cjson
.github
workflows CI.yml ci-fuzz.yml
CONTRIBUTING.md
fuzzing
inputs test1 test10 test11 test2 test3 test3.bu test3.uf test3.uu test4 test5 test6 test7 test8 test9
.gitignore CMakeLists.txt afl-prepare-linux.sh afl.c afl.sh cjson_read_fuzzer.c fuzz_main.c json.dict ossfuzz.sh
library_config cJSONConfig.cmake.in cJSONConfigVersion.cmake.in libcjson.pc.in libcjson_utils.pc.in uninstall.cmake
tests
inputs test1 test1.expected test10 test10.expected test11 test11.expected test2 test2.expected test3 test3.expected test4 test4.expected test5 test5.expected test6 test7 test7.expected test8 test8.expected test9 test9.expected
json-patch-tests .editorconfig .gitignore .npmignore README.md cjson-utils-tests.json package.json spec_tests.json tests.json
unity
auto colour_prompt.rb colour_reporter.rb generate_config.yml generate_module.rb generate_test_runner.rb parse_output.rb stylize_as_junit.rb test_file_filter.rb type_sanitizer.rb unity_test_summary.py unity_test_summary.rb unity_to_junit.py
docs ThrowTheSwitchCodingStandard.md UnityAssertionsCheatSheetSuitableforPrintingandPossiblyFraming.pdf UnityAssertionsReference.md UnityConfigurationGuide.md UnityGettingStartedGuide.md UnityHelperScriptsGuide.md license.txt
examples
example_1
src ProductionCode.c ProductionCode.h ProductionCode2.c ProductionCode2.h
makefile readme.txt
example_2
src ProductionCode.c ProductionCode.h ProductionCode2.c ProductionCode2.h
makefile readme.txt
example_3
helper UnityHelper.c UnityHelper.h
src ProductionCode.c ProductionCode.h ProductionCode2.c ProductionCode2.h
rakefile.rb rakefile_helper.rb readme.txt target_gcc_32.yml
unity_config.h
extras
eclipse error_parsers.txt
fixture
src unity_fixture.c unity_fixture.h unity_fixture_internals.h unity_fixture_malloc_overrides.h
rakefile.rb rakefile_helper.rb readme.txt
release build.info version.info
src unity.c unity.h unity_internals.h
.gitattributes .gitignore .travis.yml README.md
CMakeLists.txt cjson_add.c common.h compare_tests.c json_patch_tests.c minify_tests.c misc_tests.c misc_utils_tests.c old_utils_tests.c parse_array.c parse_examples.c parse_hex4.c parse_number.c parse_object.c parse_string.c parse_value.c parse_with_opts.c print_array.c print_number.c print_object.c print_string.c print_value.c readme_examples.c unity_setup.c
.editorconfig .gitattributes .gitignore .travis.yml CHANGELOG.md CMakeLists.txt CONTRIBUTORS.md LICENSE Makefile README.md SECURITY.md appveyor.yml cJSON.c cJSON.h cJSON_Utils.c cJSON_Utils.h test.c valgrind.supp
curl
.circleci config.yml
.github
ISSUE_TEMPLATE bug_report.yml config.yml docs.yml
scripts cleancmd.pl cmp-config.pl cmp-pkg-config.sh codespell-ignore.words codespell.sh distfiles.sh pyspelling.words pyspelling.yaml randcurl.pl requirements-docs.txt requirements-proselint.txt requirements.txt shellcheck-ci.sh shellcheck.sh spellcheck.curl trimmarkdownheader.pl typos.sh typos.toml verify-examples.pl verify-synopsis.pl yamlcheck.sh yamlcheck.yaml
workflows appveyor-status.yml checkdocs.yml checksrc.yml checkurls.yml codeql.yml configure-vs-cmake.yml curl-for-win.yml distcheck.yml fuzz.yml http3-linux.yml label.yml linux-old.yml linux.yml macos.yml non-native.yml windows.yml
CODEOWNERS CONTRIBUTING.md FUNDING.yml dependabot.yml labeler.yml lock.yml stale.yml
CMake CurlSymbolHiding.cmake CurlTests.c FindBrotli.cmake FindCares.cmake FindGSS.cmake FindGnuTLS.cmake FindLDAP.cmake FindLibbacktrace.cmake FindLibgsasl.cmake FindLibidn2.cmake FindLibpsl.cmake FindLibssh.cmake FindLibssh2.cmake FindLibuv.cmake FindMbedTLS.cmake FindNGHTTP2.cmake FindNGHTTP3.cmake FindNGTCP2.cmake FindNettle.cmake FindQuiche.cmake FindRustls.cmake FindWolfSSL.cmake FindZstd.cmake Macros.cmake OtherTests.cmake PickyWarnings.cmake Utilities.cmake cmake_uninstall.in.cmake curl-config.in.cmake unix-cache.cmake win32-cache.cmake
LICENSES BSD-4-Clause-UC.txt ISC.txt curl.txt
docs
cmdline-opts .gitignore CMakeLists.txt MANPAGE.md Makefile.am Makefile.inc _AUTHORS.md _BUGS.md _DESCRIPTION.md _ENVIRONMENT.md _EXITCODES.md _FILES.md _GLOBBING.md _NAME.md _OPTIONS.md _OUTPUT.md _PROGRESS.md _PROTOCOLS.md _PROXYPREFIX.md _SEEALSO.md _SYNOPSIS.md _URL.md _VARIABLES.md _VERSION.md _WWW.md abstract-unix-socket.md alt-svc.md anyauth.md append.md aws-sigv4.md basic.md ca-native.md cacert.md capath.md cert-status.md cert-type.md cert.md ciphers.md compressed-ssh.md compressed.md config.md connect-timeout.md connect-to.md continue-at.md cookie-jar.md cookie.md create-dirs.md create-file-mode.md crlf.md crlfile.md curves.md data-ascii.md data-binary.md data-raw.md data-urlencode.md data.md delegation.md digest.md disable-eprt.md disable-epsv.md disable.md disallow-username-in-url.md dns-interface.md dns-ipv4-addr.md dns-ipv6-addr.md dns-servers.md doh-cert-status.md doh-insecure.md doh-url.md dump-ca-embed.md dump-header.md ech.md egd-file.md engine.md etag-compare.md etag-save.md expect100-timeout.md fail-early.md fail-with-body.md fail.md false-start.md follow.md form-escape.md form-string.md form.md ftp-account.md ftp-alternative-to-user.md ftp-create-dirs.md ftp-method.md ftp-pasv.md ftp-port.md ftp-pret.md ftp-skip-pasv-ip.md ftp-ssl-ccc-mode.md ftp-ssl-ccc.md ftp-ssl-control.md get.md globoff.md happy-eyeballs-timeout-ms.md haproxy-clientip.md haproxy-protocol.md head.md header.md help.md hostpubmd5.md hostpubsha256.md hsts.md http0.9.md http1.0.md http1.1.md http2-prior-knowledge.md http2.md http3-only.md http3.md ignore-content-length.md insecure.md interface.md ip-tos.md ipfs-gateway.md ipv4.md ipv6.md json.md junk-session-cookies.md keepalive-cnt.md keepalive-time.md key-type.md key.md knownhosts.md krb.md libcurl.md limit-rate.md list-only.md local-port.md location-trusted.md location.md login-options.md mail-auth.md mail-from.md mail-rcpt-allowfails.md mail-rcpt.md mainpage.idx manual.md max-filesize.md max-redirs.md max-time.md metalink.md mptcp.md negotiate.md netrc-file.md netrc-optional.md netrc.md next.md no-alpn.md no-buffer.md no-clobber.md no-keepalive.md no-npn.md no-progress-meter.md no-sessionid.md noproxy.md ntlm-wb.md ntlm.md oauth2-bearer.md out-null.md output-dir.md output.md parallel-immediate.md parallel-max-host.md parallel-max.md parallel.md pass.md path-as-is.md pinnedpubkey.md post301.md post302.md post303.md preproxy.md progress-bar.md proto-default.md proto-redir.md proto.md proxy-anyauth.md proxy-basic.md proxy-ca-native.md proxy-cacert.md proxy-capath.md proxy-cert-type.md proxy-cert.md proxy-ciphers.md proxy-crlfile.md proxy-digest.md proxy-header.md proxy-http2.md proxy-insecure.md proxy-key-type.md proxy-key.md proxy-negotiate.md proxy-ntlm.md proxy-pass.md proxy-pinnedpubkey.md proxy-service-name.md proxy-ssl-allow-beast.md proxy-ssl-auto-client-cert.md proxy-tls13-ciphers.md proxy-tlsauthtype.md proxy-tlspassword.md proxy-tlsuser.md proxy-tlsv1.md proxy-user.md proxy.md proxy1.0.md proxytunnel.md pubkey.md quote.md random-file.md range.md rate.md raw.md referer.md remote-header-name.md remote-name-all.md remote-name.md remote-time.md remove-on-error.md request-target.md request.md resolve.md retry-all-errors.md retry-connrefused.md retry-delay.md retry-max-time.md retry.md sasl-authzid.md sasl-ir.md service-name.md show-error.md show-headers.md sigalgs.md silent.md skip-existing.md socks4.md socks4a.md socks5-basic.md socks5-gssapi-nec.md socks5-gssapi-service.md socks5-gssapi.md socks5-hostname.md socks5.md speed-limit.md speed-time.md ssl-allow-beast.md ssl-auto-client-cert.md ssl-no-revoke.md ssl-reqd.md ssl-revoke-best-effort.md ssl-sessions.md ssl.md sslv2.md sslv3.md stderr.md styled-output.md suppress-connect-headers.md tcp-fastopen.md tcp-nodelay.md telnet-option.md tftp-blksize.md tftp-no-options.md time-cond.md tls-earlydata.md tls-max.md tls13-ciphers.md tlsauthtype.md tlspassword.md tlsuser.md tlsv1.0.md tlsv1.1.md tlsv1.2.md tlsv1.3.md tlsv1.md tr-encoding.md trace-ascii.md trace-config.md trace-ids.md trace-time.md trace.md unix-socket.md upload-file.md upload-flags.md url-query.md url.md use-ascii.md user-agent.md user.md variable.md verbose.md version.md vlan-priority.md write-out.md xattr.md
examples .checksrc .gitignore 10-at-a-time.c CMakeLists.txt Makefile.am Makefile.example Makefile.inc README.md adddocsref.pl address-scope.c altsvc.c anyauthput.c block_ip.c cacertinmem.c certinfo.c chkspeed.c connect-to.c cookie_interface.c crawler.c debug.c default-scheme.c ephiperfifo.c evhiperfifo.c externalsocket.c fileupload.c ftp-delete.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c getredirect.c getreferrer.c ghiper.c headerapi.c hiperfifo.c hsts-preload.c htmltidy.c htmltitle.cpp http-options.c http-post.c http2-download.c http2-pushinmemory.c http2-serverpush.c http2-upload.c http3-present.c http3.c httpcustomheader.c httpput-postfields.c httpput.c https.c imap-append.c imap-authzid.c imap-copy.c imap-create.c imap-delete.c imap-examine.c imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c ipv6.c keepalive.c localport.c log_failed_transfers.c maxconnects.c multi-app.c multi-debugcallback.c multi-double.c multi-event.c multi-formadd.c multi-legacy.c multi-post.c multi-single.c multi-uv.c netrc.c parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c postinmemory.c postit2-formadd.c postit2.c progressfunc.c protofeats.c range.c resolve.c rtsp-options.c sendrecv.c sepheaders.c sessioninfo.c sftpget.c sftpuploadresume.c shared-connection-cache.c simple.c simplepost.c simplessl.c smooth-gtk-thread.c smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c synctime.c threaded.c unixsocket.c url2file.c urlapi.c usercertinmem.c version-check.pl websocket-cb.c websocket-updown.c websocket.c xmlstream.c
internals BUFQ.md BUFREF.md CHECKSRC.md CLIENT-READERS.md CLIENT-WRITERS.md CODE_STYLE.md CONNECTION-FILTERS.md CREDENTIALS.md CURLX.md DYNBUF.md HASH.md LLIST.md MID.md MQTT.md MULTI-EV.md NEW-PROTOCOL.md PEERS.md PORTING.md RATELIMITS.md README.md SCORECARD.md SPLAY.md STRPARSE.md THRDPOOL-AND-QUEUE.md TIME-KEEPING.md TLS-SESSIONS.md UINT_SETS.md WEBSOCKET.md
libcurl
opts CMakeLists.txt CURLINFO_ACTIVESOCKET.md CURLINFO_APPCONNECT_TIME.md CURLINFO_APPCONNECT_TIME_T.md CURLINFO_CAINFO.md CURLINFO_CAPATH.md CURLINFO_CERTINFO.md CURLINFO_CONDITION_UNMET.md CURLINFO_CONNECT_TIME.md CURLINFO_CONNECT_TIME_T.md CURLINFO_CONN_ID.md CURLINFO_CONTENT_LENGTH_DOWNLOAD.md CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md CURLINFO_CONTENT_LENGTH_UPLOAD.md CURLINFO_CONTENT_LENGTH_UPLOAD_T.md CURLINFO_CONTENT_TYPE.md CURLINFO_COOKIELIST.md CURLINFO_EARLYDATA_SENT_T.md CURLINFO_EFFECTIVE_METHOD.md CURLINFO_EFFECTIVE_URL.md CURLINFO_FILETIME.md CURLINFO_FILETIME_T.md CURLINFO_FTP_ENTRY_PATH.md CURLINFO_HEADER_SIZE.md CURLINFO_HTTPAUTH_AVAIL.md CURLINFO_HTTPAUTH_USED.md CURLINFO_HTTP_CONNECTCODE.md CURLINFO_HTTP_VERSION.md CURLINFO_LASTSOCKET.md CURLINFO_LOCAL_IP.md CURLINFO_LOCAL_PORT.md CURLINFO_NAMELOOKUP_TIME.md CURLINFO_NAMELOOKUP_TIME_T.md CURLINFO_NUM_CONNECTS.md CURLINFO_OS_ERRNO.md CURLINFO_POSTTRANSFER_TIME_T.md CURLINFO_PRETRANSFER_TIME.md CURLINFO_PRETRANSFER_TIME_T.md CURLINFO_PRIMARY_IP.md CURLINFO_PRIMARY_PORT.md CURLINFO_PRIVATE.md CURLINFO_PROTOCOL.md CURLINFO_PROXYAUTH_AVAIL.md CURLINFO_PROXYAUTH_USED.md CURLINFO_PROXY_ERROR.md CURLINFO_PROXY_SSL_VERIFYRESULT.md CURLINFO_QUEUE_TIME_T.md CURLINFO_REDIRECT_COUNT.md CURLINFO_REDIRECT_TIME.md CURLINFO_REDIRECT_TIME_T.md CURLINFO_REDIRECT_URL.md CURLINFO_REFERER.md CURLINFO_REQUEST_SIZE.md CURLINFO_RESPONSE_CODE.md CURLINFO_RETRY_AFTER.md CURLINFO_RTSP_CLIENT_CSEQ.md CURLINFO_RTSP_CSEQ_RECV.md CURLINFO_RTSP_SERVER_CSEQ.md CURLINFO_RTSP_SESSION_ID.md CURLINFO_SCHEME.md CURLINFO_SIZE_DELIVERED.md CURLINFO_SIZE_DOWNLOAD.md CURLINFO_SIZE_DOWNLOAD_T.md CURLINFO_SIZE_UPLOAD.md CURLINFO_SIZE_UPLOAD_T.md CURLINFO_SPEED_DOWNLOAD.md CURLINFO_SPEED_DOWNLOAD_T.md CURLINFO_SPEED_UPLOAD.md CURLINFO_SPEED_UPLOAD_T.md CURLINFO_SSL_ENGINES.md CURLINFO_SSL_VERIFYRESULT.md CURLINFO_STARTTRANSFER_TIME.md CURLINFO_STARTTRANSFER_TIME_T.md CURLINFO_TLS_SESSION.md CURLINFO_TLS_SSL_PTR.md CURLINFO_TOTAL_TIME.md CURLINFO_TOTAL_TIME_T.md CURLINFO_USED_PROXY.md CURLINFO_XFER_ID.md CURLMINFO_XFERS_ADDED.md CURLMINFO_XFERS_CURRENT.md CURLMINFO_XFERS_DONE.md CURLMINFO_XFERS_PENDING.md CURLMINFO_XFERS_RUNNING.md CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md CURLMOPT_MAXCONNECTS.md CURLMOPT_MAX_CONCURRENT_STREAMS.md CURLMOPT_MAX_HOST_CONNECTIONS.md CURLMOPT_MAX_PIPELINE_LENGTH.md CURLMOPT_MAX_TOTAL_CONNECTIONS.md CURLMOPT_NETWORK_CHANGED.md CURLMOPT_NOTIFYDATA.md CURLMOPT_NOTIFYFUNCTION.md CURLMOPT_PIPELINING.md CURLMOPT_PIPELINING_SERVER_BL.md CURLMOPT_PIPELINING_SITE_BL.md CURLMOPT_PUSHDATA.md CURLMOPT_PUSHFUNCTION.md CURLMOPT_QUICK_EXIT.md CURLMOPT_RESOLVE_THREADS_MAX.md CURLMOPT_SOCKETDATA.md CURLMOPT_SOCKETFUNCTION.md CURLMOPT_TIMERDATA.md CURLMOPT_TIMERFUNCTION.md CURLOPT_ABSTRACT_UNIX_SOCKET.md CURLOPT_ACCEPTTIMEOUT_MS.md CURLOPT_ACCEPT_ENCODING.md CURLOPT_ADDRESS_SCOPE.md CURLOPT_ALTSVC.md CURLOPT_ALTSVC_CTRL.md CURLOPT_APPEND.md CURLOPT_AUTOREFERER.md CURLOPT_AWS_SIGV4.md CURLOPT_BUFFERSIZE.md CURLOPT_CAINFO.md CURLOPT_CAINFO_BLOB.md CURLOPT_CAPATH.md CURLOPT_CA_CACHE_TIMEOUT.md CURLOPT_CERTINFO.md CURLOPT_CHUNK_BGN_FUNCTION.md CURLOPT_CHUNK_DATA.md CURLOPT_CHUNK_END_FUNCTION.md CURLOPT_CLOSESOCKETDATA.md CURLOPT_CLOSESOCKETFUNCTION.md CURLOPT_CONNECTTIMEOUT.md CURLOPT_CONNECTTIMEOUT_MS.md CURLOPT_CONNECT_ONLY.md CURLOPT_CONNECT_TO.md CURLOPT_CONV_FROM_NETWORK_FUNCTION.md CURLOPT_CONV_FROM_UTF8_FUNCTION.md CURLOPT_CONV_TO_NETWORK_FUNCTION.md CURLOPT_COOKIE.md CURLOPT_COOKIEFILE.md CURLOPT_COOKIEJAR.md CURLOPT_COOKIELIST.md CURLOPT_COOKIESESSION.md CURLOPT_COPYPOSTFIELDS.md CURLOPT_CRLF.md CURLOPT_CRLFILE.md CURLOPT_CURLU.md CURLOPT_CUSTOMREQUEST.md CURLOPT_DEBUGDATA.md CURLOPT_DEBUGFUNCTION.md CURLOPT_DEFAULT_PROTOCOL.md CURLOPT_DIRLISTONLY.md CURLOPT_DISALLOW_USERNAME_IN_URL.md CURLOPT_DNS_CACHE_TIMEOUT.md CURLOPT_DNS_INTERFACE.md CURLOPT_DNS_LOCAL_IP4.md CURLOPT_DNS_LOCAL_IP6.md CURLOPT_DNS_SERVERS.md CURLOPT_DNS_SHUFFLE_ADDRESSES.md CURLOPT_DNS_USE_GLOBAL_CACHE.md CURLOPT_DOH_SSL_VERIFYHOST.md CURLOPT_DOH_SSL_VERIFYPEER.md CURLOPT_DOH_SSL_VERIFYSTATUS.md CURLOPT_DOH_URL.md CURLOPT_ECH.md CURLOPT_EGDSOCKET.md CURLOPT_ERRORBUFFER.md CURLOPT_EXPECT_100_TIMEOUT_MS.md CURLOPT_FAILONERROR.md CURLOPT_FILETIME.md CURLOPT_FNMATCH_DATA.md CURLOPT_FNMATCH_FUNCTION.md CURLOPT_FOLLOWLOCATION.md CURLOPT_FORBID_REUSE.md CURLOPT_FRESH_CONNECT.md CURLOPT_FTPPORT.md CURLOPT_FTPSSLAUTH.md CURLOPT_FTP_ACCOUNT.md CURLOPT_FTP_ALTERNATIVE_TO_USER.md CURLOPT_FTP_CREATE_MISSING_DIRS.md CURLOPT_FTP_FILEMETHOD.md CURLOPT_FTP_SKIP_PASV_IP.md CURLOPT_FTP_SSL_CCC.md CURLOPT_FTP_USE_EPRT.md CURLOPT_FTP_USE_EPSV.md CURLOPT_FTP_USE_PRET.md CURLOPT_GSSAPI_DELEGATION.md CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md CURLOPT_HAPROXYPROTOCOL.md CURLOPT_HAPROXY_CLIENT_IP.md CURLOPT_HEADER.md CURLOPT_HEADERDATA.md CURLOPT_HEADERFUNCTION.md CURLOPT_HEADEROPT.md CURLOPT_HSTS.md CURLOPT_HSTSREADDATA.md CURLOPT_HSTSREADFUNCTION.md CURLOPT_HSTSWRITEDATA.md CURLOPT_HSTSWRITEFUNCTION.md CURLOPT_HSTS_CTRL.md CURLOPT_HTTP09_ALLOWED.md CURLOPT_HTTP200ALIASES.md CURLOPT_HTTPAUTH.md CURLOPT_HTTPGET.md CURLOPT_HTTPHEADER.md CURLOPT_HTTPPOST.md CURLOPT_HTTPPROXYTUNNEL.md CURLOPT_HTTP_CONTENT_DECODING.md CURLOPT_HTTP_TRANSFER_DECODING.md CURLOPT_HTTP_VERSION.md CURLOPT_IGNORE_CONTENT_LENGTH.md CURLOPT_INFILESIZE.md CURLOPT_INFILESIZE_LARGE.md CURLOPT_INTERFACE.md CURLOPT_INTERLEAVEDATA.md CURLOPT_INTERLEAVEFUNCTION.md CURLOPT_IOCTLDATA.md CURLOPT_IOCTLFUNCTION.md CURLOPT_IPRESOLVE.md CURLOPT_ISSUERCERT.md CURLOPT_ISSUERCERT_BLOB.md CURLOPT_KEEP_SENDING_ON_ERROR.md CURLOPT_KEYPASSWD.md CURLOPT_KRBLEVEL.md CURLOPT_LOCALPORT.md CURLOPT_LOCALPORTRANGE.md CURLOPT_LOGIN_OPTIONS.md CURLOPT_LOW_SPEED_LIMIT.md CURLOPT_LOW_SPEED_TIME.md CURLOPT_MAIL_AUTH.md CURLOPT_MAIL_FROM.md CURLOPT_MAIL_RCPT.md CURLOPT_MAIL_RCPT_ALLOWFAILS.md CURLOPT_MAXAGE_CONN.md CURLOPT_MAXCONNECTS.md CURLOPT_MAXFILESIZE.md CURLOPT_MAXFILESIZE_LARGE.md CURLOPT_MAXLIFETIME_CONN.md CURLOPT_MAXREDIRS.md CURLOPT_MAX_RECV_SPEED_LARGE.md CURLOPT_MAX_SEND_SPEED_LARGE.md CURLOPT_MIMEPOST.md CURLOPT_MIME_OPTIONS.md CURLOPT_NETRC.md CURLOPT_NETRC_FILE.md CURLOPT_NEW_DIRECTORY_PERMS.md CURLOPT_NEW_FILE_PERMS.md CURLOPT_NOBODY.md CURLOPT_NOPROGRESS.md CURLOPT_NOPROXY.md CURLOPT_NOSIGNAL.md CURLOPT_OPENSOCKETDATA.md CURLOPT_OPENSOCKETFUNCTION.md CURLOPT_PASSWORD.md CURLOPT_PATH_AS_IS.md CURLOPT_PINNEDPUBLICKEY.md CURLOPT_PIPEWAIT.md CURLOPT_PORT.md CURLOPT_POST.md CURLOPT_POSTFIELDS.md CURLOPT_POSTFIELDSIZE.md CURLOPT_POSTFIELDSIZE_LARGE.md CURLOPT_POSTQUOTE.md CURLOPT_POSTREDIR.md CURLOPT_PREQUOTE.md CURLOPT_PREREQDATA.md CURLOPT_PREREQFUNCTION.md CURLOPT_PRE_PROXY.md CURLOPT_PRIVATE.md CURLOPT_PROGRESSDATA.md CURLOPT_PROGRESSFUNCTION.md CURLOPT_PROTOCOLS.md CURLOPT_PROTOCOLS_STR.md CURLOPT_PROXY.md CURLOPT_PROXYAUTH.md CURLOPT_PROXYHEADER.md CURLOPT_PROXYPASSWORD.md CURLOPT_PROXYPORT.md CURLOPT_PROXYTYPE.md CURLOPT_PROXYUSERNAME.md CURLOPT_PROXYUSERPWD.md CURLOPT_PROXY_CAINFO.md CURLOPT_PROXY_CAINFO_BLOB.md CURLOPT_PROXY_CAPATH.md CURLOPT_PROXY_CRLFILE.md CURLOPT_PROXY_ISSUERCERT.md CURLOPT_PROXY_ISSUERCERT_BLOB.md CURLOPT_PROXY_KEYPASSWD.md CURLOPT_PROXY_PINNEDPUBLICKEY.md CURLOPT_PROXY_SERVICE_NAME.md CURLOPT_PROXY_SSLCERT.md CURLOPT_PROXY_SSLCERTTYPE.md CURLOPT_PROXY_SSLCERT_BLOB.md CURLOPT_PROXY_SSLKEY.md CURLOPT_PROXY_SSLKEYTYPE.md CURLOPT_PROXY_SSLKEY_BLOB.md CURLOPT_PROXY_SSLVERSION.md CURLOPT_PROXY_SSL_CIPHER_LIST.md CURLOPT_PROXY_SSL_OPTIONS.md CURLOPT_PROXY_SSL_VERIFYHOST.md CURLOPT_PROXY_SSL_VERIFYPEER.md CURLOPT_PROXY_TLS13_CIPHERS.md CURLOPT_PROXY_TLSAUTH_PASSWORD.md CURLOPT_PROXY_TLSAUTH_TYPE.md CURLOPT_PROXY_TLSAUTH_USERNAME.md CURLOPT_PROXY_TRANSFER_MODE.md CURLOPT_PUT.md CURLOPT_QUICK_EXIT.md CURLOPT_QUOTE.md CURLOPT_RANDOM_FILE.md CURLOPT_RANGE.md CURLOPT_READDATA.md CURLOPT_READFUNCTION.md CURLOPT_REDIR_PROTOCOLS.md CURLOPT_REDIR_PROTOCOLS_STR.md CURLOPT_REFERER.md CURLOPT_REQUEST_TARGET.md CURLOPT_RESOLVE.md CURLOPT_RESOLVER_START_DATA.md CURLOPT_RESOLVER_START_FUNCTION.md CURLOPT_RESUME_FROM.md CURLOPT_RESUME_FROM_LARGE.md CURLOPT_RTSP_CLIENT_CSEQ.md CURLOPT_RTSP_REQUEST.md CURLOPT_RTSP_SERVER_CSEQ.md CURLOPT_RTSP_SESSION_ID.md CURLOPT_RTSP_STREAM_URI.md CURLOPT_RTSP_TRANSPORT.md CURLOPT_SASL_AUTHZID.md CURLOPT_SASL_IR.md CURLOPT_SEEKDATA.md CURLOPT_SEEKFUNCTION.md CURLOPT_SERVER_RESPONSE_TIMEOUT.md CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md CURLOPT_SERVICE_NAME.md CURLOPT_SHARE.md CURLOPT_SOCKOPTDATA.md CURLOPT_SOCKOPTFUNCTION.md CURLOPT_SOCKS5_AUTH.md CURLOPT_SOCKS5_GSSAPI_NEC.md CURLOPT_SOCKS5_GSSAPI_SERVICE.md CURLOPT_SSH_AUTH_TYPES.md CURLOPT_SSH_COMPRESSION.md CURLOPT_SSH_HOSTKEYDATA.md CURLOPT_SSH_HOSTKEYFUNCTION.md CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md CURLOPT_SSH_KEYDATA.md CURLOPT_SSH_KEYFUNCTION.md CURLOPT_SSH_KNOWNHOSTS.md CURLOPT_SSH_PRIVATE_KEYFILE.md CURLOPT_SSH_PUBLIC_KEYFILE.md CURLOPT_SSLCERT.md CURLOPT_SSLCERTTYPE.md CURLOPT_SSLCERT_BLOB.md CURLOPT_SSLENGINE.md CURLOPT_SSLENGINE_DEFAULT.md CURLOPT_SSLKEY.md CURLOPT_SSLKEYTYPE.md CURLOPT_SSLKEY_BLOB.md CURLOPT_SSLVERSION.md CURLOPT_SSL_CIPHER_LIST.md CURLOPT_SSL_CTX_DATA.md CURLOPT_SSL_CTX_FUNCTION.md CURLOPT_SSL_EC_CURVES.md CURLOPT_SSL_ENABLE_ALPN.md CURLOPT_SSL_ENABLE_NPN.md CURLOPT_SSL_FALSESTART.md CURLOPT_SSL_OPTIONS.md CURLOPT_SSL_SESSIONID_CACHE.md CURLOPT_SSL_SIGNATURE_ALGORITHMS.md CURLOPT_SSL_VERIFYHOST.md CURLOPT_SSL_VERIFYPEER.md CURLOPT_SSL_VERIFYSTATUS.md CURLOPT_STDERR.md CURLOPT_STREAM_DEPENDS.md CURLOPT_STREAM_DEPENDS_E.md CURLOPT_STREAM_WEIGHT.md CURLOPT_SUPPRESS_CONNECT_HEADERS.md CURLOPT_TCP_FASTOPEN.md CURLOPT_TCP_KEEPALIVE.md CURLOPT_TCP_KEEPCNT.md CURLOPT_TCP_KEEPIDLE.md CURLOPT_TCP_KEEPINTVL.md CURLOPT_TCP_NODELAY.md CURLOPT_TELNETOPTIONS.md CURLOPT_TFTP_BLKSIZE.md CURLOPT_TFTP_NO_OPTIONS.md CURLOPT_TIMECONDITION.md CURLOPT_TIMEOUT.md CURLOPT_TIMEOUT_MS.md CURLOPT_TIMEVALUE.md CURLOPT_TIMEVALUE_LARGE.md CURLOPT_TLS13_CIPHERS.md CURLOPT_TLSAUTH_PASSWORD.md CURLOPT_TLSAUTH_TYPE.md CURLOPT_TLSAUTH_USERNAME.md CURLOPT_TRAILERDATA.md CURLOPT_TRAILERFUNCTION.md CURLOPT_TRANSFERTEXT.md CURLOPT_TRANSFER_ENCODING.md CURLOPT_UNIX_SOCKET_PATH.md CURLOPT_UNRESTRICTED_AUTH.md CURLOPT_UPKEEP_INTERVAL_MS.md CURLOPT_UPLOAD.md CURLOPT_UPLOAD_BUFFERSIZE.md CURLOPT_UPLOAD_FLAGS.md CURLOPT_URL.md CURLOPT_USERAGENT.md CURLOPT_USERNAME.md CURLOPT_USERPWD.md CURLOPT_USE_SSL.md CURLOPT_VERBOSE.md CURLOPT_WILDCARDMATCH.md CURLOPT_WRITEDATA.md CURLOPT_WRITEFUNCTION.md CURLOPT_WS_OPTIONS.md CURLOPT_XFERINFODATA.md CURLOPT_XFERINFOFUNCTION.md CURLOPT_XOAUTH2_BEARER.md CURLSHOPT_LOCKFUNC.md CURLSHOPT_SHARE.md CURLSHOPT_UNLOCKFUNC.md CURLSHOPT_UNSHARE.md CURLSHOPT_USERDATA.md Makefile.am Makefile.inc
.gitignore ABI.md CMakeLists.txt Makefile.am Makefile.inc curl_easy_cleanup.md curl_easy_duphandle.md curl_easy_escape.md curl_easy_getinfo.md curl_easy_header.md curl_easy_init.md curl_easy_nextheader.md curl_easy_option_by_id.md curl_easy_option_by_name.md curl_easy_option_next.md curl_easy_pause.md curl_easy_perform.md curl_easy_recv.md curl_easy_reset.md curl_easy_send.md curl_easy_setopt.md curl_easy_ssls_export.md curl_easy_ssls_import.md curl_easy_strerror.md curl_easy_unescape.md curl_easy_upkeep.md curl_escape.md curl_formadd.md curl_formfree.md curl_formget.md curl_free.md curl_getdate.md curl_getenv.md curl_global_cleanup.md curl_global_init.md curl_global_init_mem.md curl_global_sslset.md curl_global_trace.md curl_mime_addpart.md curl_mime_data.md curl_mime_data_cb.md curl_mime_encoder.md curl_mime_filedata.md curl_mime_filename.md curl_mime_free.md curl_mime_headers.md curl_mime_init.md curl_mime_name.md curl_mime_subparts.md curl_mime_type.md curl_mprintf.md curl_multi_add_handle.md curl_multi_assign.md curl_multi_cleanup.md curl_multi_fdset.md curl_multi_get_handles.md curl_multi_get_offt.md curl_multi_info_read.md curl_multi_init.md curl_multi_notify_disable.md curl_multi_notify_enable.md curl_multi_perform.md curl_multi_poll.md curl_multi_remove_handle.md curl_multi_setopt.md curl_multi_socket.md curl_multi_socket_action.md curl_multi_socket_all.md curl_multi_strerror.md curl_multi_timeout.md curl_multi_wait.md curl_multi_waitfds.md curl_multi_wakeup.md curl_pushheader_byname.md curl_pushheader_bynum.md curl_share_cleanup.md curl_share_init.md curl_share_setopt.md curl_share_strerror.md curl_slist_append.md curl_slist_free_all.md curl_strequal.md curl_strnequal.md curl_unescape.md curl_url.md curl_url_cleanup.md curl_url_dup.md curl_url_get.md curl_url_set.md curl_url_strerror.md curl_version.md curl_version_info.md curl_ws_meta.md curl_ws_recv.md curl_ws_send.md curl_ws_start_frame.md libcurl-easy.md libcurl-env-dbg.md libcurl-env.md libcurl-errors.md libcurl-multi.md libcurl-security.md libcurl-share.md libcurl-thread.md libcurl-tutorial.md libcurl-url.md libcurl-ws.md libcurl.m4 libcurl.md mksymbolsmanpage.pl symbols-in-versions symbols.pl
tests CI.md FILEFORMAT.md HTTP.md TEST-SUITE.md
.gitignore ALTSVC.md BINDINGS.md BUG-BOUNTY.md BUGS.md CIPHERS-TLS12.md CIPHERS.md CMakeLists.txt CODE_OF_CONDUCT.md CODE_REVIEW.md CONTRIBUTE.md CURL-DISABLE.md CURLDOWN.md DEPRECATE.md DISTROS.md EARLY-RELEASE.md ECH.md EXPERIMENTAL.md FAQ.md FEATURES.md GOVERNANCE.md HELP-US.md HISTORY.md HSTS.md HTTP-COOKIES.md HTTP3.md HTTPSRR.md INFRASTRUCTURE.md INSTALL-CMAKE.md INSTALL.md INTERNALS.md IPFS.md KNOWN_BUGS.md KNOWN_RISKS.md MAIL-ETIQUETTE.md MANUAL.md Makefile.am README.md RELEASE-PROCEDURE.md ROADMAP.md RUSTLS.md SECURITY-ADVISORY.md SPONSORS.md SSL-PROBLEMS.md SSLCERTS.md THANKS THANKS-filter TODO.md TheArtOfHttpScripting.md URL-SYNTAX.md VERIFY.md VERSIONS.md VULN-DISCLOSURE-POLICY.md curl-config.md mk-ca-bundle.md options-in-versions runtests.md testcurl.md wcurl.md
include
curl Makefile.am curl.h curlver.h easy.h header.h mprintf.h multi.h options.h stdcheaders.h system.h typecheck-gcc.h urlapi.h websockets.h
Makefile.am README.md
lib
curlx base64.c base64.h basename.c basename.h dynbuf.c dynbuf.h fopen.c fopen.h inet_ntop.c inet_ntop.h inet_pton.c inet_pton.h multibyte.c multibyte.h nonblock.c nonblock.h snprintf.c snprintf.h strcopy.c strcopy.h strdup.c strdup.h strerr.c strerr.h strparse.c strparse.h timediff.c timediff.h timeval.c timeval.h version_win32.c version_win32.h wait.c wait.h warnless.c warnless.h winapi.c winapi.h
vauth cleartext.c cram.c digest.c digest.h digest_sspi.c gsasl.c krb5_gssapi.c krb5_sspi.c ntlm.c ntlm_sspi.c oauth2.c spnego_gssapi.c spnego_sspi.c vauth.c vauth.h
vquic curl_ngtcp2.c curl_ngtcp2.h curl_quiche.c curl_quiche.h vquic-tls.c vquic-tls.h vquic.c vquic.h vquic_int.h
vssh libssh.c libssh2.c ssh.h vssh.c vssh.h
vtls apple.c apple.h cipher_suite.c cipher_suite.h gtls.c gtls.h hostcheck.c hostcheck.h keylog.c keylog.h mbedtls.c mbedtls.h openssl.c openssl.h rustls.c rustls.h schannel.c schannel.h schannel_int.h schannel_verify.c vtls.c vtls.h vtls_int.h vtls_scache.c vtls_scache.h vtls_spack.c vtls_spack.h wolfssl.c wolfssl.h x509asn1.c x509asn1.h
.gitignore CMakeLists.txt Makefile.am Makefile.inc Makefile.soname altsvc.c altsvc.h amigaos.c amigaos.h arpa_telnet.h asyn-ares.c asyn-base.c asyn-thrdd.c asyn.h bufq.c bufq.h bufref.c bufref.h cf-dns.c cf-dns.h cf-h1-proxy.c cf-h1-proxy.h cf-h2-proxy.c cf-h2-proxy.h cf-haproxy.c cf-haproxy.h cf-https-connect.c cf-https-connect.h cf-ip-happy.c cf-ip-happy.h cf-socket.c cf-socket.h cfilters.c cfilters.h config-mac.h config-os400.h config-riscos.h config-win32.h conncache.c conncache.h connect.c connect.h content_encoding.c content_encoding.h cookie.c cookie.h creds.c creds.h cshutdn.c cshutdn.h curl_addrinfo.c curl_addrinfo.h curl_config-cmake.h.in curl_ctype.h curl_endian.c curl_endian.h curl_fnmatch.c curl_fnmatch.h curl_fopen.c curl_fopen.h curl_get_line.c curl_get_line.h curl_gethostname.c curl_gethostname.h curl_gssapi.c curl_gssapi.h curl_hmac.h curl_ldap.h curl_md4.h curl_md5.h curl_memrchr.c curl_memrchr.h curl_ntlm_core.c curl_ntlm_core.h curl_printf.h curl_range.c curl_range.h curl_sasl.c curl_sasl.h curl_setup.h curl_sha256.h curl_sha512_256.c curl_sha512_256.h curl_share.c curl_share.h curl_sspi.c curl_sspi.h curl_threads.c curl_threads.h curl_trc.c curl_trc.h cw-out.c cw-out.h cw-pause.c cw-pause.h dict.c dict.h dllmain.c dnscache.c dnscache.h doh.c doh.h dynhds.c dynhds.h easy.c easy_lock.h easygetopt.c easyif.h easyoptions.c easyoptions.h escape.c escape.h fake_addrinfo.c fake_addrinfo.h file.c file.h fileinfo.c fileinfo.h formdata.c formdata.h ftp-int.h ftp.c ftp.h ftplistparser.c ftplistparser.h functypes.h getenv.c getinfo.c getinfo.h gopher.c gopher.h hash.c hash.h headers.c headers.h hmac.c hostip.c hostip.h hostip4.c hostip6.c hsts.c hsts.h http.c http.h http1.c http1.h http2.c http2.h http_aws_sigv4.c http_aws_sigv4.h http_chunks.c http_chunks.h http_digest.c http_digest.h http_negotiate.c http_negotiate.h http_ntlm.c http_ntlm.h http_proxy.c http_proxy.h httpsrr.c httpsrr.h idn.c idn.h if2ip.c if2ip.h imap.c imap.h ldap.c libcurl.def libcurl.rc libcurl.vers.in llist.c llist.h macos.c macos.h md4.c md5.c memdebug.c mime.c mime.h mprintf.c mqtt.c mqtt.h multi.c multi_ev.c multi_ev.h multi_ntfy.c multi_ntfy.h multihandle.h multiif.h netrc.c netrc.h noproxy.c noproxy.h openldap.c optiontable.pl parsedate.c parsedate.h peer.c peer.h pingpong.c pingpong.h pop3.c pop3.h progress.c progress.h protocol.c protocol.h psl.c psl.h rand.c rand.h ratelimit.c ratelimit.h request.c request.h rtsp.c rtsp.h select.c select.h sendf.c sendf.h setopt.c setopt.h setup-os400.h setup-vms.h setup-win32.h sha256.c sigpipe.h slist.c slist.h smb.c smb.h smtp.c smtp.h sockaddr.h socketpair.c socketpair.h socks.c socks.h socks_gssapi.c socks_sspi.c splay.c splay.h strcase.c strcase.h strequal.c strerror.c strerror.h system_win32.c system_win32.h telnet.c telnet.h tftp.c tftp.h thrdpool.c thrdpool.h thrdqueue.c thrdqueue.h transfer.c transfer.h uint-bset.c uint-bset.h uint-hash.c uint-hash.h uint-spbset.c uint-spbset.h uint-table.c uint-table.h url.c url.h urlapi-int.h urlapi.c urldata.h version.c ws.c ws.h
m4 .gitignore curl-amissl.m4 curl-apple-sectrust.m4 curl-compilers.m4 curl-confopts.m4 curl-functions.m4 curl-gnutls.m4 curl-mbedtls.m4 curl-openssl.m4 curl-override.m4 curl-reentrant.m4 curl-rustls.m4 curl-schannel.m4 curl-sysconfig.m4 curl-wolfssl.m4 xc-am-iface.m4 xc-cc-check.m4 xc-lt-iface.m4 xc-val-flgs.m4 zz40-xc-ovr.m4 zz50-xc-ovr.m4
projects
OS400
rpg-examples HEADERAPI HTTPPOST INMEMORY SIMPLE1 SIMPLE2 SMTPSRCMBR
.checksrc README.OS400 ccsidcurl.c ccsidcurl.h config400.default curl.cmd curl.inc.in curlcl.c curlmain.c initscript.sh make-docs.sh make-include.sh make-lib.sh make-src.sh make-tests.sh makefile.sh os400sys.c os400sys.h
Windows
tmpl .gitattributes README.txt curl-all.sln curl.sln curl.vcxproj curl.vcxproj.filters libcurl.sln libcurl.vcxproj libcurl.vcxproj.filters
.gitignore README.md generate.bat
vms Makefile.am backup_gnv_curl_src.com build_curl-config_script.com build_gnv_curl.com build_gnv_curl_pcsi_desc.com build_gnv_curl_pcsi_text.com build_gnv_curl_release_notes.com build_libcurl_pc.com build_vms.com clean_gnv_curl.com compare_curl_source.com config_h.com curl_crtl_init.c curl_gnv_build_steps.txt curl_release_note_start.txt curl_startup.com curlmsg.h curlmsg.msg curlmsg.sdl curlmsg_vms.h generate_config_vms_h_curl.com generate_vax_transfer.com gnv_conftest.c_first gnv_curl_configure.sh gnv_libcurl_symbols.opt gnv_link_curl.com macro32_exactcase.patch make_gnv_curl_install.sh make_pcsi_curl_kit_name.com pcsi_gnv_curl_file_list.txt pcsi_product_gnv_curl.com readme report_openssl_version.c setup_gnv_curl_build.com stage_curl_install.com vms_eco_level.h
Makefile.am README.md
scripts .checksrc CMakeLists.txt Makefile.am badwords badwords-all badwords.txt cd2cd cd2nroff cdall checksrc-all.pl checksrc.pl cmakelint.sh completion.pl contributors.sh contrithanks.sh coverage.sh delta dmaketgz extract-unit-protos firefox-db2pem.sh installcheck.sh maketgz managen mdlinkcheck mk-ca-bundle.pl mk-unity.pl nroff2cd perlcheck.sh pythonlint.sh randdisable release-notes.pl release-tools.sh schemetable.c singleuse.pl spacecheck.pl top-complexity top-length verify-release wcurl
src
toolx tool_time.c tool_time.h
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc config2setopts.c config2setopts.h curl.rc curlinfo.c mk-file-embed.pl mkhelp.pl slist_wc.c slist_wc.h terminal.c terminal.h tool_cb_dbg.c tool_cb_dbg.h tool_cb_hdr.c tool_cb_hdr.h tool_cb_prg.c tool_cb_prg.h tool_cb_rea.c tool_cb_rea.h tool_cb_see.c tool_cb_see.h tool_cb_soc.c tool_cb_soc.h tool_cb_wrt.c tool_cb_wrt.h tool_cfgable.c tool_cfgable.h tool_dirhie.c tool_dirhie.h tool_doswin.c tool_doswin.h tool_easysrc.c tool_easysrc.h tool_filetime.c tool_filetime.h tool_findfile.c tool_findfile.h tool_formparse.c tool_formparse.h tool_getparam.c tool_getparam.h tool_getpass.c tool_getpass.h tool_help.c tool_help.h tool_helpers.c tool_helpers.h tool_hugehelp.h tool_ipfs.c tool_ipfs.h tool_libinfo.c tool_libinfo.h tool_listhelp.c tool_main.c tool_main.h tool_msgs.c tool_msgs.h tool_operate.c tool_operate.h tool_operhlp.c tool_operhlp.h tool_paramhlp.c tool_paramhlp.h tool_parsecfg.c tool_parsecfg.h tool_progress.c tool_progress.h tool_sdecls.h tool_setopt.c tool_setopt.h tool_setup.h tool_ssls.c tool_ssls.h tool_stderr.c tool_stderr.h tool_urlglob.c tool_urlglob.h tool_util.c tool_util.h tool_version.h tool_vms.c tool_vms.h tool_writeout.c tool_writeout.h tool_writeout_json.c tool_writeout_json.h tool_xattr.c tool_xattr.h var.c var.h
tests
certs .gitignore CMakeLists.txt Makefile.am Makefile.inc genserv.pl srp-verifier-conf srp-verifier-db test-ca.cnf test-ca.prm test-client-cert.prm test-client-eku-only.prm test-localhost-san-first.prm test-localhost-san-last.prm test-localhost.nn.prm test-localhost.prm test-localhost0h.prm
cmake CMakeLists.txt test.c test.cpp test.sh
data .gitignore DISABLED Makefile.am data-xml1 data1400.c data1401.c data1402.c data1403.c data1404.c data1405.c data1406.c data1407.c data1420.c data1461.txt data1463.txt data1465.c data1481.c data1705-1.md data1705-2.md data1705-3.md data1705-4.md data1705-stdout.1 data1706-1.md data1706-2.md data1706-3.md data1706-4.md data1706-stdout.txt data320.html test1 test10 test100 test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 test1008 test1009 test101 test1010 test1011 test1012 test1013 test1014 test1015 test1016 test1017 test1018 test1019 test102 test1020 test1021 test1022 test1023 test1024 test1025 test1026 test1027 test1028 test1029 test103 test1030 test1031 test1032 test1033 test1034 test1035 test1036 test1037 test1038 test1039 test104 test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 test1048 test1049 test105 test1050 test1051 test1052 test1053 test1054 test1055 test1056 test1057 test1058 test1059 test106 test1060 test1061 test1062 test1063 test1064 test1065 test1066 test1067 test1068 test1069 test107 test1070 test1071 test1072 test1073 test1074 test1075 test1076 test1077 test1078 test1079 test108 test1080 test1081 test1082 test1083 test1084 test1085 test1086 test1087 test1088 test1089 test109 test1090 test1091 test1092 test1093 test1094 test1095 test1096 test1097 test1098 test1099 test11 test110 test1100 test1101 test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 test111 test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 test112 test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 test1128 test1129 test113 test1130 test1131 test1132 test1133 test1134 test1135 test1136 test1137 test1138 test1139 test114 test1140 test1141 test1142 test1143 test1144 test1145 test1146 test1147 test1148 test1149 test115 test1150 test1151 test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 test116 test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 test1168 test1169 test117 test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 test1178 test1179 test118 test1180 test1181 test1182 test1183 test1184 test1185 test1186 test1187 test1188 test1189 test119 test1190 test1191 test1192 test1193 test1194 test1195 test1196 test1197 test1198 test1199 test12 test120 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 test1208 test1209 test121 test1210 test1211 test1212 test1213 test1214 test1215 test1216 test1217 test1218 test1219 test122 test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 test1228 test1229 test123 test1230 test1231 test1232 test1233 test1234 test1235 test1236 test1237 test1238 test1239 test124 test1240 test1241 test1242 test1243 test1244 test1245 test1246 test1247 test1248 test1249 test125 test1250 test1251 test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 test126 test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 test1268 test1269 test127 test1270 test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 test1279 test128 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 test1288 test1289 test129 test1290 test1291 test1292 test1293 test1294 test1295 test1296 test1297 test1298 test1299 test13 test130 test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 test1309 test131 test1310 test1311 test1312 test1313 test1314 test1315 test1316 test1317 test1318 test1319 test132 test1320 test1321 test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 test133 test1330 test1331 test1332 test1333 test1334 test1335 test1336 test1337 test1338 test1339 test134 test1340 test1341 test1342 test1343 test1344 test1345 test1346 test1347 test1348 test1349 test135 test1350 test1351 test1352 test1353 test1354 test1355 test1356 test1357 test1358 test1359 test136 test1360 test1361 test1362 test1363 test1364 test1365 test1366 test1367 test1368 test1369 test137 test1370 test1371 test1372 test1373 test1374 test1375 test1376 test1377 test1378 test1379 test138 test1380 test1381 test1382 test1383 test1384 test1385 test1386 test1387 test1388 test1389 test139 test1390 test1391 test1392 test1393 test1394 test1395 test1396 test1397 test1398 test1399 test14 test140 test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 test1408 test1409 test141 test1410 test1411 test1412 test1413 test1414 test1415 test1416 test1417 test1418 test1419 test142 test1420 test1421 test1422 test1423 test1424 test1425 test1426 test1427 test1428 test1429 test143 test1430 test1431 test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 test144 test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 test1448 test1449 test145 test1450 test1451 test1452 test1453 test1454 test1455 test1456 test1457 test1458 test1459 test146 test1460 test1461 test1462 test1463 test1464 test1465 test1466 test1467 test1468 test1469 test147 test1470 test1471 test1472 test1473 test1474 test1475 test1476 test1477 test1478 test1479 test148 test1480 test1481 test1482 test1483 test1484 test1485 test1486 test1487 test1488 test1489 test149 test1490 test1491 test1492 test1493 test1494 test1495 test1496 test1497 test1498 test1499 test15 test150 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 test1508 test1509 test151 test1510 test1511 test1512 test1513 test1514 test1515 test1516 test1517 test1518 test1519 test152 test1520 test1521 test1522 test1523 test1524 test1525 test1526 test1527 test1528 test1529 test153 test1530 test1531 test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 test154 test1540 test1541 test1542 test1543 test1544 test1545 test1546 test1547 test1548 test1549 test155 test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 test1558 test1559 test156 test1560 test1561 test1562 test1563 test1564 test1565 test1566 test1567 test1568 test1569 test157 test1570 test1571 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 test158 test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 test1588 test1589 test159 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 test1598 test1599 test16 test160 test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 test1608 test1609 test161 test1610 test1611 test1612 test1613 test1614 test1615 test1616 test1617 test1618 test1619 test162 test1620 test1621 test1622 test1623 test1624 test1625 test1626 test1627 test1628 test1629 test163 test1630 test1631 test1632 test1633 test1634 test1635 test1636 test1637 test1638 test1639 test164 test1640 test1641 test1642 test1643 test1644 test1645 test165 test1650 test1651 test1652 test1653 test1654 test1655 test1656 test1657 test1658 test1659 test166 test1660 test1661 test1662 test1663 test1664 test1665 test1666 test1667 test1668 test1669 test167 test1670 test1671 test1672 test1673 test1674 test1675 test1676 test168 test1680 test1681 test1682 test1683 test1684 test1685 test169 test17 test170 test1700 test1701 test1702 test1703 test1704 test1705 test1706 test1707 test1708 test1709 test171 test1710 test1711 test1712 test1713 test1714 test1715 test172 test1720 test1721 test173 test174 test175 test176 test177 test178 test179 test18 test180 test1800 test1801 test1802 test181 test182 test183 test184 test1847 test1848 test1849 test185 test1850 test1851 test186 test187 test188 test189 test19 test190 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 test1908 test1909 test191 test1910 test1911 test1912 test1913 test1914 test1915 test1916 test1917 test1918 test1919 test192 test1920 test1921 test193 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test194 test1940 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 test195 test1955 test1956 test1957 test1958 test1959 test196 test1960 test1964 test1965 test1966 test197 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 test1978 test1979 test198 test1980 test1981 test1982 test1983 test1984 test199 test2 test20 test200 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 test2008 test2009 test201 test2010 test2011 test2012 test2013 test2014 test202 test2023 test2024 test2025 test2026 test2027 test2028 test2029 test203 test2030 test2031 test2032 test2033 test2034 test2035 test2037 test2038 test2039 test204 test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 test2048 test2049 test205 test2050 test2051 test2052 test2053 test2054 test2055 test2056 test2057 test2058 test2059 test206 test2060 test2061 test2062 test2063 test2064 test2065 test2066 test2067 test2068 test2069 test207 test2070 test2071 test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 test208 test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 test2088 test2089 test209 test2090 test2091 test2092 test21 test210 test2100 test2101 test2102 test2103 test2104 test211 test212 test213 test214 test215 test216 test217 test218 test219 test22 test220 test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 test221 test222 test223 test224 test225 test226 test227 test228 test229 test23 test230 test2300 test2301 test2302 test2303 test2304 test2306 test2307 test2308 test2309 test231 test232 test233 test234 test235 test236 test237 test238 test239 test24 test240 test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 test2408 test2409 test241 test2410 test2411 test242 test243 test244 test245 test246 test247 test248 test249 test25 test250 test2500 test2501 test2502 test2503 test2504 test2505 test2506 test251 test252 test253 test254 test255 test256 test257 test258 test259 test26 test260 test2600 test2601 test2602 test2603 test2604 test2605 test261 test262 test263 test264 test265 test266 test267 test268 test269 test27 test270 test2700 test2701 test2702 test2703 test2704 test2705 test2706 test2707 test2708 test2709 test271 test2710 test2711 test2712 test2713 test2714 test2715 test2716 test2717 test2718 test2719 test272 test2720 test2721 test2722 test2723 test273 test274 test275 test276 test277 test278 test279 test28 test280 test281 test282 test283 test284 test285 test286 test287 test288 test289 test29 test290 test291 test292 test293 test294 test295 test296 test297 test298 test299 test3 test30 test300 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 test3008 test3009 test301 test3010 test3011 test3012 test3013 test3014 test3015 test3016 test3017 test3018 test3019 test302 test3020 test3021 test3022 test3023 test3024 test3025 test3026 test3027 test3028 test3029 test303 test3030 test3031 test3032 test3033 test3034 test3035 test3036 test304 test305 test306 test307 test308 test309 test31 test310 test3100 test3101 test3102 test3103 test3104 test3105 test3106 test311 test312 test313 test314 test315 test316 test317 test318 test319 test32 test320 test3200 test3201 test3202 test3203 test3204 test3205 test3206 test3207 test3208 test3209 test321 test3210 test3211 test3212 test3213 test3214 test3215 test3216 test3217 test3218 test3219 test322 test3220 test323 test324 test325 test326 test327 test328 test329 test33 test330 test3300 test3301 test3302 test331 test332 test333 test334 test335 test336 test337 test338 test339 test34 test340 test341 test342 test343 test344 test345 test346 test347 test348 test349 test35 test350 test351 test352 test353 test354 test355 test356 test357 test358 test359 test36 test360 test361 test362 test363 test364 test365 test366 test367 test368 test369 test37 test370 test371 test372 test373 test374 test375 test376 test378 test379 test38 test380 test381 test383 test384 test385 test386 test387 test388 test389 test39 test390 test391 test392 test393 test394 test395 test396 test397 test398 test399 test4 test40 test400 test4000 test4001 test401 test402 test403 test404 test405 test406 test407 test408 test409 test41 test410 test411 test412 test413 test414 test415 test416 test417 test418 test419 test42 test420 test421 test422 test423 test424 test425 test426 test427 test428 test429 test43 test430 test431 test432 test433 test434 test435 test436 test437 test438 test439 test44 test440 test441 test442 test443 test444 test445 test446 test447 test448 test449 test45 test450 test451 test452 test453 test454 test455 test456 test457 test458 test459 test46 test460 test461 test462 test463 test467 test468 test469 test47 test470 test471 test472 test473 test474 test475 test476 test477 test478 test479 test48 test480 test481 test482 test483 test484 test485 test486 test487 test488 test489 test49 test490 test491 test492 test493 test494 test495 test496 test497 test498 test499 test5 test50 test500 test501 test502 test503 test504 test505 test506 test507 test508 test509 test51 test510 test511 test512 test513 test514 test515 test516 test517 test518 test519 test52 test520 test521 test522 test523 test524 test525 test526 test527 test528 test529 test53 test530 test531 test532 test533 test534 test535 test536 test537 test538 test539 test54 test540 test541 test542 test543 test544 test545 test546 test547 test548 test549 test55 test550 test551 test552 test553 test554 test555 test556 test557 test558 test559 test56 test560 test561 test562 test563 test564 test565 test566 test567 test568 test569 test57 test570 test571 test572 test573 test574 test575 test576 test577 test578 test579 test58 test580 test581 test582 test583 test584 test585 test586 test587 test588 test589 test59 test590 test591 test592 test593 test594 test595 test596 test597 test598 test599 test6 test60 test600 test601 test602 test603 test604 test605 test606 test607 test608 test609 test61 test610 test611 test612 test613 test614 test615 test616 test617 test618 test619 test62 test620 test621 test622 test623 test624 test625 test626 test627 test628 test629 test63 test630 test631 test632 test633 test634 test635 test636 test637 test638 test639 test64 test640 test641 test642 test643 test644 test645 test646 test647 test648 test649 test65 test650 test651 test652 test653 test654 test655 test656 test658 test659 test66 test660 test661 test662 test663 test664 test665 test666 test667 test668 test669 test67 test670 test671 test672 test673 test674 test675 test676 test677 test678 test679 test68 test680 test681 test682 test683 test684 test685 test686 test687 test688 test689 test69 test690 test691 test692 test693 test694 test695 test696 test697 test698 test699 test7 test70 test700 test701 test702 test703 test704 test705 test706 test707 test708 test709 test71 test710 test711 test712 test713 test714 test715 test716 test717 test718 test719 test72 test720 test721 test722 test723 test724 test725 test726 test727 test728 test729 test73 test730 test731 test732 test733 test734 test735 test736 test737 test738 test739 test74 test740 test741 test742 test743 test744 test745 test746 test747 test748 test749 test75 test750 test751 test752 test753 test754 test755 test756 test757 test758 test759 test76 test760 test761 test762 test763 test764 test765 test766 test767 test768 test769 test77 test770 test771 test772 test773 test774 test775 test776 test777 test778 test779 test78 test780 test781 test782 test783 test784 test785 test786 test787 test788 test789 test79 test790 test791 test792 test793 test794 test795 test796 test797 test798 test799 test8 test80 test800 test801 test802 test803 test804 test805 test806 test807 test808 test809 test81 test810 test811 test812 test813 test814 test815 test816 test817 test818 test819 test82 test820 test821 test822 test823 test824 test825 test826 test827 test828 test829 test83 test830 test831 test832 test833 test834 test835 test836 test837 test838 test839 test84 test840 test841 test842 test843 test844 test845 test846 test847 test848 test849 test85 test850 test851 test852 test853 test854 test855 test856 test857 test858 test859 test86 test860 test861 test862 test863 test864 test865 test866 test867 test868 test869 test87 test870 test871 test872 test873 test874 test875 test876 test877 test878 test879 test88 test880 test881 test882 test883 test884 test885 test886 test887 test888 test889 test89 test890 test891 test892 test893 test894 test895 test896 test897 test898 test899 test9 test90 test900 test901 test902 test903 test904 test905 test906 test907 test908 test909 test91 test910 test911 test912 test913 test914 test915 test916 test917 test918 test919 test92 test920 test921 test922 test923 test924 test925 test926 test927 test928 test929 test93 test930 test931 test932 test933 test934 test935 test936 test937 test938 test939 test94 test940 test941 test942 test943 test944 test945 test946 test947 test948 test949 test95 test950 test951 test952 test953 test954 test955 test956 test957 test958 test959 test96 test960 test961 test962 test963 test964 test965 test966 test967 test968 test969 test97 test970 test971 test972 test973 test974 test975 test976 test977 test978 test979 test98 test980 test981 test982 test983 test984 test985 test986 test987 test988 test989 test99 test990 test991 test992 test993 test994 test995 test996 test997 test998 test999
http
testenv
mod_curltest .gitignore mod_curltest.c
__init__.py caddy.py certs.py client.py curl.py dante.py dnsd.py env.py httpd.py nghttpx.py ports.py sshd.py vsftpd.py ws_echo_server.py
.gitignore CMakeLists.txt Makefile.am config.ini.in conftest.py requirements.txt scorecard.py test_01_basic.py test_02_download.py test_03_goaway.py test_04_stuttered.py test_05_errors.py test_06_eyeballs.py test_07_upload.py test_08_caddy.py test_09_push.py test_10_proxy.py test_11_unix.py test_12_reuse.py test_13_proxy_auth.py test_14_auth.py test_15_tracing.py test_16_info.py test_17_ssl_use.py test_18_methods.py test_19_shutdown.py test_20_websockets.py test_21_resolve.py test_22_httpsrr.py test_30_vsftpd.py test_31_vsftpds.py test_32_ftps_vsftpd.py test_40_socks.py test_50_scp.py test_51_sftp.py
libtest .gitignore CMakeLists.txt Makefile.am Makefile.inc cli_ftp_upload.c cli_h2_pausing.c cli_h2_serverpush.c cli_h2_upgrade_extreme.c cli_hx_download.c cli_hx_upload.c cli_tls_session_reuse.c cli_upload_pausing.c cli_ws_data.c cli_ws_pingpong.c first.c first.h lib1156.c lib1301.c lib1308.c lib1485.c lib1500.c lib1501.c lib1502.c lib1506.c lib1507.c lib1508.c lib1509.c lib1510.c lib1511.c lib1512.c lib1513.c lib1514.c lib1515.c lib1517.c lib1518.c lib1520.c lib1522.c lib1523.c lib1525.c lib1526.c lib1527.c lib1528.c lib1529.c lib1530.c lib1531.c lib1532.c lib1533.c lib1534.c lib1535.c lib1536.c lib1537.c lib1538.c lib1540.c lib1541.c lib1542.c lib1545.c lib1549.c lib1550.c lib1551.c lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c lib1559.c lib1560.c lib1564.c lib1565.c lib1567.c lib1568.c lib1569.c lib1571.c lib1576.c lib1582.c lib1587.c lib1588.c lib1589.c lib1591.c lib1592.c lib1593.c lib1594.c lib1597.c lib1598.c lib1599.c lib1662.c lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c lib1908.c lib1910.c lib1911.c lib1912.c lib1913.c lib1915.c lib1916.c lib1918.c lib1919.c lib1920.c lib1921.c lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c lib1940.c lib1945.c lib1947.c lib1948.c lib1955.c lib1956.c lib1957.c lib1958.c lib1959.c lib1960.c lib1964.c lib1965.c lib1970.c lib1971.c lib1972.c lib1973.c lib1974.c lib1975.c lib1977.c lib1978.c lib2023.c lib2032.c lib2082.c lib2301.c lib2302.c lib2304.c lib2306.c lib2308.c lib2309.c lib2402.c lib2404.c lib2405.c lib2502.c lib2504.c lib2505.c lib2506.c lib2700.c lib3010.c lib3025.c lib3026.c lib3027.c lib3033.c lib3034.c lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c lib3207.c lib3208.c lib500.c lib501.c lib502.c lib503.c lib504.c lib505.c lib506.c lib507.c lib508.c lib509.c lib510.c lib511.c lib512.c lib513.c lib514.c lib515.c lib516.c lib517.c lib518.c lib519.c lib520.c lib521.c lib523.c lib524.c lib525.c lib526.c lib530.c lib533.c lib536.c lib537.c lib539.c lib540.c lib541.c lib542.c lib543.c lib544.c lib547.c lib549.c lib552.c lib553.c lib554.c lib555.c lib556.c lib557.c lib558.c lib559.c lib560.c lib562.c lib564.c lib566.c lib567.c lib568.c lib569.c lib570.c lib571.c lib572.c lib573.c lib574.c lib575.c lib576.c lib578.c lib579.c lib582.c lib583.c lib586.c lib589.c lib590.c lib591.c lib597.c lib598.c lib599.c lib643.c lib650.c lib651.c lib652.c lib653.c lib654.c lib655.c lib658.c lib659.c lib661.c lib666.c lib667.c lib668.c lib670.c lib674.c lib676.c lib677.c lib678.c lib694.c lib695.c lib751.c lib753.c lib757.c lib758.c lib766.c memptr.c mk-lib1521.pl test1013.pl test1022.pl test307.pl test610.pl test613.pl testtrace.c testtrace.h testutil.c testutil.h unitcheck.h
server .checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc dnsd.c first.c first.h getpart.c mqttd.c resolve.c rtspd.c sockfilt.c socksd.c sws.c tftpd.c util.c
tunit .gitignore CMakeLists.txt Makefile.am Makefile.inc README.md tool1394.c tool1604.c tool1621.c tool1622.c tool1623.c tool1720.c
unit .gitignore CMakeLists.txt Makefile.am Makefile.inc README.md unit1300.c unit1302.c unit1303.c unit1304.c unit1305.c unit1307.c unit1309.c unit1323.c unit1330.c unit1395.c unit1396.c unit1397.c unit1398.c unit1399.c unit1600.c unit1601.c unit1602.c unit1603.c unit1605.c unit1606.c unit1607.c unit1608.c unit1609.c unit1610.c unit1611.c unit1612.c unit1614.c unit1615.c unit1616.c unit1620.c unit1625.c unit1626.c unit1627.c unit1636.c unit1650.c unit1651.c unit1652.c unit1653.c unit1654.c unit1655.c unit1656.c unit1657.c unit1658.c unit1660.c unit1661.c unit1663.c unit1664.c unit1666.c unit1667.c unit1668.c unit1669.c unit1674.c unit1675.c unit1676.c unit1979.c unit1980.c unit2600.c unit2601.c unit2602.c unit2603.c unit2604.c unit2605.c unit3200.c unit3205.c unit3211.c unit3212.c unit3213.c unit3214.c unit3216.c unit3219.c unit3300.c unit3301.c unit3302.c
.gitignore CMakeLists.txt Makefile.am allversions.pm appveyor.pm azure.pm config.in configurehelp.pm.in devtest.pl dictserver.py directories.pm ech_combos.py ech_tests.sh ftpserver.pl getpart.pm globalconfig.pm http-server.pl http2-server.pl http3-server.pl memanalyze.pl memanalyzer.pm negtelnetserver.py nghttpx.conf pathhelp.pm processhelp.pm requirements.txt rtspserver.pl runner.pm runtests.pl secureserver.pl serverhelp.pm servers.pm smbserver.py sshhelp.pm sshserver.pl test1119.pl test1135.pl test1139.pl test1140.pl test1165.pl test1167.pl test1173.pl test1175.pl test1177.pl test1222.pl test1275.pl test1276.pl test1477.pl test1486.pl test1488.pl test1544.pl test1707.pl test745.pl test971.pl testcurl.pl testutil.pm tftpserver.pl util.py valgrind.pm valgrind.supp
.clang-tidy.yml .dir-locals.el .editorconfig .git-blame-ignore-revs .gitattributes .gitignore .mailmap CHANGES.md CMakeLists.txt COPYING Dockerfile GIT-INFO.md Makefile.am README README.md RELEASE-NOTES REUSE.toml SECURITY.md acinclude.m4 appveyor.sh appveyor.yml configure.ac curl-config.in libcurl.pc.in renovate.json
examples .env config.ini crypto_test.lua env_test.lua fs_example.lua http_server.lua https_test.lua ini_example.lua json.lua log.lua path_fs_example.lua process_example.lua request_download.lua request_test.lua run_all.lua sqlite_example.lua sqlite_http_template.lua stash_test.lua template_test.lua timer.lua websocket.lua
iniparser
.github
ISSUE_TEMPLATE config.yml
workflows disable-pull-requests.yml trigger-gitlab-ci.yml
cmake JoinPaths.cmake config.cmake.in pc.in
example iniexample.c iniwrite.c parse.c twisted-errors.ini twisted-genhuge.py twisted-ofkey.ini twisted-ofval.ini twisted.ini
src dictionary.c dictionary.h iniparser.c iniparser.h
test
ressources
bad_ini ends_well.ini twisted-errors.ini twisted-ofkey.ini twisted-ofval.ini
good_ini empty.ini spaced.ini spaced2.ini twisted.ini
gruezi.ini old.ini quotes.ini utf8.ini
CMakeLists.txt test_dictionary.c test_iniparser.c unity-config.yml unity_config.h
.cmake-format.py .gitignore .gitlab-ci.yml .gitmessage .travis.yml AUTHORS CMakeLists.txt FAQ-en.md FAQ-zhcn.md INSTALL LICENSE README.md compile_commands.json
jinjac
example CMakeLists.txt example.c
jinjac_test_app CMakeLists.txt jinjac_test_app.c
libjinjac
include jinjac.h
src CMakeLists.txt ast.c ast.h block_statement.c block_statement.h buffer.c buffer.h buildin.c buildin.h common.h convert.c convert.h flex_decl.h jfunction.c jfunction.h jinja_expression.l jinja_expression.y jinjac_parse.c jinjac_parse.h jinjac_stream.c jinjac_stream.h jlist.c jlist.h jobject.c jobject.h parameter.c parameter.h str_obj.c str_obj.h trace.c trace.h
CMakeLists.txt
test .gitignore CMakeLists.txt autotest.rb test_01.expected test_01.jinja test_01b.expected test_01b.jinja test_01c.expected test_01c.jinja test_01d.expected test_01d.jinja test_02.expected test_02.jinja test_03.expected test_03.jinja test_04.expected test_04.jinja test_05.expected test_05.jinja test_06.expected test_06.jinja test_07.expected test_07.jinja test_08.expected test_08.jinja test_08b.expected test_08b.jinja test_09.expected test_09.jinja test_10.expected test_10.jinja test_11.expected test_11.jinja test_12.expected test_12.jinja test_13.expected test_13.jinja test_14.expected test_14.jinja test_15.expected test_15.jinja test_16.expected test_16.jinja test_17.expected test_17.jinja test_18.expected test_18.jinja test_18b.expected test_18b.jinja test_18c.expected test_18c.jinja test_19.expected test_19.jinja test_19b.expected test_19b.jinja test_19c.expected test_19c.jinja test_19d.expected test_19d.jinja test_19e.expected test_19e.jinja test_19f.expected test_19f.jinja test_20.expected test_20.jinja test_21.expected test_21.jinja test_22.expected test_22.jinja test_22a.expected test_22a.jinja test_22b.expected test_22b.jinja test_23.expected test_23.jinja test_24.expected test_24.jinja
.gitignore CMakeLists.txt LICENSE.txt README.md build_coverage.sh build_debug.sh build_release.sh cppcheck_analysis.sh
libev Changes LICENSE Makefile Makefile.am Makefile.in README Symbols.ev Symbols.event aclocal.m4 autogen.sh compile config.guess config.h config.h.in config.status config.sub configure configure.ac depcomp ev++.h ev.3 ev.c ev.h ev.pod ev_epoll.c ev_kqueue.c ev_poll.c ev_port.c ev_select.c ev_vars.h ev_win32.c ev_wrap.h event.c event.h install-sh libev.m4 libtool ltmain.sh missing mkinstalldirs stamp-h1
luajit
doc
img contact.png
bluequad-print.css bluequad.css contact.html ext_buffer.html ext_c_api.html ext_ffi.html ext_ffi_api.html ext_ffi_semantics.html ext_ffi_tutorial.html ext_jit.html ext_profiler.html extensions.html install.html luajit.html running.html
dynasm dasm_arm.h dasm_arm.lua dasm_arm64.h dasm_arm64.lua dasm_mips.h dasm_mips.lua dasm_mips64.lua dasm_ppc.h dasm_ppc.lua dasm_proto.h dasm_x64.lua dasm_x86.h dasm_x86.lua dynasm.lua
etc luajit.1 luajit.pc
src
host .gitignore README buildvm.c buildvm.h buildvm_asm.c buildvm_fold.c buildvm_lib.c buildvm_libbc.h buildvm_peobj.c genlibbc.lua genminilua.lua genversion.lua minilua.c
jit .gitignore bc.lua bcsave.lua dis_arm.lua dis_arm64.lua dis_arm64be.lua dis_mips.lua dis_mips64.lua dis_mips64el.lua dis_mips64r6.lua dis_mips64r6el.lua dis_mipsel.lua dis_ppc.lua dis_x64.lua dis_x86.lua dump.lua p.lua v.lua zone.lua
.gitignore Makefile Makefile.dep lauxlib.h lib_aux.c lib_base.c lib_bit.c lib_buffer.c lib_debug.c lib_ffi.c lib_init.c lib_io.c lib_jit.c lib_math.c lib_os.c lib_package.c lib_string.c lib_table.c lj_alloc.c lj_alloc.h lj_api.c lj_arch.h lj_asm.c lj_asm.h lj_asm_arm.h lj_asm_arm64.h lj_asm_mips.h lj_asm_ppc.h lj_asm_x86.h lj_assert.c lj_bc.c lj_bc.h lj_bcdump.h lj_bcread.c lj_bcwrite.c lj_buf.c lj_buf.h lj_carith.c lj_carith.h lj_ccall.c lj_ccall.h lj_ccallback.c lj_ccallback.h lj_cconv.c lj_cconv.h lj_cdata.c lj_cdata.h lj_char.c lj_char.h lj_clib.c lj_clib.h lj_cparse.c lj_cparse.h lj_crecord.c lj_crecord.h lj_ctype.c lj_ctype.h lj_debug.c lj_debug.h lj_def.h lj_dispatch.c lj_dispatch.h lj_emit_arm.h lj_emit_arm64.h lj_emit_mips.h lj_emit_ppc.h lj_emit_x86.h lj_err.c lj_err.h lj_errmsg.h lj_ff.h lj_ffrecord.c lj_ffrecord.h lj_frame.h lj_func.c lj_func.h lj_gc.c lj_gc.h lj_gdbjit.c lj_gdbjit.h lj_ir.c lj_ir.h lj_ircall.h lj_iropt.h lj_jit.h lj_lex.c lj_lex.h lj_lib.c lj_lib.h lj_load.c lj_mcode.c lj_mcode.h lj_meta.c lj_meta.h lj_obj.c lj_obj.h lj_opt_dce.c lj_opt_fold.c lj_opt_loop.c lj_opt_mem.c lj_opt_narrow.c lj_opt_sink.c lj_opt_split.c lj_parse.c lj_parse.h lj_prng.c lj_prng.h lj_profile.c lj_profile.h lj_record.c lj_record.h lj_serialize.c lj_serialize.h lj_snap.c lj_snap.h lj_state.c lj_state.h lj_str.c lj_str.h lj_strfmt.c lj_strfmt.h lj_strfmt_num.c lj_strscan.c lj_strscan.h lj_tab.c lj_tab.h lj_target.h lj_target_arm.h lj_target_arm64.h lj_target_mips.h lj_target_ppc.h lj_target_x86.h lj_trace.c lj_trace.h lj_traceerr.h lj_udata.c lj_udata.h lj_vm.h lj_vmevent.c lj_vmevent.h lj_vmmath.c ljamalg.c lua.h lua.hpp luaconf.h luajit.c luajit_rolling.h lualib.h msvcbuild.bat nxbuild.bat ps4build.bat ps5build.bat psvitabuild.bat vm_arm.dasc vm_arm64.dasc vm_mips.dasc vm_mips64.dasc vm_ppc.dasc vm_x64.dasc vm_x86.dasc xb1build.bat xedkbuild.bat
.gitattributes .gitignore .relver COPYRIGHT Makefile README
sqlite shell.c sqlite3.c sqlite3.h sqlite3ext.h
wolfssl
.github
ISSUE_TEMPLATE bug_report.yaml other.yaml
actions
install-apt-deps action.yml
scripts
zephyr-4.x external_libc.conf zephyr-test.sh
openssl-ech.sh tls-anvil-test.sh
workflows
disabled haproxy.yml hitch.yml hostap.yml
hostap-files
configs
07c9f183ea744ac04585fb6dd10220c75a5e2e74 hostapd.config tests wpa_supplicant.config
b607d2723e927a3446d89aed813f1aa6068186bb hostapd.config tests wpa_supplicant.config
hostap_2_10 extra.patch hostapd.config tests wpa_supplicant.config
Makefile README dbus-wpa_supplicant.conf
ada.yml arduino.yml async-examples.yml async.yml atecc608-sim.yml bind.yml cmake-autoconf.yml cmake.yml codespell.yml coverity-scan-fixes.yml cryptocb-only.yml curl.yml cyrus-sasl.yml disable-pk-algs.yml docker-Espressif.yml docker-OpenWrt.yml emnet-nonblock.yml fil-c.yml freertos-mem-track.yml gencertbuf.yml grpc.yml haproxy.yml hostap-vm.yml intelasm-c-fallback.yml ipmitool.yml jwt-cpp.yml krb5.yml libspdm.yml libssh2.yml libvncserver.yml linuxkm.yml macos-apple-native-cert-validation.yml mbedtls.sh mbedtls.yml membrowse-comment.yml membrowse-onboard.yml membrowse-report.yml memcached.sh memcached.yml mono.yml mosquitto.yml msmtp.yml msys2.yml multi-arch.yml multi-compiler.yml net-snmp.yml nginx.yml no-malloc.yml no-tls.yml nss.sh nss.yml ntp.yml ocsp.yml openldap.yml openssh.yml openssl-ech.yml opensslcoexist.yml openvpn.yml os-check.yml packaging.yml pam-ipmi.yml pq-all.yml pr-commit-check.yml psk.yml puf.yml python.yml rng-tools.yml rust-wrapper.yml se050-sim.yml smallStackSize.yml socat.yml softhsm.yml sssd.yml stm32-sim.yml stsafe-a120-sim.yml stunnel.yml symbol-prefixes.yml threadx.yml tls-anvil.yml trackmemory.yml watcomc.yml win-csharp-test.yml wolfCrypt-Wconversion.yml wolfboot-integration.yml wolfsm.yml xcode.yml zephyr-4.x.yml zephyr.yml
PULL_REQUEST_TEMPLATE.md SECURITY.md membrowse-targets.json
Docker
OpenWrt Dockerfile README.md runTests.sh
packaging
debian Dockerfile
fedora Dockerfile
wolfCLU Dockerfile README.md
yocto Dockerfile buildAndPush.sh
Dockerfile Dockerfile.cross-compiler README.md buildAndPush.sh include.am run.sh
IDE
ARDUINO
sketches
wolfssl_client README.md
wolfssl_server README.md
wolfssl_version README.md
README.md
Arduino_README_prepend.md README.md include.am keywords.txt library.properties.template wolfssl-arduino.cpp wolfssl-arduino.sh wolfssl.h
AURIX Cpu0_Main.c README.md include.am user_settings.h wolf_main.c
Android Android.bp README.md include.am user_settings.h
CRYPTOCELL README.md include.am main.c user_settings.h
CSBENCH include.am user_settings.h
ECLIPSE
DEOS
deos_wolfssl .options
README.md deos_malloc.c include.am tls_wolfssl.c tls_wolfssl.h user_settings.h
MICRIUM README.md client_wolfssl.c client_wolfssl.h include.am server_wolfssl.c server_wolfssl.h user_settings.h wolfsslRunTests.c
RTTHREAD README.md include.am user_settings.h wolfssl_test.c
SIFIVE README.md include.am
Espressif
ESP-IDF
examples
template
VisualGDB wolfssl_template_IDF_v5.1_ESP32.vgdbproj
components
wolfssl
include user_settings.h
CMakeLists.txt Kconfig README.md component.mk
main
include main.h
CMakeLists.txt Kconfig.projbuild component.mk main.c
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266
wolfssl_benchmark
VisualGDB wolfssl_benchmark_IDF_v4.4_ESP32.sln wolfssl_benchmark_IDF_v4.4_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32.sln wolfssl_benchmark_IDF_v5_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32C3.sln wolfssl_benchmark_IDF_v5_ESP32C3.vgdbproj wolfssl_benchmark_IDF_v5_ESP32S3.sln wolfssl_benchmark_IDF_v5_ESP32S3.vgdbproj
components
wolfssl
include user_settings.h
CMakeLists.txt Kconfig README.md component.mk
main
include main.h
CMakeLists.txt Kconfig.projbuild component.mk main.c
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266
wolfssl_client
VisualGDB README.md wolfssl_client_IDF_v5_ESP32.sln wolfssl_client_IDF_v5_ESP32.vgdbproj
components
wolfssl
include user_settings.h
CMakeLists.txt Kconfig README.md component.mk
main
include client-tls.h main.h time_helper.h wifi_connect.h
CMakeLists.txt Kconfig.projbuild client-tls.c component.mk main.c time_helper.c wifi_connect.c
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_client_ESP8266.vgdbproj
wolfssl_server
VisualGDB README.md wolfssl_server_IDF_v5_ESP32.sln wolfssl_server_IDF_v5_ESP32.vgdbproj
components
wolfssl
include user_settings.h
CMakeLists.txt Kconfig README.md component.mk
main
include main.h server-tls.h time_helper.h wifi_connect.h
CMakeLists.txt Kconfig.projbuild component.mk main.c server-tls.c time_helper.c wifi_connect.c
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_server_ESP8266.vgdbproj
wolfssl_test
VisualGDB wolfssl_test-IDF_v5_ESP32.sln wolfssl_test-IDF_v5_ESP32.vgdbproj wolfssl_test-IDF_v5_ESP32C3.sln wolfssl_test-IDF_v5_ESP32C3.vgdbproj wolfssl_test-IDF_v5_ESP32C6.sln wolfssl_test-IDF_v5_ESP32C6.vgdbproj wolfssl_test_IDF_v5_ESP32S3.sln wolfssl_test_IDF_v5_ESP32S3.vgdbproj
components
wolfssl
include user_settings.h
CMakeLists.txt Kconfig README.md component.mk
main
include main.h
CMakeLists.txt Kconfig.projbuild component.mk main.c
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32 sdkconfig.defaults.esp32c3 sdkconfig.defaults.esp32c6 sdkconfig.defaults.esp32h2 sdkconfig.defaults.esp32s2 sdkconfig.defaults.esp32s3 sdkconfig.defaults.esp8266 testAll.sh testMonitor.sh wolfssl_test_ESP8266.sln wolfssl_test_ESP8266.vgdbproj
wolfssl_test_idf
VisualGDB VisualGDB_wolfssl_test_idf.sln VisualGDB_wolfssl_test_idf.vgdbproj
main CMakeLists.txt Kconfig.projbuild component.mk main.c main_wip.c.ex time_helper.c time_helper.h
CMakeLists.txt Kconfig.projbuild README.md component.mk sdkconfig.defaults
README.md
libs CMakeLists.txt README.md component.mk tigard.cfg
test CMakeLists.txt README.md component.mk test_wolfssl.c
README.md README_32se.md UPDATE.md compileAllExamples.sh dummy_config_h dummy_test_paths.h setup.sh setup_win.bat user_settings.h
README.md include.am
GCC-ARM
Header user_settings.h
Source armtarget.c benchmark_main.c test_main.c tls_client.c tls_server.c wolf_main.c
Makefile Makefile.bench Makefile.client Makefile.common Makefile.server Makefile.static Makefile.test README.md include.am linker.ld linker_fips.ld
Gaisler-BCC README.md include.am
HEXAGON
DSP Makefile wolfssl_dsp.idl
Makefile README.md build.sh ecc-verify-benchmark.c ecc-verify.c include.am user_settings.h
HEXIWEAR
wolfSSL_HW .cwGeneratedFileSetLog user_settings.h
IAR-EWARM
Projects
benchmark benchmark-main.c current_time.c wolfCrypt-benchmark.ewd wolfCrypt-benchmark.ewp
common minimum-startup.c wolfssl.icf
lib wolfSSL-Lib.ewd wolfSSL-Lib.ewp
test test-main.c wolfCrypt-test.ewd wolfCrypt-test.ewp
user_settings.h wolfssl.eww
embOS
SAMV71_XULT
embOS_SAMV71_XULT_Linker_Script samv71q21_wolfssl.icf
embOS_SAMV71_XULT_user_settings user_settings.h user_settings_simple_example.h user_settings_verbose_example.h
embOS_wolfcrypt_benchmark_SAMV71_XULT
Application runBenchmarks.c
README_wolfcrypt_benchmark wolfcrypt_benchmark.ewd wolfcrypt_benchmark.ewp
embOS_wolfcrypt_lib_SAMV71_XULT README_wolfcrypt_lib wolfcrypt_lib.ewd wolfcrypt_lib.ewp
embOS_wolfcrypt_test_SAMV71_XULT
Application runWolfcryptTests.c
README_wolfcrypt_test wolfcrypt_test.ewd wolfcrypt_test.ewp
README_SAMV71
custom_port
custom_port_Linker_Script samv71q21_wolfssl.icf
custom_port_user_settings user_settings.h
wolfcrypt_benchmark_custom_port
Application runBenchmarks.c
wolfcrypt_test_custom_port
Application runWolfcryptTests.c
README_custom_port
extract_trial_here README_extract_trial_here
README
.gitignore README
IAR-MSP430 Makefile README.md include.am main.c user_settings.h
INTIME-RTOS Makefile README.md include.am libwolfssl.c libwolfssl.vcxproj user_settings.h wolfExamples.c wolfExamples.h wolfExamples.sln wolfExamples.vcxproj wolfssl-lib.sln wolfssl-lib.vcxproj
Infineon README.md include.am user_settings.h
KDS
config user_settings.h
include.am
LINUX-SGX README.md build.sh clean.sh include.am sgx_t_static.mk
LPCXPRESSO
lib_wolfssl lpc_18xx_port.c user_settings.h
wolf_example
src lpc_18xx_startup.c wolfssl_example.c
readme.txt
README.md
M68K
benchmark Makefile main.cpp
testwolfcrypt Makefile main.cpp
Makefile README.md include.am user_settings.h
MCUEXPRESSO
RT1170 fsl_caam_c.patch fsl_caam_h.patch user_settings.h
benchmark
source run_benchmark.c
wolfssl liblinks.xml
README.md include.am user_settings.h wolfcrypt_test.c
MDK-ARM
LPC43xx time-LCP43xx.c
MDK-ARM
wolfSSL Retarget.c cert_data.c cert_data.h config-BARE-METAL.h config-FS.h config-RTX-TCP-FS.h config-WOLFLIB.h main.c shell.c time-CortexM3-4.c time-dummy.c wolfssl_MDK_ARM.c wolfssl_MDK_ARM.h
STM32F2xx_StdPeriph_Lib time-STM32F2xx.c
MDK5-ARM
Conf user_settings.h
Inc wolfssl_MDK_ARM.h
Projects
CryptBenchmark Abstract.txt CryptBenchmark.sct CryptBenchmark.uvoptx CryptBenchmark.uvprojx main.c
CryptTest Abstract.txt CryptTest.sct CryptTest.uvoptx CryptTest.uvprojx main.c
EchoClient Abstract.txt EchoClient.uvoptx EchoClient.uvprojx main.c wolfssl-link.sct
EchoServer Abstract.txt EchoServer.uvoptx EchoServer.uvprojx main.c wolfssl-link.sct
SimpleClient Abstract.txt SimpleClient.uvoptx SimpleClient.uvprojx main.c wolfssl-link.sct
SimpleServer Abstract.txt SimpleServer.uvoptx SimpleServer.uvprojx main.c wolfssl-link.sct
wolfSSL-Full Abstract.txt main.c shell.c time-CortexM3-4.c wolfsslFull.uvoptx wolfsslFull.uvprojx
wolfSSL-Lib Abstract.txt wolfSSL-Lib.uvoptx wolfSSL-Lib.uvprojx
Src ssl-dummy.c
README.md include.am
