1);
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r8,r11
	adde	r12,r9,r0
	addze	r10,r0
					#mul_add_c(a[1],b[0],c2,c3,c1);
	$LD	r6, `1*$BNSZ`(r4)
	$LD	r7, `0*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r8,r11
	adde	r12,r9,r12
	addze	r10,r10
	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2
					#mul_add_c(a[2],b[0],c3,c1,c2);
	$LD	r6,`2*$BNSZ`(r4)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r8,r12
	adde	r10,r9,r10
	addze	r11,r0
					#mul_add_c(a[1],b[1],c3,c1,c2);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r8,r12
	adde	r10,r9,r10
	addze	r11,r11
					#mul_add_c(a[0],b[2],c3,c1,c2);
	$LD	r6,`0*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r8,r12
	adde	r10,r9,r10
	addze	r11,r11
	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3
					#mul_add_c(a[0],b[3],c1,c2,c3);
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r8,r10
	adde	r11,r9,r11
	addze	r12,r0
					#mul_add_c(a[1],b[2],c1,c2,c3);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r8,r10
	adde	r11,r9,r11
	addze	r12,r12
					#mul_add_c(a[2],b[1],c1,c2,c3);
	$LD	r6,`2*$BNSZ`(r4)
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r8,r10
	adde	r11,r9,r11
	addze	r12,r12
					#mul_add_c(a[3],b[0],c1,c2,c3);
	$LD	r6,`3*$BNSZ`(r4)
	$LD	r7,`0*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r8,r10
	adde	r11,r9,r11
	addze	r12,r12
	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1
					#mul_add_c(a[3],b[1],c2,c3,c1);
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r8,r11
	adde	r12,r9,r12
	addze	r10,r0
					#mul_add_c(a[2],b[2],c2,c3,c1);
	$LD	r6,`2*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r8,r11
	adde	r12,r9,r12
	addze	r10,r10
					#mul_add_c(a[1],b[3],c2,c3,c1);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r8,r11
	adde	r12,r9,r12
	addze	r10,r10
	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2
					#mul_add_c(a[2],b[3],c3,c1,c2);
	$LD	r6,`2*$BNSZ`(r4)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r8,r12
	adde	r10,r9,r10
	addze	r11,r0
					#mul_add_c(a[3],b[2],c3,c1,c2);
	$LD	r6,`3*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r8,r12
	adde	r10,r9,r10
	addze	r11,r11
	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3
					#mul_add_c(a[3],b[3],c1,c2,c3);
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r8,r10
	adde	r11,r9,r11

	$ST	r10,`6*$BNSZ`(r3)	#r[6]=c1
	$ST	r11,`7*$BNSZ`(r3)	#r[7]=c2
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_mul_comba8" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_mul_comba8:
#
# Optimized version of the bn_mul_comba8 routine.
#
# void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
# r3 contains r
# r4 contains a
# r5 contains b
# r6, r7 are the 2 BN_ULONGs being multiplied.
# r8, r9 are the results of the 32x32 giving 64 multiply.
# r10, r11, r12 are the equivalents of c1, c2, and c3.
#
	xor	r0,r0,r0		#r0=0. Used in addze below.

					#mul_add_c(a[0],b[0],c1,c2,c3);
	$LD	r6,`0*$BNSZ`(r4)	#a[0]
	$LD	r7,`0*$BNSZ`(r5)	#b[0]
	$UMULL	r10,r6,r7
	$UMULH	r11,r6,r7
	$ST	r10,`0*$BNSZ`(r3)	#r[0]=c1;
					#mul_add_c(a[0],b[1],c2,c3,c1);
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	addze	r12,r9			# since we didnt set r12 to zero before.
	addze	r10,r0
					#mul_add_c(a[1],b[0],c2,c3,c1);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`0*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
	$ST	r11,`1*$BNSZ`(r3)	#r[1]=c2;
					#mul_add_c(a[2],b[0],c3,c1,c2);
	$LD	r6,`2*$BNSZ`(r4)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r0
					#mul_add_c(a[1],b[1],c3,c1,c2);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[0],b[2],c3,c1,c2);
	$LD	r6,`0*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
	$ST	r12,`2*$BNSZ`(r3)	#r[2]=c3;
					#mul_add_c(a[0],b[3],c1,c2,c3);
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r0
					#mul_add_c(a[1],b[2],c1,c2,c3);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12