MPLABX16
wolfcrypt_test.X
nbproject
private configurations.xml private.xml
configurations.xml include.am project.xml
Makefile
wolfssl.X
nbproject configurations.xml include.am project.xml
Makefile
README.md include.am main.c user_settings.h
MQX Makefile README-jp.md README.md client-tls.c include.am server-tls.c user_config.h user_settings.h
MSVS-2019-AZSPHERE
client client.c client.h
server server.c server.h
shared util.h
wolfssl_new_azsphere
HardwareDefinitions
avnet_mt3620_sk
inc
hw template_appliance.h
template_appliance.json
mt3620_rdb
inc
hw template_appliance.h
template_appliance.json
seeed_mt3620_mdb
inc
hw template_appliance.h
template_appliance.json
.gitignore CMakeLists.txt CMakeSettings.json app_manifest.json applibs_versions.h launch.vs.json main.c
README.md include.am user_settings.h
MYSQL CMakeLists_wolfCrypt.txt CMakeLists_wolfSSL.txt do.sh
NDS README.md
NETOS Makefile.wolfcrypt.inc README.md include.am user_settings.h user_settings.h-cert2425 user_settings.h-cert3389 wolfssl_netos_custom.c
OPENSTM32 README.md
PlatformIO
examples
wolfssl_benchmark
include README main.h
lib README
src CMakeLists.txt main.c
test README
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_benchmark.code-workspace
wolfssl_test
include README main.h
lib README
src CMakeLists.txt main.c
test README
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_test.code-workspace
README.md wolfssl_platformio.code-workspace
README.md include.am
QNX
CAAM-DRIVER Makefile
example-client Makefile client-tls.c
example-cmac Makefile cmac-test.c
example-server Makefile server-tls.c
testwolfcrypt Makefile
wolfssl Makefile user_settings.h
README.md include.am
RISCV
SIFIVE-HIFIVE1 Makefile README.md include.am main.c user_settings.h
SIFIVE-UNLEASHED README.md include.am
include.am
ROWLEY-CROSSWORKS-ARM Kinetis_FlashPlacement.xml README.md arm_startup.c benchmark_main.c hw.h include.am kinetis_hw.c retarget.c test_main.c user_settings.h wolfssl.hzp wolfssl_ltc.hzp
Renesas
cs+
Projects
common strings.h unistd.h user_settings.h wolfssl_dummy.c
t4_demo README_en.txt README_jp.txt t4_demo.mtpj wolf_client.c wolf_demo.h wolf_main.c wolf_server.c
test test.mtpj test_main.c
wolfssl_lib wolfssl_lib.mtpj
README include.am
e2studio
DK-S7G2
benchmark-template
src app_entry.c
example_server-template
src app_entry.c
wolfcrypttest-template
src app_entry.c
wolfssl-template-project configuration.xml
README.md include.am user_settings.h
Projects
common strings.h unistd.h user_settings.h wolfssl_dummy.c
test
src key_data.c key_data.h test_main.c wolf_client.c wolf_server.c wolfssl_demo.h
tools generate_rsa_keypair.sh genhexbuf.pl rsa_pss_sign.sh
wolfssl
src .gitkeep
wolfcrypt
src .gitkeep
README include.am
RA6M3
benchmark-wolfcrypt
common .gitkeep
script .gitkeep
src wolfssl_thread_entry.c
client-wolfssl
common
src .gitkeep
script .gitkeep
src wolfssl_thread_entry.c
wolfssl_thread_entry.h
common
ra6m3g README.md
src freertos_tcp_port.c
user_settings.h util.h
server-wolfssl
common
src .gitkeep
script .gitkeep
src wolfssl_thread_entry.c
wolfssl_thread_entry.h
test-wolfcrypt
common .gitkeep
script .gitkeep
src wolfssl_thread_entry.c
wolfssl
src .gitkeep
wolfcrypt .gitkeep
README.md README_APRA6M_en.md README_APRA6M_jp.md include.am
RA6M3G README.md
RA6M4
common user_settings.h wolfssl_demo.h
test
key_data key_data.h key_data_sce.c
src
SEGGER_RTT myprint.c
common .gitignore
test_main.c wolf_client.c wolfssl_sce_unit_test.c
test_RA6M4Debug.launch
tools
example_keys generate_SignedCA.sh rsa_private.pem rsa_public.pem
README.md
README.md include.am
RX65N
GR-ROSE
common strings.h unistd.h user_settings.h wolfssl_dummy.c
smc smc.scfg
test
src key_data.c key_data.h test_main.c wolf_client.c wolf_server.c wolfssl_demo.h
test.rcpc test_HardwareDebug.launch
tools
example_keys generate_SignedCA.sh rsa_private.pem rsa_public.pem
README.md
wolfssl wolfssl.rcpc
README_EN.md README_JP.md include.am
RSK
resource section.esi
wolfssl wolfssl.rcpc
wolfssl_demo key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h
InstructionManualForExample_RSK+RX65N-2MB_EN.pdf InstructionManualForExample_RSK+RX65N-2MB_JP.pdf README_EN.md README_JP.md include.am
RX72N
EnvisionKit
Simple
common sectioninfo.esi wolfssl_dummy.c
test
src
client simple_tcp_client.c simple_tls_tsip_client.c
server simple_tcp_server.c simple_tls_server.c
test_main.c wolfssl_simple_demo.h
test.rcpc test.scfg test_HardwareDebug.launch
wolfssl wolfssl.rcpc
README_EN.md README_JP.md
resource section.esi
tools
example_keys generate_SignedCA.sh rsa_private.pem rsa_public.pem
README.md
wolfssl wolfssl.rcpc
wolfssl_demo key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h wolfssl_tsip_unit_test.c
InstructionManualForExample_RX72N_EnvisonKit_EN.pdf InstructionManualForExample_RX72N_EnvisonKit_JP.pdf README_EN.md README_JP.md include.am
RZN2L
common user_settings.h wolfssl_demo.h
test
src
serial_io app_print.c
test wolf_client.c wolf_server.c wolfssl_rsip_unit_test.c
wolfCrypt .gitignore
wolfSSL .gitignore
local_system_init.c rzn2l_tst_thread_entry.c wolfssl_dummy.c
README.md include.am
SK-S7G2
common user_settings.h
wolfssl_lib configuration.xml
.gitignore README.md include.am
STARCORE README.txt include.am starcore_test.c user_settings.h
STM32Cube README.md STM32_Benchmarks.md default_conf.ftl include.am main.c wolfssl_example.c wolfssl_example.h
SimplicityStudio README.md include.am test_wolf.c user_settings.h
TRUESTUDIO
wolfssl user_settings.h
README include.am
VS-ARM README.md include.am user_settings.h wolfssl.sln wolfssl.vcxproj
VS-AZURE-SPHERE
client app_manifest.json client.c client.h client.vcxproj
server app_manifest.json server.c server.h server.vcxproj
shared util.h
wolfcrypt_test app_manifest.json wolfcrypt_test.vcxproj
README.md include.am user_settings.h wolfssl.sln wolfssl.vcxproj
VisualDSP include.am user_settings.h wolf_tasks.c
WICED-STUDIO README include.am user_settings.h
WIN README.txt include.am test.vcxproj user_settings.h user_settings_dtls.h wolfssl-fips.sln wolfssl-fips.vcxproj
WIN-SGX ReadMe.txt include.am wolfSSL_SGX.edl wolfSSL_SGX.sln wolfSSL_SGX.vcxproj
WIN-SRTP-KDF-140-3 README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxproj
WIN10 README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxproj
WINCE README.md include.am user_settings.h user_settings.h.140-2-deprecated
WORKBENCH README.md include.am
XCODE
Benchmark
wolfBench
Assets.xcassets
AppIcon.appiconset Contents.json
Base.lproj LaunchScreen.storyboard Main.storyboard
AppDelegate.h AppDelegate.m Info.plist ViewController.h ViewController.m main.m
wolfBench.xcodeproj project.pbxproj
include.am
wolfssl-FIPS.xcodeproj project.pbxproj
wolfssl.xcodeproj project.pbxproj
wolfssl_testsuite.xcodeproj project.pbxproj
README.md build-for-i386.sh include.am user_settings.h
XCODE-FIPSv2
macOS-C++
Intel user_settings.h
M1 user_settings.h
include.am user_settings.h
XCODE-FIPSv5 README include.am user_settings.h
XCODE-FIPSv6 README include.am user_settings.h
XilinxSDK
2018_2 lscript.ld
2019_2
wolfCrypt_example
src lscript.ld
wolfCrypt_example_system wolfCrypt_example_system.sprj
2022_1
wolfCrypt_FreeRTOS_example wolfCrypt_FreeRTOS_example.prj
wolfCrypt_FreeRTOS_example_system wolfCrypt_FreeRTOS_example_system.sprj
wolfCrypt_example wolfCrypt_example.prj
wolfCrypt_example_system wolfCrypt_example_system.sprj
.gitignore
README.md bench.sh combine.sh eclipse_formatter_profile.xml graph.sh include.am user_settings.h wolfssl_example.c
apple-universal
wolfssl-multiplatform
wolfssl-multiplatform
Assets.xcassets
AccentColor.colorset Contents.json
AppIcon.appiconset Contents.json
Contents.json
ContentView.swift simple_client_example.c simple_client_example.h wolfssl-multiplatform-Bridging-Header.h wolfssl_multiplatform.entitlements wolfssl_multiplatformApp.swift wolfssl_test_driver.c wolfssl_test_driver.h
wolfssl-multiplatform.xcodeproj project.pbxproj
.gitignore README.md build-wolfssl-framework.sh include.am
iotsafe Makefile README.md ca-cert.c devices.c devices.h include.am main.c memory-tls.c startup.c target.ld user_settings.h
iotsafe-raspberrypi Makefile README.md client-tls13.c include.am main.c
mynewt README.md apps.wolfcrypttest.pkg.yml crypto.wolfssl.pkg.yml crypto.wolfssl.syscfg.yml include.am setup.sh
zephyr README.md include.am
include.am
RTOS
nuttx
wolfssl .gitignore Kconfig Make.defs Makefile README.md setup-wolfssl.sh user_settings.h
include.am
bsdkm Makefile README.md bsdkm_wc_port.h include.am wolfkmod.c wolfkmod_aes.c x86_vecreg.c
certs
1024 ca-cert.der ca-cert.pem ca-key.der ca-key.pem client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der dh1024.der dh1024.pem dsa-pub-1024.pem dsa1024.der dsa1024.pem include.am rsa1024.der server-cert.der server-cert.pem server-key.der server-key.pem
3072 client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der include.am
4096 client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der include.am
acert
rsa_pss acert.pem acert_ietf.pem acert_ietf_pubkey.pem acert_pubkey.pem
acert.pem acert_ietf.pem acert_ietf_pubkey.pem acert_pubkey.pem include.am
aia ca-issuers-cert.pem multi-aia-cert.pem overflow-aia-cert.pem
crl
extra-crls ca-int-cert-revoked.pem claim-root.pem crl_critical_entry.pem crlnum_57oct.pem crlnum_64oct.pem general-server-crl.pem large_crlnum.pem large_crlnum2.pem
hash_der 0fdb2da4.r0
hash_pem 0fdb2da4.r0
bad_time_fmt.pem ca-int-ecc.pem ca-int.pem ca-int2-ecc.pem ca-int2.pem caEcc384Crl.pem caEccCrl.der caEccCrl.pem cliCrl.pem client-int-ecc.pem client-int.pem crl.der crl.pem crl.revoked crl2.der crl2.pem crl_reason.pem crl_rsapss.pem eccCliCRL.pem eccSrvCRL.pem gencrls.sh include.am server-goodaltCrl.pem server-goodaltwildCrl.pem server-goodcnCrl.pem server-goodcnwildCrl.pem server-int-ecc.pem server-int.pem wolfssl.cnf
dilithium bench_dilithium_level2_key.der bench_dilithium_level3_key.der bench_dilithium_level5_key.der include.am
ecc bp256r1-key.der bp256r1-key.pem ca-secp256k1-cert.pem ca-secp256k1-key.pem client-bp256r1-cert.der client-bp256r1-cert.pem client-secp256k1-cert.der client-secp256k1-cert.pem genecc.sh include.am secp256k1-key.der secp256k1-key.pem secp256k1-param.pem secp256k1-privkey.der secp256k1-privkey.pem server-bp256r1-cert.der server-bp256r1-cert.pem server-secp256k1-cert.der server-secp256k1-cert.pem server2-secp256k1-cert.der server2-secp256k1-cert.pem wolfssl.cnf wolfssl_384.cnf
ed25519 ca-ed25519-key.der ca-ed25519-key.pem ca-ed25519-priv.der ca-ed25519-priv.pem ca-ed25519.der ca-ed25519.pem client-ed25519-key.der client-ed25519-key.pem client-ed25519-priv.der client-ed25519-priv.pem client-ed25519.der client-ed25519.pem eddsa-ed25519.der eddsa-ed25519.pem gen-ed25519-certs.sh gen-ed25519-keys.sh gen-ed25519.sh include.am root-ed25519-key.der root-ed25519-key.pem root-ed25519-priv.der root-ed25519-priv.pem root-ed25519.der root-ed25519.pem server-ed25519-cert.pem server-ed25519-key.der server-ed25519-key.pem server-ed25519-priv.der server-ed25519-priv.pem server-ed25519.der server-ed25519.pem
ed448 ca-ed448-key.der ca-ed448-key.pem ca-ed448-priv.der ca-ed448-priv.pem ca-ed448.der ca-ed448.pem client-ed448-key.der client-ed448-key.pem client-ed448-priv.der client-ed448-priv.pem client-ed448.der client-ed448.pem gen-ed448-certs.sh gen-ed448-keys.sh include.am root-ed448-key.der root-ed448-key.pem root-ed448-priv.der root-ed448-priv.pem root-ed448.der root-ed448.pem server-ed448-cert.pem server-ed448-key.der server-ed448-key.pem server-ed448-priv.der server-ed448-priv.pem server-ed448.der server-ed448.pem
external DigiCertGlobalRootCA.pem README.txt ca-digicert-ev.pem ca-globalsign-root.pem ca-google-root.pem ca_collection.pem include.am
falcon bench_falcon_level1_key.der bench_falcon_level5_key.der include.am
intermediate
ca_false_intermediate gentestcert.sh int_ca.key server.key test_ca.key test_ca.pem test_int_not_cacert.pem test_sign_bynoca_srv.pem wolfssl_base.conf wolfssl_srv.conf
ca-ecc-bad-aki.der ca-ecc-bad-aki.pem ca-int-cert.der ca-int-cert.pem ca-int-ecc-cert.der ca-int-ecc-cert.pem ca-int-ecc-key.der ca-int-ecc-key.pem ca-int-key.der ca-int-key.pem ca-int2-cert.der ca-int2-cert.pem ca-int2-ecc-cert.der ca-int2-ecc-cert.pem ca-int2-ecc-key.der ca-int2-ecc-key.pem ca-int2-key.der ca-int2-key.pem client-chain-alt-ecc.pem client-chain-alt.pem client-chain-ecc.der client-chain-ecc.pem client-chain.der client-chain.pem client-int-cert.der client-int-cert.pem client-int-ecc-cert.der client-int-ecc-cert.pem genintcerts.sh include.am server-chain-alt-ecc.pem server-chain-alt.pem server-chain-ecc.der server-chain-ecc.pem server-chain-short.pem server-chain.der server-chain.pem server-int-cert.der server-int-cert.pem server-int-ecc-cert.der server-int-ecc-cert.pem
lms bc_hss_L2_H5_W8_root.der bc_hss_L3_H5_W4_root.der bc_lms_chain_ca.der bc_lms_chain_leaf.der bc_lms_native_bc_root.der bc_lms_sha256_h10_w8_root.der bc_lms_sha256_h5_w4_root.der include.am
mldsa README.txt include.am mldsa44-cert.der mldsa44-cert.pem mldsa44-key.pem mldsa44_bare-priv.der mldsa44_bare-seed.der mldsa44_oqskeypair.der mldsa44_priv-only.der mldsa44_pub-spki.der mldsa44_seed-only.der mldsa44_seed-priv.der mldsa65-cert.der mldsa65-cert.pem mldsa65-key.pem mldsa65_bare-priv.der mldsa65_bare-seed.der mldsa65_oqskeypair.der mldsa65_priv-only.der mldsa65_pub-spki.der mldsa65_seed-only.der mldsa65_seed-priv.der mldsa87-cert.der mldsa87-cert.pem mldsa87-key.pem mldsa87_bare-priv.der mldsa87_bare-seed.der mldsa87_oqskeypair.der mldsa87_priv-only.der mldsa87_pub-spki.der mldsa87_seed-only.der mldsa87_seed-priv.der
ocsp imposter-root-ca-cert.der imposter-root-ca-cert.pem imposter-root-ca-key.der imposter-root-ca-key.pem include.am index-ca-and-intermediate-cas.txt index-ca-and-intermediate-cas.txt.attr index-intermediate1-ca-issued-certs.txt index-intermediate1-ca-issued-certs.txt.attr index-intermediate2-ca-issued-certs.txt index-intermediate2-ca-issued-certs.txt.attr index-intermediate3-ca-issued-certs.txt index-intermediate3-ca-issued-certs.txt.attr intermediate1-ca-cert.der intermediate1-ca-cert.pem intermediate1-ca-key.der intermediate1-ca-key.pem intermediate2-ca-cert.der intermediate2-ca-cert.pem intermediate2-ca-key.der intermediate2-ca-key.pem intermediate3-ca-cert.der intermediate3-ca-cert.pem intermediate3-ca-key.der intermediate3-ca-key.pem ocsp-responder-cert.der ocsp-responder-cert.pem ocsp-responder-key.der ocsp-responder-key.pem openssl.cnf renewcerts-for-test.sh renewcerts.sh root-ca-cert.der root-ca-cert.pem root-ca-crl.pem root-ca-key.der root-ca-key.pem server1-cert.der server1-cert.pem server1-chain-noroot.pem server1-key.der server1-key.pem server2-cert.der server2-cert.pem server2-key.der server2-key.pem server3-cert.der server3-cert.pem server3-key.der server3-key.pem server4-cert.der server4-cert.pem server4-key.der server4-key.pem server5-cert.der server5-cert.pem server5-key.der server5-key.pem test-leaf-response.der test-multi-response.der test-response-nointern.der test-response-rsapss.der test-response.der
p521 ca-p521-key.der ca-p521-key.pem ca-p521-priv.der ca-p521-priv.pem ca-p521.der ca-p521.pem client-p521-key.der client-p521-key.pem client-p521-priv.der client-p521-priv.pem client-p521.der client-p521.pem gen-p521-certs.sh gen-p521-keys.sh include.am root-p521-key.der root-p521-key.pem root-p521-priv.der root-p521-priv.pem root-p521.der root-p521.pem server-p521-cert.pem server-p521-key.der server-p521-key.pem server-p521-priv.der server-p521-priv.pem server-p521.der server-p521.pem
renewcerts wolfssl.cnf
rpk client-cert-rpk.der client-ecc-cert-rpk.der include.am server-cert-rpk.der server-ecc-cert-rpk.der
rsapss ca-3072-rsapss-key.der ca-3072-rsapss-key.pem ca-3072-rsapss-priv.der ca-3072-rsapss-priv.pem ca-3072-rsapss.der ca-3072-rsapss.pem ca-rsapss-key.der ca-rsapss-key.pem ca-rsapss-priv.der ca-rsapss-priv.pem ca-rsapss.der ca-rsapss.pem client-3072-rsapss-key.der client-3072-rsapss-key.pem client-3072-rsapss-priv.der client-3072-rsapss-priv.pem client-3072-rsapss.der client-3072-rsapss.pem client-rsapss-key.der client-rsapss-key.pem client-rsapss-priv.der client-rsapss-priv.pem client-rsapss.der client-rsapss.pem gen-rsapss-keys.sh include.am renew-rsapss-certs.sh root-3072-rsapss-key.der root-3072-rsapss-key.pem root-3072-rsapss-priv.der root-3072-rsapss-priv.pem root-3072-rsapss.der root-3072-rsapss.pem root-rsapss-key.der root-rsapss-key.pem root-rsapss-priv.der root-rsapss-priv.pem root-rsapss.der root-rsapss.pem server-3072-rsapss-cert.pem server-3072-rsapss-key.der server-3072-rsapss-key.pem server-3072-rsapss-priv.der server-3072-rsapss-priv.pem server-3072-rsapss.der server-3072-rsapss.pem server-mix-rsapss-cert.pem server-rsapss-cert.pem server-rsapss-key.der server-rsapss-key.pem server-rsapss-priv.der server-rsapss-priv.pem server-rsapss.der server-rsapss.pem
sia timestamping-sia-cert.pem
slhdsa bench_slhdsa_sha2_128f_key.der bench_slhdsa_sha2_128s_key.der bench_slhdsa_sha2_192f_key.der bench_slhdsa_sha2_192s_key.der bench_slhdsa_sha2_256f_key.der bench_slhdsa_sha2_256s_key.der bench_slhdsa_shake128f_key.der bench_slhdsa_shake128s_key.der bench_slhdsa_shake192f_key.der bench_slhdsa_shake192s_key.der bench_slhdsa_shake256f_key.der bench_slhdsa_shake256s_key.der client-mldsa44-priv.pem client-mldsa44-sha2.der client-mldsa44-sha2.pem client-mldsa44-shake.der client-mldsa44-shake.pem gen-slhdsa-mldsa-certs.sh include.am root-slhdsa-sha2-128s-priv.der root-slhdsa-sha2-128s-priv.pem root-slhdsa-sha2-128s.der root-slhdsa-sha2-128s.pem root-slhdsa-shake-128s-priv.der root-slhdsa-shake-128s-priv.pem root-slhdsa-shake-128s.der root-slhdsa-shake-128s.pem server-mldsa44-priv.pem server-mldsa44-sha2.der server-mldsa44-sha2.pem server-mldsa44-shake.der server-mldsa44-shake.pem
sm2 ca-sm2-key.der ca-sm2-key.pem ca-sm2-priv.der ca-sm2-priv.pem ca-sm2.der ca-sm2.pem client-sm2-key.der client-sm2-key.pem client-sm2-priv.der client-sm2-priv.pem client-sm2.der client-sm2.pem fix_sm2_spki.py gen-sm2-certs.sh gen-sm2-keys.sh include.am root-sm2-key.der root-sm2-key.pem root-sm2-priv.der root-sm2-priv.pem root-sm2.der root-sm2.pem self-sm2-cert.pem self-sm2-key.pem self-sm2-priv.pem server-sm2-cert.der server-sm2-cert.pem server-sm2-key.der server-sm2-key.pem server-sm2-priv.der server-sm2-priv.pem server-sm2.der server-sm2.pem
statickeys dh-ffdhe2048-params.pem dh-ffdhe2048-pub.der dh-ffdhe2048-pub.pem dh-ffdhe2048.der dh-ffdhe2048.pem ecc-secp256r1.der ecc-secp256r1.pem gen-static.sh include.am x25519-pub.der x25519-pub.pem x25519.der x25519.pem
test
expired expired-ca.der expired-ca.pem expired-cert.der expired-cert.pem
catalog.txt cert-bad-neg-int.der cert-bad-oid.der cert-bad-utf8.der cert-ext-ia.cfg cert-ext-ia.der cert-ext-ia.pem cert-ext-joi.cfg cert-ext-joi.der cert-ext-joi.pem cert-ext-mnc.der cert-ext-multiple.cfg cert-ext-multiple.der cert-ext-multiple.pem cert-ext-nc-combined.der cert-ext-nc-combined.pem cert-ext-nc.cfg cert-ext-nc.der cert-ext-nc.pem cert-ext-ncdns.der cert-ext-ncdns.pem cert-ext-ncip.der cert-ext-ncip.pem cert-ext-ncmixed.der cert-ext-ncmulti.der cert-ext-ncmulti.pem cert-ext-ncrid.der cert-ext-ncrid.pem cert-ext-nct.cfg cert-ext-nct.der cert-ext-nct.pem cert-ext-ndir-exc.cfg cert-ext-ndir-exc.der cert-ext-ndir-exc.pem cert-ext-ndir.cfg cert-ext-ndir.der cert-ext-ndir.pem cert-ext-ns.der cert-over-max-altnames.cfg cert-over-max-altnames.der cert-over-max-altnames.pem cert-over-max-nc.cfg cert-over-max-nc.der cert-over-max-nc.pem client-ecc-cert-ski.hex cn-ip-literal.der cn-ip-wildcard.der crit-cert.pem crit-key.pem dh1024.der dh1024.pem dh512.der dh512.pem digsigku.pem encrypteddata.msg gen-badsig.sh gen-ext-certs.sh gen-testcerts.sh include.am kari-keyid-cms.msg ktri-keyid-cms.msg ossl-trusted-cert.pem server-badaltname.der server-badaltname.pem server-badaltnull.der server-badaltnull.pem server-badcn.der server-badcn.pem server-badcnnull.der server-badcnnull.pem server-cert-ecc-badsig.der server-cert-ecc-badsig.pem server-cert-rsa-badsig.der server-cert-rsa-badsig.pem server-duplicate-policy.pem server-garbage.der server-garbage.pem server-goodalt.der server-goodalt.pem server-goodaltwild.der server-goodaltwild.pem server-goodcn.der server-goodcn.pem server-goodcnwild.der server-goodcnwild.pem server-localhost.der server-localhost.pem smime-test-canon.p7s smime-test-multipart-badsig.p7s smime-test-multipart.p7s smime-test.p7s
test-pathlen assemble-chains.sh chainA-ICA1-key.pem chainA-ICA1-pathlen0.pem chainA-assembled.pem chainA-entity-key.pem chainA-entity.pem chainB-ICA1-key.pem chainB-ICA1-pathlen0.pem chainB-ICA2-key.pem chainB-ICA2-pathlen1.pem chainB-assembled.pem chainB-entity-key.pem chainB-entity.pem chainC-ICA1-key.pem chainC-ICA1-pathlen1.pem chainC-assembled.pem chainC-entity-key.pem chainC-entity.pem chainD-ICA1-key.pem chainD-ICA1-pathlen127.pem chainD-assembled.pem chainD-entity-key.pem chainD-entity.pem chainE-ICA1-key.pem chainE-ICA1-pathlen128.pem chainE-assembled.pem chainE-entity-key.pem chainE-entity.pem chainF-ICA1-key.pem chainF-ICA1-pathlen1.pem chainF-ICA2-key.pem chainF-ICA2-pathlen0.pem chainF-assembled.pem chainF-entity-key.pem chainF-entity.pem chainG-ICA1-key.pem chainG-ICA1-pathlen0.pem chainG-ICA2-key.pem chainG-ICA2-pathlen1.pem chainG-ICA3-key.pem chainG-ICA3-pathlen99.pem chainG-ICA4-key.pem chainG-ICA4-pathlen5.pem chainG-ICA5-key.pem chainG-ICA5-pathlen20.pem chainG-ICA6-key.pem chainG-ICA6-pathlen10.pem chainG-ICA7-key.pem chainG-ICA7-pathlen100.pem chainG-assembled.pem chainG-entity-key.pem chainG-entity.pem chainH-ICA1-key.pem chainH-ICA1-pathlen0.pem chainH-ICA2-key.pem chainH-ICA2-pathlen2.pem chainH-ICA3-key.pem chainH-ICA3-pathlen2.pem chainH-ICA4-key.pem chainH-ICA4-pathlen2.pem chainH-assembled.pem chainH-entity-key.pem chainH-entity.pem chainI-ICA1-key.pem chainI-ICA1-no_pathlen.pem chainI-ICA2-key.pem chainI-ICA2-no_pathlen.pem chainI-ICA3-key.pem chainI-ICA3-pathlen2.pem chainI-assembled.pem chainI-entity-key.pem chainI-entity.pem chainJ-ICA1-key.pem chainJ-ICA1-no_pathlen.pem chainJ-ICA2-key.pem chainJ-ICA2-no_pathlen.pem chainJ-ICA3-key.pem chainJ-ICA3-no_pathlen.pem chainJ-ICA4-key.pem chainJ-ICA4-pathlen2.pem chainJ-assembled.pem chainJ-entity-key.pem chainJ-entity.pem include.am refreshkeys.sh
test-serial0 ee_normal.pem ee_serial0.pem generate_certs.sh include.am intermediate_serial0.pem root_serial0.pem root_serial0_key.pem selfsigned_nonca_serial0.pem
xmss bc_xmss_chain_ca.der bc_xmss_chain_leaf.der bc_xmss_sha2_10_256_root.der bc_xmss_sha2_16_256_root.der bc_xmssmt_sha2_20_2_256_root.der bc_xmssmt_sha2_20_4_256_root.der bc_xmssmt_sha2_40_8_256_root.der include.am
ca-cert-chain.der ca-cert.der ca-cert.pem ca-ecc-cert.der ca-ecc-cert.pem ca-ecc-key.der ca-ecc-key.pem ca-ecc384-cert.der ca-ecc384-cert.pem ca-ecc384-key.der ca-ecc384-key.pem ca-key-pkcs8-attribute.der ca-key.der ca-key.pem check_dates.sh client-absolute-urn.pem client-ca-cert.der client-ca-cert.pem client-ca.pem client-cert-ext.der client-cert-ext.pem client-cert.der client-cert.pem client-crl-dist.der client-crl-dist.pem client-ecc-ca-cert.der client-ecc-ca-cert.pem client-ecc-cert.der client-ecc-cert.pem client-ecc384-cert.der client-ecc384-cert.pem client-ecc384-key.der client-ecc384-key.pem client-key.der client-key.pem client-keyEnc.pem client-keyPub.der client-keyPub.pem client-relative-uri.pem client-uri-cert.pem csr.attr.der csr.dsa.der csr.dsa.pem csr.ext.der csr.signed.der dh-priv-2048.der dh-priv-2048.pem dh-pub-2048.der dh-pub-2048.pem dh-pubkey-2048.der dh2048.der dh2048.pem dh3072.der dh3072.pem dh4096.der dh4096.pem dsa-pubkey-2048.der dsa2048.der dsa2048.pem dsa3072.der dsaparams.der dsaparams.pem ecc-client-key.der ecc-client-key.pem ecc-client-keyPub.der ecc-client-keyPub.pem ecc-key-comp.pem ecc-keyPkcs8.der ecc-keyPkcs8.pem ecc-keyPkcs8Enc.der ecc-keyPkcs8Enc.pem ecc-keyPub.der ecc-keyPub.pem ecc-params.der ecc-params.pem ecc-privOnlyCert.pem ecc-privOnlyKey.pem ecc-privkey.der ecc-privkey.pem ecc-privkeyPkcs8.der ecc-privkeyPkcs8.pem ecc-rsa-server.p12 empty-issuer-cert.pem entity-no-ca-bool-cert.pem entity-no-ca-bool-key.pem fpki-cert.der fpki-certpol-cert.der gen_revoked.sh include.am renewcerts.sh rid-cert.der rsa-pub-2048.pem rsa2048.der rsa3072.der server-cert-chain.der server-cert.der server-cert.pem server-ecc-comp.der server-ecc-comp.pem server-ecc-rsa.der server-ecc-rsa.pem server-ecc-self.der server-ecc-self.pem server-ecc.der server-ecc.pem server-ecc384-cert.der server-ecc384-cert.pem server-ecc384-key.der server-ecc384-key.pem server-key.der server-key.pem server-keyEnc.pem server-keyPkcs8.der server-keyPkcs8.pem server-keyPkcs8Enc.der server-keyPkcs8Enc.pem server-keyPkcs8Enc12.pem server-keyPkcs8Enc2.pem server-keyPub.der server-keyPub.pem server-revoked-cert.pem server-revoked-key.pem taoCert.txt test-ber-exp02-05-2022.p7b test-degenerate.p7b test-multiple-recipients.p7b test-servercert-rc2.p12 test-servercert.p12 test-stream-dec.p7b test-stream-sign.p7b wolfssl-website-ca.pem x942dh2048.der x942dh2048.pem
cmake
consumer CMakeLists.txt README.md main.c
modules FindARIA.cmake FindOQS.cmake
Config.cmake.in README.md config.in functions.cmake include.am options.h.in wolfssl-config-version.cmake.in wolfssl-targets.cmake.in
debian
source format
changelog.in control.in copyright include.am libwolfssl-dev.install libwolfssl.install rules.in
doc
dox_comments
header_files aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h puf.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wc_she.h wc_slhdsa.h wolfio.h
header_files-ja aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wolfio.h
formats
html
html_changes
search search.css search.js
customdoxygen.css doxygen.css menu.js menudata.js tabs.css
Doxyfile footer.html header.html mainpage.dox
pdf Doxyfile header.tex
images wolfssl_logo.png
QUIC.md README.txt README_DOXYGEN check_api.sh generate_documentation.sh include.am
examples
asn1 asn1.c dumpasn1.cfg gen_oid_names.rb include.am oid_names.h
async Makefile README.md async_client.c async_server.c async_tls.c async_tls.h include.am user_settings.h
benchmark include.am tls_bench.c tls_bench.h
client client.c client.h client.sln client.vcproj client.vcxproj include.am
configs README.md include.am user_settings_EBSnet.h user_settings_all.h user_settings_arduino.h user_settings_baremetal.h user_settings_ca.h user_settings_curve25519nonblock.h user_settings_dtls13.h user_settings_eccnonblock.h user_settings_espressif.h user_settings_fipsv2.h user_settings_fipsv5.h user_settings_min_ecc.h user_settings_openssl_compat.h user_settings_pkcs7.h user_settings_platformio.h user_settings_pq.h user_settings_rsa_only.h user_settings_stm32.h user_settings_template.h user_settings_tls12.h user_settings_tls13.h user_settings_wolfboot_keytools.h user_settings_wolfssh.h user_settings_wolftpm.h
crypto_policies
default wolfssl.txt
future wolfssl.txt
legacy wolfssl.txt
echoclient echoclient.c echoclient.h echoclient.sln echoclient.vcproj echoclient.vcxproj include.am quit
echoserver echoserver.c echoserver.h echoserver.sln echoserver.vcproj echoserver.vcxproj include.am
ocsp_responder include.am ocsp_responder.c ocsp_responder.h
pem include.am pem.c
sctp include.am sctp-client-dtls.c sctp-client.c sctp-server-dtls.c sctp-server.c
server include.am server.c server.h server.sln server.vcproj server.vcxproj
README.md include.am
linuxkm
patches
5.10.17 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v10v17.patch
5.10.236 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v10v236.patch
5.14.0-570.58.1.el9_6 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v14-570v58v1-el9_6.patch
5.15 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v15.patch
5.17 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17.patch
5.17-ubuntu-jammy-tegra WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch
6.1.73 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v1v73.patch
6.12 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v12.patch
6.15 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v15.patch
7.0 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch
regen-patches.sh
Kbuild Makefile README.md get_thread_size.c include.am linuxkm-fips-hash-wrapper.sh linuxkm-fips-hash.c linuxkm_memory.c linuxkm_memory.h linuxkm_wc_port.h lkcapi_aes_glue.c lkcapi_dh_glue.c lkcapi_ecdh_glue.c lkcapi_ecdsa_glue.c lkcapi_glue.c lkcapi_rsa_glue.c lkcapi_sha_glue.c module_exports.c.template module_hooks.c pie_redirect_table.c wolfcrypt.lds x86_vector_register_glue.c
m4 ax_add_am_macro.m4 ax_am_jobserver.m4 ax_am_macros.m4 ax_append_compile_flags.m4 ax_append_flag.m4 ax_append_link_flags.m4 ax_append_to_file.m4 ax_atomic.m4 ax_bsdkm.m4 ax_check_compile_flag.m4 ax_check_link_flag.m4 ax_compiler_version.m4 ax_count_cpus.m4 ax_create_generic_config.m4 ax_debug.m4 ax_file_escapes.m4 ax_harden_compiler_flags.m4 ax_linuxkm.m4 ax_print_to_file.m4 ax_pthread.m4 ax_require_defined.m4 ax_tls.m4 ax_vcs_checkout.m4 hexversion.m4 lib_socket_nsl.m4 visibility.m4
mcapi
wolfcrypt_mcapi.X
nbproject configurations.xml include.am project.xml
Makefile
wolfcrypt_test.X
nbproject configurations.xml include.am project.xml
Makefile
wolfssl.X
nbproject configurations.xml include.am project.xml
Makefile
zlib.X
nbproject configurations.xml include.am project.xml
Makefile
PIC32MZ-serial.h README crypto.c crypto.h include.am mcapi_test.c user_settings.h
mplabx
wolfcrypt_benchmark.X
nbproject configurations.xml include.am project.xml
Makefile
wolfcrypt_test.X
nbproject configurations.xml include.am project.xml
Makefile
wolfssl.X
nbproject configurations.xml include.am project.xml
Makefile
PIC32MZ-serial.h README benchmark_main.c include.am test_main.c user_settings.h
mqx
util_lib
Sources include.am util.c util.h
wolfcrypt_benchmark
Debugger K70FN1M0.mem init_kinetis.tcl mass_erase_kinetis.tcl
Sources include.am main.c main.h
ReferencedRSESystems.xml wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch
wolfcrypt_test
Debugger K70FN1M0.mem init_kinetis.tcl mass_erase_kinetis.tcl
Sources include.am main.c main.h
ReferencedRSESystems.xml wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch
wolfssl include.am
wolfssl_client
Debugger K70FN1M0.mem init_kinetis.tcl mass_erase_kinetis.tcl
Sources include.am main.c main.h
ReferencedRSESystems.xml wolfssl_client_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch
README
rpm include.am spec.in
scripts
bench bench_functions.sh
aria-cmake-build-test.sh asn1_oid_sum.pl benchmark.test benchmark_compare.sh cleanup_testfiles.sh crl-gen-openssl.test crl-revoked.test dertoc.pl dtls.test dtlscid.test external.test google.test include.am makedistsmall.sh memtest.sh ocsp-responder-openssl-interop.test ocsp-stapling-with-ca-as-responder.test ocsp-stapling-with-wolfssl-responder.test ocsp-stapling.test ocsp-stapling2.test ocsp-stapling_tls13multi.test ocsp.test openssl.test openssl_srtp.test pem.test ping.test pkcallbacks.test psk.test resume.test rsapss.test sniffer-gen.sh sniffer-ipv6.pcap sniffer-static-rsa.pcap sniffer-testsuite.test sniffer-tls12-keylog.out sniffer-tls12-keylog.pcap sniffer-tls12-keylog.sslkeylog sniffer-tls13-dh-resume.pcap sniffer-tls13-dh.pcap sniffer-tls13-ecc-resume.pcap sniffer-tls13-ecc.pcap sniffer-tls13-hrr.pcap sniffer-tls13-keylog.out sniffer-tls13-keylog.pcap sniffer-tls13-keylog.sslkeylog sniffer-tls13-x25519-resume.pcap sniffer-tls13-x25519.pcap stm32l4-v4_0_1_build.sh tls13.test trusted_peer.test unit.test.in user_settings_asm.sh
src bio.c conf.c crl.c dtls.c dtls13.c include.am internal.c keys.c ocsp.c pk.c pk_ec.c pk_rsa.c quic.c sniffer.c ssl.c ssl_api_cert.c ssl_api_crl_ocsp.c ssl_api_pk.c ssl_asn1.c ssl_bn.c ssl_certman.c ssl_crypto.c ssl_ech.c ssl_load.c ssl_misc.c ssl_p7p12.c ssl_sess.c ssl_sk.c tls.c tls13.c wolfio.c x509.c x509_str.c
sslSniffer
sslSnifferTest README_WIN.md include.am snifftest.c sslSniffTest.vcproj sslSniffTest.vcxproj
README.md sslSniffer.vcproj sslSniffer.vcxproj
support gen-debug-trace-error-codes.sh include.am wolfssl.pc.in
tests
api api.h api_decl.h create_ocsp_test_blobs.py include.am test_aes.c test_aes.h test_arc4.c test_arc4.h test_ascon.c test_ascon.h test_ascon_kats.h test_asn.c test_asn.h test_blake2.c test_blake2.h test_camellia.c test_camellia.h test_certman.c test_certman.h test_chacha.c test_chacha.h test_chacha20_poly1305.c test_chacha20_poly1305.h test_cmac.c test_cmac.h test_curve25519.c test_curve25519.h test_curve448.c test_curve448.h test_des3.c test_des3.h test_dh.c test_dh.h test_digest.h test_dsa.c test_dsa.h test_dtls.c test_dtls.h test_ecc.c test_ecc.h test_ed25519.c test_ed25519.h test_ed448.c test_ed448.h test_evp.c test_evp.h test_evp_cipher.c test_evp_cipher.h test_evp_digest.c test_evp_digest.h test_evp_pkey.c test_evp_pkey.h test_hash.c test_hash.h test_hmac.c test_hmac.h test_md2.c test_md2.h test_md4.c test_md4.h test_md5.c test_md5.h test_mldsa.c test_mldsa.h test_mlkem.c test_mlkem.h test_ocsp.c test_ocsp.h test_ocsp_test_blobs.h test_ossl_asn1.c test_ossl_asn1.h test_ossl_bio.c test_ossl_bio.h test_ossl_bn.c test_ossl_bn.h test_ossl_cipher.c test_ossl_cipher.h test_ossl_dgst.c test_ossl_dgst.h test_ossl_dh.c test_ossl_dh.h test_ossl_dsa.c test_ossl_dsa.h test_ossl_ec.c test_ossl_ec.h test_ossl_ecx.c test_ossl_ecx.h test_ossl_mac.c test_ossl_mac.h test_ossl_obj.c test_ossl_obj.h test_ossl_p7p12.c test_ossl_p7p12.h test_ossl_pem.c test_ossl_pem.h test_ossl_rand.c test_ossl_rand.h test_ossl_rsa.c test_ossl_rsa.h test_ossl_sk.c test_ossl_sk.h test_ossl_x509.c test_ossl_x509.h test_ossl_x509_acert.c test_ossl_x509_acert.h test_ossl_x509_crypto.c test_ossl_x509_crypto.h test_ossl_x509_ext.c test_ossl_x509_ext.h test_ossl_x509_info.c test_ossl_x509_info.h test_ossl_x509_io.c test_ossl_x509_io.h test_ossl_x509_lu.c test_ossl_x509_lu.h test_ossl_x509_name.c test_ossl_x509_name.h test_ossl_x509_pk.c test_ossl_x509_pk.h test_ossl_x509_str.c test_ossl_x509_str.h test_ossl_x509_vp.c test_ossl_x509_vp.h test_pkcs12.c test_pkcs12.h test_pkcs7.c test_pkcs7.h test_poly1305.c test_poly1305.h test_random.c test_random.h test_rc2.c test_rc2.h test_ripemd.c test_ripemd.h test_rsa.c test_rsa.h test_sha.c test_sha.h test_sha256.c test_sha256.h test_sha3.c test_sha3.h test_sha512.c test_sha512.h test_she.c test_she.h test_signature.c test_signature.h test_slhdsa.c test_slhdsa.h test_sm2.c test_sm2.h test_sm3.c test_sm3.h test_sm4.c test_sm4.h test_tls.c test_tls.h test_tls13.c test_tls13.h test_tls_ext.c test_tls_ext.h test_wc_encrypt.c test_wc_encrypt.h test_wolfmath.c test_wolfmath.h test_x509.c test_x509.h
emnet
IP IP.h
Makefile emnet_nonblock_test.c emnet_shim.c
freertos-mem-track-repro FreeRTOS.h repro.c run.sh semphr.h task.h user_settings.h
swdev .gitignore Makefile README.md swdev.c swdev.h swdev_loader.c swdev_loader.h user_settings.h
CONF_FILES_README.md NCONF_test.cnf README TXT_DB.txt api.c include.am quic.c srp.c suites.c test-altchains.conf test-chains.conf test-dhprime.conf test-dtls-downgrade.conf test-dtls-fails-cipher.conf test-dtls-fails.conf test-dtls-group.conf test-dtls-mtu.conf test-dtls-reneg-client.conf test-dtls-reneg-server.conf test-dtls-resume.conf test-dtls-sha2.conf test-dtls-srtp-fails.conf test-dtls-srtp.conf test-dtls.conf test-dtls13-cid.conf test-dtls13-downgrade-fails.conf test-dtls13-downgrade.conf test-dtls13-pq-hybrid-extra-frag.conf test-dtls13-pq-hybrid-extra.conf test-dtls13-pq-hybrid-frag.conf test-dtls13-pq-standalone-frag.conf test-dtls13-pq-standalone.conf test-dtls13-psk.conf test-dtls13.conf test-ecc-cust-curves.conf test-ed25519.conf test-ed448.conf test-enckeys.conf test-fails.conf test-maxfrag-dtls.conf test-maxfrag.conf test-p521.conf test-psk-no-id-sha2.conf test-psk-no-id.conf test-psk.conf test-rsapss.conf test-sctp-sha2.conf test-sctp.conf test-sha2.conf test-sig.conf test-sm2.conf test-tls-downgrade.conf test-tls13-down.conf test-tls13-ecc.conf test-tls13-pq-hybrid-extra.conf test-tls13-pq-hybrid.conf test-tls13-pq-standalone.conf test-tls13-psk-certs.conf test-tls13-psk.conf test-tls13-slhdsa-fail.conf test-tls13-slhdsa-sha2.conf test-tls13-slhdsa-shake.conf test-tls13.conf test-trustpeer.conf test.conf unit.c unit.h utils.c utils.h w64wrapper.c
testsuite include.am testsuite.c testsuite.sln testsuite.vcproj testsuite.vcxproj utils.c utils.h
tirtos
packages
ti
net
wolfssl
tests
EK_TM4C1294XL
wolfcrypt
benchmark TM4C1294NC.icf benchmark.cfg main.c package.bld.hide package.xdc
test TM4C1294NC.icf main.c package.bld.hide package.xdc test.cfg
package.bld package.xdc package.xs
.gitignore README include.am products.mak wolfssl.bld wolfssl.mak
wolfcrypt
benchmark README.md benchmark-VS2022.sln benchmark-VS2022.vcxproj benchmark-VS2022.vcxproj.user benchmark.c benchmark.h benchmark.sln benchmark.vcproj benchmark.vcxproj include.am
src
port
Espressif
esp_crt_bundle README.md cacrt_all.pem cacrt_deprecated.pem cacrt_local.pem esp_crt_bundle.c gen_crt_bundle.py pio_install_cryptography.py
README.md esp32_aes.c esp32_mp.c esp32_sha.c esp32_util.c esp_sdk_mem_lib.c esp_sdk_time_lib.c esp_sdk_wifi_lib.c
Renesas README.md renesas_common.c renesas_fspsm_aes.c renesas_fspsm_rsa.c renesas_fspsm_sha.c renesas_fspsm_util.c renesas_rx64_hw_sha.c renesas_rx64_hw_util.c renesas_tsip_aes.c renesas_tsip_rsa.c renesas_tsip_sha.c renesas_tsip_util.c
af_alg afalg_aes.c afalg_hash.c wc_afalg.c
aria aria-crypt.c aria-cryptocb.c
arm armv8-32-aes-asm.S armv8-32-aes-asm_c.c armv8-32-chacha-asm.S armv8-32-chacha-asm_c.c armv8-32-curve25519.S armv8-32-curve25519_c.c armv8-32-mlkem-asm.S armv8-32-mlkem-asm_c.c armv8-32-poly1305-asm.S armv8-32-poly1305-asm_c.c armv8-32-sha256-asm.S armv8-32-sha256-asm_c.c armv8-32-sha3-asm.S armv8-32-sha3-asm_c.c armv8-32-sha512-asm.S armv8-32-sha512-asm_c.c armv8-aes-asm.S armv8-aes-asm_c.c armv8-aes.c armv8-chacha-asm.S armv8-chacha-asm_c.c armv8-curve25519.S armv8-curve25519_c.c armv8-mlkem-asm.S armv8-mlkem-asm_c.c armv8-poly1305-asm.S armv8-poly1305-asm_c.c armv8-sha256-asm.S armv8-sha256-asm_c.c armv8-sha256.c armv8-sha3-asm.S armv8-sha3-asm_c.c armv8-sha512-asm.S armv8-sha512-asm_c.c armv8-sha512.c cryptoCell.c cryptoCellHash.c thumb2-aes-asm.S thumb2-aes-asm_c.c thumb2-chacha-asm.S thumb2-chacha-asm_c.c thumb2-curve25519.S thumb2-curve25519_c.c thumb2-mlkem-asm.S thumb2-mlkem-asm_c.c thumb2-poly1305-asm.S thumb2-poly1305-asm_c.c thumb2-sha256-asm.S thumb2-sha256-asm_c.c thumb2-sha3-asm.S thumb2-sha3-asm_c.c thumb2-sha512-asm.S thumb2-sha512-asm_c.c
atmel README.md atmel.c
autosar README.md cryif.c crypto.c csm.c include.am test.c
caam README.md caam_aes.c caam_doc.pdf caam_driver.c caam_error.c caam_integrity.c caam_qnx.c caam_sha.c wolfcaam_aes.c wolfcaam_cmac.c wolfcaam_ecdsa.c wolfcaam_fsl_nxp.c wolfcaam_hash.c wolfcaam_hmac.c wolfcaam_init.c wolfcaam_qnx.c wolfcaam_rsa.c wolfcaam_seco.c wolfcaam_x25519.c
cavium README.md README_Octeon.md cavium_nitrox.c cavium_octeon_sync.c
cuda README.md aes-cuda.cu
cypress README.md psoc6_crypto.c
devcrypto README.md devcrypto_aes.c devcrypto_ecdsa.c devcrypto_hash.c devcrypto_hmac.c devcrypto_rsa.c devcrypto_x25519.c wc_devcrypto.c
intel README.md quickassist.c quickassist_mem.c quickassist_sync.c
iotsafe iotsafe.c
kcapi README.md kcapi_aes.c kcapi_dh.c kcapi_ecc.c kcapi_hash.c kcapi_hmac.c kcapi_rsa.c
liboqs liboqs.c
maxim README.md max3266x.c maxq10xx.c
mynewt mynewt_port.c
nxp README.md README_SE050.md casper_port.c dcp_port.c hashcrypt_port.c ksdk_port.c se050_port.c
pic32 pic32mz-crypt.c
ppc32 ppc32-sha256-asm.S ppc32-sha256-asm_c.c ppc32-sha256-asm_cr.c
psa README.md psa.c psa_aes.c psa_hash.c psa_pkcbs.c
riscv riscv-64-aes.c riscv-64-chacha.c riscv-64-poly1305.c riscv-64-sha256.c riscv-64-sha3.c riscv-64-sha512.c
rpi_pico README.md pico.c
silabs README.md silabs_aes.c silabs_ecc.c silabs_hash.c silabs_random.c
st README.md STM32MP13.md STM32MP25.md stm32.c stsafe.c
ti ti-aes.c ti-ccm.c ti-des3.c ti-hash.c
tropicsquare README.md tropic01.c
xilinx xil-aesgcm.c xil-sha3.c xil-versal-glue.c xil-versal-trng.c
nrf51.c
ASN_TEMPLATE.md aes.c aes_asm.S aes_asm.asm aes_gcm_asm.S aes_gcm_asm.asm aes_gcm_x86_asm.S aes_xts_asm.S aes_xts_asm.asm arc4.c ascon.c asm.c asn.c asn_orig.c async.c blake2b.c blake2s.c camellia.c chacha.c chacha20_poly1305.c chacha_asm.S chacha_asm.asm cmac.c coding.c compress.c cpuid.c cryptocb.c curve25519.c curve448.c des3.c dh.c dilithium.c dsa.c ecc.c ecc_fp.c eccsi.c ed25519.c ed448.c error.c evp.c evp_pk.c falcon.c fe_448.c fe_low_mem.c fe_operations.c fe_x25519_128.h fe_x25519_asm.S fp_mont_small.i fp_mul_comba_12.i fp_mul_comba_17.i fp_mul_comba_20.i fp_mul_comba_24.i fp_mul_comba_28.i fp_mul_comba_3.i fp_mul_comba_32.i fp_mul_comba_4.i fp_mul_comba_48.i fp_mul_comba_6.i fp_mul_comba_64.i fp_mul_comba_7.i fp_mul_comba_8.i fp_mul_comba_9.i fp_mul_comba_small_set.i fp_sqr_comba_12.i fp_sqr_comba_17.i fp_sqr_comba_20.i fp_sqr_comba_24.i fp_sqr_comba_28.i fp_sqr_comba_3.i fp_sqr_comba_32.i fp_sqr_comba_4.i fp_sqr_comba_48.i fp_sqr_comba_6.i fp_sqr_comba_64.i fp_sqr_comba_7.i fp_sqr_comba_8.i fp_sqr_comba_9.i fp_sqr_comba_small_set.i ge_448.c ge_low_mem.c ge_operations.c hash.c hmac.c hpke.c include.am integer.c kdf.c logging.c md2.c md4.c md5.c memory.c misc.c pkcs12.c pkcs7.c poly1305.c poly1305_asm.S poly1305_asm.asm puf.c pwdbased.c random.c rc2.c ripemd.c rng_bank.c rsa.c sakke.c sha.c sha256.c sha256_asm.S sha3.c sha3_asm.S sha512.c sha512_asm.S signature.c siphash.c sm2.c sm3.c sm3_asm.S sm4.c sp_arm32.c sp_arm64.c sp_armthumb.c sp_c32.c sp_c64.c sp_cortexm.c sp_dsp32.c sp_int.c sp_sm2_arm32.c sp_sm2_arm64.c sp_sm2_armthumb.c sp_sm2_c32.c sp_sm2_c64.c sp_sm2_cortexm.c sp_sm2_x86_64.c sp_sm2_x86_64_asm.S sp_x86_64.c sp_x86_64_asm.S sp_x86_64_asm.asm srp.c tfm.c wc_dsp.c wc_encrypt.c wc_lms.c wc_lms_impl.c wc_mldsa_asm.S wc_mlkem.c wc_mlkem_asm.S wc_mlkem_poly.c wc_pkcs11.c wc_port.c wc_she.c wc_slhdsa.c wc_xmss.c wc_xmss_impl.c wolfentropy.c wolfevent.c wolfmath.c
test README.md include.am test-VS2022.sln test-VS2022.vcxproj test-VS2022.vcxproj.user test.c test.h test.sln test.vcproj test_paths.h.in
wolfssl
openssl aes.h asn1.h asn1t.h bio.h bn.h buffer.h camellia.h cmac.h cms.h compat_types.h conf.h crypto.h des.h dh.h dsa.h ec.h ec25519.h ec448.h ecdh.h ecdsa.h ed25519.h ed448.h engine.h err.h evp.h fips_rand.h hmac.h include.am kdf.h lhash.h md4.h md5.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h opensslv.h ossl_typ.h pem.h pkcs12.h pkcs7.h rand.h rc4.h ripemd.h rsa.h safestack.h sha.h sha3.h srp.h ssl.h ssl23.h stack.h tls1.h txt_db.h ui.h x509.h x509_vfy.h x509v3.h
wolfcrypt
port
Espressif esp-sdk-lib.h esp32-crypt.h esp_crt_bundle.h
Renesas renesas-fspsm-crypt.h renesas-fspsm-types.h renesas-rx64-hw-crypt.h renesas-tsip-crypt.h renesas_cmn.h renesas_fspsm_internal.h renesas_sync.h renesas_tsip_internal.h renesas_tsip_types.h
af_alg afalg_hash.h wc_afalg.h
aria aria-crypt.h aria-cryptocb.h
arm cryptoCell.h
atmel atmel.h
autosar CryIf.h Crypto.h Csm.h StandardTypes.h
caam caam_driver.h caam_error.h caam_qnx.h wolfcaam.h wolfcaam_aes.h wolfcaam_cmac.h wolfcaam_ecdsa.h wolfcaam_fsl_nxp.h wolfcaam_hash.h wolfcaam_qnx.h wolfcaam_rsa.h wolfcaam_seco.h wolfcaam_sha.h wolfcaam_x25519.h
cavium cavium_nitrox.h cavium_octeon_sync.h
cypress psoc6_crypto.h
devcrypto wc_devcrypto.h
intel quickassist.h quickassist_mem.h quickassist_sync.h
iotsafe iotsafe.h
kcapi kcapi_dh.h kcapi_ecc.h kcapi_hash.h kcapi_hmac.h kcapi_rsa.h wc_kcapi.h
liboqs liboqs.h
maxim max3266x-cryptocb.h max3266x.h maxq10xx.h
nxp casper_port.h dcp_port.h hashcrypt_port.h ksdk_port.h se050_port.h
pic32 pic32mz-crypt.h
psa psa.h
riscv riscv-64-asm.h
rpi_pico pico.h
silabs silabs_aes.h silabs_ecc.h silabs_hash.h silabs_random.h
st stm32.h stsafe.h
ti ti-ccm.h ti-hash.h
tropicsquare tropic01.h
xilinx xil-sha3.h xil-versal-glue.h xil-versal-trng.h
nrf51.h
aes.h arc4.h ascon.h asn.h asn_public.h async.h blake2-impl.h blake2-int.h blake2.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cpuid.h cryptocb.h curve25519.h curve448.h des3.h dh.h dilithium.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h falcon.h fe_448.h fe_operations.h fips_test.h ge_448.h ge_operations.h hash.h hmac.h hpke.h include.am integer.h kdf.h libwolfssl_sources.h libwolfssl_sources_asm.h logging.h md2.h md4.h md5.h mem_track.h memory.h misc.h mpi_class.h mpi_superclass.h oid_sum.h pkcs11.h pkcs12.h pkcs7.h poly1305.h puf.h pwdbased.h random.h rc2.h ripemd.h rng_bank.h rsa.h sakke.h selftest.h settings.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h sm2.h sm3.h sm4.h sp.h sp_int.h srp.h tfm.h types.h visibility.h wc_encrypt.h wc_lms.h wc_mlkem.h wc_pkcs11.h wc_port.h wc_she.h wc_slhdsa.h wc_xmss.h wolfentropy.h wolfevent.h wolfmath.h
callbacks.h certs_test.h certs_test_sm.h crl.h error-ssl.h include.am internal.h ocsp.h options.h.in quic.h sniffer.h sniffer_error.h sniffer_error.rc ssl.h test.h version.h version.h.in wolfio.h
wrapper
Ada
examples
src aes_verify_main.adb rsa_verify_main.adb sha256_main.adb spark_sockets.adb spark_sockets.ads spark_terminal.adb spark_terminal.ads tls_client.adb tls_client.ads tls_client_main.adb tls_server.adb tls_server.ads tls_server_main.adb
.gitignore alire.toml examples.gpr
tests
src
support test_support.adb test_support.ads tests_root_suite.adb tests_root_suite.ads
aes_bindings_tests.adb aes_bindings_tests.ads rsa_verify_bindings_tests.adb rsa_verify_bindings_tests.ads sha256_bindings_tests.adb sha256_bindings_tests.ads tests.adb
.gitignore README.md alire.toml tests.gpr valgrind.supp
.gitignore README.md ada_binding.c alire.toml default.gpr include.am restricted.adc user_settings.h wolfssl-full_runtime.adb wolfssl-full_runtime.ads wolfssl.adb wolfssl.ads wolfssl.gpr
CSharp
wolfCrypt-Test
Properties AssemblyInfo.cs
App.config wolfCrypt-Test.cs wolfCrypt-Test.csproj
wolfSSL-DTLS-PSK-Server
Properties AssemblyInfo.cs
App.config wolfSSL-DTLS-PSK-Server.cs wolfSSL-DTLS-PSK-Server.csproj
wolfSSL-DTLS-Server
Properties AssemblyInfo.cs
App.config wolfSSL-DTLS-Server.cs wolfSSL-DTLS-Server.csproj
wolfSSL-Example-IOCallbacks
Properties AssemblyInfo.cs
App.config wolfSSL-Example-IOCallbacks.cs wolfSSL-Example-IOCallbacks.csproj
wolfSSL-TLS-Client
Properties AssemblyInfo.cs
App.config wolfSSL-TLS-Client.cs wolfSSL-TLS-Client.csproj
wolfSSL-TLS-PSK-Client
Properties AssemblyInfo.cs
App.config wolfSSL-TLS-PSK-Client.cs wolfSSL-TLS-PSK-Client.csproj
wolfSSL-TLS-PSK-Server
Properties AssemblyInfo.cs
App.config wolfSSL-TLS-PSK-Server.cs wolfSSL-TLS-PSK-Server.csproj
wolfSSL-TLS-Server
Properties AssemblyInfo.cs
App.config wolfSSL-TLS-Server.cs wolfSSL-TLS-Server.csproj
wolfSSL-TLS-ServerThreaded
Properties AssemblyInfo.cs
App.config wolfSSL-TLS-ServerThreaded.cs wolfSSL-TLS-ServerThreaded.csproj
wolfSSL_CSharp
Properties AssemblyInfo.cs Resources.Designer.cs Resources.resx
X509.cs wolfCrypt.cs wolfSSL.cs wolfSSL_CSharp.csproj
README.md include.am user_settings.h wolfSSL_CSharp.sln wolfssl.vcxproj
python README.md
rust
wolfssl-wolfcrypt
src aes.rs blake2.rs chacha20_poly1305.rs cmac.rs cmac_mac.rs curve25519.rs dh.rs dilithium.rs ecc.rs ecdsa.rs ed25519.rs ed448.rs fips.rs hkdf.rs hmac.rs hmac_mac.rs kdf.rs lib.rs lms.rs mlkem.rs mlkem_kem.rs pbkdf2_password_hash.rs prf.rs random.rs rsa.rs rsa_pkcs1v15.rs sha.rs sha_digest.rs sys.rs
tests
common mod.rs
test_aes.rs test_blake2.rs test_chacha20_poly1305.rs test_cmac.rs test_cmac_mac.rs test_curve25519.rs test_dh.rs test_dilithium.rs test_ecc.rs test_ecdsa.rs test_ed25519.rs test_ed448.rs test_hkdf.rs test_hmac.rs test_hmac_mac.rs test_kdf.rs test_lms.rs test_mlkem.rs test_mlkem_kem.rs test_pbkdf2_password_hash.rs test_prf.rs test_random.rs test_rsa.rs test_rsa_pkcs1v15.rs test_sha.rs test_sha_digest.rs test_wolfcrypt.rs
CHANGELOG.md Cargo.lock Cargo.toml Makefile README.md build.rs headers.h
Makefile README.md include.am
include.am
zephyr
samples
wolfssl_benchmark
boards native_sim.conf nrf5340dk_nrf5340_cpuapp.conf nrf5340dk_nrf5340_cpuapp_ns.conf
CMakeLists.txt README install_test.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl_test
boards native_sim.conf nrf5340dk_nrf5340_cpuapp.conf nrf5340dk_nrf5340_cpuapp_ns.conf
CMakeLists.txt README install_test.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl_tls_sock
boards native_sim.conf
src tls_sock.c
CMakeLists.txt README install_sample.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl_tls_thread
boards native_sim.conf nrf5340dk_nrf5340_cpuapp.conf nrf5340dk_nrf5340_cpuapp_ns.conf
src tls_threaded.c
CMakeLists.txt README install_sample.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl options.h
CMakeLists.txt Kconfig Kconfig.tls-generic README.md include.am module.yml user_settings-no-malloc.h user_settings.h zephyr_init.c
.codespellexcludelines .cyignore .editorconfig .gitignore .wolfssl_known_macro_extras AUTHORS CMakeLists.txt CMakePresets.json CMakeSettings.json COPYING ChangeLog.md INSTALL LICENSING LPCExpresso.cproject LPCExpresso.project Makefile.am README README-async.md README.md SCRIPTS-LIST SECURITY-POLICY.md SECURITY-REPORT-TEMPLATE.md Vagrantfile autogen.sh commit-tests.sh configure.ac fips-check.sh fips-hash.sh gencertbuf.pl input pull_to_vagrant.sh quit resource.h stamp-h.in valgrind-bash.supp valgrind-error.sh wnr-example.conf wolfssl-VS2022.vcxproj wolfssl.rc wolfssl.vcproj wolfssl.vcxproj wolfssl64.sln
.clangd .gitignore DOCS.md Makefile README.md assert.c core.c crypto.c env.c fs.c http.c ini.c json.c log.c luna.h main.c makext.mk path.c process.c request.c sqlite.c stash.c template.c util.c
wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S raw 
    1/* aes_gcm_x86_asm
    2 *
    3 * Copyright (C) 2006-2026 wolfSSL Inc.
    4 *
    5 * This file is part of wolfSSL.
    6 *
    7 * wolfSSL is free software; you can redistribute it and/or modify
    8 * it under the terms of the GNU General Public License as published by
    9 * the Free Software Foundation; either version 3 of the License, or
   10 * (at your option) any later version.
   11 *
   12 * wolfSSL is distributed in the hope that it will be useful,
   13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15 * GNU General Public License for more details.
   16 *
   17 * You should have received a copy of the GNU General Public License
   18 * along with this program; if not, write to the Free Software
   19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
   20 */
   21
   22#ifdef WOLFSSL_USER_SETTINGS
   23#include "wolfssl/wolfcrypt/settings.h"
   24#endif
   25
   26#ifndef HAVE_INTEL_AVX1
   27#define HAVE_INTEL_AVX1
   28#endif /* HAVE_INTEL_AVX1 */
   29#ifndef NO_AVX2_SUPPORT
   30#ifndef HAVE_INTEL_AVX2
   31#define HAVE_INTEL_AVX2
   32#endif /* HAVE_INTEL_AVX2 */
   33#endif /* NO_AVX2_SUPPORT */
   34
   35.type	data, @object
   36.align	16
   37L_aes_gcm_one:
   38.long	0x00000000,0x00000000,0x00000001,0x00000000
   39.type	data, @object
   40.align	16
   41L_aes_gcm_two:
   42.long	0x00000000,0x00000000,0x00000002,0x00000000
   43.type	data, @object
   44.align	16
   45L_aes_gcm_three:
   46.long	0x00000000,0x00000000,0x00000003,0x00000000
   47.type	data, @object
   48.align	16
   49L_aes_gcm_four:
   50.long	0x00000000,0x00000000,0x00000004,0x00000000
   51.type	data, @object
   52.align	16
   53L_aes_gcm_bswap_epi64:
   54.long	0x04050607,0x00010203,0x0c0d0e0f,0x08090a0b
   55.type	data, @object
   56.align	16
   57L_aes_gcm_bswap_mask:
   58.long	0x0c0d0e0f,0x08090a0b,0x04050607,0x00010203
   59.type	data, @object
   60.align	16
   61L_aes_gcm_mod2_128:
   62.long	0x00000001,0x00000000,0x00000000,0xc2000000
   63.type	data, @object
   64.align	16
   65L_aes_gcm_avx1_one:
   66.long	0x00000000,0x00000000,0x00000001,0x00000000
   67.type	data, @object
   68.align	16
   69L_aes_gcm_avx1_two:
   70.long	0x00000000,0x00000000,0x00000002,0x00000000
   71.type	data, @object
   72.align	16
   73L_aes_gcm_avx1_three:
   74.long	0x00000000,0x00000000,0x00000003,0x00000000
   75.type	data, @object
   76.align	16
   77L_aes_gcm_avx1_four:
   78.long	0x00000000,0x00000000,0x00000004,0x00000000
   79.type	data, @object
   80.align	16
   81L_aes_gcm_avx1_bswap_epi64:
   82.long	0x04050607,0x00010203,0x0c0d0e0f,0x08090a0b
   83.type	data, @object
   84.align	16
   85L_aes_gcm_avx1_bswap_mask:
   86.long	0x0c0d0e0f,0x08090a0b,0x04050607,0x00010203
   87.type	data, @object
   88.align	16
   89L_aes_gcm_avx1_mod2_128:
   90.long	0x00000001,0x00000000,0x00000000,0xc2000000
   91.type	data, @object
   92.align	16
   93L_aes_gcm_avx2_one:
   94.long	0x00000000,0x00000000,0x00000001,0x00000000
   95.type	data, @object
   96.align	16
   97L_aes_gcm_avx2_two:
   98.long	0x00000000,0x00000000,0x00000002,0x00000000
   99.type	data, @object
  100.align	16
  101L_aes_gcm_avx2_three:
  102.long	0x00000000,0x00000000,0x00000003,0x00000000
  103.type	data, @object
  104.align	16
  105L_aes_gcm_avx2_four:
  106.long	0x00000000,0x00000000,0x00000004,0x00000000
  107.type	data, @object
  108.align	16
  109L_avx2_aes_gcm_bswap_one:
  110.long	0x00000000,0x00000000,0x00000000,0x01000000
  111.type	data, @object
  112.align	16
  113L_aes_gcm_avx2_bswap_epi64:
  114.long	0x04050607,0x00010203,0x0c0d0e0f,0x08090a0b
  115.type	data, @object
  116.align	16
  117L_aes_gcm_avx2_bswap_mask:
  118.long	0x0c0d0e0f,0x08090a0b,0x04050607,0x00010203
  119.type	data, @object
  120.align	16
  121L_aes_gcm_avx2_mod2_128:
  122.long	0x00000001,0x00000000,0x00000000,0xc2000000
  123.text
  124.globl	AES_GCM_encrypt_aesni
  125.type	AES_GCM_encrypt_aesni,@function
  126.align	16
  127AES_GCM_encrypt_aesni:
  128        pushl	%ebx
  129        pushl	%esi
  130        pushl	%edi
  131        pushl	%ebp
  132        subl	$0x70, %esp
  133        movl	144(%esp), %esi
  134        movl	168(%esp), %ebp
  135        movl	160(%esp), %edx
  136        pxor	%xmm0, %xmm0
  137        pxor	%xmm2, %xmm2
  138        cmpl	$12, %edx
  139        jne	L_AES_GCM_encrypt_aesni_iv_not_12
  140        # # Calculate values when IV is 12 bytes
  141        # Set counter based on IV
  142        movl	$0x1000000, %ecx
  143        pinsrd	$0x00, (%esi), %xmm0
  144        pinsrd	$0x01, 4(%esi), %xmm0
  145        pinsrd	$2, 8(%esi), %xmm0
  146        pinsrd	$3, %ecx, %xmm0
  147        # H = Encrypt X(=0) and T = Encrypt counter
  148        movdqa	%xmm0, %xmm5
  149        movdqa	(%ebp), %xmm1
  150        pxor	%xmm1, %xmm5
  151        movdqa	16(%ebp), %xmm3
  152        aesenc	%xmm3, %xmm1
  153        aesenc	%xmm3, %xmm5
  154        movdqa	32(%ebp), %xmm3
  155        aesenc	%xmm3, %xmm1
  156        aesenc	%xmm3, %xmm5
  157        movdqa	48(%ebp), %xmm3
  158        aesenc	%xmm3, %xmm1
  159        aesenc	%xmm3, %xmm5
  160        movdqa	64(%ebp), %xmm3
  161        aesenc	%xmm3, %xmm1
  162        aesenc	%xmm3, %xmm5
  163        movdqa	80(%ebp), %xmm3
  164        aesenc	%xmm3, %xmm1
  165        aesenc	%xmm3, %xmm5
  166        movdqa	96(%ebp), %xmm3
  167        aesenc	%xmm3, %xmm1
  168        aesenc	%xmm3, %xmm5
  169        movdqa	112(%ebp), %xmm3
  170        aesenc	%xmm3, %xmm1
  171        aesenc	%xmm3, %xmm5
  172        movdqa	128(%ebp), %xmm3
  173        aesenc	%xmm3, %xmm1
  174        aesenc	%xmm3, %xmm5
  175        movdqa	144(%ebp), %xmm3
  176        aesenc	%xmm3, %xmm1
  177        aesenc	%xmm3, %xmm5
  178        cmpl	$11, 172(%esp)
  179        movdqa	160(%ebp), %xmm3
  180        jl	L_AES_GCM_encrypt_aesni_calc_iv_12_last
  181        aesenc	%xmm3, %xmm1
  182        aesenc	%xmm3, %xmm5
  183        movdqa	176(%ebp), %xmm3
  184        aesenc	%xmm3, %xmm1
  185        aesenc	%xmm3, %xmm5
  186        cmpl	$13, 172(%esp)
  187        movdqa	192(%ebp), %xmm3
  188        jl	L_AES_GCM_encrypt_aesni_calc_iv_12_last
  189        aesenc	%xmm3, %xmm1
  190        aesenc	%xmm3, %xmm5
  191        movdqa	208(%ebp), %xmm3
  192        aesenc	%xmm3, %xmm1
  193        aesenc	%xmm3, %xmm5
  194        movdqa	224(%ebp), %xmm3
  195L_AES_GCM_encrypt_aesni_calc_iv_12_last:
  196        aesenclast	%xmm3, %xmm1
  197        aesenclast	%xmm3, %xmm5
  198        pshufb	L_aes_gcm_bswap_mask, %xmm1
  199        movdqu	%xmm5, 80(%esp)
  200        jmp	L_AES_GCM_encrypt_aesni_iv_done
  201L_AES_GCM_encrypt_aesni_iv_not_12:
  202        # Calculate values when IV is not 12 bytes
  203        # H = Encrypt X(=0)
  204        movdqa	(%ebp), %xmm1
  205        aesenc	16(%ebp), %xmm1
  206        aesenc	32(%ebp), %xmm1
  207        aesenc	48(%ebp), %xmm1
  208        aesenc	64(%ebp), %xmm1
  209        aesenc	80(%ebp), %xmm1
  210        aesenc	96(%ebp), %xmm1
  211        aesenc	112(%ebp), %xmm1
  212        aesenc	128(%ebp), %xmm1
  213        aesenc	144(%ebp), %xmm1
  214        cmpl	$11, 172(%esp)
  215        movdqa	160(%ebp), %xmm5
  216        jl	L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last
  217        aesenc	%xmm5, %xmm1
  218        aesenc	176(%ebp), %xmm1
  219        cmpl	$13, 172(%esp)
  220        movdqa	192(%ebp), %xmm5
  221        jl	L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last
  222        aesenc	%xmm5, %xmm1
  223        aesenc	208(%ebp), %xmm1
  224        movdqa	224(%ebp), %xmm5
  225L_AES_GCM_encrypt_aesni_calc_iv_1_aesenc_avx_last:
  226        aesenclast	%xmm5, %xmm1
  227        pshufb	L_aes_gcm_bswap_mask, %xmm1
  228        # Calc counter
  229        # Initialization vector
  230        cmpl	$0x00, %edx
  231        movl	$0x00, %ecx
  232        je	L_AES_GCM_encrypt_aesni_calc_iv_done
  233        cmpl	$16, %edx
  234        jl	L_AES_GCM_encrypt_aesni_calc_iv_lt16
  235        andl	$0xfffffff0, %edx
  236L_AES_GCM_encrypt_aesni_calc_iv_16_loop:
  237        movdqu	(%esi,%ecx,1), %xmm4
  238        pshufb	L_aes_gcm_bswap_mask, %xmm4
  239        pxor	%xmm4, %xmm0
  240        pshufd	$0x4e, %xmm0, %xmm5
  241        pshufd	$0x4e, %xmm1, %xmm6
  242        movdqa	%xmm1, %xmm7
  243        movdqa	%xmm1, %xmm4
  244        pclmulqdq	$0x11, %xmm0, %xmm7
  245        pclmulqdq	$0x00, %xmm0, %xmm4
  246        pxor	%xmm0, %xmm5
  247        pxor	%xmm1, %xmm6
  248        pclmulqdq	$0x00, %xmm6, %xmm5
  249        pxor	%xmm4, %xmm5
  250        pxor	%xmm7, %xmm5
  251        movdqa	%xmm5, %xmm6
  252        movdqa	%xmm4, %xmm3
  253        movdqa	%xmm7, %xmm0
  254        pslldq	$8, %xmm6
  255        psrldq	$8, %xmm5
  256        pxor	%xmm6, %xmm3
  257        pxor	%xmm5, %xmm0
  258        movdqa	%xmm3, %xmm4
  259        movdqa	%xmm0, %xmm5
  260        psrld	$31, %xmm4
  261        psrld	$31, %xmm5
  262        pslld	$0x01, %xmm3
  263        pslld	$0x01, %xmm0
  264        movdqa	%xmm4, %xmm6
  265        pslldq	$4, %xmm4
  266        psrldq	$12, %xmm6
  267        pslldq	$4, %xmm5
  268        por	%xmm6, %xmm0
  269        por	%xmm4, %xmm3
  270        por	%xmm5, %xmm0
  271        movdqa	%xmm3, %xmm4
  272        movdqa	%xmm3, %xmm5
  273        movdqa	%xmm3, %xmm6
  274        pslld	$31, %xmm4
  275        pslld	$30, %xmm5
  276        pslld	$25, %xmm6
  277        pxor	%xmm5, %xmm4
  278        pxor	%xmm6, %xmm4
  279        movdqa	%xmm4, %xmm5
  280        psrldq	$4, %xmm5
  281        pslldq	$12, %xmm4
  282        pxor	%xmm4, %xmm3
  283        movdqa	%xmm3, %xmm6
  284        movdqa	%xmm3, %xmm7
  285        movdqa	%xmm3, %xmm4
  286        psrld	$0x01, %xmm6
  287        psrld	$2, %xmm7
  288        psrld	$7, %xmm4
  289        pxor	%xmm7, %xmm6
  290        pxor	%xmm4, %xmm6
  291        pxor	%xmm5, %xmm6
  292        pxor	%xmm3, %xmm6
  293        pxor	%xmm6, %xmm0
  294        addl	$16, %ecx
  295        cmpl	%edx, %ecx
  296        jl	L_AES_GCM_encrypt_aesni_calc_iv_16_loop
  297        movl	160(%esp), %edx
  298        cmpl	%edx, %ecx
  299        je	L_AES_GCM_encrypt_aesni_calc_iv_done
  300L_AES_GCM_encrypt_aesni_calc_iv_lt16:
  301        subl	$16, %esp
  302        pxor	%xmm4, %xmm4
  303        xorl	%ebx, %ebx
  304        movdqu	%xmm4, (%esp)
  305L_AES_GCM_encrypt_aesni_calc_iv_loop:
  306        movzbl	(%esi,%ecx,1), %eax
  307        movb	%al, (%esp,%ebx,1)
  308        incl	%ecx
  309        incl	%ebx
  310        cmpl	%edx, %ecx
  311        jl	L_AES_GCM_encrypt_aesni_calc_iv_loop
  312        movdqu	(%esp), %xmm4
  313        addl	$16, %esp
  314        pshufb	L_aes_gcm_bswap_mask, %xmm4
  315        pxor	%xmm4, %xmm0
  316        pshufd	$0x4e, %xmm0, %xmm5
  317        pshufd	$0x4e, %xmm1, %xmm6
  318        movdqa	%xmm1, %xmm7
  319        movdqa	%xmm1, %xmm4
  320        pclmulqdq	$0x11, %xmm0, %xmm7
  321        pclmulqdq	$0x00, %xmm0, %xmm4
  322        pxor	%xmm0, %xmm5
  323        pxor	%xmm1, %xmm6
  324        pclmulqdq	$0x00, %xmm6, %xmm5
  325        pxor	%xmm4, %xmm5
  326        pxor	%xmm7, %xmm5
  327        movdqa	%xmm5, %xmm6
  328        movdqa	%xmm4, %xmm3
  329        movdqa	%xmm7, %xmm0
  330        pslldq	$8, %xmm6
  331        psrldq	$8, %xmm5
  332        pxor	%xmm6, %xmm3
  333        pxor	%xmm5, %xmm0
  334        movdqa	%xmm3, %xmm4
  335        movdqa	%xmm0, %xmm5
  336        psrld	$31, %xmm4
  337        psrld	$31, %xmm5
  338        pslld	$0x01, %xmm3
  339        pslld	$0x01, %xmm0
  340        movdqa	%xmm4, %xmm6
  341        pslldq	$4, %xmm4
  342        psrldq	$12, %xmm6
  343        pslldq	$4, %xmm5
  344        por	%xmm6, %xmm0
  345        por	%xmm4, %xmm3
  346        por	%xmm5, %xmm0
  347        movdqa	%xmm3, %xmm4
  348        movdqa	%xmm3, %xmm5
  349        movdqa	%xmm3, %xmm6
  350        pslld	$31, %xmm4
  351        pslld	$30, %xmm5
  352        pslld	$25, %xmm6
  353        pxor	%xmm5, %xmm4
  354        pxor	%xmm6, %xmm4
  355        movdqa	%xmm4, %xmm5
  356        psrldq	$4, %xmm5
  357        pslldq	$12, %xmm4
  358        pxor	%xmm4, %xmm3
  359        movdqa	%xmm3, %xmm6
  360        movdqa	%xmm3, %xmm7
  361        movdqa	%xmm3, %xmm4
  362        psrld	$0x01, %xmm6
  363        psrld	$2, %xmm7
  364        psrld	$7, %xmm4
  365        pxor	%xmm7, %xmm6
  366        pxor	%xmm4, %xmm6
  367        pxor	%xmm5, %xmm6
  368        pxor	%xmm3, %xmm6
  369        pxor	%xmm6, %xmm0
  370L_AES_GCM_encrypt_aesni_calc_iv_done:
  371        # T = Encrypt counter
  372        pxor	%xmm4, %xmm4
  373        shll	$3, %edx
  374        pinsrd	$0x00, %edx, %xmm4
  375        pxor	%xmm4, %xmm0
  376        pshufd	$0x4e, %xmm0, %xmm5
  377        pshufd	$0x4e, %xmm1, %xmm6
  378        movdqa	%xmm1, %xmm7
  379        movdqa	%xmm1, %xmm4
  380        pclmulqdq	$0x11, %xmm0, %xmm7
  381        pclmulqdq	$0x00, %xmm0, %xmm4
  382        pxor	%xmm0, %xmm5
  383        pxor	%xmm1, %xmm6
  384        pclmulqdq	$0x00, %xmm6, %xmm5
  385        pxor	%xmm4, %xmm5
  386        pxor	%xmm7, %xmm5
  387        movdqa	%xmm5, %xmm6
  388        movdqa	%xmm4, %xmm3
  389        movdqa	%xmm7, %xmm0
  390        pslldq	$8, %xmm6
  391        psrldq	$8, %xmm5
  392        pxor	%xmm6, %xmm3
  393        pxor	%xmm5, %xmm0
  394        movdqa	%xmm3, %xmm4
  395        movdqa	%xmm0, %xmm5
  396        psrld	$31, %xmm4
  397        psrld	$31, %xmm5
  398        pslld	$0x01, %xmm3
  399        pslld	$0x01, %xmm0
  400        movdqa	%xmm4, %xmm6
  401        pslldq	$4, %xmm4
  402        psrldq	$12, %xmm6
  403        pslldq	$4, %xmm5
  404        por	%xmm6, %xmm0
  405        por	%xmm4, %xmm3
  406        por	%xmm5, %xmm0
  407        movdqa	%xmm3, %xmm4
  408        movdqa	%xmm3, %xmm5
  409        movdqa	%xmm3, %xmm6
  410        pslld	$31, %xmm4
  411        pslld	$30, %xmm5
  412        pslld	$25, %xmm6
  413        pxor	%xmm5, %xmm4
  414        pxor	%xmm6, %xmm4
  415        movdqa	%xmm4, %xmm5
  416        psrldq	$4, %xmm5
  417        pslldq	$12, %xmm4
  418        pxor	%xmm4, %xmm3
  419        movdqa	%xmm3, %xmm6
  420        movdqa	%xmm3, %xmm7
  421        movdqa	%xmm3, %xmm4
  422        psrld	$0x01, %xmm6
  423        psrld	$2, %xmm7
  424        psrld	$7, %xmm4
  425        pxor	%xmm7, %xmm6
  426        pxor	%xmm4, %xmm6
  427        pxor	%xmm5, %xmm6
  428        pxor	%xmm3, %xmm6
  429        pxor	%xmm6, %xmm0
  430        pshufb	L_aes_gcm_bswap_mask, %xmm0
  431        #   Encrypt counter
  432        movdqa	(%ebp), %xmm4
  433        pxor	%xmm0, %xmm4
  434        aesenc	16(%ebp), %xmm4
  435        aesenc	32(%ebp), %xmm4
  436        aesenc	48(%ebp), %xmm4
  437        aesenc	64(%ebp), %xmm4
  438        aesenc	80(%ebp), %xmm4
  439        aesenc	96(%ebp), %xmm4
  440        aesenc	112(%ebp), %xmm4
  441        aesenc	128(%ebp), %xmm4
  442        aesenc	144(%ebp), %xmm4
  443        cmpl	$11, 172(%esp)
  444        movdqa	160(%ebp), %xmm5
  445        jl	L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last
  446        aesenc	%xmm5, %xmm4
  447        aesenc	176(%ebp), %xmm4
  448        cmpl	$13, 172(%esp)
  449        movdqa	192(%ebp), %xmm5
  450        jl	L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last
  451        aesenc	%xmm5, %xmm4
  452        aesenc	208(%ebp), %xmm4
  453        movdqa	224(%ebp), %xmm5
  454L_AES_GCM_encrypt_aesni_calc_iv_2_aesenc_avx_last:
  455        aesenclast	%xmm5, %xmm4
  456        movdqu	%xmm4, 80(%esp)
  457L_AES_GCM_encrypt_aesni_iv_done:
  458        movl	140(%esp), %esi
  459        # Additional authentication data
  460        movl	156(%esp), %edx
  461        cmpl	$0x00, %edx
  462        je	L_AES_GCM_encrypt_aesni_calc_aad_done
  463        xorl	%ecx, %ecx
  464        cmpl	$16, %edx
  465        jl	L_AES_GCM_encrypt_aesni_calc_aad_lt16
  466        andl	$0xfffffff0, %edx
  467L_AES_GCM_encrypt_aesni_calc_aad_16_loop:
  468        movdqu	(%esi,%ecx,1), %xmm4
  469        pshufb	L_aes_gcm_bswap_mask, %xmm4
  470        pxor	%xmm4, %xmm2
  471        pshufd	$0x4e, %xmm2, %xmm5
  472        pshufd	$0x4e, %xmm1, %xmm6
  473        movdqa	%xmm1, %xmm7
  474        movdqa	%xmm1, %xmm4
  475        pclmulqdq	$0x11, %xmm2, %xmm7
  476        pclmulqdq	$0x00, %xmm2, %xmm4
  477        pxor	%xmm2, %xmm5
  478        pxor	%xmm1, %xmm6
  479        pclmulqdq	$0x00, %xmm6, %xmm5
  480        pxor	%xmm4, %xmm5
  481        pxor	%xmm7, %xmm5
  482        movdqa	%xmm5, %xmm6
  483        movdqa	%xmm4, %xmm3
  484        movdqa	%xmm7, %xmm2
  485        pslldq	$8, %xmm6
  486        psrldq	$8, %xmm5
  487        pxor	%xmm6, %xmm3
  488        pxor	%xmm5, %xmm2
  489        movdqa	%xmm3, %xmm4
  490        movdqa	%xmm2, %xmm5
  491        psrld	$31, %xmm4
  492        psrld	$31, %xmm5
  493        pslld	$0x01, %xmm3
  494        pslld	$0x01, %xmm2
  495        movdqa	%xmm4, %xmm6
  496        pslldq	$4, %xmm4
  497        psrldq	$12, %xmm6
  498        pslldq	$4, %xmm5
  499        por	%xmm6, %xmm2
  500        por	%xmm4, %xmm3
  501        por	%xmm5, %xmm2
  502        movdqa	%xmm3, %xmm4
  503        movdqa	%xmm3, %xmm5
  504        movdqa	%xmm3, %xmm6
  505        pslld	$31, %xmm4
  506        pslld	$30, %xmm5
  507        pslld	$25, %xmm6
  508        pxor	%xmm5, %xmm4
  509        pxor	%xmm6, %xmm4
  510        movdqa	%xmm4, %xmm5
  511        psrldq	$4, %xmm5
  512        pslldq	$12, %xmm4
  513        pxor	%xmm4, %xmm3
  514        movdqa	%xmm3, %xmm6
  515        movdqa	%xmm3, %xmm7
  516        movdqa	%xmm3, %xmm4
  517        psrld	$0x01, %xmm6
  518        psrld	$2, %xmm7
  519        psrld	$7, %xmm4
  520        pxor	%xmm7, %xmm6
  521        pxor	%xmm4, %xmm6
  522        pxor	%xmm5, %xmm6
  523        pxor	%xmm3, %xmm6
  524        pxor	%xmm6, %xmm2
  525        addl	$16, %ecx
  526        cmpl	%edx, %ecx
  527        jl	L_AES_GCM_encrypt_aesni_calc_aad_16_loop
  528        movl	156(%esp), %edx
  529        cmpl	%edx, %ecx
  530        je	L_AES_GCM_encrypt_aesni_calc_aad_done
  531L_AES_GCM_encrypt_aesni_calc_aad_lt16:
  532        subl	$16, %esp
  533        pxor	%xmm4, %xmm4
  534        xorl	%ebx, %ebx
  535        movdqu	%xmm4, (%esp)
  536L_AES_GCM_encrypt_aesni_calc_aad_loop:
  537        movzbl	(%esi,%ecx,1), %eax
  538        movb	%al, (%esp,%ebx,1)
  539        incl	%ecx
  540        incl	%ebx
  541        cmpl	%edx, %ecx
  542        jl	L_AES_GCM_encrypt_aesni_calc_aad_loop
  543        movdqu	(%esp), %xmm4
  544        addl	$16, %esp
  545        pshufb	L_aes_gcm_bswap_mask, %xmm4
  546        pxor	%xmm4, %xmm2
  547        pshufd	$0x4e, %xmm2, %xmm5
  548        pshufd	$0x4e, %xmm1, %xmm6
  549        movdqa	%xmm1, %xmm7
  550        movdqa	%xmm1, %xmm4
  551        pclmulqdq	$0x11, %xmm2, %xmm7
  552        pclmulqdq	$0x00, %xmm2, %xmm4
  553        pxor	%xmm2, %xmm5
  554        pxor	%xmm1, %xmm6
  555        pclmulqdq	$0x00, %xmm6, %xmm5
  556        pxor	%xmm4, %xmm5
  557        pxor	%xmm7, %xmm5
  558        movdqa	%xmm5, %xmm6
  559        movdqa	%xmm4, %xmm3
  560        movdqa	%xmm7, %xmm2
  561        pslldq	$8, %xmm6
  562        psrldq	$8, %xmm5
  563        pxor	%xmm6, %xmm3
  564        pxor	%xmm5, %xmm2
  565        movdqa	%xmm3, %xmm4
  566        movdqa	%xmm2, %xmm5
  567        psrld	$31, %xmm4
  568        psrld	$31, %xmm5
  569        pslld	$0x01, %xmm3
  570        pslld	$0x01, %xmm2
  571        movdqa	%xmm4, %xmm6
  572        pslldq	$4, %xmm4
  573        psrldq	$12, %xmm6
  574        pslldq	$4, %xmm5
  575        por	%xmm6, %xmm2
  576        por	%xmm4, %xmm3
  577        por	%xmm5, %xmm2
  578        movdqa	%xmm3, %xmm4
  579        movdqa	%xmm3, %xmm5
  580        movdqa	%xmm3, %xmm6
  581        pslld	$31, %xmm4
  582        pslld	$30, %xmm5
  583        pslld	$25, %xmm6
  584        pxor	%xmm5, %xmm4
  585        pxor	%xmm6, %xmm4
  586        movdqa	%xmm4, %xmm5
  587        psrldq	$4, %xmm5
  588        pslldq	$12, %xmm4
  589        pxor	%xmm4, %xmm3
  590        movdqa	%xmm3, %xmm6
  591        movdqa	%xmm3, %xmm7
  592        movdqa	%xmm3, %xmm4
  593        psrld	$0x01, %xmm6
  594        psrld	$2, %xmm7
  595        psrld	$7, %xmm4
  596        pxor	%xmm7, %xmm6
  597        pxor	%xmm4, %xmm6
  598        pxor	%xmm5, %xmm6
  599        pxor	%xmm3, %xmm6
  600        pxor	%xmm6, %xmm2
  601L_AES_GCM_encrypt_aesni_calc_aad_done:
  602        movdqu	%xmm2, 96(%esp)
  603        movl	132(%esp), %esi
  604        movl	136(%esp), %edi
  605        # Calculate counter and H
  606        pshufb	L_aes_gcm_bswap_epi64, %xmm0
  607        movdqa	%xmm1, %xmm5
  608        paddd	L_aes_gcm_one, %xmm0
  609        movdqa	%xmm1, %xmm4
  610        movdqu	%xmm0, 64(%esp)
  611        psrlq	$63, %xmm5
  612        psllq	$0x01, %xmm4
  613        pslldq	$8, %xmm5
  614        por	%xmm5, %xmm4
  615        pshufd	$0xff, %xmm1, %xmm1
  616        psrad	$31, %xmm1
  617        pand	L_aes_gcm_mod2_128, %xmm1
  618        pxor	%xmm4, %xmm1
  619        xorl	%ebx, %ebx
  620        movl	152(%esp), %eax
  621        cmpl	$0x40, %eax
  622        jl	L_AES_GCM_encrypt_aesni_done_64
  623        andl	$0xffffffc0, %eax
  624        movdqa	%xmm2, %xmm6
  625        # H ^ 1
  626        movdqu	%xmm1, (%esp)
  627        # H ^ 2
  628        pshufd	$0x4e, %xmm1, %xmm5
  629        pshufd	$0x4e, %xmm1, %xmm6
  630        movdqa	%xmm1, %xmm7
  631        movdqa	%xmm1, %xmm4
  632        pclmulqdq	$0x11, %xmm1, %xmm7
  633        pclmulqdq	$0x00, %xmm1, %xmm4
  634        pxor	%xmm1, %xmm5
  635        pxor	%xmm1, %xmm6
  636        pclmulqdq	$0x00, %xmm6, %xmm5
  637        pxor	%xmm4, %xmm5
  638        pxor	%xmm7, %xmm5
  639        movdqa	%xmm5, %xmm6
  640        movdqa	%xmm7, %xmm0
  641        pslldq	$8, %xmm6
  642        psrldq	$8, %xmm5
  643        pxor	%xmm6, %xmm4
  644        pxor	%xmm5, %xmm0
  645        movdqa	%xmm4, %xmm5
  646        movdqa	%xmm4, %xmm6
  647        movdqa	%xmm4, %xmm7
  648        pslld	$31, %xmm5
  649        pslld	$30, %xmm6
  650        pslld	$25, %xmm7
  651        pxor	%xmm6, %xmm5
  652        pxor	%xmm7, %xmm5
  653        movdqa	%xmm5, %xmm7
  654        psrldq	$4, %xmm7
  655        pslldq	$12, %xmm5
  656        pxor	%xmm5, %xmm4
  657        movdqa	%xmm4, %xmm5
  658        movdqa	%xmm4, %xmm6
  659        psrld	$0x01, %xmm5
  660        psrld	$2, %xmm6
  661        pxor	%xmm6, %xmm5
  662        pxor	%xmm4, %xmm5
  663        psrld	$7, %xmm4
  664        pxor	%xmm7, %xmm5
  665        pxor	%xmm4, %xmm5
  666        pxor	%xmm5, %xmm0
  667        movdqu	%xmm0, 16(%esp)
  668        # H ^ 3
  669        pshufd	$0x4e, %xmm1, %xmm5
  670        pshufd	$0x4e, %xmm0, %xmm6
  671        movdqa	%xmm0, %xmm7
  672        movdqa	%xmm0, %xmm4
  673        pclmulqdq	$0x11, %xmm1, %xmm7
  674        pclmulqdq	$0x00, %xmm1, %xmm4
  675        pxor	%xmm1, %xmm5
  676        pxor	%xmm0, %xmm6
  677        pclmulqdq	$0x00, %xmm6, %xmm5
  678        pxor	%xmm4, %xmm5
  679        pxor	%xmm7, %xmm5
  680        movdqa	%xmm5, %xmm6
  681        movdqa	%xmm7, %xmm3
  682        pslldq	$8, %xmm6
  683        psrldq	$8, %xmm5
  684        pxor	%xmm6, %xmm4
  685        pxor	%xmm5, %xmm3
  686        movdqa	%xmm4, %xmm5
  687        movdqa	%xmm4, %xmm6
  688        movdqa	%xmm4, %xmm7
  689        pslld	$31, %xmm5
  690        pslld	$30, %xmm6
  691        pslld	$25, %xmm7
  692        pxor	%xmm6, %xmm5
  693        pxor	%xmm7, %xmm5
  694        movdqa	%xmm5, %xmm7
  695        psrldq	$4, %xmm7
  696        pslldq	$12, %xmm5
  697        pxor	%xmm5, %xmm4
  698        movdqa	%xmm4, %xmm5
  699        movdqa	%xmm4, %xmm6
  700        psrld	$0x01, %xmm5
  701        psrld	$2, %xmm6
  702        pxor	%xmm6, %xmm5
  703        pxor	%xmm4, %xmm5
  704        psrld	$7, %xmm4
  705        pxor	%xmm7, %xmm5
  706        pxor	%xmm4, %xmm5
  707        pxor	%xmm5, %xmm3
  708        movdqu	%xmm3, 32(%esp)
  709        # H ^ 4
  710        pshufd	$0x4e, %xmm0, %xmm5
  711        pshufd	$0x4e, %xmm0, %xmm6
  712        movdqa	%xmm0, %xmm7
  713        movdqa	%xmm0, %xmm4
  714        pclmulqdq	$0x11, %xmm0, %xmm7
  715        pclmulqdq	$0x00, %xmm0, %xmm4
  716        pxor	%xmm0, %xmm5
  717        pxor	%xmm0, %xmm6
  718        pclmulqdq	$0x00, %xmm6, %xmm5
  719        pxor	%xmm4, %xmm5
  720        pxor	%xmm7, %xmm5
  721        movdqa	%xmm5, %xmm6
  722        movdqa	%xmm7, %xmm3
  723        pslldq	$8, %xmm6
  724        psrldq	$8, %xmm5
  725        pxor	%xmm6, %xmm4
  726        pxor	%xmm5, %xmm3
  727        movdqa	%xmm4, %xmm5
  728        movdqa	%xmm4, %xmm6
  729        movdqa	%xmm4, %xmm7
  730        pslld	$31, %xmm5
  731        pslld	$30, %xmm6
  732        pslld	$25, %xmm7
  733        pxor	%xmm6, %xmm5
  734        pxor	%xmm7, %xmm5
  735        movdqa	%xmm5, %xmm7
  736        psrldq	$4, %xmm7
  737        pslldq	$12, %xmm5
  738        pxor	%xmm5, %xmm4
  739        movdqa	%xmm4, %xmm5
  740        movdqa	%xmm4, %xmm6
  741        psrld	$0x01, %xmm5
  742        psrld	$2, %xmm6
  743        pxor	%xmm6, %xmm5
  744        pxor	%xmm4, %xmm5
  745        psrld	$7, %xmm4
  746        pxor	%xmm7, %xmm5
  747        pxor	%xmm4, %xmm5
  748        pxor	%xmm5, %xmm3
  749        movdqu	%xmm3, 48(%esp)
  750        # First 64 bytes of input
  751        # Encrypt 64 bytes of counter
  752        movdqu	64(%esp), %xmm4
  753        movdqa	L_aes_gcm_bswap_epi64, %xmm3
  754        movdqa	%xmm4, %xmm5
  755        movdqa	%xmm4, %xmm6
  756        movdqa	%xmm4, %xmm7
  757        pshufb	%xmm3, %xmm4
  758        paddd	L_aes_gcm_one, %xmm5
  759        pshufb	%xmm3, %xmm5
  760        paddd	L_aes_gcm_two, %xmm6
  761        pshufb	%xmm3, %xmm6
  762        paddd	L_aes_gcm_three, %xmm7
  763        pshufb	%xmm3, %xmm7
  764        movdqu	64(%esp), %xmm3
  765        paddd	L_aes_gcm_four, %xmm3
  766        movdqu	%xmm3, 64(%esp)
  767        movdqa	(%ebp), %xmm3
  768        pxor	%xmm3, %xmm4
  769        pxor	%xmm3, %xmm5
  770        pxor	%xmm3, %xmm6
  771        pxor	%xmm3, %xmm7
  772        movdqa	16(%ebp), %xmm3
  773        aesenc	%xmm3, %xmm4
  774        aesenc	%xmm3, %xmm5
  775        aesenc	%xmm3, %xmm6
  776        aesenc	%xmm3, %xmm7
  777        movdqa	32(%ebp), %xmm3
  778        aesenc	%xmm3, %xmm4
  779        aesenc	%xmm3, %xmm5
  780        aesenc	%xmm3, %xmm6
  781        aesenc	%xmm3, %xmm7
  782        movdqa	48(%ebp), %xmm3
  783        aesenc	%xmm3, %xmm4
  784        aesenc	%xmm3, %xmm5
  785        aesenc	%xmm3, %xmm6
  786        aesenc	%xmm3, %xmm7
  787        movdqa	64(%ebp), %xmm3
  788        aesenc	%xmm3, %xmm4
  789        aesenc	%xmm3, %xmm5
  790        aesenc	%xmm3, %xmm6
  791        aesenc	%xmm3, %xmm7
  792        movdqa	80(%ebp), %xmm3
  793        aesenc	%xmm3, %xmm4
  794        aesenc	%xmm3, %xmm5
  795        aesenc	%xmm3, %xmm6
  796        aesenc	%xmm3, %xmm7
  797        movdqa	96(%ebp), %xmm3
  798        aesenc	%xmm3, %xmm4
  799        aesenc	%xmm3, %xmm5
  800        aesenc	%xmm3, %xmm6
  801        aesenc	%xmm3, %xmm7
  802        movdqa	112(%ebp), %xmm3
  803        aesenc	%xmm3, %xmm4
  804        aesenc	%xmm3, %xmm5
  805        aesenc	%xmm3, %xmm6
  806        aesenc	%xmm3, %xmm7
  807        movdqa	128(%ebp), %xmm3
  808        aesenc	%xmm3, %xmm4
  809        aesenc	%xmm3, %xmm5
  810        aesenc	%xmm3, %xmm6
  811        aesenc	%xmm3, %xmm7
  812        movdqa	144(%ebp), %xmm3
  813        aesenc	%xmm3, %xmm4
  814        aesenc	%xmm3, %xmm5
  815        aesenc	%xmm3, %xmm6
  816        aesenc	%xmm3, %xmm7
  817        cmpl	$11, 172(%esp)
  818        movdqa	160(%ebp), %xmm3
  819        jl	L_AES_GCM_encrypt_aesni_enc_done
  820        aesenc	%xmm3, %xmm4
  821        aesenc	%xmm3, %xmm5
  822        aesenc	%xmm3, %xmm6
  823        aesenc	%xmm3, %xmm7
  824        movdqa	176(%ebp), %xmm3
  825        aesenc	%xmm3, %xmm4
  826        aesenc	%xmm3, %xmm5
  827        aesenc	%xmm3, %xmm6
  828        aesenc	%xmm3, %xmm7
  829        cmpl	$13, 172(%esp)
  830        movdqa	192(%ebp), %xmm3
  831        jl	L_AES_GCM_encrypt_aesni_enc_done
  832        aesenc	%xmm3, %xmm4
  833        aesenc	%xmm3, %xmm5
  834        aesenc	%xmm3, %xmm6
  835        aesenc	%xmm3, %xmm7
  836        movdqa	208(%ebp), %xmm3
  837        aesenc	%xmm3, %xmm4
  838        aesenc	%xmm3, %xmm5
  839        aesenc	%xmm3, %xmm6
  840        aesenc	%xmm3, %xmm7
  841        movdqa	224(%ebp), %xmm3
  842L_AES_GCM_encrypt_aesni_enc_done:
  843        aesenclast	%xmm3, %xmm4
  844        aesenclast	%xmm3, %xmm5
  845        movdqu	(%esi), %xmm0
  846        movdqu	16(%esi), %xmm1
  847        pxor	%xmm0, %xmm4
  848        pxor	%xmm1, %xmm5
  849        movdqu	%xmm4, (%edi)
  850        movdqu	%xmm5, 16(%edi)
  851        aesenclast	%xmm3, %xmm6
  852        aesenclast	%xmm3, %xmm7
  853        movdqu	32(%esi), %xmm0
  854        movdqu	48(%esi), %xmm1
  855        pxor	%xmm0, %xmm6
  856        pxor	%xmm1, %xmm7
  857        movdqu	%xmm6, 32(%edi)
  858        movdqu	%xmm7, 48(%edi)
  859        cmpl	$0x40, %eax
  860        movl	$0x40, %ebx
  861        movl	%esi, %ecx
  862        movl	%edi, %edx
  863        jle	L_AES_GCM_encrypt_aesni_end_64
  864        # More 64 bytes of input
  865L_AES_GCM_encrypt_aesni_ghash_64:
  866        leal	(%esi,%ebx,1), %ecx
  867        leal	(%edi,%ebx,1), %edx
  868        # Encrypt 64 bytes of counter
  869        movdqu	64(%esp), %xmm4
  870        movdqa	L_aes_gcm_bswap_epi64, %xmm3
  871        movdqa	%xmm4, %xmm5
  872        movdqa	%xmm4, %xmm6
  873        movdqa	%xmm4, %xmm7
  874        pshufb	%xmm3, %xmm4
  875        paddd	L_aes_gcm_one, %xmm5
  876        pshufb	%xmm3, %xmm5
  877        paddd	L_aes_gcm_two, %xmm6
  878        pshufb	%xmm3, %xmm6
  879        paddd	L_aes_gcm_three, %xmm7
  880        pshufb	%xmm3, %xmm7
  881        movdqu	64(%esp), %xmm3
  882        paddd	L_aes_gcm_four, %xmm3
  883        movdqu	%xmm3, 64(%esp)
  884        movdqa	(%ebp), %xmm3
  885        pxor	%xmm3, %xmm4
  886        pxor	%xmm3, %xmm5
  887        pxor	%xmm3, %xmm6
  888        pxor	%xmm3, %xmm7
  889        movdqa	16(%ebp), %xmm3
  890        aesenc	%xmm3, %xmm4
  891        aesenc	%xmm3, %xmm5
  892        aesenc	%xmm3, %xmm6
  893        aesenc	%xmm3, %xmm7
  894        movdqa	32(%ebp), %xmm3
  895        aesenc	%xmm3, %xmm4
  896        aesenc	%xmm3, %xmm5
  897        aesenc	%xmm3, %xmm6
  898        aesenc	%xmm3, %xmm7
  899        movdqa	48(%ebp), %xmm3
  900        aesenc	%xmm3, %xmm4
  901        aesenc	%xmm3, %xmm5
  902        aesenc	%xmm3, %xmm6
  903        aesenc	%xmm3, %xmm7
  904        movdqa	64(%ebp), %xmm3
  905        aesenc	%xmm3, %xmm4
  906        aesenc	%xmm3, %xmm5
  907        aesenc	%xmm3, %xmm6
  908        aesenc	%xmm3, %xmm7
  909        movdqa	80(%ebp), %xmm3
  910        aesenc	%xmm3, %xmm4
  911        aesenc	%xmm3, %xmm5
  912        aesenc	%xmm3, %xmm6
  913        aesenc	%xmm3, %xmm7
  914        movdqa	96(%ebp), %xmm3
  915        aesenc	%xmm3, %xmm4
  916        aesenc	%xmm3, %xmm5
  917        aesenc	%xmm3, %xmm6
  918        aesenc	%xmm3, %xmm7
  919        movdqa	112(%ebp), %xmm3
  920        aesenc	%xmm3, %xmm4
  921        aesenc	%xmm3, %xmm5
  922        aesenc	%xmm3, %xmm6
  923        aesenc	%xmm3, %xmm7
  924        movdqa	128(%ebp), %xmm3
  925        aesenc	%xmm3, %xmm4
  926        aesenc	%xmm3, %xmm5
  927        aesenc	%xmm3, %xmm6
  928        aesenc	%xmm3, %xmm7
  929        movdqa	144(%ebp), %xmm3
  930        aesenc	%xmm3, %xmm4
  931        aesenc	%xmm3, %xmm5
  932        aesenc	%xmm3, %xmm6
  933        aesenc	%xmm3, %xmm7
  934        cmpl	$11, 172(%esp)
  935        movdqa	160(%ebp), %xmm3
  936        jl	L_AES_GCM_encrypt_aesni_aesenc_64_ghash_avx_done
  937        aesenc	%xmm3, %xmm4
  938        aesenc	%xmm3, %xmm5
  939        aesenc	%xmm3, %xmm6
  940        aesenc	%xmm3, %xmm7
  941        movdqa	176(%ebp), %xmm3
  942        aesenc	%xmm3, %xmm4
  943        aesenc	%xmm3, %xmm5
  944        aesenc	%xmm3, %xmm6
  945        aesenc	%xmm3, %xmm7
  946        cmpl	$13, 172(%esp)
  947        movdqa	192(%ebp), %xmm3
  948        jl	L_AES_GCM_encrypt_aesni_aesenc_64_ghash_avx_done
  949        aesenc	%xmm3, %xmm4
  950        aesenc	%xmm3, %xmm5
  951        aesenc	%xmm3, %xmm6
  952        aesenc	%xmm3, %xmm7
  953        movdqa	208(%ebp), %xmm3
  954        aesenc	%xmm3, %xmm4
  955        aesenc	%xmm3, %xmm5
  956        aesenc	%xmm3, %xmm6
  957        aesenc	%xmm3, %xmm7
  958        movdqa	224(%ebp), %xmm3
  959L_AES_GCM_encrypt_aesni_aesenc_64_ghash_avx_done:
  960        aesenclast	%xmm3, %xmm4
  961        aesenclast	%xmm3, %xmm5
  962        movdqu	(%ecx), %xmm0
  963        movdqu	16(%ecx), %xmm1
  964        pxor	%xmm0, %xmm4
  965        pxor	%xmm1, %xmm5
  966        movdqu	%xmm4, (%edx)
  967        movdqu	%xmm5, 16(%edx)
  968        aesenclast	%xmm3, %xmm6
  969        aesenclast	%xmm3, %xmm7
  970        movdqu	32(%ecx), %xmm0
  971        movdqu	48(%ecx), %xmm1
  972        pxor	%xmm0, %xmm6
  973        pxor	%xmm1, %xmm7
  974        movdqu	%xmm6, 32(%edx)
  975        movdqu	%xmm7, 48(%edx)
  976        # ghash encrypted counter
  977        movdqu	96(%esp), %xmm6
  978        movdqu	48(%esp), %xmm3
  979        movdqu	-64(%edx), %xmm4
  980        pshufb	L_aes_gcm_bswap_mask, %xmm4
  981        pxor	%xmm6, %xmm4
  982        pshufd	$0x4e, %xmm3, %xmm5
  983        pshufd	$0x4e, %xmm4, %xmm1
  984        pxor	%xmm3, %xmm5
  985        pxor	%xmm4, %xmm1
  986        movdqa	%xmm4, %xmm7
  987        pclmulqdq	$0x11, %xmm3, %xmm7
  988        movdqa	%xmm4, %xmm6
  989        pclmulqdq	$0x00, %xmm3, %xmm6
  990        pclmulqdq	$0x00, %xmm1, %xmm5
  991        pxor	%xmm6, %xmm5
  992        pxor	%xmm7, %xmm5
  993        movdqu	32(%esp), %xmm3
  994        movdqu	-48(%edx), %xmm4
  995        pshufd	$0x4e, %xmm3, %xmm0
  996        pshufb	L_aes_gcm_bswap_mask, %xmm4
  997        pxor	%xmm3, %xmm0
  998        pshufd	$0x4e, %xmm4, %xmm1
  999        pxor	%xmm4, %xmm1
 1000        movdqa	%xmm4, %xmm2
 1001        pclmulqdq	$0x11, %xmm3, %xmm2
 1002        pclmulqdq	$0x00, %xmm4, %xmm3
 1003        pclmulqdq	$0x00, %xmm1, %xmm0
 1004        pxor	%xmm3, %xmm5
 1005        pxor	%xmm3, %xmm6
 1006        pxor	%xmm2, %xmm5
 1007        pxor	%xmm2, %xmm7
 1008        pxor	%xmm0, %xmm5
 1009        movdqu	16(%esp), %xmm3
 1010        movdqu	-32(%edx), %xmm4
 1011        pshufd	$0x4e, %xmm3, %xmm0
 1012        pshufb	L_aes_gcm_bswap_mask, %xmm4
 1013        pxor	%xmm3, %xmm0
 1014        pshufd	$0x4e, %xmm4, %xmm1
 1015        pxor	%xmm4, %xmm1
 1016        movdqa	%xmm4, %xmm2
 1017        pclmulqdq	$0x11, %xmm3, %xmm2
 1018        pclmulqdq	$0x00, %xmm4, %xmm3
 1019        pclmulqdq	$0x00, %xmm1, %xmm0
 1020        pxor	%xmm3, %xmm5
 1021        pxor	%xmm3, %xmm6
 1022        pxor	%xmm2, %xmm5
 1023        pxor	%xmm2, %xmm7
 1024        pxor	%xmm0, %xmm5
 1025        movdqu	(%esp), %xmm3
 1026        movdqu	-16(%edx), %xmm4
 1027        pshufd	$0x4e, %xmm3, %xmm0
 1028        pshufb	L_aes_gcm_bswap_mask, %xmm4
 1029        pxor	%xmm3, %xmm0
 1030        pshufd	$0x4e, %xmm4, %xmm1
 1031        pxor	%xmm4, %xmm1
 1032        movdqa	%xmm4, %xmm2
 1033        pclmulqdq	$0x11, %xmm3, %xmm2
 1034        pclmulqdq	$0x00, %xmm4, %xmm3
 1035        pclmulqdq	$0x00, %xmm1, %xmm0
 1036        pxor	%xmm3, %xmm5
 1037        pxor	%xmm3, %xmm6
 1038        pxor	%xmm2, %xmm5
 1039        pxor	%xmm2, %xmm7
 1040        pxor	%xmm0, %xmm5
 1041        movdqa	%xmm5, %xmm1
 1042        psrldq	$8, %xmm5
 1043        pslldq	$8, %xmm1
 1044        pxor	%xmm1, %xmm6
 1045        pxor	%xmm5, %xmm7
 1046        movdqa	%xmm6, %xmm3
 1047        movdqa	%xmm6, %xmm0
 1048        movdqa	%xmm6, %xmm1
 1049        pslld	$31, %xmm3
 1050        pslld	$30, %xmm0
 1051        pslld	$25, %xmm1
 1052        pxor	%xmm0, %xmm3
 1053        pxor	%xmm1, %xmm3
 1054        movdqa	%xmm3, %xmm0
 1055        pslldq	$12, %xmm3
 1056        psrldq	$4, %xmm0
 1057        pxor	%xmm3, %xmm6
 1058        movdqa	%xmm6, %xmm1
 1059        movdqa	%xmm6, %xmm5
 1060        movdqa	%xmm6, %xmm4
 1061        psrld	$0x01, %xmm1
 1062        psrld	$2, %xmm5
 1063        psrld	$7, %xmm4
 1064        pxor	%xmm5, %xmm1
 1065        pxor	%xmm4, %xmm1
 1066        pxor	%xmm0, %xmm1
 1067        pxor	%xmm1, %xmm6
 1068        pxor	%xmm7, %xmm6
 1069        movdqu	%xmm6, 96(%esp)
 1070        addl	$0x40, %ebx
 1071        cmpl	%eax, %ebx
 1072        jl	L_AES_GCM_encrypt_aesni_ghash_64
 1073L_AES_GCM_encrypt_aesni_end_64:
 1074        movdqu	96(%esp), %xmm2
 1075        # Block 1
 1076        movdqa	L_aes_gcm_bswap_mask, %xmm4
 1077        movdqu	(%edx), %xmm1
 1078        pshufb	%xmm4, %xmm1
 1079        movdqu	48(%esp), %xmm3
 1080        pxor	%xmm2, %xmm1
 1081        pshufd	$0x4e, %xmm1, %xmm5
 1082        pshufd	$0x4e, %xmm3, %xmm6
 1083        movdqa	%xmm3, %xmm7
 1084        movdqa	%xmm3, %xmm4
 1085        pclmulqdq	$0x11, %xmm1, %xmm7
 1086        pclmulqdq	$0x00, %xmm1, %xmm4
 1087        pxor	%xmm1, %xmm5
 1088        pxor	%xmm3, %xmm6
 1089        pclmulqdq	$0x00, %xmm6, %xmm5
 1090        pxor	%xmm4, %xmm5
 1091        pxor	%xmm7, %xmm5
 1092        movdqa	%xmm5, %xmm6
 1093        movdqa	%xmm4, %xmm0
 1094        movdqa	%xmm7, %xmm2
 1095        pslldq	$8, %xmm6
 1096        psrldq	$8, %xmm5
 1097        pxor	%xmm6, %xmm0
 1098        pxor	%xmm5, %xmm2
 1099        # Block 2
 1100        movdqa	L_aes_gcm_bswap_mask, %xmm4
 1101        movdqu	16(%edx), %xmm1
 1102        pshufb	%xmm4, %xmm1
 1103        movdqu	32(%esp), %xmm3
 1104        pshufd	$0x4e, %xmm1, %xmm5
 1105        pshufd	$0x4e, %xmm3, %xmm6
 1106        movdqa	%xmm3, %xmm7
 1107        movdqa	%xmm3, %xmm4
 1108        pclmulqdq	$0x11, %xmm1, %xmm7
 1109        pclmulqdq	$0x00, %xmm1, %xmm4
 1110        pxor	%xmm1, %xmm5
 1111        pxor	%xmm3, %xmm6
 1112        pclmulqdq	$0x00, %xmm6, %xmm5
 1113        pxor	%xmm4, %xmm5
 1114        pxor	%xmm7, %xmm5
 1115        movdqa	%xmm5, %xmm6
 1116        pxor	%xmm4, %xmm0
 1117        pxor	%xmm7, %xmm2
 1118        pslldq	$8, %xmm6
 1119        psrldq	$8, %xmm5
 1120        pxor	%xmm6, %xmm0
 1121        pxor	%xmm5, %xmm2
 1122        # Block 3
 1123        movdqa	L_aes_gcm_bswap_mask, %xmm4
 1124        movdqu	32(%edx), %xmm1
 1125        pshufb	%xmm4, %xmm1
 1126        movdqu	16(%esp), %xmm3
 1127        pshufd	$0x4e, %xmm1, %xmm5
 1128        pshufd	$0x4e, %xmm3, %xmm6
 1129        movdqa	%xmm3, %xmm7
 1130        movdqa	%xmm3, %xmm4
 1131        pclmulqdq	$0x11, %xmm1, %xmm7
 1132        pclmulqdq	$0x00, %xmm1, %xmm4
 1133        pxor	%xmm1, %xmm5
 1134        pxor	%xmm3, %xmm6
 1135        pclmulqdq	$0x00, %xmm6, %xmm5
 1136        pxor	%xmm4, %xmm5
 1137        pxor	%xmm7, %xmm5
 1138        movdqa	%xmm5, %xmm6
 1139        pxor	%xmm4, %xmm0
 1140        pxor	%xmm7, %xmm2
 1141        pslldq	$8, %xmm6
 1142        psrldq	$8, %xmm5
 1143        pxor	%xmm6, %xmm0
 1144        pxor	%xmm5, %xmm2
 1145        # Block 4
 1146        movdqa	L_aes_gcm_bswap_mask, %xmm4
 1147        movdqu	48(%edx), %xmm1
 1148        pshufb	%xmm4, %xmm1
 1149        movdqu	(%esp), %xmm3
 1150        pshufd	$0x4e, %xmm1, %xmm5
 1151        pshufd	$0x4e, %xmm3, %xmm6
 1152        movdqa	%xmm3, %xmm7
 1153        movdqa	%xmm3, %xmm4
 1154        pclmulqdq	$0x11, %xmm1, %xmm7
 1155        pclmulqdq	$0x00, %xmm1, %xmm4
 1156        pxor	%xmm1, %xmm5
 1157        pxor	%xmm3, %xmm6
 1158        pclmulqdq	$0x00, %xmm6, %xmm5
 1159        pxor	%xmm4, %xmm5
 1160        pxor	%xmm7, %xmm5
 1161        movdqa	%xmm5, %xmm6
 1162        pxor	%xmm4, %xmm0
 1163        pxor	%xmm7, %xmm2
 1164        pslldq	$8, %xmm6
 1165        psrldq	$8, %xmm5
 1166        pxor	%xmm6, %xmm0
 1167        pxor	%xmm5, %xmm2
 1168        movdqa	%xmm0, %xmm4
 1169        movdqa	%xmm0, %xmm5
 1170        movdqa	%xmm0, %xmm6
 1171        pslld	$31, %xmm4
 1172        pslld	$30, %xmm5
 1173        pslld	$25, %xmm6
 1174        pxor	%xmm5, %xmm4
 1175        pxor	%xmm6, %xmm4
 1176        movdqa	%xmm4, %xmm5
 1177        psrldq	$4, %xmm5
 1178        pslldq	$12, %xmm4
 1179        pxor	%xmm4, %xmm0
 1180        movdqa	%xmm0, %xmm6
 1181        movdqa	%xmm0, %xmm7
 1182        movdqa	%xmm0, %xmm4
 1183        psrld	$0x01, %xmm6
 1184        psrld	$2, %xmm7
 1185        psrld	$7, %xmm4
 1186        pxor	%xmm7, %xmm6
 1187        pxor	%xmm4, %xmm6
 1188        pxor	%xmm5, %xmm6
 1189        pxor	%xmm0, %xmm6
 1190        pxor	%xmm6, %xmm2
 1191        movdqu	(%esp), %xmm1
 1192L_AES_GCM_encrypt_aesni_done_64:
 1193        movl	152(%esp), %edx
 1194        cmpl	%edx, %ebx
 1195        jge	L_AES_GCM_encrypt_aesni_done_enc
 1196        movl	152(%esp), %eax
 1197        andl	$0xfffffff0, %eax
 1198        cmpl	%eax, %ebx
 1199        jge	L_AES_GCM_encrypt_aesni_last_block_done
 1200        leal	(%esi,%ebx,1), %ecx
 1201        leal	(%edi,%ebx,1), %edx
 1202        movdqu	64(%esp), %xmm4
 1203        movdqa	%xmm4, %xmm5
 1204        pshufb	L_aes_gcm_bswap_epi64, %xmm4
 1205        paddd	L_aes_gcm_one, %xmm5
 1206        pxor	(%ebp), %xmm4
 1207        movdqu	%xmm5, 64(%esp)
 1208        aesenc	16(%ebp), %xmm4
 1209        aesenc	32(%ebp), %xmm4
 1210        aesenc	48(%ebp), %xmm4
 1211        aesenc	64(%ebp), %xmm4
 1212        aesenc	80(%ebp), %xmm4
 1213        aesenc	96(%ebp), %xmm4
 1214        aesenc	112(%ebp), %xmm4
 1215        aesenc	128(%ebp), %xmm4
 1216        aesenc	144(%ebp), %xmm4
 1217        cmpl	$11, 172(%esp)
 1218        movdqa	160(%ebp), %xmm5
 1219        jl	L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last
 1220        aesenc	%xmm5, %xmm4
 1221        aesenc	176(%ebp), %xmm4
 1222        cmpl	$13, 172(%esp)
 1223        movdqa	192(%ebp), %xmm5
 1224        jl	L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last
 1225        aesenc	%xmm5, %xmm4
 1226        aesenc	208(%ebp), %xmm4
 1227        movdqa	224(%ebp), %xmm5
 1228L_AES_GCM_encrypt_aesni_aesenc_block_aesenc_avx_last:
 1229        aesenclast	%xmm5, %xmm4
 1230        movdqu	(%ecx), %xmm5
 1231        pxor	%xmm5, %xmm4
 1232        movdqu	%xmm4, (%edx)
 1233        pshufb	L_aes_gcm_bswap_mask, %xmm4
 1234        pxor	%xmm4, %xmm2
 1235        addl	$16, %ebx
 1236        cmpl	%eax, %ebx
 1237        jge	L_AES_GCM_encrypt_aesni_last_block_ghash
 1238L_AES_GCM_encrypt_aesni_last_block_start:
 1239        leal	(%esi,%ebx,1), %ecx
 1240        leal	(%edi,%ebx,1), %edx
 1241        movdqu	64(%esp), %xmm4
 1242        movdqa	%xmm4, %xmm5
 1243        pshufb	L_aes_gcm_bswap_epi64, %xmm4
 1244        paddd	L_aes_gcm_one, %xmm5
 1245        pxor	(%ebp), %xmm4
 1246        movdqu	%xmm5, 64(%esp)
 1247        movdqu	%xmm2, %xmm0
 1248        pclmulqdq	$16, %xmm1, %xmm0
 1249        aesenc	16(%ebp), %xmm4
 1250        aesenc	32(%ebp), %xmm4
 1251        movdqu	%xmm2, %xmm3
 1252        pclmulqdq	$0x01, %xmm1, %xmm3
 1253        aesenc	48(%ebp), %xmm4
 1254        aesenc	64(%ebp), %xmm4
 1255        aesenc	80(%ebp), %xmm4
 1256        movdqu	%xmm2, %xmm5
 1257        pclmulqdq	$0x11, %xmm1, %xmm5
 1258        aesenc	96(%ebp), %xmm4
 1259        pxor	%xmm3, %xmm0
 1260        movdqa	%xmm0, %xmm6
 1261        psrldq	$8, %xmm0
 1262        pslldq	$8, %xmm6
 1263        aesenc	112(%ebp), %xmm4
 1264        movdqu	%xmm2, %xmm3
 1265        pclmulqdq	$0x00, %xmm1, %xmm3
 1266        pxor	%xmm3, %xmm6
 1267        pxor	%xmm0, %xmm5
 1268        movdqa	L_aes_gcm_mod2_128, %xmm7
 1269        movdqa	%xmm6, %xmm3
 1270        pclmulqdq	$16, %xmm7, %xmm3
 1271        aesenc	128(%ebp), %xmm4
 1272        pshufd	$0x4e, %xmm6, %xmm0
 1273        pxor	%xmm3, %xmm0
 1274        movdqa	%xmm0, %xmm3
 1275        pclmulqdq	$16, %xmm7, %xmm3
 1276        aesenc	144(%ebp), %xmm4
 1277        pshufd	$0x4e, %xmm0, %xmm2
 1278        pxor	%xmm3, %xmm2
 1279        pxor	%xmm5, %xmm2
 1280        cmpl	$11, 172(%esp)
 1281        movdqa	160(%ebp), %xmm5
 1282        jl	L_AES_GCM_encrypt_aesni_aesenc_gfmul_last
 1283        aesenc	%xmm5, %xmm4
 1284        aesenc	176(%ebp), %xmm4
 1285        cmpl	$13, 172(%esp)
 1286        movdqa	192(%ebp), %xmm5
 1287        jl	L_AES_GCM_encrypt_aesni_aesenc_gfmul_last
 1288        aesenc	%xmm5, %xmm4
 1289        aesenc	208(%ebp), %xmm4
 1290        movdqa	224(%ebp), %xmm5
 1291L_AES_GCM_encrypt_aesni_aesenc_gfmul_last:
 1292        aesenclast	%xmm5, %xmm4
 1293        movdqu	(%ecx), %xmm5
 1294        pxor	%xmm5, %xmm4
 1295        movdqu	%xmm4, (%edx)
 1296        pshufb	L_aes_gcm_bswap_mask, %xmm4
 1297        pxor	%xmm4, %xmm2
 1298        addl	$16, %ebx
 1299        cmpl	%eax, %ebx
 1300        jl	L_AES_GCM_encrypt_aesni_last_block_start
 1301L_AES_GCM_encrypt_aesni_last_block_ghash:
 1302        pshufd	$0x4e, %xmm1, %xmm5
 1303        pshufd	$0x4e, %xmm2, %xmm6
 1304        movdqa	%xmm2, %xmm7
 1305        movdqa	%xmm2, %xmm4
 1306        pclmulqdq	$0x11, %xmm1, %xmm7
 1307        pclmulqdq	$0x00, %xmm1, %xmm4
 1308        pxor	%xmm1, %xmm5
 1309        pxor	%xmm2, %xmm6
 1310        pclmulqdq	$0x00, %xmm6, %xmm5
 1311        pxor	%xmm4, %xmm5
 1312        pxor	%xmm7, %xmm5
 1313        movdqa	%xmm5, %xmm6
 1314        movdqa	%xmm7, %xmm2
 1315        pslldq	$8, %xmm6
 1316        psrldq	$8, %xmm5
 1317        pxor	%xmm6, %xmm4
 1318        pxor	%xmm5, %xmm2
 1319        movdqa	%xmm4, %xmm5
 1320        movdqa	%xmm4, %xmm6
 1321        movdqa	%xmm4, %xmm7
 1322        pslld	$31, %xmm5
 1323        pslld	$30, %xmm6
 1324        pslld	$25, %xmm7
 1325        pxor	%xmm6, %xmm5
 1326        pxor	%xmm7, %xmm5
 1327        movdqa	%xmm5, %xmm7
 1328        psrldq	$4, %xmm7
 1329        pslldq	$12, %xmm5
 1330        pxor	%xmm5, %xmm4
 1331        movdqa	%xmm4, %xmm5
 1332        movdqa	%xmm4, %xmm6
 1333        psrld	$0x01, %xmm5
 1334        psrld	$2, %xmm6
 1335        pxor	%xmm6, %xmm5
 1336        pxor	%xmm4, %xmm5
 1337        psrld	$7, %xmm4
 1338        pxor	%xmm7, %xmm5
 1339        pxor	%xmm4, %xmm5
 1340        pxor	%xmm5, %xmm2
 1341L_AES_GCM_encrypt_aesni_last_block_done:
 1342        movl	152(%esp), %ecx
 1343        movl	%ecx, %edx
 1344        andl	$15, %ecx
 1345        jz	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_done
 1346        movdqu	64(%esp), %xmm0
 1347        pshufb	L_aes_gcm_bswap_epi64, %xmm0
 1348        pxor	(%ebp), %xmm0
 1349        aesenc	16(%ebp), %xmm0
 1350        aesenc	32(%ebp), %xmm0
 1351        aesenc	48(%ebp), %xmm0
 1352        aesenc	64(%ebp), %xmm0
 1353        aesenc	80(%ebp), %xmm0
 1354        aesenc	96(%ebp), %xmm0
 1355        aesenc	112(%ebp), %xmm0
 1356        aesenc	128(%ebp), %xmm0
 1357        aesenc	144(%ebp), %xmm0
 1358        cmpl	$11, 172(%esp)
 1359        movdqa	160(%ebp), %xmm5
 1360        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last
 1361        aesenc	%xmm5, %xmm0
 1362        aesenc	176(%ebp), %xmm0
 1363        cmpl	$13, 172(%esp)
 1364        movdqa	192(%ebp), %xmm5
 1365        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last
 1366        aesenc	%xmm5, %xmm0
 1367        aesenc	208(%ebp), %xmm0
 1368        movdqa	224(%ebp), %xmm5
 1369L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_aesenc_avx_last:
 1370        aesenclast	%xmm5, %xmm0
 1371        subl	$16, %esp
 1372        xorl	%ecx, %ecx
 1373        movdqu	%xmm0, (%esp)
 1374L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_loop:
 1375        movzbl	(%esi,%ebx,1), %eax
 1376        xorb	(%esp,%ecx,1), %al
 1377        movb	%al, (%edi,%ebx,1)
 1378        movb	%al, (%esp,%ecx,1)
 1379        incl	%ebx
 1380        incl	%ecx
 1381        cmpl	%edx, %ebx
 1382        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_loop
 1383        xorl	%eax, %eax
 1384        cmpl	$16, %ecx
 1385        je	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_finish_enc
 1386L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_byte_loop:
 1387        movb	%al, (%esp,%ecx,1)
 1388        incl	%ecx
 1389        cmpl	$16, %ecx
 1390        jl	L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_byte_loop
 1391L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_finish_enc:
 1392        movdqu	(%esp), %xmm0
 1393        addl	$16, %esp
 1394        pshufb	L_aes_gcm_bswap_mask, %xmm0
 1395        pxor	%xmm0, %xmm2
 1396        pshufd	$0x4e, %xmm1, %xmm5
 1397        pshufd	$0x4e, %xmm2, %xmm6
 1398        movdqa	%xmm2, %xmm7
 1399        movdqa	%xmm2, %xmm4
 1400        pclmulqdq	$0x11, %xmm1, %xmm7
 1401        pclmulqdq	$0x00, %xmm1, %xmm4
 1402        pxor	%xmm1, %xmm5
 1403        pxor	%xmm2, %xmm6
 1404        pclmulqdq	$0x00, %xmm6, %xmm5
 1405        pxor	%xmm4, %xmm5
 1406        pxor	%xmm7, %xmm5
 1407        movdqa	%xmm5, %xmm6
 1408        movdqa	%xmm7, %xmm2
 1409        pslldq	$8, %xmm6
 1410        psrldq	$8, %xmm5
 1411        pxor	%xmm6, %xmm4
 1412        pxor	%xmm5, %xmm2
 1413        movdqa	%xmm4, %xmm5
 1414        movdqa	%xmm4, %xmm6
 1415        movdqa	%xmm4, %xmm7
 1416        pslld	$31, %xmm5
 1417        pslld	$30, %xmm6
 1418        pslld	$25, %xmm7
 1419        pxor	%xmm6, %xmm5
 1420        pxor	%xmm7, %xmm5
 1421        movdqa	%xmm5, %xmm7
 1422        psrldq	$4, %xmm7
 1423        pslldq	$12, %xmm5
 1424        pxor	%xmm5, %xmm4
 1425        movdqa	%xmm4, %xmm5
 1426        movdqa	%xmm4, %xmm6
 1427        psrld	$0x01, %xmm5
 1428        psrld	$2, %xmm6
 1429        pxor	%xmm6, %xmm5
 1430        pxor	%xmm4, %xmm5
 1431        psrld	$7, %xmm4
 1432        pxor	%xmm7, %xmm5
 1433        pxor	%xmm4, %xmm5
 1434        pxor	%xmm5, %xmm2
 1435L_AES_GCM_encrypt_aesni_aesenc_last15_enc_avx_done:
 1436L_AES_GCM_encrypt_aesni_done_enc:
 1437        movl	148(%esp), %edi
 1438        movl	164(%esp), %ebx
 1439        movl	152(%esp), %edx
 1440        movl	156(%esp), %ecx
 1441        shll	$3, %edx
 1442        shll	$3, %ecx
 1443        pinsrd	$0x00, %edx, %xmm4
 1444        pinsrd	$2, %ecx, %xmm4
 1445        movl	152(%esp), %edx
 1446        movl	156(%esp), %ecx
 1447        shrl	$29, %edx
 1448        shrl	$29, %ecx
 1449        pinsrd	$0x01, %edx, %xmm4
 1450        pinsrd	$3, %ecx, %xmm4
 1451        pxor	%xmm4, %xmm2
 1452        pshufd	$0x4e, %xmm1, %xmm5
 1453        pshufd	$0x4e, %xmm2, %xmm6
 1454        movdqa	%xmm2, %xmm7
 1455        movdqa	%xmm2, %xmm4
 1456        pclmulqdq	$0x11, %xmm1, %xmm7
 1457        pclmulqdq	$0x00, %xmm1, %xmm4
 1458        pxor	%xmm1, %xmm5
 1459        pxor	%xmm2, %xmm6
 1460        pclmulqdq	$0x00, %xmm6, %xmm5
 1461        pxor	%xmm4, %xmm5
 1462        pxor	%xmm7, %xmm5
 1463        movdqa	%xmm5, %xmm6
 1464        movdqa	%xmm7, %xmm2
 1465        pslldq	$8, %xmm6
 1466        psrldq	$8, %xmm5
 1467        pxor	%xmm6, %xmm4
 1468        pxor	%xmm5, %xmm2
 1469        movdqa	%xmm4, %xmm5
 1470        movdqa	%xmm4, %xmm6
 1471        movdqa	%xmm4, %xmm7
 1472        pslld	$31, %xmm5
 1473        pslld	$30, %xmm6
 1474        pslld	$25, %xmm7
 1475        pxor	%xmm6, %xmm5
 1476        pxor	%xmm7, %xmm5
 1477        movdqa	%xmm5, %xmm7
 1478        psrldq	$4, %xmm7
 1479        pslldq	$12, %xmm5
 1480        pxor	%xmm5, %xmm4
 1481        movdqa	%xmm4, %xmm5
 1482        movdqa	%xmm4, %xmm6
 1483        psrld	$0x01, %xmm5
 1484        psrld	$2, %xmm6
 1485        pxor	%xmm6, %xmm5
 1486        pxor	%xmm4, %xmm5
 1487        psrld	$7, %xmm4
 1488        pxor	%xmm7, %xmm5
 1489        pxor	%xmm4, %xmm5
 1490        pxor	%xmm5, %xmm2
 1491        pshufb	L_aes_gcm_bswap_mask, %xmm2
 1492        movdqu	80(%esp), %xmm4
 1493        pxor	%xmm2, %xmm4
 1494        cmpl	$16, %ebx
 1495        je	L_AES_GCM_encrypt_aesni_store_tag_16
 1496        xorl	%ecx, %ecx
 1497        movdqu	%xmm4, (%esp)
 1498L_AES_GCM_encrypt_aesni_store_tag_loop:
 1499        movzbl	(%esp,%ecx,1), %eax
 1500        movb	%al, (%edi,%ecx,1)
 1501        incl	%ecx
 1502        cmpl	%ebx, %ecx
 1503        jne	L_AES_GCM_encrypt_aesni_store_tag_loop
 1504        jmp	L_AES_GCM_encrypt_aesni_store_tag_done
 1505L_AES_GCM_encrypt_aesni_store_tag_16:
 1506        movdqu	%xmm4, (%edi)
 1507L_AES_GCM_encrypt_aesni_store_tag_done:
 1508        addl	$0x70, %esp
 1509        popl	%ebp
 1510        popl	%edi
 1511        popl	%esi
 1512        popl	%ebx
 1513        ret
 1514.size	AES_GCM_encrypt_aesni,.-AES_GCM_encrypt_aesni
 1515.text
 1516.globl	AES_GCM_decrypt_aesni
 1517.type	AES_GCM_decrypt_aesni,@function
 1518.align	16
 1519AES_GCM_decrypt_aesni:
 1520        pushl	%ebx
 1521        pushl	%esi
 1522        pushl	%edi
 1523        pushl	%ebp
 1524        subl	$0xb0, %esp
 1525        movl	208(%esp), %esi
 1526        movl	232(%esp), %ebp
 1527        movl	224(%esp), %edx
 1528        pxor	%xmm0, %xmm0
 1529        pxor	%xmm2, %xmm2
 1530        cmpl	$12, %edx
 1531        jne	L_AES_GCM_decrypt_aesni_iv_not_12
 1532        # # Calculate values when IV is 12 bytes
 1533        # Set counter based on IV
 1534        movl	$0x1000000, %ecx
 1535        pinsrd	$0x00, (%esi), %xmm0
 1536        pinsrd	$0x01, 4(%esi), %xmm0
 1537        pinsrd	$2, 8(%esi), %xmm0
 1538        pinsrd	$3, %ecx, %xmm0
 1539        # H = Encrypt X(=0) and T = Encrypt counter
 1540        movdqa	%xmm0, %xmm5
 1541        movdqa	(%ebp), %xmm1
 1542        pxor	%xmm1, %xmm5
 1543        movdqa	16(%ebp), %xmm3
 1544        aesenc	%xmm3, %xmm1
 1545        aesenc	%xmm3, %xmm5
 1546        movdqa	32(%ebp), %xmm3
 1547        aesenc	%xmm3, %xmm1
 1548        aesenc	%xmm3, %xmm5
 1549        movdqa	48(%ebp), %xmm3
 1550        aesenc	%xmm3, %xmm1
 1551        aesenc	%xmm3, %xmm5
 1552        movdqa	64(%ebp), %xmm3
 1553        aesenc	%xmm3, %xmm1
 1554        aesenc	%xmm3, %xmm5
 1555        movdqa	80(%ebp), %xmm3
 1556        aesenc	%xmm3, %xmm1
 1557        aesenc	%xmm3, %xmm5
 1558        movdqa	96(%ebp), %xmm3
 1559        aesenc	%xmm3, %xmm1
 1560        aesenc	%xmm3, %xmm5
 1561        movdqa	112(%ebp), %xmm3
 1562        aesenc	%xmm3, %xmm1
 1563        aesenc	%xmm3, %xmm5
 1564        movdqa	128(%ebp), %xmm3
 1565        aesenc	%xmm3, %xmm1
 1566        aesenc	%xmm3, %xmm5
 1567        movdqa	144(%ebp), %xmm3
 1568        aesenc	%xmm3, %xmm1
 1569        aesenc	%xmm3, %xmm5
 1570        cmpl	$11, 236(%esp)
 1571        movdqa	160(%ebp), %xmm3
 1572        jl	L_AES_GCM_decrypt_aesni_calc_iv_12_last
 1573        aesenc	%xmm3, %xmm1
 1574        aesenc	%xmm3, %xmm5
 1575        movdqa	176(%ebp), %xmm3
 1576        aesenc	%xmm3, %xmm1
 1577        aesenc	%xmm3, %xmm5
 1578        cmpl	$13, 236(%esp)
 1579        movdqa	192(%ebp), %xmm3
 1580        jl	L_AES_GCM_decrypt_aesni_calc_iv_12_last
 1581        aesenc	%xmm3, %xmm1
 1582        aesenc	%xmm3, %xmm5
 1583        movdqa	208(%ebp), %xmm3
 1584        aesenc	%xmm3, %xmm1
 1585        aesenc	%xmm3, %xmm5
 1586        movdqa	224(%ebp), %xmm3
 1587L_AES_GCM_decrypt_aesni_calc_iv_12_last:
 1588        aesenclast	%xmm3, %xmm1
 1589        aesenclast	%xmm3, %xmm5
 1590        pshufb	L_aes_gcm_bswap_mask, %xmm1
 1591        movdqu	%xmm5, 80(%esp)
 1592        jmp	L_AES_GCM_decrypt_aesni_iv_done
 1593L_AES_GCM_decrypt_aesni_iv_not_12:
 1594        # Calculate values when IV is not 12 bytes
 1595        # H = Encrypt X(=0)
 1596        movdqa	(%ebp), %xmm1
 1597        aesenc	16(%ebp), %xmm1
 1598        aesenc	32(%ebp), %xmm1
 1599        aesenc	48(%ebp), %xmm1
 1600        aesenc	64(%ebp), %xmm1
 1601        aesenc	80(%ebp), %xmm1
 1602        aesenc	96(%ebp), %xmm1
 1603        aesenc	112(%ebp), %xmm1
 1604        aesenc	128(%ebp), %xmm1
 1605        aesenc	144(%ebp), %xmm1
 1606        cmpl	$11, 236(%esp)
 1607        movdqa	160(%ebp), %xmm5
 1608        jl	L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last
 1609        aesenc	%xmm5, %xmm1
 1610        aesenc	176(%ebp), %xmm1
 1611        cmpl	$13, 236(%esp)
 1612        movdqa	192(%ebp), %xmm5
 1613        jl	L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last
 1614        aesenc	%xmm5, %xmm1
 1615        aesenc	208(%ebp), %xmm1
 1616        movdqa	224(%ebp), %xmm5
 1617L_AES_GCM_decrypt_aesni_calc_iv_1_aesenc_avx_last:
 1618        aesenclast	%xmm5, %xmm1
 1619        pshufb	L_aes_gcm_bswap_mask, %xmm1
 1620        # Calc counter
 1621        # Initialization vector
 1622        cmpl	$0x00, %edx
 1623        movl	$0x00, %ecx
 1624        je	L_AES_GCM_decrypt_aesni_calc_iv_done
 1625        cmpl	$16, %edx
 1626        jl	L_AES_GCM_decrypt_aesni_calc_iv_lt16
 1627        andl	$0xfffffff0, %edx
 1628L_AES_GCM_decrypt_aesni_calc_iv_16_loop:
 1629        movdqu	(%esi,%ecx,1), %xmm4
 1630        pshufb	L_aes_gcm_bswap_mask, %xmm4
 1631        pxor	%xmm4, %xmm0
 1632        pshufd	$0x4e, %xmm0, %xmm5
 1633        pshufd	$0x4e, %xmm1, %xmm6
 1634        movdqa	%xmm1, %xmm7
 1635        movdqa	%xmm1, %xmm4
 1636        pclmulqdq	$0x11, %xmm0, %xmm7
 1637        pclmulqdq	$0x00, %xmm0, %xmm4
 1638        pxor	%xmm0, %xmm5
 1639        pxor	%xmm1, %xmm6
 1640        pclmulqdq	$0x00, %xmm6, %xmm5
 1641        pxor	%xmm4, %xmm5
 1642        pxor	%xmm7, %xmm5
 1643        movdqa	%xmm5, %xmm6
 1644        movdqa	%xmm4, %xmm3
 1645        movdqa	%xmm7, %xmm0
 1646        pslldq	$8, %xmm6
 1647        psrldq	$8, %xmm5
 1648        pxor	%xmm6, %xmm3
 1649        pxor	%xmm5, %xmm0
 1650        movdqa	%xmm3, %xmm4
 1651        movdqa	%xmm0, %xmm5
 1652        psrld	$31, %xmm4
 1653        psrld	$31, %xmm5
 1654        pslld	$0x01, %xmm3
 1655        pslld	$0x01, %xmm0
 1656        movdqa	%xmm4, %xmm6
 1657        pslldq	$4, %xmm4
 1658        psrldq	$12, %xmm6
 1659        pslldq	$4, %xmm5
 1660        por	%xmm6, %xmm0
 1661        por	%xmm4, %xmm3
 1662        por	%xmm5, %xmm0
 1663        movdqa	%xmm3, %xmm4
 1664        movdqa	%xmm3, %xmm5
 1665        movdqa	%xmm3, %xmm6
 1666        pslld	$31, %xmm4
 1667        pslld	$30, %xmm5
 1668        pslld	$25, %xmm6
 1669        pxor	%xmm5, %xmm4
 1670        pxor	%xmm6, %xmm4
 1671        movdqa	%xmm4, %xmm5
 1672        psrldq	$4, %xmm5
 1673        pslldq	$12, %xmm4
 1674        pxor	%xmm4, %xmm3
 1675        movdqa	%xmm3, %xmm6
 1676        movdqa	%xmm3, %xmm7
 1677        movdqa	%xmm3, %xmm4
 1678        psrld	$0x01, %xmm6
 1679        psrld	$2, %xmm7
 1680        psrld	$7, %xmm4
 1681        pxor	%xmm7, %xmm6
 1682        pxor	%xmm4, %xmm6
 1683        pxor	%xmm5, %xmm6
 1684        pxor	%xmm3, %xmm6
 1685        pxor	%xmm6, %xmm0
 1686        addl	$16, %ecx
 1687        cmpl	%edx, %ecx
 1688        jl	L_AES_GCM_decrypt_aesni_calc_iv_16_loop
 1689        movl	224(%esp), %edx
 1690        cmpl	%edx, %ecx
 1691        je	L_AES_GCM_decrypt_aesni_calc_iv_done
 1692L_AES_GCM_decrypt_aesni_calc_iv_lt16:
 1693        subl	$16, %esp
 1694        pxor	%xmm4, %xmm4
 1695        xorl	%ebx, %ebx
 1696        movdqu	%xmm4, (%esp)
 1697L_AES_GCM_decrypt_aesni_calc_iv_loop:
 1698        movzbl	(%esi,%ecx,1), %eax
 1699        movb	%al, (%esp,%ebx,1)
 1700        incl	%ecx
 1701        incl	%ebx
 1702        cmpl	%edx, %ecx
 1703        jl	L_AES_GCM_decrypt_aesni_calc_iv_loop
 1704        movdqu	(%esp), %xmm4
 1705        addl	$16, %esp
 1706        pshufb	L_aes_gcm_bswap_mask, %xmm4
 1707        pxor	%xmm4, %xmm0
 1708        pshufd	$0x4e, %xmm0, %xmm5
 1709        pshufd	$0x4e, %xmm1, %xmm6
 1710        movdqa	%xmm1, %xmm7
 1711        movdqa	%xmm1, %xmm4
 1712        pclmulqdq	$0x11, %xmm0, %xmm7
 1713        pclmulqdq	$0x00, %xmm0, %xmm4
 1714        pxor	%xmm0, %xmm5
 1715        pxor	%xmm1, %xmm6
 1716        pclmulqdq	$0x00, %xmm6, %xmm5
 1717        pxor	%xmm4, %xmm5
 1718        pxor	%xmm7, %xmm5
 1719        movdqa	%xmm5, %xmm6
 1720        movdqa	%xmm4, %xmm3
 1721        movdqa	%xmm7, %xmm0
 1722        pslldq	$8, %xmm6
 1723        psrldq	$8, %xmm5
 1724        pxor	%xmm6, %xmm3
 1725        pxor	%xmm5, %xmm0
 1726        movdqa	%xmm3, %xmm4
 1727        movdqa	%xmm0, %xmm5
 1728        psrld	$31, %xmm4
 1729        psrld	$31, %xmm5
 1730        pslld	$0x01, %xmm3
 1731        pslld	$0x01, %xmm0
 1732        movdqa	%xmm4, %xmm6
 1733        pslldq	$4, %xmm4
 1734        psrldq	$12, %xmm6
 1735        pslldq	$4, %xmm5
 1736        por	%xmm6, %xmm0
 1737        por	%xmm4, %xmm3
 1738        por	%xmm5, %xmm0
 1739        movdqa	%xmm3, %xmm4
 1740        movdqa	%xmm3, %xmm5
 1741        movdqa	%xmm3, %xmm6
 1742        pslld	$31, %xmm4
 1743        pslld	$30, %xmm5
 1744        pslld	$25, %xmm6
 1745        pxor	%xmm5, %xmm4
 1746        pxor	%xmm6, %xmm4
 1747        movdqa	%xmm4, %xmm5
 1748        psrldq	$4, %xmm5
 1749        pslldq	$12, %xmm4
 1750        pxor	%xmm4, %xmm3
 1751        movdqa	%xmm3, %xmm6
 1752        movdqa	%xmm3, %xmm7
 1753        movdqa	%xmm3, %xmm4
 1754        psrld	$0x01, %xmm6
 1755        psrld	$2, %xmm7
 1756        psrld	$7, %xmm4
 1757        pxor	%xmm7, %xmm6
 1758        pxor	%xmm4, %xmm6
 1759        pxor	%xmm5, %xmm6
 1760        pxor	%xmm3, %xmm6
 1761        pxor	%xmm6, %xmm0
 1762L_AES_GCM_decrypt_aesni_calc_iv_done:
 1763        # T = Encrypt counter
 1764        pxor	%xmm4, %xmm4
 1765        shll	$3, %edx
 1766        pinsrd	$0x00, %edx, %xmm4
 1767        pxor	%xmm4, %xmm0
 1768        pshufd	$0x4e, %xmm0, %xmm5
 1769        pshufd	$0x4e, %xmm1, %xmm6
 1770        movdqa	%xmm1, %xmm7
 1771        movdqa	%xmm1, %xmm4
 1772        pclmulqdq	$0x11, %xmm0, %xmm7
 1773        pclmulqdq	$0x00, %xmm0, %xmm4
 1774        pxor	%xmm0, %xmm5
 1775        pxor	%xmm1, %xmm6
 1776        pclmulqdq	$0x00, %xmm6, %xmm5
 1777        pxor	%xmm4, %xmm5
 1778        pxor	%xmm7, %xmm5
 1779        movdqa	%xmm5, %xmm6
 1780        movdqa	%xmm4, %xmm3
 1781        movdqa	%xmm7, %xmm0
 1782        pslldq	$8, %xmm6
 1783        psrldq	$8, %xmm5
 1784        pxor	%xmm6, %xmm3
 1785        pxor	%xmm5, %xmm0
 1786        movdqa	%xmm3, %xmm4
 1787        movdqa	%xmm0, %xmm5
 1788        psrld	$31, %xmm4
 1789        psrld	$31, %xmm5
 1790        pslld	$0x01, %xmm3
 1791        pslld	$0x01, %xmm0
 1792        movdqa	%xmm4, %xmm6
 1793        pslldq	$4, %xmm4
 1794        psrldq	$12, %xmm6
 1795        pslldq	$4, %xmm5
 1796        por	%xmm6, %xmm0
 1797        por	%xmm4, %xmm3
 1798        por	%xmm5, %xmm0
 1799        movdqa	%xmm3, %xmm4
 1800        movdqa	%xmm3, %xmm5
 1801        movdqa	%xmm3, %xmm6
 1802        pslld	$31, %xmm4
 1803        pslld	$30, %xmm5
 1804        pslld	$25, %xmm6
 1805        pxor	%xmm5, %xmm4
 1806        pxor	%xmm6, %xmm4
 1807        movdqa	%xmm4, %xmm5
 1808        psrldq	$4, %xmm5
 1809        pslldq	$12, %xmm4
 1810        pxor	%xmm4, %xmm3
 1811        movdqa	%xmm3, %xmm6
 1812        movdqa	%xmm3, %xmm7
 1813        movdqa	%xmm3, %xmm4
 1814        psrld	$0x01, %xmm6
 1815        psrld	$2, %xmm7
 1816        psrld	$7, %xmm4
 1817        pxor	%xmm7, %xmm6
 1818        pxor	%xmm4, %xmm6
 1819        pxor	%xmm5, %xmm6
 1820        pxor	%xmm3, %xmm6
 1821        pxor	%xmm6, %xmm0
 1822        pshufb	L_aes_gcm_bswap_mask, %xmm0
 1823        #   Encrypt counter
 1824        movdqa	(%ebp), %xmm4
 1825        pxor	%xmm0, %xmm4
 1826        aesenc	16(%ebp), %xmm4
 1827        aesenc	32(%ebp), %xmm4
 1828        aesenc	48(%ebp), %xmm4
 1829        aesenc	64(%ebp), %xmm4
 1830        aesenc	80(%ebp), %xmm4
 1831        aesenc	96(%ebp), %xmm4
 1832        aesenc	112(%ebp), %xmm4
 1833        aesenc	128(%ebp), %xmm4
 1834        aesenc	144(%ebp), %xmm4
 1835        cmpl	$11, 236(%esp)
 1836        movdqa	160(%ebp), %xmm5
 1837        jl	L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last
 1838        aesenc	%xmm5, %xmm4
 1839        aesenc	176(%ebp), %xmm4
 1840        cmpl	$13, 236(%esp)
 1841        movdqa	192(%ebp), %xmm5
 1842        jl	L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last
 1843        aesenc	%xmm5, %xmm4
 1844        aesenc	208(%ebp), %xmm4
 1845        movdqa	224(%ebp), %xmm5
 1846L_AES_GCM_decrypt_aesni_calc_iv_2_aesenc_avx_last:
 1847        aesenclast	%xmm5, %xmm4
 1848        movdqu	%xmm4, 80(%esp)
 1849L_AES_GCM_decrypt_aesni_iv_done:
 1850        movl	204(%esp), %esi
 1851        # Additional authentication data
 1852        movl	220(%esp), %edx
 1853        cmpl	$0x00, %edx
 1854        je	L_AES_GCM_decrypt_aesni_calc_aad_done
 1855        xorl	%ecx, %ecx
 1856        cmpl	$16, %edx
 1857        jl	L_AES_GCM_decrypt_aesni_calc_aad_lt16
 1858        andl	$0xfffffff0, %edx
 1859L_AES_GCM_decrypt_aesni_calc_aad_16_loop:
 1860        movdqu	(%esi,%ecx,1), %xmm4
 1861        pshufb	L_aes_gcm_bswap_mask, %xmm4
 1862        pxor	%xmm4, %xmm2
 1863        pshufd	$0x4e, %xmm2, %xmm5
 1864        pshufd	$0x4e, %xmm1, %xmm6
 1865        movdqa	%xmm1, %xmm7
 1866        movdqa	%xmm1, %xmm4
 1867        pclmulqdq	$0x11, %xmm2, %xmm7
 1868        pclmulqdq	$0x00, %xmm2, %xmm4
 1869        pxor	%xmm2, %xmm5
 1870        pxor	%xmm1, %xmm6
 1871        pclmulqdq	$0x00, %xmm6, %xmm5
 1872        pxor	%xmm4, %xmm5
 1873        pxor	%xmm7, %xmm5
 1874        movdqa	%xmm5, %xmm6
 1875        movdqa	%xmm4, %xmm3
 1876        movdqa	%xmm7, %xmm2
 1877        pslldq	$8, %xmm6
 1878        psrldq	$8, %xmm5
 1879        pxor	%xmm6, %xmm3
 1880        pxor	%xmm5, %xmm2
 1881        movdqa	%xmm3, %xmm4
 1882        movdqa	%xmm2, %xmm5
 1883        psrld	$31, %xmm4
 1884        psrld	$31, %xmm5
 1885        pslld	$0x01, %xmm3
 1886        pslld	$0x01, %xmm2
 1887        movdqa	%xmm4, %xmm6
 1888        pslldq	$4, %xmm4
 1889        psrldq	$12, %xmm6
 1890        pslldq	$4, %xmm5
 1891        por	%xmm6, %xmm2
 1892        por	%xmm4, %xmm3
 1893        por	%xmm5, %xmm2
 1894        movdqa	%xmm3, %xmm4
 1895        movdqa	%xmm3, %xmm5
 1896        movdqa	%xmm3, %xmm6
 1897        pslld	$31, %xmm4
 1898        pslld	$30, %xmm5
 1899        pslld	$25, %xmm6
 1900        pxor	%xmm5, %xmm4
 1901        pxor	%xmm6, %xmm4
 1902        movdqa	%xmm4, %xmm5
 1903        psrldq	$4, %xmm5
 1904        pslldq	$12, %xmm4
 1905        pxor	%xmm4, %xmm3
 1906        movdqa	%xmm3, %xmm6
 1907        movdqa	%xmm3, %xmm7
 1908        movdqa	%xmm3, %xmm4
 1909        psrld	$0x01, %xmm6
 1910        psrld	$2, %xmm7
 1911        psrld	$7, %xmm4
 1912        pxor	%xmm7, %xmm6
 1913        pxor	%xmm4, %xmm6
 1914        pxor	%xmm5, %xmm6
 1915        pxor	%xmm3, %xmm6
 1916        pxor	%xmm6, %xmm2
 1917        addl	$16, %ecx
 1918        cmpl	%edx, %ecx
 1919        jl	L_AES_GCM_decrypt_aesni_calc_aad_16_loop
 1920        movl	220(%esp), %edx
 1921        cmpl	%edx, %ecx
 1922        je	L_AES_GCM_decrypt_aesni_calc_aad_done
 1923L_AES_GCM_decrypt_aesni_calc_aad_lt16:
 1924        subl	$16, %esp
 1925        pxor	%xmm4, %xmm4
 1926        xorl	%ebx, %ebx
 1927        movdqu	%xmm4, (%esp)
 1928L_AES_GCM_decrypt_aesni_calc_aad_loop:
 1929        movzbl	(%esi,%ecx,1), %eax
 1930        movb	%al, (%esp,%ebx,1)
 1931        incl	%ecx
 1932        incl	%ebx
 1933        cmpl	%edx, %ecx
 1934        jl	L_AES_GCM_decrypt_aesni_calc_aad_loop
 1935        movdqu	(%esp), %xmm4
 1936        addl	$16, %esp
 1937        pshufb	L_aes_gcm_bswap_mask, %xmm4
 1938        pxor	%xmm4, %xmm2
 1939        pshufd	$0x4e, %xmm2, %xmm5
 1940        pshufd	$0x4e, %xmm1, %xmm6
 1941        movdqa	%xmm1, %xmm7
 1942        movdqa	%xmm1, %xmm4
 1943        pclmulqdq	$0x11, %xmm2, %xmm7
 1944        pclmulqdq	$0x00, %xmm2, %xmm4
 1945        pxor	%xmm2, %xmm5
 1946        pxor	%xmm1, %xmm6
 1947        pclmulqdq	$0x00, %xmm6, %xmm5
 1948        pxor	%xmm4, %xmm5
 1949        pxor	%xmm7, %xmm5
 1950        movdqa	%xmm5, %xmm6
 1951        movdqa	%xmm4, %xmm3
 1952        movdqa	%xmm7, %xmm2
 1953        pslldq	$8, %xmm6
 1954        psrldq	$8, %xmm5
 1955        pxor	%xmm6, %xmm3
 1956        pxor	%xmm5, %xmm2
 1957        movdqa	%xmm3, %xmm4
 1958        movdqa	%xmm2, %xmm5
 1959        psrld	$31, %xmm4
 1960        psrld	$31, %xmm5
 1961        pslld	$0x01, %xmm3
 1962        pslld	$0x01, %xmm2
 1963        movdqa	%xmm4, %xmm6
 1964        pslldq	$4, %xmm4
 1965        psrldq	$12, %xmm6
 1966        pslldq	$4, %xmm5
 1967        por	%xmm6, %xmm2
 1968        por	%xmm4, %xmm3
 1969        por	%xmm5, %xmm2
 1970        movdqa	%xmm3, %xmm4
 1971        movdqa	%xmm3, %xmm5
 1972        movdqa	%xmm3, %xmm6
 1973        pslld	$31, %xmm4
 1974        pslld	$30, %xmm5
 1975        pslld	$25, %xmm6
 1976        pxor	%xmm5, %xmm4
 1977        pxor	%xmm6, %xmm4
 1978        movdqa	%xmm4, %xmm5
 1979        psrldq	$4, %xmm5
 1980        pslldq	$12, %xmm4
 1981        pxor	%xmm4, %xmm3
 1982        movdqa	%xmm3, %xmm6
 1983        movdqa	%xmm3, %xmm7
 1984        movdqa	%xmm3, %xmm4
 1985        psrld	$0x01, %xmm6
 1986        psrld	$2, %xmm7
 1987        psrld	$7, %xmm4
 1988        pxor	%xmm7, %xmm6
 1989        pxor	%xmm4, %xmm6
 1990        pxor	%xmm5, %xmm6
 1991        pxor	%xmm3, %xmm6
 1992        pxor	%xmm6, %xmm2
 1993L_AES_GCM_decrypt_aesni_calc_aad_done:
 1994        movdqu	%xmm2, 96(%esp)
 1995        movl	196(%esp), %esi
 1996        movl	200(%esp), %edi
 1997        # Calculate counter and H
 1998        pshufb	L_aes_gcm_bswap_epi64, %xmm0
 1999        movdqa	%xmm1, %xmm5
 2000        paddd	L_aes_gcm_one, %xmm0
 2001        movdqa	%xmm1, %xmm4
 2002        movdqu	%xmm0, 64(%esp)
 2003        psrlq	$63, %xmm5
 2004        psllq	$0x01, %xmm4
 2005        pslldq	$8, %xmm5
 2006        por	%xmm5, %xmm4
 2007        pshufd	$0xff, %xmm1, %xmm1
 2008        psrad	$31, %xmm1
 2009        pand	L_aes_gcm_mod2_128, %xmm1
 2010        pxor	%xmm4, %xmm1
 2011        xorl	%ebx, %ebx
 2012        cmpl	$0x40, 216(%esp)
 2013        movl	216(%esp), %eax
 2014        jl	L_AES_GCM_decrypt_aesni_done_64
 2015        andl	$0xffffffc0, %eax
 2016        movdqa	%xmm2, %xmm6
 2017        # H ^ 1
 2018        movdqu	%xmm1, (%esp)
 2019        # H ^ 2
 2020        pshufd	$0x4e, %xmm1, %xmm5
 2021        pshufd	$0x4e, %xmm1, %xmm6
 2022        movdqa	%xmm1, %xmm7
 2023        movdqa	%xmm1, %xmm4
 2024        pclmulqdq	$0x11, %xmm1, %xmm7
 2025        pclmulqdq	$0x00, %xmm1, %xmm4
 2026        pxor	%xmm1, %xmm5
 2027        pxor	%xmm1, %xmm6
 2028        pclmulqdq	$0x00, %xmm6, %xmm5
 2029        pxor	%xmm4, %xmm5
 2030        pxor	%xmm7, %xmm5
 2031        movdqa	%xmm5, %xmm6
 2032        movdqa	%xmm7, %xmm0
 2033        pslldq	$8, %xmm6
 2034        psrldq	$8, %xmm5
 2035        pxor	%xmm6, %xmm4
 2036        pxor	%xmm5, %xmm0
 2037        movdqa	%xmm4, %xmm5
 2038        movdqa	%xmm4, %xmm6
 2039        movdqa	%xmm4, %xmm7
 2040        pslld	$31, %xmm5
 2041        pslld	$30, %xmm6
 2042        pslld	$25, %xmm7
 2043        pxor	%xmm6, %xmm5
 2044        pxor	%xmm7, %xmm5
 2045        movdqa	%xmm5, %xmm7
 2046        psrldq	$4, %xmm7
 2047        pslldq	$12, %xmm5
 2048        pxor	%xmm5, %xmm4
 2049        movdqa	%xmm4, %xmm5
 2050        movdqa	%xmm4, %xmm6
 2051        psrld	$0x01, %xmm5
 2052        psrld	$2, %xmm6
 2053        pxor	%xmm6, %xmm5
 2054        pxor	%xmm4, %xmm5
 2055        psrld	$7, %xmm4
 2056        pxor	%xmm7, %xmm5
 2057        pxor	%xmm4, %xmm5
 2058        pxor	%xmm5, %xmm0
 2059        movdqu	%xmm0, 16(%esp)
 2060        # H ^ 3
 2061        pshufd	$0x4e, %xmm1, %xmm5
 2062        pshufd	$0x4e, %xmm0, %xmm6
 2063        movdqa	%xmm0, %xmm7
 2064        movdqa	%xmm0, %xmm4
 2065        pclmulqdq	$0x11, %xmm1, %xmm7
 2066        pclmulqdq	$0x00, %xmm1, %xmm4
 2067        pxor	%xmm1, %xmm5
 2068        pxor	%xmm0, %xmm6
 2069        pclmulqdq	$0x00, %xmm6, %xmm5
 2070        pxor	%xmm4, %xmm5
 2071        pxor	%xmm7, %xmm5
 2072        movdqa	%xmm5, %xmm6
 2073        movdqa	%xmm7, %xmm3
 2074        pslldq	$8, %xmm6
 2075        psrldq	$8, %xmm5
 2076        pxor	%xmm6, %xmm4
 2077        pxor	%xmm5, %xmm3
 2078        movdqa	%xmm4, %xmm5
 2079        movdqa	%xmm4, %xmm6
 2080        movdqa	%xmm4, %xmm7
 2081        pslld	$31, %xmm5
 2082        pslld	$30, %xmm6
 2083        pslld	$25, %xmm7
 2084        pxor	%xmm6, %xmm5
 2085        pxor	%xmm7, %xmm5
 2086        movdqa	%xmm5, %xmm7
 2087        psrldq	$4, %xmm7
 2088        pslldq	$12, %xmm5
 2089        pxor	%xmm5, %xmm4
 2090        movdqa	%xmm4, %xmm5
 2091        movdqa	%xmm4, %xmm6
 2092        psrld	$0x01, %xmm5
 2093        psrld	$2, %xmm6
 2094        pxor	%xmm6, %xmm5
 2095        pxor	%xmm4, %xmm5
 2096        psrld	$7, %xmm4
 2097        pxor	%xmm7, %xmm5
 2098        pxor	%xmm4, %xmm5
 2099        pxor	%xmm5, %xmm3
 2100        movdqu	%xmm3, 32(%esp)
 2101        # H ^ 4
 2102        pshufd	$0x4e, %xmm0, %xmm5
 2103        pshufd	$0x4e, %xmm0, %xmm6
 2104        movdqa	%xmm0, %xmm7
 2105        movdqa	%xmm0, %xmm4
 2106        pclmulqdq	$0x11, %xmm0, %xmm7
 2107        pclmulqdq	$0x00, %xmm0, %xmm4
 2108        pxor	%xmm0, %xmm5
 2109        pxor	%xmm0, %xmm6
 2110        pclmulqdq	$0x00, %xmm6, %xmm5
 2111        pxor	%xmm4, %xmm5
 2112        pxor	%xmm7, %xmm5
 2113        movdqa	%xmm5, %xmm6
 2114        movdqa	%xmm7, %xmm3
 2115        pslldq	$8, %xmm6
 2116        psrldq	$8, %xmm5
 2117        pxor	%xmm6, %xmm4
 2118        pxor	%xmm5, %xmm3
 2119        movdqa	%xmm4, %xmm5
 2120        movdqa	%xmm4, %xmm6
 2121        movdqa	%xmm4, %xmm7
 2122        pslld	$31, %xmm5
 2123        pslld	$30, %xmm6
 2124        pslld	$25, %xmm7
 2125        pxor	%xmm6, %xmm5
 2126        pxor	%xmm7, %xmm5
 2127        movdqa	%xmm5, %xmm7
 2128        psrldq	$4, %xmm7
 2129        pslldq	$12, %xmm5
 2130        pxor	%xmm5, %xmm4
 2131        movdqa	%xmm4, %xmm5
 2132        movdqa	%xmm4, %xmm6
 2133        psrld	$0x01, %xmm5
 2134        psrld	$2, %xmm6
 2135        pxor	%xmm6, %xmm5
 2136        pxor	%xmm4, %xmm5
 2137        psrld	$7, %xmm4
 2138        pxor	%xmm7, %xmm5
 2139        pxor	%xmm4, %xmm5
 2140        pxor	%xmm5, %xmm3
 2141        movdqu	%xmm3, 48(%esp)
 2142        cmpl	%esi, %edi
 2143        jne	L_AES_GCM_decrypt_aesni_ghash_64
 2144L_AES_GCM_decrypt_aesni_ghash_64_inplace:
 2145        leal	(%esi,%ebx,1), %ecx
 2146        leal	(%edi,%ebx,1), %edx
 2147        # Encrypt 64 bytes of counter
 2148        movdqu	64(%esp), %xmm4
 2149        movdqa	L_aes_gcm_bswap_epi64, %xmm3
 2150        movdqa	%xmm4, %xmm5
 2151        movdqa	%xmm4, %xmm6
 2152        movdqa	%xmm4, %xmm7
 2153        pshufb	%xmm3, %xmm4
 2154        paddd	L_aes_gcm_one, %xmm5
 2155        pshufb	%xmm3, %xmm5
 2156        paddd	L_aes_gcm_two, %xmm6
 2157        pshufb	%xmm3, %xmm6
 2158        paddd	L_aes_gcm_three, %xmm7
 2159        pshufb	%xmm3, %xmm7
 2160        movdqu	64(%esp), %xmm3
 2161        paddd	L_aes_gcm_four, %xmm3
 2162        movdqu	%xmm3, 64(%esp)
 2163        movdqa	(%ebp), %xmm3
 2164        pxor	%xmm3, %xmm4
 2165        pxor	%xmm3, %xmm5
 2166        pxor	%xmm3, %xmm6
 2167        pxor	%xmm3, %xmm7
 2168        movdqa	16(%ebp), %xmm3
 2169        aesenc	%xmm3, %xmm4
 2170        aesenc	%xmm3, %xmm5
 2171        aesenc	%xmm3, %xmm6
 2172        aesenc	%xmm3, %xmm7
 2173        movdqa	32(%ebp), %xmm3
 2174        aesenc	%xmm3, %xmm4
 2175        aesenc	%xmm3, %xmm5
 2176        aesenc	%xmm3, %xmm6
 2177        aesenc	%xmm3, %xmm7
 2178        movdqa	48(%ebp), %xmm3
 2179        aesenc	%xmm3, %xmm4
 2180        aesenc	%xmm3, %xmm5
 2181        aesenc	%xmm3, %xmm6
 2182        aesenc	%xmm3, %xmm7
 2183        movdqa	64(%ebp), %xmm3
 2184        aesenc	%xmm3, %xmm4
 2185        aesenc	%xmm3, %xmm5
 2186        aesenc	%xmm3, %xmm6
 2187        aesenc	%xmm3, %xmm7
 2188        movdqa	80(%ebp), %xmm3
 2189        aesenc	%xmm3, %xmm4
 2190        aesenc	%xmm3, %xmm5
 2191        aesenc	%xmm3, %xmm6
 2192        aesenc	%xmm3, %xmm7
 2193        movdqa	96(%ebp), %xmm3
 2194        aesenc	%xmm3, %xmm4
 2195        aesenc	%xmm3, %xmm5
 2196        aesenc	%xmm3, %xmm6
 2197        aesenc	%xmm3, %xmm7
 2198        movdqa	112(%ebp), %xmm3
 2199        aesenc	%xmm3, %xmm4
 2200        aesenc	%xmm3, %xmm5
 2201        aesenc	%xmm3, %xmm6
 2202        aesenc	%xmm3, %xmm7
 2203        movdqa	128(%ebp), %xmm3
 2204        aesenc	%xmm3, %xmm4
 2205        aesenc	%xmm3, %xmm5
 2206        aesenc	%xmm3, %xmm6
 2207        aesenc	%xmm3, %xmm7
 2208        movdqa	144(%ebp), %xmm3
 2209        aesenc	%xmm3, %xmm4
 2210        aesenc	%xmm3, %xmm5
 2211        aesenc	%xmm3, %xmm6
 2212        aesenc	%xmm3, %xmm7
 2213        cmpl	$11, 236(%esp)
 2214        movdqa	160(%ebp), %xmm3
 2215        jl	L_AES_GCM_decrypt_aesniinplace_aesenc_64_ghash_avx_done
 2216        aesenc	%xmm3, %xmm4
 2217        aesenc	%xmm3, %xmm5
 2218        aesenc	%xmm3, %xmm6
 2219        aesenc	%xmm3, %xmm7
 2220        movdqa	176(%ebp), %xmm3
 2221        aesenc	%xmm3, %xmm4
 2222        aesenc	%xmm3, %xmm5
 2223        aesenc	%xmm3, %xmm6
 2224        aesenc	%xmm3, %xmm7
 2225        cmpl	$13, 236(%esp)
 2226        movdqa	192(%ebp), %xmm3
 2227        jl	L_AES_GCM_decrypt_aesniinplace_aesenc_64_ghash_avx_done
 2228        aesenc	%xmm3, %xmm4
 2229        aesenc	%xmm3, %xmm5
 2230        aesenc	%xmm3, %xmm6
 2231        aesenc	%xmm3, %xmm7
 2232        movdqa	208(%ebp), %xmm3
 2233        aesenc	%xmm3, %xmm4
 2234        aesenc	%xmm3, %xmm5
 2235        aesenc	%xmm3, %xmm6
 2236        aesenc	%xmm3, %xmm7
 2237        movdqa	224(%ebp), %xmm3
 2238L_AES_GCM_decrypt_aesniinplace_aesenc_64_ghash_avx_done:
 2239        aesenclast	%xmm3, %xmm4
 2240        aesenclast	%xmm3, %xmm5
 2241        movdqu	(%ecx), %xmm0
 2242        movdqu	16(%ecx), %xmm1
 2243        pxor	%xmm0, %xmm4
 2244        pxor	%xmm1, %xmm5
 2245        movdqu	%xmm0, 112(%esp)
 2246        movdqu	%xmm1, 128(%esp)
 2247        movdqu	%xmm4, (%edx)
 2248        movdqu	%xmm5, 16(%edx)
 2249        aesenclast	%xmm3, %xmm6
 2250        aesenclast	%xmm3, %xmm7
 2251        movdqu	32(%ecx), %xmm0
 2252        movdqu	48(%ecx), %xmm1
 2253        pxor	%xmm0, %xmm6
 2254        pxor	%xmm1, %xmm7
 2255        movdqu	%xmm0, 144(%esp)
 2256        movdqu	%xmm1, 160(%esp)
 2257        movdqu	%xmm6, 32(%edx)
 2258        movdqu	%xmm7, 48(%edx)
 2259        # ghash encrypted counter
 2260        movdqu	96(%esp), %xmm6
 2261        movdqu	48(%esp), %xmm3
 2262        movdqu	112(%esp), %xmm4
 2263        pshufb	L_aes_gcm_bswap_mask, %xmm4
 2264        pxor	%xmm6, %xmm4
 2265        pshufd	$0x4e, %xmm3, %xmm5
 2266        pshufd	$0x4e, %xmm4, %xmm1
 2267        pxor	%xmm3, %xmm5
 2268        pxor	%xmm4, %xmm1
 2269        movdqa	%xmm4, %xmm7
 2270        pclmulqdq	$0x11, %xmm3, %xmm7
 2271        movdqa	%xmm4, %xmm6
 2272        pclmulqdq	$0x00, %xmm3, %xmm6
 2273        pclmulqdq	$0x00, %xmm1, %xmm5
 2274        pxor	%xmm6, %xmm5
 2275        pxor	%xmm7, %xmm5
 2276        movdqu	32(%esp), %xmm3
 2277        movdqu	128(%esp), %xmm4
 2278        pshufd	$0x4e, %xmm3, %xmm0
 2279        pshufb	L_aes_gcm_bswap_mask, %xmm4
 2280        pxor	%xmm3, %xmm0
 2281        pshufd	$0x4e, %xmm4, %xmm1
 2282        pxor	%xmm4, %xmm1
 2283        movdqa	%xmm4, %xmm2
 2284        pclmulqdq	$0x11, %xmm3, %xmm2
 2285        pclmulqdq	$0x00, %xmm4, %xmm3
 2286        pclmulqdq	$0x00, %xmm1, %xmm0
 2287        pxor	%xmm3, %xmm5
 2288        pxor	%xmm3, %xmm6
 2289        pxor	%xmm2, %xmm5
 2290        pxor	%xmm2, %xmm7
 2291        pxor	%xmm0, %xmm5
 2292        movdqu	16(%esp), %xmm3
 2293        movdqu	144(%esp), %xmm4
 2294        pshufd	$0x4e, %xmm3, %xmm0
 2295        pshufb	L_aes_gcm_bswap_mask, %xmm4
 2296        pxor	%xmm3, %xmm0
 2297        pshufd	$0x4e, %xmm4, %xmm1
 2298        pxor	%xmm4, %xmm1
 2299        movdqa	%xmm4, %xmm2
 2300        pclmulqdq	$0x11, %xmm3, %xmm2
 2301        pclmulqdq	$0x00, %xmm4, %xmm3
 2302        pclmulqdq	$0x00, %xmm1, %xmm0
 2303        pxor	%xmm3, %xmm5
 2304        pxor	%xmm3, %xmm6
 2305        pxor	%xmm2, %xmm5
 2306        pxor	%xmm2, %xmm7
 2307        pxor	%xmm0, %xmm5
 2308        movdqu	(%esp), %xmm3
 2309        movdqu	160(%esp), %xmm4
 2310        pshufd	$0x4e, %xmm3, %xmm0
 2311        pshufb	L_aes_gcm_bswap_mask, %xmm4
 2312        pxor	%xmm3, %xmm0
 2313        pshufd	$0x4e, %xmm4, %xmm1
 2314        pxor	%xmm4, %xmm1
 2315        movdqa	%xmm4, %xmm2
 2316        pclmulqdq	$0x11, %xmm3, %xmm2
 2317        pclmulqdq	$0x00, %xmm4, %xmm3
 2318        pclmulqdq	$0x00, %xmm1, %xmm0
 2319        pxor	%xmm3, %xmm5
 2320        pxor	%xmm3, %xmm6
 2321        pxor	%xmm2, %xmm5
 2322        pxor	%xmm2, %xmm7
 2323        pxor	%xmm0, %xmm5
 2324        movdqa	%xmm5, %xmm1
 2325        psrldq	$8, %xmm5
 2326        pslldq	$8, %xmm1
 2327        pxor	%xmm1, %xmm6
 2328        pxor	%xmm5, %xmm7
 2329        movdqa	%xmm6, %xmm3
 2330        movdqa	%xmm6, %xmm0
 2331        movdqa	%xmm6, %xmm1
 2332        pslld	$31, %xmm3
 2333        pslld	$30, %xmm0
 2334        pslld	$25, %xmm1
 2335        pxor	%xmm0, %xmm3
 2336        pxor	%xmm1, %xmm3
 2337        movdqa	%xmm3, %xmm0
 2338        pslldq	$12, %xmm3
 2339        psrldq	$4, %xmm0
 2340        pxor	%xmm3, %xmm6
 2341        movdqa	%xmm6, %xmm1
 2342        movdqa	%xmm6, %xmm5
 2343        movdqa	%xmm6, %xmm4
 2344        psrld	$0x01, %xmm1
 2345        psrld	$2, %xmm5
 2346        psrld	$7, %xmm4
 2347        pxor	%xmm5, %xmm1
 2348        pxor	%xmm4, %xmm1
 2349        pxor	%xmm0, %xmm1
 2350        pxor	%xmm1, %xmm6
 2351        pxor	%xmm7, %xmm6
 2352        movdqu	%xmm6, 96(%esp)
 2353        addl	$0x40, %ebx
 2354        cmpl	%eax, %ebx
 2355        jl	L_AES_GCM_decrypt_aesni_ghash_64_inplace
 2356        jmp	L_AES_GCM_decrypt_aesni_ghash_64_done
 2357L_AES_GCM_decrypt_aesni_ghash_64:
 2358        leal	(%esi,%ebx,1), %ecx
 2359        leal	(%edi,%ebx,1), %edx
 2360        # Encrypt 64 bytes of counter
 2361        movdqu	64(%esp), %xmm4
 2362        movdqa	L_aes_gcm_bswap_epi64, %xmm3
 2363        movdqa	%xmm4, %xmm5
 2364        movdqa	%xmm4, %xmm6
 2365        movdqa	%xmm4, %xmm7
 2366        pshufb	%xmm3, %xmm4
 2367        paddd	L_aes_gcm_one, %xmm5
 2368        pshufb	%xmm3, %xmm5
 2369        paddd	L_aes_gcm_two, %xmm6
 2370        pshufb	%xmm3, %xmm6
 2371        paddd	L_aes_gcm_three, %xmm7
 2372        pshufb	%xmm3, %xmm7
 2373        movdqu	64(%esp), %xmm3
 2374        paddd	L_aes_gcm_four, %xmm3
 2375        movdqu	%xmm3, 64(%esp)
 2376        movdqa	(%ebp), %xmm3
 2377        pxor	%xmm3, %xmm4
 2378        pxor	%xmm3, %xmm5
 2379        pxor	%xmm3, %xmm6
 2380        pxor	%xmm3, %xmm7
 2381        movdqa	16(%ebp), %xmm3
 2382        aesenc	%xmm3, %xmm4
 2383        aesenc	%xmm3, %xmm5
 2384        aesenc	%xmm3, %xmm6
 2385        aesenc	%xmm3, %xmm7
 2386        movdqa	32(%ebp), %xmm3
 2387        aesenc	%xmm3, %xmm4
 2388        aesenc	%xmm3, %xmm5
 2389        aesenc	%xmm3, %xmm6
 2390        aesenc	%xmm3, %xmm7
 2391        movdqa	48(%ebp), %xmm3
 2392        aesenc	%xmm3, %xmm4
 2393        aesenc	%xmm3, %xmm5
 2394        aesenc	%xmm3, %xmm6
 2395        aesenc	%xmm3, %xmm7
 2396        movdqa	64(%ebp), %xmm3
 2397        aesenc	%xmm3, %xmm4
 2398        aesenc	%xmm3, %xmm5
 2399        aesenc	%xmm3, %xmm6
 2400        aesenc	%xmm3, %xmm7
 2401        movdqa	80(%ebp), %xmm3
 2402        aesenc	%xmm3, %xmm4
 2403        aesenc	%xmm3, %xmm5
 2404        aesenc	%xmm3, %xmm6
 2405        aesenc	%xmm3, %xmm7
 2406        movdqa	96(%ebp), %xmm3
 2407        aesenc	%xmm3, %xmm4
 2408        aesenc	%xmm3, %xmm5
 2409        aesenc	%xmm3, %xmm6
 2410        aesenc	%xmm3, %xmm7
 2411        movdqa	112(%ebp), %xmm3
 2412        aesenc	%xmm3, %xmm4
 2413        aesenc	%xmm3, %xmm5
 2414        aesenc	%xmm3, %xmm6
 2415        aesenc	%xmm3, %xmm7
 2416        movdqa	128(%ebp), %xmm3
 2417        aesenc	%xmm3, %xmm4
 2418        aesenc	%xmm3, %xmm5
 2419        aesenc	%xmm3, %xmm6
 2420        aesenc	%xmm3, %xmm7
 2421        movdqa	144(%ebp), %xmm3
 2422        aesenc	%xmm3, %xmm4
 2423        aesenc	%xmm3, %xmm5
 2424        aesenc	%xmm3, %xmm6
 2425        aesenc	%xmm3, %xmm7
 2426        cmpl	$11, 236(%esp)
 2427        movdqa	160(%ebp), %xmm3
 2428        jl	L_AES_GCM_decrypt_aesni_aesenc_64_ghash_avx_done
 2429        aesenc	%xmm3, %xmm4
 2430        aesenc	%xmm3, %xmm5
 2431        aesenc	%xmm3, %xmm6
 2432        aesenc	%xmm3, %xmm7
 2433        movdqa	176(%ebp), %xmm3
 2434        aesenc	%xmm3, %xmm4
 2435        aesenc	%xmm3, %xmm5
 2436        aesenc	%xmm3, %xmm6
 2437        aesenc	%xmm3, %xmm7
 2438        cmpl	$13, 236(%esp)
 2439        movdqa	192(%ebp), %xmm3
 2440        jl	L_AES_GCM_decrypt_aesni_aesenc_64_ghash_avx_done
 2441        aesenc	%xmm3, %xmm4
 2442        aesenc	%xmm3, %xmm5
 2443        aesenc	%xmm3, %xmm6
 2444        aesenc	%xmm3, %xmm7
 2445        movdqa	208(%ebp), %xmm3
 2446        aesenc	%xmm3, %xmm4
 2447        aesenc	%xmm3, %xmm5
 2448        aesenc	%xmm3, %xmm6
 2449        aesenc	%xmm3, %xmm7
 2450        movdqa	224(%ebp), %xmm3
 2451L_AES_GCM_decrypt_aesni_aesenc_64_ghash_avx_done:
 2452        aesenclast	%xmm3, %xmm4
 2453        aesenclast	%xmm3, %xmm5
 2454        movdqu	(%ecx), %xmm0
 2455        movdqu	16(%ecx), %xmm1
 2456        pxor	%xmm0, %xmm4
 2457        pxor	%xmm1, %xmm5
 2458        movdqu	%xmm0, (%ecx)
 2459        movdqu	%xmm1, 16(%ecx)
 2460        movdqu	%xmm4, (%edx)
 2461        movdqu	%xmm5, 16(%edx)
 2462        aesenclast	%xmm3, %xmm6
 2463        aesenclast	%xmm3, %xmm7
 2464        movdqu	32(%ecx), %xmm0
 2465        movdqu	48(%ecx), %xmm1
 2466        pxor	%xmm0, %xmm6
 2467        pxor	%xmm1, %xmm7
 2468        movdqu	%xmm0, 32(%ecx)
 2469        movdqu	%xmm1, 48(%ecx)
 2470        movdqu	%xmm6, 32(%edx)
 2471        movdqu	%xmm7, 48(%edx)
 2472        # ghash encrypted counter
 2473        movdqu	96(%esp), %xmm6
 2474        movdqu	48(%esp), %xmm3
 2475        movdqu	(%ecx), %xmm4
 2476        pshufb	L_aes_gcm_bswap_mask, %xmm4
 2477        pxor	%xmm6, %xmm4
 2478        pshufd	$0x4e, %xmm3, %xmm5
 2479        pshufd	$0x4e, %xmm4, %xmm1
 2480        pxor	%xmm3, %xmm5
 2481        pxor	%xmm4, %xmm1
 2482        movdqa	%xmm4, %xmm7
 2483        pclmulqdq	$0x11, %xmm3, %xmm7
 2484        movdqa	%xmm4, %xmm6
 2485        pclmulqdq	$0x00, %xmm3, %xmm6
 2486        pclmulqdq	$0x00, %xmm1, %xmm5
 2487        pxor	%xmm6, %xmm5
 2488        pxor	%xmm7, %xmm5
 2489        movdqu	32(%esp), %xmm3
 2490        movdqu	16(%ecx), %xmm4
 2491        pshufd	$0x4e, %xmm3, %xmm0
 2492        pshufb	L_aes_gcm_bswap_mask, %xmm4
 2493        pxor	%xmm3, %xmm0
 2494        pshufd	$0x4e, %xmm4, %xmm1
 2495        pxor	%xmm4, %xmm1
 2496        movdqa	%xmm4, %xmm2
 2497        pclmulqdq	$0x11, %xmm3, %xmm2
 2498        pclmulqdq	$0x00, %xmm4, %xmm3
 2499        pclmulqdq	$0x00, %xmm1, %xmm0
 2500        pxor	%xmm3, %xmm5
 2501        pxor	%xmm3, %xmm6
 2502        pxor	%xmm2, %xmm5
 2503        pxor	%xmm2, %xmm7
 2504        pxor	%xmm0, %xmm5
 2505        movdqu	16(%esp), %xmm3
 2506        movdqu	32(%ecx), %xmm4
 2507        pshufd	$0x4e, %xmm3, %xmm0
 2508        pshufb	L_aes_gcm_bswap_mask, %xmm4
 2509        pxor	%xmm3, %xmm0
 2510        pshufd	$0x4e, %xmm4, %xmm1
 2511        pxor	%xmm4, %xmm1
 2512        movdqa	%xmm4, %xmm2
 2513        pclmulqdq	$0x11, %xmm3, %xmm2
 2514        pclmulqdq	$0x00, %xmm4, %xmm3
 2515        pclmulqdq	$0x00, %xmm1, %xmm0
 2516        pxor	%xmm3, %xmm5
 2517        pxor	%xmm3, %xmm6
 2518        pxor	%xmm2, %xmm5
 2519        pxor	%xmm2, %xmm7
 2520        pxor	%xmm0, %xmm5
 2521        movdqu	(%esp), %xmm3
 2522        movdqu	48(%ecx), %xmm4
 2523        pshufd	$0x4e, %xmm3, %xmm0
 2524        pshufb	L_aes_gcm_bswap_mask, %xmm4
 2525        pxor	%xmm3, %xmm0
 2526        pshufd	$0x4e, %xmm4, %xmm1
 2527        pxor	%xmm4, %xmm1
 2528        movdqa	%xmm4, %xmm2
 2529        pclmulqdq	$0x11, %xmm3, %xmm2
 2530        pclmulqdq	$0x00, %xmm4, %xmm3
 2531        pclmulqdq	$0x00, %xmm1, %xmm0
 2532        pxor	%xmm3, %xmm5
 2533        pxor	%xmm3, %xmm6
 2534        pxor	%xmm2, %xmm5
 2535        pxor	%xmm2, %xmm7
 2536        pxor	%xmm0, %xmm5
 2537        movdqa	%xmm5, %xmm1
 2538        psrldq	$8, %xmm5
 2539        pslldq	$8, %xmm1
 2540        pxor	%xmm1, %xmm6
 2541        pxor	%xmm5, %xmm7
 2542        movdqa	%xmm6, %xmm3
 2543        movdqa	%xmm6, %xmm0
 2544        movdqa	%xmm6, %xmm1
 2545        pslld	$31, %xmm3
 2546        pslld	$30, %xmm0
 2547        pslld	$25, %xmm1
 2548        pxor	%xmm0, %xmm3
 2549        pxor	%xmm1, %xmm3
 2550        movdqa	%xmm3, %xmm0
 2551        pslldq	$12, %xmm3
 2552        psrldq	$4, %xmm0
 2553        pxor	%xmm3, %xmm6
 2554        movdqa	%xmm6, %xmm1
 2555        movdqa	%xmm6, %xmm5
 2556        movdqa	%xmm6, %xmm4
 2557        psrld	$0x01, %xmm1
 2558        psrld	$2, %xmm5
 2559        psrld	$7, %xmm4
 2560        pxor	%xmm5, %xmm1
 2561        pxor	%xmm4, %xmm1
 2562        pxor	%xmm0, %xmm1
 2563        pxor	%xmm1, %xmm6
 2564        pxor	%xmm7, %xmm6
 2565        movdqu	%xmm6, 96(%esp)
 2566        addl	$0x40, %ebx
 2567        cmpl	%eax, %ebx
 2568        jl	L_AES_GCM_decrypt_aesni_ghash_64
 2569L_AES_GCM_decrypt_aesni_ghash_64_done:
 2570        movdqa	%xmm6, %xmm2
 2571        movdqu	(%esp), %xmm1
 2572L_AES_GCM_decrypt_aesni_done_64:
 2573        movl	216(%esp), %edx
 2574        cmpl	%edx, %ebx
 2575        jge	L_AES_GCM_decrypt_aesni_done_dec
 2576        movl	216(%esp), %eax
 2577        andl	$0xfffffff0, %eax
 2578        cmpl	%eax, %ebx
 2579        jge	L_AES_GCM_decrypt_aesni_last_block_done
 2580L_AES_GCM_decrypt_aesni_last_block_start:
 2581        leal	(%esi,%ebx,1), %ecx
 2582        leal	(%edi,%ebx,1), %edx
 2583        movdqu	(%ecx), %xmm5
 2584        pshufb	L_aes_gcm_bswap_mask, %xmm5
 2585        pxor	%xmm2, %xmm5
 2586        movdqu	%xmm5, (%esp)
 2587        movdqu	64(%esp), %xmm4
 2588        movdqa	%xmm4, %xmm5
 2589        pshufb	L_aes_gcm_bswap_epi64, %xmm4
 2590        paddd	L_aes_gcm_one, %xmm5
 2591        pxor	(%ebp), %xmm4
 2592        movdqu	%xmm5, 64(%esp)
 2593        movdqu	(%esp), %xmm0
 2594        pclmulqdq	$16, %xmm1, %xmm0
 2595        aesenc	16(%ebp), %xmm4
 2596        aesenc	32(%ebp), %xmm4
 2597        movdqu	(%esp), %xmm3
 2598        pclmulqdq	$0x01, %xmm1, %xmm3
 2599        aesenc	48(%ebp), %xmm4
 2600        aesenc	64(%ebp), %xmm4
 2601        aesenc	80(%ebp), %xmm4
 2602        movdqu	(%esp), %xmm5
 2603        pclmulqdq	$0x11, %xmm1, %xmm5
 2604        aesenc	96(%ebp), %xmm4
 2605        pxor	%xmm3, %xmm0
 2606        movdqa	%xmm0, %xmm6
 2607        psrldq	$8, %xmm0
 2608        pslldq	$8, %xmm6
 2609        aesenc	112(%ebp), %xmm4
 2610        movdqu	(%esp), %xmm3