					#mul_add_c(a[2],b[1],c1,c2,c3);
	$LD	r6,`2*$BNSZ`(r4)
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[3],b[0],c1,c2,c3);
	$LD	r6,`3*$BNSZ`(r4)
	$LD	r7,`0*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
	$ST	r10,`3*$BNSZ`(r3)	#r[3]=c1;
					#mul_add_c(a[4],b[0],c2,c3,c1);
	$LD	r6,`4*$BNSZ`(r4)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r0
					#mul_add_c(a[3],b[1],c2,c3,c1);
	$LD	r6,`3*$BNSZ`(r4)
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[2],b[2],c2,c3,c1);
	$LD	r6,`2*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[1],b[3],c2,c3,c1);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[0],b[4],c2,c3,c1);
	$LD	r6,`0*$BNSZ`(r4)
	$LD	r7,`4*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
	$ST	r11,`4*$BNSZ`(r3)	#r[4]=c2;
					#mul_add_c(a[0],b[5],c3,c1,c2);
	$LD	r7,`5*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r0
					#mul_add_c(a[1],b[4],c3,c1,c2);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`4*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[2],b[3],c3,c1,c2);
	$LD	r6,`2*$BNSZ`(r4)
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[3],b[2],c3,c1,c2);
	$LD	r6,`3*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[4],b[1],c3,c1,c2);
	$LD	r6,`4*$BNSZ`(r4)
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[5],b[0],c3,c1,c2);
	$LD	r6,`5*$BNSZ`(r4)
	$LD	r7,`0*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
	$ST	r12,`5*$BNSZ`(r3)	#r[5]=c3;
					#mul_add_c(a[6],b[0],c1,c2,c3);
	$LD	r6,`6*$BNSZ`(r4)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r0
					#mul_add_c(a[5],b[1],c1,c2,c3);
	$LD	r6,`5*$BNSZ`(r4)
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[4],b[2],c1,c2,c3);
	$LD	r6,`4*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[3],b[3],c1,c2,c3);
	$LD	r6,`3*$BNSZ`(r4)
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[2],b[4],c1,c2,c3);
	$LD	r6,`2*$BNSZ`(r4)
	$LD	r7,`4*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[1],b[5],c1,c2,c3);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`5*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[0],b[6],c1,c2,c3);
	$LD	r6,`0*$BNSZ`(r4)
	$LD	r7,`6*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
	$ST	r10,`6*$BNSZ`(r3)	#r[6]=c1;
					#mul_add_c(a[0],b[7],c2,c3,c1);
	$LD	r7,`7*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r0
					#mul_add_c(a[1],b[6],c2,c3,c1);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`6*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[2],b[5],c2,c3,c1);
	$LD	r6,`2*$BNSZ`(r4)
	$LD	r7,`5*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[3],b[4],c2,c3,c1);
	$LD	r6,`3*$BNSZ`(r4)
	$LD	r7,`4*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[4],b[3],c2,c3,c1);
	$LD	r6,`4*$BNSZ`(r4)
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[5],b[2],c2,c3,c1);
	$LD	r6,`5*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[6],b[1],c2,c3,c1);
	$LD	r6,`6*$BNSZ`(r4)
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[7],b[0],c2,c3,c1);
	$LD	r6,`7*$BNSZ`(r4)
	$LD	r7,`0*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
	$ST	r11,`7*$BNSZ`(r3)	#r[7]=c2;
					#mul_add_c(a[7],b[1],c3,c1,c2);
	$LD	r7,`1*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r0
					#mul_add_c(a[6],b[2],c3,c1,c2);
	$LD	r6,`6*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[5],b[3],c3,c1,c2);
	$LD	r6,`5*$BNSZ`(r4)
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[4],b[4],c3,c1,c2);
	$LD	r6,`4*$BNSZ`(r4)
	$LD	r7,`4*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[3],b[5],c3,c1,c2);
	$LD	r6,`3*$BNSZ`(r4)
	$LD	r7,`5*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[2],b[6],c3,c1,c2);
	$LD	r6,`2*$BNSZ`(r4)
	$LD	r7,`6*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[1],b[7],c3,c1,c2);
	$LD	r6,`1*$BNSZ`(r4)
	$LD	r7,`7*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
	$ST	r12,`8*$BNSZ`(r3)	#r[8]=c3;
					#mul_add_c(a[2],b[7],c1,c2,c3);
	$LD	r6,`2*$BNSZ`(r4)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r0
					#mul_add_c(a[3],b[6],c1,c2,c3);
	$LD	r6,`3*$BNSZ`(r4)
	$LD	r7,`6*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[4],b[5],c1,c2,c3);
	$LD	r6,`4*$BNSZ`(r4)
	$LD	r7,`5*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[5],b[4],c1,c2,c3);
	$LD	r6,`5*$BNSZ`(r4)
	$LD	r7,`4*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[6],b[3],c1,c2,c3);
	$LD	r6,`6*$BNSZ`(r4)
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[7],b[2],c1,c2,c3);
	$LD	r6,`7*$BNSZ`(r4)
	$LD	r7,`2*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
	$ST	r10,`9*$BNSZ`(r3)	#r[9]=c1;
					#mul_add_c(a[7],b[3],c2,c3,c1);
	$LD	r7,`3*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r0
					#mul_add_c(a[6],b[4],c2,c3,c1);
	$LD	r6,`6*$BNSZ`(r4)
	$LD	r7,`4*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[5],b[5],c2,c3,c1);
	$LD	r6,`5*$BNSZ`(r4)
	$LD	r7,`5*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[4],b[6],c2,c3,c1);
	$LD	r6,`4*$BNSZ`(r4)
	$LD	r7,`6*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
					#mul_add_c(a[3],b[7],c2,c3,c1);
	$LD	r6,`3*$BNSZ`(r4)
	$LD	r7,`7*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
	$ST	r11,`10*$BNSZ`(r3)	#r[10]=c2;
					#mul_add_c(a[4],b[7],c3,c1,c2);
	$LD	r6,`4*$BNSZ`(r4)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r0
					#mul_add_c(a[5],b[6],c3,c1,c2);
	$LD	r6,`5*$BNSZ`(r4)
	$LD	r7,`6*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[6],b[5],c3,c1,c2);
	$LD	r6,`6*$BNSZ`(r4)
	$LD	r7,`5*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
					#mul_add_c(a[7],b[4],c3,c1,c2);
	$LD	r6,`7*$BNSZ`(r4)
	$LD	r7,`4*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	addze	r11,r11
	$ST	r12,`11*$BNSZ`(r3)	#r[11]=c3;
					#mul_add_c(a[7],b[5],c1,c2,c3);
	$LD	r7,`5*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r0
					#mul_add_c(a[6],b[6],c1,c2,c3);
	$LD	r6,`6*$BNSZ`(r4)
	$LD	r7,`6*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
					#mul_add_c(a[5],b[7],c1,c2,c3);
	$LD	r6,`5*$BNSZ`(r4)
	$LD	r7,`7*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r10,r10,r8
	adde	r11,r11,r9
	addze	r12,r12
	$ST	r10,`12*$BNSZ`(r3)	#r[12]=c1;
					#mul_add_c(a[6],b[7],c2,c3,c1);
	$LD	r6,`6*$BNSZ`(r4)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r0
					#mul_add_c(a[7],b[6],c2,c3,c1);
	$LD	r6,`7*$BNSZ`(r4)
	$LD	r7,`6*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r11,r11,r8
	adde	r12,r12,r9
	addze	r10,r10
	$ST	r11,`13*$BNSZ`(r3)	#r[13]=c2;
					#mul_add_c(a[7],b[7],c3,c1,c2);
	$LD	r7,`7*$BNSZ`(r5)
	$UMULL	r8,r6,r7
	$UMULH	r9,r6,r7
	addc	r12,r12,r8
	adde	r10,r10,r9
	$ST	r12,`14*$BNSZ`(r3)	#r[14]=c3;
	$ST	r10,`15*$BNSZ`(r3)	#r[15]=c1;
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_sub_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#
#
.align	4
.bn_sub_words:
#
#	Handcoded version of bn_sub_words
#
#BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
#
#	r3 = r
#	r4 = a
#	r5 = b
#	r6 = n
#
#       Note:	No loop unrolling done since this is not a performance
#               critical loop.