 2611        pclmulqdq	$0x00, %xmm1, %xmm3
 2612        pxor	%xmm3, %xmm6
 2613        pxor	%xmm0, %xmm5
 2614        movdqa	L_aes_gcm_mod2_128, %xmm7
 2615        movdqa	%xmm6, %xmm3
 2616        pclmulqdq	$16, %xmm7, %xmm3
 2617        aesenc	128(%ebp), %xmm4
 2618        pshufd	$0x4e, %xmm6, %xmm0
 2619        pxor	%xmm3, %xmm0
 2620        movdqa	%xmm0, %xmm3
 2621        pclmulqdq	$16, %xmm7, %xmm3
 2622        aesenc	144(%ebp), %xmm4
 2623        pshufd	$0x4e, %xmm0, %xmm2
 2624        pxor	%xmm3, %xmm2
 2625        pxor	%xmm5, %xmm2
 2626        cmpl	$11, 236(%esp)
 2627        movdqa	160(%ebp), %xmm5
 2628        jl	L_AES_GCM_decrypt_aesni_aesenc_gfmul_last
 2629        aesenc	%xmm5, %xmm4
 2630        aesenc	176(%ebp), %xmm4
 2631        cmpl	$13, 236(%esp)
 2632        movdqa	192(%ebp), %xmm5
 2633        jl	L_AES_GCM_decrypt_aesni_aesenc_gfmul_last
 2634        aesenc	%xmm5, %xmm4
 2635        aesenc	208(%ebp), %xmm4
 2636        movdqa	224(%ebp), %xmm5
 2637L_AES_GCM_decrypt_aesni_aesenc_gfmul_last:
 2638        aesenclast	%xmm5, %xmm4
 2639        movdqu	(%ecx), %xmm5
 2640        pxor	%xmm5, %xmm4
 2641        movdqu	%xmm4, (%edx)
 2642        addl	$16, %ebx
 2643        cmpl	%eax, %ebx
 2644        jl	L_AES_GCM_decrypt_aesni_last_block_start
 2645L_AES_GCM_decrypt_aesni_last_block_done:
 2646        movl	216(%esp), %ecx
 2647        movl	%ecx, %edx
 2648        andl	$15, %ecx
 2649        jz	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_done
 2650        movdqu	64(%esp), %xmm0
 2651        pshufb	L_aes_gcm_bswap_epi64, %xmm0
 2652        pxor	(%ebp), %xmm0
 2653        aesenc	16(%ebp), %xmm0
 2654        aesenc	32(%ebp), %xmm0
 2655        aesenc	48(%ebp), %xmm0
 2656        aesenc	64(%ebp), %xmm0
 2657        aesenc	80(%ebp), %xmm0
 2658        aesenc	96(%ebp), %xmm0
 2659        aesenc	112(%ebp), %xmm0
 2660        aesenc	128(%ebp), %xmm0
 2661        aesenc	144(%ebp), %xmm0
 2662        cmpl	$11, 236(%esp)
 2663        movdqa	160(%ebp), %xmm5
 2664        jl	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last
 2665        aesenc	%xmm5, %xmm0
 2666        aesenc	176(%ebp), %xmm0
 2667        cmpl	$13, 236(%esp)
 2668        movdqa	192(%ebp), %xmm5
 2669        jl	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last
 2670        aesenc	%xmm5, %xmm0
 2671        aesenc	208(%ebp), %xmm0
 2672        movdqa	224(%ebp), %xmm5
 2673L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_aesenc_avx_last:
 2674        aesenclast	%xmm5, %xmm0
 2675        subl	$32, %esp
 2676        xorl	%ecx, %ecx
 2677        movdqu	%xmm0, (%esp)
 2678        pxor	%xmm4, %xmm4
 2679        movdqu	%xmm4, 16(%esp)
 2680L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop:
 2681        movzbl	(%esi,%ebx,1), %eax
 2682        movb	%al, 16(%esp,%ecx,1)
 2683        xorb	(%esp,%ecx,1), %al
 2684        movb	%al, (%edi,%ebx,1)
 2685        incl	%ebx
 2686        incl	%ecx
 2687        cmpl	%edx, %ebx
 2688        jl	L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_loop
 2689        movdqu	16(%esp), %xmm0
 2690        addl	$32, %esp
 2691        pshufb	L_aes_gcm_bswap_mask, %xmm0
 2692        pxor	%xmm0, %xmm2
 2693        pshufd	$0x4e, %xmm1, %xmm5
 2694        pshufd	$0x4e, %xmm2, %xmm6
 2695        movdqa	%xmm2, %xmm7
 2696        movdqa	%xmm2, %xmm4
 2697        pclmulqdq	$0x11, %xmm1, %xmm7
 2698        pclmulqdq	$0x00, %xmm1, %xmm4
 2699        pxor	%xmm1, %xmm5
 2700        pxor	%xmm2, %xmm6
 2701        pclmulqdq	$0x00, %xmm6, %xmm5
 2702        pxor	%xmm4, %xmm5
 2703        pxor	%xmm7, %xmm5
 2704        movdqa	%xmm5, %xmm6
 2705        movdqa	%xmm7, %xmm2
 2706        pslldq	$8, %xmm6
 2707        psrldq	$8, %xmm5
 2708        pxor	%xmm6, %xmm4
 2709        pxor	%xmm5, %xmm2
 2710        movdqa	%xmm4, %xmm5
 2711        movdqa	%xmm4, %xmm6
 2712        movdqa	%xmm4, %xmm7
 2713        pslld	$31, %xmm5
 2714        pslld	$30, %xmm6
 2715        pslld	$25, %xmm7
 2716        pxor	%xmm6, %xmm5
 2717        pxor	%xmm7, %xmm5
 2718        movdqa	%xmm5, %xmm7
 2719        psrldq	$4, %xmm7
 2720        pslldq	$12, %xmm5
 2721        pxor	%xmm5, %xmm4
 2722        movdqa	%xmm4, %xmm5
 2723        movdqa	%xmm4, %xmm6
 2724        psrld	$0x01, %xmm5
 2725        psrld	$2, %xmm6
 2726        pxor	%xmm6, %xmm5
 2727        pxor	%xmm4, %xmm5
 2728        psrld	$7, %xmm4
 2729        pxor	%xmm7, %xmm5
 2730        pxor	%xmm4, %xmm5
 2731        pxor	%xmm5, %xmm2
 2732L_AES_GCM_decrypt_aesni_aesenc_last15_dec_avx_done:
 2733L_AES_GCM_decrypt_aesni_done_dec:
 2734        movl	212(%esp), %esi
 2735        movl	228(%esp), %ebp
 2736        movl	216(%esp), %edx
 2737        movl	220(%esp), %ecx
 2738        shll	$3, %edx
 2739        shll	$3, %ecx
 2740        pinsrd	$0x00, %edx, %xmm4
 2741        pinsrd	$2, %ecx, %xmm4
 2742        movl	216(%esp), %edx
 2743        movl	220(%esp), %ecx
 2744        shrl	$29, %edx
 2745        shrl	$29, %ecx
 2746        pinsrd	$0x01, %edx, %xmm4
 2747        pinsrd	$3, %ecx, %xmm4
 2748        pxor	%xmm4, %xmm2
 2749        pshufd	$0x4e, %xmm1, %xmm5
 2750        pshufd	$0x4e, %xmm2, %xmm6
 2751        movdqa	%xmm2, %xmm7
 2752        movdqa	%xmm2, %xmm4
 2753        pclmulqdq	$0x11, %xmm1, %xmm7
 2754        pclmulqdq	$0x00, %xmm1, %xmm4
 2755        pxor	%xmm1, %xmm5
 2756        pxor	%xmm2, %xmm6
 2757        pclmulqdq	$0x00, %xmm6, %xmm5
 2758        pxor	%xmm4, %xmm5
 2759        pxor	%xmm7, %xmm5
 2760        movdqa	%xmm5, %xmm6
 2761        movdqa	%xmm7, %xmm2
 2762        pslldq	$8, %xmm6
 2763        psrldq	$8, %xmm5
 2764        pxor	%xmm6, %xmm4
 2765        pxor	%xmm5, %xmm2
 2766        movdqa	%xmm4, %xmm5
 2767        movdqa	%xmm4, %xmm6
 2768        movdqa	%xmm4, %xmm7
 2769        pslld	$31, %xmm5
 2770        pslld	$30, %xmm6
 2771        pslld	$25, %xmm7
 2772        pxor	%xmm6, %xmm5
 2773        pxor	%xmm7, %xmm5
 2774        movdqa	%xmm5, %xmm7
 2775        psrldq	$4, %xmm7
 2776        pslldq	$12, %xmm5
 2777        pxor	%xmm5, %xmm4
 2778        movdqa	%xmm4, %xmm5
 2779        movdqa	%xmm4, %xmm6
 2780        psrld	$0x01, %xmm5
 2781        psrld	$2, %xmm6
 2782        pxor	%xmm6, %xmm5
 2783        pxor	%xmm4, %xmm5
 2784        psrld	$7, %xmm4
 2785        pxor	%xmm7, %xmm5
 2786        pxor	%xmm4, %xmm5
 2787        pxor	%xmm5, %xmm2
 2788        pshufb	L_aes_gcm_bswap_mask, %xmm2
 2789        movdqu	80(%esp), %xmm4
 2790        pxor	%xmm2, %xmm4
 2791        movl	240(%esp), %edi
 2792        cmpl	$16, %ebp
 2793        je	L_AES_GCM_decrypt_aesni_cmp_tag_16
 2794        subl	$16, %esp
 2795        xorl	%ecx, %ecx
 2796        xorl	%ebx, %ebx
 2797        movdqu	%xmm4, (%esp)
 2798L_AES_GCM_decrypt_aesni_cmp_tag_loop:
 2799        movzbl	(%esp,%ecx,1), %eax
 2800        xorb	(%esi,%ecx,1), %al
 2801        orb	%al, %bl
 2802        incl	%ecx
 2803        cmpl	%ebp, %ecx
 2804        jne	L_AES_GCM_decrypt_aesni_cmp_tag_loop
 2805        cmpb	$0x00, %bl
 2806        sete	%bl
 2807        addl	$16, %esp
 2808        xorl	%ecx, %ecx
 2809        jmp	L_AES_GCM_decrypt_aesni_cmp_tag_done
 2810L_AES_GCM_decrypt_aesni_cmp_tag_16:
 2811        movdqu	(%esi), %xmm5
 2812        pcmpeqb	%xmm5, %xmm4
 2813        pmovmskb	%xmm4, %edx
 2814        # %%edx == 0xFFFF then return 1 else => return 0
 2815        xorl	%ebx, %ebx
 2816        cmpl	$0xffff, %edx
 2817        sete	%bl
 2818L_AES_GCM_decrypt_aesni_cmp_tag_done:
 2819        movl	%ebx, (%edi)
 2820        addl	$0xb0, %esp
 2821        popl	%ebp
 2822        popl	%edi
 2823        popl	%esi
 2824        popl	%ebx
 2825        ret
 2826.size	AES_GCM_decrypt_aesni,.-AES_GCM_decrypt_aesni
 2827#ifdef WOLFSSL_AESGCM_STREAM
 2828.text
 2829.globl	AES_GCM_init_aesni
 2830.type	AES_GCM_init_aesni,@function
 2831.align	16
 2832AES_GCM_init_aesni:
 2833        pushl	%ebx
 2834        pushl	%esi
 2835        pushl	%edi
 2836        pushl	%ebp
 2837        subl	$16, %esp
 2838        movl	36(%esp), %ebp
 2839        movl	44(%esp), %esi
 2840        movl	60(%esp), %edi
 2841        pxor	%xmm4, %xmm4
 2842        movl	48(%esp), %edx
 2843        cmpl	$12, %edx
 2844        jne	L_AES_GCM_init_aesni_iv_not_12
 2845        # # Calculate values when IV is 12 bytes
 2846        # Set counter based on IV
 2847        movl	$0x1000000, %ecx
 2848        pinsrd	$0x00, (%esi), %xmm4
 2849        pinsrd	$0x01, 4(%esi), %xmm4
 2850        pinsrd	$2, 8(%esi), %xmm4
 2851        pinsrd	$3, %ecx, %xmm4
 2852        # H = Encrypt X(=0) and T = Encrypt counter
 2853        movdqa	%xmm4, %xmm1
 2854        movdqa	(%ebp), %xmm5
 2855        pxor	%xmm5, %xmm1
 2856        movdqa	16(%ebp), %xmm7
 2857        aesenc	%xmm7, %xmm5
 2858        aesenc	%xmm7, %xmm1
 2859        movdqa	32(%ebp), %xmm7
 2860        aesenc	%xmm7, %xmm5
 2861        aesenc	%xmm7, %xmm1
 2862        movdqa	48(%ebp), %xmm7
 2863        aesenc	%xmm7, %xmm5
 2864        aesenc	%xmm7, %xmm1
 2865        movdqa	64(%ebp), %xmm7
 2866        aesenc	%xmm7, %xmm5
 2867        aesenc	%xmm7, %xmm1
 2868        movdqa	80(%ebp), %xmm7
 2869        aesenc	%xmm7, %xmm5
 2870        aesenc	%xmm7, %xmm1
 2871        movdqa	96(%ebp), %xmm7
 2872        aesenc	%xmm7, %xmm5
 2873        aesenc	%xmm7, %xmm1
 2874        movdqa	112(%ebp), %xmm7
 2875        aesenc	%xmm7, %xmm5
 2876        aesenc	%xmm7, %xmm1
 2877        movdqa	128(%ebp), %xmm7
 2878        aesenc	%xmm7, %xmm5
 2879        aesenc	%xmm7, %xmm1
 2880        movdqa	144(%ebp), %xmm7
 2881        aesenc	%xmm7, %xmm5
 2882        aesenc	%xmm7, %xmm1
 2883        cmpl	$11, 40(%esp)
 2884        movdqa	160(%ebp), %xmm7
 2885        jl	L_AES_GCM_init_aesni_calc_iv_12_last
 2886        aesenc	%xmm7, %xmm5
 2887        aesenc	%xmm7, %xmm1
 2888        movdqa	176(%ebp), %xmm7
 2889        aesenc	%xmm7, %xmm5
 2890        aesenc	%xmm7, %xmm1
 2891        cmpl	$13, 40(%esp)
 2892        movdqa	192(%ebp), %xmm7
 2893        jl	L_AES_GCM_init_aesni_calc_iv_12_last
 2894        aesenc	%xmm7, %xmm5
 2895        aesenc	%xmm7, %xmm1
 2896        movdqa	208(%ebp), %xmm7
 2897        aesenc	%xmm7, %xmm5
 2898        aesenc	%xmm7, %xmm1
 2899        movdqa	224(%ebp), %xmm7
 2900L_AES_GCM_init_aesni_calc_iv_12_last:
 2901        aesenclast	%xmm7, %xmm5
 2902        aesenclast	%xmm7, %xmm1
 2903        pshufb	L_aes_gcm_bswap_mask, %xmm5
 2904        movdqu	%xmm1, (%edi)
 2905        jmp	L_AES_GCM_init_aesni_iv_done
 2906L_AES_GCM_init_aesni_iv_not_12:
 2907        # Calculate values when IV is not 12 bytes
 2908        # H = Encrypt X(=0)
 2909        movdqa	(%ebp), %xmm5
 2910        aesenc	16(%ebp), %xmm5
 2911        aesenc	32(%ebp), %xmm5
 2912        aesenc	48(%ebp), %xmm5
 2913        aesenc	64(%ebp), %xmm5
 2914        aesenc	80(%ebp), %xmm5
 2915        aesenc	96(%ebp), %xmm5
 2916        aesenc	112(%ebp), %xmm5
 2917        aesenc	128(%ebp), %xmm5
 2918        aesenc	144(%ebp), %xmm5
 2919        cmpl	$11, 40(%esp)
 2920        movdqa	160(%ebp), %xmm1
 2921        jl	L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last
 2922        aesenc	%xmm1, %xmm5
 2923        aesenc	176(%ebp), %xmm5
 2924        cmpl	$13, 40(%esp)
 2925        movdqa	192(%ebp), %xmm1
 2926        jl	L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last
 2927        aesenc	%xmm1, %xmm5
 2928        aesenc	208(%ebp), %xmm5
 2929        movdqa	224(%ebp), %xmm1
 2930L_AES_GCM_init_aesni_calc_iv_1_aesenc_avx_last:
 2931        aesenclast	%xmm1, %xmm5
 2932        pshufb	L_aes_gcm_bswap_mask, %xmm5
 2933        # Calc counter
 2934        # Initialization vector
 2935        cmpl	$0x00, %edx
 2936        movl	$0x00, %ecx
 2937        je	L_AES_GCM_init_aesni_calc_iv_done
 2938        cmpl	$16, %edx
 2939        jl	L_AES_GCM_init_aesni_calc_iv_lt16
 2940        andl	$0xfffffff0, %edx
 2941L_AES_GCM_init_aesni_calc_iv_16_loop:
 2942        movdqu	(%esi,%ecx,1), %xmm0
 2943        pshufb	L_aes_gcm_bswap_mask, %xmm0
 2944        pxor	%xmm0, %xmm4
 2945        pshufd	$0x4e, %xmm4, %xmm1
 2946        pshufd	$0x4e, %xmm5, %xmm2
 2947        movdqa	%xmm5, %xmm3
 2948        movdqa	%xmm5, %xmm0
 2949        pclmulqdq	$0x11, %xmm4, %xmm3
 2950        pclmulqdq	$0x00, %xmm4, %xmm0
 2951        pxor	%xmm4, %xmm1
 2952        pxor	%xmm5, %xmm2
 2953        pclmulqdq	$0x00, %xmm2, %xmm1
 2954        pxor	%xmm0, %xmm1
 2955        pxor	%xmm3, %xmm1
 2956        movdqa	%xmm1, %xmm2
 2957        movdqa	%xmm0, %xmm7
 2958        movdqa	%xmm3, %xmm4
 2959        pslldq	$8, %xmm2
 2960        psrldq	$8, %xmm1
 2961        pxor	%xmm2, %xmm7
 2962        pxor	%xmm1, %xmm4
 2963        movdqa	%xmm7, %xmm0
 2964        movdqa	%xmm4, %xmm1
 2965        psrld	$31, %xmm0
 2966        psrld	$31, %xmm1
 2967        pslld	$0x01, %xmm7
 2968        pslld	$0x01, %xmm4
 2969        movdqa	%xmm0, %xmm2
 2970        pslldq	$4, %xmm0
 2971        psrldq	$12, %xmm2
 2972        pslldq	$4, %xmm1
 2973        por	%xmm2, %xmm4
 2974        por	%xmm0, %xmm7
 2975        por	%xmm1, %xmm4
 2976        movdqa	%xmm7, %xmm0
 2977        movdqa	%xmm7, %xmm1
 2978        movdqa	%xmm7, %xmm2
 2979        pslld	$31, %xmm0
 2980        pslld	$30, %xmm1
 2981        pslld	$25, %xmm2
 2982        pxor	%xmm1, %xmm0
 2983        pxor	%xmm2, %xmm0
 2984        movdqa	%xmm0, %xmm1
 2985        psrldq	$4, %xmm1
 2986        pslldq	$12, %xmm0
 2987        pxor	%xmm0, %xmm7
 2988        movdqa	%xmm7, %xmm2
 2989        movdqa	%xmm7, %xmm3
 2990        movdqa	%xmm7, %xmm0
 2991        psrld	$0x01, %xmm2
 2992        psrld	$2, %xmm3
 2993        psrld	$7, %xmm0
 2994        pxor	%xmm3, %xmm2
 2995        pxor	%xmm0, %xmm2
 2996        pxor	%xmm1, %xmm2
 2997        pxor	%xmm7, %xmm2
 2998        pxor	%xmm2, %xmm4
 2999        addl	$16, %ecx
 3000        cmpl	%edx, %ecx
 3001        jl	L_AES_GCM_init_aesni_calc_iv_16_loop
 3002        movl	48(%esp), %edx
 3003        cmpl	%edx, %ecx
 3004        je	L_AES_GCM_init_aesni_calc_iv_done
 3005L_AES_GCM_init_aesni_calc_iv_lt16:
 3006        subl	$16, %esp
 3007        pxor	%xmm0, %xmm0
 3008        xorl	%ebx, %ebx
 3009        movdqu	%xmm0, (%esp)
 3010L_AES_GCM_init_aesni_calc_iv_loop:
 3011        movzbl	(%esi,%ecx,1), %eax
 3012        movb	%al, (%esp,%ebx,1)
 3013        incl	%ecx
 3014        incl	%ebx
 3015        cmpl	%edx, %ecx
 3016        jl	L_AES_GCM_init_aesni_calc_iv_loop
 3017        movdqu	(%esp), %xmm0
 3018        addl	$16, %esp
 3019        pshufb	L_aes_gcm_bswap_mask, %xmm0
 3020        pxor	%xmm0, %xmm4
 3021        pshufd	$0x4e, %xmm4, %xmm1
 3022        pshufd	$0x4e, %xmm5, %xmm2
 3023        movdqa	%xmm5, %xmm3
 3024        movdqa	%xmm5, %xmm0
 3025        pclmulqdq	$0x11, %xmm4, %xmm3
 3026        pclmulqdq	$0x00, %xmm4, %xmm0
 3027        pxor	%xmm4, %xmm1
 3028        pxor	%xmm5, %xmm2
 3029        pclmulqdq	$0x00, %xmm2, %xmm1
 3030        pxor	%xmm0, %xmm1
 3031        pxor	%xmm3, %xmm1
 3032        movdqa	%xmm1, %xmm2
 3033        movdqa	%xmm0, %xmm7
 3034        movdqa	%xmm3, %xmm4
 3035        pslldq	$8, %xmm2
 3036        psrldq	$8, %xmm1
 3037        pxor	%xmm2, %xmm7
 3038        pxor	%xmm1, %xmm4
 3039        movdqa	%xmm7, %xmm0
 3040        movdqa	%xmm4, %xmm1
 3041        psrld	$31, %xmm0
 3042        psrld	$31, %xmm1
 3043        pslld	$0x01, %xmm7
 3044        pslld	$0x01, %xmm4
 3045        movdqa	%xmm0, %xmm2
 3046        pslldq	$4, %xmm0
 3047        psrldq	$12, %xmm2
 3048        pslldq	$4, %xmm1
 3049        por	%xmm2, %xmm4
 3050        por	%xmm0, %xmm7
 3051        por	%xmm1, %xmm4
 3052        movdqa	%xmm7, %xmm0
 3053        movdqa	%xmm7, %xmm1
 3054        movdqa	%xmm7, %xmm2
 3055        pslld	$31, %xmm0
 3056        pslld	$30, %xmm1
 3057        pslld	$25, %xmm2
 3058        pxor	%xmm1, %xmm0
 3059        pxor	%xmm2, %xmm0
 3060        movdqa	%xmm0, %xmm1
 3061        psrldq	$4, %xmm1
 3062        pslldq	$12, %xmm0
 3063        pxor	%xmm0, %xmm7
 3064        movdqa	%xmm7, %xmm2
 3065        movdqa	%xmm7, %xmm3
 3066        movdqa	%xmm7, %xmm0
 3067        psrld	$0x01, %xmm2
 3068        psrld	$2, %xmm3
 3069        psrld	$7, %xmm0
 3070        pxor	%xmm3, %xmm2
 3071        pxor	%xmm0, %xmm2
 3072        pxor	%xmm1, %xmm2
 3073        pxor	%xmm7, %xmm2
 3074        pxor	%xmm2, %xmm4
 3075L_AES_GCM_init_aesni_calc_iv_done:
 3076        # T = Encrypt counter
 3077        pxor	%xmm0, %xmm0
 3078        shll	$3, %edx
 3079        pinsrd	$0x00, %edx, %xmm0
 3080        pxor	%xmm0, %xmm4
 3081        pshufd	$0x4e, %xmm4, %xmm1
 3082        pshufd	$0x4e, %xmm5, %xmm2
 3083        movdqa	%xmm5, %xmm3
 3084        movdqa	%xmm5, %xmm0
 3085        pclmulqdq	$0x11, %xmm4, %xmm3
 3086        pclmulqdq	$0x00, %xmm4, %xmm0
 3087        pxor	%xmm4, %xmm1
 3088        pxor	%xmm5, %xmm2
 3089        pclmulqdq	$0x00, %xmm2, %xmm1
 3090        pxor	%xmm0, %xmm1
 3091        pxor	%xmm3, %xmm1
 3092        movdqa	%xmm1, %xmm2
 3093        movdqa	%xmm0, %xmm7
 3094        movdqa	%xmm3, %xmm4
 3095        pslldq	$8, %xmm2
 3096        psrldq	$8, %xmm1
 3097        pxor	%xmm2, %xmm7
 3098        pxor	%xmm1, %xmm4
 3099        movdqa	%xmm7, %xmm0
 3100        movdqa	%xmm4, %xmm1
 3101        psrld	$31, %xmm0
 3102        psrld	$31, %xmm1
 3103        pslld	$0x01, %xmm7
 3104        pslld	$0x01, %xmm4
 3105        movdqa	%xmm0, %xmm2
 3106        pslldq	$4, %xmm0
 3107        psrldq	$12, %xmm2
 3108        pslldq	$4, %xmm1
 3109        por	%xmm2, %xmm4
 3110        por	%xmm0, %xmm7
 3111        por	%xmm1, %xmm4
 3112        movdqa	%xmm7, %xmm0
 3113        movdqa	%xmm7, %xmm1
 3114        movdqa	%xmm7, %xmm2
 3115        pslld	$31, %xmm0
 3116        pslld	$30, %xmm1
 3117        pslld	$25, %xmm2
 3118        pxor	%xmm1, %xmm0
 3119        pxor	%xmm2, %xmm0
 3120        movdqa	%xmm0, %xmm1
 3121        psrldq	$4, %xmm1
 3122        pslldq	$12, %xmm0
 3123        pxor	%xmm0, %xmm7
 3124        movdqa	%xmm7, %xmm2
 3125        movdqa	%xmm7, %xmm3
 3126        movdqa	%xmm7, %xmm0
 3127        psrld	$0x01, %xmm2
 3128        psrld	$2, %xmm3
 3129        psrld	$7, %xmm0
 3130        pxor	%xmm3, %xmm2
 3131        pxor	%xmm0, %xmm2
 3132        pxor	%xmm1, %xmm2
 3133        pxor	%xmm7, %xmm2
 3134        pxor	%xmm2, %xmm4
 3135        pshufb	L_aes_gcm_bswap_mask, %xmm4
 3136        #   Encrypt counter
 3137        movdqa	(%ebp), %xmm0
 3138        pxor	%xmm4, %xmm0
 3139        aesenc	16(%ebp), %xmm0
 3140        aesenc	32(%ebp), %xmm0
 3141        aesenc	48(%ebp), %xmm0
 3142        aesenc	64(%ebp), %xmm0
 3143        aesenc	80(%ebp), %xmm0
 3144        aesenc	96(%ebp), %xmm0
 3145        aesenc	112(%ebp), %xmm0
 3146        aesenc	128(%ebp), %xmm0
 3147        aesenc	144(%ebp), %xmm0
 3148        cmpl	$11, 40(%esp)
 3149        movdqa	160(%ebp), %xmm1
 3150        jl	L_AES_GCM_init_aesni_calc_iv_2_aesenc_avx_last
 3151        aesenc	%xmm1, %xmm0
 3152        aesenc	176(%ebp), %xmm0
 3153        cmpl	$13, 40(%esp)
 3154        movdqa	192(%ebp), %xmm1
 3155        jl	L_AES_GCM_init_aesni_calc_iv_2_aesenc_avx_last
 3156        aesenc	%xmm1, %xmm0
 3157        aesenc	208(%ebp), %xmm0
 3158        movdqa	224(%ebp), %xmm1
 3159L_AES_GCM_init_aesni_calc_iv_2_aesenc_avx_last:
 3160        aesenclast	%xmm1, %xmm0
 3161        movdqu	%xmm0, (%edi)
 3162L_AES_GCM_init_aesni_iv_done:
 3163        movl	52(%esp), %ebp
 3164        movl	56(%esp), %edi
 3165        pshufb	L_aes_gcm_bswap_epi64, %xmm4
 3166        paddd	L_aes_gcm_one, %xmm4
 3167        movdqa	%xmm5, (%ebp)
 3168        movdqa	%xmm4, (%edi)
 3169        addl	$16, %esp
 3170        popl	%ebp
 3171        popl	%edi
 3172        popl	%esi
 3173        popl	%ebx
 3174        ret
 3175.size	AES_GCM_init_aesni,.-AES_GCM_init_aesni
 3176.text
 3177.globl	AES_GCM_aad_update_aesni
 3178.type	AES_GCM_aad_update_aesni,@function
 3179.align	16
 3180AES_GCM_aad_update_aesni:
 3181        pushl	%esi
 3182        pushl	%edi
 3183        movl	12(%esp), %esi
 3184        movl	16(%esp), %edx
 3185        movl	20(%esp), %edi
 3186        movl	24(%esp), %eax
 3187        movdqa	(%edi), %xmm5
 3188        movdqa	(%eax), %xmm6
 3189        xorl	%ecx, %ecx
 3190L_AES_GCM_aad_update_aesni_16_loop:
 3191        movdqu	(%esi,%ecx,1), %xmm0
 3192        pshufb	L_aes_gcm_bswap_mask, %xmm0
 3193        pxor	%xmm0, %xmm5
 3194        pshufd	$0x4e, %xmm5, %xmm1
 3195        pshufd	$0x4e, %xmm6, %xmm2
 3196        movdqa	%xmm6, %xmm3
 3197        movdqa	%xmm6, %xmm0
 3198        pclmulqdq	$0x11, %xmm5, %xmm3
 3199        pclmulqdq	$0x00, %xmm5, %xmm0
 3200        pxor	%xmm5, %xmm1
 3201        pxor	%xmm6, %xmm2
 3202        pclmulqdq	$0x00, %xmm2, %xmm1
 3203        pxor	%xmm0, %xmm1
 3204        pxor	%xmm3, %xmm1
 3205        movdqa	%xmm1, %xmm2
 3206        movdqa	%xmm0, %xmm4
 3207        movdqa	%xmm3, %xmm5
 3208        pslldq	$8, %xmm2
 3209        psrldq	$8, %xmm1
 3210        pxor	%xmm2, %xmm4
 3211        pxor	%xmm1, %xmm5
 3212        movdqa	%xmm4, %xmm0
 3213        movdqa	%xmm5, %xmm1
 3214        psrld	$31, %xmm0
 3215        psrld	$31, %xmm1
 3216        pslld	$0x01, %xmm4
 3217        pslld	$0x01, %xmm5
 3218        movdqa	%xmm0, %xmm2
 3219        pslldq	$4, %xmm0
 3220        psrldq	$12, %xmm2
 3221        pslldq	$4, %xmm1
 3222        por	%xmm2, %xmm5
 3223        por	%xmm0, %xmm4
 3224        por	%xmm1, %xmm5
 3225        movdqa	%xmm4, %xmm0
 3226        movdqa	%xmm4, %xmm1
 3227        movdqa	%xmm4, %xmm2
 3228        pslld	$31, %xmm0
 3229        pslld	$30, %xmm1
 3230        pslld	$25, %xmm2
 3231        pxor	%xmm1, %xmm0
 3232        pxor	%xmm2, %xmm0
 3233        movdqa	%xmm0, %xmm1
 3234        psrldq	$4, %xmm1
 3235        pslldq	$12, %xmm0
 3236        pxor	%xmm0, %xmm4
 3237        movdqa	%xmm4, %xmm2
 3238        movdqa	%xmm4, %xmm3
 3239        movdqa	%xmm4, %xmm0
 3240        psrld	$0x01, %xmm2
 3241        psrld	$2, %xmm3
 3242        psrld	$7, %xmm0
 3243        pxor	%xmm3, %xmm2
 3244        pxor	%xmm0, %xmm2
 3245        pxor	%xmm1, %xmm2
 3246        pxor	%xmm4, %xmm2
 3247        pxor	%xmm2, %xmm5
 3248        addl	$16, %ecx
 3249        cmpl	%edx, %ecx
 3250        jl	L_AES_GCM_aad_update_aesni_16_loop
 3251        movdqa	%xmm5, (%edi)
 3252        popl	%edi
 3253        popl	%esi
 3254        ret
 3255.size	AES_GCM_aad_update_aesni,.-AES_GCM_aad_update_aesni
 3256.text
 3257.globl	AES_GCM_encrypt_block_aesni
 3258.type	AES_GCM_encrypt_block_aesni,@function
 3259.align	16
 3260AES_GCM_encrypt_block_aesni:
 3261        pushl	%esi
 3262        pushl	%edi
 3263        movl	12(%esp), %ecx
 3264        movl	16(%esp), %eax
 3265        movl	20(%esp), %edi
 3266        movl	24(%esp), %esi
 3267        movl	28(%esp), %edx
 3268        movdqu	(%edx), %xmm0
 3269        movdqa	%xmm0, %xmm1
 3270        pshufb	L_aes_gcm_bswap_epi64, %xmm0
 3271        paddd	L_aes_gcm_one, %xmm1
 3272        pxor	(%ecx), %xmm0
 3273        movdqu	%xmm1, (%edx)
 3274        aesenc	16(%ecx), %xmm0
 3275        aesenc	32(%ecx), %xmm0
 3276        aesenc	48(%ecx), %xmm0
 3277        aesenc	64(%ecx), %xmm0
 3278        aesenc	80(%ecx), %xmm0
 3279        aesenc	96(%ecx), %xmm0
 3280        aesenc	112(%ecx), %xmm0
 3281        aesenc	128(%ecx), %xmm0
 3282        aesenc	144(%ecx), %xmm0
 3283        cmpl	$11, %eax
 3284        movdqa	160(%ecx), %xmm1
 3285        jl	L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last
 3286        aesenc	%xmm1, %xmm0
 3287        aesenc	176(%ecx), %xmm0
 3288        cmpl	$13, %eax
 3289        movdqa	192(%ecx), %xmm1
 3290        jl	L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last
 3291        aesenc	%xmm1, %xmm0
 3292        aesenc	208(%ecx), %xmm0
 3293        movdqa	224(%ecx), %xmm1
 3294L_AES_GCM_encrypt_block_aesni_aesenc_block_aesenc_avx_last:
 3295        aesenclast	%xmm1, %xmm0
 3296        movdqu	(%esi), %xmm1
 3297        pxor	%xmm1, %xmm0
 3298        movdqu	%xmm0, (%edi)
 3299        pshufb	L_aes_gcm_bswap_mask, %xmm0
 3300        popl	%edi
 3301        popl	%esi
 3302        ret
 3303.size	AES_GCM_encrypt_block_aesni,.-AES_GCM_encrypt_block_aesni
 3304.text
 3305.globl	AES_GCM_ghash_block_aesni
 3306.type	AES_GCM_ghash_block_aesni,@function
 3307.align	16
 3308AES_GCM_ghash_block_aesni:
 3309        movl	4(%esp), %edx
 3310        movl	8(%esp), %eax
 3311        movl	12(%esp), %ecx
 3312        movdqa	(%eax), %xmm4
 3313        movdqa	(%ecx), %xmm5
 3314        movdqu	(%edx), %xmm0
 3315        pshufb	L_aes_gcm_bswap_mask, %xmm0
 3316        pxor	%xmm0, %xmm4
 3317        pshufd	$0x4e, %xmm4, %xmm1
 3318        pshufd	$0x4e, %xmm5, %xmm2
 3319        movdqa	%xmm5, %xmm3
 3320        movdqa	%xmm5, %xmm0
 3321        pclmulqdq	$0x11, %xmm4, %xmm3
 3322        pclmulqdq	$0x00, %xmm4, %xmm0
 3323        pxor	%xmm4, %xmm1
 3324        pxor	%xmm5, %xmm2
 3325        pclmulqdq	$0x00, %xmm2, %xmm1
 3326        pxor	%xmm0, %xmm1
 3327        pxor	%xmm3, %xmm1
 3328        movdqa	%xmm1, %xmm2
 3329        movdqa	%xmm0, %xmm6
 3330        movdqa	%xmm3, %xmm4
 3331        pslldq	$8, %xmm2
 3332        psrldq	$8, %xmm1
 3333        pxor	%xmm2, %xmm6
 3334        pxor	%xmm1, %xmm4
 3335        movdqa	%xmm6, %xmm0
 3336        movdqa	%xmm4, %xmm1
 3337        psrld	$31, %xmm0
 3338        psrld	$31, %xmm1
 3339        pslld	$0x01, %xmm6
 3340        pslld	$0x01, %xmm4
 3341        movdqa	%xmm0, %xmm2
 3342        pslldq	$4, %xmm0
 3343        psrldq	$12, %xmm2
 3344        pslldq	$4, %xmm1
 3345        por	%xmm2, %xmm4
 3346        por	%xmm0, %xmm6
 3347        por	%xmm1, %xmm4
 3348        movdqa	%xmm6, %xmm0
 3349        movdqa	%xmm6, %xmm1
 3350        movdqa	%xmm6, %xmm2
 3351        pslld	$31, %xmm0
 3352        pslld	$30, %xmm1
 3353        pslld	$25, %xmm2
 3354        pxor	%xmm1, %xmm0
 3355        pxor	%xmm2, %xmm0
 3356        movdqa	%xmm0, %xmm1
 3357        psrldq	$4, %xmm1
 3358        pslldq	$12, %xmm0
 3359        pxor	%xmm0, %xmm6
 3360        movdqa	%xmm6, %xmm2
 3361        movdqa	%xmm6, %xmm3
 3362        movdqa	%xmm6, %xmm0
 3363        psrld	$0x01, %xmm2
 3364        psrld	$2, %xmm3
 3365        psrld	$7, %xmm0
 3366        pxor	%xmm3, %xmm2
 3367        pxor	%xmm0, %xmm2
 3368        pxor	%xmm1, %xmm2
 3369        pxor	%xmm6, %xmm2
 3370        pxor	%xmm2, %xmm4
 3371        movdqa	%xmm4, (%eax)
 3372        ret
 3373.size	AES_GCM_ghash_block_aesni,.-AES_GCM_ghash_block_aesni
 3374.text
 3375.globl	AES_GCM_encrypt_update_aesni
 3376.type	AES_GCM_encrypt_update_aesni,@function
 3377.align	16
 3378AES_GCM_encrypt_update_aesni:
 3379        pushl	%ebx
 3380        pushl	%esi
 3381        pushl	%edi
 3382        pushl	%ebp
 3383        subl	$0x60, %esp
 3384        movl	144(%esp), %esi
 3385        movdqa	(%esi), %xmm4
 3386        movdqu	%xmm4, 64(%esp)
 3387        movl	136(%esp), %esi
 3388        movl	140(%esp), %ebp
 3389        movdqa	(%esi), %xmm6
 3390        movdqa	(%ebp), %xmm5
 3391        movdqu	%xmm6, 80(%esp)
 3392        movl	116(%esp), %ebp
 3393        movl	124(%esp), %edi
 3394        movl	128(%esp), %esi
 3395        movdqa	%xmm5, %xmm1
 3396        movdqa	%xmm5, %xmm0
 3397        psrlq	$63, %xmm1
 3398        psllq	$0x01, %xmm0
 3399        pslldq	$8, %xmm1
 3400        por	%xmm1, %xmm0
 3401        pshufd	$0xff, %xmm5, %xmm5
 3402        psrad	$31, %xmm5
 3403        pand	L_aes_gcm_mod2_128, %xmm5
 3404        pxor	%xmm0, %xmm5
 3405        xorl	%ebx, %ebx
 3406        cmpl	$0x40, 132(%esp)
 3407        movl	132(%esp), %eax
 3408        jl	L_AES_GCM_encrypt_update_aesni_done_64
 3409        andl	$0xffffffc0, %eax
 3410        movdqa	%xmm6, %xmm2
 3411        # H ^ 1
 3412        movdqu	%xmm5, (%esp)
 3413        # H ^ 2
 3414        pshufd	$0x4e, %xmm5, %xmm1
 3415        pshufd	$0x4e, %xmm5, %xmm2
 3416        movdqa	%xmm5, %xmm3
 3417        movdqa	%xmm5, %xmm0
 3418        pclmulqdq	$0x11, %xmm5, %xmm3
 3419        pclmulqdq	$0x00, %xmm5, %xmm0
 3420        pxor	%xmm5, %xmm1
 3421        pxor	%xmm5, %xmm2
 3422        pclmulqdq	$0x00, %xmm2, %xmm1
 3423        pxor	%xmm0, %xmm1
 3424        pxor	%xmm3, %xmm1
 3425        movdqa	%xmm1, %xmm2
 3426        movdqa	%xmm3, %xmm4
 3427        pslldq	$8, %xmm2
 3428        psrldq	$8, %xmm1
 3429        pxor	%xmm2, %xmm0
 3430        pxor	%xmm1, %xmm4
 3431        movdqa	%xmm0, %xmm1
 3432        movdqa	%xmm0, %xmm2
 3433        movdqa	%xmm0, %xmm3
 3434        pslld	$31, %xmm1
 3435        pslld	$30, %xmm2
 3436        pslld	$25, %xmm3
 3437        pxor	%xmm2, %xmm1
 3438        pxor	%xmm3, %xmm1
 3439        movdqa	%xmm1, %xmm3
 3440        psrldq	$4, %xmm3
 3441        pslldq	$12, %xmm1
 3442        pxor	%xmm1, %xmm0
 3443        movdqa	%xmm0, %xmm1
 3444        movdqa	%xmm0, %xmm2
 3445        psrld	$0x01, %xmm1
 3446        psrld	$2, %xmm2
 3447        pxor	%xmm2, %xmm1
 3448        pxor	%xmm0, %xmm1
 3449        psrld	$7, %xmm0
 3450        pxor	%xmm3, %xmm1
 3451        pxor	%xmm0, %xmm1
 3452        pxor	%xmm1, %xmm4
 3453        movdqu	%xmm4, 16(%esp)
 3454        # H ^ 3
 3455        pshufd	$0x4e, %xmm5, %xmm1
 3456        pshufd	$0x4e, %xmm4, %xmm2
 3457        movdqa	%xmm4, %xmm3
 3458        movdqa	%xmm4, %xmm0
 3459        pclmulqdq	$0x11, %xmm5, %xmm3
 3460        pclmulqdq	$0x00, %xmm5, %xmm0
 3461        pxor	%xmm5, %xmm1
 3462        pxor	%xmm4, %xmm2
 3463        pclmulqdq	$0x00, %xmm2, %xmm1
 3464        pxor	%xmm0, %xmm1
 3465        pxor	%xmm3, %xmm1
 3466        movdqa	%xmm1, %xmm2
 3467        movdqa	%xmm3, %xmm7
 3468        pslldq	$8, %xmm2
 3469        psrldq	$8, %xmm1
 3470        pxor	%xmm2, %xmm0
 3471        pxor	%xmm1, %xmm7
 3472        movdqa	%xmm0, %xmm1
 3473        movdqa	%xmm0, %xmm2
 3474        movdqa	%xmm0, %xmm3
 3475        pslld	$31, %xmm1
 3476        pslld	$30, %xmm2
 3477        pslld	$25, %xmm3
 3478        pxor	%xmm2, %xmm1
 3479        pxor	%xmm3, %xmm1
 3480        movdqa	%xmm1, %xmm3
 3481        psrldq	$4, %xmm3
 3482        pslldq	$12, %xmm1
 3483        pxor	%xmm1, %xmm0
 3484        movdqa	%xmm0, %xmm1
 3485        movdqa	%xmm0, %xmm2
 3486        psrld	$0x01, %xmm1
 3487        psrld	$2, %xmm2
 3488        pxor	%xmm2, %xmm1
 3489        pxor	%xmm0, %xmm1
 3490        psrld	$7, %xmm0
 3491        pxor	%xmm3, %xmm1
 3492        pxor	%xmm0, %xmm1
 3493        pxor	%xmm1, %xmm7
 3494        movdqu	%xmm7, 32(%esp)
 3495        # H ^ 4
 3496        pshufd	$0x4e, %xmm4, %xmm1
 3497        pshufd	$0x4e, %xmm4, %xmm2
 3498        movdqa	%xmm4, %xmm3
 3499        movdqa	%xmm4, %xmm0
 3500        pclmulqdq	$0x11, %xmm4, %xmm3
 3501        pclmulqdq	$0x00, %xmm4, %xmm0
 3502        pxor	%xmm4, %xmm1
 3503        pxor	%xmm4, %xmm2
 3504        pclmulqdq	$0x00, %xmm2, %xmm1
 3505        pxor	%xmm0, %xmm1
 3506        pxor	%xmm3, %xmm1
 3507        movdqa	%xmm1, %xmm2
 3508        movdqa	%xmm3, %xmm7
 3509        pslldq	$8, %xmm2
 3510        psrldq	$8, %xmm1
 3511        pxor	%xmm2, %xmm0
 3512        pxor	%xmm1, %xmm7
 3513        movdqa	%xmm0, %xmm1
 3514        movdqa	%xmm0, %xmm2
 3515        movdqa	%xmm0, %xmm3
 3516        pslld	$31, %xmm1
 3517        pslld	$30, %xmm2
 3518        pslld	$25, %xmm3
 3519        pxor	%xmm2, %xmm1
 3520        pxor	%xmm3, %xmm1
 3521        movdqa	%xmm1, %xmm3
 3522        psrldq	$4, %xmm3
 3523        pslldq	$12, %xmm1
 3524        pxor	%xmm1, %xmm0
 3525        movdqa	%xmm0, %xmm1
 3526        movdqa	%xmm0, %xmm2
 3527        psrld	$0x01, %xmm1
 3528        psrld	$2, %xmm2
 3529        pxor	%xmm2, %xmm1
 3530        pxor	%xmm0, %xmm1
 3531        psrld	$7, %xmm0
 3532        pxor	%xmm3, %xmm1
 3533        pxor	%xmm0, %xmm1
 3534        pxor	%xmm1, %xmm7
 3535        movdqu	%xmm7, 48(%esp)
 3536        # First 64 bytes of input
 3537        # Encrypt 64 bytes of counter
 3538        movdqu	64(%esp), %xmm0
 3539        movdqa	L_aes_gcm_bswap_epi64, %xmm7
 3540        movdqa	%xmm0, %xmm1
 3541        movdqa	%xmm0, %xmm2
 3542        movdqa	%xmm0, %xmm3
 3543        pshufb	%xmm7, %xmm0
 3544        paddd	L_aes_gcm_one, %xmm1
 3545        pshufb	%xmm7, %xmm1
 3546        paddd	L_aes_gcm_two, %xmm2
 3547        pshufb	%xmm7, %xmm2
 3548        paddd	L_aes_gcm_three, %xmm3
 3549        pshufb	%xmm7, %xmm3
 3550        movdqu	64(%esp), %xmm7
 3551        paddd	L_aes_gcm_four, %xmm7
 3552        movdqu	%xmm7, 64(%esp)
 3553        movdqa	(%ebp), %xmm7
 3554        pxor	%xmm7, %xmm0
 3555        pxor	%xmm7, %xmm1
 3556        pxor	%xmm7, %xmm2
 3557        pxor	%xmm7, %xmm3
 3558        movdqa	16(%ebp), %xmm7
 3559        aesenc	%xmm7, %xmm0
 3560        aesenc	%xmm7, %xmm1
 3561        aesenc	%xmm7, %xmm2
 3562        aesenc	%xmm7, %xmm3
 3563        movdqa	32(%ebp), %xmm7
 3564        aesenc	%xmm7, %xmm0
 3565        aesenc	%xmm7, %xmm1
 3566        aesenc	%xmm7, %xmm2
 3567        aesenc	%xmm7, %xmm3
 3568        movdqa	48(%ebp), %xmm7
 3569        aesenc	%xmm7, %xmm0
 3570        aesenc	%xmm7, %xmm1
 3571        aesenc	%xmm7, %xmm2
 3572        aesenc	%xmm7, %xmm3
 3573        movdqa	64(%ebp), %xmm7
 3574        aesenc	%xmm7, %xmm0
 3575        aesenc	%xmm7, %xmm1
 3576        aesenc	%xmm7, %xmm2
 3577        aesenc	%xmm7, %xmm3
 3578        movdqa	80(%ebp), %xmm7
 3579        aesenc	%xmm7, %xmm0
 3580        aesenc	%xmm7, %xmm1
 3581        aesenc	%xmm7, %xmm2
 3582        aesenc	%xmm7, %xmm3
 3583        movdqa	96(%ebp), %xmm7
 3584        aesenc	%xmm7, %xmm0
 3585        aesenc	%xmm7, %xmm1
 3586        aesenc	%xmm7, %xmm2
 3587        aesenc	%xmm7, %xmm3
 3588        movdqa	112(%ebp), %xmm7
 3589        aesenc	%xmm7, %xmm0
 3590        aesenc	%xmm7, %xmm1
 3591        aesenc	%xmm7, %xmm2
 3592        aesenc	%xmm7, %xmm3
 3593        movdqa	128(%ebp), %xmm7
 3594        aesenc	%xmm7, %xmm0
 3595        aesenc	%xmm7, %xmm1
 3596        aesenc	%xmm7, %xmm2
 3597        aesenc	%xmm7, %xmm3
 3598        movdqa	144(%ebp), %xmm7
 3599        aesenc	%xmm7, %xmm0
 3600        aesenc	%xmm7, %xmm1
 3601        aesenc	%xmm7, %xmm2
 3602        aesenc	%xmm7, %xmm3
 3603        cmpl	$11, 120(%esp)
 3604        movdqa	160(%ebp), %xmm7
 3605        jl	L_AES_GCM_encrypt_update_aesni_enc_done
 3606        aesenc	%xmm7, %xmm0
 3607        aesenc	%xmm7, %xmm1
 3608        aesenc	%xmm7, %xmm2
 3609        aesenc	%xmm7, %xmm3
 3610        movdqa	176(%ebp), %xmm7
 3611        aesenc	%xmm7, %xmm0
 3612        aesenc	%xmm7, %xmm1
 3613        aesenc	%xmm7, %xmm2
 3614        aesenc	%xmm7, %xmm3
 3615        cmpl	$13, 120(%esp)
 3616        movdqa	192(%ebp), %xmm7
 3617        jl	L_AES_GCM_encrypt_update_aesni_enc_done
 3618        aesenc	%xmm7, %xmm0
 3619        aesenc	%xmm7, %xmm1
 3620        aesenc	%xmm7, %xmm2
 3621        aesenc	%xmm7, %xmm3
 3622        movdqa	208(%ebp), %xmm7
 3623        aesenc	%xmm7, %xmm0
 3624        aesenc	%xmm7, %xmm1
 3625        aesenc	%xmm7, %xmm2
 3626        aesenc	%xmm7, %xmm3
 3627        movdqa	224(%ebp), %xmm7
 3628L_AES_GCM_encrypt_update_aesni_enc_done:
 3629        aesenclast	%xmm7, %xmm0
 3630        aesenclast	%xmm7, %xmm1
 3631        movdqu	(%esi), %xmm4
 3632        movdqu	16(%esi), %xmm5
 3633        pxor	%xmm4, %xmm0
 3634        pxor	%xmm5, %xmm1
 3635        movdqu	%xmm0, (%edi)
 3636        movdqu	%xmm1, 16(%edi)
 3637        aesenclast	%xmm7, %xmm2
 3638        aesenclast	%xmm7, %xmm3
 3639        movdqu	32(%esi), %xmm4
 3640        movdqu	48(%esi), %xmm5
 3641        pxor	%xmm4, %xmm2
 3642        pxor	%xmm5, %xmm3
 3643        movdqu	%xmm2, 32(%edi)
 3644        movdqu	%xmm3, 48(%edi)
 3645        cmpl	$0x40, %eax
 3646        movl	$0x40, %ebx
 3647        jle	L_AES_GCM_encrypt_update_aesni_end_64
 3648        # More 64 bytes of input
 3649L_AES_GCM_encrypt_update_aesni_ghash_64:
 3650        leal	(%esi,%ebx,1), %ecx
 3651        leal	(%edi,%ebx,1), %edx
 3652        # Encrypt 64 bytes of counter
 3653        movdqu	64(%esp), %xmm0
 3654        movdqa	L_aes_gcm_bswap_epi64, %xmm7
 3655        movdqa	%xmm0, %xmm1
 3656        movdqa	%xmm0, %xmm2
 3657        movdqa	%xmm0, %xmm3
 3658        pshufb	%xmm7, %xmm0
 3659        paddd	L_aes_gcm_one, %xmm1
 3660        pshufb	%xmm7, %xmm1
 3661        paddd	L_aes_gcm_two, %xmm2
 3662        pshufb	%xmm7, %xmm2
 3663        paddd	L_aes_gcm_three, %xmm3
 3664        pshufb	%xmm7, %xmm3
 3665        movdqu	64(%esp), %xmm7
 3666        paddd	L_aes_gcm_four, %xmm7
 3667        movdqu	%xmm7, 64(%esp)
 3668        movdqa	(%ebp), %xmm7
 3669        pxor	%xmm7, %xmm0
 3670        pxor	%xmm7, %xmm1
 3671        pxor	%xmm7, %xmm2
 3672        pxor	%xmm7, %xmm3
 3673        movdqa	16(%ebp), %xmm7
 3674        aesenc	%xmm7, %xmm0
 3675        aesenc	%xmm7, %xmm1
 3676        aesenc	%xmm7, %xmm2
 3677        aesenc	%xmm7, %xmm3
 3678        movdqa	32(%ebp), %xmm7
 3679        aesenc	%xmm7, %xmm0
 3680        aesenc	%xmm7, %xmm1
 3681        aesenc	%xmm7, %xmm2
 3682        aesenc	%xmm7, %xmm3
 3683        movdqa	48(%ebp), %xmm7
 3684        aesenc	%xmm7, %xmm0
 3685        aesenc	%xmm7, %xmm1
 3686        aesenc	%xmm7, %xmm2
 3687        aesenc	%xmm7, %xmm3
 3688        movdqa	64(%ebp), %xmm7
 3689        aesenc	%xmm7, %xmm0
 3690        aesenc	%xmm7, %xmm1
 3691        aesenc	%xmm7, %xmm2
 3692        aesenc	%xmm7, %xmm3
 3693        movdqa	80(%ebp), %xmm7
 3694        aesenc	%xmm7, %xmm0
 3695        aesenc	%xmm7, %xmm1
 3696        aesenc	%xmm7, %xmm2
 3697        aesenc	%xmm7, %xmm3
 3698        movdqa	96(%ebp), %xmm7
 3699        aesenc	%xmm7, %xmm0
 3700        aesenc	%xmm7, %xmm1
 3701        aesenc	%xmm7, %xmm2
 3702        aesenc	%xmm7, %xmm3
 3703        movdqa	112(%ebp), %xmm7
 3704        aesenc	%xmm7, %xmm0
 3705        aesenc	%xmm7, %xmm1
 3706        aesenc	%xmm7, %xmm2
 3707        aesenc	%xmm7, %xmm3
 3708        movdqa	128(%ebp), %xmm7
 3709        aesenc	%xmm7, %xmm0
 3710        aesenc	%xmm7, %xmm1
 3711        aesenc	%xmm7, %xmm2
 3712        aesenc	%xmm7, %xmm3
 3713        movdqa	144(%ebp), %xmm7
 3714        aesenc	%xmm7, %xmm0
 3715        aesenc	%xmm7, %xmm1
 3716        aesenc	%xmm7, %xmm2
 3717        aesenc	%xmm7, %xmm3
 3718        cmpl	$11, 120(%esp)
 3719        movdqa	160(%ebp), %xmm7
 3720        jl	L_AES_GCM_encrypt_update_aesni_aesenc_64_ghash_avx_done
 3721        aesenc	%xmm7, %xmm0
 3722        aesenc	%xmm7, %xmm1
 3723        aesenc	%xmm7, %xmm2
 3724        aesenc	%xmm7, %xmm3
 3725        movdqa	176(%ebp), %xmm7
 3726        aesenc	%xmm7, %xmm0
 3727        aesenc	%xmm7, %xmm1
 3728        aesenc	%xmm7, %xmm2
 3729        aesenc	%xmm7, %xmm3
 3730        cmpl	$13, 120(%esp)
 3731        movdqa	192(%ebp), %xmm7
 3732        jl	L_AES_GCM_encrypt_update_aesni_aesenc_64_ghash_avx_done
 3733        aesenc	%xmm7, %xmm0
 3734        aesenc	%xmm7, %xmm1
 3735        aesenc	%xmm7, %xmm2
 3736        aesenc	%xmm7, %xmm3
 3737        movdqa	208(%ebp), %xmm7
 3738        aesenc	%xmm7, %xmm0
 3739        aesenc	%xmm7, %xmm1
 3740        aesenc	%xmm7, %xmm2
 3741        aesenc	%xmm7, %xmm3
 3742        movdqa	224(%ebp), %xmm7
 3743L_AES_GCM_encrypt_update_aesni_aesenc_64_ghash_avx_done:
 3744        aesenclast	%xmm7, %xmm0
 3745        aesenclast	%xmm7, %xmm1
 3746        movdqu	(%ecx), %xmm4
 3747        movdqu	16(%ecx), %xmm5
 3748        pxor	%xmm4, %xmm0
 3749        pxor	%xmm5, %xmm1
 3750        movdqu	%xmm0, (%edx)
 3751        movdqu	%xmm1, 16(%edx)
 3752        aesenclast	%xmm7, %xmm2
 3753        aesenclast	%xmm7, %xmm3
 3754        movdqu	32(%ecx), %xmm4
 3755        movdqu	48(%ecx), %xmm5
 3756        pxor	%xmm4, %xmm2
 3757        pxor	%xmm5, %xmm3
 3758        movdqu	%xmm2, 32(%edx)
 3759        movdqu	%xmm3, 48(%edx)
 3760        # ghash encrypted counter
 3761        movdqu	80(%esp), %xmm2
 3762        movdqu	48(%esp), %xmm7
 3763        movdqu	-64(%edx), %xmm0
 3764        pshufb	L_aes_gcm_bswap_mask, %xmm0
 3765        pxor	%xmm2, %xmm0
 3766        pshufd	$0x4e, %xmm7, %xmm1
 3767        pshufd	$0x4e, %xmm0, %xmm5
 3768        pxor	%xmm7, %xmm1
 3769        pxor	%xmm0, %xmm5
 3770        movdqa	%xmm0, %xmm3
 3771        pclmulqdq	$0x11, %xmm7, %xmm3
 3772        movdqa	%xmm0, %xmm2
 3773        pclmulqdq	$0x00, %xmm7, %xmm2
 3774        pclmulqdq	$0x00, %xmm5, %xmm1
 3775        pxor	%xmm2, %xmm1
 3776        pxor	%xmm3, %xmm1
 3777        movdqu	32(%esp), %xmm7
 3778        movdqu	-48(%edx), %xmm0
 3779        pshufd	$0x4e, %xmm7, %xmm4
 3780        pshufb	L_aes_gcm_bswap_mask, %xmm0
 3781        pxor	%xmm7, %xmm4
 3782        pshufd	$0x4e, %xmm0, %xmm5
 3783        pxor	%xmm0, %xmm5
 3784        movdqa	%xmm0, %xmm6
 3785        pclmulqdq	$0x11, %xmm7, %xmm6
 3786        pclmulqdq	$0x00, %xmm0, %xmm7
 3787        pclmulqdq	$0x00, %xmm5, %xmm4
 3788        pxor	%xmm7, %xmm1
 3789        pxor	%xmm7, %xmm2
 3790        pxor	%xmm6, %xmm1
 3791        pxor	%xmm6, %xmm3
 3792        pxor	%xmm4, %xmm1
 3793        movdqu	16(%esp), %xmm7
 3794        movdqu	-32(%edx), %xmm0
 3795        pshufd	$0x4e, %xmm7, %xmm4
 3796        pshufb	L_aes_gcm_bswap_mask, %xmm0
 3797        pxor	%xmm7, %xmm4
 3798        pshufd	$0x4e, %xmm0, %xmm5
 3799        pxor	%xmm0, %xmm5
 3800        movdqa	%xmm0, %xmm6
 3801        pclmulqdq	$0x11, %xmm7, %xmm6
 3802        pclmulqdq	$0x00, %xmm0, %xmm7
 3803        pclmulqdq	$0x00, %xmm5, %xmm4
 3804        pxor	%xmm7, %xmm1
 3805        pxor	%xmm7, %xmm2
 3806        pxor	%xmm6, %xmm1
 3807        pxor	%xmm6, %xmm3
 3808        pxor	%xmm4, %xmm1
 3809        movdqu	(%esp), %xmm7
 3810        movdqu	-16(%edx), %xmm0
 3811        pshufd	$0x4e, %xmm7, %xmm4
 3812        pshufb	L_aes_gcm_bswap_mask, %xmm0
 3813        pxor	%xmm7, %xmm4
 3814        pshufd	$0x4e, %xmm0, %xmm5
 3815        pxor	%xmm0, %xmm5
 3816        movdqa	%xmm0, %xmm6
 3817        pclmulqdq	$0x11, %xmm7, %xmm6
 3818        pclmulqdq	$0x00, %xmm0, %xmm7
 3819        pclmulqdq	$0x00, %xmm5, %xmm4
 3820        pxor	%xmm7, %xmm1
 3821        pxor	%xmm7, %xmm2
 3822        pxor	%xmm6, %xmm1
 3823        pxor	%xmm6, %xmm3
 3824        pxor	%xmm4, %xmm1
 3825        movdqa	%xmm1, %xmm5
 3826        psrldq	$8, %xmm1
 3827        pslldq	$8, %xmm5
 3828        pxor	%xmm5, %xmm2
 3829        pxor	%xmm1, %xmm3
 3830        movdqa	%xmm2, %xmm7
 3831        movdqa	%xmm2, %xmm4
 3832        movdqa	%xmm2, %xmm5
 3833        pslld	$31, %xmm7
 3834        pslld	$30, %xmm4
 3835        pslld	$25, %xmm5
 3836        pxor	%xmm4, %xmm7
 3837        pxor	%xmm5, %xmm7
 3838        movdqa	%xmm7, %xmm4
 3839        pslldq	$12, %xmm7
 3840        psrldq	$4, %xmm4
 3841        pxor	%xmm7, %xmm2
 3842        movdqa	%xmm2, %xmm5
 3843        movdqa	%xmm2, %xmm1
 3844        movdqa	%xmm2, %xmm0
 3845        psrld	$0x01, %xmm5
 3846        psrld	$2, %xmm1
 3847        psrld	$7, %xmm0
 3848        pxor	%xmm1, %xmm5
 3849        pxor	%xmm0, %xmm5
 3850        pxor	%xmm4, %xmm5
 3851        pxor	%xmm5, %xmm2
 3852        pxor	%xmm3, %xmm2
 3853        movdqu	%xmm2, 80(%esp)
 3854        addl	$0x40, %ebx
 3855        cmpl	%eax, %ebx
 3856        jl	L_AES_GCM_encrypt_update_aesni_ghash_64
 3857L_AES_GCM_encrypt_update_aesni_end_64:
 3858        movdqu	80(%esp), %xmm6
 3859        # Block 1
 3860        movdqa	L_aes_gcm_bswap_mask, %xmm0
 3861        movdqu	(%edx), %xmm5
 3862        pshufb	%xmm0, %xmm5
 3863        movdqu	48(%esp), %xmm7
 3864        pxor	%xmm6, %xmm5
 3865        pshufd	$0x4e, %xmm5, %xmm1
 3866        pshufd	$0x4e, %xmm7, %xmm2
 3867        movdqa	%xmm7, %xmm3
 3868        movdqa	%xmm7, %xmm0
 3869        pclmulqdq	$0x11, %xmm5, %xmm3
 3870        pclmulqdq	$0x00, %xmm5, %xmm0
 3871        pxor	%xmm5, %xmm1
 3872        pxor	%xmm7, %xmm2
 3873        pclmulqdq	$0x00, %xmm2, %xmm1
 3874        pxor	%xmm0, %xmm1
 3875        pxor	%xmm3, %xmm1
 3876        movdqa	%xmm1, %xmm2
 3877        movdqa	%xmm0, %xmm4
 3878        movdqa	%xmm3, %xmm6
 3879        pslldq	$8, %xmm2
 3880        psrldq	$8, %xmm1
 3881        pxor	%xmm2, %xmm4
 3882        pxor	%xmm1, %xmm6
 3883        # Block 2
 3884        movdqa	L_aes_gcm_bswap_mask, %xmm0
 3885        movdqu	16(%edx), %xmm5
 3886        pshufb	%xmm0, %xmm5
 3887        movdqu	32(%esp), %xmm7
 3888        pshufd	$0x4e, %xmm5, %xmm1
 3889        pshufd	$0x4e, %xmm7, %xmm2
 3890        movdqa	%xmm7, %xmm3
 3891        movdqa	%xmm7, %xmm0
 3892        pclmulqdq	$0x11, %xmm5, %xmm3
 3893        pclmulqdq	$0x00, %xmm5, %xmm0
 3894        pxor	%xmm5, %xmm1
 3895        pxor	%xmm7, %xmm2
 3896        pclmulqdq	$0x00, %xmm2, %xmm1
 3897        pxor	%xmm0, %xmm1
 3898        pxor	%xmm3, %xmm1
 3899        movdqa	%xmm1, %xmm2
 3900        pxor	%xmm0, %xmm4
 3901        pxor	%xmm3, %xmm6
 3902        pslldq	$8, %xmm2
 3903        psrldq	$8, %xmm1
 3904        pxor	%xmm2, %xmm4
 3905        pxor	%xmm1, %xmm6
 3906        # Block 3
 3907        movdqa	L_aes_gcm_bswap_mask, %xmm0
 3908        movdqu	32(%edx), %xmm5
 3909        pshufb	%xmm0, %xmm5
 3910        movdqu	16(%esp), %xmm7
 3911        pshufd	$0x4e, %xmm5, %xmm1
 3912        pshufd	$0x4e, %xmm7, %xmm2
 3913        movdqa	%xmm7, %xmm3
 3914        movdqa	%xmm7, %xmm0
 3915        pclmulqdq	$0x11, %xmm5, %xmm3
 3916        pclmulqdq	$0x00, %xmm5, %xmm0
 3917        pxor	%xmm5, %xmm1
 3918        pxor	%xmm7, %xmm2
 3919        pclmulqdq	$0x00, %xmm2, %xmm1
 3920        pxor	%xmm0, %xmm1
 3921        pxor	%xmm3, %xmm1
 3922        movdqa	%xmm1, %xmm2
 3923        pxor	%xmm0, %xmm4
 3924        pxor	%xmm3, %xmm6
 3925        pslldq	$8, %xmm2
 3926        psrldq	$8, %xmm1
 3927        pxor	%xmm2, %xmm4
 3928        pxor	%xmm1, %xmm6
 3929        # Block 4
 3930        movdqa	L_aes_gcm_bswap_mask, %xmm0
 3931        movdqu	48(%edx), %xmm5
 3932        pshufb	%xmm0, %xmm5
 3933        movdqu	(%esp), %xmm7
 3934        pshufd	$0x4e, %xmm5, %xmm1
 3935        pshufd	$0x4e, %xmm7, %xmm2
 3936        movdqa	%xmm7, %xmm3
 3937        movdqa	%xmm7, %xmm0
 3938        pclmulqdq	$0x11, %xmm5, %xmm3
 3939        pclmulqdq	$0x00, %xmm5, %xmm0
 3940        pxor	%xmm5, %xmm1
 3941        pxor	%xmm7, %xmm2
 3942        pclmulqdq	$0x00, %xmm2, %xmm1
 3943        pxor	%xmm0, %xmm1
 3944        pxor	%xmm3, %xmm1
 3945        movdqa	%xmm1, %xmm2
 3946        pxor	%xmm0, %xmm4
 3947        pxor	%xmm3, %xmm6
 3948        pslldq	$8, %xmm2
 3949        psrldq	$8, %xmm1
 3950        pxor	%xmm2, %xmm4
 3951        pxor	%xmm1, %xmm6
 3952        movdqa	%xmm4, %xmm0
 3953        movdqa	%xmm4, %xmm1
 3954        movdqa	%xmm4, %xmm2
 3955        pslld	$31, %xmm0
 3956        pslld	$30, %xmm1
 3957        pslld	$25, %xmm2
 3958        pxor	%xmm1, %xmm0
 3959        pxor	%xmm2, %xmm0
 3960        movdqa	%xmm0, %xmm1
 3961        psrldq	$4, %xmm1
 3962        pslldq	$12, %xmm0
 3963        pxor	%xmm0, %xmm4
 3964        movdqa	%xmm4, %xmm2
 3965        movdqa	%xmm4, %xmm3
 3966        movdqa	%xmm4, %xmm0
 3967        psrld	$0x01, %xmm2
 3968        psrld	$2, %xmm3
 3969        psrld	$7, %xmm0
 3970        pxor	%xmm3, %xmm2
 3971        pxor	%xmm0, %xmm2
 3972        pxor	%xmm1, %xmm2
 3973        pxor	%xmm4, %xmm2
 3974        pxor	%xmm2, %xmm6
 3975        movdqu	(%esp), %xmm5
 3976L_AES_GCM_encrypt_update_aesni_done_64:
 3977        movl	132(%esp), %edx
 3978        cmpl	%edx, %ebx
 3979        jge	L_AES_GCM_encrypt_update_aesni_done_enc
 3980        movl	132(%esp), %eax
 3981        andl	$0xfffffff0, %eax
 3982        cmpl	%eax, %ebx
 3983        jge	L_AES_GCM_encrypt_update_aesni_last_block_done
 3984        leal	(%esi,%ebx,1), %ecx
 3985        leal	(%edi,%ebx,1), %edx
 3986        movdqu	64(%esp), %xmm0
 3987        movdqa	%xmm0, %xmm1
 3988        pshufb	L_aes_gcm_bswap_epi64, %xmm0
 3989        paddd	L_aes_gcm_one, %xmm1
 3990        pxor	(%ebp), %xmm0
 3991        movdqu	%xmm1, 64(%esp)
 3992        aesenc	16(%ebp), %xmm0
 3993        aesenc	32(%ebp), %xmm0
 3994        aesenc	48(%ebp), %xmm0
 3995        aesenc	64(%ebp), %xmm0
 3996        aesenc	80(%ebp), %xmm0
 3997        aesenc	96(%ebp), %xmm0
 3998        aesenc	112(%ebp), %xmm0
 3999        aesenc	128(%ebp), %xmm0
 4000        aesenc	144(%ebp), %xmm0
 4001        cmpl	$11, 120(%esp)
 4002        movdqa	160(%ebp), %xmm1
 4003        jl	L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last
 4004        aesenc	%xmm1, %xmm0
 4005        aesenc	176(%ebp), %xmm0
 4006        cmpl	$13, 120(%esp)
 4007        movdqa	192(%ebp), %xmm1
 4008        jl	L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last
 4009        aesenc	%xmm1, %xmm0
 4010        aesenc	208(%ebp), %xmm0
 4011        movdqa	224(%ebp), %xmm1
 4012L_AES_GCM_encrypt_update_aesni_aesenc_block_aesenc_avx_last:
 4013        aesenclast	%xmm1, %xmm0
 4014        movdqu	(%ecx), %xmm1
 4015        pxor	%xmm1, %xmm0
 4016        movdqu	%xmm0, (%edx)
 4017        pshufb	L_aes_gcm_bswap_mask, %xmm0
 4018        pxor	%xmm0, %xmm6
 4019        addl	$16, %ebx
 4020        cmpl	%eax, %ebx
 4021        jge	L_AES_GCM_encrypt_update_aesni_last_block_ghash
 4022L_AES_GCM_encrypt_update_aesni_last_block_start:
 4023        leal	(%esi,%ebx,1), %ecx
 4024        leal	(%edi,%ebx,1), %edx
 4025        movdqu	64(%esp), %xmm0
 4026        movdqa	%xmm0, %xmm1
 4027        pshufb	L_aes_gcm_bswap_epi64, %xmm0
 4028        paddd	L_aes_gcm_one, %xmm1
 4029        pxor	(%ebp), %xmm0
 4030        movdqu	%xmm1, 64(%esp)
 4031        movdqu	%xmm6, %xmm4
 4032        pclmulqdq	$16, %xmm5, %xmm4
 4033        aesenc	16(%ebp), %xmm0
 4034        aesenc	32(%ebp), %xmm0
 4035        movdqu	%xmm6, %xmm7
 4036        pclmulqdq	$0x01, %xmm5, %xmm7
 4037        aesenc	48(%ebp), %xmm0
 4038        aesenc	64(%ebp), %xmm0
 4039        aesenc	80(%ebp), %xmm0
 4040        movdqu	%xmm6, %xmm1
 4041        pclmulqdq	$0x11, %xmm5, %xmm1
 4042        aesenc	96(%ebp), %xmm0
 4043        pxor	%xmm7, %xmm4
 4044        movdqa	%xmm4, %xmm2
 4045        psrldq	$8, %xmm4
 4046        pslldq	$8, %xmm2
 4047        aesenc	112(%ebp), %xmm0
 4048        movdqu	%xmm6, %xmm7
 4049        pclmulqdq	$0x00, %xmm5, %xmm7
 4050        pxor	%xmm7, %xmm2
 4051        pxor	%xmm4, %xmm1
 4052        movdqa	L_aes_gcm_mod2_128, %xmm3
 4053        movdqa	%xmm2, %xmm7
 4054        pclmulqdq	$16, %xmm3, %xmm7
 4055        aesenc	128(%ebp), %xmm0
 4056        pshufd	$0x4e, %xmm2, %xmm4
 4057        pxor	%xmm7, %xmm4
 4058        movdqa	%xmm4, %xmm7
 4059        pclmulqdq	$16, %xmm3, %xmm7
 4060        aesenc	144(%ebp), %xmm0
 4061        pshufd	$0x4e, %xmm4, %xmm6
 4062        pxor	%xmm7, %xmm6
 4063        pxor	%xmm1, %xmm6
 4064        cmpl	$11, 120(%esp)
 4065        movdqa	160(%ebp), %xmm1
 4066        jl	L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last
 4067        aesenc	%xmm1, %xmm0
 4068        aesenc	176(%ebp), %xmm0
 4069        cmpl	$13, 120(%esp)
 4070        movdqa	192(%ebp), %xmm1
 4071        jl	L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last
 4072        aesenc	%xmm1, %xmm0
 4073        aesenc	208(%ebp), %xmm0
 4074        movdqa	224(%ebp), %xmm1
 4075L_AES_GCM_encrypt_update_aesni_aesenc_gfmul_last:
 4076        aesenclast	%xmm1, %xmm0
 4077        movdqu	(%ecx), %xmm1
 4078        pxor	%xmm1, %xmm0
 4079        movdqu	%xmm0, (%edx)
 4080        pshufb	L_aes_gcm_bswap_mask, %xmm0
 4081        pxor	%xmm0, %xmm6
 4082        addl	$16, %ebx
 4083        cmpl	%eax, %ebx
 4084        jl	L_AES_GCM_encrypt_update_aesni_last_block_start
 4085L_AES_GCM_encrypt_update_aesni_last_block_ghash:
 4086        pshufd	$0x4e, %xmm5, %xmm1
 4087        pshufd	$0x4e, %xmm6, %xmm2
 4088        movdqa	%xmm6, %xmm3
 4089        movdqa	%xmm6, %xmm0
 4090        pclmulqdq	$0x11, %xmm5, %xmm3
 4091        pclmulqdq	$0x00, %xmm5, %xmm0
 4092        pxor	%xmm5, %xmm1
 4093        pxor	%xmm6, %xmm2
 4094        pclmulqdq	$0x00, %xmm2, %xmm1
 4095        pxor	%xmm0, %xmm1
 4096        pxor	%xmm3, %xmm1
 4097        movdqa	%xmm1, %xmm2
 4098        movdqa	%xmm3, %xmm6
 4099        pslldq	$8, %xmm2
 4100        psrldq	$8, %xmm1
 4101        pxor	%xmm2, %xmm0
 4102        pxor	%xmm1, %xmm6
 4103        movdqa	%xmm0, %xmm1
 4104        movdqa	%xmm0, %xmm2
 4105        movdqa	%xmm0, %xmm3
 4106        pslld	$31, %xmm1
 4107        pslld	$30, %xmm2
 4108        pslld	$25, %xmm3
 4109        pxor	%xmm2, %xmm1
 4110        pxor	%xmm3, %xmm1
 4111        movdqa	%xmm1, %xmm3
 4112        psrldq	$4, %xmm3
 4113        pslldq	$12, %xmm1
 4114        pxor	%xmm1, %xmm0
 4115        movdqa	%xmm0, %xmm1
 4116        movdqa	%xmm0, %xmm2
 4117        psrld	$0x01, %xmm1
 4118        psrld	$2, %xmm2
 4119        pxor	%xmm2, %xmm1
 4120        pxor	%xmm0, %xmm1
 4121        psrld	$7, %xmm0
 4122        pxor	%xmm3, %xmm1
 4123        pxor	%xmm0, %xmm1
 4124        pxor	%xmm1, %xmm6
 4125L_AES_GCM_encrypt_update_aesni_last_block_done:
 4126L_AES_GCM_encrypt_update_aesni_done_enc:
 4127        movl	136(%esp), %esi
 4128        movl	144(%esp), %edi
 4129        movdqu	64(%esp), %xmm4
 4130        movdqa	%xmm6, (%esi)
 4131        movdqu	%xmm4, (%edi)
 4132        addl	$0x60, %esp
 4133        popl	%ebp
 4134        popl	%edi
 4135        popl	%esi
 4136        popl	%ebx
 4137        ret
 4138.size	AES_GCM_encrypt_update_aesni,.-AES_GCM_encrypt_update_aesni
 4139.text
 4140.globl	AES_GCM_encrypt_final_aesni
 4141.type	AES_GCM_encrypt_final_aesni,@function
 4142.align	16
 4143AES_GCM_encrypt_final_aesni:
 4144        pushl	%esi
 4145        pushl	%edi
 4146        pushl	%ebp
 4147        subl	$16, %esp
 4148        movl	32(%esp), %ebp
 4149        movl	52(%esp), %esi
 4150        movl	56(%esp), %edi
 4151        movdqa	(%ebp), %xmm4
 4152        movdqa	(%esi), %xmm5
 4153        movdqa	(%edi), %xmm6
 4154        movdqa	%xmm5, %xmm1
 4155        movdqa	%xmm5, %xmm0
 4156        psrlq	$63, %xmm1
 4157        psllq	$0x01, %xmm0
 4158        pslldq	$8, %xmm1
 4159        por	%xmm1, %xmm0
 4160        pshufd	$0xff, %xmm5, %xmm5
 4161        psrad	$31, %xmm5
 4162        pand	L_aes_gcm_mod2_128, %xmm5
 4163        pxor	%xmm0, %xmm5
 4164        movl	44(%esp), %edx
 4165        movl	48(%esp), %ecx
 4166        shll	$3, %edx
 4167        shll	$3, %ecx
 4168        pinsrd	$0x00, %edx, %xmm0
 4169        pinsrd	$2, %ecx, %xmm0
 4170        movl	44(%esp), %edx
 4171        movl	48(%esp), %ecx
 4172        shrl	$29, %edx
 4173        shrl	$29, %ecx
 4174        pinsrd	$0x01, %edx, %xmm0
 4175        pinsrd	$3, %ecx, %xmm0
 4176        pxor	%xmm0, %xmm4
 4177        pshufd	$0x4e, %xmm5, %xmm1
 4178        pshufd	$0x4e, %xmm4, %xmm2
 4179        movdqa	%xmm4, %xmm3
 4180        movdqa	%xmm4, %xmm0
 4181        pclmulqdq	$0x11, %xmm5, %xmm3
 4182        pclmulqdq	$0x00, %xmm5, %xmm0
 4183        pxor	%xmm5, %xmm1
 4184        pxor	%xmm4, %xmm2
 4185        pclmulqdq	$0x00, %xmm2, %xmm1
 4186        pxor	%xmm0, %xmm1
 4187        pxor	%xmm3, %xmm1
 4188        movdqa	%xmm1, %xmm2
 4189        movdqa	%xmm3, %xmm4
 4190        pslldq	$8, %xmm2
 4191        psrldq	$8, %xmm1
 4192        pxor	%xmm2, %xmm0
 4193        pxor	%xmm1, %xmm4
 4194        movdqa	%xmm0, %xmm1
 4195        movdqa	%xmm0, %xmm2
 4196        movdqa	%xmm0, %xmm3
 4197        pslld	$31, %xmm1
 4198        pslld	$30, %xmm2
 4199        pslld	$25, %xmm3
 4200        pxor	%xmm2, %xmm1
 4201        pxor	%xmm3, %xmm1
 4202        movdqa	%xmm1, %xmm3
 4203        psrldq	$4, %xmm3
 4204        pslldq	$12, %xmm1
 4205        pxor	%xmm1, %xmm0
 4206        movdqa	%xmm0, %xmm1
 4207        movdqa	%xmm0, %xmm2
 4208        psrld	$0x01, %xmm1
 4209        psrld	$2, %xmm2
 4210        pxor	%xmm2, %xmm1
 4211        pxor	%xmm0, %xmm1
 4212        psrld	$7, %xmm0
 4213        pxor	%xmm3, %xmm1
 4214        pxor	%xmm0, %xmm1
 4215        pxor	%xmm1, %xmm4
 4216        pshufb	L_aes_gcm_bswap_mask, %xmm4
 4217        movdqu	%xmm6, %xmm0
 4218        pxor	%xmm4, %xmm0
 4219        movl	36(%esp), %edi
 4220        cmpl	$16, 40(%esp)
 4221        je	L_AES_GCM_encrypt_final_aesni_store_tag_16
 4222        xorl	%ecx, %ecx
 4223        movdqu	%xmm0, (%esp)
 4224L_AES_GCM_encrypt_final_aesni_store_tag_loop:
 4225        movzbl	(%esp,%ecx,1), %eax
 4226        movb	%al, (%edi,%ecx,1)
 4227        incl	%ecx
 4228        cmpl	40(%esp), %ecx
 4229        jne	L_AES_GCM_encrypt_final_aesni_store_tag_loop
 4230        jmp	L_AES_GCM_encrypt_final_aesni_store_tag_done
 4231L_AES_GCM_encrypt_final_aesni_store_tag_16:
 4232        movdqu	%xmm0, (%edi)
 4233L_AES_GCM_encrypt_final_aesni_store_tag_done:
 4234        addl	$16, %esp
 4235        popl	%ebp
 4236        popl	%edi
 4237        popl	%esi
 4238        ret
 4239.size	AES_GCM_encrypt_final_aesni,.-AES_GCM_encrypt_final_aesni
 4240.text
 4241.globl	AES_GCM_decrypt_update_aesni
 4242.type	AES_GCM_decrypt_update_aesni,@function
 4243.align	16
 4244AES_GCM_decrypt_update_aesni:
 4245        pushl	%ebx
 4246        pushl	%esi
 4247        pushl	%edi
 4248        pushl	%ebp
 4249        subl	$0xa0, %esp
 4250        movl	208(%esp), %esi
 4251        movdqa	(%esi), %xmm4
 4252        movdqu	%xmm4, 64(%esp)
 4253        movl	200(%esp), %esi
 4254        movl	204(%esp), %ebp
 4255        movdqa	(%esi), %xmm6
 4256        movdqa	(%ebp), %xmm5
 4257        movdqu	%xmm6, 80(%esp)
 4258        movl	180(%esp), %ebp
 4259        movl	188(%esp), %edi
 4260        movl	192(%esp), %esi
 4261        movdqa	%xmm5, %xmm1
 4262        movdqa	%xmm5, %xmm0
 4263        psrlq	$63, %xmm1
 4264        psllq	$0x01, %xmm0
 4265        pslldq	$8, %xmm1
 4266        por	%xmm1, %xmm0
 4267        pshufd	$0xff, %xmm5, %xmm5
 4268        psrad	$31, %xmm5
 4269        pand	L_aes_gcm_mod2_128, %xmm5
 4270        pxor	%xmm0, %xmm5
 4271        xorl	%ebx, %ebx
 4272        cmpl	$0x40, 196(%esp)
 4273        movl	196(%esp), %eax
 4274        jl	L_AES_GCM_decrypt_update_aesni_done_64
 4275        andl	$0xffffffc0, %eax
 4276        movdqa	%xmm6, %xmm2
 4277        # H ^ 1
 4278        movdqu	%xmm5, (%esp)
 4279        # H ^ 2
 4280        pshufd	$0x4e, %xmm5, %xmm1
 4281        pshufd	$0x4e, %xmm5, %xmm2
 4282        movdqa	%xmm5, %xmm3
 4283        movdqa	%xmm5, %xmm0
 4284        pclmulqdq	$0x11, %xmm5, %xmm3
 4285        pclmulqdq	$0x00, %xmm5, %xmm0
 4286        pxor	%xmm5, %xmm1
 4287        pxor	%xmm5, %xmm2
 4288        pclmulqdq	$0x00, %xmm2, %xmm1
 4289        pxor	%xmm0, %xmm1
 4290        pxor	%xmm3, %xmm1
 4291        movdqa	%xmm1, %xmm2
 4292        movdqa	%xmm3, %xmm4
 4293        pslldq	$8, %xmm2
 4294        psrldq	$8, %xmm1
 4295        pxor	%xmm2, %xmm0
 4296        pxor	%xmm1, %xmm4
 4297        movdqa	%xmm0, %xmm1
 4298        movdqa	%xmm0, %xmm2
 4299        movdqa	%xmm0, %xmm3
 4300        pslld	$31, %xmm1
 4301        pslld	$30, %xmm2
 4302        pslld	$25, %xmm3
 4303        pxor	%xmm2, %xmm1
 4304        pxor	%xmm3, %xmm1
 4305        movdqa	%xmm1, %xmm3
 4306        psrldq	$4, %xmm3
 4307        pslldq	$12, %xmm1
 4308        pxor	%xmm1, %xmm0
 4309        movdqa	%xmm0, %xmm1
 4310        movdqa	%xmm0, %xmm2
 4311        psrld	$0x01, %xmm1
 4312        psrld	$2, %xmm2
 4313        pxor	%xmm2, %xmm1
 4314        pxor	%xmm0, %xmm1
 4315        psrld	$7, %xmm0
 4316        pxor	%xmm3, %xmm1
 4317        pxor	%xmm0, %xmm1
 4318        pxor	%xmm1, %xmm4
 4319        movdqu	%xmm4, 16(%esp)
 4320        # H ^ 3
 4321        pshufd	$0x4e, %xmm5, %xmm1
 4322        pshufd	$0x4e, %xmm4, %xmm2
 4323        movdqa	%xmm4, %xmm3
 4324        movdqa	%xmm4, %xmm0
 4325        pclmulqdq	$0x11, %xmm5, %xmm3
 4326        pclmulqdq	$0x00, %xmm5, %xmm0
 4327        pxor	%xmm5, %xmm1
 4328        pxor	%xmm4, %xmm2
 4329        pclmulqdq	$0x00, %xmm2, %xmm1
 4330        pxor	%xmm0, %xmm1
 4331        pxor	%xmm3, %xmm1
 4332        movdqa	%xmm1, %xmm2
 4333        movdqa	%xmm3, %xmm7
 4334        pslldq	$8, %xmm2
 4335        psrldq	$8, %xmm1
 4336        pxor	%xmm2, %xmm0
 4337        pxor	%xmm1, %xmm7
 4338        movdqa	%xmm0, %xmm1
 4339        movdqa	%xmm0, %xmm2
 4340        movdqa	%xmm0, %xmm3
 4341        pslld	$31, %xmm1
 4342        pslld	$30, %xmm2
 4343        pslld	$25, %xmm3
 4344        pxor	%xmm2, %xmm1
 4345        pxor	%xmm3, %xmm1
 4346        movdqa	%xmm1, %xmm3
 4347        psrldq	$4, %xmm3
 4348        pslldq	$12, %xmm1
 4349        pxor	%xmm1, %xmm0
 4350        movdqa	%xmm0, %xmm1
 4351        movdqa	%xmm0, %xmm2
 4352        psrld	$0x01, %xmm1
 4353        psrld	$2, %xmm2
 4354        pxor	%xmm2, %xmm1
 4355        pxor	%xmm0, %xmm1
 4356        psrld	$7, %xmm0
 4357        pxor	%xmm3, %xmm1
 4358        pxor	%xmm0, %xmm1
 4359        pxor	%xmm1, %xmm7
 4360        movdqu	%xmm7, 32(%esp)
 4361        # H ^ 4
 4362        pshufd	$0x4e, %xmm4, %xmm1
 4363        pshufd	$0x4e, %xmm4, %xmm2
 4364        movdqa	%xmm4, %xmm3
 4365        movdqa	%xmm4, %xmm0
 4366        pclmulqdq	$0x11, %xmm4, %xmm3
 4367        pclmulqdq	$0x00, %xmm4, %xmm0
 4368        pxor	%xmm4, %xmm1
 4369        pxor	%xmm4, %xmm2
 4370        pclmulqdq	$0x00, %xmm2, %xmm1
 4371        pxor	%xmm0, %xmm1
 4372        pxor	%xmm3, %xmm1
 4373        movdqa	%xmm1, %xmm2
 4374        movdqa	%xmm3, %xmm7
 4375        pslldq	$8, %xmm2
 4376        psrldq	$8, %xmm1
 4377        pxor	%xmm2, %xmm0
 4378        pxor	%xmm1, %xmm7
 4379        movdqa	%xmm0, %xmm1
 4380        movdqa	%xmm0, %xmm2
 4381        movdqa	%xmm0, %xmm3
 4382        pslld	$31, %xmm1
 4383        pslld	$30, %xmm2
 4384        pslld	$25, %xmm3
 4385        pxor	%xmm2, %xmm1
 4386        pxor	%xmm3, %xmm1
 4387        movdqa	%xmm1, %xmm3
 4388        psrldq	$4, %xmm3
 4389        pslldq	$12, %xmm1
 4390        pxor	%xmm1, %xmm0
 4391        movdqa	%xmm0, %xmm1
 4392        movdqa	%xmm0, %xmm2
 4393        psrld	$0x01, %xmm1
 4394        psrld	$2, %xmm2
 4395        pxor	%xmm2, %xmm1
 4396        pxor	%xmm0, %xmm1
 4397        psrld	$7, %xmm0
 4398        pxor	%xmm3, %xmm1
 4399        pxor	%xmm0, %xmm1
 4400        pxor	%xmm1, %xmm7
 4401        movdqu	%xmm7, 48(%esp)
 4402        cmpl	%esi, %edi
 4403        jne	L_AES_GCM_decrypt_update_aesni_ghash_64
 4404L_AES_GCM_decrypt_update_aesni_ghash_64_inplace:
 4405        leal	(%esi,%ebx,1), %ecx
 4406        leal	(%edi,%ebx,1), %edx
 4407        # Encrypt 64 bytes of counter
 4408        movdqu	64(%esp), %xmm0
 4409        movdqa	L_aes_gcm_bswap_epi64, %xmm7
 4410        movdqa	%xmm0, %xmm1
 4411        movdqa	%xmm0, %xmm2
 4412        movdqa	%xmm0, %xmm3
 4413        pshufb	%xmm7, %xmm0
 4414        paddd	L_aes_gcm_one, %xmm1
 4415        pshufb	%xmm7, %xmm1
 4416        paddd	L_aes_gcm_two, %xmm2
 4417        pshufb	%xmm7, %xmm2
 4418        paddd	L_aes_gcm_three, %xmm3
 4419        pshufb	%xmm7, %xmm3
 4420        movdqu	64(%esp), %xmm7
 4421        paddd	L_aes_gcm_four, %xmm7
 4422        movdqu	%xmm7, 64(%esp)
 4423        movdqa	(%ebp), %xmm7
 4424        pxor	%xmm7, %xmm0
 4425        pxor	%xmm7, %xmm1
 4426        pxor	%xmm7, %xmm2
 4427        pxor	%xmm7, %xmm3
 4428        movdqa	16(%ebp), %xmm7
 4429        aesenc	%xmm7, %xmm0
 4430        aesenc	%xmm7, %xmm1
 4431        aesenc	%xmm7, %xmm2
 4432        aesenc	%xmm7, %xmm3
 4433        movdqa	32(%ebp), %xmm7
 4434        aesenc	%xmm7, %xmm0
 4435        aesenc	%xmm7, %xmm1
 4436        aesenc	%xmm7, %xmm2
 4437        aesenc	%xmm7, %xmm3
 4438        movdqa	48(%ebp), %xmm7
 4439        aesenc	%xmm7, %xmm0
 4440        aesenc	%xmm7, %xmm1
 4441        aesenc	%xmm7, %xmm2
 4442        aesenc	%xmm7, %xmm3
 4443        movdqa	64(%ebp), %xmm7
 4444        aesenc	%xmm7, %xmm0
 4445        aesenc	%xmm7, %xmm1
 4446        aesenc	%xmm7, %xmm2
 4447        aesenc	%xmm7, %xmm3
 4448        movdqa	80(%ebp), %xmm7
 4449        aesenc	%xmm7, %xmm0
 4450        aesenc	%xmm7, %xmm1
 4451        aesenc	%xmm7, %xmm2
 4452        aesenc	%xmm7, %xmm3
 4453        movdqa	96(%ebp), %xmm7
 4454        aesenc	%xmm7, %xmm0
 4455        aesenc	%xmm7, %xmm1
 4456        aesenc	%xmm7, %xmm2
 4457        aesenc	%xmm7, %xmm3
 4458        movdqa	112(%ebp), %xmm7
 4459        aesenc	%xmm7, %xmm0
 4460        aesenc	%xmm7, %xmm1
 4461        aesenc	%xmm7, %xmm2
 4462        aesenc	%xmm7, %xmm3
 4463        movdqa	128(%ebp), %xmm7
 4464        aesenc	%xmm7, %xmm0
 4465        aesenc	%xmm7, %xmm1
 4466        aesenc	%xmm7, %xmm2
 4467        aesenc	%xmm7, %xmm3
 4468        movdqa	144(%ebp), %xmm7
 4469        aesenc	%xmm7, %xmm0
 4470        aesenc	%xmm7, %xmm1
 4471        aesenc	%xmm7, %xmm2
 4472        aesenc	%xmm7, %xmm3
 4473        cmpl	$11, 184(%esp)
 4474        movdqa	160(%ebp), %xmm7
 4475        jl	L_AES_GCM_decrypt_update_aesniinplace_aesenc_64_ghash_avx_done
 4476        aesenc	%xmm7, %xmm0
 4477        aesenc	%xmm7, %xmm1
 4478        aesenc	%xmm7, %xmm2
 4479        aesenc	%xmm7, %xmm3
 4480        movdqa	176(%ebp), %xmm7
 4481        aesenc	%xmm7, %xmm0
 4482        aesenc	%xmm7, %xmm1
 4483        aesenc	%xmm7, %xmm2
 4484        aesenc	%xmm7, %xmm3
 4485        cmpl	$13, 184(%esp)
 4486        movdqa	192(%ebp), %xmm7
 4487        jl	L_AES_GCM_decrypt_update_aesniinplace_aesenc_64_ghash_avx_done
 4488        aesenc	%xmm7, %xmm0
 4489        aesenc	%xmm7, %xmm1
 4490        aesenc	%xmm7, %xmm2
 4491        aesenc	%xmm7, %xmm3
 4492        movdqa	208(%ebp), %xmm7
 4493        aesenc	%xmm7, %xmm0
 4494        aesenc	%xmm7, %xmm1
 4495        aesenc	%xmm7, %xmm2
 4496        aesenc	%xmm7, %xmm3
 4497        movdqa	224(%ebp), %xmm7
 4498L_AES_GCM_decrypt_update_aesniinplace_aesenc_64_ghash_avx_done:
 4499        aesenclast	%xmm7, %xmm0
 4500        aesenclast	%xmm7, %xmm1
 4501        movdqu	(%ecx), %xmm4
 4502        movdqu	16(%ecx), %xmm5
 4503        pxor	%xmm4, %xmm0
 4504        pxor	%xmm5, %xmm1
 4505        movdqu	%xmm4, 96(%esp)
 4506        movdqu	%xmm5, 112(%esp)
 4507        movdqu	%xmm0, (%edx)
 4508        movdqu	%xmm1, 16(%edx)
 4509        aesenclast	%xmm7, %xmm2
 4510        aesenclast	%xmm7, %xmm3
 4511        movdqu	32(%ecx), %xmm4
 4512        movdqu	48(%ecx), %xmm5
 4513        pxor	%xmm4, %xmm2
 4514        pxor	%xmm5, %xmm3
 4515        movdqu	%xmm4, 128(%esp)
 4516        movdqu	%xmm5, 144(%esp)
 4517        movdqu	%xmm2, 32(%edx)
 4518        movdqu	%xmm3, 48(%edx)
 4519        # ghash encrypted counter
 4520        movdqu	80(%esp), %xmm2
 4521        movdqu	48(%esp), %xmm7
 4522        movdqu	96(%esp), %xmm0
 4523        pshufb	L_aes_gcm_bswap_mask, %xmm0
 4524        pxor	%xmm2, %xmm0
 4525        pshufd	$0x4e, %xmm7, %xmm1
 4526        pshufd	$0x4e, %xmm0, %xmm5
 4527        pxor	%xmm7, %xmm1
 4528        pxor	%xmm0, %xmm5
 4529        movdqa	%xmm0, %xmm3
 4530        pclmulqdq	$0x11, %xmm7, %xmm3
 4531        movdqa	%xmm0, %xmm2
 4532        pclmulqdq	$0x00, %xmm7, %xmm2
 4533        pclmulqdq	$0x00, %xmm5, %xmm1
 4534        pxor	%xmm2, %xmm1
 4535        pxor	%xmm3, %xmm1
 4536        movdqu	32(%esp), %xmm7
 4537        movdqu	112(%esp), %xmm0
 4538        pshufd	$0x4e, %xmm7, %xmm4
 4539        pshufb	L_aes_gcm_bswap_mask, %xmm0
 4540        pxor	%xmm7, %xmm4
 4541        pshufd	$0x4e, %xmm0, %xmm5
 4542        pxor	%xmm0, %xmm5
 4543        movdqa	%xmm0, %xmm6
 4544        pclmulqdq	$0x11, %xmm7, %xmm6
 4545        pclmulqdq	$0x00, %xmm0, %xmm7
 4546        pclmulqdq	$0x00, %xmm5, %xmm4
 4547        pxor	%xmm7, %xmm1
 4548        pxor	%xmm7, %xmm2
 4549        pxor	%xmm6, %xmm1
 4550        pxor	%xmm6, %xmm3
 4551        pxor	%xmm4, %xmm1
 4552        movdqu	16(%esp), %xmm7
 4553        movdqu	128(%esp), %xmm0
 4554        pshufd	$0x4e, %xmm7, %xmm4
 4555        pshufb	L_aes_gcm_bswap_mask, %xmm0
 4556        pxor	%xmm7, %xmm4
 4557        pshufd	$0x4e, %xmm0, %xmm5
 4558        pxor	%xmm0, %xmm5
 4559        movdqa	%xmm0, %xmm6
 4560        pclmulqdq	$0x11, %xmm7, %xmm6
 4561        pclmulqdq	$0x00, %xmm0, %xmm7
 4562        pclmulqdq	$0x00, %xmm5, %xmm4
 4563        pxor	%xmm7, %xmm1
 4564        pxor	%xmm7, %xmm2
 4565        pxor	%xmm6, %xmm1
 4566        pxor	%xmm6, %xmm3
 4567        pxor	%xmm4, %xmm1
 4568        movdqu	(%esp), %xmm7
 4569        movdqu	144(%esp), %xmm0
 4570        pshufd	$0x4e, %xmm7, %xmm4
 4571        pshufb	L_aes_gcm_bswap_mask, %xmm0
 4572        pxor	%xmm7, %xmm4
 4573        pshufd	$0x4e, %xmm0, %xmm5
 4574        pxor	%xmm0, %xmm5
 4575        movdqa	%xmm0, %xmm6
 4576        pclmulqdq	$0x11, %xmm7, %xmm6
 4577        pclmulqdq	$0x00, %xmm0, %xmm7
 4578        pclmulqdq	$0x00, %xmm5, %xmm4
 4579        pxor	%xmm7, %xmm1
 4580        pxor	%xmm7, %xmm2
 4581        pxor	%xmm6, %xmm1
 4582        pxor	%xmm6, %xmm3
 4583        pxor	%xmm4, %xmm1
 4584        movdqa	%xmm1, %xmm5
 4585        psrldq	$8, %xmm1
 4586        pslldq	$8, %xmm5
 4587        pxor	%xmm5, %xmm2
 4588        pxor	%xmm1, %xmm3
 4589        movdqa	%xmm2, %xmm7
 4590        movdqa	%xmm2, %xmm4
 4591        movdqa	%xmm2, %xmm5
 4592        pslld	$31, %xmm7
 4593        pslld	$30, %xmm4
 4594        pslld	$25, %xmm5
 4595        pxor	%xmm4, %xmm7
 4596        pxor	%xmm5, %xmm7
 4597        movdqa	%xmm7, %xmm4
 4598        pslldq	$12, %xmm7
 4599        psrldq	$4, %xmm4
 4600        pxor	%xmm7, %xmm2
 4601        movdqa	%xmm2, %xmm5
 4602        movdqa	%xmm2, %xmm1
 4603        movdqa	%xmm2, %xmm0
 4604        psrld	$0x01, %xmm5
 4605        psrld	$2, %xmm1
 4606        psrld	$7, %xmm0
 4607        pxor	%xmm1, %xmm5
 4608        pxor	%xmm0, %xmm5
 4609        pxor	%xmm4, %xmm5
 4610        pxor	%xmm5, %xmm2
 4611        pxor	%xmm3, %xmm2
 4612        movdqu	%xmm2, 80(%esp)
 4613        addl	$0x40, %ebx
 4614        cmpl	%eax, %ebx
 4615        jl	L_AES_GCM_decrypt_update_aesni_ghash_64_inplace
 4616        jmp	L_AES_GCM_decrypt_update_aesni_ghash_64_done
 4617L_AES_GCM_decrypt_update_aesni_ghash_64:
 4618        leal	(%esi,%ebx,1), %ecx
 4619        leal	(%edi,%ebx,1), %edx
 4620        # Encrypt 64 bytes of counter
 4621        movdqu	64(%esp), %xmm0
 4622        movdqa	L_aes_gcm_bswap_epi64, %xmm7
 4623        movdqa	%xmm0, %xmm1
 4624        movdqa	%xmm0, %xmm2
 4625        movdqa	%xmm0, %xmm3
 4626        pshufb	%xmm7, %xmm0
 4627        paddd	L_aes_gcm_one, %xmm1
 4628        pshufb	%xmm7, %xmm1
 4629        paddd	L_aes_gcm_two, %xmm2
 4630        pshufb	%xmm7, %xmm2
 4631        paddd	L_aes_gcm_three, %xmm3
 4632        pshufb	%xmm7, %xmm3
 4633        movdqu	64(%esp), %xmm7