	xor	r0,r0,r0	#set r0 = 0
#
#	check for r6 = 0 AND set carry bit.
#
	subfc.	r7,r0,r6        # If r6 is 0 then result is 0.
				# if r6 > 0 then result !=0
				# In either case carry bit is set.
	bc	BO_IF,CR0_EQ,Lppcasm_sub_adios
	addi	r4,r4,-$BNSZ
	addi	r3,r3,-$BNSZ
	addi	r5,r5,-$BNSZ
	mtctr	r6
Lppcasm_sub_mainloop:
	$LDU	r7,$BNSZ(r4)
	$LDU	r8,$BNSZ(r5)
	subfe	r6,r8,r7	# r6 = r7+carry bit + onescomplement(r8)
				# if carry = 1 this is r7-r8. Else it
				# is r7-r8 -1 as we need.
	$STU	r6,$BNSZ(r3)
	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_sub_mainloop
Lppcasm_sub_adios:
	subfze	r3,r0		# if carry bit is set then r3 = 0 else -1
	andi.	r3,r3,1         # keep only last bit.
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000


#
#	NOTE:	The following label name should be changed to
#		"bn_add_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_add_words:
#
#	Handcoded version of bn_add_words
#
#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
#
#	r3 = r
#	r4 = a
#	r5 = b
#	r6 = n
#
#       Note:	No loop unrolling done since this is not a performance
#               critical loop.

	xor	r0,r0,r0
#
#	check for r6 = 0. Is this needed?
#
	addic.	r6,r6,0		#test r6 and clear carry bit.
	bc	BO_IF,CR0_EQ,Lppcasm_add_adios
	addi	r4,r4,-$BNSZ
	addi	r3,r3,-$BNSZ
	addi	r5,r5,-$BNSZ
	mtctr	r6
Lppcasm_add_mainloop:
	$LDU	r7,$BNSZ(r4)
	$LDU	r8,$BNSZ(r5)
	adde	r8,r7,r8
	$STU	r8,$BNSZ(r3)
	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_add_mainloop
Lppcasm_add_adios:
	addze	r3,r0			#return carry bit.
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_div_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_div_words:
#
#	This is a cleaned up version of code generated by
#	the AIX compiler. The only optimization is to use
#	the PPC instruction to count leading zeros instead
#	of call to num_bits_word. Since this was compiled
#	only at level -O2 we can possibly squeeze it more?
#
#	r3 = h
#	r4 = l
#	r5 = d

	$UCMPI	0,r5,0			# compare r5 and 0
	bc	BO_IF_NOT,CR0_EQ,Lppcasm_div1	# proceed if d!=0
	li	r3,-1			# d=0 return -1
	bclr	BO_ALWAYS,CR0_LT
Lppcasm_div1:
	xor	r0,r0,r0		#r0=0
	li	r8,$BITS
	$CNTLZ.	r7,r5			#r7 = num leading 0s in d.
	bc	BO_IF,CR0_EQ,Lppcasm_div2	#proceed if no leading zeros
	subf	r8,r7,r8		#r8 = BN_num_bits_word(d)
	$SHR.	r9,r3,r8		#are there any bits above r8'th?
	$TR	16,r9,r0		#if there're, signal to dump core...
Lppcasm_div2:
	$UCMP	0,r3,r5			#h>=d?
	bc	BO_IF,CR0_LT,Lppcasm_div3	#goto Lppcasm_div3 if not
	subf	r3,r5,r3		#h-=d ;
Lppcasm_div3:				#r7 = BN_BITS2-i. so r7=i
	cmpi	0,0,r7,0		# is (i == 0)?
	bc	BO_IF,CR0_EQ,Lppcasm_div4
	$SHL	r3,r3,r7		# h = (h<< i)
	$SHR	r8,r4,r8		# r8 = (l >> BN_BITS2 -i)
	$SHL	r5,r5,r7		# d<<=i
	or	r3,r3,r8		# h = (h<<i)|(l>>(BN_BITS2-i))
	$SHL	r4,r4,r7		# l <<=i
Lppcasm_div4:
	$SHRI	r9,r5,`$BITS/2`		# r9 = dh
					# dl will be computed when needed
					# as it saves registers.
	li	r6,2			#r6=2
	mtctr	r6			#counter will be in count.
Lppcasm_divouterloop:
	$SHRI	r8,r3,`$BITS/2`		#r8 = (h>>BN_BITS4)
	$SHRI	r11,r4,`$BITS/2`	#r11= (l&BN_MASK2h)>>BN_BITS4
					# compute here for innerloop.
	$UCMP	0,r8,r9			# is (h>>BN_BITS4)==dh
	bc	BO_IF_NOT,CR0_EQ,Lppcasm_div5	# goto Lppcasm_div5 if not

	li	r8,-1
	$CLRU	r8,r8,`$BITS/2`		#q = BN_MASK2l
	b	Lppcasm_div6
Lppcasm_div5:
	$UDIV	r8,r3,r9		#q = h/dh
Lppcasm_div6:
	$UMULL	r12,r9,r8		#th = q*dh
	$CLRU	r10,r5,`$BITS/2`	#r10=dl
	$UMULL	r6,r8,r10		#tl = q*dl

Lppcasm_divinnerloop:
	subf	r10,r12,r3		#t = h -th
	$SHRI	r7,r10,`$BITS/2`	#r7= (t &BN_MASK2H), sort of...
	addic.	r7,r7,0			#test if r7 == 0. used below.
					# now want to compute
					# r7 = (t<<BN_BITS4)|((l&BN_MASK2h)>>BN_BITS4)
					# the following 2 instructions do that
	$SHLI	r7,r10,`$BITS/2`	# r7 = (t<<BN_BITS4)
	or	r7,r7,r11		# r7|=((l&BN_MASK2h)>>BN_BITS4)
	$UCMP	1,r6,r7			# compare (tl <= r7)
	bc	BO_IF_NOT,CR0_EQ,Lppcasm_divinnerexit
	bc	BO_IF_NOT,CR1_FEX,Lppcasm_divinnerexit
	addi	r8,r8,-1		#q--
	subf	r12,r9,r12		#th -=dh
	$CLRU	r10,r5,`$BITS/2`	#r10=dl. t is no longer needed in loop.
	subf	r6,r10,r6		#tl -=dl
	b	Lppcasm_divinnerloop
Lppcasm_divinnerexit:
	$SHRI	r10,r6,`$BITS/2`	#t=(tl>>BN_BITS4)
	$SHLI	r11,r6,`$BITS/2`	#tl=(tl<<BN_BITS4)&BN_MASK2h;
	$UCMP	1,r4,r11		# compare l and tl
	add	r12,r12,r10		# th+=t
	bc	BO_IF_NOT,CR1_FX,Lppcasm_div7  # if (l>=tl) goto Lppcasm_div7
	addi	r12,r12,1		# th++
Lppcasm_div7:
	subf	r11,r11,r4		#r11=l-tl
	$UCMP	1,r3,r12		#compare h and th
	bc	BO_IF_NOT,CR1_FX,Lppcasm_div8	#if (h>=th) goto Lppcasm_div8
	addi	r8,r8,-1		# q--
	add	r3,r5,r3		# h+=d
Lppcasm_div8:
	subf	r12,r12,r3		#r12 = h-th
	$SHLI	r4,r11,`$BITS/2`	#l=(l&BN_MASK2l)<<BN_BITS4
					# want to compute
					# h = ((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2
					# the following 2 instructions will do this.
	$INSR	r11,r12,`$BITS/2`,`$BITS/2`	# r11 is the value we want rotated $BITS/2.
	$ROTL	r3,r11,`$BITS/2`	# rotate by $BITS/2 and store in r3
	bc	BO_dCTR_ZERO,CR0_EQ,Lppcasm_div9#if (count==0) break ;
	$SHLI	r0,r8,`$BITS/2`		#ret =q<<BN_BITS4
	b	Lppcasm_divouterloop
Lppcasm_div9:
	or	r3,r8,r0
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_sqr_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#
.align	4
.bn_sqr_words:
#
#	Optimized version of bn_sqr_words
#
#	void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n)
#
#	r3 = r
#	r4 = a
#	r5 = n
#
#	r6 = a[i].
#	r7,r8 = product.
#
#	No unrolling done here. Not performance critical.

	addic.	r5,r5,0			#test r5.
	bc	BO_IF,CR0_EQ,Lppcasm_sqr_adios
	addi	r4,r4,-$BNSZ
	addi	r3,r3,-$BNSZ
	mtctr	r5
Lppcasm_sqr_mainloop:
					#sqr(r[0],r[1],a[0]);
	$LDU	r6,$BNSZ(r4)
	$UMULL	r7,r6,r6
	$UMULH  r8,r6,r6
	$STU	r7,$BNSZ(r3)
	$STU	r8,$BNSZ(r3)
	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_sqr_mainloop
Lppcasm_sqr_adios:
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000