 4634        paddd	L_aes_gcm_four, %xmm7
 4635        movdqu	%xmm7, 64(%esp)
 4636        movdqa	(%ebp), %xmm7
 4637        pxor	%xmm7, %xmm0
 4638        pxor	%xmm7, %xmm1
 4639        pxor	%xmm7, %xmm2
 4640        pxor	%xmm7, %xmm3
 4641        movdqa	16(%ebp), %xmm7
 4642        aesenc	%xmm7, %xmm0
 4643        aesenc	%xmm7, %xmm1
 4644        aesenc	%xmm7, %xmm2
 4645        aesenc	%xmm7, %xmm3
 4646        movdqa	32(%ebp), %xmm7
 4647        aesenc	%xmm7, %xmm0
 4648        aesenc	%xmm7, %xmm1
 4649        aesenc	%xmm7, %xmm2
 4650        aesenc	%xmm7, %xmm3
 4651        movdqa	48(%ebp), %xmm7
 4652        aesenc	%xmm7, %xmm0
 4653        aesenc	%xmm7, %xmm1
 4654        aesenc	%xmm7, %xmm2
 4655        aesenc	%xmm7, %xmm3
 4656        movdqa	64(%ebp), %xmm7
 4657        aesenc	%xmm7, %xmm0
 4658        aesenc	%xmm7, %xmm1
 4659        aesenc	%xmm7, %xmm2
 4660        aesenc	%xmm7, %xmm3
 4661        movdqa	80(%ebp), %xmm7
 4662        aesenc	%xmm7, %xmm0
 4663        aesenc	%xmm7, %xmm1
 4664        aesenc	%xmm7, %xmm2
 4665        aesenc	%xmm7, %xmm3
 4666        movdqa	96(%ebp), %xmm7
 4667        aesenc	%xmm7, %xmm0
 4668        aesenc	%xmm7, %xmm1
 4669        aesenc	%xmm7, %xmm2
 4670        aesenc	%xmm7, %xmm3
 4671        movdqa	112(%ebp), %xmm7
 4672        aesenc	%xmm7, %xmm0
 4673        aesenc	%xmm7, %xmm1
 4674        aesenc	%xmm7, %xmm2
 4675        aesenc	%xmm7, %xmm3
 4676        movdqa	128(%ebp), %xmm7
 4677        aesenc	%xmm7, %xmm0
 4678        aesenc	%xmm7, %xmm1
 4679        aesenc	%xmm7, %xmm2
 4680        aesenc	%xmm7, %xmm3
 4681        movdqa	144(%ebp), %xmm7
 4682        aesenc	%xmm7, %xmm0
 4683        aesenc	%xmm7, %xmm1
 4684        aesenc	%xmm7, %xmm2
 4685        aesenc	%xmm7, %xmm3
 4686        cmpl	$11, 184(%esp)
 4687        movdqa	160(%ebp), %xmm7
 4688        jl	L_AES_GCM_decrypt_update_aesni_aesenc_64_ghash_avx_done
 4689        aesenc	%xmm7, %xmm0
 4690        aesenc	%xmm7, %xmm1
 4691        aesenc	%xmm7, %xmm2
 4692        aesenc	%xmm7, %xmm3
 4693        movdqa	176(%ebp), %xmm7
 4694        aesenc	%xmm7, %xmm0
 4695        aesenc	%xmm7, %xmm1
 4696        aesenc	%xmm7, %xmm2
 4697        aesenc	%xmm7, %xmm3
 4698        cmpl	$13, 184(%esp)
 4699        movdqa	192(%ebp), %xmm7
 4700        jl	L_AES_GCM_decrypt_update_aesni_aesenc_64_ghash_avx_done
 4701        aesenc	%xmm7, %xmm0
 4702        aesenc	%xmm7, %xmm1
 4703        aesenc	%xmm7, %xmm2
 4704        aesenc	%xmm7, %xmm3
 4705        movdqa	208(%ebp), %xmm7
 4706        aesenc	%xmm7, %xmm0
 4707        aesenc	%xmm7, %xmm1
 4708        aesenc	%xmm7, %xmm2
 4709        aesenc	%xmm7, %xmm3
 4710        movdqa	224(%ebp), %xmm7
 4711L_AES_GCM_decrypt_update_aesni_aesenc_64_ghash_avx_done:
 4712        aesenclast	%xmm7, %xmm0
 4713        aesenclast	%xmm7, %xmm1
 4714        movdqu	(%ecx), %xmm4
 4715        movdqu	16(%ecx), %xmm5
 4716        pxor	%xmm4, %xmm0
 4717        pxor	%xmm5, %xmm1
 4718        movdqu	%xmm4, (%ecx)
 4719        movdqu	%xmm5, 16(%ecx)
 4720        movdqu	%xmm0, (%edx)
 4721        movdqu	%xmm1, 16(%edx)
 4722        aesenclast	%xmm7, %xmm2
 4723        aesenclast	%xmm7, %xmm3
 4724        movdqu	32(%ecx), %xmm4
 4725        movdqu	48(%ecx), %xmm5
 4726        pxor	%xmm4, %xmm2
 4727        pxor	%xmm5, %xmm3
 4728        movdqu	%xmm4, 32(%ecx)
 4729        movdqu	%xmm5, 48(%ecx)
 4730        movdqu	%xmm2, 32(%edx)
 4731        movdqu	%xmm3, 48(%edx)
 4732        # ghash encrypted counter
 4733        movdqu	80(%esp), %xmm2
 4734        movdqu	48(%esp), %xmm7
 4735        movdqu	(%ecx), %xmm0
 4736        pshufb	L_aes_gcm_bswap_mask, %xmm0
 4737        pxor	%xmm2, %xmm0
 4738        pshufd	$0x4e, %xmm7, %xmm1
 4739        pshufd	$0x4e, %xmm0, %xmm5
 4740        pxor	%xmm7, %xmm1
 4741        pxor	%xmm0, %xmm5
 4742        movdqa	%xmm0, %xmm3
 4743        pclmulqdq	$0x11, %xmm7, %xmm3
 4744        movdqa	%xmm0, %xmm2
 4745        pclmulqdq	$0x00, %xmm7, %xmm2
 4746        pclmulqdq	$0x00, %xmm5, %xmm1
 4747        pxor	%xmm2, %xmm1
 4748        pxor	%xmm3, %xmm1
 4749        movdqu	32(%esp), %xmm7
 4750        movdqu	16(%ecx), %xmm0
 4751        pshufd	$0x4e, %xmm7, %xmm4
 4752        pshufb	L_aes_gcm_bswap_mask, %xmm0
 4753        pxor	%xmm7, %xmm4
 4754        pshufd	$0x4e, %xmm0, %xmm5
 4755        pxor	%xmm0, %xmm5
 4756        movdqa	%xmm0, %xmm6
 4757        pclmulqdq	$0x11, %xmm7, %xmm6
 4758        pclmulqdq	$0x00, %xmm0, %xmm7
 4759        pclmulqdq	$0x00, %xmm5, %xmm4
 4760        pxor	%xmm7, %xmm1
 4761        pxor	%xmm7, %xmm2
 4762        pxor	%xmm6, %xmm1
 4763        pxor	%xmm6, %xmm3
 4764        pxor	%xmm4, %xmm1
 4765        movdqu	16(%esp), %xmm7
 4766        movdqu	32(%ecx), %xmm0
 4767        pshufd	$0x4e, %xmm7, %xmm4
 4768        pshufb	L_aes_gcm_bswap_mask, %xmm0
 4769        pxor	%xmm7, %xmm4
 4770        pshufd	$0x4e, %xmm0, %xmm5
 4771        pxor	%xmm0, %xmm5
 4772        movdqa	%xmm0, %xmm6
 4773        pclmulqdq	$0x11, %xmm7, %xmm6
 4774        pclmulqdq	$0x00, %xmm0, %xmm7
 4775        pclmulqdq	$0x00, %xmm5, %xmm4
 4776        pxor	%xmm7, %xmm1
 4777        pxor	%xmm7, %xmm2
 4778        pxor	%xmm6, %xmm1
 4779        pxor	%xmm6, %xmm3
 4780        pxor	%xmm4, %xmm1
 4781        movdqu	(%esp), %xmm7
 4782        movdqu	48(%ecx), %xmm0
 4783        pshufd	$0x4e, %xmm7, %xmm4
 4784        pshufb	L_aes_gcm_bswap_mask, %xmm0
 4785        pxor	%xmm7, %xmm4
 4786        pshufd	$0x4e, %xmm0, %xmm5
 4787        pxor	%xmm0, %xmm5
 4788        movdqa	%xmm0, %xmm6
 4789        pclmulqdq	$0x11, %xmm7, %xmm6
 4790        pclmulqdq	$0x00, %xmm0, %xmm7
 4791        pclmulqdq	$0x00, %xmm5, %xmm4
 4792        pxor	%xmm7, %xmm1
 4793        pxor	%xmm7, %xmm2
 4794        pxor	%xmm6, %xmm1
 4795        pxor	%xmm6, %xmm3
 4796        pxor	%xmm4, %xmm1
 4797        movdqa	%xmm1, %xmm5
 4798        psrldq	$8, %xmm1
 4799        pslldq	$8, %xmm5
 4800        pxor	%xmm5, %xmm2
 4801        pxor	%xmm1, %xmm3
 4802        movdqa	%xmm2, %xmm7
 4803        movdqa	%xmm2, %xmm4
 4804        movdqa	%xmm2, %xmm5
 4805        pslld	$31, %xmm7
 4806        pslld	$30, %xmm4
 4807        pslld	$25, %xmm5
 4808        pxor	%xmm4, %xmm7
 4809        pxor	%xmm5, %xmm7
 4810        movdqa	%xmm7, %xmm4
 4811        pslldq	$12, %xmm7
 4812        psrldq	$4, %xmm4
 4813        pxor	%xmm7, %xmm2
 4814        movdqa	%xmm2, %xmm5
 4815        movdqa	%xmm2, %xmm1
 4816        movdqa	%xmm2, %xmm0
 4817        psrld	$0x01, %xmm5
 4818        psrld	$2, %xmm1
 4819        psrld	$7, %xmm0
 4820        pxor	%xmm1, %xmm5
 4821        pxor	%xmm0, %xmm5
 4822        pxor	%xmm4, %xmm5
 4823        pxor	%xmm5, %xmm2
 4824        pxor	%xmm3, %xmm2
 4825        movdqu	%xmm2, 80(%esp)
 4826        addl	$0x40, %ebx
 4827        cmpl	%eax, %ebx
 4828        jl	L_AES_GCM_decrypt_update_aesni_ghash_64
 4829L_AES_GCM_decrypt_update_aesni_ghash_64_done:
 4830        movdqa	%xmm2, %xmm6
 4831        movdqu	(%esp), %xmm5
 4832L_AES_GCM_decrypt_update_aesni_done_64:
 4833        movl	196(%esp), %edx
 4834        cmpl	%edx, %ebx
 4835        jge	L_AES_GCM_decrypt_update_aesni_done_dec
 4836        movl	196(%esp), %eax
 4837        andl	$0xfffffff0, %eax
 4838        cmpl	%eax, %ebx
 4839        jge	L_AES_GCM_decrypt_update_aesni_last_block_done
 4840L_AES_GCM_decrypt_update_aesni_last_block_start:
 4841        leal	(%esi,%ebx,1), %ecx
 4842        leal	(%edi,%ebx,1), %edx
 4843        movdqu	(%ecx), %xmm1
 4844        pshufb	L_aes_gcm_bswap_mask, %xmm1
 4845        pxor	%xmm6, %xmm1
 4846        movdqu	%xmm1, (%esp)
 4847        movdqu	64(%esp), %xmm0
 4848        movdqa	%xmm0, %xmm1
 4849        pshufb	L_aes_gcm_bswap_epi64, %xmm0
 4850        paddd	L_aes_gcm_one, %xmm1
 4851        pxor	(%ebp), %xmm0
 4852        movdqu	%xmm1, 64(%esp)
 4853        movdqu	(%esp), %xmm4
 4854        pclmulqdq	$16, %xmm5, %xmm4
 4855        aesenc	16(%ebp), %xmm0
 4856        aesenc	32(%ebp), %xmm0
 4857        movdqu	(%esp), %xmm7
 4858        pclmulqdq	$0x01, %xmm5, %xmm7
 4859        aesenc	48(%ebp), %xmm0
 4860        aesenc	64(%ebp), %xmm0
 4861        aesenc	80(%ebp), %xmm0
 4862        movdqu	(%esp), %xmm1
 4863        pclmulqdq	$0x11, %xmm5, %xmm1
 4864        aesenc	96(%ebp), %xmm0
 4865        pxor	%xmm7, %xmm4
 4866        movdqa	%xmm4, %xmm2
 4867        psrldq	$8, %xmm4
 4868        pslldq	$8, %xmm2
 4869        aesenc	112(%ebp), %xmm0
 4870        movdqu	(%esp), %xmm7
 4871        pclmulqdq	$0x00, %xmm5, %xmm7
 4872        pxor	%xmm7, %xmm2
 4873        pxor	%xmm4, %xmm1
 4874        movdqa	L_aes_gcm_mod2_128, %xmm3
 4875        movdqa	%xmm2, %xmm7
 4876        pclmulqdq	$16, %xmm3, %xmm7
 4877        aesenc	128(%ebp), %xmm0
 4878        pshufd	$0x4e, %xmm2, %xmm4
 4879        pxor	%xmm7, %xmm4
 4880        movdqa	%xmm4, %xmm7
 4881        pclmulqdq	$16, %xmm3, %xmm7
 4882        aesenc	144(%ebp), %xmm0
 4883        pshufd	$0x4e, %xmm4, %xmm6
 4884        pxor	%xmm7, %xmm6
 4885        pxor	%xmm1, %xmm6
 4886        cmpl	$11, 184(%esp)
 4887        movdqa	160(%ebp), %xmm1
 4888        jl	L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last
 4889        aesenc	%xmm1, %xmm0
 4890        aesenc	176(%ebp), %xmm0
 4891        cmpl	$13, 184(%esp)
 4892        movdqa	192(%ebp), %xmm1
 4893        jl	L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last
 4894        aesenc	%xmm1, %xmm0
 4895        aesenc	208(%ebp), %xmm0
 4896        movdqa	224(%ebp), %xmm1
 4897L_AES_GCM_decrypt_update_aesni_aesenc_gfmul_last:
 4898        aesenclast	%xmm1, %xmm0
 4899        movdqu	(%ecx), %xmm1
 4900        pxor	%xmm1, %xmm0
 4901        movdqu	%xmm0, (%edx)
 4902        addl	$16, %ebx
 4903        cmpl	%eax, %ebx
 4904        jl	L_AES_GCM_decrypt_update_aesni_last_block_start
 4905L_AES_GCM_decrypt_update_aesni_last_block_done:
 4906L_AES_GCM_decrypt_update_aesni_done_dec:
 4907        movl	200(%esp), %esi
 4908        movl	208(%esp), %edi
 4909        movdqu	64(%esp), %xmm4
 4910        movdqa	%xmm6, (%esi)
 4911        movdqu	%xmm4, (%edi)
 4912        addl	$0xa0, %esp
 4913        popl	%ebp
 4914        popl	%edi
 4915        popl	%esi
 4916        popl	%ebx
 4917        ret
 4918.size	AES_GCM_decrypt_update_aesni,.-AES_GCM_decrypt_update_aesni
 4919.text
 4920.globl	AES_GCM_decrypt_final_aesni
 4921.type	AES_GCM_decrypt_final_aesni,@function
 4922.align	16
 4923AES_GCM_decrypt_final_aesni:
 4924        pushl	%ebx
 4925        pushl	%esi
 4926        pushl	%edi
 4927        pushl	%ebp
 4928        subl	$16, %esp
 4929        movl	36(%esp), %ebp
 4930        movl	56(%esp), %esi
 4931        movl	60(%esp), %edi
 4932        movdqa	(%ebp), %xmm6
 4933        movdqa	(%esi), %xmm5
 4934        movdqa	(%edi), %xmm7
 4935        movdqa	%xmm5, %xmm1
 4936        movdqa	%xmm5, %xmm0
 4937        psrlq	$63, %xmm1
 4938        psllq	$0x01, %xmm0
 4939        pslldq	$8, %xmm1
 4940        por	%xmm1, %xmm0
 4941        pshufd	$0xff, %xmm5, %xmm5
 4942        psrad	$31, %xmm5
 4943        pand	L_aes_gcm_mod2_128, %xmm5
 4944        pxor	%xmm0, %xmm5
 4945        movl	48(%esp), %edx
 4946        movl	52(%esp), %ecx
 4947        shll	$3, %edx
 4948        shll	$3, %ecx
 4949        pinsrd	$0x00, %edx, %xmm0
 4950        pinsrd	$2, %ecx, %xmm0
 4951        movl	48(%esp), %edx
 4952        movl	52(%esp), %ecx
 4953        shrl	$29, %edx
 4954        shrl	$29, %ecx
 4955        pinsrd	$0x01, %edx, %xmm0
 4956        pinsrd	$3, %ecx, %xmm0
 4957        pxor	%xmm0, %xmm6
 4958        pshufd	$0x4e, %xmm5, %xmm1
 4959        pshufd	$0x4e, %xmm6, %xmm2
 4960        movdqa	%xmm6, %xmm3
 4961        movdqa	%xmm6, %xmm0
 4962        pclmulqdq	$0x11, %xmm5, %xmm3
 4963        pclmulqdq	$0x00, %xmm5, %xmm0
 4964        pxor	%xmm5, %xmm1
 4965        pxor	%xmm6, %xmm2
 4966        pclmulqdq	$0x00, %xmm2, %xmm1
 4967        pxor	%xmm0, %xmm1
 4968        pxor	%xmm3, %xmm1
 4969        movdqa	%xmm1, %xmm2
 4970        movdqa	%xmm3, %xmm6
 4971        pslldq	$8, %xmm2
 4972        psrldq	$8, %xmm1
 4973        pxor	%xmm2, %xmm0
 4974        pxor	%xmm1, %xmm6
 4975        movdqa	%xmm0, %xmm1
 4976        movdqa	%xmm0, %xmm2
 4977        movdqa	%xmm0, %xmm3
 4978        pslld	$31, %xmm1
 4979        pslld	$30, %xmm2
 4980        pslld	$25, %xmm3
 4981        pxor	%xmm2, %xmm1
 4982        pxor	%xmm3, %xmm1
 4983        movdqa	%xmm1, %xmm3
 4984        psrldq	$4, %xmm3
 4985        pslldq	$12, %xmm1
 4986        pxor	%xmm1, %xmm0
 4987        movdqa	%xmm0, %xmm1
 4988        movdqa	%xmm0, %xmm2
 4989        psrld	$0x01, %xmm1
 4990        psrld	$2, %xmm2
 4991        pxor	%xmm2, %xmm1
 4992        pxor	%xmm0, %xmm1
 4993        psrld	$7, %xmm0
 4994        pxor	%xmm3, %xmm1
 4995        pxor	%xmm0, %xmm1
 4996        pxor	%xmm1, %xmm6
 4997        pshufb	L_aes_gcm_bswap_mask, %xmm6
 4998        movdqu	%xmm7, %xmm0
 4999        pxor	%xmm6, %xmm0
 5000        movl	40(%esp), %esi
 5001        movl	64(%esp), %edi
 5002        cmpl	$16, 44(%esp)
 5003        je	L_AES_GCM_decrypt_final_aesni_cmp_tag_16
 5004        subl	$16, %esp
 5005        xorl	%ecx, %ecx
 5006        xorl	%ebx, %ebx
 5007        movdqu	%xmm0, (%esp)
 5008L_AES_GCM_decrypt_final_aesni_cmp_tag_loop:
 5009        movzbl	(%esp,%ecx,1), %eax
 5010        xorb	(%esi,%ecx,1), %al
 5011        orb	%al, %bl
 5012        incl	%ecx
 5013        cmpl	44(%esp), %ecx
 5014        jne	L_AES_GCM_decrypt_final_aesni_cmp_tag_loop
 5015        cmpb	$0x00, %bl
 5016        sete	%bl
 5017        addl	$16, %esp
 5018        xorl	%ecx, %ecx
 5019        jmp	L_AES_GCM_decrypt_final_aesni_cmp_tag_done
 5020L_AES_GCM_decrypt_final_aesni_cmp_tag_16:
 5021        movdqu	(%esi), %xmm1
 5022        pcmpeqb	%xmm1, %xmm0
 5023        pmovmskb	%xmm0, %edx
 5024        # %%edx == 0xFFFF then return 1 else => return 0
 5025        xorl	%ebx, %ebx
 5026        cmpl	$0xffff, %edx
 5027        sete	%bl
 5028L_AES_GCM_decrypt_final_aesni_cmp_tag_done:
 5029        movl	%ebx, (%edi)
 5030        addl	$16, %esp
 5031        popl	%ebp
 5032        popl	%edi
 5033        popl	%esi
 5034        popl	%ebx
 5035        ret
 5036.size	AES_GCM_decrypt_final_aesni,.-AES_GCM_decrypt_final_aesni
 5037#endif /* WOLFSSL_AESGCM_STREAM */
 5038#ifdef HAVE_INTEL_AVX1
 5039.text
 5040.globl	AES_GCM_encrypt_avx1
 5041.type	AES_GCM_encrypt_avx1,@function
 5042.align	16
 5043AES_GCM_encrypt_avx1:
 5044        pushl	%ebx
 5045        pushl	%esi
 5046        pushl	%edi
 5047        pushl	%ebp
 5048        subl	$0x70, %esp
 5049        movl	144(%esp), %esi
 5050        movl	168(%esp), %ebp
 5051        movl	160(%esp), %edx
 5052        vpxor	%xmm0, %xmm0, %xmm0
 5053        vpxor	%xmm2, %xmm2, %xmm2
 5054        cmpl	$12, %edx
 5055        jne	L_AES_GCM_encrypt_avx1_iv_not_12
 5056        # # Calculate values when IV is 12 bytes
 5057        # Set counter based on IV
 5058        movl	$0x1000000, %ecx
 5059        vpinsrd	$0x00, (%esi), %xmm0, %xmm0
 5060        vpinsrd	$0x01, 4(%esi), %xmm0, %xmm0
 5061        vpinsrd	$2, 8(%esi), %xmm0, %xmm0
 5062        vpinsrd	$3, %ecx, %xmm0, %xmm0
 5063        # H = Encrypt X(=0) and T = Encrypt counter
 5064        vmovdqa	(%ebp), %xmm1
 5065        vpxor	%xmm1, %xmm0, %xmm5
 5066        vmovdqa	16(%ebp), %xmm3
 5067        vaesenc	%xmm3, %xmm1, %xmm1
 5068        vaesenc	%xmm3, %xmm5, %xmm5
 5069        vmovdqa	32(%ebp), %xmm3
 5070        vaesenc	%xmm3, %xmm1, %xmm1
 5071        vaesenc	%xmm3, %xmm5, %xmm5
 5072        vmovdqa	48(%ebp), %xmm3
 5073        vaesenc	%xmm3, %xmm1, %xmm1
 5074        vaesenc	%xmm3, %xmm5, %xmm5
 5075        vmovdqa	64(%ebp), %xmm3
 5076        vaesenc	%xmm3, %xmm1, %xmm1
 5077        vaesenc	%xmm3, %xmm5, %xmm5
 5078        vmovdqa	80(%ebp), %xmm3
 5079        vaesenc	%xmm3, %xmm1, %xmm1
 5080        vaesenc	%xmm3, %xmm5, %xmm5
 5081        vmovdqa	96(%ebp), %xmm3
 5082        vaesenc	%xmm3, %xmm1, %xmm1
 5083        vaesenc	%xmm3, %xmm5, %xmm5
 5084        vmovdqa	112(%ebp), %xmm3
 5085        vaesenc	%xmm3, %xmm1, %xmm1
 5086        vaesenc	%xmm3, %xmm5, %xmm5
 5087        vmovdqa	128(%ebp), %xmm3
 5088        vaesenc	%xmm3, %xmm1, %xmm1
 5089        vaesenc	%xmm3, %xmm5, %xmm5
 5090        vmovdqa	144(%ebp), %xmm3
 5091        vaesenc	%xmm3, %xmm1, %xmm1
 5092        vaesenc	%xmm3, %xmm5, %xmm5
 5093        cmpl	$11, 172(%esp)
 5094        vmovdqa	160(%ebp), %xmm3
 5095        jl	L_AES_GCM_encrypt_avx1_calc_iv_12_last
 5096        vaesenc	%xmm3, %xmm1, %xmm1
 5097        vaesenc	%xmm3, %xmm5, %xmm5
 5098        vmovdqa	176(%ebp), %xmm3
 5099        vaesenc	%xmm3, %xmm1, %xmm1
 5100        vaesenc	%xmm3, %xmm5, %xmm5
 5101        cmpl	$13, 172(%esp)
 5102        vmovdqa	192(%ebp), %xmm3
 5103        jl	L_AES_GCM_encrypt_avx1_calc_iv_12_last
 5104        vaesenc	%xmm3, %xmm1, %xmm1
 5105        vaesenc	%xmm3, %xmm5, %xmm5
 5106        vmovdqa	208(%ebp), %xmm3
 5107        vaesenc	%xmm3, %xmm1, %xmm1
 5108        vaesenc	%xmm3, %xmm5, %xmm5
 5109        vmovdqa	224(%ebp), %xmm3
 5110L_AES_GCM_encrypt_avx1_calc_iv_12_last:
 5111        vaesenclast	%xmm3, %xmm1, %xmm1
 5112        vaesenclast	%xmm3, %xmm5, %xmm5
 5113        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm1, %xmm1
 5114        vmovdqu	%xmm5, 80(%esp)
 5115        jmp	L_AES_GCM_encrypt_avx1_iv_done
 5116L_AES_GCM_encrypt_avx1_iv_not_12:
 5117        # Calculate values when IV is not 12 bytes
 5118        # H = Encrypt X(=0)
 5119        vmovdqa	(%ebp), %xmm1
 5120        vaesenc	16(%ebp), %xmm1, %xmm1
 5121        vaesenc	32(%ebp), %xmm1, %xmm1
 5122        vaesenc	48(%ebp), %xmm1, %xmm1
 5123        vaesenc	64(%ebp), %xmm1, %xmm1
 5124        vaesenc	80(%ebp), %xmm1, %xmm1
 5125        vaesenc	96(%ebp), %xmm1, %xmm1
 5126        vaesenc	112(%ebp), %xmm1, %xmm1
 5127        vaesenc	128(%ebp), %xmm1, %xmm1
 5128        vaesenc	144(%ebp), %xmm1, %xmm1
 5129        cmpl	$11, 172(%esp)
 5130        vmovdqa	160(%ebp), %xmm5
 5131        jl	L_AES_GCM_encrypt_avx1_calc_iv_1_aesenc_avx_last
 5132        vaesenc	%xmm5, %xmm1, %xmm1
 5133        vaesenc	176(%ebp), %xmm1, %xmm1
 5134        cmpl	$13, 172(%esp)
 5135        vmovdqa	192(%ebp), %xmm5
 5136        jl	L_AES_GCM_encrypt_avx1_calc_iv_1_aesenc_avx_last
 5137        vaesenc	%xmm5, %xmm1, %xmm1
 5138        vaesenc	208(%ebp), %xmm1, %xmm1
 5139        vmovdqa	224(%ebp), %xmm5
 5140L_AES_GCM_encrypt_avx1_calc_iv_1_aesenc_avx_last:
 5141        vaesenclast	%xmm5, %xmm1, %xmm1
 5142        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm1, %xmm1
 5143        # Calc counter
 5144        # Initialization vector
 5145        cmpl	$0x00, %edx
 5146        movl	$0x00, %ecx
 5147        je	L_AES_GCM_encrypt_avx1_calc_iv_done
 5148        cmpl	$16, %edx
 5149        jl	L_AES_GCM_encrypt_avx1_calc_iv_lt16
 5150        andl	$0xfffffff0, %edx
 5151L_AES_GCM_encrypt_avx1_calc_iv_16_loop:
 5152        vmovdqu	(%esi,%ecx,1), %xmm4
 5153        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 5154        vpxor	%xmm4, %xmm0, %xmm0
 5155        # ghash_gfmul_avx
 5156        vpshufd	$0x4e, %xmm0, %xmm5
 5157        vpshufd	$0x4e, %xmm1, %xmm6
 5158        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm7
 5159        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
 5160        vpxor	%xmm0, %xmm5, %xmm5
 5161        vpxor	%xmm1, %xmm6, %xmm6
 5162        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 5163        vpxor	%xmm4, %xmm5, %xmm5
 5164        vpxor	%xmm7, %xmm5, %xmm5
 5165        vmovdqa	%xmm4, %xmm3
 5166        vmovdqa	%xmm7, %xmm0
 5167        vpslldq	$8, %xmm5, %xmm6
 5168        vpsrldq	$8, %xmm5, %xmm5
 5169        vpxor	%xmm6, %xmm3, %xmm3
 5170        vpxor	%xmm5, %xmm0, %xmm0
 5171        vpsrld	$31, %xmm3, %xmm4
 5172        vpsrld	$31, %xmm0, %xmm5
 5173        vpslld	$0x01, %xmm3, %xmm3
 5174        vpslld	$0x01, %xmm0, %xmm0
 5175        vpsrldq	$12, %xmm4, %xmm6
 5176        vpslldq	$4, %xmm4, %xmm4
 5177        vpslldq	$4, %xmm5, %xmm5
 5178        vpor	%xmm6, %xmm0, %xmm0
 5179        vpor	%xmm4, %xmm3, %xmm3
 5180        vpor	%xmm5, %xmm0, %xmm0
 5181        vpslld	$31, %xmm3, %xmm4
 5182        vpslld	$30, %xmm3, %xmm5
 5183        vpslld	$25, %xmm3, %xmm6
 5184        vpxor	%xmm5, %xmm4, %xmm4
 5185        vpxor	%xmm6, %xmm4, %xmm4
 5186        vmovdqa	%xmm4, %xmm5
 5187        vpsrldq	$4, %xmm5, %xmm5
 5188        vpslldq	$12, %xmm4, %xmm4
 5189        vpxor	%xmm4, %xmm3, %xmm3
 5190        vpsrld	$0x01, %xmm3, %xmm6
 5191        vpsrld	$2, %xmm3, %xmm7
 5192        vpsrld	$7, %xmm3, %xmm4
 5193        vpxor	%xmm7, %xmm6, %xmm6
 5194        vpxor	%xmm4, %xmm6, %xmm6
 5195        vpxor	%xmm5, %xmm6, %xmm6
 5196        vpxor	%xmm3, %xmm6, %xmm6
 5197        vpxor	%xmm6, %xmm0, %xmm0
 5198        addl	$16, %ecx
 5199        cmpl	%edx, %ecx
 5200        jl	L_AES_GCM_encrypt_avx1_calc_iv_16_loop
 5201        movl	160(%esp), %edx
 5202        cmpl	%edx, %ecx
 5203        je	L_AES_GCM_encrypt_avx1_calc_iv_done
 5204L_AES_GCM_encrypt_avx1_calc_iv_lt16:
 5205        subl	$16, %esp
 5206        vpxor	%xmm4, %xmm4, %xmm4
 5207        xorl	%ebx, %ebx
 5208        vmovdqu	%xmm4, (%esp)
 5209L_AES_GCM_encrypt_avx1_calc_iv_loop:
 5210        movzbl	(%esi,%ecx,1), %eax
 5211        movb	%al, (%esp,%ebx,1)
 5212        incl	%ecx
 5213        incl	%ebx
 5214        cmpl	%edx, %ecx
 5215        jl	L_AES_GCM_encrypt_avx1_calc_iv_loop
 5216        vmovdqu	(%esp), %xmm4
 5217        addl	$16, %esp
 5218        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 5219        vpxor	%xmm4, %xmm0, %xmm0
 5220        # ghash_gfmul_avx
 5221        vpshufd	$0x4e, %xmm0, %xmm5
 5222        vpshufd	$0x4e, %xmm1, %xmm6
 5223        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm7
 5224        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
 5225        vpxor	%xmm0, %xmm5, %xmm5
 5226        vpxor	%xmm1, %xmm6, %xmm6
 5227        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 5228        vpxor	%xmm4, %xmm5, %xmm5
 5229        vpxor	%xmm7, %xmm5, %xmm5
 5230        vmovdqa	%xmm4, %xmm3
 5231        vmovdqa	%xmm7, %xmm0
 5232        vpslldq	$8, %xmm5, %xmm6
 5233        vpsrldq	$8, %xmm5, %xmm5
 5234        vpxor	%xmm6, %xmm3, %xmm3
 5235        vpxor	%xmm5, %xmm0, %xmm0
 5236        vpsrld	$31, %xmm3, %xmm4
 5237        vpsrld	$31, %xmm0, %xmm5
 5238        vpslld	$0x01, %xmm3, %xmm3
 5239        vpslld	$0x01, %xmm0, %xmm0
 5240        vpsrldq	$12, %xmm4, %xmm6
 5241        vpslldq	$4, %xmm4, %xmm4
 5242        vpslldq	$4, %xmm5, %xmm5
 5243        vpor	%xmm6, %xmm0, %xmm0
 5244        vpor	%xmm4, %xmm3, %xmm3
 5245        vpor	%xmm5, %xmm0, %xmm0
 5246        vpslld	$31, %xmm3, %xmm4
 5247        vpslld	$30, %xmm3, %xmm5
 5248        vpslld	$25, %xmm3, %xmm6
 5249        vpxor	%xmm5, %xmm4, %xmm4
 5250        vpxor	%xmm6, %xmm4, %xmm4
 5251        vmovdqa	%xmm4, %xmm5
 5252        vpsrldq	$4, %xmm5, %xmm5
 5253        vpslldq	$12, %xmm4, %xmm4
 5254        vpxor	%xmm4, %xmm3, %xmm3
 5255        vpsrld	$0x01, %xmm3, %xmm6
 5256        vpsrld	$2, %xmm3, %xmm7
 5257        vpsrld	$7, %xmm3, %xmm4
 5258        vpxor	%xmm7, %xmm6, %xmm6
 5259        vpxor	%xmm4, %xmm6, %xmm6
 5260        vpxor	%xmm5, %xmm6, %xmm6
 5261        vpxor	%xmm3, %xmm6, %xmm6
 5262        vpxor	%xmm6, %xmm0, %xmm0
 5263L_AES_GCM_encrypt_avx1_calc_iv_done:
 5264        # T = Encrypt counter
 5265        vpxor	%xmm4, %xmm4, %xmm4
 5266        shll	$3, %edx
 5267        vpinsrd	$0x00, %edx, %xmm4, %xmm4
 5268        vpxor	%xmm4, %xmm0, %xmm0
 5269        # ghash_gfmul_avx
 5270        vpshufd	$0x4e, %xmm0, %xmm5
 5271        vpshufd	$0x4e, %xmm1, %xmm6
 5272        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm7
 5273        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
 5274        vpxor	%xmm0, %xmm5, %xmm5
 5275        vpxor	%xmm1, %xmm6, %xmm6
 5276        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 5277        vpxor	%xmm4, %xmm5, %xmm5
 5278        vpxor	%xmm7, %xmm5, %xmm5
 5279        vmovdqa	%xmm4, %xmm3
 5280        vmovdqa	%xmm7, %xmm0
 5281        vpslldq	$8, %xmm5, %xmm6
 5282        vpsrldq	$8, %xmm5, %xmm5
 5283        vpxor	%xmm6, %xmm3, %xmm3
 5284        vpxor	%xmm5, %xmm0, %xmm0
 5285        vpsrld	$31, %xmm3, %xmm4
 5286        vpsrld	$31, %xmm0, %xmm5
 5287        vpslld	$0x01, %xmm3, %xmm3
 5288        vpslld	$0x01, %xmm0, %xmm0
 5289        vpsrldq	$12, %xmm4, %xmm6
 5290        vpslldq	$4, %xmm4, %xmm4
 5291        vpslldq	$4, %xmm5, %xmm5
 5292        vpor	%xmm6, %xmm0, %xmm0
 5293        vpor	%xmm4, %xmm3, %xmm3
 5294        vpor	%xmm5, %xmm0, %xmm0
 5295        vpslld	$31, %xmm3, %xmm4
 5296        vpslld	$30, %xmm3, %xmm5
 5297        vpslld	$25, %xmm3, %xmm6
 5298        vpxor	%xmm5, %xmm4, %xmm4
 5299        vpxor	%xmm6, %xmm4, %xmm4
 5300        vmovdqa	%xmm4, %xmm5
 5301        vpsrldq	$4, %xmm5, %xmm5
 5302        vpslldq	$12, %xmm4, %xmm4
 5303        vpxor	%xmm4, %xmm3, %xmm3
 5304        vpsrld	$0x01, %xmm3, %xmm6
 5305        vpsrld	$2, %xmm3, %xmm7
 5306        vpsrld	$7, %xmm3, %xmm4
 5307        vpxor	%xmm7, %xmm6, %xmm6
 5308        vpxor	%xmm4, %xmm6, %xmm6
 5309        vpxor	%xmm5, %xmm6, %xmm6
 5310        vpxor	%xmm3, %xmm6, %xmm6
 5311        vpxor	%xmm6, %xmm0, %xmm0
 5312        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 5313        #   Encrypt counter
 5314        vmovdqa	(%ebp), %xmm4
 5315        vpxor	%xmm0, %xmm4, %xmm4
 5316        vaesenc	16(%ebp), %xmm4, %xmm4
 5317        vaesenc	32(%ebp), %xmm4, %xmm4
 5318        vaesenc	48(%ebp), %xmm4, %xmm4
 5319        vaesenc	64(%ebp), %xmm4, %xmm4
 5320        vaesenc	80(%ebp), %xmm4, %xmm4
 5321        vaesenc	96(%ebp), %xmm4, %xmm4
 5322        vaesenc	112(%ebp), %xmm4, %xmm4
 5323        vaesenc	128(%ebp), %xmm4, %xmm4
 5324        vaesenc	144(%ebp), %xmm4, %xmm4
 5325        cmpl	$11, 172(%esp)
 5326        vmovdqa	160(%ebp), %xmm5
 5327        jl	L_AES_GCM_encrypt_avx1_calc_iv_2_aesenc_avx_last
 5328        vaesenc	%xmm5, %xmm4, %xmm4
 5329        vaesenc	176(%ebp), %xmm4, %xmm4
 5330        cmpl	$13, 172(%esp)
 5331        vmovdqa	192(%ebp), %xmm5
 5332        jl	L_AES_GCM_encrypt_avx1_calc_iv_2_aesenc_avx_last
 5333        vaesenc	%xmm5, %xmm4, %xmm4
 5334        vaesenc	208(%ebp), %xmm4, %xmm4
 5335        vmovdqa	224(%ebp), %xmm5
 5336L_AES_GCM_encrypt_avx1_calc_iv_2_aesenc_avx_last:
 5337        vaesenclast	%xmm5, %xmm4, %xmm4
 5338        vmovdqu	%xmm4, 80(%esp)
 5339L_AES_GCM_encrypt_avx1_iv_done:
 5340        movl	140(%esp), %esi
 5341        # Additional authentication data
 5342        movl	156(%esp), %edx
 5343        cmpl	$0x00, %edx
 5344        je	L_AES_GCM_encrypt_avx1_calc_aad_done
 5345        xorl	%ecx, %ecx
 5346        cmpl	$16, %edx
 5347        jl	L_AES_GCM_encrypt_avx1_calc_aad_lt16
 5348        andl	$0xfffffff0, %edx
 5349L_AES_GCM_encrypt_avx1_calc_aad_16_loop:
 5350        vmovdqu	(%esi,%ecx,1), %xmm4
 5351        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 5352        vpxor	%xmm4, %xmm2, %xmm2
 5353        # ghash_gfmul_avx
 5354        vpshufd	$0x4e, %xmm2, %xmm5
 5355        vpshufd	$0x4e, %xmm1, %xmm6
 5356        vpclmulqdq	$0x11, %xmm2, %xmm1, %xmm7
 5357        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm4
 5358        vpxor	%xmm2, %xmm5, %xmm5
 5359        vpxor	%xmm1, %xmm6, %xmm6
 5360        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 5361        vpxor	%xmm4, %xmm5, %xmm5
 5362        vpxor	%xmm7, %xmm5, %xmm5
 5363        vmovdqa	%xmm4, %xmm3
 5364        vmovdqa	%xmm7, %xmm2
 5365        vpslldq	$8, %xmm5, %xmm6
 5366        vpsrldq	$8, %xmm5, %xmm5
 5367        vpxor	%xmm6, %xmm3, %xmm3
 5368        vpxor	%xmm5, %xmm2, %xmm2
 5369        vpsrld	$31, %xmm3, %xmm4
 5370        vpsrld	$31, %xmm2, %xmm5
 5371        vpslld	$0x01, %xmm3, %xmm3
 5372        vpslld	$0x01, %xmm2, %xmm2
 5373        vpsrldq	$12, %xmm4, %xmm6
 5374        vpslldq	$4, %xmm4, %xmm4
 5375        vpslldq	$4, %xmm5, %xmm5
 5376        vpor	%xmm6, %xmm2, %xmm2
 5377        vpor	%xmm4, %xmm3, %xmm3
 5378        vpor	%xmm5, %xmm2, %xmm2
 5379        vpslld	$31, %xmm3, %xmm4
 5380        vpslld	$30, %xmm3, %xmm5
 5381        vpslld	$25, %xmm3, %xmm6
 5382        vpxor	%xmm5, %xmm4, %xmm4
 5383        vpxor	%xmm6, %xmm4, %xmm4
 5384        vmovdqa	%xmm4, %xmm5
 5385        vpsrldq	$4, %xmm5, %xmm5
 5386        vpslldq	$12, %xmm4, %xmm4
 5387        vpxor	%xmm4, %xmm3, %xmm3
 5388        vpsrld	$0x01, %xmm3, %xmm6
 5389        vpsrld	$2, %xmm3, %xmm7
 5390        vpsrld	$7, %xmm3, %xmm4
 5391        vpxor	%xmm7, %xmm6, %xmm6
 5392        vpxor	%xmm4, %xmm6, %xmm6
 5393        vpxor	%xmm5, %xmm6, %xmm6
 5394        vpxor	%xmm3, %xmm6, %xmm6
 5395        vpxor	%xmm6, %xmm2, %xmm2
 5396        addl	$16, %ecx
 5397        cmpl	%edx, %ecx
 5398        jl	L_AES_GCM_encrypt_avx1_calc_aad_16_loop
 5399        movl	156(%esp), %edx
 5400        cmpl	%edx, %ecx
 5401        je	L_AES_GCM_encrypt_avx1_calc_aad_done
 5402L_AES_GCM_encrypt_avx1_calc_aad_lt16:
 5403        subl	$16, %esp
 5404        vpxor	%xmm4, %xmm4, %xmm4
 5405        xorl	%ebx, %ebx
 5406        vmovdqu	%xmm4, (%esp)
 5407L_AES_GCM_encrypt_avx1_calc_aad_loop:
 5408        movzbl	(%esi,%ecx,1), %eax
 5409        movb	%al, (%esp,%ebx,1)
 5410        incl	%ecx
 5411        incl	%ebx
 5412        cmpl	%edx, %ecx
 5413        jl	L_AES_GCM_encrypt_avx1_calc_aad_loop
 5414        vmovdqu	(%esp), %xmm4
 5415        addl	$16, %esp
 5416        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 5417        vpxor	%xmm4, %xmm2, %xmm2
 5418        # ghash_gfmul_avx
 5419        vpshufd	$0x4e, %xmm2, %xmm5
 5420        vpshufd	$0x4e, %xmm1, %xmm6
 5421        vpclmulqdq	$0x11, %xmm2, %xmm1, %xmm7
 5422        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm4
 5423        vpxor	%xmm2, %xmm5, %xmm5
 5424        vpxor	%xmm1, %xmm6, %xmm6
 5425        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 5426        vpxor	%xmm4, %xmm5, %xmm5
 5427        vpxor	%xmm7, %xmm5, %xmm5
 5428        vmovdqa	%xmm4, %xmm3
 5429        vmovdqa	%xmm7, %xmm2
 5430        vpslldq	$8, %xmm5, %xmm6
 5431        vpsrldq	$8, %xmm5, %xmm5
 5432        vpxor	%xmm6, %xmm3, %xmm3
 5433        vpxor	%xmm5, %xmm2, %xmm2
 5434        vpsrld	$31, %xmm3, %xmm4
 5435        vpsrld	$31, %xmm2, %xmm5
 5436        vpslld	$0x01, %xmm3, %xmm3
 5437        vpslld	$0x01, %xmm2, %xmm2
 5438        vpsrldq	$12, %xmm4, %xmm6
 5439        vpslldq	$4, %xmm4, %xmm4
 5440        vpslldq	$4, %xmm5, %xmm5
 5441        vpor	%xmm6, %xmm2, %xmm2
 5442        vpor	%xmm4, %xmm3, %xmm3
 5443        vpor	%xmm5, %xmm2, %xmm2
 5444        vpslld	$31, %xmm3, %xmm4
 5445        vpslld	$30, %xmm3, %xmm5
 5446        vpslld	$25, %xmm3, %xmm6
 5447        vpxor	%xmm5, %xmm4, %xmm4
 5448        vpxor	%xmm6, %xmm4, %xmm4
 5449        vmovdqa	%xmm4, %xmm5
 5450        vpsrldq	$4, %xmm5, %xmm5
 5451        vpslldq	$12, %xmm4, %xmm4
 5452        vpxor	%xmm4, %xmm3, %xmm3
 5453        vpsrld	$0x01, %xmm3, %xmm6
 5454        vpsrld	$2, %xmm3, %xmm7
 5455        vpsrld	$7, %xmm3, %xmm4
 5456        vpxor	%xmm7, %xmm6, %xmm6
 5457        vpxor	%xmm4, %xmm6, %xmm6
 5458        vpxor	%xmm5, %xmm6, %xmm6
 5459        vpxor	%xmm3, %xmm6, %xmm6
 5460        vpxor	%xmm6, %xmm2, %xmm2
 5461L_AES_GCM_encrypt_avx1_calc_aad_done:
 5462        vmovdqu	%xmm2, 96(%esp)
 5463        movl	132(%esp), %esi
 5464        movl	136(%esp), %edi
 5465        # Calculate counter and H
 5466        vpsrlq	$63, %xmm1, %xmm5
 5467        vpsllq	$0x01, %xmm1, %xmm4
 5468        vpslldq	$8, %xmm5, %xmm5
 5469        vpor	%xmm5, %xmm4, %xmm4
 5470        vpshufd	$0xff, %xmm1, %xmm1
 5471        vpsrad	$31, %xmm1, %xmm1
 5472        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm0, %xmm0
 5473        vpand	L_aes_gcm_avx1_mod2_128, %xmm1, %xmm1
 5474        vpaddd	L_aes_gcm_avx1_one, %xmm0, %xmm0
 5475        vpxor	%xmm4, %xmm1, %xmm1
 5476        vmovdqu	%xmm0, 64(%esp)
 5477        xorl	%ebx, %ebx
 5478        cmpl	$0x40, 152(%esp)
 5479        movl	152(%esp), %eax
 5480        jl	L_AES_GCM_encrypt_avx1_done_64
 5481        andl	$0xffffffc0, %eax
 5482        vmovdqa	%xmm2, %xmm6
 5483        # H ^ 1
 5484        vmovdqu	%xmm1, (%esp)
 5485        # H ^ 2
 5486        vpclmulqdq	$0x00, %xmm1, %xmm1, %xmm4
 5487        vpclmulqdq	$0x11, %xmm1, %xmm1, %xmm0
 5488        vpslld	$31, %xmm4, %xmm5
 5489        vpslld	$30, %xmm4, %xmm6
 5490        vpslld	$25, %xmm4, %xmm7
 5491        vpxor	%xmm6, %xmm5, %xmm5
 5492        vpxor	%xmm7, %xmm5, %xmm5
 5493        vpsrldq	$4, %xmm5, %xmm7
 5494        vpslldq	$12, %xmm5, %xmm5
 5495        vpxor	%xmm5, %xmm4, %xmm4
 5496        vpsrld	$0x01, %xmm4, %xmm5
 5497        vpsrld	$2, %xmm4, %xmm6
 5498        vpxor	%xmm6, %xmm5, %xmm5
 5499        vpxor	%xmm4, %xmm5, %xmm5
 5500        vpsrld	$7, %xmm4, %xmm4
 5501        vpxor	%xmm7, %xmm5, %xmm5
 5502        vpxor	%xmm4, %xmm5, %xmm5
 5503        vpxor	%xmm5, %xmm0, %xmm0
 5504        vmovdqu	%xmm0, 16(%esp)
 5505        # H ^ 3
 5506        # ghash_gfmul_red_avx
 5507        vpshufd	$0x4e, %xmm1, %xmm5
 5508        vpshufd	$0x4e, %xmm0, %xmm6
 5509        vpclmulqdq	$0x11, %xmm1, %xmm0, %xmm7
 5510        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm4
 5511        vpxor	%xmm1, %xmm5, %xmm5
 5512        vpxor	%xmm0, %xmm6, %xmm6
 5513        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 5514        vpxor	%xmm4, %xmm5, %xmm5
 5515        vpxor	%xmm7, %xmm5, %xmm5
 5516        vpslldq	$8, %xmm5, %xmm6
 5517        vpsrldq	$8, %xmm5, %xmm5
 5518        vpxor	%xmm6, %xmm4, %xmm4
 5519        vpxor	%xmm5, %xmm7, %xmm3
 5520        vpslld	$31, %xmm4, %xmm5
 5521        vpslld	$30, %xmm4, %xmm6
 5522        vpslld	$25, %xmm4, %xmm7
 5523        vpxor	%xmm6, %xmm5, %xmm5
 5524        vpxor	%xmm7, %xmm5, %xmm5
 5525        vpsrldq	$4, %xmm5, %xmm7
 5526        vpslldq	$12, %xmm5, %xmm5
 5527        vpxor	%xmm5, %xmm4, %xmm4
 5528        vpsrld	$0x01, %xmm4, %xmm5
 5529        vpsrld	$2, %xmm4, %xmm6
 5530        vpxor	%xmm6, %xmm5, %xmm5
 5531        vpxor	%xmm4, %xmm5, %xmm5
 5532        vpsrld	$7, %xmm4, %xmm4
 5533        vpxor	%xmm7, %xmm5, %xmm5
 5534        vpxor	%xmm4, %xmm5, %xmm5
 5535        vpxor	%xmm5, %xmm3, %xmm3
 5536        vmovdqu	%xmm3, 32(%esp)
 5537        # H ^ 4
 5538        vpclmulqdq	$0x00, %xmm0, %xmm0, %xmm4
 5539        vpclmulqdq	$0x11, %xmm0, %xmm0, %xmm3
 5540        vpslld	$31, %xmm4, %xmm5
 5541        vpslld	$30, %xmm4, %xmm6
 5542        vpslld	$25, %xmm4, %xmm7
 5543        vpxor	%xmm6, %xmm5, %xmm5
 5544        vpxor	%xmm7, %xmm5, %xmm5
 5545        vpsrldq	$4, %xmm5, %xmm7
 5546        vpslldq	$12, %xmm5, %xmm5
 5547        vpxor	%xmm5, %xmm4, %xmm4
 5548        vpsrld	$0x01, %xmm4, %xmm5
 5549        vpsrld	$2, %xmm4, %xmm6
 5550        vpxor	%xmm6, %xmm5, %xmm5
 5551        vpxor	%xmm4, %xmm5, %xmm5
 5552        vpsrld	$7, %xmm4, %xmm4
 5553        vpxor	%xmm7, %xmm5, %xmm5
 5554        vpxor	%xmm4, %xmm5, %xmm5
 5555        vpxor	%xmm5, %xmm3, %xmm3
 5556        vmovdqu	%xmm3, 48(%esp)
 5557        # First 64 bytes of input
 5558        vmovdqu	64(%esp), %xmm4
 5559        vmovdqa	L_aes_gcm_avx1_bswap_epi64, %xmm3
 5560        vpaddd	L_aes_gcm_avx1_one, %xmm4, %xmm5
 5561        vpshufb	%xmm3, %xmm5, %xmm5
 5562        vpaddd	L_aes_gcm_avx1_two, %xmm4, %xmm6
 5563        vpshufb	%xmm3, %xmm6, %xmm6
 5564        vpaddd	L_aes_gcm_avx1_three, %xmm4, %xmm7
 5565        vpshufb	%xmm3, %xmm7, %xmm7
 5566        vpshufb	%xmm3, %xmm4, %xmm4
 5567        vmovdqu	64(%esp), %xmm3
 5568        vpaddd	L_aes_gcm_avx1_four, %xmm3, %xmm3
 5569        vmovdqu	%xmm3, 64(%esp)
 5570        vmovdqa	(%ebp), %xmm3
 5571        vpxor	%xmm3, %xmm4, %xmm4
 5572        vpxor	%xmm3, %xmm5, %xmm5
 5573        vpxor	%xmm3, %xmm6, %xmm6
 5574        vpxor	%xmm3, %xmm7, %xmm7
 5575        vmovdqa	16(%ebp), %xmm3
 5576        vaesenc	%xmm3, %xmm4, %xmm4
 5577        vaesenc	%xmm3, %xmm5, %xmm5
 5578        vaesenc	%xmm3, %xmm6, %xmm6
 5579        vaesenc	%xmm3, %xmm7, %xmm7
 5580        vmovdqa	32(%ebp), %xmm3
 5581        vaesenc	%xmm3, %xmm4, %xmm4
 5582        vaesenc	%xmm3, %xmm5, %xmm5
 5583        vaesenc	%xmm3, %xmm6, %xmm6
 5584        vaesenc	%xmm3, %xmm7, %xmm7
 5585        vmovdqa	48(%ebp), %xmm3
 5586        vaesenc	%xmm3, %xmm4, %xmm4
 5587        vaesenc	%xmm3, %xmm5, %xmm5
 5588        vaesenc	%xmm3, %xmm6, %xmm6
 5589        vaesenc	%xmm3, %xmm7, %xmm7
 5590        vmovdqa	64(%ebp), %xmm3
 5591        vaesenc	%xmm3, %xmm4, %xmm4
 5592        vaesenc	%xmm3, %xmm5, %xmm5
 5593        vaesenc	%xmm3, %xmm6, %xmm6
 5594        vaesenc	%xmm3, %xmm7, %xmm7
 5595        vmovdqa	80(%ebp), %xmm3
 5596        vaesenc	%xmm3, %xmm4, %xmm4
 5597        vaesenc	%xmm3, %xmm5, %xmm5
 5598        vaesenc	%xmm3, %xmm6, %xmm6
 5599        vaesenc	%xmm3, %xmm7, %xmm7
 5600        vmovdqa	96(%ebp), %xmm3
 5601        vaesenc	%xmm3, %xmm4, %xmm4
 5602        vaesenc	%xmm3, %xmm5, %xmm5
 5603        vaesenc	%xmm3, %xmm6, %xmm6
 5604        vaesenc	%xmm3, %xmm7, %xmm7
 5605        vmovdqa	112(%ebp), %xmm3
 5606        vaesenc	%xmm3, %xmm4, %xmm4
 5607        vaesenc	%xmm3, %xmm5, %xmm5
 5608        vaesenc	%xmm3, %xmm6, %xmm6
 5609        vaesenc	%xmm3, %xmm7, %xmm7
 5610        vmovdqa	128(%ebp), %xmm3
 5611        vaesenc	%xmm3, %xmm4, %xmm4
 5612        vaesenc	%xmm3, %xmm5, %xmm5
 5613        vaesenc	%xmm3, %xmm6, %xmm6
 5614        vaesenc	%xmm3, %xmm7, %xmm7
 5615        vmovdqa	144(%ebp), %xmm3
 5616        vaesenc	%xmm3, %xmm4, %xmm4
 5617        vaesenc	%xmm3, %xmm5, %xmm5
 5618        vaesenc	%xmm3, %xmm6, %xmm6
 5619        vaesenc	%xmm3, %xmm7, %xmm7
 5620        cmpl	$11, 172(%esp)
 5621        vmovdqa	160(%ebp), %xmm3
 5622        jl	L_AES_GCM_encrypt_avx1_aesenc_64_enc_done
 5623        vaesenc	%xmm3, %xmm4, %xmm4
 5624        vaesenc	%xmm3, %xmm5, %xmm5
 5625        vaesenc	%xmm3, %xmm6, %xmm6
 5626        vaesenc	%xmm3, %xmm7, %xmm7
 5627        vmovdqa	176(%ebp), %xmm3
 5628        vaesenc	%xmm3, %xmm4, %xmm4
 5629        vaesenc	%xmm3, %xmm5, %xmm5
 5630        vaesenc	%xmm3, %xmm6, %xmm6
 5631        vaesenc	%xmm3, %xmm7, %xmm7
 5632        cmpl	$13, 172(%esp)
 5633        vmovdqa	192(%ebp), %xmm3
 5634        jl	L_AES_GCM_encrypt_avx1_aesenc_64_enc_done
 5635        vaesenc	%xmm3, %xmm4, %xmm4
 5636        vaesenc	%xmm3, %xmm5, %xmm5
 5637        vaesenc	%xmm3, %xmm6, %xmm6
 5638        vaesenc	%xmm3, %xmm7, %xmm7
 5639        vmovdqa	208(%ebp), %xmm3
 5640        vaesenc	%xmm3, %xmm4, %xmm4
 5641        vaesenc	%xmm3, %xmm5, %xmm5
 5642        vaesenc	%xmm3, %xmm6, %xmm6
 5643        vaesenc	%xmm3, %xmm7, %xmm7
 5644        vmovdqa	224(%ebp), %xmm3
 5645L_AES_GCM_encrypt_avx1_aesenc_64_enc_done:
 5646        vaesenclast	%xmm3, %xmm4, %xmm4
 5647        vaesenclast	%xmm3, %xmm5, %xmm5
 5648        vmovdqu	(%esi), %xmm0
 5649        vmovdqu	16(%esi), %xmm1
 5650        vpxor	%xmm0, %xmm4, %xmm4
 5651        vpxor	%xmm1, %xmm5, %xmm5
 5652        vmovdqu	%xmm0, (%esi)
 5653        vmovdqu	%xmm1, 16(%esi)
 5654        vmovdqu	%xmm4, (%edi)
 5655        vmovdqu	%xmm5, 16(%edi)
 5656        vaesenclast	%xmm3, %xmm6, %xmm6
 5657        vaesenclast	%xmm3, %xmm7, %xmm7
 5658        vmovdqu	32(%esi), %xmm0
 5659        vmovdqu	48(%esi), %xmm1
 5660        vpxor	%xmm0, %xmm6, %xmm6
 5661        vpxor	%xmm1, %xmm7, %xmm7
 5662        vmovdqu	%xmm0, 32(%esi)
 5663        vmovdqu	%xmm1, 48(%esi)
 5664        vmovdqu	%xmm6, 32(%edi)
 5665        vmovdqu	%xmm7, 48(%edi)
 5666        cmpl	$0x40, %eax
 5667        movl	$0x40, %ebx
 5668        movl	%esi, %ecx
 5669        movl	%edi, %edx
 5670        jle	L_AES_GCM_encrypt_avx1_end_64
 5671        # More 64 bytes of input
 5672L_AES_GCM_encrypt_avx1_ghash_64:
 5673        leal	(%esi,%ebx,1), %ecx
 5674        leal	(%edi,%ebx,1), %edx
 5675        vmovdqu	64(%esp), %xmm4
 5676        vmovdqa	L_aes_gcm_avx1_bswap_epi64, %xmm3
 5677        vpaddd	L_aes_gcm_avx1_one, %xmm4, %xmm5
 5678        vpshufb	%xmm3, %xmm5, %xmm5
 5679        vpaddd	L_aes_gcm_avx1_two, %xmm4, %xmm6
 5680        vpshufb	%xmm3, %xmm6, %xmm6
 5681        vpaddd	L_aes_gcm_avx1_three, %xmm4, %xmm7
 5682        vpshufb	%xmm3, %xmm7, %xmm7
 5683        vpshufb	%xmm3, %xmm4, %xmm4
 5684        vmovdqu	64(%esp), %xmm3
 5685        vpaddd	L_aes_gcm_avx1_four, %xmm3, %xmm3
 5686        vmovdqu	%xmm3, 64(%esp)
 5687        vmovdqa	(%ebp), %xmm3
 5688        vpxor	%xmm3, %xmm4, %xmm4
 5689        vpxor	%xmm3, %xmm5, %xmm5
 5690        vpxor	%xmm3, %xmm6, %xmm6
 5691        vpxor	%xmm3, %xmm7, %xmm7
 5692        vmovdqa	16(%ebp), %xmm3
 5693        vaesenc	%xmm3, %xmm4, %xmm4
 5694        vaesenc	%xmm3, %xmm5, %xmm5
 5695        vaesenc	%xmm3, %xmm6, %xmm6
 5696        vaesenc	%xmm3, %xmm7, %xmm7
 5697        vmovdqa	32(%ebp), %xmm3
 5698        vaesenc	%xmm3, %xmm4, %xmm4
 5699        vaesenc	%xmm3, %xmm5, %xmm5
 5700        vaesenc	%xmm3, %xmm6, %xmm6
 5701        vaesenc	%xmm3, %xmm7, %xmm7
 5702        vmovdqa	48(%ebp), %xmm3
 5703        vaesenc	%xmm3, %xmm4, %xmm4
 5704        vaesenc	%xmm3, %xmm5, %xmm5
 5705        vaesenc	%xmm3, %xmm6, %xmm6
 5706        vaesenc	%xmm3, %xmm7, %xmm7
 5707        vmovdqa	64(%ebp), %xmm3
 5708        vaesenc	%xmm3, %xmm4, %xmm4
 5709        vaesenc	%xmm3, %xmm5, %xmm5
 5710        vaesenc	%xmm3, %xmm6, %xmm6
 5711        vaesenc	%xmm3, %xmm7, %xmm7
 5712        vmovdqa	80(%ebp), %xmm3
 5713        vaesenc	%xmm3, %xmm4, %xmm4
 5714        vaesenc	%xmm3, %xmm5, %xmm5
 5715        vaesenc	%xmm3, %xmm6, %xmm6
 5716        vaesenc	%xmm3, %xmm7, %xmm7
 5717        vmovdqa	96(%ebp), %xmm3
 5718        vaesenc	%xmm3, %xmm4, %xmm4
 5719        vaesenc	%xmm3, %xmm5, %xmm5
 5720        vaesenc	%xmm3, %xmm6, %xmm6
 5721        vaesenc	%xmm3, %xmm7, %xmm7
 5722        vmovdqa	112(%ebp), %xmm3
 5723        vaesenc	%xmm3, %xmm4, %xmm4
 5724        vaesenc	%xmm3, %xmm5, %xmm5
 5725        vaesenc	%xmm3, %xmm6, %xmm6
 5726        vaesenc	%xmm3, %xmm7, %xmm7
 5727        vmovdqa	128(%ebp), %xmm3
 5728        vaesenc	%xmm3, %xmm4, %xmm4
 5729        vaesenc	%xmm3, %xmm5, %xmm5
 5730        vaesenc	%xmm3, %xmm6, %xmm6
 5731        vaesenc	%xmm3, %xmm7, %xmm7
 5732        vmovdqa	144(%ebp), %xmm3
 5733        vaesenc	%xmm3, %xmm4, %xmm4
 5734        vaesenc	%xmm3, %xmm5, %xmm5
 5735        vaesenc	%xmm3, %xmm6, %xmm6
 5736        vaesenc	%xmm3, %xmm7, %xmm7
 5737        cmpl	$11, 172(%esp)
 5738        vmovdqa	160(%ebp), %xmm3
 5739        jl	L_AES_GCM_encrypt_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done
 5740        vaesenc	%xmm3, %xmm4, %xmm4
 5741        vaesenc	%xmm3, %xmm5, %xmm5
 5742        vaesenc	%xmm3, %xmm6, %xmm6
 5743        vaesenc	%xmm3, %xmm7, %xmm7
 5744        vmovdqa	176(%ebp), %xmm3
 5745        vaesenc	%xmm3, %xmm4, %xmm4
 5746        vaesenc	%xmm3, %xmm5, %xmm5
 5747        vaesenc	%xmm3, %xmm6, %xmm6
 5748        vaesenc	%xmm3, %xmm7, %xmm7
 5749        cmpl	$13, 172(%esp)
 5750        vmovdqa	192(%ebp), %xmm3
 5751        jl	L_AES_GCM_encrypt_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done
 5752        vaesenc	%xmm3, %xmm4, %xmm4
 5753        vaesenc	%xmm3, %xmm5, %xmm5
 5754        vaesenc	%xmm3, %xmm6, %xmm6
 5755        vaesenc	%xmm3, %xmm7, %xmm7
 5756        vmovdqa	208(%ebp), %xmm3
 5757        vaesenc	%xmm3, %xmm4, %xmm4
 5758        vaesenc	%xmm3, %xmm5, %xmm5
 5759        vaesenc	%xmm3, %xmm6, %xmm6
 5760        vaesenc	%xmm3, %xmm7, %xmm7
 5761        vmovdqa	224(%ebp), %xmm3
 5762L_AES_GCM_encrypt_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done:
 5763        vaesenclast	%xmm3, %xmm4, %xmm4
 5764        vaesenclast	%xmm3, %xmm5, %xmm5
 5765        vmovdqu	(%ecx), %xmm0
 5766        vmovdqu	16(%ecx), %xmm1
 5767        vpxor	%xmm0, %xmm4, %xmm4
 5768        vpxor	%xmm1, %xmm5, %xmm5
 5769        vmovdqu	%xmm4, (%edx)
 5770        vmovdqu	%xmm5, 16(%edx)
 5771        vaesenclast	%xmm3, %xmm6, %xmm6
 5772        vaesenclast	%xmm3, %xmm7, %xmm7
 5773        vmovdqu	32(%ecx), %xmm0
 5774        vmovdqu	48(%ecx), %xmm1
 5775        vpxor	%xmm0, %xmm6, %xmm6
 5776        vpxor	%xmm1, %xmm7, %xmm7
 5777        vmovdqu	%xmm6, 32(%edx)
 5778        vmovdqu	%xmm7, 48(%edx)
 5779        # ghash encrypted counter
 5780        vmovdqu	96(%esp), %xmm6
 5781        vmovdqu	48(%esp), %xmm3
 5782        vmovdqu	-64(%edx), %xmm4
 5783        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 5784        vpxor	%xmm6, %xmm4, %xmm4
 5785        vpshufd	$0x4e, %xmm3, %xmm5
 5786        vpshufd	$0x4e, %xmm4, %xmm1
 5787        vpxor	%xmm3, %xmm5, %xmm5
 5788        vpxor	%xmm4, %xmm1, %xmm1
 5789        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm7
 5790        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm6
 5791        vpclmulqdq	$0x00, %xmm1, %xmm5, %xmm5
 5792        vpxor	%xmm6, %xmm5, %xmm5
 5793        vpxor	%xmm7, %xmm5, %xmm5
 5794        vmovdqu	32(%esp), %xmm3
 5795        vmovdqu	-48(%edx), %xmm4
 5796        vpshufd	$0x4e, %xmm3, %xmm0
 5797        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 5798        vpxor	%xmm3, %xmm0, %xmm0
 5799        vpshufd	$0x4e, %xmm4, %xmm1
 5800        vpxor	%xmm4, %xmm1, %xmm1
 5801        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm2
 5802        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm3
 5803        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm0
 5804        vpxor	%xmm3, %xmm5, %xmm5
 5805        vpxor	%xmm3, %xmm6, %xmm6
 5806        vpxor	%xmm2, %xmm5, %xmm5
 5807        vpxor	%xmm2, %xmm7, %xmm7
 5808        vpxor	%xmm0, %xmm5, %xmm5
 5809        vmovdqu	16(%esp), %xmm3
 5810        vmovdqu	-32(%edx), %xmm4
 5811        vpshufd	$0x4e, %xmm3, %xmm0
 5812        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 5813        vpxor	%xmm3, %xmm0, %xmm0
 5814        vpshufd	$0x4e, %xmm4, %xmm1
 5815        vpxor	%xmm4, %xmm1, %xmm1
 5816        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm2
 5817        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm3
 5818        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm0
 5819        vpxor	%xmm3, %xmm5, %xmm5
 5820        vpxor	%xmm3, %xmm6, %xmm6
 5821        vpxor	%xmm2, %xmm5, %xmm5
 5822        vpxor	%xmm2, %xmm7, %xmm7
 5823        vpxor	%xmm0, %xmm5, %xmm5
 5824        vmovdqu	(%esp), %xmm3
 5825        vmovdqu	-16(%edx), %xmm4
 5826        vpshufd	$0x4e, %xmm3, %xmm0
 5827        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 5828        vpxor	%xmm3, %xmm0, %xmm0
 5829        vpshufd	$0x4e, %xmm4, %xmm1
 5830        vpxor	%xmm4, %xmm1, %xmm1
 5831        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm2
 5832        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm3
 5833        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm0
 5834        vpxor	%xmm3, %xmm5, %xmm5
 5835        vpxor	%xmm3, %xmm6, %xmm6
 5836        vpxor	%xmm2, %xmm5, %xmm5
 5837        vpxor	%xmm2, %xmm7, %xmm7
 5838        vpxor	%xmm0, %xmm5, %xmm5
 5839        vpslldq	$8, %xmm5, %xmm1
 5840        vpsrldq	$8, %xmm5, %xmm5
 5841        vpxor	%xmm1, %xmm6, %xmm6
 5842        vpxor	%xmm5, %xmm7, %xmm7
 5843        vpslld	$31, %xmm6, %xmm3
 5844        vpslld	$30, %xmm6, %xmm0
 5845        vpslld	$25, %xmm6, %xmm1
 5846        vpxor	%xmm0, %xmm3, %xmm3
 5847        vpxor	%xmm1, %xmm3, %xmm3
 5848        vpsrldq	$4, %xmm3, %xmm0
 5849        vpslldq	$12, %xmm3, %xmm3
 5850        vpxor	%xmm3, %xmm6, %xmm6
 5851        vpsrld	$0x01, %xmm6, %xmm1
 5852        vpsrld	$2, %xmm6, %xmm5
 5853        vpsrld	$7, %xmm6, %xmm4
 5854        vpxor	%xmm5, %xmm1, %xmm1
 5855        vpxor	%xmm4, %xmm1, %xmm1
 5856        vpxor	%xmm0, %xmm1, %xmm1
 5857        vpxor	%xmm1, %xmm6, %xmm6
 5858        vpxor	%xmm7, %xmm6, %xmm6
 5859        vmovdqu	%xmm6, 96(%esp)
 5860        addl	$0x40, %ebx
 5861        cmpl	%eax, %ebx
 5862        jl	L_AES_GCM_encrypt_avx1_ghash_64
 5863L_AES_GCM_encrypt_avx1_end_64:
 5864        vmovdqu	96(%esp), %xmm2
 5865        # Block 1
 5866        vmovdqa	L_aes_gcm_avx1_bswap_mask, %xmm4
 5867        vmovdqa	(%edx), %xmm1
 5868        vpshufb	%xmm4, %xmm1, %xmm1
 5869        vmovdqu	48(%esp), %xmm3
 5870        vpxor	%xmm2, %xmm1, %xmm1
 5871        # ghash_gfmul_avx
 5872        vpshufd	$0x4e, %xmm1, %xmm5
 5873        vpshufd	$0x4e, %xmm3, %xmm6
 5874        vpclmulqdq	$0x11, %xmm1, %xmm3, %xmm7
 5875        vpclmulqdq	$0x00, %xmm1, %xmm3, %xmm4
 5876        vpxor	%xmm1, %xmm5, %xmm5
 5877        vpxor	%xmm3, %xmm6, %xmm6
 5878        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 5879        vpxor	%xmm4, %xmm5, %xmm5
 5880        vpxor	%xmm7, %xmm5, %xmm5
 5881        vmovdqa	%xmm4, %xmm0
 5882        vmovdqa	%xmm7, %xmm2
 5883        vpslldq	$8, %xmm5, %xmm6
 5884        vpsrldq	$8, %xmm5, %xmm5
 5885        vpxor	%xmm6, %xmm0, %xmm0
 5886        vpxor	%xmm5, %xmm2, %xmm2
 5887        # Block 2
 5888        vmovdqa	L_aes_gcm_avx1_bswap_mask, %xmm4
 5889        vmovdqa	16(%edx), %xmm1
 5890        vpshufb	%xmm4, %xmm1, %xmm1
 5891        vmovdqu	32(%esp), %xmm3
 5892        # ghash_gfmul_xor_avx
 5893        vpshufd	$0x4e, %xmm1, %xmm5
 5894        vpshufd	$0x4e, %xmm3, %xmm6
 5895        vpclmulqdq	$0x11, %xmm1, %xmm3, %xmm7
 5896        vpclmulqdq	$0x00, %xmm1, %xmm3, %xmm4
 5897        vpxor	%xmm1, %xmm5, %xmm5
 5898        vpxor	%xmm3, %xmm6, %xmm6
 5899        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 5900        vpxor	%xmm4, %xmm5, %xmm5
 5901        vpxor	%xmm7, %xmm5, %xmm5
 5902        vpxor	%xmm4, %xmm0, %xmm0
 5903        vpxor	%xmm7, %xmm2, %xmm2
 5904        vpslldq	$8, %xmm5, %xmm6
 5905        vpsrldq	$8, %xmm5, %xmm5
 5906        vpxor	%xmm6, %xmm0, %xmm0
 5907        vpxor	%xmm5, %xmm2, %xmm2
 5908        # Block 3
 5909        vmovdqa	L_aes_gcm_avx1_bswap_mask, %xmm4
 5910        vmovdqa	32(%edx), %xmm1
 5911        vpshufb	%xmm4, %xmm1, %xmm1
 5912        vmovdqu	16(%esp), %xmm3
 5913        # ghash_gfmul_xor_avx
 5914        vpshufd	$0x4e, %xmm1, %xmm5
 5915        vpshufd	$0x4e, %xmm3, %xmm6
 5916        vpclmulqdq	$0x11, %xmm1, %xmm3, %xmm7
 5917        vpclmulqdq	$0x00, %xmm1, %xmm3, %xmm4
 5918        vpxor	%xmm1, %xmm5, %xmm5
 5919        vpxor	%xmm3, %xmm6, %xmm6
 5920        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 5921        vpxor	%xmm4, %xmm5, %xmm5
 5922        vpxor	%xmm7, %xmm5, %xmm5
 5923        vpxor	%xmm4, %xmm0, %xmm0
 5924        vpxor	%xmm7, %xmm2, %xmm2
 5925        vpslldq	$8, %xmm5, %xmm6
 5926        vpsrldq	$8, %xmm5, %xmm5
 5927        vpxor	%xmm6, %xmm0, %xmm0
 5928        vpxor	%xmm5, %xmm2, %xmm2
 5929        # Block 4
 5930        vmovdqa	L_aes_gcm_avx1_bswap_mask, %xmm4
 5931        vmovdqa	48(%edx), %xmm1
 5932        vpshufb	%xmm4, %xmm1, %xmm1
 5933        vmovdqu	(%esp), %xmm3
 5934        # ghash_gfmul_xor_avx
 5935        vpshufd	$0x4e, %xmm1, %xmm5
 5936        vpshufd	$0x4e, %xmm3, %xmm6
 5937        vpclmulqdq	$0x11, %xmm1, %xmm3, %xmm7
 5938        vpclmulqdq	$0x00, %xmm1, %xmm3, %xmm4
 5939        vpxor	%xmm1, %xmm5, %xmm5
 5940        vpxor	%xmm3, %xmm6, %xmm6
 5941        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 5942        vpxor	%xmm4, %xmm5, %xmm5
 5943        vpxor	%xmm7, %xmm5, %xmm5
 5944        vpxor	%xmm4, %xmm0, %xmm0
 5945        vpxor	%xmm7, %xmm2, %xmm2
 5946        vpslldq	$8, %xmm5, %xmm6
 5947        vpsrldq	$8, %xmm5, %xmm5
 5948        vpxor	%xmm6, %xmm0, %xmm0
 5949        vpxor	%xmm5, %xmm2, %xmm2
 5950        vpslld	$31, %xmm0, %xmm4
 5951        vpslld	$30, %xmm0, %xmm5
 5952        vpslld	$25, %xmm0, %xmm6
 5953        vpxor	%xmm5, %xmm4, %xmm4
 5954        vpxor	%xmm6, %xmm4, %xmm4
 5955        vmovdqa	%xmm4, %xmm5
 5956        vpsrldq	$4, %xmm5, %xmm5
 5957        vpslldq	$12, %xmm4, %xmm4
 5958        vpxor	%xmm4, %xmm0, %xmm0
 5959        vpsrld	$0x01, %xmm0, %xmm6
 5960        vpsrld	$2, %xmm0, %xmm7
 5961        vpsrld	$7, %xmm0, %xmm4
 5962        vpxor	%xmm7, %xmm6, %xmm6
 5963        vpxor	%xmm4, %xmm6, %xmm6
 5964        vpxor	%xmm5, %xmm6, %xmm6
 5965        vpxor	%xmm0, %xmm6, %xmm6
 5966        vpxor	%xmm6, %xmm2, %xmm2
 5967        vmovdqu	(%esp), %xmm1
 5968L_AES_GCM_encrypt_avx1_done_64:
 5969        movl	152(%esp), %edx
 5970        cmpl	%edx, %ebx
 5971        jge	L_AES_GCM_encrypt_avx1_done_enc
 5972        movl	152(%esp), %eax
 5973        andl	$0xfffffff0, %eax
 5974        cmpl	%eax, %ebx
 5975        jge	L_AES_GCM_encrypt_avx1_last_block_done
 5976        leal	(%esi,%ebx,1), %ecx
 5977        leal	(%edi,%ebx,1), %edx
 5978        vmovdqu	64(%esp), %xmm5
 5979        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm5, %xmm4
 5980        vpaddd	L_aes_gcm_avx1_one, %xmm5, %xmm5
 5981        vmovdqu	%xmm5, 64(%esp)
 5982        vpxor	(%ebp), %xmm4, %xmm4
 5983        vaesenc	16(%ebp), %xmm4, %xmm4
 5984        vaesenc	32(%ebp), %xmm4, %xmm4
 5985        vaesenc	48(%ebp), %xmm4, %xmm4
 5986        vaesenc	64(%ebp), %xmm4, %xmm4
 5987        vaesenc	80(%ebp), %xmm4, %xmm4
 5988        vaesenc	96(%ebp), %xmm4, %xmm4
 5989        vaesenc	112(%ebp), %xmm4, %xmm4
 5990        vaesenc	128(%ebp), %xmm4, %xmm4
 5991        vaesenc	144(%ebp), %xmm4, %xmm4
 5992        cmpl	$11, 172(%esp)
 5993        vmovdqa	160(%ebp), %xmm5
 5994        jl	L_AES_GCM_encrypt_avx1_aesenc_block_aesenc_avx_last
 5995        vaesenc	%xmm5, %xmm4, %xmm4
 5996        vaesenc	176(%ebp), %xmm4, %xmm4
 5997        cmpl	$13, 172(%esp)
 5998        vmovdqa	192(%ebp), %xmm5
 5999        jl	L_AES_GCM_encrypt_avx1_aesenc_block_aesenc_avx_last
 6000        vaesenc	%xmm5, %xmm4, %xmm4
 6001        vaesenc	208(%ebp), %xmm4, %xmm4
 6002        vmovdqa	224(%ebp), %xmm5
 6003L_AES_GCM_encrypt_avx1_aesenc_block_aesenc_avx_last:
 6004        vaesenclast	%xmm5, %xmm4, %xmm4
 6005        vmovdqu	(%ecx), %xmm5
 6006        vpxor	%xmm5, %xmm4, %xmm4
 6007        vmovdqu	%xmm4, (%edx)
 6008        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 6009        vpxor	%xmm4, %xmm2, %xmm2
 6010        addl	$16, %ebx
 6011        cmpl	%eax, %ebx
 6012        jge	L_AES_GCM_encrypt_avx1_last_block_ghash
 6013L_AES_GCM_encrypt_avx1_last_block_start:
 6014        leal	(%esi,%ebx,1), %ecx
 6015        leal	(%edi,%ebx,1), %edx
 6016        vmovdqu	64(%esp), %xmm5
 6017        vmovdqu	%xmm2, %xmm7
 6018        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm5, %xmm4
 6019        vpaddd	L_aes_gcm_avx1_one, %xmm5, %xmm5
 6020        vmovdqu	%xmm5, 64(%esp)
 6021        vpxor	(%ebp), %xmm4, %xmm4
 6022        vpclmulqdq	$16, %xmm1, %xmm7, %xmm0
 6023        vaesenc	16(%ebp), %xmm4, %xmm4
 6024        vaesenc	32(%ebp), %xmm4, %xmm4
 6025        vpclmulqdq	$0x01, %xmm1, %xmm7, %xmm3
 6026        vaesenc	48(%ebp), %xmm4, %xmm4
 6027        vaesenc	64(%ebp), %xmm4, %xmm4
 6028        vaesenc	80(%ebp), %xmm4, %xmm4
 6029        vpclmulqdq	$0x11, %xmm1, %xmm7, %xmm5
 6030        vaesenc	96(%ebp), %xmm4, %xmm4
 6031        vpxor	%xmm3, %xmm0, %xmm0
 6032        vpslldq	$8, %xmm0, %xmm6
 6033        vpsrldq	$8, %xmm0, %xmm0
 6034        vaesenc	112(%ebp), %xmm4, %xmm4
 6035        vpclmulqdq	$0x00, %xmm1, %xmm7, %xmm3
 6036        vpxor	%xmm3, %xmm6, %xmm6
 6037        vpxor	%xmm0, %xmm5, %xmm5
 6038        vmovdqa	L_aes_gcm_avx1_mod2_128, %xmm7
 6039        vpclmulqdq	$16, %xmm7, %xmm6, %xmm3
 6040        vaesenc	128(%ebp), %xmm4, %xmm4
 6041        vpshufd	$0x4e, %xmm6, %xmm0
 6042        vpxor	%xmm3, %xmm0, %xmm0
 6043        vpclmulqdq	$16, %xmm7, %xmm0, %xmm3
 6044        vaesenc	144(%ebp), %xmm4, %xmm4
 6045        vpshufd	$0x4e, %xmm0, %xmm2
 6046        vpxor	%xmm3, %xmm2, %xmm2
 6047        vpxor	%xmm5, %xmm2, %xmm2
 6048        cmpl	$11, 172(%esp)
 6049        vmovdqa	160(%ebp), %xmm5
 6050        jl	L_AES_GCM_encrypt_avx1_aesenc_gfmul_last
 6051        vaesenc	%xmm5, %xmm4, %xmm4
 6052        vaesenc	176(%ebp), %xmm4, %xmm4
 6053        cmpl	$13, 172(%esp)
 6054        vmovdqa	192(%ebp), %xmm5
 6055        jl	L_AES_GCM_encrypt_avx1_aesenc_gfmul_last
 6056        vaesenc	%xmm5, %xmm4, %xmm4
 6057        vaesenc	208(%ebp), %xmm4, %xmm4
 6058        vmovdqa	224(%ebp), %xmm5
 6059L_AES_GCM_encrypt_avx1_aesenc_gfmul_last:
 6060        vaesenclast	%xmm5, %xmm4, %xmm4
 6061        vmovdqu	(%ecx), %xmm5
 6062        vpxor	%xmm5, %xmm4, %xmm4
 6063        vmovdqu	%xmm4, (%edx)
 6064        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 6065        addl	$16, %ebx
 6066        vpxor	%xmm4, %xmm2, %xmm2
 6067        cmpl	%eax, %ebx
 6068        jl	L_AES_GCM_encrypt_avx1_last_block_start
 6069L_AES_GCM_encrypt_avx1_last_block_ghash:
 6070        # ghash_gfmul_red_avx
 6071        vpshufd	$0x4e, %xmm1, %xmm5
 6072        vpshufd	$0x4e, %xmm2, %xmm6
 6073        vpclmulqdq	$0x11, %xmm1, %xmm2, %xmm7
 6074        vpclmulqdq	$0x00, %xmm1, %xmm2, %xmm4
 6075        vpxor	%xmm1, %xmm5, %xmm5
 6076        vpxor	%xmm2, %xmm6, %xmm6
 6077        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 6078        vpxor	%xmm4, %xmm5, %xmm5
 6079        vpxor	%xmm7, %xmm5, %xmm5
 6080        vpslldq	$8, %xmm5, %xmm6
 6081        vpsrldq	$8, %xmm5, %xmm5
 6082        vpxor	%xmm6, %xmm4, %xmm4
 6083        vpxor	%xmm5, %xmm7, %xmm2
 6084        vpslld	$31, %xmm4, %xmm5
 6085        vpslld	$30, %xmm4, %xmm6
 6086        vpslld	$25, %xmm4, %xmm7
 6087        vpxor	%xmm6, %xmm5, %xmm5
 6088        vpxor	%xmm7, %xmm5, %xmm5
 6089        vpsrldq	$4, %xmm5, %xmm7
 6090        vpslldq	$12, %xmm5, %xmm5
 6091        vpxor	%xmm5, %xmm4, %xmm4
 6092        vpsrld	$0x01, %xmm4, %xmm5
 6093        vpsrld	$2, %xmm4, %xmm6
 6094        vpxor	%xmm6, %xmm5, %xmm5
 6095        vpxor	%xmm4, %xmm5, %xmm5
 6096        vpsrld	$7, %xmm4, %xmm4
 6097        vpxor	%xmm7, %xmm5, %xmm5
 6098        vpxor	%xmm4, %xmm5, %xmm5
 6099        vpxor	%xmm5, %xmm2, %xmm2
 6100L_AES_GCM_encrypt_avx1_last_block_done:
 6101        movl	152(%esp), %ecx
 6102        movl	%ecx, %edx
 6103        andl	$15, %ecx
 6104        jz	L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_done
 6105        vmovdqu	64(%esp), %xmm0
 6106        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm0, %xmm0
 6107        vpxor	(%ebp), %xmm0, %xmm0
 6108        vaesenc	16(%ebp), %xmm0, %xmm0
 6109        vaesenc	32(%ebp), %xmm0, %xmm0
 6110        vaesenc	48(%ebp), %xmm0, %xmm0
 6111        vaesenc	64(%ebp), %xmm0, %xmm0
 6112        vaesenc	80(%ebp), %xmm0, %xmm0
 6113        vaesenc	96(%ebp), %xmm0, %xmm0
 6114        vaesenc	112(%ebp), %xmm0, %xmm0
 6115        vaesenc	128(%ebp), %xmm0, %xmm0
 6116        vaesenc	144(%ebp), %xmm0, %xmm0
 6117        cmpl	$11, 172(%esp)
 6118        vmovdqa	160(%ebp), %xmm5
 6119        jl	L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_aesenc_avx_last
 6120        vaesenc	%xmm5, %xmm0, %xmm0
 6121        vaesenc	176(%ebp), %xmm0, %xmm0
 6122        cmpl	$13, 172(%esp)
 6123        vmovdqa	192(%ebp), %xmm5
 6124        jl	L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_aesenc_avx_last
 6125        vaesenc	%xmm5, %xmm0, %xmm0
 6126        vaesenc	208(%ebp), %xmm0, %xmm0
 6127        vmovdqa	224(%ebp), %xmm5
 6128L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_aesenc_avx_last:
 6129        vaesenclast	%xmm5, %xmm0, %xmm0
 6130        subl	$16, %esp
 6131        xorl	%ecx, %ecx
 6132        vmovdqu	%xmm0, (%esp)
 6133L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_loop:
 6134        movzbl	(%esi,%ebx,1), %eax
 6135        xorb	(%esp,%ecx,1), %al
 6136        movb	%al, (%edi,%ebx,1)
 6137        movb	%al, (%esp,%ecx,1)
 6138        incl	%ebx
 6139        incl	%ecx
 6140        cmpl	%edx, %ebx
 6141        jl	L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_loop
 6142        xorl	%eax, %eax
 6143        cmpl	$16, %ecx
 6144        je	L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_finish_enc
 6145L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_byte_loop:
 6146        movb	%al, (%esp,%ecx,1)
 6147        incl	%ecx
 6148        cmpl	$16, %ecx
 6149        jl	L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_byte_loop
 6150L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_finish_enc:
 6151        vmovdqu	(%esp), %xmm0
 6152        addl	$16, %esp
 6153        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 6154        vpxor	%xmm0, %xmm2, %xmm2
 6155        # ghash_gfmul_red_avx
 6156        vpshufd	$0x4e, %xmm1, %xmm5
 6157        vpshufd	$0x4e, %xmm2, %xmm6
 6158        vpclmulqdq	$0x11, %xmm1, %xmm2, %xmm7
 6159        vpclmulqdq	$0x00, %xmm1, %xmm2, %xmm4
 6160        vpxor	%xmm1, %xmm5, %xmm5
 6161        vpxor	%xmm2, %xmm6, %xmm6
 6162        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 6163        vpxor	%xmm4, %xmm5, %xmm5
 6164        vpxor	%xmm7, %xmm5, %xmm5
 6165        vpslldq	$8, %xmm5, %xmm6
 6166        vpsrldq	$8, %xmm5, %xmm5
 6167        vpxor	%xmm6, %xmm4, %xmm4
 6168        vpxor	%xmm5, %xmm7, %xmm2
 6169        vpslld	$31, %xmm4, %xmm5
 6170        vpslld	$30, %xmm4, %xmm6
 6171        vpslld	$25, %xmm4, %xmm7
 6172        vpxor	%xmm6, %xmm5, %xmm5
 6173        vpxor	%xmm7, %xmm5, %xmm5
 6174        vpsrldq	$4, %xmm5, %xmm7
 6175        vpslldq	$12, %xmm5, %xmm5
 6176        vpxor	%xmm5, %xmm4, %xmm4
 6177        vpsrld	$0x01, %xmm4, %xmm5
 6178        vpsrld	$2, %xmm4, %xmm6
 6179        vpxor	%xmm6, %xmm5, %xmm5
 6180        vpxor	%xmm4, %xmm5, %xmm5
 6181        vpsrld	$7, %xmm4, %xmm4
 6182        vpxor	%xmm7, %xmm5, %xmm5
 6183        vpxor	%xmm4, %xmm5, %xmm5
 6184        vpxor	%xmm5, %xmm2, %xmm2
 6185L_AES_GCM_encrypt_avx1_aesenc_last15_enc_avx_done:
 6186L_AES_GCM_encrypt_avx1_done_enc:
 6187        movl	148(%esp), %edi
 6188        movl	164(%esp), %ebx
 6189        movl	152(%esp), %edx
 6190        movl	156(%esp), %ecx
 6191        shll	$3, %edx
 6192        shll	$3, %ecx
 6193        vpinsrd	$0x00, %edx, %xmm4, %xmm4
 6194        vpinsrd	$2, %ecx, %xmm4, %xmm4
 6195        movl	152(%esp), %edx
 6196        movl	156(%esp), %ecx
 6197        shrl	$29, %edx
 6198        shrl	$29, %ecx
 6199        vpinsrd	$0x01, %edx, %xmm4, %xmm4
 6200        vpinsrd	$3, %ecx, %xmm4, %xmm4
 6201        vpxor	%xmm4, %xmm2, %xmm2
 6202        # ghash_gfmul_red_avx
 6203        vpshufd	$0x4e, %xmm1, %xmm5
 6204        vpshufd	$0x4e, %xmm2, %xmm6
 6205        vpclmulqdq	$0x11, %xmm1, %xmm2, %xmm7
 6206        vpclmulqdq	$0x00, %xmm1, %xmm2, %xmm4
 6207        vpxor	%xmm1, %xmm5, %xmm5
 6208        vpxor	%xmm2, %xmm6, %xmm6
 6209        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 6210        vpxor	%xmm4, %xmm5, %xmm5
 6211        vpxor	%xmm7, %xmm5, %xmm5
 6212        vpslldq	$8, %xmm5, %xmm6
 6213        vpsrldq	$8, %xmm5, %xmm5
 6214        vpxor	%xmm6, %xmm4, %xmm4
 6215        vpxor	%xmm5, %xmm7, %xmm2
 6216        vpslld	$31, %xmm4, %xmm5
 6217        vpslld	$30, %xmm4, %xmm6
 6218        vpslld	$25, %xmm4, %xmm7
 6219        vpxor	%xmm6, %xmm5, %xmm5
 6220        vpxor	%xmm7, %xmm5, %xmm5
 6221        vpsrldq	$4, %xmm5, %xmm7
 6222        vpslldq	$12, %xmm5, %xmm5
 6223        vpxor	%xmm5, %xmm4, %xmm4
 6224        vpsrld	$0x01, %xmm4, %xmm5
 6225        vpsrld	$2, %xmm4, %xmm6
 6226        vpxor	%xmm6, %xmm5, %xmm5
 6227        vpxor	%xmm4, %xmm5, %xmm5
 6228        vpsrld	$7, %xmm4, %xmm4
 6229        vpxor	%xmm7, %xmm5, %xmm5
 6230        vpxor	%xmm4, %xmm5, %xmm5
 6231        vpxor	%xmm5, %xmm2, %xmm2
 6232        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm2, %xmm2
 6233        vpxor	80(%esp), %xmm2, %xmm4
 6234        cmpl	$16, %ebx
 6235        je	L_AES_GCM_encrypt_avx1_store_tag_16
 6236        xorl	%ecx, %ecx
 6237        vmovdqu	%xmm4, (%esp)
 6238L_AES_GCM_encrypt_avx1_store_tag_loop:
 6239        movzbl	(%esp,%ecx,1), %eax
 6240        movb	%al, (%edi,%ecx,1)
 6241        incl	%ecx
 6242        cmpl	%ebx, %ecx
 6243        jne	L_AES_GCM_encrypt_avx1_store_tag_loop
 6244        jmp	L_AES_GCM_encrypt_avx1_store_tag_done
 6245L_AES_GCM_encrypt_avx1_store_tag_16:
 6246        vmovdqu	%xmm4, (%edi)
 6247L_AES_GCM_encrypt_avx1_store_tag_done:
 6248        addl	$0x70, %esp
 6249        popl	%ebp
 6250        popl	%edi
 6251        popl	%esi
 6252        popl	%ebx
 6253        ret
 6254.size	AES_GCM_encrypt_avx1,.-AES_GCM_encrypt_avx1
 6255.text
 6256.globl	AES_GCM_decrypt_avx1
 6257.type	AES_GCM_decrypt_avx1,@function
 6258.align	16
 6259AES_GCM_decrypt_avx1:
 6260        pushl	%ebx
 6261        pushl	%esi
 6262        pushl	%edi
 6263        pushl	%ebp
 6264        subl	$0xb0, %esp
 6265        movl	208(%esp), %esi
 6266        movl	232(%esp), %ebp
 6267        movl	224(%esp), %edx
 6268        vpxor	%xmm0, %xmm0, %xmm0
 6269        vpxor	%xmm2, %xmm2, %xmm2
 6270        cmpl	$12, %edx
 6271        jne	L_AES_GCM_decrypt_avx1_iv_not_12
 6272        # # Calculate values when IV is 12 bytes
 6273        # Set counter based on IV
 6274        movl	$0x1000000, %ecx
 6275        vpinsrd	$0x00, (%esi), %xmm0, %xmm0
 6276        vpinsrd	$0x01, 4(%esi), %xmm0, %xmm0
 6277        vpinsrd	$2, 8(%esi), %xmm0, %xmm0
 6278        vpinsrd	$3, %ecx, %xmm0, %xmm0
 6279        # H = Encrypt X(=0) and T = Encrypt counter
 6280        vmovdqa	(%ebp), %xmm1
 6281        vpxor	%xmm1, %xmm0, %xmm5
 6282        vmovdqa	16(%ebp), %xmm3
 6283        vaesenc	%xmm3, %xmm1, %xmm1
 6284        vaesenc	%xmm3, %xmm5, %xmm5
 6285        vmovdqa	32(%ebp), %xmm3
 6286        vaesenc	%xmm3, %xmm1, %xmm1
 6287        vaesenc	%xmm3, %xmm5, %xmm5
 6288        vmovdqa	48(%ebp), %xmm3
 6289        vaesenc	%xmm3, %xmm1, %xmm1
 6290        vaesenc	%xmm3, %xmm5, %xmm5
 6291        vmovdqa	64(%ebp), %xmm3
 6292        vaesenc	%xmm3, %xmm1, %xmm1
 6293        vaesenc	%xmm3, %xmm5, %xmm5
 6294        vmovdqa	80(%ebp), %xmm3
 6295        vaesenc	%xmm3, %xmm1, %xmm1
 6296        vaesenc	%xmm3, %xmm5, %xmm5
 6297        vmovdqa	96(%ebp), %xmm3
 6298        vaesenc	%xmm3, %xmm1, %xmm1
 6299        vaesenc	%xmm3, %xmm5, %xmm5
 6300        vmovdqa	112(%ebp), %xmm3
 6301        vaesenc	%xmm3, %xmm1, %xmm1
 6302        vaesenc	%xmm3, %xmm5, %xmm5
 6303        vmovdqa	128(%ebp), %xmm3
 6304        vaesenc	%xmm3, %xmm1, %xmm1
 6305        vaesenc	%xmm3, %xmm5, %xmm5
 6306        vmovdqa	144(%ebp), %xmm3
 6307        vaesenc	%xmm3, %xmm1, %xmm1
 6308        vaesenc	%xmm3, %xmm5, %xmm5
 6309        cmpl	$11, 236(%esp)
 6310        vmovdqa	160(%ebp), %xmm3
 6311        jl	L_AES_GCM_decrypt_avx1_calc_iv_12_last
 6312        vaesenc	%xmm3, %xmm1, %xmm1
 6313        vaesenc	%xmm3, %xmm5, %xmm5
 6314        vmovdqa	176(%ebp), %xmm3
 6315        vaesenc	%xmm3, %xmm1, %xmm1
 6316        vaesenc	%xmm3, %xmm5, %xmm5
 6317        cmpl	$13, 236(%esp)
 6318        vmovdqa	192(%ebp), %xmm3
 6319        jl	L_AES_GCM_decrypt_avx1_calc_iv_12_last
 6320        vaesenc	%xmm3, %xmm1, %xmm1
 6321        vaesenc	%xmm3, %xmm5, %xmm5
 6322        vmovdqa	208(%ebp), %xmm3
 6323        vaesenc	%xmm3, %xmm1, %xmm1
 6324        vaesenc	%xmm3, %xmm5, %xmm5
 6325        vmovdqa	224(%ebp), %xmm3
 6326L_AES_GCM_decrypt_avx1_calc_iv_12_last:
 6327        vaesenclast	%xmm3, %xmm1, %xmm1
 6328        vaesenclast	%xmm3, %xmm5, %xmm5
 6329        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm1, %xmm1
 6330        vmovdqu	%xmm5, 80(%esp)
 6331        jmp	L_AES_GCM_decrypt_avx1_iv_done
 6332L_AES_GCM_decrypt_avx1_iv_not_12:
 6333        # Calculate values when IV is not 12 bytes
 6334        # H = Encrypt X(=0)
 6335        vmovdqa	(%ebp), %xmm1
 6336        vaesenc	16(%ebp), %xmm1, %xmm1
 6337        vaesenc	32(%ebp), %xmm1, %xmm1
 6338        vaesenc	48(%ebp), %xmm1, %xmm1
 6339        vaesenc	64(%ebp), %xmm1, %xmm1
 6340        vaesenc	80(%ebp), %xmm1, %xmm1
 6341        vaesenc	96(%ebp), %xmm1, %xmm1
 6342        vaesenc	112(%ebp), %xmm1, %xmm1
 6343        vaesenc	128(%ebp), %xmm1, %xmm1
 6344        vaesenc	144(%ebp), %xmm1, %xmm1
 6345        cmpl	$11, 236(%esp)
 6346        vmovdqa	160(%ebp), %xmm5
 6347        jl	L_AES_GCM_decrypt_avx1_calc_iv_1_aesenc_avx_last
 6348        vaesenc	%xmm5, %xmm1, %xmm1
 6349        vaesenc	176(%ebp), %xmm1, %xmm1
 6350        cmpl	$13, 236(%esp)
 6351        vmovdqa	192(%ebp), %xmm5
 6352        jl	L_AES_GCM_decrypt_avx1_calc_iv_1_aesenc_avx_last
 6353        vaesenc	%xmm5, %xmm1, %xmm1
 6354        vaesenc	208(%ebp), %xmm1, %xmm1
 6355        vmovdqa	224(%ebp), %xmm5
 6356L_AES_GCM_decrypt_avx1_calc_iv_1_aesenc_avx_last:
 6357        vaesenclast	%xmm5, %xmm1, %xmm1
 6358        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm1, %xmm1
 6359        # Calc counter
 6360        # Initialization vector
 6361        cmpl	$0x00, %edx
 6362        movl	$0x00, %ecx
 6363        je	L_AES_GCM_decrypt_avx1_calc_iv_done
 6364        cmpl	$16, %edx
 6365        jl	L_AES_GCM_decrypt_avx1_calc_iv_lt16
 6366        andl	$0xfffffff0, %edx
 6367L_AES_GCM_decrypt_avx1_calc_iv_16_loop:
 6368        vmovdqu	(%esi,%ecx,1), %xmm4
 6369        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 6370        vpxor	%xmm4, %xmm0, %xmm0
 6371        # ghash_gfmul_avx
 6372        vpshufd	$0x4e, %xmm0, %xmm5
 6373        vpshufd	$0x4e, %xmm1, %xmm6
 6374        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm7
 6375        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
 6376        vpxor	%xmm0, %xmm5, %xmm5
 6377        vpxor	%xmm1, %xmm6, %xmm6
 6378        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 6379        vpxor	%xmm4, %xmm5, %xmm5
 6380        vpxor	%xmm7, %xmm5, %xmm5
 6381        vmovdqa	%xmm4, %xmm3
 6382        vmovdqa	%xmm7, %xmm0
 6383        vpslldq	$8, %xmm5, %xmm6
 6384        vpsrldq	$8, %xmm5, %xmm5
 6385        vpxor	%xmm6, %xmm3, %xmm3
 6386        vpxor	%xmm5, %xmm0, %xmm0
 6387        vpsrld	$31, %xmm3, %xmm4
 6388        vpsrld	$31, %xmm0, %xmm5
 6389        vpslld	$0x01, %xmm3, %xmm3
 6390        vpslld	$0x01, %xmm0, %xmm0
 6391        vpsrldq	$12, %xmm4, %xmm6
 6392        vpslldq	$4, %xmm4, %xmm4
 6393        vpslldq	$4, %xmm5, %xmm5
 6394        vpor	%xmm6, %xmm0, %xmm0