#
#	NOTE:	The following label name should be changed to
#		"bn_mul_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_mul_words:
#
# BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
#
# r3 = rp
# r4 = ap
# r5 = num
# r6 = w
	xor	r0,r0,r0
	xor	r12,r12,r12		# used for carry
	rlwinm.	r7,r5,30,2,31		# num >> 2
	bc	BO_IF,CR0_EQ,Lppcasm_mw_REM
	mtctr	r7
Lppcasm_mw_LOOP:
					#mul(rp[0],ap[0],w,c1);
	$LD	r8,`0*$BNSZ`(r4)
	$UMULL	r9,r6,r8
	$UMULH  r10,r6,r8
	addc	r9,r9,r12
	#addze	r10,r10			#carry is NOT ignored.
					#will be taken care of
					#in second spin below
					#using adde.
	$ST	r9,`0*$BNSZ`(r3)
					#mul(rp[1],ap[1],w,c1);
	$LD	r8,`1*$BNSZ`(r4)
	$UMULL	r11,r6,r8
	$UMULH  r12,r6,r8
	adde	r11,r11,r10
	#addze	r12,r12
	$ST	r11,`1*$BNSZ`(r3)
					#mul(rp[2],ap[2],w,c1);
	$LD	r8,`2*$BNSZ`(r4)
	$UMULL	r9,r6,r8
	$UMULH  r10,r6,r8
	adde	r9,r9,r12
	#addze	r10,r10
	$ST	r9,`2*$BNSZ`(r3)
					#mul_add(rp[3],ap[3],w,c1);
	$LD	r8,`3*$BNSZ`(r4)
	$UMULL	r11,r6,r8
	$UMULH  r12,r6,r8
	adde	r11,r11,r10
	addze	r12,r12			#this spin we collect carry into
					#r12
	$ST	r11,`3*$BNSZ`(r3)

	addi	r3,r3,`4*$BNSZ`
	addi	r4,r4,`4*$BNSZ`
	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_mw_LOOP

Lppcasm_mw_REM:
	andi.	r5,r5,0x3
	bc	BO_IF,CR0_EQ,Lppcasm_mw_OVER
					#mul(rp[0],ap[0],w,c1);
	$LD	r8,`0*$BNSZ`(r4)
	$UMULL	r9,r6,r8
	$UMULH  r10,r6,r8
	addc	r9,r9,r12
	addze	r10,r10
	$ST	r9,`0*$BNSZ`(r3)
	addi	r12,r10,0

	addi	r5,r5,-1
	cmpli	0,0,r5,0
	bc	BO_IF,CR0_EQ,Lppcasm_mw_OVER


					#mul(rp[1],ap[1],w,c1);
	$LD	r8,`1*$BNSZ`(r4)
	$UMULL	r9,r6,r8
	$UMULH  r10,r6,r8
	addc	r9,r9,r12
	addze	r10,r10
	$ST	r9,`1*$BNSZ`(r3)
	addi	r12,r10,0

	addi	r5,r5,-1
	cmpli	0,0,r5,0
	bc	BO_IF,CR0_EQ,Lppcasm_mw_OVER

					#mul_add(rp[2],ap[2],w,c1);
	$LD	r8,`2*$BNSZ`(r4)
	$UMULL	r9,r6,r8
	$UMULH  r10,r6,r8
	addc	r9,r9,r12
	addze	r10,r10
	$ST	r9,`2*$BNSZ`(r3)
	addi	r12,r10,0

Lppcasm_mw_OVER:
	addi	r3,r12,0
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000

#
#	NOTE:	The following label name should be changed to
#		"bn_mul_add_words" i.e. remove the first dot
#		for the gcc compiler. This should be automatically
#		done in the build
#

.align	4
.bn_mul_add_words:
#
# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
#
# r3 = rp
# r4 = ap
# r5 = num
# r6 = w
#
# empirical evidence suggests that unrolled version performs best!!
#
	xor	r0,r0,r0		#r0 = 0
	xor	r12,r12,r12  		#r12 = 0 . used for carry
	rlwinm.	r7,r5,30,2,31		# num >> 2
	bc	BO_IF,CR0_EQ,Lppcasm_maw_leftover	# if (num < 4) go LPPCASM_maw_leftover
	mtctr	r7
Lppcasm_maw_mainloop:
					#mul_add(rp[0],ap[0],w,c1);
	$LD	r8,`0*$BNSZ`(r4)
	$LD	r11,`0*$BNSZ`(r3)
	$UMULL	r9,r6,r8
	$UMULH  r10,r6,r8
	addc	r9,r9,r12		#r12 is carry.
	addze	r10,r10
	addc	r9,r9,r11
	#addze	r10,r10
					#the above instruction addze
					#is NOT needed. Carry will NOT
					#be ignored. It's not affected
					#by multiply and will be collected
					#in the next spin
	$ST	r9,`0*$BNSZ`(r3)

					#mul_add(rp[1],ap[1],w,c1);
	$LD	r8,`1*$BNSZ`(r4)
	$LD	r9,`1*$BNSZ`(r3)
	$UMULL	r11,r6,r8
	$UMULH  r12,r6,r8
	adde	r11,r11,r10		#r10 is carry.
	addze	r12,r12
	addc	r11,r11,r9
	#addze	r12,r12
	$ST	r11,`1*$BNSZ`(r3)

					#mul_add(rp[2],ap[2],w,c1);
	$LD	r8,`2*$BNSZ`(r4)
	$UMULL	r9,r6,r8
	$LD	r11,`2*$BNSZ`(r3)
	$UMULH  r10,r6,r8
	adde	r9,r9,r12
	addze	r10,r10
	addc	r9,r9,r11
	#addze	r10,r10
	$ST	r9,`2*$BNSZ`(r3)

					#mul_add(rp[3],ap[3],w,c1);
	$LD	r8,`3*$BNSZ`(r4)
	$UMULL	r11,r6,r8
	$LD	r9,`3*$BNSZ`(r3)
	$UMULH  r12,r6,r8
	adde	r11,r11,r10
	addze	r12,r12
	addc	r11,r11,r9
	addze	r12,r12
	$ST	r11,`3*$BNSZ`(r3)
	addi	r3,r3,`4*$BNSZ`
	addi	r4,r4,`4*$BNSZ`
	bc	BO_dCTR_NZERO,CR0_EQ,Lppcasm_maw_mainloop

Lppcasm_maw_leftover:
	andi.	r5,r5,0x3
	bc	BO_IF,CR0_EQ,Lppcasm_maw_adios
	addi	r3,r3,-$BNSZ
	addi	r4,r4,-$BNSZ
					#mul_add(rp[0],ap[0],w,c1);
	mtctr	r5
	$LDU	r8,$BNSZ(r4)
	$UMULL	r9,r6,r8
	$UMULH  r10,r6,r8
	$LDU	r11,$BNSZ(r3)
	addc	r9,r9,r11
	addze	r10,r10
	addc	r9,r9,r12
	addze	r12,r10
	$ST	r9,0(r3)

	bc	BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
					#mul_add(rp[1],ap[1],w,c1);
	$LDU	r8,$BNSZ(r4)
	$UMULL	r9,r6,r8
	$UMULH  r10,r6,r8
	$LDU	r11,$BNSZ(r3)
	addc	r9,r9,r11
	addze	r10,r10
	addc	r9,r9,r12
	addze	r12,r10
	$ST	r9,0(r3)

	bc	BO_dCTR_ZERO,CR0_EQ,Lppcasm_maw_adios
					#mul_add(rp[2],ap[2],w,c1);
	$LDU	r8,$BNSZ(r4)
	$UMULL	r9,r6,r8
	$UMULH  r10,r6,r8
	$LDU	r11,$BNSZ(r3)
	addc	r9,r9,r11
	addze	r10,r10
	addc	r9,r9,r12
	addze	r12,r10
	$ST	r9,0(r3)

Lppcasm_maw_adios:
	addi	r3,r12,0
	bclr	BO_ALWAYS,CR0_LT
	.long	0x00000000
	.align	4
EOF
	$data =~ s/\`([^\`]*)\`/eval $1/gem;

	# if some assembler chokes on some simplified mnemonic,
	# this is the spot to fix it up, e.g.:
	# GNU as doesn't seem to accept cmplw, 32-bit unsigned compare
	$data =~ s/^(\s*)cmplw(\s+)([^,]+),(.*)/$1cmpl$2$3,0,$4/gm;
	# assembler X doesn't accept li, load immediate value
	#$data =~ s/^(\s*)li(\s+)([^,]+),(.*)/$1addi$2$3,0,$4/gm;
	# assembler Y chokes on apostrophes in comments
	$data =~ s/'//gm;
	return($data);
}