 6395        vpor	%xmm4, %xmm3, %xmm3
 6396        vpor	%xmm5, %xmm0, %xmm0
 6397        vpslld	$31, %xmm3, %xmm4
 6398        vpslld	$30, %xmm3, %xmm5
 6399        vpslld	$25, %xmm3, %xmm6
 6400        vpxor	%xmm5, %xmm4, %xmm4
 6401        vpxor	%xmm6, %xmm4, %xmm4
 6402        vmovdqa	%xmm4, %xmm5
 6403        vpsrldq	$4, %xmm5, %xmm5
 6404        vpslldq	$12, %xmm4, %xmm4
 6405        vpxor	%xmm4, %xmm3, %xmm3
 6406        vpsrld	$0x01, %xmm3, %xmm6
 6407        vpsrld	$2, %xmm3, %xmm7
 6408        vpsrld	$7, %xmm3, %xmm4
 6409        vpxor	%xmm7, %xmm6, %xmm6
 6410        vpxor	%xmm4, %xmm6, %xmm6
 6411        vpxor	%xmm5, %xmm6, %xmm6
 6412        vpxor	%xmm3, %xmm6, %xmm6
 6413        vpxor	%xmm6, %xmm0, %xmm0
 6414        addl	$16, %ecx
 6415        cmpl	%edx, %ecx
 6416        jl	L_AES_GCM_decrypt_avx1_calc_iv_16_loop
 6417        movl	224(%esp), %edx
 6418        cmpl	%edx, %ecx
 6419        je	L_AES_GCM_decrypt_avx1_calc_iv_done
 6420L_AES_GCM_decrypt_avx1_calc_iv_lt16:
 6421        subl	$16, %esp
 6422        vpxor	%xmm4, %xmm4, %xmm4
 6423        xorl	%ebx, %ebx
 6424        vmovdqu	%xmm4, (%esp)
 6425L_AES_GCM_decrypt_avx1_calc_iv_loop:
 6426        movzbl	(%esi,%ecx,1), %eax
 6427        movb	%al, (%esp,%ebx,1)
 6428        incl	%ecx
 6429        incl	%ebx
 6430        cmpl	%edx, %ecx
 6431        jl	L_AES_GCM_decrypt_avx1_calc_iv_loop
 6432        vmovdqu	(%esp), %xmm4
 6433        addl	$16, %esp
 6434        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 6435        vpxor	%xmm4, %xmm0, %xmm0
 6436        # ghash_gfmul_avx
 6437        vpshufd	$0x4e, %xmm0, %xmm5
 6438        vpshufd	$0x4e, %xmm1, %xmm6
 6439        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm7
 6440        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
 6441        vpxor	%xmm0, %xmm5, %xmm5
 6442        vpxor	%xmm1, %xmm6, %xmm6
 6443        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 6444        vpxor	%xmm4, %xmm5, %xmm5
 6445        vpxor	%xmm7, %xmm5, %xmm5
 6446        vmovdqa	%xmm4, %xmm3
 6447        vmovdqa	%xmm7, %xmm0
 6448        vpslldq	$8, %xmm5, %xmm6
 6449        vpsrldq	$8, %xmm5, %xmm5
 6450        vpxor	%xmm6, %xmm3, %xmm3
 6451        vpxor	%xmm5, %xmm0, %xmm0
 6452        vpsrld	$31, %xmm3, %xmm4
 6453        vpsrld	$31, %xmm0, %xmm5
 6454        vpslld	$0x01, %xmm3, %xmm3
 6455        vpslld	$0x01, %xmm0, %xmm0
 6456        vpsrldq	$12, %xmm4, %xmm6
 6457        vpslldq	$4, %xmm4, %xmm4
 6458        vpslldq	$4, %xmm5, %xmm5
 6459        vpor	%xmm6, %xmm0, %xmm0
 6460        vpor	%xmm4, %xmm3, %xmm3
 6461        vpor	%xmm5, %xmm0, %xmm0
 6462        vpslld	$31, %xmm3, %xmm4
 6463        vpslld	$30, %xmm3, %xmm5
 6464        vpslld	$25, %xmm3, %xmm6
 6465        vpxor	%xmm5, %xmm4, %xmm4
 6466        vpxor	%xmm6, %xmm4, %xmm4
 6467        vmovdqa	%xmm4, %xmm5
 6468        vpsrldq	$4, %xmm5, %xmm5
 6469        vpslldq	$12, %xmm4, %xmm4
 6470        vpxor	%xmm4, %xmm3, %xmm3
 6471        vpsrld	$0x01, %xmm3, %xmm6
 6472        vpsrld	$2, %xmm3, %xmm7
 6473        vpsrld	$7, %xmm3, %xmm4
 6474        vpxor	%xmm7, %xmm6, %xmm6
 6475        vpxor	%xmm4, %xmm6, %xmm6
 6476        vpxor	%xmm5, %xmm6, %xmm6
 6477        vpxor	%xmm3, %xmm6, %xmm6
 6478        vpxor	%xmm6, %xmm0, %xmm0
 6479L_AES_GCM_decrypt_avx1_calc_iv_done:
 6480        # T = Encrypt counter
 6481        vpxor	%xmm4, %xmm4, %xmm4
 6482        shll	$3, %edx
 6483        vpinsrd	$0x00, %edx, %xmm4, %xmm4
 6484        vpxor	%xmm4, %xmm0, %xmm0
 6485        # ghash_gfmul_avx
 6486        vpshufd	$0x4e, %xmm0, %xmm5
 6487        vpshufd	$0x4e, %xmm1, %xmm6
 6488        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm7
 6489        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
 6490        vpxor	%xmm0, %xmm5, %xmm5
 6491        vpxor	%xmm1, %xmm6, %xmm6
 6492        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 6493        vpxor	%xmm4, %xmm5, %xmm5
 6494        vpxor	%xmm7, %xmm5, %xmm5
 6495        vmovdqa	%xmm4, %xmm3
 6496        vmovdqa	%xmm7, %xmm0
 6497        vpslldq	$8, %xmm5, %xmm6
 6498        vpsrldq	$8, %xmm5, %xmm5
 6499        vpxor	%xmm6, %xmm3, %xmm3
 6500        vpxor	%xmm5, %xmm0, %xmm0
 6501        vpsrld	$31, %xmm3, %xmm4
 6502        vpsrld	$31, %xmm0, %xmm5
 6503        vpslld	$0x01, %xmm3, %xmm3
 6504        vpslld	$0x01, %xmm0, %xmm0
 6505        vpsrldq	$12, %xmm4, %xmm6
 6506        vpslldq	$4, %xmm4, %xmm4
 6507        vpslldq	$4, %xmm5, %xmm5
 6508        vpor	%xmm6, %xmm0, %xmm0
 6509        vpor	%xmm4, %xmm3, %xmm3
 6510        vpor	%xmm5, %xmm0, %xmm0
 6511        vpslld	$31, %xmm3, %xmm4
 6512        vpslld	$30, %xmm3, %xmm5
 6513        vpslld	$25, %xmm3, %xmm6
 6514        vpxor	%xmm5, %xmm4, %xmm4
 6515        vpxor	%xmm6, %xmm4, %xmm4
 6516        vmovdqa	%xmm4, %xmm5
 6517        vpsrldq	$4, %xmm5, %xmm5
 6518        vpslldq	$12, %xmm4, %xmm4
 6519        vpxor	%xmm4, %xmm3, %xmm3
 6520        vpsrld	$0x01, %xmm3, %xmm6
 6521        vpsrld	$2, %xmm3, %xmm7
 6522        vpsrld	$7, %xmm3, %xmm4
 6523        vpxor	%xmm7, %xmm6, %xmm6
 6524        vpxor	%xmm4, %xmm6, %xmm6
 6525        vpxor	%xmm5, %xmm6, %xmm6
 6526        vpxor	%xmm3, %xmm6, %xmm6
 6527        vpxor	%xmm6, %xmm0, %xmm0
 6528        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 6529        #   Encrypt counter
 6530        vmovdqa	(%ebp), %xmm4
 6531        vpxor	%xmm0, %xmm4, %xmm4
 6532        vaesenc	16(%ebp), %xmm4, %xmm4
 6533        vaesenc	32(%ebp), %xmm4, %xmm4
 6534        vaesenc	48(%ebp), %xmm4, %xmm4
 6535        vaesenc	64(%ebp), %xmm4, %xmm4
 6536        vaesenc	80(%ebp), %xmm4, %xmm4
 6537        vaesenc	96(%ebp), %xmm4, %xmm4
 6538        vaesenc	112(%ebp), %xmm4, %xmm4
 6539        vaesenc	128(%ebp), %xmm4, %xmm4
 6540        vaesenc	144(%ebp), %xmm4, %xmm4
 6541        cmpl	$11, 236(%esp)
 6542        vmovdqa	160(%ebp), %xmm5
 6543        jl	L_AES_GCM_decrypt_avx1_calc_iv_2_aesenc_avx_last
 6544        vaesenc	%xmm5, %xmm4, %xmm4
 6545        vaesenc	176(%ebp), %xmm4, %xmm4
 6546        cmpl	$13, 236(%esp)
 6547        vmovdqa	192(%ebp), %xmm5
 6548        jl	L_AES_GCM_decrypt_avx1_calc_iv_2_aesenc_avx_last
 6549        vaesenc	%xmm5, %xmm4, %xmm4
 6550        vaesenc	208(%ebp), %xmm4, %xmm4
 6551        vmovdqa	224(%ebp), %xmm5
 6552L_AES_GCM_decrypt_avx1_calc_iv_2_aesenc_avx_last:
 6553        vaesenclast	%xmm5, %xmm4, %xmm4
 6554        vmovdqu	%xmm4, 80(%esp)
 6555L_AES_GCM_decrypt_avx1_iv_done:
 6556        movl	204(%esp), %esi
 6557        # Additional authentication data
 6558        movl	220(%esp), %edx
 6559        cmpl	$0x00, %edx
 6560        je	L_AES_GCM_decrypt_avx1_calc_aad_done
 6561        xorl	%ecx, %ecx
 6562        cmpl	$16, %edx
 6563        jl	L_AES_GCM_decrypt_avx1_calc_aad_lt16
 6564        andl	$0xfffffff0, %edx
 6565L_AES_GCM_decrypt_avx1_calc_aad_16_loop:
 6566        vmovdqu	(%esi,%ecx,1), %xmm4
 6567        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 6568        vpxor	%xmm4, %xmm2, %xmm2
 6569        # ghash_gfmul_avx
 6570        vpshufd	$0x4e, %xmm2, %xmm5
 6571        vpshufd	$0x4e, %xmm1, %xmm6
 6572        vpclmulqdq	$0x11, %xmm2, %xmm1, %xmm7
 6573        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm4
 6574        vpxor	%xmm2, %xmm5, %xmm5
 6575        vpxor	%xmm1, %xmm6, %xmm6
 6576        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 6577        vpxor	%xmm4, %xmm5, %xmm5
 6578        vpxor	%xmm7, %xmm5, %xmm5
 6579        vmovdqa	%xmm4, %xmm3
 6580        vmovdqa	%xmm7, %xmm2
 6581        vpslldq	$8, %xmm5, %xmm6
 6582        vpsrldq	$8, %xmm5, %xmm5
 6583        vpxor	%xmm6, %xmm3, %xmm3
 6584        vpxor	%xmm5, %xmm2, %xmm2
 6585        vpsrld	$31, %xmm3, %xmm4
 6586        vpsrld	$31, %xmm2, %xmm5
 6587        vpslld	$0x01, %xmm3, %xmm3
 6588        vpslld	$0x01, %xmm2, %xmm2
 6589        vpsrldq	$12, %xmm4, %xmm6
 6590        vpslldq	$4, %xmm4, %xmm4
 6591        vpslldq	$4, %xmm5, %xmm5
 6592        vpor	%xmm6, %xmm2, %xmm2
 6593        vpor	%xmm4, %xmm3, %xmm3
 6594        vpor	%xmm5, %xmm2, %xmm2
 6595        vpslld	$31, %xmm3, %xmm4
 6596        vpslld	$30, %xmm3, %xmm5
 6597        vpslld	$25, %xmm3, %xmm6
 6598        vpxor	%xmm5, %xmm4, %xmm4
 6599        vpxor	%xmm6, %xmm4, %xmm4
 6600        vmovdqa	%xmm4, %xmm5
 6601        vpsrldq	$4, %xmm5, %xmm5
 6602        vpslldq	$12, %xmm4, %xmm4
 6603        vpxor	%xmm4, %xmm3, %xmm3
 6604        vpsrld	$0x01, %xmm3, %xmm6
 6605        vpsrld	$2, %xmm3, %xmm7
 6606        vpsrld	$7, %xmm3, %xmm4
 6607        vpxor	%xmm7, %xmm6, %xmm6
 6608        vpxor	%xmm4, %xmm6, %xmm6
 6609        vpxor	%xmm5, %xmm6, %xmm6
 6610        vpxor	%xmm3, %xmm6, %xmm6
 6611        vpxor	%xmm6, %xmm2, %xmm2
 6612        addl	$16, %ecx
 6613        cmpl	%edx, %ecx
 6614        jl	L_AES_GCM_decrypt_avx1_calc_aad_16_loop
 6615        movl	220(%esp), %edx
 6616        cmpl	%edx, %ecx
 6617        je	L_AES_GCM_decrypt_avx1_calc_aad_done
 6618L_AES_GCM_decrypt_avx1_calc_aad_lt16:
 6619        subl	$16, %esp
 6620        vpxor	%xmm4, %xmm4, %xmm4
 6621        xorl	%ebx, %ebx
 6622        vmovdqu	%xmm4, (%esp)
 6623L_AES_GCM_decrypt_avx1_calc_aad_loop:
 6624        movzbl	(%esi,%ecx,1), %eax
 6625        movb	%al, (%esp,%ebx,1)
 6626        incl	%ecx
 6627        incl	%ebx
 6628        cmpl	%edx, %ecx
 6629        jl	L_AES_GCM_decrypt_avx1_calc_aad_loop
 6630        vmovdqu	(%esp), %xmm4
 6631        addl	$16, %esp
 6632        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 6633        vpxor	%xmm4, %xmm2, %xmm2
 6634        # ghash_gfmul_avx
 6635        vpshufd	$0x4e, %xmm2, %xmm5
 6636        vpshufd	$0x4e, %xmm1, %xmm6
 6637        vpclmulqdq	$0x11, %xmm2, %xmm1, %xmm7
 6638        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm4
 6639        vpxor	%xmm2, %xmm5, %xmm5
 6640        vpxor	%xmm1, %xmm6, %xmm6
 6641        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 6642        vpxor	%xmm4, %xmm5, %xmm5
 6643        vpxor	%xmm7, %xmm5, %xmm5
 6644        vmovdqa	%xmm4, %xmm3
 6645        vmovdqa	%xmm7, %xmm2
 6646        vpslldq	$8, %xmm5, %xmm6
 6647        vpsrldq	$8, %xmm5, %xmm5
 6648        vpxor	%xmm6, %xmm3, %xmm3
 6649        vpxor	%xmm5, %xmm2, %xmm2
 6650        vpsrld	$31, %xmm3, %xmm4
 6651        vpsrld	$31, %xmm2, %xmm5
 6652        vpslld	$0x01, %xmm3, %xmm3
 6653        vpslld	$0x01, %xmm2, %xmm2
 6654        vpsrldq	$12, %xmm4, %xmm6
 6655        vpslldq	$4, %xmm4, %xmm4
 6656        vpslldq	$4, %xmm5, %xmm5
 6657        vpor	%xmm6, %xmm2, %xmm2
 6658        vpor	%xmm4, %xmm3, %xmm3
 6659        vpor	%xmm5, %xmm2, %xmm2
 6660        vpslld	$31, %xmm3, %xmm4
 6661        vpslld	$30, %xmm3, %xmm5
 6662        vpslld	$25, %xmm3, %xmm6
 6663        vpxor	%xmm5, %xmm4, %xmm4
 6664        vpxor	%xmm6, %xmm4, %xmm4
 6665        vmovdqa	%xmm4, %xmm5
 6666        vpsrldq	$4, %xmm5, %xmm5
 6667        vpslldq	$12, %xmm4, %xmm4
 6668        vpxor	%xmm4, %xmm3, %xmm3
 6669        vpsrld	$0x01, %xmm3, %xmm6
 6670        vpsrld	$2, %xmm3, %xmm7
 6671        vpsrld	$7, %xmm3, %xmm4
 6672        vpxor	%xmm7, %xmm6, %xmm6
 6673        vpxor	%xmm4, %xmm6, %xmm6
 6674        vpxor	%xmm5, %xmm6, %xmm6
 6675        vpxor	%xmm3, %xmm6, %xmm6
 6676        vpxor	%xmm6, %xmm2, %xmm2
 6677L_AES_GCM_decrypt_avx1_calc_aad_done:
 6678        vmovdqu	%xmm2, 96(%esp)
 6679        movl	196(%esp), %esi
 6680        movl	200(%esp), %edi
 6681        # Calculate counter and H
 6682        vpsrlq	$63, %xmm1, %xmm5
 6683        vpsllq	$0x01, %xmm1, %xmm4
 6684        vpslldq	$8, %xmm5, %xmm5
 6685        vpor	%xmm5, %xmm4, %xmm4
 6686        vpshufd	$0xff, %xmm1, %xmm1
 6687        vpsrad	$31, %xmm1, %xmm1
 6688        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm0, %xmm0
 6689        vpand	L_aes_gcm_avx1_mod2_128, %xmm1, %xmm1
 6690        vpaddd	L_aes_gcm_avx1_one, %xmm0, %xmm0
 6691        vpxor	%xmm4, %xmm1, %xmm1
 6692        vmovdqu	%xmm0, 64(%esp)
 6693        xorl	%ebx, %ebx
 6694        cmpl	$0x40, 216(%esp)
 6695        movl	216(%esp), %eax
 6696        jl	L_AES_GCM_decrypt_avx1_done_64
 6697        andl	$0xffffffc0, %eax
 6698        vmovdqa	%xmm2, %xmm6
 6699        # H ^ 1
 6700        vmovdqu	%xmm1, (%esp)
 6701        # H ^ 2
 6702        vpclmulqdq	$0x00, %xmm1, %xmm1, %xmm4
 6703        vpclmulqdq	$0x11, %xmm1, %xmm1, %xmm0
 6704        vpslld	$31, %xmm4, %xmm5
 6705        vpslld	$30, %xmm4, %xmm6
 6706        vpslld	$25, %xmm4, %xmm7
 6707        vpxor	%xmm6, %xmm5, %xmm5
 6708        vpxor	%xmm7, %xmm5, %xmm5
 6709        vpsrldq	$4, %xmm5, %xmm7
 6710        vpslldq	$12, %xmm5, %xmm5
 6711        vpxor	%xmm5, %xmm4, %xmm4
 6712        vpsrld	$0x01, %xmm4, %xmm5
 6713        vpsrld	$2, %xmm4, %xmm6
 6714        vpxor	%xmm6, %xmm5, %xmm5
 6715        vpxor	%xmm4, %xmm5, %xmm5
 6716        vpsrld	$7, %xmm4, %xmm4
 6717        vpxor	%xmm7, %xmm5, %xmm5
 6718        vpxor	%xmm4, %xmm5, %xmm5
 6719        vpxor	%xmm5, %xmm0, %xmm0
 6720        vmovdqu	%xmm0, 16(%esp)
 6721        # H ^ 3
 6722        # ghash_gfmul_red_avx
 6723        vpshufd	$0x4e, %xmm1, %xmm5
 6724        vpshufd	$0x4e, %xmm0, %xmm6
 6725        vpclmulqdq	$0x11, %xmm1, %xmm0, %xmm7
 6726        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm4
 6727        vpxor	%xmm1, %xmm5, %xmm5
 6728        vpxor	%xmm0, %xmm6, %xmm6
 6729        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 6730        vpxor	%xmm4, %xmm5, %xmm5
 6731        vpxor	%xmm7, %xmm5, %xmm5
 6732        vpslldq	$8, %xmm5, %xmm6
 6733        vpsrldq	$8, %xmm5, %xmm5
 6734        vpxor	%xmm6, %xmm4, %xmm4
 6735        vpxor	%xmm5, %xmm7, %xmm3
 6736        vpslld	$31, %xmm4, %xmm5
 6737        vpslld	$30, %xmm4, %xmm6
 6738        vpslld	$25, %xmm4, %xmm7
 6739        vpxor	%xmm6, %xmm5, %xmm5
 6740        vpxor	%xmm7, %xmm5, %xmm5
 6741        vpsrldq	$4, %xmm5, %xmm7
 6742        vpslldq	$12, %xmm5, %xmm5
 6743        vpxor	%xmm5, %xmm4, %xmm4
 6744        vpsrld	$0x01, %xmm4, %xmm5
 6745        vpsrld	$2, %xmm4, %xmm6
 6746        vpxor	%xmm6, %xmm5, %xmm5
 6747        vpxor	%xmm4, %xmm5, %xmm5
 6748        vpsrld	$7, %xmm4, %xmm4
 6749        vpxor	%xmm7, %xmm5, %xmm5
 6750        vpxor	%xmm4, %xmm5, %xmm5
 6751        vpxor	%xmm5, %xmm3, %xmm3
 6752        vmovdqu	%xmm3, 32(%esp)
 6753        # H ^ 4
 6754        vpclmulqdq	$0x00, %xmm0, %xmm0, %xmm4
 6755        vpclmulqdq	$0x11, %xmm0, %xmm0, %xmm3
 6756        vpslld	$31, %xmm4, %xmm5
 6757        vpslld	$30, %xmm4, %xmm6
 6758        vpslld	$25, %xmm4, %xmm7
 6759        vpxor	%xmm6, %xmm5, %xmm5
 6760        vpxor	%xmm7, %xmm5, %xmm5
 6761        vpsrldq	$4, %xmm5, %xmm7
 6762        vpslldq	$12, %xmm5, %xmm5
 6763        vpxor	%xmm5, %xmm4, %xmm4
 6764        vpsrld	$0x01, %xmm4, %xmm5
 6765        vpsrld	$2, %xmm4, %xmm6
 6766        vpxor	%xmm6, %xmm5, %xmm5
 6767        vpxor	%xmm4, %xmm5, %xmm5
 6768        vpsrld	$7, %xmm4, %xmm4
 6769        vpxor	%xmm7, %xmm5, %xmm5
 6770        vpxor	%xmm4, %xmm5, %xmm5
 6771        vpxor	%xmm5, %xmm3, %xmm3
 6772        vmovdqu	%xmm3, 48(%esp)
 6773        cmpl	%esi, %edi
 6774        jne	L_AES_GCM_decrypt_avx1_ghash_64
 6775L_AES_GCM_decrypt_avx1_ghash_64_inplace:
 6776        leal	(%esi,%ebx,1), %ecx
 6777        leal	(%edi,%ebx,1), %edx
 6778        vmovdqu	64(%esp), %xmm4
 6779        vmovdqa	L_aes_gcm_avx1_bswap_epi64, %xmm3
 6780        vpaddd	L_aes_gcm_avx1_one, %xmm4, %xmm5
 6781        vpshufb	%xmm3, %xmm5, %xmm5
 6782        vpaddd	L_aes_gcm_avx1_two, %xmm4, %xmm6
 6783        vpshufb	%xmm3, %xmm6, %xmm6
 6784        vpaddd	L_aes_gcm_avx1_three, %xmm4, %xmm7
 6785        vpshufb	%xmm3, %xmm7, %xmm7
 6786        vpshufb	%xmm3, %xmm4, %xmm4
 6787        vmovdqu	64(%esp), %xmm3
 6788        vpaddd	L_aes_gcm_avx1_four, %xmm3, %xmm3
 6789        vmovdqu	%xmm3, 64(%esp)
 6790        vmovdqa	(%ebp), %xmm3
 6791        vpxor	%xmm3, %xmm4, %xmm4
 6792        vpxor	%xmm3, %xmm5, %xmm5
 6793        vpxor	%xmm3, %xmm6, %xmm6
 6794        vpxor	%xmm3, %xmm7, %xmm7
 6795        vmovdqa	16(%ebp), %xmm3
 6796        vaesenc	%xmm3, %xmm4, %xmm4
 6797        vaesenc	%xmm3, %xmm5, %xmm5
 6798        vaesenc	%xmm3, %xmm6, %xmm6
 6799        vaesenc	%xmm3, %xmm7, %xmm7
 6800        vmovdqa	32(%ebp), %xmm3
 6801        vaesenc	%xmm3, %xmm4, %xmm4
 6802        vaesenc	%xmm3, %xmm5, %xmm5
 6803        vaesenc	%xmm3, %xmm6, %xmm6
 6804        vaesenc	%xmm3, %xmm7, %xmm7
 6805        vmovdqa	48(%ebp), %xmm3
 6806        vaesenc	%xmm3, %xmm4, %xmm4
 6807        vaesenc	%xmm3, %xmm5, %xmm5
 6808        vaesenc	%xmm3, %xmm6, %xmm6
 6809        vaesenc	%xmm3, %xmm7, %xmm7
 6810        vmovdqa	64(%ebp), %xmm3
 6811        vaesenc	%xmm3, %xmm4, %xmm4
 6812        vaesenc	%xmm3, %xmm5, %xmm5
 6813        vaesenc	%xmm3, %xmm6, %xmm6
 6814        vaesenc	%xmm3, %xmm7, %xmm7
 6815        vmovdqa	80(%ebp), %xmm3
 6816        vaesenc	%xmm3, %xmm4, %xmm4
 6817        vaesenc	%xmm3, %xmm5, %xmm5
 6818        vaesenc	%xmm3, %xmm6, %xmm6
 6819        vaesenc	%xmm3, %xmm7, %xmm7
 6820        vmovdqa	96(%ebp), %xmm3
 6821        vaesenc	%xmm3, %xmm4, %xmm4
 6822        vaesenc	%xmm3, %xmm5, %xmm5
 6823        vaesenc	%xmm3, %xmm6, %xmm6
 6824        vaesenc	%xmm3, %xmm7, %xmm7
 6825        vmovdqa	112(%ebp), %xmm3
 6826        vaesenc	%xmm3, %xmm4, %xmm4
 6827        vaesenc	%xmm3, %xmm5, %xmm5
 6828        vaesenc	%xmm3, %xmm6, %xmm6
 6829        vaesenc	%xmm3, %xmm7, %xmm7
 6830        vmovdqa	128(%ebp), %xmm3
 6831        vaesenc	%xmm3, %xmm4, %xmm4
 6832        vaesenc	%xmm3, %xmm5, %xmm5
 6833        vaesenc	%xmm3, %xmm6, %xmm6
 6834        vaesenc	%xmm3, %xmm7, %xmm7
 6835        vmovdqa	144(%ebp), %xmm3
 6836        vaesenc	%xmm3, %xmm4, %xmm4
 6837        vaesenc	%xmm3, %xmm5, %xmm5
 6838        vaesenc	%xmm3, %xmm6, %xmm6
 6839        vaesenc	%xmm3, %xmm7, %xmm7
 6840        cmpl	$11, 236(%esp)
 6841        vmovdqa	160(%ebp), %xmm3
 6842        jl	L_AES_GCM_decrypt_avx1inplace_aesenc_64_ghash_avx_aesenc_64_enc_done
 6843        vaesenc	%xmm3, %xmm4, %xmm4
 6844        vaesenc	%xmm3, %xmm5, %xmm5
 6845        vaesenc	%xmm3, %xmm6, %xmm6
 6846        vaesenc	%xmm3, %xmm7, %xmm7
 6847        vmovdqa	176(%ebp), %xmm3
 6848        vaesenc	%xmm3, %xmm4, %xmm4
 6849        vaesenc	%xmm3, %xmm5, %xmm5
 6850        vaesenc	%xmm3, %xmm6, %xmm6
 6851        vaesenc	%xmm3, %xmm7, %xmm7
 6852        cmpl	$13, 236(%esp)
 6853        vmovdqa	192(%ebp), %xmm3
 6854        jl	L_AES_GCM_decrypt_avx1inplace_aesenc_64_ghash_avx_aesenc_64_enc_done
 6855        vaesenc	%xmm3, %xmm4, %xmm4
 6856        vaesenc	%xmm3, %xmm5, %xmm5
 6857        vaesenc	%xmm3, %xmm6, %xmm6
 6858        vaesenc	%xmm3, %xmm7, %xmm7
 6859        vmovdqa	208(%ebp), %xmm3
 6860        vaesenc	%xmm3, %xmm4, %xmm4
 6861        vaesenc	%xmm3, %xmm5, %xmm5
 6862        vaesenc	%xmm3, %xmm6, %xmm6
 6863        vaesenc	%xmm3, %xmm7, %xmm7
 6864        vmovdqa	224(%ebp), %xmm3
 6865L_AES_GCM_decrypt_avx1inplace_aesenc_64_ghash_avx_aesenc_64_enc_done:
 6866        vaesenclast	%xmm3, %xmm4, %xmm4
 6867        vaesenclast	%xmm3, %xmm5, %xmm5
 6868        vmovdqu	(%ecx), %xmm0
 6869        vmovdqu	16(%ecx), %xmm1
 6870        vpxor	%xmm0, %xmm4, %xmm4
 6871        vpxor	%xmm1, %xmm5, %xmm5
 6872        vmovdqu	%xmm0, 112(%esp)
 6873        vmovdqu	%xmm1, 128(%esp)
 6874        vmovdqu	%xmm4, (%edx)
 6875        vmovdqu	%xmm5, 16(%edx)
 6876        vaesenclast	%xmm3, %xmm6, %xmm6
 6877        vaesenclast	%xmm3, %xmm7, %xmm7
 6878        vmovdqu	32(%ecx), %xmm0
 6879        vmovdqu	48(%ecx), %xmm1
 6880        vpxor	%xmm0, %xmm6, %xmm6
 6881        vpxor	%xmm1, %xmm7, %xmm7
 6882        vmovdqu	%xmm0, 144(%esp)
 6883        vmovdqu	%xmm1, 160(%esp)
 6884        vmovdqu	%xmm6, 32(%edx)
 6885        vmovdqu	%xmm7, 48(%edx)
 6886        # ghash encrypted counter
 6887        vmovdqu	96(%esp), %xmm6
 6888        vmovdqu	48(%esp), %xmm3
 6889        vmovdqu	112(%esp), %xmm4
 6890        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 6891        vpxor	%xmm6, %xmm4, %xmm4
 6892        vpshufd	$0x4e, %xmm3, %xmm5
 6893        vpshufd	$0x4e, %xmm4, %xmm1
 6894        vpxor	%xmm3, %xmm5, %xmm5
 6895        vpxor	%xmm4, %xmm1, %xmm1
 6896        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm7
 6897        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm6
 6898        vpclmulqdq	$0x00, %xmm1, %xmm5, %xmm5
 6899        vpxor	%xmm6, %xmm5, %xmm5
 6900        vpxor	%xmm7, %xmm5, %xmm5
 6901        vmovdqu	32(%esp), %xmm3
 6902        vmovdqu	128(%esp), %xmm4
 6903        vpshufd	$0x4e, %xmm3, %xmm0
 6904        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 6905        vpxor	%xmm3, %xmm0, %xmm0
 6906        vpshufd	$0x4e, %xmm4, %xmm1
 6907        vpxor	%xmm4, %xmm1, %xmm1
 6908        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm2
 6909        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm3
 6910        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm0
 6911        vpxor	%xmm3, %xmm5, %xmm5
 6912        vpxor	%xmm3, %xmm6, %xmm6
 6913        vpxor	%xmm2, %xmm5, %xmm5
 6914        vpxor	%xmm2, %xmm7, %xmm7
 6915        vpxor	%xmm0, %xmm5, %xmm5
 6916        vmovdqu	16(%esp), %xmm3
 6917        vmovdqu	144(%esp), %xmm4
 6918        vpshufd	$0x4e, %xmm3, %xmm0
 6919        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 6920        vpxor	%xmm3, %xmm0, %xmm0
 6921        vpshufd	$0x4e, %xmm4, %xmm1
 6922        vpxor	%xmm4, %xmm1, %xmm1
 6923        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm2
 6924        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm3
 6925        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm0
 6926        vpxor	%xmm3, %xmm5, %xmm5
 6927        vpxor	%xmm3, %xmm6, %xmm6
 6928        vpxor	%xmm2, %xmm5, %xmm5
 6929        vpxor	%xmm2, %xmm7, %xmm7
 6930        vpxor	%xmm0, %xmm5, %xmm5
 6931        vmovdqu	(%esp), %xmm3
 6932        vmovdqu	160(%esp), %xmm4
 6933        vpshufd	$0x4e, %xmm3, %xmm0
 6934        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 6935        vpxor	%xmm3, %xmm0, %xmm0
 6936        vpshufd	$0x4e, %xmm4, %xmm1
 6937        vpxor	%xmm4, %xmm1, %xmm1
 6938        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm2
 6939        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm3
 6940        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm0
 6941        vpxor	%xmm3, %xmm5, %xmm5
 6942        vpxor	%xmm3, %xmm6, %xmm6
 6943        vpxor	%xmm2, %xmm5, %xmm5
 6944        vpxor	%xmm2, %xmm7, %xmm7
 6945        vpxor	%xmm0, %xmm5, %xmm5
 6946        vpslldq	$8, %xmm5, %xmm1
 6947        vpsrldq	$8, %xmm5, %xmm5
 6948        vpxor	%xmm1, %xmm6, %xmm6
 6949        vpxor	%xmm5, %xmm7, %xmm7
 6950        vpslld	$31, %xmm6, %xmm3
 6951        vpslld	$30, %xmm6, %xmm0
 6952        vpslld	$25, %xmm6, %xmm1
 6953        vpxor	%xmm0, %xmm3, %xmm3
 6954        vpxor	%xmm1, %xmm3, %xmm3
 6955        vpsrldq	$4, %xmm3, %xmm0
 6956        vpslldq	$12, %xmm3, %xmm3
 6957        vpxor	%xmm3, %xmm6, %xmm6
 6958        vpsrld	$0x01, %xmm6, %xmm1
 6959        vpsrld	$2, %xmm6, %xmm5
 6960        vpsrld	$7, %xmm6, %xmm4
 6961        vpxor	%xmm5, %xmm1, %xmm1
 6962        vpxor	%xmm4, %xmm1, %xmm1
 6963        vpxor	%xmm0, %xmm1, %xmm1
 6964        vpxor	%xmm1, %xmm6, %xmm6
 6965        vpxor	%xmm7, %xmm6, %xmm6
 6966        vmovdqu	%xmm6, 96(%esp)
 6967        addl	$0x40, %ebx
 6968        cmpl	%eax, %ebx
 6969        jl	L_AES_GCM_decrypt_avx1_ghash_64_inplace
 6970        jmp	L_AES_GCM_decrypt_avx1_ghash_64_done
 6971L_AES_GCM_decrypt_avx1_ghash_64:
 6972        leal	(%esi,%ebx,1), %ecx
 6973        leal	(%edi,%ebx,1), %edx
 6974        vmovdqu	64(%esp), %xmm4
 6975        vmovdqa	L_aes_gcm_avx1_bswap_epi64, %xmm3
 6976        vpaddd	L_aes_gcm_avx1_one, %xmm4, %xmm5
 6977        vpshufb	%xmm3, %xmm5, %xmm5
 6978        vpaddd	L_aes_gcm_avx1_two, %xmm4, %xmm6
 6979        vpshufb	%xmm3, %xmm6, %xmm6
 6980        vpaddd	L_aes_gcm_avx1_three, %xmm4, %xmm7
 6981        vpshufb	%xmm3, %xmm7, %xmm7
 6982        vpshufb	%xmm3, %xmm4, %xmm4
 6983        vmovdqu	64(%esp), %xmm3
 6984        vpaddd	L_aes_gcm_avx1_four, %xmm3, %xmm3
 6985        vmovdqu	%xmm3, 64(%esp)
 6986        vmovdqa	(%ebp), %xmm3
 6987        vpxor	%xmm3, %xmm4, %xmm4
 6988        vpxor	%xmm3, %xmm5, %xmm5
 6989        vpxor	%xmm3, %xmm6, %xmm6
 6990        vpxor	%xmm3, %xmm7, %xmm7
 6991        vmovdqa	16(%ebp), %xmm3
 6992        vaesenc	%xmm3, %xmm4, %xmm4
 6993        vaesenc	%xmm3, %xmm5, %xmm5
 6994        vaesenc	%xmm3, %xmm6, %xmm6
 6995        vaesenc	%xmm3, %xmm7, %xmm7
 6996        vmovdqa	32(%ebp), %xmm3
 6997        vaesenc	%xmm3, %xmm4, %xmm4
 6998        vaesenc	%xmm3, %xmm5, %xmm5
 6999        vaesenc	%xmm3, %xmm6, %xmm6
 7000        vaesenc	%xmm3, %xmm7, %xmm7
 7001        vmovdqa	48(%ebp), %xmm3
 7002        vaesenc	%xmm3, %xmm4, %xmm4
 7003        vaesenc	%xmm3, %xmm5, %xmm5
 7004        vaesenc	%xmm3, %xmm6, %xmm6
 7005        vaesenc	%xmm3, %xmm7, %xmm7
 7006        vmovdqa	64(%ebp), %xmm3
 7007        vaesenc	%xmm3, %xmm4, %xmm4
 7008        vaesenc	%xmm3, %xmm5, %xmm5
 7009        vaesenc	%xmm3, %xmm6, %xmm6
 7010        vaesenc	%xmm3, %xmm7, %xmm7
 7011        vmovdqa	80(%ebp), %xmm3
 7012        vaesenc	%xmm3, %xmm4, %xmm4
 7013        vaesenc	%xmm3, %xmm5, %xmm5
 7014        vaesenc	%xmm3, %xmm6, %xmm6
 7015        vaesenc	%xmm3, %xmm7, %xmm7
 7016        vmovdqa	96(%ebp), %xmm3
 7017        vaesenc	%xmm3, %xmm4, %xmm4
 7018        vaesenc	%xmm3, %xmm5, %xmm5
 7019        vaesenc	%xmm3, %xmm6, %xmm6
 7020        vaesenc	%xmm3, %xmm7, %xmm7
 7021        vmovdqa	112(%ebp), %xmm3
 7022        vaesenc	%xmm3, %xmm4, %xmm4
 7023        vaesenc	%xmm3, %xmm5, %xmm5
 7024        vaesenc	%xmm3, %xmm6, %xmm6
 7025        vaesenc	%xmm3, %xmm7, %xmm7
 7026        vmovdqa	128(%ebp), %xmm3
 7027        vaesenc	%xmm3, %xmm4, %xmm4
 7028        vaesenc	%xmm3, %xmm5, %xmm5
 7029        vaesenc	%xmm3, %xmm6, %xmm6
 7030        vaesenc	%xmm3, %xmm7, %xmm7
 7031        vmovdqa	144(%ebp), %xmm3
 7032        vaesenc	%xmm3, %xmm4, %xmm4
 7033        vaesenc	%xmm3, %xmm5, %xmm5
 7034        vaesenc	%xmm3, %xmm6, %xmm6
 7035        vaesenc	%xmm3, %xmm7, %xmm7
 7036        cmpl	$11, 236(%esp)
 7037        vmovdqa	160(%ebp), %xmm3
 7038        jl	L_AES_GCM_decrypt_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done
 7039        vaesenc	%xmm3, %xmm4, %xmm4
 7040        vaesenc	%xmm3, %xmm5, %xmm5
 7041        vaesenc	%xmm3, %xmm6, %xmm6
 7042        vaesenc	%xmm3, %xmm7, %xmm7
 7043        vmovdqa	176(%ebp), %xmm3
 7044        vaesenc	%xmm3, %xmm4, %xmm4
 7045        vaesenc	%xmm3, %xmm5, %xmm5
 7046        vaesenc	%xmm3, %xmm6, %xmm6
 7047        vaesenc	%xmm3, %xmm7, %xmm7
 7048        cmpl	$13, 236(%esp)
 7049        vmovdqa	192(%ebp), %xmm3
 7050        jl	L_AES_GCM_decrypt_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done
 7051        vaesenc	%xmm3, %xmm4, %xmm4
 7052        vaesenc	%xmm3, %xmm5, %xmm5
 7053        vaesenc	%xmm3, %xmm6, %xmm6
 7054        vaesenc	%xmm3, %xmm7, %xmm7
 7055        vmovdqa	208(%ebp), %xmm3
 7056        vaesenc	%xmm3, %xmm4, %xmm4
 7057        vaesenc	%xmm3, %xmm5, %xmm5
 7058        vaesenc	%xmm3, %xmm6, %xmm6
 7059        vaesenc	%xmm3, %xmm7, %xmm7
 7060        vmovdqa	224(%ebp), %xmm3
 7061L_AES_GCM_decrypt_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done:
 7062        vaesenclast	%xmm3, %xmm4, %xmm4
 7063        vaesenclast	%xmm3, %xmm5, %xmm5
 7064        vmovdqu	(%ecx), %xmm0
 7065        vmovdqu	16(%ecx), %xmm1
 7066        vpxor	%xmm0, %xmm4, %xmm4
 7067        vpxor	%xmm1, %xmm5, %xmm5
 7068        vmovdqu	%xmm0, (%ecx)
 7069        vmovdqu	%xmm1, 16(%ecx)
 7070        vmovdqu	%xmm4, (%edx)
 7071        vmovdqu	%xmm5, 16(%edx)
 7072        vaesenclast	%xmm3, %xmm6, %xmm6
 7073        vaesenclast	%xmm3, %xmm7, %xmm7
 7074        vmovdqu	32(%ecx), %xmm0
 7075        vmovdqu	48(%ecx), %xmm1
 7076        vpxor	%xmm0, %xmm6, %xmm6
 7077        vpxor	%xmm1, %xmm7, %xmm7
 7078        vmovdqu	%xmm0, 32(%ecx)
 7079        vmovdqu	%xmm1, 48(%ecx)
 7080        vmovdqu	%xmm6, 32(%edx)
 7081        vmovdqu	%xmm7, 48(%edx)
 7082        # ghash encrypted counter
 7083        vmovdqu	96(%esp), %xmm6
 7084        vmovdqu	48(%esp), %xmm3
 7085        vmovdqu	(%ecx), %xmm4
 7086        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 7087        vpxor	%xmm6, %xmm4, %xmm4
 7088        vpshufd	$0x4e, %xmm3, %xmm5
 7089        vpshufd	$0x4e, %xmm4, %xmm1
 7090        vpxor	%xmm3, %xmm5, %xmm5
 7091        vpxor	%xmm4, %xmm1, %xmm1
 7092        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm7
 7093        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm6
 7094        vpclmulqdq	$0x00, %xmm1, %xmm5, %xmm5
 7095        vpxor	%xmm6, %xmm5, %xmm5
 7096        vpxor	%xmm7, %xmm5, %xmm5
 7097        vmovdqu	32(%esp), %xmm3
 7098        vmovdqu	16(%ecx), %xmm4
 7099        vpshufd	$0x4e, %xmm3, %xmm0
 7100        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 7101        vpxor	%xmm3, %xmm0, %xmm0
 7102        vpshufd	$0x4e, %xmm4, %xmm1
 7103        vpxor	%xmm4, %xmm1, %xmm1
 7104        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm2
 7105        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm3
 7106        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm0
 7107        vpxor	%xmm3, %xmm5, %xmm5
 7108        vpxor	%xmm3, %xmm6, %xmm6
 7109        vpxor	%xmm2, %xmm5, %xmm5
 7110        vpxor	%xmm2, %xmm7, %xmm7
 7111        vpxor	%xmm0, %xmm5, %xmm5
 7112        vmovdqu	16(%esp), %xmm3
 7113        vmovdqu	32(%ecx), %xmm4
 7114        vpshufd	$0x4e, %xmm3, %xmm0
 7115        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 7116        vpxor	%xmm3, %xmm0, %xmm0
 7117        vpshufd	$0x4e, %xmm4, %xmm1
 7118        vpxor	%xmm4, %xmm1, %xmm1
 7119        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm2
 7120        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm3
 7121        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm0
 7122        vpxor	%xmm3, %xmm5, %xmm5
 7123        vpxor	%xmm3, %xmm6, %xmm6
 7124        vpxor	%xmm2, %xmm5, %xmm5
 7125        vpxor	%xmm2, %xmm7, %xmm7
 7126        vpxor	%xmm0, %xmm5, %xmm5
 7127        vmovdqu	(%esp), %xmm3
 7128        vmovdqu	48(%ecx), %xmm4
 7129        vpshufd	$0x4e, %xmm3, %xmm0
 7130        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 7131        vpxor	%xmm3, %xmm0, %xmm0
 7132        vpshufd	$0x4e, %xmm4, %xmm1
 7133        vpxor	%xmm4, %xmm1, %xmm1
 7134        vpclmulqdq	$0x11, %xmm3, %xmm4, %xmm2
 7135        vpclmulqdq	$0x00, %xmm3, %xmm4, %xmm3
 7136        vpclmulqdq	$0x00, %xmm1, %xmm0, %xmm0
 7137        vpxor	%xmm3, %xmm5, %xmm5
 7138        vpxor	%xmm3, %xmm6, %xmm6
 7139        vpxor	%xmm2, %xmm5, %xmm5
 7140        vpxor	%xmm2, %xmm7, %xmm7
 7141        vpxor	%xmm0, %xmm5, %xmm5
 7142        vpslldq	$8, %xmm5, %xmm1
 7143        vpsrldq	$8, %xmm5, %xmm5
 7144        vpxor	%xmm1, %xmm6, %xmm6
 7145        vpxor	%xmm5, %xmm7, %xmm7
 7146        vpslld	$31, %xmm6, %xmm3
 7147        vpslld	$30, %xmm6, %xmm0
 7148        vpslld	$25, %xmm6, %xmm1
 7149        vpxor	%xmm0, %xmm3, %xmm3
 7150        vpxor	%xmm1, %xmm3, %xmm3
 7151        vpsrldq	$4, %xmm3, %xmm0
 7152        vpslldq	$12, %xmm3, %xmm3
 7153        vpxor	%xmm3, %xmm6, %xmm6
 7154        vpsrld	$0x01, %xmm6, %xmm1
 7155        vpsrld	$2, %xmm6, %xmm5
 7156        vpsrld	$7, %xmm6, %xmm4
 7157        vpxor	%xmm5, %xmm1, %xmm1
 7158        vpxor	%xmm4, %xmm1, %xmm1
 7159        vpxor	%xmm0, %xmm1, %xmm1
 7160        vpxor	%xmm1, %xmm6, %xmm6
 7161        vpxor	%xmm7, %xmm6, %xmm6
 7162        vmovdqu	%xmm6, 96(%esp)
 7163        addl	$0x40, %ebx
 7164        cmpl	%eax, %ebx
 7165        jl	L_AES_GCM_decrypt_avx1_ghash_64
 7166L_AES_GCM_decrypt_avx1_ghash_64_done:
 7167        vmovdqa	%xmm6, %xmm2
 7168        vmovdqu	(%esp), %xmm1
 7169L_AES_GCM_decrypt_avx1_done_64:
 7170        movl	216(%esp), %edx
 7171        cmpl	%edx, %ebx
 7172        jge	L_AES_GCM_decrypt_avx1_done_dec
 7173        movl	216(%esp), %eax
 7174        andl	$0xfffffff0, %eax
 7175        cmpl	%eax, %ebx
 7176        jge	L_AES_GCM_decrypt_avx1_last_block_done
 7177L_AES_GCM_decrypt_avx1_last_block_start:
 7178        leal	(%esi,%ebx,1), %ecx
 7179        leal	(%edi,%ebx,1), %edx
 7180        vmovdqu	(%ecx), %xmm7
 7181        pshufb	L_aes_gcm_avx1_bswap_mask, %xmm7
 7182        pxor	%xmm2, %xmm7
 7183        vmovdqu	64(%esp), %xmm5
 7184        vmovdqu	%xmm7, %xmm7
 7185        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm5, %xmm4
 7186        vpaddd	L_aes_gcm_avx1_one, %xmm5, %xmm5
 7187        vmovdqu	%xmm5, 64(%esp)
 7188        vpxor	(%ebp), %xmm4, %xmm4
 7189        vpclmulqdq	$16, %xmm1, %xmm7, %xmm0
 7190        vaesenc	16(%ebp), %xmm4, %xmm4
 7191        vaesenc	32(%ebp), %xmm4, %xmm4
 7192        vpclmulqdq	$0x01, %xmm1, %xmm7, %xmm3
 7193        vaesenc	48(%ebp), %xmm4, %xmm4
 7194        vaesenc	64(%ebp), %xmm4, %xmm4
 7195        vaesenc	80(%ebp), %xmm4, %xmm4
 7196        vpclmulqdq	$0x11, %xmm1, %xmm7, %xmm5
 7197        vaesenc	96(%ebp), %xmm4, %xmm4
 7198        vpxor	%xmm3, %xmm0, %xmm0
 7199        vpslldq	$8, %xmm0, %xmm6
 7200        vpsrldq	$8, %xmm0, %xmm0
 7201        vaesenc	112(%ebp), %xmm4, %xmm4
 7202        vpclmulqdq	$0x00, %xmm1, %xmm7, %xmm3
 7203        vpxor	%xmm3, %xmm6, %xmm6
 7204        vpxor	%xmm0, %xmm5, %xmm5
 7205        vmovdqa	L_aes_gcm_avx1_mod2_128, %xmm7
 7206        vpclmulqdq	$16, %xmm7, %xmm6, %xmm3
 7207        vaesenc	128(%ebp), %xmm4, %xmm4
 7208        vpshufd	$0x4e, %xmm6, %xmm0
 7209        vpxor	%xmm3, %xmm0, %xmm0
 7210        vpclmulqdq	$16, %xmm7, %xmm0, %xmm3
 7211        vaesenc	144(%ebp), %xmm4, %xmm4
 7212        vpshufd	$0x4e, %xmm0, %xmm2
 7213        vpxor	%xmm3, %xmm2, %xmm2
 7214        vpxor	%xmm5, %xmm2, %xmm2
 7215        cmpl	$11, 236(%esp)
 7216        vmovdqa	160(%ebp), %xmm5
 7217        jl	L_AES_GCM_decrypt_avx1_aesenc_gfmul_last
 7218        vaesenc	%xmm5, %xmm4, %xmm4
 7219        vaesenc	176(%ebp), %xmm4, %xmm4
 7220        cmpl	$13, 236(%esp)
 7221        vmovdqa	192(%ebp), %xmm5
 7222        jl	L_AES_GCM_decrypt_avx1_aesenc_gfmul_last
 7223        vaesenc	%xmm5, %xmm4, %xmm4
 7224        vaesenc	208(%ebp), %xmm4, %xmm4
 7225        vmovdqa	224(%ebp), %xmm5
 7226L_AES_GCM_decrypt_avx1_aesenc_gfmul_last:
 7227        vaesenclast	%xmm5, %xmm4, %xmm4
 7228        vmovdqu	(%ecx), %xmm5
 7229        vpxor	%xmm5, %xmm4, %xmm4
 7230        vmovdqu	%xmm4, (%edx)
 7231        addl	$16, %ebx
 7232        cmpl	%eax, %ebx
 7233        jl	L_AES_GCM_decrypt_avx1_last_block_start
 7234L_AES_GCM_decrypt_avx1_last_block_done:
 7235        movl	216(%esp), %ecx
 7236        movl	%ecx, %edx
 7237        andl	$15, %ecx
 7238        jz	L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_done
 7239        vmovdqu	64(%esp), %xmm0
 7240        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm0, %xmm0
 7241        vpxor	(%ebp), %xmm0, %xmm0
 7242        vaesenc	16(%ebp), %xmm0, %xmm0
 7243        vaesenc	32(%ebp), %xmm0, %xmm0
 7244        vaesenc	48(%ebp), %xmm0, %xmm0
 7245        vaesenc	64(%ebp), %xmm0, %xmm0
 7246        vaesenc	80(%ebp), %xmm0, %xmm0
 7247        vaesenc	96(%ebp), %xmm0, %xmm0
 7248        vaesenc	112(%ebp), %xmm0, %xmm0
 7249        vaesenc	128(%ebp), %xmm0, %xmm0
 7250        vaesenc	144(%ebp), %xmm0, %xmm0
 7251        cmpl	$11, 236(%esp)
 7252        vmovdqa	160(%ebp), %xmm5
 7253        jl	L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_aesenc_avx_last
 7254        vaesenc	%xmm5, %xmm0, %xmm0
 7255        vaesenc	176(%ebp), %xmm0, %xmm0
 7256        cmpl	$13, 236(%esp)
 7257        vmovdqa	192(%ebp), %xmm5
 7258        jl	L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_aesenc_avx_last
 7259        vaesenc	%xmm5, %xmm0, %xmm0
 7260        vaesenc	208(%ebp), %xmm0, %xmm0
 7261        vmovdqa	224(%ebp), %xmm5
 7262L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_aesenc_avx_last:
 7263        vaesenclast	%xmm5, %xmm0, %xmm0
 7264        subl	$32, %esp
 7265        xorl	%ecx, %ecx
 7266        vmovdqu	%xmm0, (%esp)
 7267        vpxor	%xmm4, %xmm4, %xmm4
 7268        vmovdqu	%xmm4, 16(%esp)
 7269L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_loop:
 7270        movzbl	(%esi,%ebx,1), %eax
 7271        movb	%al, 16(%esp,%ecx,1)
 7272        xorb	(%esp,%ecx,1), %al
 7273        movb	%al, (%edi,%ebx,1)
 7274        incl	%ebx
 7275        incl	%ecx
 7276        cmpl	%edx, %ebx
 7277        jl	L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_loop
 7278        vmovdqu	16(%esp), %xmm0
 7279        addl	$32, %esp
 7280        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 7281        vpxor	%xmm0, %xmm2, %xmm2
 7282        # ghash_gfmul_red_avx
 7283        vpshufd	$0x4e, %xmm1, %xmm5
 7284        vpshufd	$0x4e, %xmm2, %xmm6
 7285        vpclmulqdq	$0x11, %xmm1, %xmm2, %xmm7
 7286        vpclmulqdq	$0x00, %xmm1, %xmm2, %xmm4
 7287        vpxor	%xmm1, %xmm5, %xmm5
 7288        vpxor	%xmm2, %xmm6, %xmm6
 7289        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 7290        vpxor	%xmm4, %xmm5, %xmm5
 7291        vpxor	%xmm7, %xmm5, %xmm5
 7292        vpslldq	$8, %xmm5, %xmm6
 7293        vpsrldq	$8, %xmm5, %xmm5
 7294        vpxor	%xmm6, %xmm4, %xmm4
 7295        vpxor	%xmm5, %xmm7, %xmm2
 7296        vpslld	$31, %xmm4, %xmm5
 7297        vpslld	$30, %xmm4, %xmm6
 7298        vpslld	$25, %xmm4, %xmm7
 7299        vpxor	%xmm6, %xmm5, %xmm5
 7300        vpxor	%xmm7, %xmm5, %xmm5
 7301        vpsrldq	$4, %xmm5, %xmm7
 7302        vpslldq	$12, %xmm5, %xmm5
 7303        vpxor	%xmm5, %xmm4, %xmm4
 7304        vpsrld	$0x01, %xmm4, %xmm5
 7305        vpsrld	$2, %xmm4, %xmm6
 7306        vpxor	%xmm6, %xmm5, %xmm5
 7307        vpxor	%xmm4, %xmm5, %xmm5
 7308        vpsrld	$7, %xmm4, %xmm4
 7309        vpxor	%xmm7, %xmm5, %xmm5
 7310        vpxor	%xmm4, %xmm5, %xmm5
 7311        vpxor	%xmm5, %xmm2, %xmm2
 7312L_AES_GCM_decrypt_avx1_aesenc_last15_dec_avx_done:
 7313L_AES_GCM_decrypt_avx1_done_dec:
 7314        movl	212(%esp), %esi
 7315        movl	228(%esp), %ebp
 7316        movl	216(%esp), %edx
 7317        movl	220(%esp), %ecx
 7318        shll	$3, %edx
 7319        shll	$3, %ecx
 7320        vpinsrd	$0x00, %edx, %xmm4, %xmm4
 7321        vpinsrd	$2, %ecx, %xmm4, %xmm4
 7322        movl	216(%esp), %edx
 7323        movl	220(%esp), %ecx
 7324        shrl	$29, %edx
 7325        shrl	$29, %ecx
 7326        vpinsrd	$0x01, %edx, %xmm4, %xmm4
 7327        vpinsrd	$3, %ecx, %xmm4, %xmm4
 7328        vpxor	%xmm4, %xmm2, %xmm2
 7329        # ghash_gfmul_red_avx
 7330        vpshufd	$0x4e, %xmm1, %xmm5
 7331        vpshufd	$0x4e, %xmm2, %xmm6
 7332        vpclmulqdq	$0x11, %xmm1, %xmm2, %xmm7
 7333        vpclmulqdq	$0x00, %xmm1, %xmm2, %xmm4
 7334        vpxor	%xmm1, %xmm5, %xmm5
 7335        vpxor	%xmm2, %xmm6, %xmm6
 7336        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm5
 7337        vpxor	%xmm4, %xmm5, %xmm5
 7338        vpxor	%xmm7, %xmm5, %xmm5
 7339        vpslldq	$8, %xmm5, %xmm6
 7340        vpsrldq	$8, %xmm5, %xmm5
 7341        vpxor	%xmm6, %xmm4, %xmm4
 7342        vpxor	%xmm5, %xmm7, %xmm2
 7343        vpslld	$31, %xmm4, %xmm5
 7344        vpslld	$30, %xmm4, %xmm6
 7345        vpslld	$25, %xmm4, %xmm7
 7346        vpxor	%xmm6, %xmm5, %xmm5
 7347        vpxor	%xmm7, %xmm5, %xmm5
 7348        vpsrldq	$4, %xmm5, %xmm7
 7349        vpslldq	$12, %xmm5, %xmm5
 7350        vpxor	%xmm5, %xmm4, %xmm4
 7351        vpsrld	$0x01, %xmm4, %xmm5
 7352        vpsrld	$2, %xmm4, %xmm6
 7353        vpxor	%xmm6, %xmm5, %xmm5
 7354        vpxor	%xmm4, %xmm5, %xmm5
 7355        vpsrld	$7, %xmm4, %xmm4
 7356        vpxor	%xmm7, %xmm5, %xmm5
 7357        vpxor	%xmm4, %xmm5, %xmm5
 7358        vpxor	%xmm5, %xmm2, %xmm2
 7359        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm2, %xmm2
 7360        vpxor	80(%esp), %xmm2, %xmm4
 7361        movl	240(%esp), %edi
 7362        cmpl	$16, %ebp
 7363        je	L_AES_GCM_decrypt_avx1_cmp_tag_16
 7364        subl	$16, %esp
 7365        xorl	%ecx, %ecx
 7366        xorl	%ebx, %ebx
 7367        vmovdqu	%xmm4, (%esp)
 7368L_AES_GCM_decrypt_avx1_cmp_tag_loop:
 7369        movzbl	(%esp,%ecx,1), %eax
 7370        xorb	(%esi,%ecx,1), %al
 7371        orb	%al, %bl
 7372        incl	%ecx
 7373        cmpl	%ebp, %ecx
 7374        jne	L_AES_GCM_decrypt_avx1_cmp_tag_loop
 7375        cmpb	$0x00, %bl
 7376        sete	%bl
 7377        addl	$16, %esp
 7378        xorl	%ecx, %ecx
 7379        jmp	L_AES_GCM_decrypt_avx1_cmp_tag_done
 7380L_AES_GCM_decrypt_avx1_cmp_tag_16:
 7381        vmovdqu	(%esi), %xmm5
 7382        vpcmpeqb	%xmm5, %xmm4, %xmm4
 7383        vpmovmskb	%xmm4, %edx
 7384        # %%edx == 0xFFFF then return 1 else => return 0
 7385        xorl	%ebx, %ebx
 7386        cmpl	$0xffff, %edx
 7387        sete	%bl
 7388L_AES_GCM_decrypt_avx1_cmp_tag_done:
 7389        movl	%ebx, (%edi)
 7390        addl	$0xb0, %esp
 7391        popl	%ebp
 7392        popl	%edi
 7393        popl	%esi
 7394        popl	%ebx
 7395        ret
 7396.size	AES_GCM_decrypt_avx1,.-AES_GCM_decrypt_avx1
 7397#ifdef WOLFSSL_AESGCM_STREAM
 7398.text
 7399.globl	AES_GCM_init_avx1
 7400.type	AES_GCM_init_avx1,@function
 7401.align	16
 7402AES_GCM_init_avx1:
 7403        pushl	%ebx
 7404        pushl	%esi
 7405        pushl	%edi
 7406        pushl	%ebp
 7407        subl	$16, %esp
 7408        movl	36(%esp), %ebp
 7409        movl	44(%esp), %esi
 7410        movl	60(%esp), %edi
 7411        vpxor	%xmm4, %xmm4, %xmm4
 7412        movl	48(%esp), %edx
 7413        cmpl	$12, %edx
 7414        jne	L_AES_GCM_init_avx1_iv_not_12
 7415        # # Calculate values when IV is 12 bytes
 7416        # Set counter based on IV
 7417        movl	$0x1000000, %ecx
 7418        vpinsrd	$0x00, (%esi), %xmm4, %xmm4
 7419        vpinsrd	$0x01, 4(%esi), %xmm4, %xmm4
 7420        vpinsrd	$2, 8(%esi), %xmm4, %xmm4
 7421        vpinsrd	$3, %ecx, %xmm4, %xmm4
 7422        # H = Encrypt X(=0) and T = Encrypt counter
 7423        vmovdqa	(%ebp), %xmm5
 7424        vpxor	%xmm5, %xmm4, %xmm1
 7425        vmovdqa	16(%ebp), %xmm7
 7426        vaesenc	%xmm7, %xmm5, %xmm5
 7427        vaesenc	%xmm7, %xmm1, %xmm1
 7428        vmovdqa	32(%ebp), %xmm7
 7429        vaesenc	%xmm7, %xmm5, %xmm5
 7430        vaesenc	%xmm7, %xmm1, %xmm1
 7431        vmovdqa	48(%ebp), %xmm7
 7432        vaesenc	%xmm7, %xmm5, %xmm5
 7433        vaesenc	%xmm7, %xmm1, %xmm1
 7434        vmovdqa	64(%ebp), %xmm7
 7435        vaesenc	%xmm7, %xmm5, %xmm5
 7436        vaesenc	%xmm7, %xmm1, %xmm1
 7437        vmovdqa	80(%ebp), %xmm7
 7438        vaesenc	%xmm7, %xmm5, %xmm5
 7439        vaesenc	%xmm7, %xmm1, %xmm1
 7440        vmovdqa	96(%ebp), %xmm7
 7441        vaesenc	%xmm7, %xmm5, %xmm5
 7442        vaesenc	%xmm7, %xmm1, %xmm1
 7443        vmovdqa	112(%ebp), %xmm7
 7444        vaesenc	%xmm7, %xmm5, %xmm5
 7445        vaesenc	%xmm7, %xmm1, %xmm1
 7446        vmovdqa	128(%ebp), %xmm7
 7447        vaesenc	%xmm7, %xmm5, %xmm5
 7448        vaesenc	%xmm7, %xmm1, %xmm1
 7449        vmovdqa	144(%ebp), %xmm7
 7450        vaesenc	%xmm7, %xmm5, %xmm5
 7451        vaesenc	%xmm7, %xmm1, %xmm1
 7452        cmpl	$11, 40(%esp)
 7453        vmovdqa	160(%ebp), %xmm7
 7454        jl	L_AES_GCM_init_avx1_calc_iv_12_last
 7455        vaesenc	%xmm7, %xmm5, %xmm5
 7456        vaesenc	%xmm7, %xmm1, %xmm1
 7457        vmovdqa	176(%ebp), %xmm7
 7458        vaesenc	%xmm7, %xmm5, %xmm5
 7459        vaesenc	%xmm7, %xmm1, %xmm1
 7460        cmpl	$13, 40(%esp)
 7461        vmovdqa	192(%ebp), %xmm7
 7462        jl	L_AES_GCM_init_avx1_calc_iv_12_last
 7463        vaesenc	%xmm7, %xmm5, %xmm5
 7464        vaesenc	%xmm7, %xmm1, %xmm1
 7465        vmovdqa	208(%ebp), %xmm7
 7466        vaesenc	%xmm7, %xmm5, %xmm5
 7467        vaesenc	%xmm7, %xmm1, %xmm1
 7468        vmovdqa	224(%ebp), %xmm7
 7469L_AES_GCM_init_avx1_calc_iv_12_last:
 7470        vaesenclast	%xmm7, %xmm5, %xmm5
 7471        vaesenclast	%xmm7, %xmm1, %xmm1
 7472        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm5, %xmm5
 7473        vmovdqu	%xmm1, (%edi)
 7474        jmp	L_AES_GCM_init_avx1_iv_done
 7475L_AES_GCM_init_avx1_iv_not_12:
 7476        # Calculate values when IV is not 12 bytes
 7477        # H = Encrypt X(=0)
 7478        vmovdqa	(%ebp), %xmm5
 7479        vaesenc	16(%ebp), %xmm5, %xmm5
 7480        vaesenc	32(%ebp), %xmm5, %xmm5
 7481        vaesenc	48(%ebp), %xmm5, %xmm5
 7482        vaesenc	64(%ebp), %xmm5, %xmm5
 7483        vaesenc	80(%ebp), %xmm5, %xmm5
 7484        vaesenc	96(%ebp), %xmm5, %xmm5
 7485        vaesenc	112(%ebp), %xmm5, %xmm5
 7486        vaesenc	128(%ebp), %xmm5, %xmm5
 7487        vaesenc	144(%ebp), %xmm5, %xmm5
 7488        cmpl	$11, 40(%esp)
 7489        vmovdqa	160(%ebp), %xmm1
 7490        jl	L_AES_GCM_init_avx1_calc_iv_1_aesenc_avx_last
 7491        vaesenc	%xmm1, %xmm5, %xmm5
 7492        vaesenc	176(%ebp), %xmm5, %xmm5
 7493        cmpl	$13, 40(%esp)
 7494        vmovdqa	192(%ebp), %xmm1
 7495        jl	L_AES_GCM_init_avx1_calc_iv_1_aesenc_avx_last
 7496        vaesenc	%xmm1, %xmm5, %xmm5
 7497        vaesenc	208(%ebp), %xmm5, %xmm5
 7498        vmovdqa	224(%ebp), %xmm1
 7499L_AES_GCM_init_avx1_calc_iv_1_aesenc_avx_last:
 7500        vaesenclast	%xmm1, %xmm5, %xmm5
 7501        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm5, %xmm5
 7502        # Calc counter
 7503        # Initialization vector
 7504        cmpl	$0x00, %edx
 7505        movl	$0x00, %ecx
 7506        je	L_AES_GCM_init_avx1_calc_iv_done
 7507        cmpl	$16, %edx
 7508        jl	L_AES_GCM_init_avx1_calc_iv_lt16
 7509        andl	$0xfffffff0, %edx
 7510L_AES_GCM_init_avx1_calc_iv_16_loop:
 7511        vmovdqu	(%esi,%ecx,1), %xmm0
 7512        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 7513        vpxor	%xmm0, %xmm4, %xmm4
 7514        # ghash_gfmul_avx
 7515        vpshufd	$0x4e, %xmm4, %xmm1
 7516        vpshufd	$0x4e, %xmm5, %xmm2
 7517        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
 7518        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
 7519        vpxor	%xmm4, %xmm1, %xmm1
 7520        vpxor	%xmm5, %xmm2, %xmm2
 7521        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 7522        vpxor	%xmm0, %xmm1, %xmm1
 7523        vpxor	%xmm3, %xmm1, %xmm1
 7524        vmovdqa	%xmm0, %xmm7
 7525        vmovdqa	%xmm3, %xmm4
 7526        vpslldq	$8, %xmm1, %xmm2
 7527        vpsrldq	$8, %xmm1, %xmm1
 7528        vpxor	%xmm2, %xmm7, %xmm7
 7529        vpxor	%xmm1, %xmm4, %xmm4
 7530        vpsrld	$31, %xmm7, %xmm0
 7531        vpsrld	$31, %xmm4, %xmm1
 7532        vpslld	$0x01, %xmm7, %xmm7
 7533        vpslld	$0x01, %xmm4, %xmm4
 7534        vpsrldq	$12, %xmm0, %xmm2
 7535        vpslldq	$4, %xmm0, %xmm0
 7536        vpslldq	$4, %xmm1, %xmm1
 7537        vpor	%xmm2, %xmm4, %xmm4
 7538        vpor	%xmm0, %xmm7, %xmm7
 7539        vpor	%xmm1, %xmm4, %xmm4
 7540        vpslld	$31, %xmm7, %xmm0
 7541        vpslld	$30, %xmm7, %xmm1
 7542        vpslld	$25, %xmm7, %xmm2
 7543        vpxor	%xmm1, %xmm0, %xmm0
 7544        vpxor	%xmm2, %xmm0, %xmm0
 7545        vmovdqa	%xmm0, %xmm1
 7546        vpsrldq	$4, %xmm1, %xmm1
 7547        vpslldq	$12, %xmm0, %xmm0
 7548        vpxor	%xmm0, %xmm7, %xmm7
 7549        vpsrld	$0x01, %xmm7, %xmm2
 7550        vpsrld	$2, %xmm7, %xmm3
 7551        vpsrld	$7, %xmm7, %xmm0
 7552        vpxor	%xmm3, %xmm2, %xmm2
 7553        vpxor	%xmm0, %xmm2, %xmm2
 7554        vpxor	%xmm1, %xmm2, %xmm2
 7555        vpxor	%xmm7, %xmm2, %xmm2
 7556        vpxor	%xmm2, %xmm4, %xmm4
 7557        addl	$16, %ecx
 7558        cmpl	%edx, %ecx
 7559        jl	L_AES_GCM_init_avx1_calc_iv_16_loop
 7560        movl	48(%esp), %edx
 7561        cmpl	%edx, %ecx
 7562        je	L_AES_GCM_init_avx1_calc_iv_done
 7563L_AES_GCM_init_avx1_calc_iv_lt16:
 7564        subl	$16, %esp
 7565        vpxor	%xmm0, %xmm0, %xmm0
 7566        xorl	%ebx, %ebx
 7567        vmovdqu	%xmm0, (%esp)
 7568L_AES_GCM_init_avx1_calc_iv_loop:
 7569        movzbl	(%esi,%ecx,1), %eax
 7570        movb	%al, (%esp,%ebx,1)
 7571        incl	%ecx
 7572        incl	%ebx
 7573        cmpl	%edx, %ecx
 7574        jl	L_AES_GCM_init_avx1_calc_iv_loop
 7575        vmovdqu	(%esp), %xmm0
 7576        addl	$16, %esp
 7577        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 7578        vpxor	%xmm0, %xmm4, %xmm4
 7579        # ghash_gfmul_avx
 7580        vpshufd	$0x4e, %xmm4, %xmm1
 7581        vpshufd	$0x4e, %xmm5, %xmm2
 7582        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
 7583        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
 7584        vpxor	%xmm4, %xmm1, %xmm1
 7585        vpxor	%xmm5, %xmm2, %xmm2
 7586        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 7587        vpxor	%xmm0, %xmm1, %xmm1
 7588        vpxor	%xmm3, %xmm1, %xmm1
 7589        vmovdqa	%xmm0, %xmm7
 7590        vmovdqa	%xmm3, %xmm4
 7591        vpslldq	$8, %xmm1, %xmm2
 7592        vpsrldq	$8, %xmm1, %xmm1
 7593        vpxor	%xmm2, %xmm7, %xmm7
 7594        vpxor	%xmm1, %xmm4, %xmm4
 7595        vpsrld	$31, %xmm7, %xmm0
 7596        vpsrld	$31, %xmm4, %xmm1
 7597        vpslld	$0x01, %xmm7, %xmm7
 7598        vpslld	$0x01, %xmm4, %xmm4
 7599        vpsrldq	$12, %xmm0, %xmm2
 7600        vpslldq	$4, %xmm0, %xmm0
 7601        vpslldq	$4, %xmm1, %xmm1
 7602        vpor	%xmm2, %xmm4, %xmm4
 7603        vpor	%xmm0, %xmm7, %xmm7
 7604        vpor	%xmm1, %xmm4, %xmm4
 7605        vpslld	$31, %xmm7, %xmm0
 7606        vpslld	$30, %xmm7, %xmm1
 7607        vpslld	$25, %xmm7, %xmm2
 7608        vpxor	%xmm1, %xmm0, %xmm0
 7609        vpxor	%xmm2, %xmm0, %xmm0
 7610        vmovdqa	%xmm0, %xmm1
 7611        vpsrldq	$4, %xmm1, %xmm1
 7612        vpslldq	$12, %xmm0, %xmm0
 7613        vpxor	%xmm0, %xmm7, %xmm7
 7614        vpsrld	$0x01, %xmm7, %xmm2
 7615        vpsrld	$2, %xmm7, %xmm3
 7616        vpsrld	$7, %xmm7, %xmm0
 7617        vpxor	%xmm3, %xmm2, %xmm2
 7618        vpxor	%xmm0, %xmm2, %xmm2
 7619        vpxor	%xmm1, %xmm2, %xmm2
 7620        vpxor	%xmm7, %xmm2, %xmm2
 7621        vpxor	%xmm2, %xmm4, %xmm4
 7622L_AES_GCM_init_avx1_calc_iv_done:
 7623        # T = Encrypt counter
 7624        vpxor	%xmm0, %xmm0, %xmm0
 7625        shll	$3, %edx
 7626        vpinsrd	$0x00, %edx, %xmm0, %xmm0
 7627        vpxor	%xmm0, %xmm4, %xmm4
 7628        # ghash_gfmul_avx
 7629        vpshufd	$0x4e, %xmm4, %xmm1
 7630        vpshufd	$0x4e, %xmm5, %xmm2
 7631        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
 7632        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
 7633        vpxor	%xmm4, %xmm1, %xmm1
 7634        vpxor	%xmm5, %xmm2, %xmm2
 7635        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 7636        vpxor	%xmm0, %xmm1, %xmm1
 7637        vpxor	%xmm3, %xmm1, %xmm1
 7638        vmovdqa	%xmm0, %xmm7
 7639        vmovdqa	%xmm3, %xmm4
 7640        vpslldq	$8, %xmm1, %xmm2
 7641        vpsrldq	$8, %xmm1, %xmm1
 7642        vpxor	%xmm2, %xmm7, %xmm7
 7643        vpxor	%xmm1, %xmm4, %xmm4
 7644        vpsrld	$31, %xmm7, %xmm0
 7645        vpsrld	$31, %xmm4, %xmm1
 7646        vpslld	$0x01, %xmm7, %xmm7
 7647        vpslld	$0x01, %xmm4, %xmm4
 7648        vpsrldq	$12, %xmm0, %xmm2
 7649        vpslldq	$4, %xmm0, %xmm0
 7650        vpslldq	$4, %xmm1, %xmm1
 7651        vpor	%xmm2, %xmm4, %xmm4
 7652        vpor	%xmm0, %xmm7, %xmm7
 7653        vpor	%xmm1, %xmm4, %xmm4
 7654        vpslld	$31, %xmm7, %xmm0
 7655        vpslld	$30, %xmm7, %xmm1
 7656        vpslld	$25, %xmm7, %xmm2
 7657        vpxor	%xmm1, %xmm0, %xmm0
 7658        vpxor	%xmm2, %xmm0, %xmm0
 7659        vmovdqa	%xmm0, %xmm1
 7660        vpsrldq	$4, %xmm1, %xmm1
 7661        vpslldq	$12, %xmm0, %xmm0
 7662        vpxor	%xmm0, %xmm7, %xmm7
 7663        vpsrld	$0x01, %xmm7, %xmm2
 7664        vpsrld	$2, %xmm7, %xmm3
 7665        vpsrld	$7, %xmm7, %xmm0
 7666        vpxor	%xmm3, %xmm2, %xmm2
 7667        vpxor	%xmm0, %xmm2, %xmm2
 7668        vpxor	%xmm1, %xmm2, %xmm2
 7669        vpxor	%xmm7, %xmm2, %xmm2
 7670        vpxor	%xmm2, %xmm4, %xmm4
 7671        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 7672        #   Encrypt counter
 7673        vmovdqa	(%ebp), %xmm0
 7674        vpxor	%xmm4, %xmm0, %xmm0
 7675        vaesenc	16(%ebp), %xmm0, %xmm0
 7676        vaesenc	32(%ebp), %xmm0, %xmm0
 7677        vaesenc	48(%ebp), %xmm0, %xmm0
 7678        vaesenc	64(%ebp), %xmm0, %xmm0
 7679        vaesenc	80(%ebp), %xmm0, %xmm0
 7680        vaesenc	96(%ebp), %xmm0, %xmm0
 7681        vaesenc	112(%ebp), %xmm0, %xmm0
 7682        vaesenc	128(%ebp), %xmm0, %xmm0
 7683        vaesenc	144(%ebp), %xmm0, %xmm0
 7684        cmpl	$11, 40(%esp)
 7685        vmovdqa	160(%ebp), %xmm1
 7686        jl	L_AES_GCM_init_avx1_calc_iv_2_aesenc_avx_last
 7687        vaesenc	%xmm1, %xmm0, %xmm0
 7688        vaesenc	176(%ebp), %xmm0, %xmm0
 7689        cmpl	$13, 40(%esp)
 7690        vmovdqa	192(%ebp), %xmm1
 7691        jl	L_AES_GCM_init_avx1_calc_iv_2_aesenc_avx_last
 7692        vaesenc	%xmm1, %xmm0, %xmm0
 7693        vaesenc	208(%ebp), %xmm0, %xmm0
 7694        vmovdqa	224(%ebp), %xmm1
 7695L_AES_GCM_init_avx1_calc_iv_2_aesenc_avx_last:
 7696        vaesenclast	%xmm1, %xmm0, %xmm0
 7697        vmovdqu	%xmm0, (%edi)
 7698L_AES_GCM_init_avx1_iv_done:
 7699        movl	52(%esp), %ebp
 7700        movl	56(%esp), %edi
 7701        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm4, %xmm4
 7702        vpaddd	L_aes_gcm_avx1_one, %xmm4, %xmm4
 7703        vmovdqa	%xmm5, (%ebp)
 7704        vmovdqa	%xmm4, (%edi)
 7705        addl	$16, %esp
 7706        popl	%ebp
 7707        popl	%edi
 7708        popl	%esi
 7709        popl	%ebx
 7710        ret
 7711.size	AES_GCM_init_avx1,.-AES_GCM_init_avx1
 7712.text
 7713.globl	AES_GCM_aad_update_avx1
 7714.type	AES_GCM_aad_update_avx1,@function
 7715.align	16
 7716AES_GCM_aad_update_avx1:
 7717        pushl	%esi
 7718        pushl	%edi
 7719        movl	12(%esp), %esi
 7720        movl	16(%esp), %edx
 7721        movl	20(%esp), %edi
 7722        movl	24(%esp), %eax
 7723        vmovdqa	(%edi), %xmm5
 7724        vmovdqa	(%eax), %xmm6
 7725        xorl	%ecx, %ecx
 7726L_AES_GCM_aad_update_avx1_16_loop:
 7727        vmovdqu	(%esi,%ecx,1), %xmm0
 7728        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 7729        vpxor	%xmm0, %xmm5, %xmm5
 7730        # ghash_gfmul_avx
 7731        vpshufd	$0x4e, %xmm5, %xmm1
 7732        vpshufd	$0x4e, %xmm6, %xmm2
 7733        vpclmulqdq	$0x11, %xmm5, %xmm6, %xmm3
 7734        vpclmulqdq	$0x00, %xmm5, %xmm6, %xmm0
 7735        vpxor	%xmm5, %xmm1, %xmm1
 7736        vpxor	%xmm6, %xmm2, %xmm2
 7737        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 7738        vpxor	%xmm0, %xmm1, %xmm1
 7739        vpxor	%xmm3, %xmm1, %xmm1
 7740        vmovdqa	%xmm0, %xmm4
 7741        vmovdqa	%xmm3, %xmm5
 7742        vpslldq	$8, %xmm1, %xmm2
 7743        vpsrldq	$8, %xmm1, %xmm1
 7744        vpxor	%xmm2, %xmm4, %xmm4
 7745        vpxor	%xmm1, %xmm5, %xmm5
 7746        vpsrld	$31, %xmm4, %xmm0
 7747        vpsrld	$31, %xmm5, %xmm1
 7748        vpslld	$0x01, %xmm4, %xmm4
 7749        vpslld	$0x01, %xmm5, %xmm5
 7750        vpsrldq	$12, %xmm0, %xmm2
 7751        vpslldq	$4, %xmm0, %xmm0
 7752        vpslldq	$4, %xmm1, %xmm1
 7753        vpor	%xmm2, %xmm5, %xmm5
 7754        vpor	%xmm0, %xmm4, %xmm4
 7755        vpor	%xmm1, %xmm5, %xmm5
 7756        vpslld	$31, %xmm4, %xmm0
 7757        vpslld	$30, %xmm4, %xmm1
 7758        vpslld	$25, %xmm4, %xmm2
 7759        vpxor	%xmm1, %xmm0, %xmm0
 7760        vpxor	%xmm2, %xmm0, %xmm0
 7761        vmovdqa	%xmm0, %xmm1
 7762        vpsrldq	$4, %xmm1, %xmm1
 7763        vpslldq	$12, %xmm0, %xmm0
 7764        vpxor	%xmm0, %xmm4, %xmm4
 7765        vpsrld	$0x01, %xmm4, %xmm2
 7766        vpsrld	$2, %xmm4, %xmm3
 7767        vpsrld	$7, %xmm4, %xmm0
 7768        vpxor	%xmm3, %xmm2, %xmm2
 7769        vpxor	%xmm0, %xmm2, %xmm2
 7770        vpxor	%xmm1, %xmm2, %xmm2
 7771        vpxor	%xmm4, %xmm2, %xmm2
 7772        vpxor	%xmm2, %xmm5, %xmm5
 7773        addl	$16, %ecx
 7774        cmpl	%edx, %ecx
 7775        jl	L_AES_GCM_aad_update_avx1_16_loop
 7776        vmovdqa	%xmm5, (%edi)
 7777        popl	%edi
 7778        popl	%esi
 7779        ret
 7780.size	AES_GCM_aad_update_avx1,.-AES_GCM_aad_update_avx1
 7781.text
 7782.globl	AES_GCM_encrypt_block_avx1
 7783.type	AES_GCM_encrypt_block_avx1,@function
 7784.align	16
 7785AES_GCM_encrypt_block_avx1:
 7786        pushl	%esi
 7787        pushl	%edi
 7788        movl	12(%esp), %ecx
 7789        movl	16(%esp), %eax
 7790        movl	20(%esp), %edi
 7791        movl	24(%esp), %esi
 7792        movl	28(%esp), %edx
 7793        vmovdqu	(%edx), %xmm1
 7794        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm1, %xmm0
 7795        vpaddd	L_aes_gcm_avx1_one, %xmm1, %xmm1
 7796        vmovdqu	%xmm1, (%edx)
 7797        vpxor	(%ecx), %xmm0, %xmm0
 7798        vaesenc	16(%ecx), %xmm0, %xmm0
 7799        vaesenc	32(%ecx), %xmm0, %xmm0
 7800        vaesenc	48(%ecx), %xmm0, %xmm0
 7801        vaesenc	64(%ecx), %xmm0, %xmm0
 7802        vaesenc	80(%ecx), %xmm0, %xmm0
 7803        vaesenc	96(%ecx), %xmm0, %xmm0
 7804        vaesenc	112(%ecx), %xmm0, %xmm0
 7805        vaesenc	128(%ecx), %xmm0, %xmm0
 7806        vaesenc	144(%ecx), %xmm0, %xmm0
 7807        cmpl	$11, %eax
 7808        vmovdqa	160(%ecx), %xmm1
 7809        jl	L_AES_GCM_encrypt_block_avx1_aesenc_block_aesenc_avx_last
 7810        vaesenc	%xmm1, %xmm0, %xmm0
 7811        vaesenc	176(%ecx), %xmm0, %xmm0
 7812        cmpl	$13, %eax
 7813        vmovdqa	192(%ecx), %xmm1
 7814        jl	L_AES_GCM_encrypt_block_avx1_aesenc_block_aesenc_avx_last
 7815        vaesenc	%xmm1, %xmm0, %xmm0
 7816        vaesenc	208(%ecx), %xmm0, %xmm0
 7817        vmovdqa	224(%ecx), %xmm1
 7818L_AES_GCM_encrypt_block_avx1_aesenc_block_aesenc_avx_last:
 7819        vaesenclast	%xmm1, %xmm0, %xmm0
 7820        vmovdqu	(%esi), %xmm1
 7821        vpxor	%xmm1, %xmm0, %xmm0
 7822        vmovdqu	%xmm0, (%edi)
 7823        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 7824        popl	%edi
 7825        popl	%esi
 7826        ret
 7827.size	AES_GCM_encrypt_block_avx1,.-AES_GCM_encrypt_block_avx1
 7828.text
 7829.globl	AES_GCM_ghash_block_avx1
 7830.type	AES_GCM_ghash_block_avx1,@function
 7831.align	16
 7832AES_GCM_ghash_block_avx1:
 7833        movl	4(%esp), %edx
 7834        movl	8(%esp), %eax
 7835        movl	12(%esp), %ecx
 7836        vmovdqa	(%eax), %xmm4
 7837        vmovdqa	(%ecx), %xmm5
 7838        vmovdqu	(%edx), %xmm0
 7839        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 7840        vpxor	%xmm0, %xmm4, %xmm4
 7841        # ghash_gfmul_avx
 7842        vpshufd	$0x4e, %xmm4, %xmm1
 7843        vpshufd	$0x4e, %xmm5, %xmm2
 7844        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
 7845        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
 7846        vpxor	%xmm4, %xmm1, %xmm1
 7847        vpxor	%xmm5, %xmm2, %xmm2
 7848        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 7849        vpxor	%xmm0, %xmm1, %xmm1
 7850        vpxor	%xmm3, %xmm1, %xmm1
 7851        vmovdqa	%xmm0, %xmm6
 7852        vmovdqa	%xmm3, %xmm4
 7853        vpslldq	$8, %xmm1, %xmm2
 7854        vpsrldq	$8, %xmm1, %xmm1
 7855        vpxor	%xmm2, %xmm6, %xmm6
 7856        vpxor	%xmm1, %xmm4, %xmm4
 7857        vpsrld	$31, %xmm6, %xmm0
 7858        vpsrld	$31, %xmm4, %xmm1
 7859        vpslld	$0x01, %xmm6, %xmm6
 7860        vpslld	$0x01, %xmm4, %xmm4
 7861        vpsrldq	$12, %xmm0, %xmm2
 7862        vpslldq	$4, %xmm0, %xmm0
 7863        vpslldq	$4, %xmm1, %xmm1
 7864        vpor	%xmm2, %xmm4, %xmm4
 7865        vpor	%xmm0, %xmm6, %xmm6
 7866        vpor	%xmm1, %xmm4, %xmm4
 7867        vpslld	$31, %xmm6, %xmm0
 7868        vpslld	$30, %xmm6, %xmm1
 7869        vpslld	$25, %xmm6, %xmm2
 7870        vpxor	%xmm1, %xmm0, %xmm0
 7871        vpxor	%xmm2, %xmm0, %xmm0
 7872        vmovdqa	%xmm0, %xmm1
 7873        vpsrldq	$4, %xmm1, %xmm1
 7874        vpslldq	$12, %xmm0, %xmm0
 7875        vpxor	%xmm0, %xmm6, %xmm6
 7876        vpsrld	$0x01, %xmm6, %xmm2
 7877        vpsrld	$2, %xmm6, %xmm3
 7878        vpsrld	$7, %xmm6, %xmm0
 7879        vpxor	%xmm3, %xmm2, %xmm2
 7880        vpxor	%xmm0, %xmm2, %xmm2
 7881        vpxor	%xmm1, %xmm2, %xmm2
 7882        vpxor	%xmm6, %xmm2, %xmm2
 7883        vpxor	%xmm2, %xmm4, %xmm4
 7884        vmovdqa	%xmm4, (%eax)
 7885        ret
 7886.size	AES_GCM_ghash_block_avx1,.-AES_GCM_ghash_block_avx1
 7887.text
 7888.globl	AES_GCM_encrypt_update_avx1
 7889.type	AES_GCM_encrypt_update_avx1,@function
 7890.align	16
 7891AES_GCM_encrypt_update_avx1:
 7892        pushl	%ebx
 7893        pushl	%esi
 7894        pushl	%edi
 7895        pushl	%ebp
 7896        subl	$0x60, %esp
 7897        movl	144(%esp), %esi
 7898        vmovdqa	(%esi), %xmm4
 7899        vmovdqu	%xmm4, 64(%esp)
 7900        movl	136(%esp), %esi
 7901        movl	140(%esp), %ebp
 7902        vmovdqa	(%esi), %xmm6
 7903        vmovdqa	(%ebp), %xmm5
 7904        vmovdqu	%xmm6, 80(%esp)
 7905        movl	116(%esp), %ebp
 7906        movl	124(%esp), %edi
 7907        movl	128(%esp), %esi
 7908        vpsrlq	$63, %xmm5, %xmm1
 7909        vpsllq	$0x01, %xmm5, %xmm0
 7910        vpslldq	$8, %xmm1, %xmm1
 7911        vpor	%xmm1, %xmm0, %xmm0
 7912        vpshufd	$0xff, %xmm5, %xmm5
 7913        vpsrad	$31, %xmm5, %xmm5
 7914        vpand	L_aes_gcm_avx1_mod2_128, %xmm5, %xmm5
 7915        vpxor	%xmm0, %xmm5, %xmm5
 7916        xorl	%ebx, %ebx
 7917        cmpl	$0x40, 132(%esp)
 7918        movl	132(%esp), %eax
 7919        jl	L_AES_GCM_encrypt_update_avx1_done_64
 7920        andl	$0xffffffc0, %eax
 7921        vmovdqa	%xmm6, %xmm2
 7922        # H ^ 1
 7923        vmovdqu	%xmm5, (%esp)
 7924        # H ^ 2
 7925        vpclmulqdq	$0x00, %xmm5, %xmm5, %xmm0
 7926        vpclmulqdq	$0x11, %xmm5, %xmm5, %xmm4
 7927        vpslld	$31, %xmm0, %xmm1
 7928        vpslld	$30, %xmm0, %xmm2
 7929        vpslld	$25, %xmm0, %xmm3
 7930        vpxor	%xmm2, %xmm1, %xmm1
 7931        vpxor	%xmm3, %xmm1, %xmm1
 7932        vpsrldq	$4, %xmm1, %xmm3
 7933        vpslldq	$12, %xmm1, %xmm1
 7934        vpxor	%xmm1, %xmm0, %xmm0
 7935        vpsrld	$0x01, %xmm0, %xmm1
 7936        vpsrld	$2, %xmm0, %xmm2
 7937        vpxor	%xmm2, %xmm1, %xmm1
 7938        vpxor	%xmm0, %xmm1, %xmm1
 7939        vpsrld	$7, %xmm0, %xmm0
 7940        vpxor	%xmm3, %xmm1, %xmm1
 7941        vpxor	%xmm0, %xmm1, %xmm1
 7942        vpxor	%xmm1, %xmm4, %xmm4
 7943        vmovdqu	%xmm4, 16(%esp)
 7944        # H ^ 3
 7945        # ghash_gfmul_red_avx
 7946        vpshufd	$0x4e, %xmm5, %xmm1
 7947        vpshufd	$0x4e, %xmm4, %xmm2
 7948        vpclmulqdq	$0x11, %xmm5, %xmm4, %xmm3
 7949        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm0
 7950        vpxor	%xmm5, %xmm1, %xmm1
 7951        vpxor	%xmm4, %xmm2, %xmm2
 7952        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 7953        vpxor	%xmm0, %xmm1, %xmm1
 7954        vpxor	%xmm3, %xmm1, %xmm1
 7955        vpslldq	$8, %xmm1, %xmm2
 7956        vpsrldq	$8, %xmm1, %xmm1
 7957        vpxor	%xmm2, %xmm0, %xmm0
 7958        vpxor	%xmm1, %xmm3, %xmm7
 7959        vpslld	$31, %xmm0, %xmm1
 7960        vpslld	$30, %xmm0, %xmm2
 7961        vpslld	$25, %xmm0, %xmm3
 7962        vpxor	%xmm2, %xmm1, %xmm1
 7963        vpxor	%xmm3, %xmm1, %xmm1
 7964        vpsrldq	$4, %xmm1, %xmm3
 7965        vpslldq	$12, %xmm1, %xmm1
 7966        vpxor	%xmm1, %xmm0, %xmm0
 7967        vpsrld	$0x01, %xmm0, %xmm1
 7968        vpsrld	$2, %xmm0, %xmm2
 7969        vpxor	%xmm2, %xmm1, %xmm1
 7970        vpxor	%xmm0, %xmm1, %xmm1
 7971        vpsrld	$7, %xmm0, %xmm0
 7972        vpxor	%xmm3, %xmm1, %xmm1
 7973        vpxor	%xmm0, %xmm1, %xmm1
 7974        vpxor	%xmm1, %xmm7, %xmm7
 7975        vmovdqu	%xmm7, 32(%esp)
 7976        # H ^ 4
 7977        vpclmulqdq	$0x00, %xmm4, %xmm4, %xmm0
 7978        vpclmulqdq	$0x11, %xmm4, %xmm4, %xmm7
 7979        vpslld	$31, %xmm0, %xmm1
 7980        vpslld	$30, %xmm0, %xmm2
 7981        vpslld	$25, %xmm0, %xmm3
 7982        vpxor	%xmm2, %xmm1, %xmm1
 7983        vpxor	%xmm3, %xmm1, %xmm1
 7984        vpsrldq	$4, %xmm1, %xmm3
 7985        vpslldq	$12, %xmm1, %xmm1
 7986        vpxor	%xmm1, %xmm0, %xmm0
 7987        vpsrld	$0x01, %xmm0, %xmm1
 7988        vpsrld	$2, %xmm0, %xmm2
 7989        vpxor	%xmm2, %xmm1, %xmm1
 7990        vpxor	%xmm0, %xmm1, %xmm1
 7991        vpsrld	$7, %xmm0, %xmm0
 7992        vpxor	%xmm3, %xmm1, %xmm1
 7993        vpxor	%xmm0, %xmm1, %xmm1
 7994        vpxor	%xmm1, %xmm7, %xmm7
 7995        vmovdqu	%xmm7, 48(%esp)
 7996        # First 64 bytes of input
 7997        vmovdqu	64(%esp), %xmm0
 7998        vmovdqa	L_aes_gcm_avx1_bswap_epi64, %xmm7
 7999        vpaddd	L_aes_gcm_avx1_one, %xmm0, %xmm1
 8000        vpshufb	%xmm7, %xmm1, %xmm1
 8001        vpaddd	L_aes_gcm_avx1_two, %xmm0, %xmm2
 8002        vpshufb	%xmm7, %xmm2, %xmm2
 8003        vpaddd	L_aes_gcm_avx1_three, %xmm0, %xmm3
 8004        vpshufb	%xmm7, %xmm3, %xmm3
 8005        vpshufb	%xmm7, %xmm0, %xmm0
 8006        vmovdqu	64(%esp), %xmm7
 8007        vpaddd	L_aes_gcm_avx1_four, %xmm7, %xmm7
 8008        vmovdqu	%xmm7, 64(%esp)
 8009        vmovdqa	(%ebp), %xmm7
 8010        vpxor	%xmm7, %xmm0, %xmm0
 8011        vpxor	%xmm7, %xmm1, %xmm1
 8012        vpxor	%xmm7, %xmm2, %xmm2
 8013        vpxor	%xmm7, %xmm3, %xmm3
 8014        vmovdqa	16(%ebp), %xmm7
 8015        vaesenc	%xmm7, %xmm0, %xmm0
 8016        vaesenc	%xmm7, %xmm1, %xmm1
 8017        vaesenc	%xmm7, %xmm2, %xmm2
 8018        vaesenc	%xmm7, %xmm3, %xmm3
 8019        vmovdqa	32(%ebp), %xmm7
 8020        vaesenc	%xmm7, %xmm0, %xmm0
 8021        vaesenc	%xmm7, %xmm1, %xmm1
 8022        vaesenc	%xmm7, %xmm2, %xmm2
 8023        vaesenc	%xmm7, %xmm3, %xmm3
 8024        vmovdqa	48(%ebp), %xmm7
 8025        vaesenc	%xmm7, %xmm0, %xmm0
 8026        vaesenc	%xmm7, %xmm1, %xmm1
 8027        vaesenc	%xmm7, %xmm2, %xmm2
 8028        vaesenc	%xmm7, %xmm3, %xmm3
 8029        vmovdqa	64(%ebp), %xmm7
 8030        vaesenc	%xmm7, %xmm0, %xmm0
 8031        vaesenc	%xmm7, %xmm1, %xmm1
 8032        vaesenc	%xmm7, %xmm2, %xmm2
 8033        vaesenc	%xmm7, %xmm3, %xmm3
 8034        vmovdqa	80(%ebp), %xmm7
 8035        vaesenc	%xmm7, %xmm0, %xmm0
 8036        vaesenc	%xmm7, %xmm1, %xmm1
 8037        vaesenc	%xmm7, %xmm2, %xmm2
 8038        vaesenc	%xmm7, %xmm3, %xmm3
 8039        vmovdqa	96(%ebp), %xmm7
 8040        vaesenc	%xmm7, %xmm0, %xmm0
 8041        vaesenc	%xmm7, %xmm1, %xmm1
 8042        vaesenc	%xmm7, %xmm2, %xmm2
 8043        vaesenc	%xmm7, %xmm3, %xmm3
 8044        vmovdqa	112(%ebp), %xmm7
 8045        vaesenc	%xmm7, %xmm0, %xmm0
 8046        vaesenc	%xmm7, %xmm1, %xmm1
 8047        vaesenc	%xmm7, %xmm2, %xmm2
 8048        vaesenc	%xmm7, %xmm3, %xmm3
 8049        vmovdqa	128(%ebp), %xmm7
 8050        vaesenc	%xmm7, %xmm0, %xmm0
 8051        vaesenc	%xmm7, %xmm1, %xmm1
 8052        vaesenc	%xmm7, %xmm2, %xmm2
 8053        vaesenc	%xmm7, %xmm3, %xmm3
 8054        vmovdqa	144(%ebp), %xmm7
 8055        vaesenc	%xmm7, %xmm0, %xmm0
 8056        vaesenc	%xmm7, %xmm1, %xmm1
 8057        vaesenc	%xmm7, %xmm2, %xmm2
 8058        vaesenc	%xmm7, %xmm3, %xmm3
 8059        cmpl	$11, 120(%esp)
 8060        vmovdqa	160(%ebp), %xmm7
 8061        jl	L_AES_GCM_encrypt_update_avx1_aesenc_64_enc_done
 8062        vaesenc	%xmm7, %xmm0, %xmm0
 8063        vaesenc	%xmm7, %xmm1, %xmm1
 8064        vaesenc	%xmm7, %xmm2, %xmm2
 8065        vaesenc	%xmm7, %xmm3, %xmm3
 8066        vmovdqa	176(%ebp), %xmm7
 8067        vaesenc	%xmm7, %xmm0, %xmm0
 8068        vaesenc	%xmm7, %xmm1, %xmm1
 8069        vaesenc	%xmm7, %xmm2, %xmm2
 8070        vaesenc	%xmm7, %xmm3, %xmm3
 8071        cmpl	$13, 120(%esp)
 8072        vmovdqa	192(%ebp), %xmm7
 8073        jl	L_AES_GCM_encrypt_update_avx1_aesenc_64_enc_done
 8074        vaesenc	%xmm7, %xmm0, %xmm0
 8075        vaesenc	%xmm7, %xmm1, %xmm1
 8076        vaesenc	%xmm7, %xmm2, %xmm2
 8077        vaesenc	%xmm7, %xmm3, %xmm3
 8078        vmovdqa	208(%ebp), %xmm7
 8079        vaesenc	%xmm7, %xmm0, %xmm0
 8080        vaesenc	%xmm7, %xmm1, %xmm1
 8081        vaesenc	%xmm7, %xmm2, %xmm2
 8082        vaesenc	%xmm7, %xmm3, %xmm3
 8083        vmovdqa	224(%ebp), %xmm7
 8084L_AES_GCM_encrypt_update_avx1_aesenc_64_enc_done:
 8085        vaesenclast	%xmm7, %xmm0, %xmm0
 8086        vaesenclast	%xmm7, %xmm1, %xmm1
 8087        vmovdqu	(%esi), %xmm4
 8088        vmovdqu	16(%esi), %xmm5
 8089        vpxor	%xmm4, %xmm0, %xmm0
 8090        vpxor	%xmm5, %xmm1, %xmm1
 8091        vmovdqu	%xmm4, (%esi)
 8092        vmovdqu	%xmm5, 16(%esi)
 8093        vmovdqu	%xmm0, (%edi)
 8094        vmovdqu	%xmm1, 16(%edi)
 8095        vaesenclast	%xmm7, %xmm2, %xmm2
 8096        vaesenclast	%xmm7, %xmm3, %xmm3
 8097        vmovdqu	32(%esi), %xmm4
 8098        vmovdqu	48(%esi), %xmm5
 8099        vpxor	%xmm4, %xmm2, %xmm2
 8100        vpxor	%xmm5, %xmm3, %xmm3
 8101        vmovdqu	%xmm4, 32(%esi)
 8102        vmovdqu	%xmm5, 48(%esi)
 8103        vmovdqu	%xmm2, 32(%edi)
 8104        vmovdqu	%xmm3, 48(%edi)
 8105        cmpl	$0x40, %eax
 8106        movl	$0x40, %ebx
 8107        movl	%esi, %ecx
 8108        movl	%edi, %edx
 8109        jle	L_AES_GCM_encrypt_update_avx1_end_64
 8110        # More 64 bytes of input
 8111L_AES_GCM_encrypt_update_avx1_ghash_64:
 8112        leal	(%esi,%ebx,1), %ecx
 8113        leal	(%edi,%ebx,1), %edx
 8114        vmovdqu	64(%esp), %xmm0
 8115        vmovdqa	L_aes_gcm_avx1_bswap_epi64, %xmm7
 8116        vpaddd	L_aes_gcm_avx1_one, %xmm0, %xmm1
 8117        vpshufb	%xmm7, %xmm1, %xmm1
 8118        vpaddd	L_aes_gcm_avx1_two, %xmm0, %xmm2
 8119        vpshufb	%xmm7, %xmm2, %xmm2
 8120        vpaddd	L_aes_gcm_avx1_three, %xmm0, %xmm3
 8121        vpshufb	%xmm7, %xmm3, %xmm3
 8122        vpshufb	%xmm7, %xmm0, %xmm0
 8123        vmovdqu	64(%esp), %xmm7
 8124        vpaddd	L_aes_gcm_avx1_four, %xmm7, %xmm7
 8125        vmovdqu	%xmm7, 64(%esp)
 8126        vmovdqa	(%ebp), %xmm7
 8127        vpxor	%xmm7, %xmm0, %xmm0
 8128        vpxor	%xmm7, %xmm1, %xmm1
 8129        vpxor	%xmm7, %xmm2, %xmm2
 8130        vpxor	%xmm7, %xmm3, %xmm3
 8131        vmovdqa	16(%ebp), %xmm7
 8132        vaesenc	%xmm7, %xmm0, %xmm0
 8133        vaesenc	%xmm7, %xmm1, %xmm1
 8134        vaesenc	%xmm7, %xmm2, %xmm2
 8135        vaesenc	%xmm7, %xmm3, %xmm3
 8136        vmovdqa	32(%ebp), %xmm7
 8137        vaesenc	%xmm7, %xmm0, %xmm0
 8138        vaesenc	%xmm7, %xmm1, %xmm1
 8139        vaesenc	%xmm7, %xmm2, %xmm2
 8140        vaesenc	%xmm7, %xmm3, %xmm3
 8141        vmovdqa	48(%ebp), %xmm7
 8142        vaesenc	%xmm7, %xmm0, %xmm0
 8143        vaesenc	%xmm7, %xmm1, %xmm1
 8144        vaesenc	%xmm7, %xmm2, %xmm2
 8145        vaesenc	%xmm7, %xmm3, %xmm3
 8146        vmovdqa	64(%ebp), %xmm7
 8147        vaesenc	%xmm7, %xmm0, %xmm0
 8148        vaesenc	%xmm7, %xmm1, %xmm1
 8149        vaesenc	%xmm7, %xmm2, %xmm2
 8150        vaesenc	%xmm7, %xmm3, %xmm3
 8151        vmovdqa	80(%ebp), %xmm7
 8152        vaesenc	%xmm7, %xmm0, %xmm0
 8153        vaesenc	%xmm7, %xmm1, %xmm1
 8154        vaesenc	%xmm7, %xmm2, %xmm2
 8155        vaesenc	%xmm7, %xmm3, %xmm3
 8156        vmovdqa	96(%ebp), %xmm7
 8157        vaesenc	%xmm7, %xmm0, %xmm0
 8158        vaesenc	%xmm7, %xmm1, %xmm1
 8159        vaesenc	%xmm7, %xmm2, %xmm2
 8160        vaesenc	%xmm7, %xmm3, %xmm3
 8161        vmovdqa	112(%ebp), %xmm7
 8162        vaesenc	%xmm7, %xmm0, %xmm0
 8163        vaesenc	%xmm7, %xmm1, %xmm1
 8164        vaesenc	%xmm7, %xmm2, %xmm2
 8165        vaesenc	%xmm7, %xmm3, %xmm3
 8166        vmovdqa	128(%ebp), %xmm7
 8167        vaesenc	%xmm7, %xmm0, %xmm0
 8168        vaesenc	%xmm7, %xmm1, %xmm1
 8169        vaesenc	%xmm7, %xmm2, %xmm2
 8170        vaesenc	%xmm7, %xmm3, %xmm3
 8171        vmovdqa	144(%ebp), %xmm7
 8172        vaesenc	%xmm7, %xmm0, %xmm0
 8173        vaesenc	%xmm7, %xmm1, %xmm1
 8174        vaesenc	%xmm7, %xmm2, %xmm2
 8175        vaesenc	%xmm7, %xmm3, %xmm3
 8176        cmpl	$11, 120(%esp)
 8177        vmovdqa	160(%ebp), %xmm7
 8178        jl	L_AES_GCM_encrypt_update_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done
 8179        vaesenc	%xmm7, %xmm0, %xmm0
 8180        vaesenc	%xmm7, %xmm1, %xmm1
 8181        vaesenc	%xmm7, %xmm2, %xmm2
 8182        vaesenc	%xmm7, %xmm3, %xmm3
 8183        vmovdqa	176(%ebp), %xmm7
 8184        vaesenc	%xmm7, %xmm0, %xmm0
 8185        vaesenc	%xmm7, %xmm1, %xmm1
 8186        vaesenc	%xmm7, %xmm2, %xmm2
 8187        vaesenc	%xmm7, %xmm3, %xmm3
 8188        cmpl	$13, 120(%esp)
 8189        vmovdqa	192(%ebp), %xmm7
 8190        jl	L_AES_GCM_encrypt_update_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done
 8191        vaesenc	%xmm7, %xmm0, %xmm0
 8192        vaesenc	%xmm7, %xmm1, %xmm1
 8193        vaesenc	%xmm7, %xmm2, %xmm2
 8194        vaesenc	%xmm7, %xmm3, %xmm3
 8195        vmovdqa	208(%ebp), %xmm7
 8196        vaesenc	%xmm7, %xmm0, %xmm0
 8197        vaesenc	%xmm7, %xmm1, %xmm1
 8198        vaesenc	%xmm7, %xmm2, %xmm2
 8199        vaesenc	%xmm7, %xmm3, %xmm3
 8200        vmovdqa	224(%ebp), %xmm7
 8201L_AES_GCM_encrypt_update_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done:
 8202        vaesenclast	%xmm7, %xmm0, %xmm0
 8203        vaesenclast	%xmm7, %xmm1, %xmm1
 8204        vmovdqu	(%ecx), %xmm4
 8205        vmovdqu	16(%ecx), %xmm5
 8206        vpxor	%xmm4, %xmm0, %xmm0
 8207        vpxor	%xmm5, %xmm1, %xmm1
 8208        vmovdqu	%xmm0, (%edx)
 8209        vmovdqu	%xmm1, 16(%edx)
 8210        vaesenclast	%xmm7, %xmm2, %xmm2
 8211        vaesenclast	%xmm7, %xmm3, %xmm3
 8212        vmovdqu	32(%ecx), %xmm4
 8213        vmovdqu	48(%ecx), %xmm5
 8214        vpxor	%xmm4, %xmm2, %xmm2
 8215        vpxor	%xmm5, %xmm3, %xmm3
 8216        vmovdqu	%xmm2, 32(%edx)
 8217        vmovdqu	%xmm3, 48(%edx)
 8218        # ghash encrypted counter
 8219        vmovdqu	80(%esp), %xmm2
 8220        vmovdqu	48(%esp), %xmm7
 8221        vmovdqu	-64(%edx), %xmm0
 8222        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 8223        vpxor	%xmm2, %xmm0, %xmm0
 8224        vpshufd	$0x4e, %xmm7, %xmm1
 8225        vpshufd	$0x4e, %xmm0, %xmm5
 8226        vpxor	%xmm7, %xmm1, %xmm1
 8227        vpxor	%xmm0, %xmm5, %xmm5
 8228        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm3
 8229        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm2
 8230        vpclmulqdq	$0x00, %xmm5, %xmm1, %xmm1
 8231        vpxor	%xmm2, %xmm1, %xmm1
 8232        vpxor	%xmm3, %xmm1, %xmm1
 8233        vmovdqu	32(%esp), %xmm7
 8234        vmovdqu	-48(%edx), %xmm0
 8235        vpshufd	$0x4e, %xmm7, %xmm4
 8236        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 8237        vpxor	%xmm7, %xmm4, %xmm4
 8238        vpshufd	$0x4e, %xmm0, %xmm5
 8239        vpxor	%xmm0, %xmm5, %xmm5
 8240        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm6
 8241        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm7
 8242        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm4
 8243        vpxor	%xmm7, %xmm1, %xmm1
 8244        vpxor	%xmm7, %xmm2, %xmm2
 8245        vpxor	%xmm6, %xmm1, %xmm1
 8246        vpxor	%xmm6, %xmm3, %xmm3
 8247        vpxor	%xmm4, %xmm1, %xmm1
 8248        vmovdqu	16(%esp), %xmm7
 8249        vmovdqu	-32(%edx), %xmm0
 8250        vpshufd	$0x4e, %xmm7, %xmm4
 8251        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 8252        vpxor	%xmm7, %xmm4, %xmm4
 8253        vpshufd	$0x4e, %xmm0, %xmm5
 8254        vpxor	%xmm0, %xmm5, %xmm5
 8255        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm6
 8256        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm7
 8257        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm4
 8258        vpxor	%xmm7, %xmm1, %xmm1
 8259        vpxor	%xmm7, %xmm2, %xmm2
 8260        vpxor	%xmm6, %xmm1, %xmm1
 8261        vpxor	%xmm6, %xmm3, %xmm3
 8262        vpxor	%xmm4, %xmm1, %xmm1
 8263        vmovdqu	(%esp), %xmm7
 8264        vmovdqu	-16(%edx), %xmm0
 8265        vpshufd	$0x4e, %xmm7, %xmm4
 8266        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 8267        vpxor	%xmm7, %xmm4, %xmm4
 8268        vpshufd	$0x4e, %xmm0, %xmm5
 8269        vpxor	%xmm0, %xmm5, %xmm5
 8270        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm6
 8271        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm7
 8272        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm4
 8273        vpxor	%xmm7, %xmm1, %xmm1
 8274        vpxor	%xmm7, %xmm2, %xmm2
 8275        vpxor	%xmm6, %xmm1, %xmm1
 8276        vpxor	%xmm6, %xmm3, %xmm3
 8277        vpxor	%xmm4, %xmm1, %xmm1
 8278        vpslldq	$8, %xmm1, %xmm5
 8279        vpsrldq	$8, %xmm1, %xmm1
 8280        vpxor	%xmm5, %xmm2, %xmm2
 8281        vpxor	%xmm1, %xmm3, %xmm3
 8282        vpslld	$31, %xmm2, %xmm7
 8283        vpslld	$30, %xmm2, %xmm4
 8284        vpslld	$25, %xmm2, %xmm5
 8285        vpxor	%xmm4, %xmm7, %xmm7
 8286        vpxor	%xmm5, %xmm7, %xmm7
 8287        vpsrldq	$4, %xmm7, %xmm4
 8288        vpslldq	$12, %xmm7, %xmm7
 8289        vpxor	%xmm7, %xmm2, %xmm2
 8290        vpsrld	$0x01, %xmm2, %xmm5
 8291        vpsrld	$2, %xmm2, %xmm1
 8292        vpsrld	$7, %xmm2, %xmm0
 8293        vpxor	%xmm1, %xmm5, %xmm5
 8294        vpxor	%xmm0, %xmm5, %xmm5
 8295        vpxor	%xmm4, %xmm5, %xmm5
 8296        vpxor	%xmm5, %xmm2, %xmm2
 8297        vpxor	%xmm3, %xmm2, %xmm2
 8298        vmovdqu	%xmm2, 80(%esp)
 8299        addl	$0x40, %ebx
 8300        cmpl	%eax, %ebx
 8301        jl	L_AES_GCM_encrypt_update_avx1_ghash_64
 8302L_AES_GCM_encrypt_update_avx1_end_64:
 8303        movdqu	80(%esp), %xmm6
 8304        # Block 1
 8305        vmovdqa	L_aes_gcm_avx1_bswap_mask, %xmm0
 8306        vmovdqu	(%edx), %xmm5
 8307        pshufb	%xmm0, %xmm5
 8308        vmovdqu	48(%esp), %xmm7
 8309        pxor	%xmm6, %xmm5
 8310        # ghash_gfmul_avx
 8311        vpshufd	$0x4e, %xmm5, %xmm1
 8312        vpshufd	$0x4e, %xmm7, %xmm2
 8313        vpclmulqdq	$0x11, %xmm5, %xmm7, %xmm3
 8314        vpclmulqdq	$0x00, %xmm5, %xmm7, %xmm0
 8315        vpxor	%xmm5, %xmm1, %xmm1
 8316        vpxor	%xmm7, %xmm2, %xmm2
 8317        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 8318        vpxor	%xmm0, %xmm1, %xmm1
 8319        vpxor	%xmm3, %xmm1, %xmm1
 8320        vmovdqa	%xmm0, %xmm4
 8321        vmovdqa	%xmm3, %xmm6
 8322        vpslldq	$8, %xmm1, %xmm2
 8323        vpsrldq	$8, %xmm1, %xmm1
 8324        vpxor	%xmm2, %xmm4, %xmm4
 8325        vpxor	%xmm1, %xmm6, %xmm6
 8326        # Block 2
 8327        vmovdqa	L_aes_gcm_avx1_bswap_mask, %xmm0
 8328        vmovdqu	16(%edx), %xmm5
 8329        pshufb	%xmm0, %xmm5
 8330        vmovdqu	32(%esp), %xmm7
 8331        # ghash_gfmul_xor_avx
 8332        vpshufd	$0x4e, %xmm5, %xmm1
 8333        vpshufd	$0x4e, %xmm7, %xmm2
 8334        vpclmulqdq	$0x11, %xmm5, %xmm7, %xmm3
 8335        vpclmulqdq	$0x00, %xmm5, %xmm7, %xmm0
 8336        vpxor	%xmm5, %xmm1, %xmm1
 8337        vpxor	%xmm7, %xmm2, %xmm2
 8338        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 8339        vpxor	%xmm0, %xmm1, %xmm1
 8340        vpxor	%xmm3, %xmm1, %xmm1
 8341        vpxor	%xmm0, %xmm4, %xmm4
 8342        vpxor	%xmm3, %xmm6, %xmm6
 8343        vpslldq	$8, %xmm1, %xmm2
 8344        vpsrldq	$8, %xmm1, %xmm1
 8345        vpxor	%xmm2, %xmm4, %xmm4
 8346        vpxor	%xmm1, %xmm6, %xmm6
 8347        # Block 3
 8348        vmovdqa	L_aes_gcm_avx1_bswap_mask, %xmm0
 8349        vmovdqu	32(%edx), %xmm5
 8350        pshufb	%xmm0, %xmm5
 8351        vmovdqu	16(%esp), %xmm7
 8352        # ghash_gfmul_xor_avx
 8353        vpshufd	$0x4e, %xmm5, %xmm1
 8354        vpshufd	$0x4e, %xmm7, %xmm2
 8355        vpclmulqdq	$0x11, %xmm5, %xmm7, %xmm3
 8356        vpclmulqdq	$0x00, %xmm5, %xmm7, %xmm0
 8357        vpxor	%xmm5, %xmm1, %xmm1
 8358        vpxor	%xmm7, %xmm2, %xmm2
 8359        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 8360        vpxor	%xmm0, %xmm1, %xmm1
 8361        vpxor	%xmm3, %xmm1, %xmm1
 8362        vpxor	%xmm0, %xmm4, %xmm4
 8363        vpxor	%xmm3, %xmm6, %xmm6
 8364        vpslldq	$8, %xmm1, %xmm2
 8365        vpsrldq	$8, %xmm1, %xmm1
 8366        vpxor	%xmm2, %xmm4, %xmm4
 8367        vpxor	%xmm1, %xmm6, %xmm6
 8368        # Block 4
 8369        vmovdqa	L_aes_gcm_avx1_bswap_mask, %xmm0
 8370        vmovdqu	48(%edx), %xmm5
 8371        pshufb	%xmm0, %xmm5
 8372        vmovdqu	(%esp), %xmm7
 8373        # ghash_gfmul_xor_avx
 8374        vpshufd	$0x4e, %xmm5, %xmm1
 8375        vpshufd	$0x4e, %xmm7, %xmm2
 8376        vpclmulqdq	$0x11, %xmm5, %xmm7, %xmm3
 8377        vpclmulqdq	$0x00, %xmm5, %xmm7, %xmm0
 8378        vpxor	%xmm5, %xmm1, %xmm1
 8379        vpxor	%xmm7, %xmm2, %xmm2
 8380        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 8381        vpxor	%xmm0, %xmm1, %xmm1
 8382        vpxor	%xmm3, %xmm1, %xmm1
 8383        vpxor	%xmm0, %xmm4, %xmm4
 8384        vpxor	%xmm3, %xmm6, %xmm6
 8385        vpslldq	$8, %xmm1, %xmm2
 8386        vpsrldq	$8, %xmm1, %xmm1
 8387        vpxor	%xmm2, %xmm4, %xmm4
 8388        vpxor	%xmm1, %xmm6, %xmm6
 8389        vpslld	$31, %xmm4, %xmm0
 8390        vpslld	$30, %xmm4, %xmm1
 8391        vpslld	$25, %xmm4, %xmm2
 8392        vpxor	%xmm1, %xmm0, %xmm0
 8393        vpxor	%xmm2, %xmm0, %xmm0
 8394        vmovdqa	%xmm0, %xmm1
 8395        vpsrldq	$4, %xmm1, %xmm1
 8396        vpslldq	$12, %xmm0, %xmm0
 8397        vpxor	%xmm0, %xmm4, %xmm4
 8398        vpsrld	$0x01, %xmm4, %xmm2
 8399        vpsrld	$2, %xmm4, %xmm3
 8400        vpsrld	$7, %xmm4, %xmm0
 8401        vpxor	%xmm3, %xmm2, %xmm2
 8402        vpxor	%xmm0, %xmm2, %xmm2
 8403        vpxor	%xmm1, %xmm2, %xmm2
 8404        vpxor	%xmm4, %xmm2, %xmm2
 8405        vpxor	%xmm2, %xmm6, %xmm6
 8406        vmovdqu	(%esp), %xmm5
 8407L_AES_GCM_encrypt_update_avx1_done_64:
 8408        movl	132(%esp), %edx
 8409        cmpl	%edx, %ebx
 8410        jge	L_AES_GCM_encrypt_update_avx1_done_enc
 8411        movl	132(%esp), %eax
 8412        andl	$0xfffffff0, %eax
 8413        cmpl	%eax, %ebx
 8414        jge	L_AES_GCM_encrypt_update_avx1_last_block_done
 8415        leal	(%esi,%ebx,1), %ecx
 8416        leal	(%edi,%ebx,1), %edx
 8417        vmovdqu	64(%esp), %xmm1
 8418        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm1, %xmm0
 8419        vpaddd	L_aes_gcm_avx1_one, %xmm1, %xmm1
 8420        vmovdqu	%xmm1, 64(%esp)
 8421        vpxor	(%ebp), %xmm0, %xmm0
 8422        vaesenc	16(%ebp), %xmm0, %xmm0
 8423        vaesenc	32(%ebp), %xmm0, %xmm0
 8424        vaesenc	48(%ebp), %xmm0, %xmm0
 8425        vaesenc	64(%ebp), %xmm0, %xmm0
 8426        vaesenc	80(%ebp), %xmm0, %xmm0
 8427        vaesenc	96(%ebp), %xmm0, %xmm0
 8428        vaesenc	112(%ebp), %xmm0, %xmm0
 8429        vaesenc	128(%ebp), %xmm0, %xmm0
 8430        vaesenc	144(%ebp), %xmm0, %xmm0
 8431        cmpl	$11, 120(%esp)
 8432        vmovdqa	160(%ebp), %xmm1
 8433        jl	L_AES_GCM_encrypt_update_avx1_aesenc_block_aesenc_avx_last
 8434        vaesenc	%xmm1, %xmm0, %xmm0
 8435        vaesenc	176(%ebp), %xmm0, %xmm0
 8436        cmpl	$13, 120(%esp)
 8437        vmovdqa	192(%ebp), %xmm1
 8438        jl	L_AES_GCM_encrypt_update_avx1_aesenc_block_aesenc_avx_last
 8439        vaesenc	%xmm1, %xmm0, %xmm0
 8440        vaesenc	208(%ebp), %xmm0, %xmm0
 8441        vmovdqa	224(%ebp), %xmm1
 8442L_AES_GCM_encrypt_update_avx1_aesenc_block_aesenc_avx_last:
 8443        vaesenclast	%xmm1, %xmm0, %xmm0
 8444        vmovdqu	(%ecx), %xmm1
 8445        vpxor	%xmm1, %xmm0, %xmm0
 8446        vmovdqu	%xmm0, (%edx)
 8447        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 8448        vpxor	%xmm0, %xmm6, %xmm6
 8449        addl	$16, %ebx
 8450        cmpl	%eax, %ebx
 8451        jge	L_AES_GCM_encrypt_update_avx1_last_block_ghash
 8452L_AES_GCM_encrypt_update_avx1_last_block_start:
 8453        leal	(%esi,%ebx,1), %ecx
 8454        leal	(%edi,%ebx,1), %edx
 8455        vmovdqu	64(%esp), %xmm1
 8456        vmovdqu	%xmm6, %xmm3
 8457        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm1, %xmm0
 8458        vpaddd	L_aes_gcm_avx1_one, %xmm1, %xmm1
 8459        vmovdqu	%xmm1, 64(%esp)
 8460        vpxor	(%ebp), %xmm0, %xmm0
 8461        vpclmulqdq	$16, %xmm5, %xmm3, %xmm4
 8462        vaesenc	16(%ebp), %xmm0, %xmm0
 8463        vaesenc	32(%ebp), %xmm0, %xmm0
 8464        vpclmulqdq	$0x01, %xmm5, %xmm3, %xmm7
 8465        vaesenc	48(%ebp), %xmm0, %xmm0
 8466        vaesenc	64(%ebp), %xmm0, %xmm0
 8467        vaesenc	80(%ebp), %xmm0, %xmm0
 8468        vpclmulqdq	$0x11, %xmm5, %xmm3, %xmm1
 8469        vaesenc	96(%ebp), %xmm0, %xmm0
 8470        vpxor	%xmm7, %xmm4, %xmm4
 8471        vpslldq	$8, %xmm4, %xmm2
 8472        vpsrldq	$8, %xmm4, %xmm4
 8473        vaesenc	112(%ebp), %xmm0, %xmm0
 8474        vpclmulqdq	$0x00, %xmm5, %xmm3, %xmm7
 8475        vpxor	%xmm7, %xmm2, %xmm2
 8476        vpxor	%xmm4, %xmm1, %xmm1
 8477        vmovdqa	L_aes_gcm_avx1_mod2_128, %xmm3
 8478        vpclmulqdq	$16, %xmm3, %xmm2, %xmm7
 8479        vaesenc	128(%ebp), %xmm0, %xmm0
 8480        vpshufd	$0x4e, %xmm2, %xmm4
 8481        vpxor	%xmm7, %xmm4, %xmm4
 8482        vpclmulqdq	$16, %xmm3, %xmm4, %xmm7
 8483        vaesenc	144(%ebp), %xmm0, %xmm0
 8484        vpshufd	$0x4e, %xmm4, %xmm6
 8485        vpxor	%xmm7, %xmm6, %xmm6
 8486        vpxor	%xmm1, %xmm6, %xmm6
 8487        cmpl	$11, 120(%esp)
 8488        vmovdqa	160(%ebp), %xmm1
 8489        jl	L_AES_GCM_encrypt_update_avx1_aesenc_gfmul_last
 8490        vaesenc	%xmm1, %xmm0, %xmm0
 8491        vaesenc	176(%ebp), %xmm0, %xmm0
 8492        cmpl	$13, 120(%esp)
 8493        vmovdqa	192(%ebp), %xmm1
 8494        jl	L_AES_GCM_encrypt_update_avx1_aesenc_gfmul_last
 8495        vaesenc	%xmm1, %xmm0, %xmm0
 8496        vaesenc	208(%ebp), %xmm0, %xmm0
 8497        vmovdqa	224(%ebp), %xmm1
 8498L_AES_GCM_encrypt_update_avx1_aesenc_gfmul_last:
 8499        vaesenclast	%xmm1, %xmm0, %xmm0
 8500        vmovdqu	(%ecx), %xmm1
 8501        vpxor	%xmm1, %xmm0, %xmm0
 8502        vmovdqu	%xmm0, (%edx)
 8503        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 8504        addl	$16, %ebx
 8505        vpxor	%xmm0, %xmm6, %xmm6
 8506        cmpl	%eax, %ebx
 8507        jl	L_AES_GCM_encrypt_update_avx1_last_block_start
 8508L_AES_GCM_encrypt_update_avx1_last_block_ghash:
 8509        # ghash_gfmul_red_avx
 8510        vpshufd	$0x4e, %xmm5, %xmm1
 8511        vpshufd	$0x4e, %xmm6, %xmm2
 8512        vpclmulqdq	$0x11, %xmm5, %xmm6, %xmm3
 8513        vpclmulqdq	$0x00, %xmm5, %xmm6, %xmm0
 8514        vpxor	%xmm5, %xmm1, %xmm1
 8515        vpxor	%xmm6, %xmm2, %xmm2
 8516        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 8517        vpxor	%xmm0, %xmm1, %xmm1
 8518        vpxor	%xmm3, %xmm1, %xmm1
 8519        vpslldq	$8, %xmm1, %xmm2
 8520        vpsrldq	$8, %xmm1, %xmm1
 8521        vpxor	%xmm2, %xmm0, %xmm0
 8522        vpxor	%xmm1, %xmm3, %xmm6
 8523        vpslld	$31, %xmm0, %xmm1
 8524        vpslld	$30, %xmm0, %xmm2
 8525        vpslld	$25, %xmm0, %xmm3
 8526        vpxor	%xmm2, %xmm1, %xmm1
 8527        vpxor	%xmm3, %xmm1, %xmm1
 8528        vpsrldq	$4, %xmm1, %xmm3
 8529        vpslldq	$12, %xmm1, %xmm1
 8530        vpxor	%xmm1, %xmm0, %xmm0
 8531        vpsrld	$0x01, %xmm0, %xmm1
 8532        vpsrld	$2, %xmm0, %xmm2
 8533        vpxor	%xmm2, %xmm1, %xmm1
 8534        vpxor	%xmm0, %xmm1, %xmm1
 8535        vpsrld	$7, %xmm0, %xmm0
 8536        vpxor	%xmm3, %xmm1, %xmm1
 8537        vpxor	%xmm0, %xmm1, %xmm1
 8538        vpxor	%xmm1, %xmm6, %xmm6
 8539L_AES_GCM_encrypt_update_avx1_last_block_done:
 8540L_AES_GCM_encrypt_update_avx1_done_enc:
 8541        movl	136(%esp), %esi
 8542        movl	144(%esp), %edi
 8543        vmovdqu	64(%esp), %xmm4
 8544        vmovdqa	%xmm6, (%esi)
 8545        vmovdqu	%xmm4, (%edi)
 8546        addl	$0x60, %esp
 8547        popl	%ebp
 8548        popl	%edi
 8549        popl	%esi
 8550        popl	%ebx
 8551        ret
 8552.size	AES_GCM_encrypt_update_avx1,.-AES_GCM_encrypt_update_avx1
 8553.text
 8554.globl	AES_GCM_encrypt_final_avx1
 8555.type	AES_GCM_encrypt_final_avx1,@function
 8556.align	16
 8557AES_GCM_encrypt_final_avx1:
 8558        pushl	%esi
 8559        pushl	%edi
 8560        pushl	%ebp
 8561        subl	$16, %esp
 8562        movl	32(%esp), %ebp
 8563        movl	52(%esp), %esi
 8564        movl	56(%esp), %edi
 8565        vmovdqa	(%ebp), %xmm4
 8566        vmovdqa	(%esi), %xmm5
 8567        vmovdqa	(%edi), %xmm6
 8568        vpsrlq	$63, %xmm5, %xmm1
 8569        vpsllq	$0x01, %xmm5, %xmm0
 8570        vpslldq	$8, %xmm1, %xmm1
 8571        vpor	%xmm1, %xmm0, %xmm0
 8572        vpshufd	$0xff, %xmm5, %xmm5
 8573        vpsrad	$31, %xmm5, %xmm5
 8574        vpand	L_aes_gcm_avx1_mod2_128, %xmm5, %xmm5
 8575        vpxor	%xmm0, %xmm5, %xmm5
 8576        movl	44(%esp), %edx
 8577        movl	48(%esp), %ecx
 8578        shll	$3, %edx
 8579        shll	$3, %ecx
 8580        vpinsrd	$0x00, %edx, %xmm0, %xmm0
 8581        vpinsrd	$2, %ecx, %xmm0, %xmm0
 8582        movl	44(%esp), %edx
 8583        movl	48(%esp), %ecx
 8584        shrl	$29, %edx
 8585        shrl	$29, %ecx
 8586        vpinsrd	$0x01, %edx, %xmm0, %xmm0
 8587        vpinsrd	$3, %ecx, %xmm0, %xmm0
 8588        vpxor	%xmm0, %xmm4, %xmm4
 8589        # ghash_gfmul_red_avx
 8590        vpshufd	$0x4e, %xmm5, %xmm1
 8591        vpshufd	$0x4e, %xmm4, %xmm2
 8592        vpclmulqdq	$0x11, %xmm5, %xmm4, %xmm3
 8593        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm0
 8594        vpxor	%xmm5, %xmm1, %xmm1
 8595        vpxor	%xmm4, %xmm2, %xmm2
 8596        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 8597        vpxor	%xmm0, %xmm1, %xmm1
 8598        vpxor	%xmm3, %xmm1, %xmm1
 8599        vpslldq	$8, %xmm1, %xmm2
 8600        vpsrldq	$8, %xmm1, %xmm1
 8601        vpxor	%xmm2, %xmm0, %xmm0
 8602        vpxor	%xmm1, %xmm3, %xmm4
 8603        vpslld	$31, %xmm0, %xmm1
 8604        vpslld	$30, %xmm0, %xmm2
 8605        vpslld	$25, %xmm0, %xmm3
 8606        vpxor	%xmm2, %xmm1, %xmm1
 8607        vpxor	%xmm3, %xmm1, %xmm1
 8608        vpsrldq	$4, %xmm1, %xmm3
 8609        vpslldq	$12, %xmm1, %xmm1
 8610        vpxor	%xmm1, %xmm0, %xmm0
 8611        vpsrld	$0x01, %xmm0, %xmm1
 8612        vpsrld	$2, %xmm0, %xmm2
 8613        vpxor	%xmm2, %xmm1, %xmm1
 8614        vpxor	%xmm0, %xmm1, %xmm1
 8615        vpsrld	$7, %xmm0, %xmm0
 8616        vpxor	%xmm3, %xmm1, %xmm1
 8617        vpxor	%xmm0, %xmm1, %xmm1
 8618        vpxor	%xmm1, %xmm4, %xmm4
 8619        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm4, %xmm4
 8620        vpxor	%xmm6, %xmm4, %xmm0
 8621        movl	36(%esp), %edi
 8622        cmpl	$16, 40(%esp)
 8623        je	L_AES_GCM_encrypt_final_avx1_store_tag_16
 8624        xorl	%ecx, %ecx
 8625        vmovdqu	%xmm0, (%esp)
 8626L_AES_GCM_encrypt_final_avx1_store_tag_loop:
 8627        movzbl	(%esp,%ecx,1), %eax
 8628        movb	%al, (%edi,%ecx,1)
 8629        incl	%ecx
 8630        cmpl	40(%esp), %ecx
 8631        jne	L_AES_GCM_encrypt_final_avx1_store_tag_loop
 8632        jmp	L_AES_GCM_encrypt_final_avx1_store_tag_done
 8633L_AES_GCM_encrypt_final_avx1_store_tag_16:
 8634        vmovdqu	%xmm0, (%edi)
 8635L_AES_GCM_encrypt_final_avx1_store_tag_done:
 8636        addl	$16, %esp
 8637        popl	%ebp
 8638        popl	%edi
 8639        popl	%esi
 8640        ret
 8641.size	AES_GCM_encrypt_final_avx1,.-AES_GCM_encrypt_final_avx1
 8642.text
 8643.globl	AES_GCM_decrypt_update_avx1
 8644.type	AES_GCM_decrypt_update_avx1,@function
 8645.align	16
 8646AES_GCM_decrypt_update_avx1:
 8647        pushl	%ebx
 8648        pushl	%esi
 8649        pushl	%edi
 8650        pushl	%ebp
 8651        subl	$0xa0, %esp
 8652        movl	208(%esp), %esi
 8653        vmovdqa	(%esi), %xmm4
 8654        vmovdqu	%xmm4, 64(%esp)
 8655        movl	200(%esp), %esi
 8656        movl	204(%esp), %ebp
 8657        vmovdqa	(%esi), %xmm6
 8658        vmovdqa	(%ebp), %xmm5
 8659        vmovdqu	%xmm6, 80(%esp)
 8660        movl	180(%esp), %ebp
 8661        movl	188(%esp), %edi
 8662        movl	192(%esp), %esi
 8663        vpsrlq	$63, %xmm5, %xmm1
 8664        vpsllq	$0x01, %xmm5, %xmm0
 8665        vpslldq	$8, %xmm1, %xmm1
 8666        vpor	%xmm1, %xmm0, %xmm0
 8667        vpshufd	$0xff, %xmm5, %xmm5
 8668        vpsrad	$31, %xmm5, %xmm5
 8669        vpand	L_aes_gcm_avx1_mod2_128, %xmm5, %xmm5
 8670        vpxor	%xmm0, %xmm5, %xmm5
 8671        xorl	%ebx, %ebx
 8672        cmpl	$0x40, 196(%esp)
 8673        movl	196(%esp), %eax
 8674        jl	L_AES_GCM_decrypt_update_avx1_done_64
 8675        andl	$0xffffffc0, %eax
 8676        vmovdqa	%xmm6, %xmm2
 8677        # H ^ 1
 8678        vmovdqu	%xmm5, (%esp)
 8679        # H ^ 2
 8680        vpclmulqdq	$0x00, %xmm5, %xmm5, %xmm0
 8681        vpclmulqdq	$0x11, %xmm5, %xmm5, %xmm4
 8682        vpslld	$31, %xmm0, %xmm1
 8683        vpslld	$30, %xmm0, %xmm2
 8684        vpslld	$25, %xmm0, %xmm3
 8685        vpxor	%xmm2, %xmm1, %xmm1
 8686        vpxor	%xmm3, %xmm1, %xmm1
 8687        vpsrldq	$4, %xmm1, %xmm3
 8688        vpslldq	$12, %xmm1, %xmm1
 8689        vpxor	%xmm1, %xmm0, %xmm0
 8690        vpsrld	$0x01, %xmm0, %xmm1
 8691        vpsrld	$2, %xmm0, %xmm2
 8692        vpxor	%xmm2, %xmm1, %xmm1
 8693        vpxor	%xmm0, %xmm1, %xmm1
 8694        vpsrld	$7, %xmm0, %xmm0
 8695        vpxor	%xmm3, %xmm1, %xmm1
 8696        vpxor	%xmm0, %xmm1, %xmm1
 8697        vpxor	%xmm1, %xmm4, %xmm4
 8698        vmovdqu	%xmm4, 16(%esp)
 8699        # H ^ 3
 8700        # ghash_gfmul_red_avx
 8701        vpshufd	$0x4e, %xmm5, %xmm1
 8702        vpshufd	$0x4e, %xmm4, %xmm2
 8703        vpclmulqdq	$0x11, %xmm5, %xmm4, %xmm3
 8704        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm0
 8705        vpxor	%xmm5, %xmm1, %xmm1
 8706        vpxor	%xmm4, %xmm2, %xmm2
 8707        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 8708        vpxor	%xmm0, %xmm1, %xmm1
 8709        vpxor	%xmm3, %xmm1, %xmm1
 8710        vpslldq	$8, %xmm1, %xmm2
 8711        vpsrldq	$8, %xmm1, %xmm1
 8712        vpxor	%xmm2, %xmm0, %xmm0
 8713        vpxor	%xmm1, %xmm3, %xmm7
 8714        vpslld	$31, %xmm0, %xmm1
 8715        vpslld	$30, %xmm0, %xmm2
 8716        vpslld	$25, %xmm0, %xmm3
 8717        vpxor	%xmm2, %xmm1, %xmm1
 8718        vpxor	%xmm3, %xmm1, %xmm1
 8719        vpsrldq	$4, %xmm1, %xmm3
 8720        vpslldq	$12, %xmm1, %xmm1
 8721        vpxor	%xmm1, %xmm0, %xmm0
 8722        vpsrld	$0x01, %xmm0, %xmm1
 8723        vpsrld	$2, %xmm0, %xmm2
 8724        vpxor	%xmm2, %xmm1, %xmm1
 8725        vpxor	%xmm0, %xmm1, %xmm1
 8726        vpsrld	$7, %xmm0, %xmm0
 8727        vpxor	%xmm3, %xmm1, %xmm1
 8728        vpxor	%xmm0, %xmm1, %xmm1
 8729        vpxor	%xmm1, %xmm7, %xmm7
 8730        vmovdqu	%xmm7, 32(%esp)
 8731        # H ^ 4
 8732        vpclmulqdq	$0x00, %xmm4, %xmm4, %xmm0
 8733        vpclmulqdq	$0x11, %xmm4, %xmm4, %xmm7
 8734        vpslld	$31, %xmm0, %xmm1
 8735        vpslld	$30, %xmm0, %xmm2
 8736        vpslld	$25, %xmm0, %xmm3
 8737        vpxor	%xmm2, %xmm1, %xmm1
 8738        vpxor	%xmm3, %xmm1, %xmm1
 8739        vpsrldq	$4, %xmm1, %xmm3
 8740        vpslldq	$12, %xmm1, %xmm1
 8741        vpxor	%xmm1, %xmm0, %xmm0
 8742        vpsrld	$0x01, %xmm0, %xmm1
 8743        vpsrld	$2, %xmm0, %xmm2
 8744        vpxor	%xmm2, %xmm1, %xmm1
 8745        vpxor	%xmm0, %xmm1, %xmm1
 8746        vpsrld	$7, %xmm0, %xmm0
 8747        vpxor	%xmm3, %xmm1, %xmm1
 8748        vpxor	%xmm0, %xmm1, %xmm1
 8749        vpxor	%xmm1, %xmm7, %xmm7
 8750        vmovdqu	%xmm7, 48(%esp)
 8751        cmpl	%esi, %edi
 8752        jne	L_AES_GCM_decrypt_update_avx1_ghash_64
 8753L_AES_GCM_decrypt_update_avx1_ghash_64_inplace:
 8754        leal	(%esi,%ebx,1), %ecx
 8755        leal	(%edi,%ebx,1), %edx
 8756        vmovdqu	64(%esp), %xmm0
 8757        vmovdqa	L_aes_gcm_avx1_bswap_epi64, %xmm7
 8758        vpaddd	L_aes_gcm_avx1_one, %xmm0, %xmm1
 8759        vpshufb	%xmm7, %xmm1, %xmm1
 8760        vpaddd	L_aes_gcm_avx1_two, %xmm0, %xmm2
 8761        vpshufb	%xmm7, %xmm2, %xmm2
 8762        vpaddd	L_aes_gcm_avx1_three, %xmm0, %xmm3
 8763        vpshufb	%xmm7, %xmm3, %xmm3
 8764        vpshufb	%xmm7, %xmm0, %xmm0
 8765        vmovdqu	64(%esp), %xmm7
 8766        vpaddd	L_aes_gcm_avx1_four, %xmm7, %xmm7
 8767        vmovdqu	%xmm7, 64(%esp)
 8768        vmovdqa	(%ebp), %xmm7
 8769        vpxor	%xmm7, %xmm0, %xmm0
 8770        vpxor	%xmm7, %xmm1, %xmm1
 8771        vpxor	%xmm7, %xmm2, %xmm2
 8772        vpxor	%xmm7, %xmm3, %xmm3
 8773        vmovdqa	16(%ebp), %xmm7
 8774        vaesenc	%xmm7, %xmm0, %xmm0
 8775        vaesenc	%xmm7, %xmm1, %xmm1
 8776        vaesenc	%xmm7, %xmm2, %xmm2
 8777        vaesenc	%xmm7, %xmm3, %xmm3
 8778        vmovdqa	32(%ebp), %xmm7
 8779        vaesenc	%xmm7, %xmm0, %xmm0
 8780        vaesenc	%xmm7, %xmm1, %xmm1
 8781        vaesenc	%xmm7, %xmm2, %xmm2
 8782        vaesenc	%xmm7, %xmm3, %xmm3
 8783        vmovdqa	48(%ebp), %xmm7
 8784        vaesenc	%xmm7, %xmm0, %xmm0
 8785        vaesenc	%xmm7, %xmm1, %xmm1
 8786        vaesenc	%xmm7, %xmm2, %xmm2
 8787        vaesenc	%xmm7, %xmm3, %xmm3
 8788        vmovdqa	64(%ebp), %xmm7
 8789        vaesenc	%xmm7, %xmm0, %xmm0
 8790        vaesenc	%xmm7, %xmm1, %xmm1
 8791        vaesenc	%xmm7, %xmm2, %xmm2
 8792        vaesenc	%xmm7, %xmm3, %xmm3
 8793        vmovdqa	80(%ebp), %xmm7
 8794        vaesenc	%xmm7, %xmm0, %xmm0
 8795        vaesenc	%xmm7, %xmm1, %xmm1
 8796        vaesenc	%xmm7, %xmm2, %xmm2
 8797        vaesenc	%xmm7, %xmm3, %xmm3
 8798        vmovdqa	96(%ebp), %xmm7
 8799        vaesenc	%xmm7, %xmm0, %xmm0
 8800        vaesenc	%xmm7, %xmm1, %xmm1
 8801        vaesenc	%xmm7, %xmm2, %xmm2
 8802        vaesenc	%xmm7, %xmm3, %xmm3
 8803        vmovdqa	112(%ebp), %xmm7
 8804        vaesenc	%xmm7, %xmm0, %xmm0
 8805        vaesenc	%xmm7, %xmm1, %xmm1
 8806        vaesenc	%xmm7, %xmm2, %xmm2
 8807        vaesenc	%xmm7, %xmm3, %xmm3
 8808        vmovdqa	128(%ebp), %xmm7
 8809        vaesenc	%xmm7, %xmm0, %xmm0
 8810        vaesenc	%xmm7, %xmm1, %xmm1
 8811        vaesenc	%xmm7, %xmm2, %xmm2
 8812        vaesenc	%xmm7, %xmm3, %xmm3
 8813        vmovdqa	144(%ebp), %xmm7
 8814        vaesenc	%xmm7, %xmm0, %xmm0
 8815        vaesenc	%xmm7, %xmm1, %xmm1
 8816        vaesenc	%xmm7, %xmm2, %xmm2
 8817        vaesenc	%xmm7, %xmm3, %xmm3
 8818        cmpl	$11, 184(%esp)
 8819        vmovdqa	160(%ebp), %xmm7
 8820        jl	L_AES_GCM_decrypt_update_avx1inplace_aesenc_64_ghash_avx_aesenc_64_enc_done
 8821        vaesenc	%xmm7, %xmm0, %xmm0
 8822        vaesenc	%xmm7, %xmm1, %xmm1
 8823        vaesenc	%xmm7, %xmm2, %xmm2
 8824        vaesenc	%xmm7, %xmm3, %xmm3
 8825        vmovdqa	176(%ebp), %xmm7
 8826        vaesenc	%xmm7, %xmm0, %xmm0
 8827        vaesenc	%xmm7, %xmm1, %xmm1
 8828        vaesenc	%xmm7, %xmm2, %xmm2
 8829        vaesenc	%xmm7, %xmm3, %xmm3
 8830        cmpl	$13, 184(%esp)
 8831        vmovdqa	192(%ebp), %xmm7
 8832        jl	L_AES_GCM_decrypt_update_avx1inplace_aesenc_64_ghash_avx_aesenc_64_enc_done
 8833        vaesenc	%xmm7, %xmm0, %xmm0
 8834        vaesenc	%xmm7, %xmm1, %xmm1
 8835        vaesenc	%xmm7, %xmm2, %xmm2
 8836        vaesenc	%xmm7, %xmm3, %xmm3
 8837        vmovdqa	208(%ebp), %xmm7
 8838        vaesenc	%xmm7, %xmm0, %xmm0
 8839        vaesenc	%xmm7, %xmm1, %xmm1
 8840        vaesenc	%xmm7, %xmm2, %xmm2
 8841        vaesenc	%xmm7, %xmm3, %xmm3
 8842        vmovdqa	224(%ebp), %xmm7
 8843L_AES_GCM_decrypt_update_avx1inplace_aesenc_64_ghash_avx_aesenc_64_enc_done:
 8844        vaesenclast	%xmm7, %xmm0, %xmm0
 8845        vaesenclast	%xmm7, %xmm1, %xmm1
 8846        vmovdqu	(%ecx), %xmm4
 8847        vmovdqu	16(%ecx), %xmm5
 8848        vpxor	%xmm4, %xmm0, %xmm0
 8849        vpxor	%xmm5, %xmm1, %xmm1
 8850        vmovdqu	%xmm4, 96(%esp)
 8851        vmovdqu	%xmm5, 112(%esp)
 8852        vmovdqu	%xmm0, (%edx)
 8853        vmovdqu	%xmm1, 16(%edx)
 8854        vaesenclast	%xmm7, %xmm2, %xmm2
 8855        vaesenclast	%xmm7, %xmm3, %xmm3
 8856        vmovdqu	32(%ecx), %xmm4
 8857        vmovdqu	48(%ecx), %xmm5
 8858        vpxor	%xmm4, %xmm2, %xmm2
 8859        vpxor	%xmm5, %xmm3, %xmm3
 8860        vmovdqu	%xmm4, 128(%esp)
 8861        vmovdqu	%xmm5, 144(%esp)
 8862        vmovdqu	%xmm2, 32(%edx)
 8863        vmovdqu	%xmm3, 48(%edx)
 8864        # ghash encrypted counter
 8865        vmovdqu	80(%esp), %xmm2
 8866        vmovdqu	48(%esp), %xmm7
 8867        vmovdqu	96(%esp), %xmm0
 8868        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 8869        vpxor	%xmm2, %xmm0, %xmm0
 8870        vpshufd	$0x4e, %xmm7, %xmm1
 8871        vpshufd	$0x4e, %xmm0, %xmm5
 8872        vpxor	%xmm7, %xmm1, %xmm1
 8873        vpxor	%xmm0, %xmm5, %xmm5
 8874        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm3
 8875        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm2
 8876        vpclmulqdq	$0x00, %xmm5, %xmm1, %xmm1
 8877        vpxor	%xmm2, %xmm1, %xmm1
 8878        vpxor	%xmm3, %xmm1, %xmm1
 8879        vmovdqu	32(%esp), %xmm7
 8880        vmovdqu	112(%esp), %xmm0
 8881        vpshufd	$0x4e, %xmm7, %xmm4
 8882        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 8883        vpxor	%xmm7, %xmm4, %xmm4
 8884        vpshufd	$0x4e, %xmm0, %xmm5
 8885        vpxor	%xmm0, %xmm5, %xmm5
 8886        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm6
 8887        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm7
 8888        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm4
 8889        vpxor	%xmm7, %xmm1, %xmm1
 8890        vpxor	%xmm7, %xmm2, %xmm2
 8891        vpxor	%xmm6, %xmm1, %xmm1
 8892        vpxor	%xmm6, %xmm3, %xmm3
 8893        vpxor	%xmm4, %xmm1, %xmm1
 8894        vmovdqu	16(%esp), %xmm7
 8895        vmovdqu	128(%esp), %xmm0
 8896        vpshufd	$0x4e, %xmm7, %xmm4
 8897        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 8898        vpxor	%xmm7, %xmm4, %xmm4
 8899        vpshufd	$0x4e, %xmm0, %xmm5
 8900        vpxor	%xmm0, %xmm5, %xmm5
 8901        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm6
 8902        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm7
 8903        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm4
 8904        vpxor	%xmm7, %xmm1, %xmm1
 8905        vpxor	%xmm7, %xmm2, %xmm2
 8906        vpxor	%xmm6, %xmm1, %xmm1
 8907        vpxor	%xmm6, %xmm3, %xmm3
 8908        vpxor	%xmm4, %xmm1, %xmm1
 8909        vmovdqu	(%esp), %xmm7
 8910        vmovdqu	144(%esp), %xmm0
 8911        vpshufd	$0x4e, %xmm7, %xmm4
 8912        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 8913        vpxor	%xmm7, %xmm4, %xmm4
 8914        vpshufd	$0x4e, %xmm0, %xmm5
 8915        vpxor	%xmm0, %xmm5, %xmm5
 8916        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm6
 8917        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm7
 8918        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm4
 8919        vpxor	%xmm7, %xmm1, %xmm1
 8920        vpxor	%xmm7, %xmm2, %xmm2
 8921        vpxor	%xmm6, %xmm1, %xmm1
 8922        vpxor	%xmm6, %xmm3, %xmm3
 8923        vpxor	%xmm4, %xmm1, %xmm1
 8924        vpslldq	$8, %xmm1, %xmm5
 8925        vpsrldq	$8, %xmm1, %xmm1
 8926        vpxor	%xmm5, %xmm2, %xmm2
 8927        vpxor	%xmm1, %xmm3, %xmm3
 8928        vpslld	$31, %xmm2, %xmm7
 8929        vpslld	$30, %xmm2, %xmm4
 8930        vpslld	$25, %xmm2, %xmm5
 8931        vpxor	%xmm4, %xmm7, %xmm7
 8932        vpxor	%xmm5, %xmm7, %xmm7
 8933        vpsrldq	$4, %xmm7, %xmm4
 8934        vpslldq	$12, %xmm7, %xmm7
 8935        vpxor	%xmm7, %xmm2, %xmm2
 8936        vpsrld	$0x01, %xmm2, %xmm5
 8937        vpsrld	$2, %xmm2, %xmm1
 8938        vpsrld	$7, %xmm2, %xmm0
 8939        vpxor	%xmm1, %xmm5, %xmm5
 8940        vpxor	%xmm0, %xmm5, %xmm5
 8941        vpxor	%xmm4, %xmm5, %xmm5
 8942        vpxor	%xmm5, %xmm2, %xmm2
 8943        vpxor	%xmm3, %xmm2, %xmm2
 8944        vmovdqu	%xmm2, 80(%esp)
 8945        addl	$0x40, %ebx
 8946        cmpl	%eax, %ebx
 8947        jl	L_AES_GCM_decrypt_update_avx1_ghash_64_inplace
 8948        jmp	L_AES_GCM_decrypt_update_avx1_ghash_64_done
 8949L_AES_GCM_decrypt_update_avx1_ghash_64:
 8950        leal	(%esi,%ebx,1), %ecx
 8951        leal	(%edi,%ebx,1), %edx
 8952        vmovdqu	64(%esp), %xmm0
 8953        vmovdqa	L_aes_gcm_avx1_bswap_epi64, %xmm7
 8954        vpaddd	L_aes_gcm_avx1_one, %xmm0, %xmm1
 8955        vpshufb	%xmm7, %xmm1, %xmm1
 8956        vpaddd	L_aes_gcm_avx1_two, %xmm0, %xmm2
 8957        vpshufb	%xmm7, %xmm2, %xmm2
 8958        vpaddd	L_aes_gcm_avx1_three, %xmm0, %xmm3
 8959        vpshufb	%xmm7, %xmm3, %xmm3
 8960        vpshufb	%xmm7, %xmm0, %xmm0
 8961        vmovdqu	64(%esp), %xmm7
 8962        vpaddd	L_aes_gcm_avx1_four, %xmm7, %xmm7
 8963        vmovdqu	%xmm7, 64(%esp)
 8964        vmovdqa	(%ebp), %xmm7
 8965        vpxor	%xmm7, %xmm0, %xmm0
 8966        vpxor	%xmm7, %xmm1, %xmm1
 8967        vpxor	%xmm7, %xmm2, %xmm2
 8968        vpxor	%xmm7, %xmm3, %xmm3
 8969        vmovdqa	16(%ebp), %xmm7
 8970        vaesenc	%xmm7, %xmm0, %xmm0
 8971        vaesenc	%xmm7, %xmm1, %xmm1
 8972        vaesenc	%xmm7, %xmm2, %xmm2
 8973        vaesenc	%xmm7, %xmm3, %xmm3
 8974        vmovdqa	32(%ebp), %xmm7
 8975        vaesenc	%xmm7, %xmm0, %xmm0
 8976        vaesenc	%xmm7, %xmm1, %xmm1
 8977        vaesenc	%xmm7, %xmm2, %xmm2
 8978        vaesenc	%xmm7, %xmm3, %xmm3
 8979        vmovdqa	48(%ebp), %xmm7
 8980        vaesenc	%xmm7, %xmm0, %xmm0
 8981        vaesenc	%xmm7, %xmm1, %xmm1
 8982        vaesenc	%xmm7, %xmm2, %xmm2
 8983        vaesenc	%xmm7, %xmm3, %xmm3
 8984        vmovdqa	64(%ebp), %xmm7
 8985        vaesenc	%xmm7, %xmm0, %xmm0
 8986        vaesenc	%xmm7, %xmm1, %xmm1
 8987        vaesenc	%xmm7, %xmm2, %xmm2
 8988        vaesenc	%xmm7, %xmm3, %xmm3
 8989        vmovdqa	80(%ebp), %xmm7
 8990        vaesenc	%xmm7, %xmm0, %xmm0
 8991        vaesenc	%xmm7, %xmm1, %xmm1
 8992        vaesenc	%xmm7, %xmm2, %xmm2
 8993        vaesenc	%xmm7, %xmm3, %xmm3
 8994        vmovdqa	96(%ebp), %xmm7
 8995        vaesenc	%xmm7, %xmm0, %xmm0
 8996        vaesenc	%xmm7, %xmm1, %xmm1
 8997        vaesenc	%xmm7, %xmm2, %xmm2
 8998        vaesenc	%xmm7, %xmm3, %xmm3
 8999        vmovdqa	112(%ebp), %xmm7
 9000        vaesenc	%xmm7, %xmm0, %xmm0
 9001        vaesenc	%xmm7, %xmm1, %xmm1
 9002        vaesenc	%xmm7, %xmm2, %xmm2
 9003        vaesenc	%xmm7, %xmm3, %xmm3
 9004        vmovdqa	128(%ebp), %xmm7
 9005        vaesenc	%xmm7, %xmm0, %xmm0
 9006        vaesenc	%xmm7, %xmm1, %xmm1
 9007        vaesenc	%xmm7, %xmm2, %xmm2
 9008        vaesenc	%xmm7, %xmm3, %xmm3
 9009        vmovdqa	144(%ebp), %xmm7
 9010        vaesenc	%xmm7, %xmm0, %xmm0
 9011        vaesenc	%xmm7, %xmm1, %xmm1
 9012        vaesenc	%xmm7, %xmm2, %xmm2
 9013        vaesenc	%xmm7, %xmm3, %xmm3
 9014        cmpl	$11, 184(%esp)
 9015        vmovdqa	160(%ebp), %xmm7
 9016        jl	L_AES_GCM_decrypt_update_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done
 9017        vaesenc	%xmm7, %xmm0, %xmm0
 9018        vaesenc	%xmm7, %xmm1, %xmm1
 9019        vaesenc	%xmm7, %xmm2, %xmm2
 9020        vaesenc	%xmm7, %xmm3, %xmm3
 9021        vmovdqa	176(%ebp), %xmm7
 9022        vaesenc	%xmm7, %xmm0, %xmm0
 9023        vaesenc	%xmm7, %xmm1, %xmm1
 9024        vaesenc	%xmm7, %xmm2, %xmm2
 9025        vaesenc	%xmm7, %xmm3, %xmm3
 9026        cmpl	$13, 184(%esp)
 9027        vmovdqa	192(%ebp), %xmm7
 9028        jl	L_AES_GCM_decrypt_update_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done
 9029        vaesenc	%xmm7, %xmm0, %xmm0
 9030        vaesenc	%xmm7, %xmm1, %xmm1
 9031        vaesenc	%xmm7, %xmm2, %xmm2
 9032        vaesenc	%xmm7, %xmm3, %xmm3
 9033        vmovdqa	208(%ebp), %xmm7
 9034        vaesenc	%xmm7, %xmm0, %xmm0
 9035        vaesenc	%xmm7, %xmm1, %xmm1
 9036        vaesenc	%xmm7, %xmm2, %xmm2
 9037        vaesenc	%xmm7, %xmm3, %xmm3
 9038        vmovdqa	224(%ebp), %xmm7
 9039L_AES_GCM_decrypt_update_avx1_aesenc_64_ghash_avx_aesenc_64_enc_done:
 9040        vaesenclast	%xmm7, %xmm0, %xmm0
 9041        vaesenclast	%xmm7, %xmm1, %xmm1
 9042        vmovdqu	(%ecx), %xmm4
 9043        vmovdqu	16(%ecx), %xmm5
 9044        vpxor	%xmm4, %xmm0, %xmm0
 9045        vpxor	%xmm5, %xmm1, %xmm1
 9046        vmovdqu	%xmm4, (%ecx)
 9047        vmovdqu	%xmm5, 16(%ecx)
 9048        vmovdqu	%xmm0, (%edx)
 9049        vmovdqu	%xmm1, 16(%edx)
 9050        vaesenclast	%xmm7, %xmm2, %xmm2
 9051        vaesenclast	%xmm7, %xmm3, %xmm3
 9052        vmovdqu	32(%ecx), %xmm4
 9053        vmovdqu	48(%ecx), %xmm5
 9054        vpxor	%xmm4, %xmm2, %xmm2
 9055        vpxor	%xmm5, %xmm3, %xmm3
 9056        vmovdqu	%xmm4, 32(%ecx)
 9057        vmovdqu	%xmm5, 48(%ecx)
 9058        vmovdqu	%xmm2, 32(%edx)
 9059        vmovdqu	%xmm3, 48(%edx)
 9060        # ghash encrypted counter
 9061        vmovdqu	80(%esp), %xmm2
 9062        vmovdqu	48(%esp), %xmm7
 9063        vmovdqu	(%ecx), %xmm0
 9064        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 9065        vpxor	%xmm2, %xmm0, %xmm0
 9066        vpshufd	$0x4e, %xmm7, %xmm1
 9067        vpshufd	$0x4e, %xmm0, %xmm5
 9068        vpxor	%xmm7, %xmm1, %xmm1
 9069        vpxor	%xmm0, %xmm5, %xmm5
 9070        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm3
 9071        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm2
 9072        vpclmulqdq	$0x00, %xmm5, %xmm1, %xmm1
 9073        vpxor	%xmm2, %xmm1, %xmm1
 9074        vpxor	%xmm3, %xmm1, %xmm1
 9075        vmovdqu	32(%esp), %xmm7
 9076        vmovdqu	16(%ecx), %xmm0
 9077        vpshufd	$0x4e, %xmm7, %xmm4
 9078        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 9079        vpxor	%xmm7, %xmm4, %xmm4
 9080        vpshufd	$0x4e, %xmm0, %xmm5
 9081        vpxor	%xmm0, %xmm5, %xmm5
 9082        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm6
 9083        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm7
 9084        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm4
 9085        vpxor	%xmm7, %xmm1, %xmm1
 9086        vpxor	%xmm7, %xmm2, %xmm2
 9087        vpxor	%xmm6, %xmm1, %xmm1
 9088        vpxor	%xmm6, %xmm3, %xmm3
 9089        vpxor	%xmm4, %xmm1, %xmm1
 9090        vmovdqu	16(%esp), %xmm7
 9091        vmovdqu	32(%ecx), %xmm0
 9092        vpshufd	$0x4e, %xmm7, %xmm4
 9093        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 9094        vpxor	%xmm7, %xmm4, %xmm4
 9095        vpshufd	$0x4e, %xmm0, %xmm5
 9096        vpxor	%xmm0, %xmm5, %xmm5
 9097        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm6
 9098        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm7
 9099        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm4
 9100        vpxor	%xmm7, %xmm1, %xmm1
 9101        vpxor	%xmm7, %xmm2, %xmm2
 9102        vpxor	%xmm6, %xmm1, %xmm1
 9103        vpxor	%xmm6, %xmm3, %xmm3
 9104        vpxor	%xmm4, %xmm1, %xmm1
 9105        vmovdqu	(%esp), %xmm7
 9106        vmovdqu	48(%ecx), %xmm0
 9107        vpshufd	$0x4e, %xmm7, %xmm4
 9108        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm0, %xmm0
 9109        vpxor	%xmm7, %xmm4, %xmm4
 9110        vpshufd	$0x4e, %xmm0, %xmm5
 9111        vpxor	%xmm0, %xmm5, %xmm5
 9112        vpclmulqdq	$0x11, %xmm7, %xmm0, %xmm6
 9113        vpclmulqdq	$0x00, %xmm7, %xmm0, %xmm7
 9114        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm4
 9115        vpxor	%xmm7, %xmm1, %xmm1
 9116        vpxor	%xmm7, %xmm2, %xmm2
 9117        vpxor	%xmm6, %xmm1, %xmm1
 9118        vpxor	%xmm6, %xmm3, %xmm3
 9119        vpxor	%xmm4, %xmm1, %xmm1
 9120        vpslldq	$8, %xmm1, %xmm5
 9121        vpsrldq	$8, %xmm1, %xmm1
 9122        vpxor	%xmm5, %xmm2, %xmm2
 9123        vpxor	%xmm1, %xmm3, %xmm3
 9124        vpslld	$31, %xmm2, %xmm7
 9125        vpslld	$30, %xmm2, %xmm4
 9126        vpslld	$25, %xmm2, %xmm5
 9127        vpxor	%xmm4, %xmm7, %xmm7
 9128        vpxor	%xmm5, %xmm7, %xmm7
 9129        vpsrldq	$4, %xmm7, %xmm4
 9130        vpslldq	$12, %xmm7, %xmm7
 9131        vpxor	%xmm7, %xmm2, %xmm2
 9132        vpsrld	$0x01, %xmm2, %xmm5
 9133        vpsrld	$2, %xmm2, %xmm1
 9134        vpsrld	$7, %xmm2, %xmm0
 9135        vpxor	%xmm1, %xmm5, %xmm5
 9136        vpxor	%xmm0, %xmm5, %xmm5
 9137        vpxor	%xmm4, %xmm5, %xmm5
 9138        vpxor	%xmm5, %xmm2, %xmm2
 9139        vpxor	%xmm3, %xmm2, %xmm2
 9140        vmovdqu	%xmm2, 80(%esp)
 9141        addl	$0x40, %ebx
 9142        cmpl	%eax, %ebx
 9143        jl	L_AES_GCM_decrypt_update_avx1_ghash_64
 9144L_AES_GCM_decrypt_update_avx1_ghash_64_done:
 9145        vmovdqa	%xmm2, %xmm6
 9146        vmovdqu	(%esp), %xmm5
 9147L_AES_GCM_decrypt_update_avx1_done_64:
 9148        movl	196(%esp), %edx
 9149        cmpl	%edx, %ebx
 9150        jge	L_AES_GCM_decrypt_update_avx1_done_dec
 9151        movl	196(%esp), %eax
 9152        andl	$0xfffffff0, %eax
 9153        cmpl	%eax, %ebx
 9154        jge	L_AES_GCM_decrypt_update_avx1_last_block_done
 9155L_AES_GCM_decrypt_update_avx1_last_block_start:
 9156        leal	(%esi,%ebx,1), %ecx
 9157        leal	(%edi,%ebx,1), %edx
 9158        vmovdqu	(%ecx), %xmm1
 9159        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm1, %xmm1
 9160        vpxor	%xmm6, %xmm1, %xmm1
 9161        vmovdqu	%xmm1, (%esp)
 9162        vmovdqu	64(%esp), %xmm1
 9163        vmovdqu	(%esp), %xmm3
 9164        vpshufb	L_aes_gcm_avx1_bswap_epi64, %xmm1, %xmm0
 9165        vpaddd	L_aes_gcm_avx1_one, %xmm1, %xmm1
 9166        vmovdqu	%xmm1, 64(%esp)
 9167        vpxor	(%ebp), %xmm0, %xmm0
 9168        vpclmulqdq	$16, %xmm5, %xmm3, %xmm4
 9169        vaesenc	16(%ebp), %xmm0, %xmm0
 9170        vaesenc	32(%ebp), %xmm0, %xmm0
 9171        vpclmulqdq	$0x01, %xmm5, %xmm3, %xmm7
 9172        vaesenc	48(%ebp), %xmm0, %xmm0
 9173        vaesenc	64(%ebp), %xmm0, %xmm0
 9174        vaesenc	80(%ebp), %xmm0, %xmm0
 9175        vpclmulqdq	$0x11, %xmm5, %xmm3, %xmm1
 9176        vaesenc	96(%ebp), %xmm0, %xmm0
 9177        vpxor	%xmm7, %xmm4, %xmm4
 9178        vpslldq	$8, %xmm4, %xmm2
 9179        vpsrldq	$8, %xmm4, %xmm4
 9180        vaesenc	112(%ebp), %xmm0, %xmm0
 9181        vpclmulqdq	$0x00, %xmm5, %xmm3, %xmm7
 9182        vpxor	%xmm7, %xmm2, %xmm2
 9183        vpxor	%xmm4, %xmm1, %xmm1
 9184        vmovdqa	L_aes_gcm_avx1_mod2_128, %xmm3
 9185        vpclmulqdq	$16, %xmm3, %xmm2, %xmm7
 9186        vaesenc	128(%ebp), %xmm0, %xmm0
 9187        vpshufd	$0x4e, %xmm2, %xmm4
 9188        vpxor	%xmm7, %xmm4, %xmm4
 9189        vpclmulqdq	$16, %xmm3, %xmm4, %xmm7
 9190        vaesenc	144(%ebp), %xmm0, %xmm0
 9191        vpshufd	$0x4e, %xmm4, %xmm6
 9192        vpxor	%xmm7, %xmm6, %xmm6
 9193        vpxor	%xmm1, %xmm6, %xmm6
 9194        cmpl	$11, 184(%esp)
 9195        vmovdqa	160(%ebp), %xmm1
 9196        jl	L_AES_GCM_decrypt_update_avx1_aesenc_gfmul_last
 9197        vaesenc	%xmm1, %xmm0, %xmm0
 9198        vaesenc	176(%ebp), %xmm0, %xmm0
 9199        cmpl	$13, 184(%esp)
 9200        vmovdqa	192(%ebp), %xmm1
 9201        jl	L_AES_GCM_decrypt_update_avx1_aesenc_gfmul_last
 9202        vaesenc	%xmm1, %xmm0, %xmm0
 9203        vaesenc	208(%ebp), %xmm0, %xmm0
 9204        vmovdqa	224(%ebp), %xmm1
 9205L_AES_GCM_decrypt_update_avx1_aesenc_gfmul_last:
 9206        vaesenclast	%xmm1, %xmm0, %xmm0
 9207        vmovdqu	(%ecx), %xmm1
 9208        vpxor	%xmm1, %xmm0, %xmm0
 9209        vmovdqu	%xmm0, (%edx)
 9210        addl	$16, %ebx
 9211        cmpl	%eax, %ebx
 9212        jl	L_AES_GCM_decrypt_update_avx1_last_block_start
 9213L_AES_GCM_decrypt_update_avx1_last_block_done:
 9214L_AES_GCM_decrypt_update_avx1_done_dec:
 9215        movl	200(%esp), %esi
 9216        movl	208(%esp), %edi
 9217        vmovdqu	64(%esp), %xmm4
 9218        vmovdqa	%xmm6, (%esi)
 9219        vmovdqu	%xmm4, (%edi)
 9220        addl	$0xa0, %esp
 9221        popl	%ebp
 9222        popl	%edi
 9223        popl	%esi
 9224        popl	%ebx
 9225        ret
 9226.size	AES_GCM_decrypt_update_avx1,.-AES_GCM_decrypt_update_avx1
 9227.text
 9228.globl	AES_GCM_decrypt_final_avx1
 9229.type	AES_GCM_decrypt_final_avx1,@function
 9230.align	16
 9231AES_GCM_decrypt_final_avx1:
 9232        pushl	%ebx
 9233        pushl	%esi
 9234        pushl	%edi
 9235        pushl	%ebp
 9236        subl	$16, %esp
 9237        movl	36(%esp), %ebp
 9238        movl	56(%esp), %esi
 9239        movl	60(%esp), %edi
 9240        vmovdqa	(%ebp), %xmm6
 9241        vmovdqa	(%esi), %xmm5
 9242        vmovdqa	(%edi), %xmm7
 9243        vpsrlq	$63, %xmm5, %xmm1
 9244        vpsllq	$0x01, %xmm5, %xmm0
 9245        vpslldq	$8, %xmm1, %xmm1
 9246        vpor	%xmm1, %xmm0, %xmm0
 9247        vpshufd	$0xff, %xmm5, %xmm5
 9248        vpsrad	$31, %xmm5, %xmm5
 9249        vpand	L_aes_gcm_avx1_mod2_128, %xmm5, %xmm5
 9250        vpxor	%xmm0, %xmm5, %xmm5
 9251        movl	48(%esp), %edx
 9252        movl	52(%esp), %ecx
 9253        shll	$3, %edx
 9254        shll	$3, %ecx
 9255        vpinsrd	$0x00, %edx, %xmm0, %xmm0
 9256        vpinsrd	$2, %ecx, %xmm0, %xmm0
 9257        movl	48(%esp), %edx
 9258        movl	52(%esp), %ecx
 9259        shrl	$29, %edx
 9260        shrl	$29, %ecx
 9261        vpinsrd	$0x01, %edx, %xmm0, %xmm0
 9262        vpinsrd	$3, %ecx, %xmm0, %xmm0
 9263        vpxor	%xmm0, %xmm6, %xmm6
 9264        # ghash_gfmul_red_avx
 9265        vpshufd	$0x4e, %xmm5, %xmm1
 9266        vpshufd	$0x4e, %xmm6, %xmm2
 9267        vpclmulqdq	$0x11, %xmm5, %xmm6, %xmm3
 9268        vpclmulqdq	$0x00, %xmm5, %xmm6, %xmm0
 9269        vpxor	%xmm5, %xmm1, %xmm1
 9270        vpxor	%xmm6, %xmm2, %xmm2
 9271        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm1
 9272        vpxor	%xmm0, %xmm1, %xmm1
 9273        vpxor	%xmm3, %xmm1, %xmm1
 9274        vpslldq	$8, %xmm1, %xmm2
 9275        vpsrldq	$8, %xmm1, %xmm1
 9276        vpxor	%xmm2, %xmm0, %xmm0
 9277        vpxor	%xmm1, %xmm3, %xmm6
 9278        vpslld	$31, %xmm0, %xmm1
 9279        vpslld	$30, %xmm0, %xmm2
 9280        vpslld	$25, %xmm0, %xmm3
 9281        vpxor	%xmm2, %xmm1, %xmm1
 9282        vpxor	%xmm3, %xmm1, %xmm1
 9283        vpsrldq	$4, %xmm1, %xmm3
 9284        vpslldq	$12, %xmm1, %xmm1
 9285        vpxor	%xmm1, %xmm0, %xmm0
 9286        vpsrld	$0x01, %xmm0, %xmm1
 9287        vpsrld	$2, %xmm0, %xmm2
 9288        vpxor	%xmm2, %xmm1, %xmm1
 9289        vpxor	%xmm0, %xmm1, %xmm1
 9290        vpsrld	$7, %xmm0, %xmm0
 9291        vpxor	%xmm3, %xmm1, %xmm1
 9292        vpxor	%xmm0, %xmm1, %xmm1
 9293        vpxor	%xmm1, %xmm6, %xmm6
 9294        vpshufb	L_aes_gcm_avx1_bswap_mask, %xmm6, %xmm6
 9295        vpxor	%xmm7, %xmm6, %xmm0
 9296        movl	40(%esp), %esi
 9297        movl	64(%esp), %edi
 9298        cmpl	$16, 44(%esp)
 9299        je	L_AES_GCM_decrypt_final_avx1_cmp_tag_16
 9300        subl	$16, %esp
 9301        xorl	%ecx, %ecx
 9302        xorl	%ebx, %ebx
 9303        vmovdqu	%xmm0, (%esp)
 9304L_AES_GCM_decrypt_final_avx1_cmp_tag_loop:
 9305        movzbl	(%esp,%ecx,1), %eax
 9306        xorb	(%esi,%ecx,1), %al
 9307        orb	%al, %bl
 9308        incl	%ecx
 9309        cmpl	44(%esp), %ecx
 9310        jne	L_AES_GCM_decrypt_final_avx1_cmp_tag_loop
 9311        cmpb	$0x00, %bl
 9312        sete	%bl
 9313        addl	$16, %esp
 9314        xorl	%ecx, %ecx
 9315        jmp	L_AES_GCM_decrypt_final_avx1_cmp_tag_done
 9316L_AES_GCM_decrypt_final_avx1_cmp_tag_16:
 9317        vmovdqu	(%esi), %xmm1
 9318        vpcmpeqb	%xmm1, %xmm0, %xmm0
 9319        vpmovmskb	%xmm0, %edx
 9320        # %%edx == 0xFFFF then return 1 else => return 0
 9321        xorl	%ebx, %ebx
 9322        cmpl	$0xffff, %edx
 9323        sete	%bl
 9324L_AES_GCM_decrypt_final_avx1_cmp_tag_done:
 9325        movl	%ebx, (%edi)
 9326        addl	$16, %esp
 9327        popl	%ebp
 9328        popl	%edi
 9329        popl	%esi
 9330        popl	%ebx
 9331        ret
 9332.size	AES_GCM_decrypt_final_avx1,.-AES_GCM_decrypt_final_avx1
 9333#endif /* WOLFSSL_AESGCM_STREAM */
 9334#endif /* HAVE_INTEL_AVX1 */
 9335#ifdef HAVE_INTEL_AVX2
 9336.text
 9337.globl	AES_GCM_encrypt_avx2
 9338.type	AES_GCM_encrypt_avx2,@function
 9339.align	16
 9340AES_GCM_encrypt_avx2:
 9341        pushl	%ebx
 9342        pushl	%esi
 9343        pushl	%edi
 9344        pushl	%ebp
 9345        subl	$0x70, %esp
 9346        movl	144(%esp), %esi
 9347        movl	168(%esp), %ebp
 9348        movl	160(%esp), %edx
 9349        vpxor	%xmm4, %xmm4, %xmm4
 9350        cmpl	$12, %edx
 9351        je	L_AES_GCM_encrypt_avx2_iv_12
 9352        # Calculate values when IV is not 12 bytes
 9353        # H = Encrypt X(=0)
 9354        vmovdqu	(%ebp), %xmm5
 9355        vaesenc	16(%ebp), %xmm5, %xmm5
 9356        vaesenc	32(%ebp), %xmm5, %xmm5
 9357        vaesenc	48(%ebp), %xmm5, %xmm5
 9358        vaesenc	64(%ebp), %xmm5, %xmm5
 9359        vaesenc	80(%ebp), %xmm5, %xmm5
 9360        vaesenc	96(%ebp), %xmm5, %xmm5
 9361        vaesenc	112(%ebp), %xmm5, %xmm5
 9362        vaesenc	128(%ebp), %xmm5, %xmm5
 9363        vaesenc	144(%ebp), %xmm5, %xmm5
 9364        cmpl	$11, 172(%esp)
 9365        vmovdqu	160(%ebp), %xmm0
 9366        jl	L_AES_GCM_encrypt_avx2_calc_iv_1_aesenc_avx_last
 9367        vaesenc	%xmm0, %xmm5, %xmm5
 9368        vaesenc	176(%ebp), %xmm5, %xmm5
 9369        cmpl	$13, 172(%esp)
 9370        vmovdqu	192(%ebp), %xmm0
 9371        jl	L_AES_GCM_encrypt_avx2_calc_iv_1_aesenc_avx_last
 9372        vaesenc	%xmm0, %xmm5, %xmm5
 9373        vaesenc	208(%ebp), %xmm5, %xmm5
 9374        vmovdqu	224(%ebp), %xmm0
 9375L_AES_GCM_encrypt_avx2_calc_iv_1_aesenc_avx_last:
 9376        vaesenclast	%xmm0, %xmm5, %xmm5
 9377        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm5, %xmm5
 9378        # Calc counter
 9379        # Initialization vector
 9380        cmpl	$0x00, %edx
 9381        movl	$0x00, %ecx
 9382        je	L_AES_GCM_encrypt_avx2_calc_iv_done
 9383        cmpl	$16, %edx
 9384        jl	L_AES_GCM_encrypt_avx2_calc_iv_lt16
 9385        andl	$0xfffffff0, %edx
 9386L_AES_GCM_encrypt_avx2_calc_iv_16_loop:
 9387        vmovdqu	(%esi,%ecx,1), %xmm0
 9388        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
 9389        vpxor	%xmm0, %xmm4, %xmm4
 9390        # ghash_gfmul_avx
 9391        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
 9392        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
 9393        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
 9394        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
 9395        vpxor	%xmm1, %xmm2, %xmm2
 9396        vpslldq	$8, %xmm2, %xmm1
 9397        vpsrldq	$8, %xmm2, %xmm2
 9398        vpxor	%xmm1, %xmm0, %xmm7
 9399        vpxor	%xmm2, %xmm3, %xmm4
 9400        # ghash_mid
 9401        vpsrld	$31, %xmm7, %xmm0
 9402        vpsrld	$31, %xmm4, %xmm1
 9403        vpslld	$0x01, %xmm7, %xmm7
 9404        vpslld	$0x01, %xmm4, %xmm4
 9405        vpsrldq	$12, %xmm0, %xmm2
 9406        vpslldq	$4, %xmm0, %xmm0
 9407        vpslldq	$4, %xmm1, %xmm1
 9408        vpor	%xmm2, %xmm4, %xmm4
 9409        vpor	%xmm0, %xmm7, %xmm7
 9410        vpor	%xmm1, %xmm4, %xmm4
 9411        # ghash_red
 9412        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
 9413        vpclmulqdq	$16, %xmm2, %xmm7, %xmm0
 9414        vpshufd	$0x4e, %xmm7, %xmm1
 9415        vpxor	%xmm0, %xmm1, %xmm1
 9416        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
 9417        vpshufd	$0x4e, %xmm1, %xmm1
 9418        vpxor	%xmm0, %xmm1, %xmm1
 9419        vpxor	%xmm1, %xmm4, %xmm4
 9420        addl	$16, %ecx
 9421        cmpl	%edx, %ecx
 9422        jl	L_AES_GCM_encrypt_avx2_calc_iv_16_loop
 9423        movl	160(%esp), %edx
 9424        cmpl	%edx, %ecx
 9425        je	L_AES_GCM_encrypt_avx2_calc_iv_done
 9426L_AES_GCM_encrypt_avx2_calc_iv_lt16:
 9427        vpxor	%xmm0, %xmm0, %xmm0
 9428        xorl	%ebx, %ebx
 9429        vmovdqu	%xmm0, (%esp)
 9430L_AES_GCM_encrypt_avx2_calc_iv_loop:
 9431        movzbl	(%esi,%ecx,1), %eax
 9432        movb	%al, (%esp,%ebx,1)
 9433        incl	%ecx
 9434        incl	%ebx
 9435        cmpl	%edx, %ecx
 9436        jl	L_AES_GCM_encrypt_avx2_calc_iv_loop
 9437        vmovdqu	(%esp), %xmm0
 9438        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
 9439        vpxor	%xmm0, %xmm4, %xmm4
 9440        # ghash_gfmul_avx
 9441        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
 9442        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
 9443        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
 9444        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
 9445        vpxor	%xmm1, %xmm2, %xmm2
 9446        vpslldq	$8, %xmm2, %xmm1
 9447        vpsrldq	$8, %xmm2, %xmm2
 9448        vpxor	%xmm1, %xmm0, %xmm7
 9449        vpxor	%xmm2, %xmm3, %xmm4
 9450        # ghash_mid
 9451        vpsrld	$31, %xmm7, %xmm0
 9452        vpsrld	$31, %xmm4, %xmm1
 9453        vpslld	$0x01, %xmm7, %xmm7
 9454        vpslld	$0x01, %xmm4, %xmm4
 9455        vpsrldq	$12, %xmm0, %xmm2
 9456        vpslldq	$4, %xmm0, %xmm0
 9457        vpslldq	$4, %xmm1, %xmm1
 9458        vpor	%xmm2, %xmm4, %xmm4
 9459        vpor	%xmm0, %xmm7, %xmm7
 9460        vpor	%xmm1, %xmm4, %xmm4
 9461        # ghash_red
 9462        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
 9463        vpclmulqdq	$16, %xmm2, %xmm7, %xmm0
 9464        vpshufd	$0x4e, %xmm7, %xmm1
 9465        vpxor	%xmm0, %xmm1, %xmm1
 9466        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
 9467        vpshufd	$0x4e, %xmm1, %xmm1
 9468        vpxor	%xmm0, %xmm1, %xmm1
 9469        vpxor	%xmm1, %xmm4, %xmm4
 9470L_AES_GCM_encrypt_avx2_calc_iv_done:
 9471        # T = Encrypt counter
 9472        vpxor	%xmm0, %xmm0, %xmm0
 9473        shll	$3, %edx
 9474        vpinsrd	$0x00, %edx, %xmm0, %xmm0
 9475        vpxor	%xmm0, %xmm4, %xmm4
 9476        # ghash_gfmul_avx
 9477        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
 9478        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
 9479        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
 9480        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
 9481        vpxor	%xmm1, %xmm2, %xmm2
 9482        vpslldq	$8, %xmm2, %xmm1
 9483        vpsrldq	$8, %xmm2, %xmm2
 9484        vpxor	%xmm1, %xmm0, %xmm7
 9485        vpxor	%xmm2, %xmm3, %xmm4
 9486        # ghash_mid
 9487        vpsrld	$31, %xmm7, %xmm0
 9488        vpsrld	$31, %xmm4, %xmm1
 9489        vpslld	$0x01, %xmm7, %xmm7
 9490        vpslld	$0x01, %xmm4, %xmm4
 9491        vpsrldq	$12, %xmm0, %xmm2
 9492        vpslldq	$4, %xmm0, %xmm0
 9493        vpslldq	$4, %xmm1, %xmm1
 9494        vpor	%xmm2, %xmm4, %xmm4
 9495        vpor	%xmm0, %xmm7, %xmm7
 9496        vpor	%xmm1, %xmm4, %xmm4
 9497        # ghash_red
 9498        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
 9499        vpclmulqdq	$16, %xmm2, %xmm7, %xmm0
 9500        vpshufd	$0x4e, %xmm7, %xmm1
 9501        vpxor	%xmm0, %xmm1, %xmm1
 9502        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
 9503        vpshufd	$0x4e, %xmm1, %xmm1
 9504        vpxor	%xmm0, %xmm1, %xmm1
 9505        vpxor	%xmm1, %xmm4, %xmm4
 9506        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm4, %xmm4
 9507        #   Encrypt counter
 9508        vmovdqu	(%ebp), %xmm6
 9509        vpxor	%xmm4, %xmm6, %xmm6
 9510        vaesenc	16(%ebp), %xmm6, %xmm6
 9511        vaesenc	32(%ebp), %xmm6, %xmm6
 9512        vaesenc	48(%ebp), %xmm6, %xmm6
 9513        vaesenc	64(%ebp), %xmm6, %xmm6
 9514        vaesenc	80(%ebp), %xmm6, %xmm6
 9515        vaesenc	96(%ebp), %xmm6, %xmm6
 9516        vaesenc	112(%ebp), %xmm6, %xmm6
 9517        vaesenc	128(%ebp), %xmm6, %xmm6
 9518        vaesenc	144(%ebp), %xmm6, %xmm6
 9519        cmpl	$11, 172(%esp)
 9520        vmovdqu	160(%ebp), %xmm0
 9521        jl	L_AES_GCM_encrypt_avx2_calc_iv_2_aesenc_avx_last
 9522        vaesenc	%xmm0, %xmm6, %xmm6
 9523        vaesenc	176(%ebp), %xmm6, %xmm6
 9524        cmpl	$13, 172(%esp)
 9525        vmovdqu	192(%ebp), %xmm0
 9526        jl	L_AES_GCM_encrypt_avx2_calc_iv_2_aesenc_avx_last
 9527        vaesenc	%xmm0, %xmm6, %xmm6
 9528        vaesenc	208(%ebp), %xmm6, %xmm6
 9529        vmovdqu	224(%ebp), %xmm0
 9530L_AES_GCM_encrypt_avx2_calc_iv_2_aesenc_avx_last:
 9531        vaesenclast	%xmm0, %xmm6, %xmm6
 9532        jmp	L_AES_GCM_encrypt_avx2_iv_done
 9533L_AES_GCM_encrypt_avx2_iv_12:
 9534        # # Calculate values when IV is 12 bytes
 9535        # Set counter based on IV
 9536        vmovdqu	L_avx2_aes_gcm_bswap_one, %xmm4
 9537        vmovdqu	(%ebp), %xmm5
 9538        vpblendd	$7, (%esi), %xmm4, %xmm4
 9539        # H = Encrypt X(=0) and T = Encrypt counter
 9540        vmovdqu	16(%ebp), %xmm7
 9541        vpxor	%xmm5, %xmm4, %xmm6
 9542        vaesenc	%xmm7, %xmm5, %xmm5
 9543        vaesenc	%xmm7, %xmm6, %xmm6
 9544        vmovdqu	32(%ebp), %xmm0
 9545        vaesenc	%xmm0, %xmm5, %xmm5
 9546        vaesenc	%xmm0, %xmm6, %xmm6
 9547        vmovdqu	48(%ebp), %xmm0
 9548        vaesenc	%xmm0, %xmm5, %xmm5
 9549        vaesenc	%xmm0, %xmm6, %xmm6
 9550        vmovdqu	64(%ebp), %xmm0
 9551        vaesenc	%xmm0, %xmm5, %xmm5
 9552        vaesenc	%xmm0, %xmm6, %xmm6
 9553        vmovdqu	80(%ebp), %xmm0
 9554        vaesenc	%xmm0, %xmm5, %xmm5
 9555        vaesenc	%xmm0, %xmm6, %xmm6
 9556        vmovdqu	96(%ebp), %xmm0
 9557        vaesenc	%xmm0, %xmm5, %xmm5
 9558        vaesenc	%xmm0, %xmm6, %xmm6
 9559        vmovdqu	112(%ebp), %xmm0
 9560        vaesenc	%xmm0, %xmm5, %xmm5
 9561        vaesenc	%xmm0, %xmm6, %xmm6
 9562        vmovdqu	128(%ebp), %xmm0
 9563        vaesenc	%xmm0, %xmm5, %xmm5
 9564        vaesenc	%xmm0, %xmm6, %xmm6
 9565        vmovdqu	144(%ebp), %xmm0
 9566        vaesenc	%xmm0, %xmm5, %xmm5
 9567        vaesenc	%xmm0, %xmm6, %xmm6
 9568        cmpl	$11, 172(%esp)
 9569        vmovdqu	160(%ebp), %xmm0
 9570        jl	L_AES_GCM_encrypt_avx2_calc_iv_12_last
 9571        vaesenc	%xmm0, %xmm5, %xmm5
 9572        vaesenc	%xmm0, %xmm6, %xmm6
 9573        vmovdqu	176(%ebp), %xmm0
 9574        vaesenc	%xmm0, %xmm5, %xmm5
 9575        vaesenc	%xmm0, %xmm6, %xmm6
 9576        cmpl	$13, 172(%esp)
 9577        vmovdqu	192(%ebp), %xmm0
 9578        jl	L_AES_GCM_encrypt_avx2_calc_iv_12_last
 9579        vaesenc	%xmm0, %xmm5, %xmm5
 9580        vaesenc	%xmm0, %xmm6, %xmm6
 9581        vmovdqu	208(%ebp), %xmm0
 9582        vaesenc	%xmm0, %xmm5, %xmm5
 9583        vaesenc	%xmm0, %xmm6, %xmm6
 9584        vmovdqu	224(%ebp), %xmm0
 9585L_AES_GCM_encrypt_avx2_calc_iv_12_last:
 9586        vaesenclast	%xmm0, %xmm5, %xmm5
 9587        vaesenclast	%xmm0, %xmm6, %xmm6
 9588        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm5, %xmm5
 9589L_AES_GCM_encrypt_avx2_iv_done:
 9590        vmovdqu	%xmm6, 80(%esp)
 9591        vpxor	%xmm6, %xmm6, %xmm6
 9592        movl	140(%esp), %esi
 9593        # Additional authentication data
 9594        movl	156(%esp), %edx
 9595        cmpl	$0x00, %edx
 9596        je	L_AES_GCM_encrypt_avx2_calc_aad_done
 9597        xorl	%ecx, %ecx
 9598        cmpl	$16, %edx
 9599        jl	L_AES_GCM_encrypt_avx2_calc_aad_lt16
 9600        andl	$0xfffffff0, %edx
 9601L_AES_GCM_encrypt_avx2_calc_aad_16_loop:
 9602        vmovdqu	(%esi,%ecx,1), %xmm0
 9603        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
 9604        vpxor	%xmm0, %xmm6, %xmm6
 9605        # ghash_gfmul_avx
 9606        vpclmulqdq	$16, %xmm6, %xmm5, %xmm2
 9607        vpclmulqdq	$0x01, %xmm6, %xmm5, %xmm1
 9608        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm0
 9609        vpclmulqdq	$0x11, %xmm6, %xmm5, %xmm3
 9610        vpxor	%xmm1, %xmm2, %xmm2
 9611        vpslldq	$8, %xmm2, %xmm1
 9612        vpsrldq	$8, %xmm2, %xmm2
 9613        vpxor	%xmm1, %xmm0, %xmm7
 9614        vpxor	%xmm2, %xmm3, %xmm6
 9615        # ghash_mid
 9616        vpsrld	$31, %xmm7, %xmm0
 9617        vpsrld	$31, %xmm6, %xmm1
 9618        vpslld	$0x01, %xmm7, %xmm7
 9619        vpslld	$0x01, %xmm6, %xmm6
 9620        vpsrldq	$12, %xmm0, %xmm2
 9621        vpslldq	$4, %xmm0, %xmm0
 9622        vpslldq	$4, %xmm1, %xmm1
 9623        vpor	%xmm2, %xmm6, %xmm6
 9624        vpor	%xmm0, %xmm7, %xmm7
 9625        vpor	%xmm1, %xmm6, %xmm6
 9626        # ghash_red
 9627        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
 9628        vpclmulqdq	$16, %xmm2, %xmm7, %xmm0
 9629        vpshufd	$0x4e, %xmm7, %xmm1
 9630        vpxor	%xmm0, %xmm1, %xmm1
 9631        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
 9632        vpshufd	$0x4e, %xmm1, %xmm1
 9633        vpxor	%xmm0, %xmm1, %xmm1
 9634        vpxor	%xmm1, %xmm6, %xmm6
 9635        addl	$16, %ecx
 9636        cmpl	%edx, %ecx
 9637        jl	L_AES_GCM_encrypt_avx2_calc_aad_16_loop
 9638        movl	156(%esp), %edx
 9639        cmpl	%edx, %ecx
 9640        je	L_AES_GCM_encrypt_avx2_calc_aad_done
 9641L_AES_GCM_encrypt_avx2_calc_aad_lt16:
 9642        vpxor	%xmm0, %xmm0, %xmm0
 9643        xorl	%ebx, %ebx
 9644        vmovdqu	%xmm0, (%esp)
 9645L_AES_GCM_encrypt_avx2_calc_aad_loop:
 9646        movzbl	(%esi,%ecx,1), %eax
 9647        movb	%al, (%esp,%ebx,1)
 9648        incl	%ecx
 9649        incl	%ebx
 9650        cmpl	%edx, %ecx
 9651        jl	L_AES_GCM_encrypt_avx2_calc_aad_loop
 9652        vmovdqu	(%esp), %xmm0
 9653        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
 9654        vpxor	%xmm0, %xmm6, %xmm6
 9655        # ghash_gfmul_avx
 9656        vpclmulqdq	$16, %xmm6, %xmm5, %xmm2
 9657        vpclmulqdq	$0x01, %xmm6, %xmm5, %xmm1
 9658        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm0
 9659        vpclmulqdq	$0x11, %xmm6, %xmm5, %xmm3
 9660        vpxor	%xmm1, %xmm2, %xmm2
 9661        vpslldq	$8, %xmm2, %xmm1
 9662        vpsrldq	$8, %xmm2, %xmm2
 9663        vpxor	%xmm1, %xmm0, %xmm7
 9664        vpxor	%xmm2, %xmm3, %xmm6
 9665        # ghash_mid
 9666        vpsrld	$31, %xmm7, %xmm0
 9667        vpsrld	$31, %xmm6, %xmm1
 9668        vpslld	$0x01, %xmm7, %xmm7
 9669        vpslld	$0x01, %xmm6, %xmm6
 9670        vpsrldq	$12, %xmm0, %xmm2
 9671        vpslldq	$4, %xmm0, %xmm0
 9672        vpslldq	$4, %xmm1, %xmm1
 9673        vpor	%xmm2, %xmm6, %xmm6
 9674        vpor	%xmm0, %xmm7, %xmm7
 9675        vpor	%xmm1, %xmm6, %xmm6
 9676        # ghash_red
 9677        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
 9678        vpclmulqdq	$16, %xmm2, %xmm7, %xmm0
 9679        vpshufd	$0x4e, %xmm7, %xmm1
 9680        vpxor	%xmm0, %xmm1, %xmm1
 9681        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
 9682        vpshufd	$0x4e, %xmm1, %xmm1
 9683        vpxor	%xmm0, %xmm1, %xmm1
 9684        vpxor	%xmm1, %xmm6, %xmm6
 9685L_AES_GCM_encrypt_avx2_calc_aad_done:
 9686        movl	132(%esp), %esi
 9687        movl	136(%esp), %edi
 9688        # Calculate counter and H
 9689        vpsrlq	$63, %xmm5, %xmm1
 9690        vpsllq	$0x01, %xmm5, %xmm0
 9691        vpslldq	$8, %xmm1, %xmm1
 9692        vpor	%xmm1, %xmm0, %xmm0
 9693        vpshufd	$0xff, %xmm5, %xmm5
 9694        vpsrad	$31, %xmm5, %xmm5
 9695        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm4, %xmm4
 9696        vpand	L_aes_gcm_avx2_mod2_128, %xmm5, %xmm5
 9697        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm4
 9698        vpxor	%xmm0, %xmm5, %xmm5
 9699        xorl	%ebx, %ebx
 9700        cmpl	$0x40, 152(%esp)
 9701        movl	152(%esp), %eax
 9702        jl	L_AES_GCM_encrypt_avx2_done_64
 9703        andl	$0xffffffc0, %eax
 9704        vmovdqu	%xmm4, 64(%esp)
 9705        vmovdqu	%xmm6, 96(%esp)
 9706        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm3
 9707        # H ^ 1
 9708        vmovdqu	%xmm5, (%esp)
 9709        vmovdqu	%xmm5, %xmm2
 9710        # H ^ 2
 9711        vpclmulqdq	$0x00, %xmm2, %xmm2, %xmm5
 9712        vpclmulqdq	$0x11, %xmm2, %xmm2, %xmm6
 9713        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
 9714        vpshufd	$0x4e, %xmm5, %xmm5
 9715        vpxor	%xmm4, %xmm5, %xmm5
 9716        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
 9717        vpshufd	$0x4e, %xmm5, %xmm5
 9718        vpxor	%xmm4, %xmm5, %xmm5
 9719        vpxor	%xmm5, %xmm6, %xmm0
 9720        vmovdqu	%xmm0, 16(%esp)
 9721        # H ^ 3
 9722        # ghash_gfmul_red
 9723        vpclmulqdq	$16, %xmm0, %xmm2, %xmm6
 9724        vpclmulqdq	$0x01, %xmm0, %xmm2, %xmm5
 9725        vpclmulqdq	$0x00, %xmm0, %xmm2, %xmm4
 9726        vpxor	%xmm5, %xmm6, %xmm6
 9727        vpslldq	$8, %xmm6, %xmm5
 9728        vpsrldq	$8, %xmm6, %xmm6
 9729        vpxor	%xmm4, %xmm5, %xmm5
 9730        vpclmulqdq	$0x11, %xmm0, %xmm2, %xmm1
 9731        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
 9732        vpshufd	$0x4e, %xmm5, %xmm5
 9733        vpxor	%xmm4, %xmm5, %xmm5
 9734        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
 9735        vpshufd	$0x4e, %xmm5, %xmm5
 9736        vpxor	%xmm6, %xmm1, %xmm1
 9737        vpxor	%xmm5, %xmm1, %xmm1
 9738        vpxor	%xmm4, %xmm1, %xmm1
 9739        vmovdqu	%xmm1, 32(%esp)
 9740        # H ^ 4
 9741        vpclmulqdq	$0x00, %xmm0, %xmm0, %xmm5
 9742        vpclmulqdq	$0x11, %xmm0, %xmm0, %xmm6
 9743        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
 9744        vpshufd	$0x4e, %xmm5, %xmm5
 9745        vpxor	%xmm4, %xmm5, %xmm5
 9746        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
 9747        vpshufd	$0x4e, %xmm5, %xmm5
 9748        vpxor	%xmm4, %xmm5, %xmm5
 9749        vpxor	%xmm5, %xmm6, %xmm2
 9750        vmovdqu	%xmm2, 48(%esp)
 9751        vmovdqu	96(%esp), %xmm6
 9752        # First 64 bytes of input
 9753        # aesenc_64
 9754        # aesenc_ctr
 9755        vmovdqu	64(%esp), %xmm4
 9756        vmovdqu	L_aes_gcm_avx2_bswap_epi64, %xmm7
 9757        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm1
 9758        vpshufb	%xmm7, %xmm4, %xmm0
 9759        vpaddd	L_aes_gcm_avx2_two, %xmm4, %xmm2
 9760        vpshufb	%xmm7, %xmm1, %xmm1
 9761        vpaddd	L_aes_gcm_avx2_three, %xmm4, %xmm3
 9762        vpshufb	%xmm7, %xmm2, %xmm2
 9763        vpaddd	L_aes_gcm_avx2_four, %xmm4, %xmm4
 9764        vpshufb	%xmm7, %xmm3, %xmm3
 9765        # aesenc_xor
 9766        vmovdqu	(%ebp), %xmm7
 9767        vmovdqu	%xmm4, 64(%esp)
 9768        vpxor	%xmm7, %xmm0, %xmm0
 9769        vpxor	%xmm7, %xmm1, %xmm1
 9770        vpxor	%xmm7, %xmm2, %xmm2
 9771        vpxor	%xmm7, %xmm3, %xmm3
 9772        vmovdqu	16(%ebp), %xmm7
 9773        vaesenc	%xmm7, %xmm0, %xmm0
 9774        vaesenc	%xmm7, %xmm1, %xmm1
 9775        vaesenc	%xmm7, %xmm2, %xmm2
 9776        vaesenc	%xmm7, %xmm3, %xmm3
 9777        vmovdqu	32(%ebp), %xmm7
 9778        vaesenc	%xmm7, %xmm0, %xmm0
 9779        vaesenc	%xmm7, %xmm1, %xmm1
 9780        vaesenc	%xmm7, %xmm2, %xmm2
 9781        vaesenc	%xmm7, %xmm3, %xmm3
 9782        vmovdqu	48(%ebp), %xmm7
 9783        vaesenc	%xmm7, %xmm0, %xmm0
 9784        vaesenc	%xmm7, %xmm1, %xmm1
 9785        vaesenc	%xmm7, %xmm2, %xmm2
 9786        vaesenc	%xmm7, %xmm3, %xmm3
 9787        vmovdqu	64(%ebp), %xmm7
 9788        vaesenc	%xmm7, %xmm0, %xmm0
 9789        vaesenc	%xmm7, %xmm1, %xmm1
 9790        vaesenc	%xmm7, %xmm2, %xmm2
 9791        vaesenc	%xmm7, %xmm3, %xmm3
 9792        vmovdqu	80(%ebp), %xmm7
 9793        vaesenc	%xmm7, %xmm0, %xmm0
 9794        vaesenc	%xmm7, %xmm1, %xmm1
 9795        vaesenc	%xmm7, %xmm2, %xmm2
 9796        vaesenc	%xmm7, %xmm3, %xmm3
 9797        vmovdqu	96(%ebp), %xmm7
 9798        vaesenc	%xmm7, %xmm0, %xmm0
 9799        vaesenc	%xmm7, %xmm1, %xmm1
 9800        vaesenc	%xmm7, %xmm2, %xmm2
 9801        vaesenc	%xmm7, %xmm3, %xmm3
 9802        vmovdqu	112(%ebp), %xmm7
 9803        vaesenc	%xmm7, %xmm0, %xmm0
 9804        vaesenc	%xmm7, %xmm1, %xmm1
 9805        vaesenc	%xmm7, %xmm2, %xmm2
 9806        vaesenc	%xmm7, %xmm3, %xmm3
 9807        vmovdqu	128(%ebp), %xmm7
 9808        vaesenc	%xmm7, %xmm0, %xmm0
 9809        vaesenc	%xmm7, %xmm1, %xmm1
 9810        vaesenc	%xmm7, %xmm2, %xmm2
 9811        vaesenc	%xmm7, %xmm3, %xmm3
 9812        vmovdqu	144(%ebp), %xmm7
 9813        vaesenc	%xmm7, %xmm0, %xmm0
 9814        vaesenc	%xmm7, %xmm1, %xmm1
 9815        vaesenc	%xmm7, %xmm2, %xmm2
 9816        vaesenc	%xmm7, %xmm3, %xmm3
 9817        cmpl	$11, 172(%esp)
 9818        vmovdqu	160(%ebp), %xmm7
 9819        jl	L_AES_GCM_encrypt_avx2_aesenc_64_enc_done
 9820        vaesenc	%xmm7, %xmm0, %xmm0
 9821        vaesenc	%xmm7, %xmm1, %xmm1
 9822        vaesenc	%xmm7, %xmm2, %xmm2
 9823        vaesenc	%xmm7, %xmm3, %xmm3
 9824        vmovdqu	176(%ebp), %xmm7
 9825        vaesenc	%xmm7, %xmm0, %xmm0
 9826        vaesenc	%xmm7, %xmm1, %xmm1
 9827        vaesenc	%xmm7, %xmm2, %xmm2
 9828        vaesenc	%xmm7, %xmm3, %xmm3
 9829        cmpl	$13, 172(%esp)
 9830        vmovdqu	192(%ebp), %xmm7
 9831        jl	L_AES_GCM_encrypt_avx2_aesenc_64_enc_done
 9832        vaesenc	%xmm7, %xmm0, %xmm0
 9833        vaesenc	%xmm7, %xmm1, %xmm1
 9834        vaesenc	%xmm7, %xmm2, %xmm2
 9835        vaesenc	%xmm7, %xmm3, %xmm3
 9836        vmovdqu	208(%ebp), %xmm7
 9837        vaesenc	%xmm7, %xmm0, %xmm0
 9838        vaesenc	%xmm7, %xmm1, %xmm1
 9839        vaesenc	%xmm7, %xmm2, %xmm2
 9840        vaesenc	%xmm7, %xmm3, %xmm3
 9841        vmovdqu	224(%ebp), %xmm7
 9842L_AES_GCM_encrypt_avx2_aesenc_64_enc_done:
 9843        # aesenc_last
 9844        vaesenclast	%xmm7, %xmm0, %xmm0
 9845        vaesenclast	%xmm7, %xmm1, %xmm1
 9846        vaesenclast	%xmm7, %xmm2, %xmm2
 9847        vaesenclast	%xmm7, %xmm3, %xmm3
 9848        vmovdqu	(%esi), %xmm7
 9849        vmovdqu	16(%esi), %xmm4
 9850        vpxor	%xmm7, %xmm0, %xmm0
 9851        vpxor	%xmm4, %xmm1, %xmm1
 9852        vmovdqu	%xmm0, (%edi)
 9853        vmovdqu	%xmm1, 16(%edi)
 9854        vmovdqu	32(%esi), %xmm7
 9855        vmovdqu	48(%esi), %xmm4
 9856        vpxor	%xmm7, %xmm2, %xmm2
 9857        vpxor	%xmm4, %xmm3, %xmm3
 9858        vmovdqu	%xmm2, 32(%edi)
 9859        vmovdqu	%xmm3, 48(%edi)
 9860        cmpl	$0x40, %eax
 9861        movl	$0x40, %ebx
 9862        movl	%esi, %ecx
 9863        movl	%edi, %edx
 9864        jle	L_AES_GCM_encrypt_avx2_end_64
 9865        # More 64 bytes of input
 9866L_AES_GCM_encrypt_avx2_ghash_64:
 9867        # aesenc_64_ghash
 9868        leal	(%esi,%ebx,1), %ecx
 9869        leal	(%edi,%ebx,1), %edx
 9870        # aesenc_64
 9871        # aesenc_ctr
 9872        vmovdqu	64(%esp), %xmm4
 9873        vmovdqu	L_aes_gcm_avx2_bswap_epi64, %xmm7
 9874        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm1
 9875        vpshufb	%xmm7, %xmm4, %xmm0
 9876        vpaddd	L_aes_gcm_avx2_two, %xmm4, %xmm2
 9877        vpshufb	%xmm7, %xmm1, %xmm1
 9878        vpaddd	L_aes_gcm_avx2_three, %xmm4, %xmm3
 9879        vpshufb	%xmm7, %xmm2, %xmm2
 9880        vpaddd	L_aes_gcm_avx2_four, %xmm4, %xmm4
 9881        vpshufb	%xmm7, %xmm3, %xmm3
 9882        # aesenc_xor
 9883        vmovdqu	(%ebp), %xmm7
 9884        vmovdqu	%xmm4, 64(%esp)
 9885        vpxor	%xmm7, %xmm0, %xmm0
 9886        vpxor	%xmm7, %xmm1, %xmm1
 9887        vpxor	%xmm7, %xmm2, %xmm2
 9888        vpxor	%xmm7, %xmm3, %xmm3
 9889        vmovdqu	16(%ebp), %xmm7
 9890        vaesenc	%xmm7, %xmm0, %xmm0
 9891        vaesenc	%xmm7, %xmm1, %xmm1
 9892        vaesenc	%xmm7, %xmm2, %xmm2
 9893        vaesenc	%xmm7, %xmm3, %xmm3
 9894        vmovdqu	32(%ebp), %xmm7
 9895        vaesenc	%xmm7, %xmm0, %xmm0
 9896        vaesenc	%xmm7, %xmm1, %xmm1
 9897        vaesenc	%xmm7, %xmm2, %xmm2
 9898        vaesenc	%xmm7, %xmm3, %xmm3
 9899        vmovdqu	48(%ebp), %xmm7
 9900        vaesenc	%xmm7, %xmm0, %xmm0
 9901        vaesenc	%xmm7, %xmm1, %xmm1
 9902        vaesenc	%xmm7, %xmm2, %xmm2
 9903        vaesenc	%xmm7, %xmm3, %xmm3
 9904        vmovdqu	64(%ebp), %xmm7
 9905        vaesenc	%xmm7, %xmm0, %xmm0
 9906        vaesenc	%xmm7, %xmm1, %xmm1
 9907        vaesenc	%xmm7, %xmm2, %xmm2
 9908        vaesenc	%xmm7, %xmm3, %xmm3
 9909        vmovdqu	80(%ebp), %xmm7
 9910        vaesenc	%xmm7, %xmm0, %xmm0
 9911        vaesenc	%xmm7, %xmm1, %xmm1
 9912        vaesenc	%xmm7, %xmm2, %xmm2
 9913        vaesenc	%xmm7, %xmm3, %xmm3
 9914        vmovdqu	96(%ebp), %xmm7
 9915        vaesenc	%xmm7, %xmm0, %xmm0
 9916        vaesenc	%xmm7, %xmm1, %xmm1
 9917        vaesenc	%xmm7, %xmm2, %xmm2
 9918        vaesenc	%xmm7, %xmm3, %xmm3
 9919        vmovdqu	112(%ebp), %xmm7
 9920        vaesenc	%xmm7, %xmm0, %xmm0
 9921        vaesenc	%xmm7, %xmm1, %xmm1
 9922        vaesenc	%xmm7, %xmm2, %xmm2
 9923        vaesenc	%xmm7, %xmm3, %xmm3
 9924        vmovdqu	128(%ebp), %xmm7
 9925        vaesenc	%xmm7, %xmm0, %xmm0
 9926        vaesenc	%xmm7, %xmm1, %xmm1
 9927        vaesenc	%xmm7, %xmm2, %xmm2
 9928        vaesenc	%xmm7, %xmm3, %xmm3
 9929        vmovdqu	144(%ebp), %xmm7
 9930        vaesenc	%xmm7, %xmm0, %xmm0
 9931        vaesenc	%xmm7, %xmm1, %xmm1
 9932        vaesenc	%xmm7, %xmm2, %xmm2
 9933        vaesenc	%xmm7, %xmm3, %xmm3
 9934        cmpl	$11, 172(%esp)
 9935        vmovdqu	160(%ebp), %xmm7
 9936        jl	L_AES_GCM_encrypt_avx2_aesenc_64_ghash_aesenc_64_enc_done
 9937        vaesenc	%xmm7, %xmm0, %xmm0
 9938        vaesenc	%xmm7, %xmm1, %xmm1
 9939        vaesenc	%xmm7, %xmm2, %xmm2
 9940        vaesenc	%xmm7, %xmm3, %xmm3
 9941        vmovdqu	176(%ebp), %xmm7
 9942        vaesenc	%xmm7, %xmm0, %xmm0
 9943        vaesenc	%xmm7, %xmm1, %xmm1
 9944        vaesenc	%xmm7, %xmm2, %xmm2
 9945        vaesenc	%xmm7, %xmm3, %xmm3
 9946        cmpl	$13, 172(%esp)
 9947        vmovdqu	192(%ebp), %xmm7
 9948        jl	L_AES_GCM_encrypt_avx2_aesenc_64_ghash_aesenc_64_enc_done
 9949        vaesenc	%xmm7, %xmm0, %xmm0
 9950        vaesenc	%xmm7, %xmm1, %xmm1
 9951        vaesenc	%xmm7, %xmm2, %xmm2
 9952        vaesenc	%xmm7, %xmm3, %xmm3
 9953        vmovdqu	208(%ebp), %xmm7
 9954        vaesenc	%xmm7, %xmm0, %xmm0
 9955        vaesenc	%xmm7, %xmm1, %xmm1
 9956        vaesenc	%xmm7, %xmm2, %xmm2
 9957        vaesenc	%xmm7, %xmm3, %xmm3
 9958        vmovdqu	224(%ebp), %xmm7
 9959L_AES_GCM_encrypt_avx2_aesenc_64_ghash_aesenc_64_enc_done:
 9960        # aesenc_last
 9961        vaesenclast	%xmm7, %xmm0, %xmm0
 9962        vaesenclast	%xmm7, %xmm1, %xmm1
 9963        vaesenclast	%xmm7, %xmm2, %xmm2
 9964        vaesenclast	%xmm7, %xmm3, %xmm3
 9965        vmovdqu	(%ecx), %xmm7
 9966        vmovdqu	16(%ecx), %xmm4
 9967        vpxor	%xmm7, %xmm0, %xmm0
 9968        vpxor	%xmm4, %xmm1, %xmm1
 9969        vmovdqu	%xmm0, (%edx)
 9970        vmovdqu	%xmm1, 16(%edx)
 9971        vmovdqu	32(%ecx), %xmm7
 9972        vmovdqu	48(%ecx), %xmm4
 9973        vpxor	%xmm7, %xmm2, %xmm2
 9974        vpxor	%xmm4, %xmm3, %xmm3
 9975        vmovdqu	%xmm2, 32(%edx)
 9976        vmovdqu	%xmm3, 48(%edx)
 9977        # pclmul_1
 9978        vmovdqu	-64(%edx), %xmm1
 9979        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
 9980        vmovdqu	48(%esp), %xmm2
 9981        vpxor	%xmm6, %xmm1, %xmm1
 9982        vpclmulqdq	$16, %xmm2, %xmm1, %xmm5
 9983        vpclmulqdq	$0x01, %xmm2, %xmm1, %xmm3
 9984        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm6
 9985        vpclmulqdq	$0x11, %xmm2, %xmm1, %xmm7
 9986        # pclmul_2
 9987        vmovdqu	-48(%edx), %xmm1
 9988        vmovdqu	32(%esp), %xmm0
 9989        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
 9990        vpxor	%xmm3, %xmm5, %xmm5
 9991        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
 9992        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
 9993        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
 9994        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
 9995        vpxor	%xmm1, %xmm7, %xmm7
 9996        # pclmul_n
 9997        vmovdqu	-32(%edx), %xmm1
 9998        vmovdqu	16(%esp), %xmm0
 9999        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
10000        vpxor	%xmm2, %xmm5, %xmm5
10001        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
10002        vpxor	%xmm3, %xmm5, %xmm5
10003        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
10004        vpxor	%xmm4, %xmm6, %xmm6
10005        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
10006        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
10007        vpxor	%xmm1, %xmm7, %xmm7
10008        # pclmul_n
10009        vmovdqu	-16(%edx), %xmm1
10010        vmovdqu	(%esp), %xmm0
10011        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
10012        vpxor	%xmm2, %xmm5, %xmm5
10013        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
10014        vpxor	%xmm3, %xmm5, %xmm5
10015        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
10016        vpxor	%xmm4, %xmm6, %xmm6
10017        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
10018        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
10019        vpxor	%xmm1, %xmm7, %xmm7
10020        # aesenc_pclmul_l
10021        vpxor	%xmm2, %xmm5, %xmm5
10022        vpxor	%xmm4, %xmm6, %xmm6
10023        vpxor	%xmm3, %xmm5, %xmm5
10024        vpslldq	$8, %xmm5, %xmm1
10025        vpsrldq	$8, %xmm5, %xmm5
10026        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm0
10027        vpxor	%xmm1, %xmm6, %xmm6
10028        vpxor	%xmm5, %xmm7, %xmm7
10029        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
10030        vpshufd	$0x4e, %xmm6, %xmm6
10031        vpxor	%xmm3, %xmm6, %xmm6
10032        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
10033        vpshufd	$0x4e, %xmm6, %xmm6
10034        vpxor	%xmm3, %xmm6, %xmm6
10035        vpxor	%xmm7, %xmm6, %xmm6
10036        # aesenc_64_ghash - end
10037        addl	$0x40, %ebx
10038        cmpl	%eax, %ebx
10039        jl	L_AES_GCM_encrypt_avx2_ghash_64
10040L_AES_GCM_encrypt_avx2_end_64:
10041        vmovdqu	%xmm6, 96(%esp)
10042        vmovdqu	48(%edx), %xmm3
10043        vmovdqu	(%esp), %xmm7
10044        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm3, %xmm3
10045        vpclmulqdq	$16, %xmm3, %xmm7, %xmm5
10046        vpclmulqdq	$0x01, %xmm3, %xmm7, %xmm1
10047        vpclmulqdq	$0x00, %xmm3, %xmm7, %xmm4
10048        vpclmulqdq	$0x11, %xmm3, %xmm7, %xmm6
10049        vpxor	%xmm1, %xmm5, %xmm5
10050        vmovdqu	32(%edx), %xmm3
10051        vmovdqu	16(%esp), %xmm7
10052        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm3, %xmm3
10053        vpclmulqdq	$16, %xmm3, %xmm7, %xmm2
10054        vpclmulqdq	$0x01, %xmm3, %xmm7, %xmm1
10055        vpclmulqdq	$0x00, %xmm3, %xmm7, %xmm0
10056        vpclmulqdq	$0x11, %xmm3, %xmm7, %xmm3
10057        vpxor	%xmm1, %xmm2, %xmm2
10058        vpxor	%xmm3, %xmm6, %xmm6
10059        vpxor	%xmm2, %xmm5, %xmm5
10060        vpxor	%xmm0, %xmm4, %xmm4
10061        vmovdqu	16(%edx), %xmm3
10062        vmovdqu	32(%esp), %xmm7
10063        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm3, %xmm3
10064        vpclmulqdq	$16, %xmm3, %xmm7, %xmm2
10065        vpclmulqdq	$0x01, %xmm3, %xmm7, %xmm1
10066        vpclmulqdq	$0x00, %xmm3, %xmm7, %xmm0
10067        vpclmulqdq	$0x11, %xmm3, %xmm7, %xmm3
10068        vpxor	%xmm1, %xmm2, %xmm2
10069        vpxor	%xmm3, %xmm6, %xmm6
10070        vpxor	%xmm2, %xmm5, %xmm5
10071        vpxor	%xmm0, %xmm4, %xmm4
10072        vmovdqu	96(%esp), %xmm0
10073        vmovdqu	(%edx), %xmm3
10074        vmovdqu	48(%esp), %xmm7
10075        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm3, %xmm3
10076        vpxor	%xmm0, %xmm3, %xmm3
10077        vpclmulqdq	$16, %xmm3, %xmm7, %xmm2
10078        vpclmulqdq	$0x01, %xmm3, %xmm7, %xmm1
10079        vpclmulqdq	$0x00, %xmm3, %xmm7, %xmm0
10080        vpclmulqdq	$0x11, %xmm3, %xmm7, %xmm3
10081        vpxor	%xmm1, %xmm2, %xmm2
10082        vpxor	%xmm3, %xmm6, %xmm6
10083        vpxor	%xmm2, %xmm5, %xmm5
10084        vpxor	%xmm0, %xmm4, %xmm4
10085        vpslldq	$8, %xmm5, %xmm7
10086        vpsrldq	$8, %xmm5, %xmm5
10087        vpxor	%xmm7, %xmm4, %xmm4
10088        vpxor	%xmm5, %xmm6, %xmm6
10089        # ghash_red
10090        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
10091        vpclmulqdq	$16, %xmm2, %xmm4, %xmm0
10092        vpshufd	$0x4e, %xmm4, %xmm1
10093        vpxor	%xmm0, %xmm1, %xmm1
10094        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
10095        vpshufd	$0x4e, %xmm1, %xmm1
10096        vpxor	%xmm0, %xmm1, %xmm1
10097        vpxor	%xmm1, %xmm6, %xmm6
10098        vmovdqu	(%esp), %xmm5
10099        vmovdqu	64(%esp), %xmm4
10100L_AES_GCM_encrypt_avx2_done_64:
10101        cmpl	152(%esp), %ebx
10102        je	L_AES_GCM_encrypt_avx2_done_enc
10103        movl	152(%esp), %eax
10104        andl	$0xfffffff0, %eax
10105        cmpl	%eax, %ebx
10106        jge	L_AES_GCM_encrypt_avx2_last_block_done
10107        leal	(%esi,%ebx,1), %ecx
10108        leal	(%edi,%ebx,1), %edx
10109        # aesenc_block
10110        vmovdqu	%xmm4, %xmm1
10111        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm1, %xmm0
10112        vpaddd	L_aes_gcm_avx2_one, %xmm1, %xmm1
10113        vpxor	(%ebp), %xmm0, %xmm0
10114        vaesenc	16(%ebp), %xmm0, %xmm0
10115        vaesenc	32(%ebp), %xmm0, %xmm0
10116        vaesenc	48(%ebp), %xmm0, %xmm0
10117        vaesenc	64(%ebp), %xmm0, %xmm0
10118        vaesenc	80(%ebp), %xmm0, %xmm0
10119        vaesenc	96(%ebp), %xmm0, %xmm0
10120        vaesenc	112(%ebp), %xmm0, %xmm0
10121        vaesenc	128(%ebp), %xmm0, %xmm0
10122        vaesenc	144(%ebp), %xmm0, %xmm0
10123        cmpl	$11, 172(%esp)
10124        vmovdqu	160(%ebp), %xmm2
10125        jl	L_AES_GCM_encrypt_avx2_aesenc_block_aesenc_avx_last
10126        vaesenc	%xmm2, %xmm0, %xmm0
10127        vaesenc	176(%ebp), %xmm0, %xmm0
10128        cmpl	$13, 172(%esp)
10129        vmovdqu	192(%ebp), %xmm2
10130        jl	L_AES_GCM_encrypt_avx2_aesenc_block_aesenc_avx_last
10131        vaesenc	%xmm2, %xmm0, %xmm0
10132        vaesenc	208(%ebp), %xmm0, %xmm0
10133        vmovdqu	224(%ebp), %xmm2
10134L_AES_GCM_encrypt_avx2_aesenc_block_aesenc_avx_last:
10135        vaesenclast	%xmm2, %xmm0, %xmm0
10136        vmovdqu	%xmm1, %xmm4
10137        vmovdqu	(%ecx), %xmm1
10138        vpxor	%xmm1, %xmm0, %xmm0
10139        vmovdqu	%xmm0, (%edx)
10140        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
10141        vpxor	%xmm0, %xmm6, %xmm6
10142        addl	$16, %ebx
10143        cmpl	%eax, %ebx
10144        jge	L_AES_GCM_encrypt_avx2_last_block_ghash
10145L_AES_GCM_encrypt_avx2_last_block_start:
10146        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm4, %xmm7
10147        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm4
10148        vmovdqu	%xmm4, 64(%esp)
10149        # aesenc_gfmul_sb
10150        vpclmulqdq	$0x01, %xmm5, %xmm6, %xmm2
10151        vpclmulqdq	$16, %xmm5, %xmm6, %xmm3
10152        vpclmulqdq	$0x00, %xmm5, %xmm6, %xmm1
10153        vpclmulqdq	$0x11, %xmm5, %xmm6, %xmm4
10154        vpxor	(%ebp), %xmm7, %xmm7
10155        vaesenc	16(%ebp), %xmm7, %xmm7
10156        vpxor	%xmm2, %xmm3, %xmm3
10157        vpslldq	$8, %xmm3, %xmm2
10158        vpsrldq	$8, %xmm3, %xmm3
10159        vaesenc	32(%ebp), %xmm7, %xmm7
10160        vpxor	%xmm1, %xmm2, %xmm2
10161        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm2, %xmm1
10162        vaesenc	48(%ebp), %xmm7, %xmm7
10163        vaesenc	64(%ebp), %xmm7, %xmm7
10164        vaesenc	80(%ebp), %xmm7, %xmm7
10165        vpshufd	$0x4e, %xmm2, %xmm2
10166        vpxor	%xmm1, %xmm2, %xmm2
10167        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm2, %xmm1
10168        vaesenc	96(%ebp), %xmm7, %xmm7
10169        vaesenc	112(%ebp), %xmm7, %xmm7
10170        vaesenc	128(%ebp), %xmm7, %xmm7
10171        vpshufd	$0x4e, %xmm2, %xmm2
10172        vaesenc	144(%ebp), %xmm7, %xmm7
10173        vpxor	%xmm3, %xmm4, %xmm4
10174        vpxor	%xmm4, %xmm2, %xmm2
10175        vmovdqu	160(%ebp), %xmm0
10176        cmpl	$11, 172(%esp)
10177        jl	L_AES_GCM_encrypt_avx2_aesenc_gfmul_sb_last
10178        vaesenc	%xmm0, %xmm7, %xmm7
10179        vaesenc	176(%ebp), %xmm7, %xmm7
10180        vmovdqu	192(%ebp), %xmm0
10181        cmpl	$13, 172(%esp)
10182        jl	L_AES_GCM_encrypt_avx2_aesenc_gfmul_sb_last
10183        vaesenc	%xmm0, %xmm7, %xmm7
10184        vaesenc	208(%ebp), %xmm7, %xmm7
10185        vmovdqu	224(%ebp), %xmm0
10186L_AES_GCM_encrypt_avx2_aesenc_gfmul_sb_last:
10187        vaesenclast	%xmm0, %xmm7, %xmm7
10188        vmovdqu	(%esi,%ebx,1), %xmm3
10189        vpxor	%xmm1, %xmm2, %xmm6
10190        vpxor	%xmm3, %xmm7, %xmm7
10191        vmovdqu	%xmm7, (%edi,%ebx,1)
10192        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm7, %xmm7
10193        vpxor	%xmm7, %xmm6, %xmm6
10194        vmovdqu	64(%esp), %xmm4
10195        addl	$16, %ebx
10196        cmpl	%eax, %ebx
10197        jl	L_AES_GCM_encrypt_avx2_last_block_start
10198L_AES_GCM_encrypt_avx2_last_block_ghash:
10199        # ghash_gfmul_red
10200        vpclmulqdq	$16, %xmm5, %xmm6, %xmm2
10201        vpclmulqdq	$0x01, %xmm5, %xmm6, %xmm1
10202        vpclmulqdq	$0x00, %xmm5, %xmm6, %xmm0
10203        vpxor	%xmm1, %xmm2, %xmm2
10204        vpslldq	$8, %xmm2, %xmm1
10205        vpsrldq	$8, %xmm2, %xmm2
10206        vpxor	%xmm0, %xmm1, %xmm1
10207        vpclmulqdq	$0x11, %xmm5, %xmm6, %xmm6
10208        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm1, %xmm0
10209        vpshufd	$0x4e, %xmm1, %xmm1
10210        vpxor	%xmm0, %xmm1, %xmm1
10211        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm1, %xmm0
10212        vpshufd	$0x4e, %xmm1, %xmm1
10213        vpxor	%xmm2, %xmm6, %xmm6
10214        vpxor	%xmm1, %xmm6, %xmm6
10215        vpxor	%xmm0, %xmm6, %xmm6
10216L_AES_GCM_encrypt_avx2_last_block_done:
10217        movl	152(%esp), %ecx
10218        movl	152(%esp), %edx
10219        andl	$15, %ecx
10220        jz	L_AES_GCM_encrypt_avx2_done_enc
10221        # aesenc_last15_enc
10222        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm4, %xmm4
10223        vpxor	(%ebp), %xmm4, %xmm4
10224        vaesenc	16(%ebp), %xmm4, %xmm4
10225        vaesenc	32(%ebp), %xmm4, %xmm4
10226        vaesenc	48(%ebp), %xmm4, %xmm4
10227        vaesenc	64(%ebp), %xmm4, %xmm4
10228        vaesenc	80(%ebp), %xmm4, %xmm4
10229        vaesenc	96(%ebp), %xmm4, %xmm4
10230        vaesenc	112(%ebp), %xmm4, %xmm4
10231        vaesenc	128(%ebp), %xmm4, %xmm4
10232        vaesenc	144(%ebp), %xmm4, %xmm4
10233        cmpl	$11, 172(%esp)
10234        vmovdqu	160(%ebp), %xmm0
10235        jl	L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_aesenc_avx_last
10236        vaesenc	%xmm0, %xmm4, %xmm4
10237        vaesenc	176(%ebp), %xmm4, %xmm4
10238        cmpl	$13, 172(%esp)
10239        vmovdqu	192(%ebp), %xmm0
10240        jl	L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_aesenc_avx_last
10241        vaesenc	%xmm0, %xmm4, %xmm4
10242        vaesenc	208(%ebp), %xmm4, %xmm4
10243        vmovdqu	224(%ebp), %xmm0
10244L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_aesenc_avx_last:
10245        vaesenclast	%xmm0, %xmm4, %xmm4
10246        xorl	%ecx, %ecx
10247        vpxor	%xmm0, %xmm0, %xmm0
10248        vmovdqu	%xmm4, (%esp)
10249        vmovdqu	%xmm0, 16(%esp)
10250L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_loop:
10251        movzbl	(%esi,%ebx,1), %eax
10252        xorb	(%esp,%ecx,1), %al
10253        movb	%al, 16(%esp,%ecx,1)
10254        movb	%al, (%edi,%ebx,1)
10255        incl	%ebx
10256        incl	%ecx
10257        cmpl	%edx, %ebx
10258        jl	L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_loop
10259L_AES_GCM_encrypt_avx2_aesenc_last15_enc_avx_finish_enc:
10260        vmovdqu	16(%esp), %xmm4
10261        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm4, %xmm4
10262        vpxor	%xmm4, %xmm6, %xmm6
10263        # ghash_gfmul_red
10264        vpclmulqdq	$16, %xmm5, %xmm6, %xmm2
10265        vpclmulqdq	$0x01, %xmm5, %xmm6, %xmm1
10266        vpclmulqdq	$0x00, %xmm5, %xmm6, %xmm0
10267        vpxor	%xmm1, %xmm2, %xmm2
10268        vpslldq	$8, %xmm2, %xmm1
10269        vpsrldq	$8, %xmm2, %xmm2
10270        vpxor	%xmm0, %xmm1, %xmm1
10271        vpclmulqdq	$0x11, %xmm5, %xmm6, %xmm6
10272        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm1, %xmm0
10273        vpshufd	$0x4e, %xmm1, %xmm1
10274        vpxor	%xmm0, %xmm1, %xmm1
10275        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm1, %xmm0
10276        vpshufd	$0x4e, %xmm1, %xmm1
10277        vpxor	%xmm2, %xmm6, %xmm6
10278        vpxor	%xmm1, %xmm6, %xmm6
10279        vpxor	%xmm0, %xmm6, %xmm6
10280L_AES_GCM_encrypt_avx2_done_enc:
10281        vmovdqu	80(%esp), %xmm7
10282        # calc_tag
10283        movl	152(%esp), %ecx
10284        shll	$3, %ecx
10285        vpinsrd	$0x00, %ecx, %xmm0, %xmm0
10286        movl	156(%esp), %ecx
10287        shll	$3, %ecx
10288        vpinsrd	$2, %ecx, %xmm0, %xmm0
10289        movl	152(%esp), %ecx
10290        shrl	$29, %ecx
10291        vpinsrd	$0x01, %ecx, %xmm0, %xmm0
10292        movl	156(%esp), %ecx
10293        shrl	$29, %ecx
10294        vpinsrd	$3, %ecx, %xmm0, %xmm0
10295        vpxor	%xmm6, %xmm0, %xmm0
10296        # ghash_gfmul_red
10297        vpclmulqdq	$16, %xmm5, %xmm0, %xmm4
10298        vpclmulqdq	$0x01, %xmm5, %xmm0, %xmm3
10299        vpclmulqdq	$0x00, %xmm5, %xmm0, %xmm2
10300        vpxor	%xmm3, %xmm4, %xmm4
10301        vpslldq	$8, %xmm4, %xmm3
10302        vpsrldq	$8, %xmm4, %xmm4
10303        vpxor	%xmm2, %xmm3, %xmm3
10304        vpclmulqdq	$0x11, %xmm5, %xmm0, %xmm0
10305        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm3, %xmm2
10306        vpshufd	$0x4e, %xmm3, %xmm3
10307        vpxor	%xmm2, %xmm3, %xmm3
10308        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm3, %xmm2
10309        vpshufd	$0x4e, %xmm3, %xmm3
10310        vpxor	%xmm4, %xmm0, %xmm0
10311        vpxor	%xmm3, %xmm0, %xmm0
10312        vpxor	%xmm2, %xmm0, %xmm0
10313        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
10314        vpxor	%xmm7, %xmm0, %xmm0
10315        movl	148(%esp), %edi
10316        movl	164(%esp), %ebx
10317        # store_tag
10318        cmpl	$16, %ebx
10319        je	L_AES_GCM_encrypt_avx2_store_tag_16
10320        xorl	%ecx, %ecx
10321        vmovdqu	%xmm0, (%esp)
10322L_AES_GCM_encrypt_avx2_store_tag_loop:
10323        movzbl	(%esp,%ecx,1), %eax
10324        movb	%al, (%edi,%ecx,1)
10325        incl	%ecx
10326        cmpl	%ebx, %ecx
10327        jne	L_AES_GCM_encrypt_avx2_store_tag_loop
10328        jmp	L_AES_GCM_encrypt_avx2_store_tag_done
10329L_AES_GCM_encrypt_avx2_store_tag_16:
10330        vmovdqu	%xmm0, (%edi)
10331L_AES_GCM_encrypt_avx2_store_tag_done:
10332        addl	$0x70, %esp
10333        popl	%ebp
10334        popl	%edi
10335        popl	%esi
10336        popl	%ebx
10337        ret
10338.size	AES_GCM_encrypt_avx2,.-AES_GCM_encrypt_avx2
10339.text
10340.globl	AES_GCM_decrypt_avx2
10341.type	AES_GCM_decrypt_avx2,@function
10342.align	16
10343AES_GCM_decrypt_avx2:
10344        pushl	%ebx
10345        pushl	%esi
10346        pushl	%edi
10347        pushl	%ebp
10348        subl	$0xb0, %esp
10349        movl	208(%esp), %esi
10350        movl	232(%esp), %ebp
10351        vpxor	%xmm4, %xmm4, %xmm4
10352        movl	224(%esp), %edx
10353        cmpl	$12, %edx
10354        je	L_AES_GCM_decrypt_avx2_iv_12
10355        # Calculate values when IV is not 12 bytes
10356        # H = Encrypt X(=0)
10357        vmovdqu	(%ebp), %xmm5
10358        vaesenc	16(%ebp), %xmm5, %xmm5
10359        vaesenc	32(%ebp), %xmm5, %xmm5
10360        vaesenc	48(%ebp), %xmm5, %xmm5
10361        vaesenc	64(%ebp), %xmm5, %xmm5
10362        vaesenc	80(%ebp), %xmm5, %xmm5
10363        vaesenc	96(%ebp), %xmm5, %xmm5
10364        vaesenc	112(%ebp), %xmm5, %xmm5
10365        vaesenc	128(%ebp), %xmm5, %xmm5
10366        vaesenc	144(%ebp), %xmm5, %xmm5
10367        cmpl	$11, 236(%esp)
10368        vmovdqu	160(%ebp), %xmm0
10369        jl	L_AES_GCM_decrypt_avx2_calc_iv_1_aesenc_avx_last
10370        vaesenc	%xmm0, %xmm5, %xmm5
10371        vaesenc	176(%ebp), %xmm5, %xmm5
10372        cmpl	$13, 236(%esp)
10373        vmovdqu	192(%ebp), %xmm0
10374        jl	L_AES_GCM_decrypt_avx2_calc_iv_1_aesenc_avx_last
10375        vaesenc	%xmm0, %xmm5, %xmm5
10376        vaesenc	208(%ebp), %xmm5, %xmm5
10377        vmovdqu	224(%ebp), %xmm0
10378L_AES_GCM_decrypt_avx2_calc_iv_1_aesenc_avx_last:
10379        vaesenclast	%xmm0, %xmm5, %xmm5
10380        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm5, %xmm5
10381        # Calc counter
10382        # Initialization vector
10383        cmpl	$0x00, %edx
10384        movl	$0x00, %ecx
10385        je	L_AES_GCM_decrypt_avx2_calc_iv_done
10386        cmpl	$16, %edx
10387        jl	L_AES_GCM_decrypt_avx2_calc_iv_lt16
10388        andl	$0xfffffff0, %edx
10389L_AES_GCM_decrypt_avx2_calc_iv_16_loop:
10390        vmovdqu	(%esi,%ecx,1), %xmm0
10391        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
10392        vpxor	%xmm0, %xmm4, %xmm4
10393        # ghash_gfmul_avx
10394        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
10395        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
10396        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
10397        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
10398        vpxor	%xmm1, %xmm2, %xmm2
10399        vpslldq	$8, %xmm2, %xmm1
10400        vpsrldq	$8, %xmm2, %xmm2
10401        vpxor	%xmm1, %xmm0, %xmm7
10402        vpxor	%xmm2, %xmm3, %xmm4
10403        # ghash_mid
10404        vpsrld	$31, %xmm7, %xmm0
10405        vpsrld	$31, %xmm4, %xmm1
10406        vpslld	$0x01, %xmm7, %xmm7
10407        vpslld	$0x01, %xmm4, %xmm4
10408        vpsrldq	$12, %xmm0, %xmm2
10409        vpslldq	$4, %xmm0, %xmm0
10410        vpslldq	$4, %xmm1, %xmm1
10411        vpor	%xmm2, %xmm4, %xmm4
10412        vpor	%xmm0, %xmm7, %xmm7
10413        vpor	%xmm1, %xmm4, %xmm4
10414        # ghash_red
10415        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
10416        vpclmulqdq	$16, %xmm2, %xmm7, %xmm0
10417        vpshufd	$0x4e, %xmm7, %xmm1
10418        vpxor	%xmm0, %xmm1, %xmm1
10419        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
10420        vpshufd	$0x4e, %xmm1, %xmm1
10421        vpxor	%xmm0, %xmm1, %xmm1
10422        vpxor	%xmm1, %xmm4, %xmm4
10423        addl	$16, %ecx
10424        cmpl	%edx, %ecx
10425        jl	L_AES_GCM_decrypt_avx2_calc_iv_16_loop
10426        movl	224(%esp), %edx
10427        cmpl	%edx, %ecx
10428        je	L_AES_GCM_decrypt_avx2_calc_iv_done
10429L_AES_GCM_decrypt_avx2_calc_iv_lt16:
10430        vpxor	%xmm0, %xmm0, %xmm0
10431        xorl	%ebx, %ebx
10432        vmovdqu	%xmm0, (%esp)
10433L_AES_GCM_decrypt_avx2_calc_iv_loop:
10434        movzbl	(%esi,%ecx,1), %eax
10435        movb	%al, (%esp,%ebx,1)
10436        incl	%ecx
10437        incl	%ebx
10438        cmpl	%edx, %ecx
10439        jl	L_AES_GCM_decrypt_avx2_calc_iv_loop
10440        vmovdqu	(%esp), %xmm0
10441        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
10442        vpxor	%xmm0, %xmm4, %xmm4
10443        # ghash_gfmul_avx
10444        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
10445        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
10446        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
10447        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
10448        vpxor	%xmm1, %xmm2, %xmm2
10449        vpslldq	$8, %xmm2, %xmm1
10450        vpsrldq	$8, %xmm2, %xmm2
10451        vpxor	%xmm1, %xmm0, %xmm7
10452        vpxor	%xmm2, %xmm3, %xmm4
10453        # ghash_mid
10454        vpsrld	$31, %xmm7, %xmm0
10455        vpsrld	$31, %xmm4, %xmm1
10456        vpslld	$0x01, %xmm7, %xmm7
10457        vpslld	$0x01, %xmm4, %xmm4
10458        vpsrldq	$12, %xmm0, %xmm2
10459        vpslldq	$4, %xmm0, %xmm0
10460        vpslldq	$4, %xmm1, %xmm1
10461        vpor	%xmm2, %xmm4, %xmm4
10462        vpor	%xmm0, %xmm7, %xmm7
10463        vpor	%xmm1, %xmm4, %xmm4
10464        # ghash_red
10465        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
10466        vpclmulqdq	$16, %xmm2, %xmm7, %xmm0
10467        vpshufd	$0x4e, %xmm7, %xmm1
10468        vpxor	%xmm0, %xmm1, %xmm1
10469        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
10470        vpshufd	$0x4e, %xmm1, %xmm1
10471        vpxor	%xmm0, %xmm1, %xmm1
10472        vpxor	%xmm1, %xmm4, %xmm4
10473L_AES_GCM_decrypt_avx2_calc_iv_done:
10474        # T = Encrypt counter
10475        vpxor	%xmm0, %xmm0, %xmm0
10476        shll	$3, %edx
10477        vpinsrd	$0x00, %edx, %xmm0, %xmm0
10478        vpxor	%xmm0, %xmm4, %xmm4
10479        # ghash_gfmul_avx
10480        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
10481        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
10482        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
10483        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
10484        vpxor	%xmm1, %xmm2, %xmm2
10485        vpslldq	$8, %xmm2, %xmm1
10486        vpsrldq	$8, %xmm2, %xmm2
10487        vpxor	%xmm1, %xmm0, %xmm7
10488        vpxor	%xmm2, %xmm3, %xmm4
10489        # ghash_mid
10490        vpsrld	$31, %xmm7, %xmm0
10491        vpsrld	$31, %xmm4, %xmm1
10492        vpslld	$0x01, %xmm7, %xmm7
10493        vpslld	$0x01, %xmm4, %xmm4
10494        vpsrldq	$12, %xmm0, %xmm2
10495        vpslldq	$4, %xmm0, %xmm0
10496        vpslldq	$4, %xmm1, %xmm1
10497        vpor	%xmm2, %xmm4, %xmm4
10498        vpor	%xmm0, %xmm7, %xmm7
10499        vpor	%xmm1, %xmm4, %xmm4
10500        # ghash_red
10501        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
10502        vpclmulqdq	$16, %xmm2, %xmm7, %xmm0
10503        vpshufd	$0x4e, %xmm7, %xmm1
10504        vpxor	%xmm0, %xmm1, %xmm1
10505        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
10506        vpshufd	$0x4e, %xmm1, %xmm1
10507        vpxor	%xmm0, %xmm1, %xmm1
10508        vpxor	%xmm1, %xmm4, %xmm4
10509        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm4, %xmm4
10510        #   Encrypt counter
10511        vmovdqu	(%ebp), %xmm6
10512        vpxor	%xmm4, %xmm6, %xmm6
10513        vaesenc	16(%ebp), %xmm6, %xmm6
10514        vaesenc	32(%ebp), %xmm6, %xmm6
10515        vaesenc	48(%ebp), %xmm6, %xmm6
10516        vaesenc	64(%ebp), %xmm6, %xmm6
10517        vaesenc	80(%ebp), %xmm6, %xmm6
10518        vaesenc	96(%ebp), %xmm6, %xmm6
10519        vaesenc	112(%ebp), %xmm6, %xmm6
10520        vaesenc	128(%ebp), %xmm6, %xmm6
10521        vaesenc	144(%ebp), %xmm6, %xmm6
10522        cmpl	$11, 236(%esp)
10523        vmovdqu	160(%ebp), %xmm0
10524        jl	L_AES_GCM_decrypt_avx2_calc_iv_2_aesenc_avx_last
10525        vaesenc	%xmm0, %xmm6, %xmm6
10526        vaesenc	176(%ebp), %xmm6, %xmm6
10527        cmpl	$13, 236(%esp)
10528        vmovdqu	192(%ebp), %xmm0
10529        jl	L_AES_GCM_decrypt_avx2_calc_iv_2_aesenc_avx_last
10530        vaesenc	%xmm0, %xmm6, %xmm6
10531        vaesenc	208(%ebp), %xmm6, %xmm6
10532        vmovdqu	224(%ebp), %xmm0
10533L_AES_GCM_decrypt_avx2_calc_iv_2_aesenc_avx_last:
10534        vaesenclast	%xmm0, %xmm6, %xmm6
10535        jmp	L_AES_GCM_decrypt_avx2_iv_done
10536L_AES_GCM_decrypt_avx2_iv_12:
10537        # # Calculate values when IV is 12 bytes
10538        # Set counter based on IV
10539        vmovdqu	L_avx2_aes_gcm_bswap_one, %xmm4
10540        vmovdqu	(%ebp), %xmm5
10541        vpblendd	$7, (%esi), %xmm4, %xmm4
10542        # H = Encrypt X(=0) and T = Encrypt counter
10543        vmovdqu	16(%ebp), %xmm7
10544        vpxor	%xmm5, %xmm4, %xmm6
10545        vaesenc	%xmm7, %xmm5, %xmm5
10546        vaesenc	%xmm7, %xmm6, %xmm6
10547        vmovdqu	32(%ebp), %xmm0
10548        vaesenc	%xmm0, %xmm5, %xmm5
10549        vaesenc	%xmm0, %xmm6, %xmm6
10550        vmovdqu	48(%ebp), %xmm0
10551        vaesenc	%xmm0, %xmm5, %xmm5
10552        vaesenc	%xmm0, %xmm6, %xmm6
10553        vmovdqu	64(%ebp), %xmm0
10554        vaesenc	%xmm0, %xmm5, %xmm5
10555        vaesenc	%xmm0, %xmm6, %xmm6
10556        vmovdqu	80(%ebp), %xmm0
10557        vaesenc	%xmm0, %xmm5, %xmm5
10558        vaesenc	%xmm0, %xmm6, %xmm6
10559        vmovdqu	96(%ebp), %xmm0
10560        vaesenc	%xmm0, %xmm5, %xmm5
10561        vaesenc	%xmm0, %xmm6, %xmm6
10562        vmovdqu	112(%ebp), %xmm0
10563        vaesenc	%xmm0, %xmm5, %xmm5
10564        vaesenc	%xmm0, %xmm6, %xmm6
10565        vmovdqu	128(%ebp), %xmm0
10566        vaesenc	%xmm0, %xmm5, %xmm5
10567        vaesenc	%xmm0, %xmm6, %xmm6
10568        vmovdqu	144(%ebp), %xmm0
10569        vaesenc	%xmm0, %xmm5, %xmm5
10570        vaesenc	%xmm0, %xmm6, %xmm6
10571        cmpl	$11, 236(%esp)
10572        vmovdqu	160(%ebp), %xmm0
10573        jl	L_AES_GCM_decrypt_avx2_calc_iv_12_last
10574        vaesenc	%xmm0, %xmm5, %xmm5
10575        vaesenc	%xmm0, %xmm6, %xmm6
10576        vmovdqu	176(%ebp), %xmm0
10577        vaesenc	%xmm0, %xmm5, %xmm5
10578        vaesenc	%xmm0, %xmm6, %xmm6
10579        cmpl	$13, 236(%esp)
10580        vmovdqu	192(%ebp), %xmm0
10581        jl	L_AES_GCM_decrypt_avx2_calc_iv_12_last
10582        vaesenc	%xmm0, %xmm5, %xmm5
10583        vaesenc	%xmm0, %xmm6, %xmm6
10584        vmovdqu	208(%ebp), %xmm0
10585        vaesenc	%xmm0, %xmm5, %xmm5
10586        vaesenc	%xmm0, %xmm6, %xmm6
10587        vmovdqu	224(%ebp), %xmm0
10588L_AES_GCM_decrypt_avx2_calc_iv_12_last:
10589        vaesenclast	%xmm0, %xmm5, %xmm5
10590        vaesenclast	%xmm0, %xmm6, %xmm6
10591        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm5, %xmm5
10592L_AES_GCM_decrypt_avx2_iv_done:
10593        vmovdqu	%xmm6, 80(%esp)
10594        vpxor	%xmm6, %xmm6, %xmm6
10595        movl	204(%esp), %esi
10596        # Additional authentication data
10597        movl	220(%esp), %edx
10598        cmpl	$0x00, %edx
10599        je	L_AES_GCM_decrypt_avx2_calc_aad_done
10600        xorl	%ecx, %ecx
10601        cmpl	$16, %edx
10602        jl	L_AES_GCM_decrypt_avx2_calc_aad_lt16
10603        andl	$0xfffffff0, %edx
10604L_AES_GCM_decrypt_avx2_calc_aad_16_loop:
10605        vmovdqu	(%esi,%ecx,1), %xmm0
10606        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
10607        vpxor	%xmm0, %xmm6, %xmm6
10608        # ghash_gfmul_avx
10609        vpclmulqdq	$16, %xmm6, %xmm5, %xmm2
10610        vpclmulqdq	$0x01, %xmm6, %xmm5, %xmm1
10611        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm0
10612        vpclmulqdq	$0x11, %xmm6, %xmm5, %xmm3
10613        vpxor	%xmm1, %xmm2, %xmm2
10614        vpslldq	$8, %xmm2, %xmm1
10615        vpsrldq	$8, %xmm2, %xmm2
10616        vpxor	%xmm1, %xmm0, %xmm7
10617        vpxor	%xmm2, %xmm3, %xmm6
10618        # ghash_mid
10619        vpsrld	$31, %xmm7, %xmm0
10620        vpsrld	$31, %xmm6, %xmm1
10621        vpslld	$0x01, %xmm7, %xmm7
10622        vpslld	$0x01, %xmm6, %xmm6
10623        vpsrldq	$12, %xmm0, %xmm2
10624        vpslldq	$4, %xmm0, %xmm0
10625        vpslldq	$4, %xmm1, %xmm1
10626        vpor	%xmm2, %xmm6, %xmm6
10627        vpor	%xmm0, %xmm7, %xmm7
10628        vpor	%xmm1, %xmm6, %xmm6
10629        # ghash_red
10630        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
10631        vpclmulqdq	$16, %xmm2, %xmm7, %xmm0
10632        vpshufd	$0x4e, %xmm7, %xmm1
10633        vpxor	%xmm0, %xmm1, %xmm1
10634        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
10635        vpshufd	$0x4e, %xmm1, %xmm1
10636        vpxor	%xmm0, %xmm1, %xmm1
10637        vpxor	%xmm1, %xmm6, %xmm6
10638        addl	$16, %ecx
10639        cmpl	%edx, %ecx
10640        jl	L_AES_GCM_decrypt_avx2_calc_aad_16_loop
10641        movl	220(%esp), %edx
10642        cmpl	%edx, %ecx
10643        je	L_AES_GCM_decrypt_avx2_calc_aad_done
10644L_AES_GCM_decrypt_avx2_calc_aad_lt16:
10645        vpxor	%xmm0, %xmm0, %xmm0
10646        xorl	%ebx, %ebx
10647        vmovdqu	%xmm0, (%esp)
10648L_AES_GCM_decrypt_avx2_calc_aad_loop:
10649        movzbl	(%esi,%ecx,1), %eax
10650        movb	%al, (%esp,%ebx,1)
10651        incl	%ecx
10652        incl	%ebx
10653        cmpl	%edx, %ecx
10654        jl	L_AES_GCM_decrypt_avx2_calc_aad_loop
10655        vmovdqu	(%esp), %xmm0
10656        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
10657        vpxor	%xmm0, %xmm6, %xmm6
10658        # ghash_gfmul_avx
10659        vpclmulqdq	$16, %xmm6, %xmm5, %xmm2
10660        vpclmulqdq	$0x01, %xmm6, %xmm5, %xmm1
10661        vpclmulqdq	$0x00, %xmm6, %xmm5, %xmm0
10662        vpclmulqdq	$0x11, %xmm6, %xmm5, %xmm3
10663        vpxor	%xmm1, %xmm2, %xmm2
10664        vpslldq	$8, %xmm2, %xmm1
10665        vpsrldq	$8, %xmm2, %xmm2
10666        vpxor	%xmm1, %xmm0, %xmm7
10667        vpxor	%xmm2, %xmm3, %xmm6
10668        # ghash_mid
10669        vpsrld	$31, %xmm7, %xmm0
10670        vpsrld	$31, %xmm6, %xmm1
10671        vpslld	$0x01, %xmm7, %xmm7
10672        vpslld	$0x01, %xmm6, %xmm6
10673        vpsrldq	$12, %xmm0, %xmm2
10674        vpslldq	$4, %xmm0, %xmm0
10675        vpslldq	$4, %xmm1, %xmm1
10676        vpor	%xmm2, %xmm6, %xmm6
10677        vpor	%xmm0, %xmm7, %xmm7
10678        vpor	%xmm1, %xmm6, %xmm6
10679        # ghash_red
10680        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
10681        vpclmulqdq	$16, %xmm2, %xmm7, %xmm0
10682        vpshufd	$0x4e, %xmm7, %xmm1
10683        vpxor	%xmm0, %xmm1, %xmm1
10684        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
10685        vpshufd	$0x4e, %xmm1, %xmm1
10686        vpxor	%xmm0, %xmm1, %xmm1
10687        vpxor	%xmm1, %xmm6, %xmm6
10688L_AES_GCM_decrypt_avx2_calc_aad_done:
10689        movl	196(%esp), %esi
10690        movl	200(%esp), %edi
10691        # Calculate counter and H
10692        vpsrlq	$63, %xmm5, %xmm1
10693        vpsllq	$0x01, %xmm5, %xmm0
10694        vpslldq	$8, %xmm1, %xmm1
10695        vpor	%xmm1, %xmm0, %xmm0
10696        vpshufd	$0xff, %xmm5, %xmm5
10697        vpsrad	$31, %xmm5, %xmm5
10698        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm4, %xmm4
10699        vpand	L_aes_gcm_avx2_mod2_128, %xmm5, %xmm5
10700        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm4
10701        vpxor	%xmm0, %xmm5, %xmm5
10702        xorl	%ebx, %ebx
10703        cmpl	$0x40, 216(%esp)
10704        movl	216(%esp), %eax
10705        jl	L_AES_GCM_decrypt_avx2_done_64
10706        andl	$0xffffffc0, %eax
10707        vmovdqu	%xmm4, 64(%esp)
10708        vmovdqu	%xmm6, 96(%esp)
10709        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm3
10710        # H ^ 1
10711        vmovdqu	%xmm5, (%esp)
10712        vmovdqu	%xmm5, %xmm2
10713        # H ^ 2
10714        vpclmulqdq	$0x00, %xmm2, %xmm2, %xmm5
10715        vpclmulqdq	$0x11, %xmm2, %xmm2, %xmm6
10716        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
10717        vpshufd	$0x4e, %xmm5, %xmm5
10718        vpxor	%xmm4, %xmm5, %xmm5
10719        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
10720        vpshufd	$0x4e, %xmm5, %xmm5
10721        vpxor	%xmm4, %xmm5, %xmm5
10722        vpxor	%xmm5, %xmm6, %xmm0
10723        vmovdqu	%xmm0, 16(%esp)
10724        # H ^ 3
10725        # ghash_gfmul_red
10726        vpclmulqdq	$16, %xmm0, %xmm2, %xmm6
10727        vpclmulqdq	$0x01, %xmm0, %xmm2, %xmm5
10728        vpclmulqdq	$0x00, %xmm0, %xmm2, %xmm4
10729        vpxor	%xmm5, %xmm6, %xmm6
10730        vpslldq	$8, %xmm6, %xmm5
10731        vpsrldq	$8, %xmm6, %xmm6
10732        vpxor	%xmm4, %xmm5, %xmm5
10733        vpclmulqdq	$0x11, %xmm0, %xmm2, %xmm1
10734        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
10735        vpshufd	$0x4e, %xmm5, %xmm5
10736        vpxor	%xmm4, %xmm5, %xmm5
10737        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
10738        vpshufd	$0x4e, %xmm5, %xmm5
10739        vpxor	%xmm6, %xmm1, %xmm1
10740        vpxor	%xmm5, %xmm1, %xmm1
10741        vpxor	%xmm4, %xmm1, %xmm1
10742        vmovdqu	%xmm1, 32(%esp)
10743        # H ^ 4
10744        vpclmulqdq	$0x00, %xmm0, %xmm0, %xmm5
10745        vpclmulqdq	$0x11, %xmm0, %xmm0, %xmm6
10746        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
10747        vpshufd	$0x4e, %xmm5, %xmm5
10748        vpxor	%xmm4, %xmm5, %xmm5
10749        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
10750        vpshufd	$0x4e, %xmm5, %xmm5
10751        vpxor	%xmm4, %xmm5, %xmm5
10752        vpxor	%xmm5, %xmm6, %xmm2
10753        vmovdqu	%xmm2, 48(%esp)
10754        vmovdqu	96(%esp), %xmm6
10755        cmpl	%esi, %edi
10756        jne	L_AES_GCM_decrypt_avx2_ghash_64
10757L_AES_GCM_decrypt_avx2_ghash_64_inplace:
10758        # aesenc_64_ghash
10759        leal	(%esi,%ebx,1), %ecx
10760        leal	(%edi,%ebx,1), %edx
10761        # aesenc_64
10762        # aesenc_ctr
10763        vmovdqu	64(%esp), %xmm4
10764        vmovdqu	L_aes_gcm_avx2_bswap_epi64, %xmm7
10765        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm1
10766        vpshufb	%xmm7, %xmm4, %xmm0
10767        vpaddd	L_aes_gcm_avx2_two, %xmm4, %xmm2
10768        vpshufb	%xmm7, %xmm1, %xmm1
10769        vpaddd	L_aes_gcm_avx2_three, %xmm4, %xmm3
10770        vpshufb	%xmm7, %xmm2, %xmm2
10771        vpaddd	L_aes_gcm_avx2_four, %xmm4, %xmm4
10772        vpshufb	%xmm7, %xmm3, %xmm3
10773        # aesenc_xor
10774        vmovdqu	(%ebp), %xmm7
10775        vmovdqu	%xmm4, 64(%esp)
10776        vpxor	%xmm7, %xmm0, %xmm0
10777        vpxor	%xmm7, %xmm1, %xmm1
10778        vpxor	%xmm7, %xmm2, %xmm2
10779        vpxor	%xmm7, %xmm3, %xmm3
10780        vmovdqu	16(%ebp), %xmm7
10781        vaesenc	%xmm7, %xmm0, %xmm0
10782        vaesenc	%xmm7, %xmm1, %xmm1
10783        vaesenc	%xmm7, %xmm2, %xmm2
10784        vaesenc	%xmm7, %xmm3, %xmm3
10785        vmovdqu	32(%ebp), %xmm7
10786        vaesenc	%xmm7, %xmm0, %xmm0
10787        vaesenc	%xmm7, %xmm1, %xmm1
10788        vaesenc	%xmm7, %xmm2, %xmm2
10789        vaesenc	%xmm7, %xmm3, %xmm3
10790        vmovdqu	48(%ebp), %xmm7
10791        vaesenc	%xmm7, %xmm0, %xmm0
10792        vaesenc	%xmm7, %xmm1, %xmm1
10793        vaesenc	%xmm7, %xmm2, %xmm2
10794        vaesenc	%xmm7, %xmm3, %xmm3
10795        vmovdqu	64(%ebp), %xmm7
10796        vaesenc	%xmm7, %xmm0, %xmm0
10797        vaesenc	%xmm7, %xmm1, %xmm1
10798        vaesenc	%xmm7, %xmm2, %xmm2
10799        vaesenc	%xmm7, %xmm3, %xmm3
10800        vmovdqu	80(%ebp), %xmm7
10801        vaesenc	%xmm7, %xmm0, %xmm0
10802        vaesenc	%xmm7, %xmm1, %xmm1
10803        vaesenc	%xmm7, %xmm2, %xmm2
10804        vaesenc	%xmm7, %xmm3, %xmm3
10805        vmovdqu	96(%ebp), %xmm7
10806        vaesenc	%xmm7, %xmm0, %xmm0
10807        vaesenc	%xmm7, %xmm1, %xmm1
10808        vaesenc	%xmm7, %xmm2, %xmm2
10809        vaesenc	%xmm7, %xmm3, %xmm3
10810        vmovdqu	112(%ebp), %xmm7
10811        vaesenc	%xmm7, %xmm0, %xmm0
10812        vaesenc	%xmm7, %xmm1, %xmm1
10813        vaesenc	%xmm7, %xmm2, %xmm2
10814        vaesenc	%xmm7, %xmm3, %xmm3
10815        vmovdqu	128(%ebp), %xmm7
10816        vaesenc	%xmm7, %xmm0, %xmm0
10817        vaesenc	%xmm7, %xmm1, %xmm1
10818        vaesenc	%xmm7, %xmm2, %xmm2
10819        vaesenc	%xmm7, %xmm3, %xmm3
10820        vmovdqu	144(%ebp), %xmm7
10821        vaesenc	%xmm7, %xmm0, %xmm0
10822        vaesenc	%xmm7, %xmm1, %xmm1
10823        vaesenc	%xmm7, %xmm2, %xmm2
10824        vaesenc	%xmm7, %xmm3, %xmm3
10825        cmpl	$11, 236(%esp)
10826        vmovdqu	160(%ebp), %xmm7
10827        jl	L_AES_GCM_decrypt_avx2_inplace_aesenc_64_ghash_aesenc_64_enc_done
10828        vaesenc	%xmm7, %xmm0, %xmm0
10829        vaesenc	%xmm7, %xmm1, %xmm1
10830        vaesenc	%xmm7, %xmm2, %xmm2
10831        vaesenc	%xmm7, %xmm3, %xmm3
10832        vmovdqu	176(%ebp), %xmm7
10833        vaesenc	%xmm7, %xmm0, %xmm0
10834        vaesenc	%xmm7, %xmm1, %xmm1
10835        vaesenc	%xmm7, %xmm2, %xmm2
10836        vaesenc	%xmm7, %xmm3, %xmm3
10837        cmpl	$13, 236(%esp)
10838        vmovdqu	192(%ebp), %xmm7
10839        jl	L_AES_GCM_decrypt_avx2_inplace_aesenc_64_ghash_aesenc_64_enc_done
10840        vaesenc	%xmm7, %xmm0, %xmm0
10841        vaesenc	%xmm7, %xmm1, %xmm1
10842        vaesenc	%xmm7, %xmm2, %xmm2
10843        vaesenc	%xmm7, %xmm3, %xmm3
10844        vmovdqu	208(%ebp), %xmm7
10845        vaesenc	%xmm7, %xmm0, %xmm0
10846        vaesenc	%xmm7, %xmm1, %xmm1
10847        vaesenc	%xmm7, %xmm2, %xmm2
10848        vaesenc	%xmm7, %xmm3, %xmm3
10849        vmovdqu	224(%ebp), %xmm7
10850L_AES_GCM_decrypt_avx2_inplace_aesenc_64_ghash_aesenc_64_enc_done:
10851        # aesenc_last
10852        vaesenclast	%xmm7, %xmm0, %xmm0
10853        vaesenclast	%xmm7, %xmm1, %xmm1
10854        vaesenclast	%xmm7, %xmm2, %xmm2
10855        vaesenclast	%xmm7, %xmm3, %xmm3
10856        vmovdqu	(%ecx), %xmm7
10857        vmovdqu	16(%ecx), %xmm4
10858        vpxor	%xmm7, %xmm0, %xmm0
10859        vpxor	%xmm4, %xmm1, %xmm1
10860        vmovdqu	%xmm7, 112(%esp)
10861        vmovdqu	%xmm4, 128(%esp)
10862        vmovdqu	%xmm0, (%edx)
10863        vmovdqu	%xmm1, 16(%edx)
10864        vmovdqu	32(%ecx), %xmm7
10865        vmovdqu	48(%ecx), %xmm4
10866        vpxor	%xmm7, %xmm2, %xmm2
10867        vpxor	%xmm4, %xmm3, %xmm3
10868        vmovdqu	%xmm7, 144(%esp)
10869        vmovdqu	%xmm4, 160(%esp)
10870        vmovdqu	%xmm2, 32(%edx)
10871        vmovdqu	%xmm3, 48(%edx)
10872        # pclmul_1
10873        vmovdqu	112(%esp), %xmm1
10874        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
10875        vmovdqu	48(%esp), %xmm2
10876        vpxor	%xmm6, %xmm1, %xmm1
10877        vpclmulqdq	$16, %xmm2, %xmm1, %xmm5
10878        vpclmulqdq	$0x01, %xmm2, %xmm1, %xmm3
10879        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm6
10880        vpclmulqdq	$0x11, %xmm2, %xmm1, %xmm7
10881        # pclmul_2
10882        vmovdqu	128(%esp), %xmm1
10883        vmovdqu	32(%esp), %xmm0
10884        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
10885        vpxor	%xmm3, %xmm5, %xmm5
10886        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
10887        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
10888        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
10889        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
10890        vpxor	%xmm1, %xmm7, %xmm7
10891        # pclmul_n
10892        vmovdqu	144(%esp), %xmm1
10893        vmovdqu	16(%esp), %xmm0
10894        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
10895        vpxor	%xmm2, %xmm5, %xmm5
10896        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
10897        vpxor	%xmm3, %xmm5, %xmm5
10898        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
10899        vpxor	%xmm4, %xmm6, %xmm6
10900        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
10901        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
10902        vpxor	%xmm1, %xmm7, %xmm7
10903        # pclmul_n
10904        vmovdqu	160(%esp), %xmm1
10905        vmovdqu	(%esp), %xmm0
10906        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
10907        vpxor	%xmm2, %xmm5, %xmm5
10908        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
10909        vpxor	%xmm3, %xmm5, %xmm5
10910        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
10911        vpxor	%xmm4, %xmm6, %xmm6
10912        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
10913        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
10914        vpxor	%xmm1, %xmm7, %xmm7
10915        # aesenc_pclmul_l
10916        vpxor	%xmm2, %xmm5, %xmm5
10917        vpxor	%xmm4, %xmm6, %xmm6
10918        vpxor	%xmm3, %xmm5, %xmm5
10919        vpslldq	$8, %xmm5, %xmm1
10920        vpsrldq	$8, %xmm5, %xmm5
10921        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm0
10922        vpxor	%xmm1, %xmm6, %xmm6
10923        vpxor	%xmm5, %xmm7, %xmm7
10924        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
10925        vpshufd	$0x4e, %xmm6, %xmm6
10926        vpxor	%xmm3, %xmm6, %xmm6
10927        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
10928        vpshufd	$0x4e, %xmm6, %xmm6
10929        vpxor	%xmm3, %xmm6, %xmm6
10930        vpxor	%xmm7, %xmm6, %xmm6
10931        # aesenc_64_ghash - end
10932        addl	$0x40, %ebx
10933        cmpl	%eax, %ebx
10934        jl	L_AES_GCM_decrypt_avx2_ghash_64_inplace
10935        jmp	L_AES_GCM_decrypt_avx2_ghash_64_done
10936L_AES_GCM_decrypt_avx2_ghash_64:
10937        # aesenc_64_ghash
10938        leal	(%esi,%ebx,1), %ecx
10939        leal	(%edi,%ebx,1), %edx
10940        # aesenc_64
10941        # aesenc_ctr
10942        vmovdqu	64(%esp), %xmm4
10943        vmovdqu	L_aes_gcm_avx2_bswap_epi64, %xmm7
10944        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm1
10945        vpshufb	%xmm7, %xmm4, %xmm0
10946        vpaddd	L_aes_gcm_avx2_two, %xmm4, %xmm2
10947        vpshufb	%xmm7, %xmm1, %xmm1
10948        vpaddd	L_aes_gcm_avx2_three, %xmm4, %xmm3
10949        vpshufb	%xmm7, %xmm2, %xmm2
10950        vpaddd	L_aes_gcm_avx2_four, %xmm4, %xmm4
10951        vpshufb	%xmm7, %xmm3, %xmm3
10952        # aesenc_xor
10953        vmovdqu	(%ebp), %xmm7
10954        vmovdqu	%xmm4, 64(%esp)
10955        vpxor	%xmm7, %xmm0, %xmm0
10956        vpxor	%xmm7, %xmm1, %xmm1
10957        vpxor	%xmm7, %xmm2, %xmm2
10958        vpxor	%xmm7, %xmm3, %xmm3
10959        vmovdqu	16(%ebp), %xmm7
10960        vaesenc	%xmm7, %xmm0, %xmm0
10961        vaesenc	%xmm7, %xmm1, %xmm1
10962        vaesenc	%xmm7, %xmm2, %xmm2
10963        vaesenc	%xmm7, %xmm3, %xmm3
10964        vmovdqu	32(%ebp), %xmm7
10965        vaesenc	%xmm7, %xmm0, %xmm0
10966        vaesenc	%xmm7, %xmm1, %xmm1
10967        vaesenc	%xmm7, %xmm2, %xmm2
10968        vaesenc	%xmm7, %xmm3, %xmm3
10969        vmovdqu	48(%ebp), %xmm7
10970        vaesenc	%xmm7, %xmm0, %xmm0
10971        vaesenc	%xmm7, %xmm1, %xmm1
10972        vaesenc	%xmm7, %xmm2, %xmm2
10973        vaesenc	%xmm7, %xmm3, %xmm3
10974        vmovdqu	64(%ebp), %xmm7
10975        vaesenc	%xmm7, %xmm0, %xmm0
10976        vaesenc	%xmm7, %xmm1, %xmm1
10977        vaesenc	%xmm7, %xmm2, %xmm2
10978        vaesenc	%xmm7, %xmm3, %xmm3
10979        vmovdqu	80(%ebp), %xmm7
10980        vaesenc	%xmm7, %xmm0, %xmm0
10981        vaesenc	%xmm7, %xmm1, %xmm1
10982        vaesenc	%xmm7, %xmm2, %xmm2
10983        vaesenc	%xmm7, %xmm3, %xmm3
10984        vmovdqu	96(%ebp), %xmm7
10985        vaesenc	%xmm7, %xmm0, %xmm0
10986        vaesenc	%xmm7, %xmm1, %xmm1
10987        vaesenc	%xmm7, %xmm2, %xmm2
10988        vaesenc	%xmm7, %xmm3, %xmm3
10989        vmovdqu	112(%ebp), %xmm7
10990        vaesenc	%xmm7, %xmm0, %xmm0
10991        vaesenc	%xmm7, %xmm1, %xmm1
10992        vaesenc	%xmm7, %xmm2, %xmm2
10993        vaesenc	%xmm7, %xmm3, %xmm3
10994        vmovdqu	128(%ebp), %xmm7
10995        vaesenc	%xmm7, %xmm0, %xmm0
10996        vaesenc	%xmm7, %xmm1, %xmm1
10997        vaesenc	%xmm7, %xmm2, %xmm2
10998        vaesenc	%xmm7, %xmm3, %xmm3
10999        vmovdqu	144(%ebp), %xmm7
11000        vaesenc	%xmm7, %xmm0, %xmm0
11001        vaesenc	%xmm7, %xmm1, %xmm1
11002        vaesenc	%xmm7, %xmm2, %xmm2
11003        vaesenc	%xmm7, %xmm3, %xmm3
11004        cmpl	$11, 236(%esp)
11005        vmovdqu	160(%ebp), %xmm7
11006        jl	L_AES_GCM_decrypt_avx2_aesenc_64_ghash_aesenc_64_enc_done
11007        vaesenc	%xmm7, %xmm0, %xmm0
11008        vaesenc	%xmm7, %xmm1, %xmm1
11009        vaesenc	%xmm7, %xmm2, %xmm2
11010        vaesenc	%xmm7, %xmm3, %xmm3
11011        vmovdqu	176(%ebp), %xmm7
11012        vaesenc	%xmm7, %xmm0, %xmm0
11013        vaesenc	%xmm7, %xmm1, %xmm1
11014        vaesenc	%xmm7, %xmm2, %xmm2
11015        vaesenc	%xmm7, %xmm3, %xmm3
11016        cmpl	$13, 236(%esp)
11017        vmovdqu	192(%ebp), %xmm7
11018        jl	L_AES_GCM_decrypt_avx2_aesenc_64_ghash_aesenc_64_enc_done
11019        vaesenc	%xmm7, %xmm0, %xmm0
11020        vaesenc	%xmm7, %xmm1, %xmm1
11021        vaesenc	%xmm7, %xmm2, %xmm2
11022        vaesenc	%xmm7, %xmm3, %xmm3
11023        vmovdqu	208(%ebp), %xmm7
11024        vaesenc	%xmm7, %xmm0, %xmm0
11025        vaesenc	%xmm7, %xmm1, %xmm1
11026        vaesenc	%xmm7, %xmm2, %xmm2
11027        vaesenc	%xmm7, %xmm3, %xmm3
11028        vmovdqu	224(%ebp), %xmm7
11029L_AES_GCM_decrypt_avx2_aesenc_64_ghash_aesenc_64_enc_done:
11030        # aesenc_last
11031        vaesenclast	%xmm7, %xmm0, %xmm0
11032        vaesenclast	%xmm7, %xmm1, %xmm1
11033        vaesenclast	%xmm7, %xmm2, %xmm2
11034        vaesenclast	%xmm7, %xmm3, %xmm3
11035        vmovdqu	(%ecx), %xmm7
11036        vmovdqu	16(%ecx), %xmm4
11037        vpxor	%xmm7, %xmm0, %xmm0
11038        vpxor	%xmm4, %xmm1, %xmm1
11039        vmovdqu	%xmm7, (%ecx)
11040        vmovdqu	%xmm4, 16(%ecx)
11041        vmovdqu	%xmm0, (%edx)
11042        vmovdqu	%xmm1, 16(%edx)
11043        vmovdqu	32(%ecx), %xmm7
11044        vmovdqu	48(%ecx), %xmm4
11045        vpxor	%xmm7, %xmm2, %xmm2
11046        vpxor	%xmm4, %xmm3, %xmm3
11047        vmovdqu	%xmm7, 32(%ecx)
11048        vmovdqu	%xmm4, 48(%ecx)
11049        vmovdqu	%xmm2, 32(%edx)
11050        vmovdqu	%xmm3, 48(%edx)
11051        # pclmul_1
11052        vmovdqu	(%ecx), %xmm1
11053        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
11054        vmovdqu	48(%esp), %xmm2
11055        vpxor	%xmm6, %xmm1, %xmm1
11056        vpclmulqdq	$16, %xmm2, %xmm1, %xmm5
11057        vpclmulqdq	$0x01, %xmm2, %xmm1, %xmm3
11058        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm6
11059        vpclmulqdq	$0x11, %xmm2, %xmm1, %xmm7
11060        # pclmul_2
11061        vmovdqu	16(%ecx), %xmm1
11062        vmovdqu	32(%esp), %xmm0
11063        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
11064        vpxor	%xmm3, %xmm5, %xmm5
11065        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
11066        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
11067        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
11068        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
11069        vpxor	%xmm1, %xmm7, %xmm7
11070        # pclmul_n
11071        vmovdqu	32(%ecx), %xmm1
11072        vmovdqu	16(%esp), %xmm0
11073        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
11074        vpxor	%xmm2, %xmm5, %xmm5
11075        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
11076        vpxor	%xmm3, %xmm5, %xmm5
11077        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
11078        vpxor	%xmm4, %xmm6, %xmm6
11079        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
11080        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
11081        vpxor	%xmm1, %xmm7, %xmm7
11082        # pclmul_n
11083        vmovdqu	48(%ecx), %xmm1
11084        vmovdqu	(%esp), %xmm0
11085        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
11086        vpxor	%xmm2, %xmm5, %xmm5
11087        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
11088        vpxor	%xmm3, %xmm5, %xmm5
11089        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
11090        vpxor	%xmm4, %xmm6, %xmm6
11091        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
11092        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
11093        vpxor	%xmm1, %xmm7, %xmm7
11094        # aesenc_pclmul_l
11095        vpxor	%xmm2, %xmm5, %xmm5
11096        vpxor	%xmm4, %xmm6, %xmm6
11097        vpxor	%xmm3, %xmm5, %xmm5
11098        vpslldq	$8, %xmm5, %xmm1
11099        vpsrldq	$8, %xmm5, %xmm5
11100        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm0
11101        vpxor	%xmm1, %xmm6, %xmm6
11102        vpxor	%xmm5, %xmm7, %xmm7
11103        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
11104        vpshufd	$0x4e, %xmm6, %xmm6
11105        vpxor	%xmm3, %xmm6, %xmm6
11106        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
11107        vpshufd	$0x4e, %xmm6, %xmm6
11108        vpxor	%xmm3, %xmm6, %xmm6
11109        vpxor	%xmm7, %xmm6, %xmm6
11110        # aesenc_64_ghash - end
11111        addl	$0x40, %ebx
11112        cmpl	%eax, %ebx
11113        jl	L_AES_GCM_decrypt_avx2_ghash_64
11114L_AES_GCM_decrypt_avx2_ghash_64_done:
11115        vmovdqu	(%esp), %xmm5
11116        vmovdqu	64(%esp), %xmm4
11117L_AES_GCM_decrypt_avx2_done_64:
11118        cmpl	216(%esp), %ebx
11119        jge	L_AES_GCM_decrypt_avx2_done_dec
11120        movl	216(%esp), %eax
11121        andl	$0xfffffff0, %eax
11122        cmpl	%eax, %ebx
11123        jge	L_AES_GCM_decrypt_avx2_last_block_done
11124L_AES_GCM_decrypt_avx2_last_block_start:
11125        vmovdqu	(%esi,%ebx,1), %xmm0
11126        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm4, %xmm7
11127        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
11128        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm4
11129        vmovdqu	%xmm4, 64(%esp)
11130        vpxor	%xmm6, %xmm0, %xmm4
11131        # aesenc_gfmul_sb
11132        vpclmulqdq	$0x01, %xmm5, %xmm4, %xmm2
11133        vpclmulqdq	$16, %xmm5, %xmm4, %xmm3
11134        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm1
11135        vpclmulqdq	$0x11, %xmm5, %xmm4, %xmm4
11136        vpxor	(%ebp), %xmm7, %xmm7
11137        vaesenc	16(%ebp), %xmm7, %xmm7
11138        vpxor	%xmm2, %xmm3, %xmm3
11139        vpslldq	$8, %xmm3, %xmm2
11140        vpsrldq	$8, %xmm3, %xmm3
11141        vaesenc	32(%ebp), %xmm7, %xmm7
11142        vpxor	%xmm1, %xmm2, %xmm2
11143        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm2, %xmm1
11144        vaesenc	48(%ebp), %xmm7, %xmm7
11145        vaesenc	64(%ebp), %xmm7, %xmm7
11146        vaesenc	80(%ebp), %xmm7, %xmm7
11147        vpshufd	$0x4e, %xmm2, %xmm2
11148        vpxor	%xmm1, %xmm2, %xmm2
11149        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm2, %xmm1
11150        vaesenc	96(%ebp), %xmm7, %xmm7
11151        vaesenc	112(%ebp), %xmm7, %xmm7
11152        vaesenc	128(%ebp), %xmm7, %xmm7
11153        vpshufd	$0x4e, %xmm2, %xmm2
11154        vaesenc	144(%ebp), %xmm7, %xmm7
11155        vpxor	%xmm3, %xmm4, %xmm4
11156        vpxor	%xmm4, %xmm2, %xmm2
11157        vmovdqu	160(%ebp), %xmm0
11158        cmpl	$11, 236(%esp)
11159        jl	L_AES_GCM_decrypt_avx2_aesenc_gfmul_sb_last
11160        vaesenc	%xmm0, %xmm7, %xmm7
11161        vaesenc	176(%ebp), %xmm7, %xmm7
11162        vmovdqu	192(%ebp), %xmm0
11163        cmpl	$13, 236(%esp)
11164        jl	L_AES_GCM_decrypt_avx2_aesenc_gfmul_sb_last
11165        vaesenc	%xmm0, %xmm7, %xmm7
11166        vaesenc	208(%ebp), %xmm7, %xmm7
11167        vmovdqu	224(%ebp), %xmm0
11168L_AES_GCM_decrypt_avx2_aesenc_gfmul_sb_last:
11169        vaesenclast	%xmm0, %xmm7, %xmm7
11170        vmovdqu	(%esi,%ebx,1), %xmm3
11171        vpxor	%xmm1, %xmm2, %xmm6
11172        vpxor	%xmm3, %xmm7, %xmm7
11173        vmovdqu	%xmm7, (%edi,%ebx,1)
11174        vmovdqu	64(%esp), %xmm4
11175        addl	$16, %ebx
11176        cmpl	%eax, %ebx
11177        jl	L_AES_GCM_decrypt_avx2_last_block_start
11178L_AES_GCM_decrypt_avx2_last_block_done:
11179        movl	216(%esp), %ecx
11180        movl	216(%esp), %edx
11181        andl	$15, %ecx
11182        jz	L_AES_GCM_decrypt_avx2_done_dec
11183        # aesenc_last15_dec
11184        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm4, %xmm4
11185        vpxor	(%ebp), %xmm4, %xmm4
11186        vaesenc	16(%ebp), %xmm4, %xmm4
11187        vaesenc	32(%ebp), %xmm4, %xmm4
11188        vaesenc	48(%ebp), %xmm4, %xmm4
11189        vaesenc	64(%ebp), %xmm4, %xmm4
11190        vaesenc	80(%ebp), %xmm4, %xmm4
11191        vaesenc	96(%ebp), %xmm4, %xmm4
11192        vaesenc	112(%ebp), %xmm4, %xmm4
11193        vaesenc	128(%ebp), %xmm4, %xmm4
11194        vaesenc	144(%ebp), %xmm4, %xmm4
11195        cmpl	$11, 236(%esp)
11196        vmovdqu	160(%ebp), %xmm1
11197        jl	L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_aesenc_avx_last
11198        vaesenc	%xmm1, %xmm4, %xmm4
11199        vaesenc	176(%ebp), %xmm4, %xmm4
11200        cmpl	$13, 236(%esp)
11201        vmovdqu	192(%ebp), %xmm1
11202        jl	L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_aesenc_avx_last
11203        vaesenc	%xmm1, %xmm4, %xmm4
11204        vaesenc	208(%ebp), %xmm4, %xmm4
11205        vmovdqu	224(%ebp), %xmm1
11206L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_aesenc_avx_last:
11207        vaesenclast	%xmm1, %xmm4, %xmm4
11208        xorl	%ecx, %ecx
11209        vpxor	%xmm0, %xmm0, %xmm0
11210        vmovdqu	%xmm4, (%esp)
11211        vmovdqu	%xmm0, 16(%esp)
11212L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_loop:
11213        movzbl	(%esi,%ebx,1), %eax
11214        movb	%al, 16(%esp,%ecx,1)
11215        xorb	(%esp,%ecx,1), %al
11216        movb	%al, (%edi,%ebx,1)
11217        incl	%ebx
11218        incl	%ecx
11219        cmpl	%edx, %ebx
11220        jl	L_AES_GCM_decrypt_avx2_aesenc_last15_dec_avx_loop
11221        vmovdqu	16(%esp), %xmm4
11222        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm4, %xmm4
11223        vpxor	%xmm4, %xmm6, %xmm6
11224        # ghash_gfmul_red
11225        vpclmulqdq	$16, %xmm5, %xmm6, %xmm2
11226        vpclmulqdq	$0x01, %xmm5, %xmm6, %xmm1
11227        vpclmulqdq	$0x00, %xmm5, %xmm6, %xmm0
11228        vpxor	%xmm1, %xmm2, %xmm2
11229        vpslldq	$8, %xmm2, %xmm1
11230        vpsrldq	$8, %xmm2, %xmm2
11231        vpxor	%xmm0, %xmm1, %xmm1
11232        vpclmulqdq	$0x11, %xmm5, %xmm6, %xmm6
11233        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm1, %xmm0
11234        vpshufd	$0x4e, %xmm1, %xmm1
11235        vpxor	%xmm0, %xmm1, %xmm1
11236        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm1, %xmm0
11237        vpshufd	$0x4e, %xmm1, %xmm1
11238        vpxor	%xmm2, %xmm6, %xmm6
11239        vpxor	%xmm1, %xmm6, %xmm6
11240        vpxor	%xmm0, %xmm6, %xmm6
11241L_AES_GCM_decrypt_avx2_done_dec:
11242        vmovdqu	80(%esp), %xmm7
11243        # calc_tag
11244        movl	216(%esp), %ecx
11245        shll	$3, %ecx
11246        vpinsrd	$0x00, %ecx, %xmm0, %xmm0
11247        movl	220(%esp), %ecx
11248        shll	$3, %ecx
11249        vpinsrd	$2, %ecx, %xmm0, %xmm0
11250        movl	216(%esp), %ecx
11251        shrl	$29, %ecx
11252        vpinsrd	$0x01, %ecx, %xmm0, %xmm0
11253        movl	220(%esp), %ecx
11254        shrl	$29, %ecx
11255        vpinsrd	$3, %ecx, %xmm0, %xmm0
11256        vpxor	%xmm6, %xmm0, %xmm0
11257        # ghash_gfmul_red
11258        vpclmulqdq	$16, %xmm5, %xmm0, %xmm4
11259        vpclmulqdq	$0x01, %xmm5, %xmm0, %xmm3
11260        vpclmulqdq	$0x00, %xmm5, %xmm0, %xmm2
11261        vpxor	%xmm3, %xmm4, %xmm4
11262        vpslldq	$8, %xmm4, %xmm3
11263        vpsrldq	$8, %xmm4, %xmm4
11264        vpxor	%xmm2, %xmm3, %xmm3
11265        vpclmulqdq	$0x11, %xmm5, %xmm0, %xmm0
11266        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm3, %xmm2
11267        vpshufd	$0x4e, %xmm3, %xmm3
11268        vpxor	%xmm2, %xmm3, %xmm3
11269        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm3, %xmm2
11270        vpshufd	$0x4e, %xmm3, %xmm3
11271        vpxor	%xmm4, %xmm0, %xmm0
11272        vpxor	%xmm3, %xmm0, %xmm0
11273        vpxor	%xmm2, %xmm0, %xmm0
11274        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
11275        vpxor	%xmm7, %xmm0, %xmm0
11276        movl	212(%esp), %edi
11277        movl	228(%esp), %ebx
11278        movl	240(%esp), %ebp
11279        # cmp_tag
11280        cmpl	$16, %ebx
11281        je	L_AES_GCM_decrypt_avx2_cmp_tag_16
11282        xorl	%edx, %edx
11283        xorl	%ecx, %ecx
11284        vmovdqu	%xmm0, (%esp)
11285L_AES_GCM_decrypt_avx2_cmp_tag_loop:
11286        movzbl	(%esp,%edx,1), %eax
11287        xorb	(%edi,%edx,1), %al
11288        orb	%al, %cl
11289        incl	%edx
11290        cmpl	%ebx, %edx
11291        jne	L_AES_GCM_decrypt_avx2_cmp_tag_loop
11292        cmpb	$0x00, %cl
11293        sete	%cl
11294        jmp	L_AES_GCM_decrypt_avx2_cmp_tag_done
11295L_AES_GCM_decrypt_avx2_cmp_tag_16:
11296        vmovdqu	(%edi), %xmm1
11297        vpcmpeqb	%xmm1, %xmm0, %xmm0
11298        vpmovmskb	%xmm0, %edx
11299        # %%edx == 0xFFFF then return 1 else => return 0
11300        xorl	%ecx, %ecx
11301        cmpl	$0xffff, %edx
11302        sete	%cl
11303L_AES_GCM_decrypt_avx2_cmp_tag_done:
11304        movl	%ecx, (%ebp)
11305        addl	$0xb0, %esp
11306        popl	%ebp
11307        popl	%edi
11308        popl	%esi
11309        popl	%ebx
11310        ret
11311.size	AES_GCM_decrypt_avx2,.-AES_GCM_decrypt_avx2
11312#ifdef WOLFSSL_AESGCM_STREAM
11313.text
11314.globl	AES_GCM_init_avx2
11315.type	AES_GCM_init_avx2,@function
11316.align	16
11317AES_GCM_init_avx2:
11318        pushl	%ebx
11319        pushl	%esi
11320        pushl	%edi
11321        pushl	%ebp
11322        subl	$32, %esp
11323        movl	52(%esp), %ebp
11324        movl	60(%esp), %esi
11325        movl	76(%esp), %edi
11326        vpxor	%xmm4, %xmm4, %xmm4
11327        movl	64(%esp), %edx
11328        cmpl	$12, %edx
11329        je	L_AES_GCM_init_avx2_iv_12
11330        # Calculate values when IV is not 12 bytes
11331        # H = Encrypt X(=0)
11332        vmovdqu	(%ebp), %xmm5
11333        vaesenc	16(%ebp), %xmm5, %xmm5
11334        vaesenc	32(%ebp), %xmm5, %xmm5
11335        vaesenc	48(%ebp), %xmm5, %xmm5
11336        vaesenc	64(%ebp), %xmm5, %xmm5
11337        vaesenc	80(%ebp), %xmm5, %xmm5
11338        vaesenc	96(%ebp), %xmm5, %xmm5
11339        vaesenc	112(%ebp), %xmm5, %xmm5
11340        vaesenc	128(%ebp), %xmm5, %xmm5
11341        vaesenc	144(%ebp), %xmm5, %xmm5
11342        cmpl	$11, 56(%esp)
11343        vmovdqu	160(%ebp), %xmm0
11344        jl	L_AES_GCM_init_avx2_calc_iv_1_aesenc_avx_last
11345        vaesenc	%xmm0, %xmm5, %xmm5
11346        vaesenc	176(%ebp), %xmm5, %xmm5
11347        cmpl	$13, 56(%esp)
11348        vmovdqu	192(%ebp), %xmm0
11349        jl	L_AES_GCM_init_avx2_calc_iv_1_aesenc_avx_last
11350        vaesenc	%xmm0, %xmm5, %xmm5
11351        vaesenc	208(%ebp), %xmm5, %xmm5
11352        vmovdqu	224(%ebp), %xmm0
11353L_AES_GCM_init_avx2_calc_iv_1_aesenc_avx_last:
11354        vaesenclast	%xmm0, %xmm5, %xmm5
11355        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm5, %xmm5
11356        # Calc counter
11357        # Initialization vector
11358        cmpl	$0x00, %edx
11359        movl	$0x00, %ecx
11360        je	L_AES_GCM_init_avx2_calc_iv_done
11361        cmpl	$16, %edx
11362        jl	L_AES_GCM_init_avx2_calc_iv_lt16
11363        andl	$0xfffffff0, %edx
11364L_AES_GCM_init_avx2_calc_iv_16_loop:
11365        vmovdqu	(%esi,%ecx,1), %xmm0
11366        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
11367        vpxor	%xmm0, %xmm4, %xmm4
11368        # ghash_gfmul_avx
11369        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
11370        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
11371        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
11372        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
11373        vpxor	%xmm1, %xmm2, %xmm2
11374        vpslldq	$8, %xmm2, %xmm1
11375        vpsrldq	$8, %xmm2, %xmm2
11376        vpxor	%xmm1, %xmm0, %xmm6
11377        vpxor	%xmm2, %xmm3, %xmm4
11378        # ghash_mid
11379        vpsrld	$31, %xmm6, %xmm0
11380        vpsrld	$31, %xmm4, %xmm1
11381        vpslld	$0x01, %xmm6, %xmm6
11382        vpslld	$0x01, %xmm4, %xmm4
11383        vpsrldq	$12, %xmm0, %xmm2
11384        vpslldq	$4, %xmm0, %xmm0
11385        vpslldq	$4, %xmm1, %xmm1
11386        vpor	%xmm2, %xmm4, %xmm4
11387        vpor	%xmm0, %xmm6, %xmm6
11388        vpor	%xmm1, %xmm4, %xmm4
11389        # ghash_red
11390        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
11391        vpclmulqdq	$16, %xmm2, %xmm6, %xmm0
11392        vpshufd	$0x4e, %xmm6, %xmm1
11393        vpxor	%xmm0, %xmm1, %xmm1
11394        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
11395        vpshufd	$0x4e, %xmm1, %xmm1
11396        vpxor	%xmm0, %xmm1, %xmm1
11397        vpxor	%xmm1, %xmm4, %xmm4
11398        addl	$16, %ecx
11399        cmpl	%edx, %ecx
11400        jl	L_AES_GCM_init_avx2_calc_iv_16_loop
11401        movl	64(%esp), %edx
11402        cmpl	%edx, %ecx
11403        je	L_AES_GCM_init_avx2_calc_iv_done
11404L_AES_GCM_init_avx2_calc_iv_lt16:
11405        vpxor	%xmm0, %xmm0, %xmm0
11406        xorl	%ebx, %ebx
11407        vmovdqu	%xmm0, (%esp)
11408L_AES_GCM_init_avx2_calc_iv_loop:
11409        movzbl	(%esi,%ecx,1), %eax
11410        movb	%al, (%esp,%ebx,1)
11411        incl	%ecx
11412        incl	%ebx
11413        cmpl	%edx, %ecx
11414        jl	L_AES_GCM_init_avx2_calc_iv_loop
11415        vmovdqu	(%esp), %xmm0
11416        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
11417        vpxor	%xmm0, %xmm4, %xmm4
11418        # ghash_gfmul_avx
11419        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
11420        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
11421        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
11422        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
11423        vpxor	%xmm1, %xmm2, %xmm2
11424        vpslldq	$8, %xmm2, %xmm1
11425        vpsrldq	$8, %xmm2, %xmm2
11426        vpxor	%xmm1, %xmm0, %xmm6
11427        vpxor	%xmm2, %xmm3, %xmm4
11428        # ghash_mid
11429        vpsrld	$31, %xmm6, %xmm0
11430        vpsrld	$31, %xmm4, %xmm1
11431        vpslld	$0x01, %xmm6, %xmm6
11432        vpslld	$0x01, %xmm4, %xmm4
11433        vpsrldq	$12, %xmm0, %xmm2
11434        vpslldq	$4, %xmm0, %xmm0
11435        vpslldq	$4, %xmm1, %xmm1
11436        vpor	%xmm2, %xmm4, %xmm4
11437        vpor	%xmm0, %xmm6, %xmm6
11438        vpor	%xmm1, %xmm4, %xmm4
11439        # ghash_red
11440        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
11441        vpclmulqdq	$16, %xmm2, %xmm6, %xmm0
11442        vpshufd	$0x4e, %xmm6, %xmm1
11443        vpxor	%xmm0, %xmm1, %xmm1
11444        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
11445        vpshufd	$0x4e, %xmm1, %xmm1
11446        vpxor	%xmm0, %xmm1, %xmm1
11447        vpxor	%xmm1, %xmm4, %xmm4
11448L_AES_GCM_init_avx2_calc_iv_done:
11449        # T = Encrypt counter
11450        vpxor	%xmm0, %xmm0, %xmm0
11451        shll	$3, %edx
11452        vpinsrd	$0x00, %edx, %xmm0, %xmm0
11453        vpxor	%xmm0, %xmm4, %xmm4
11454        # ghash_gfmul_avx
11455        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
11456        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
11457        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
11458        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
11459        vpxor	%xmm1, %xmm2, %xmm2
11460        vpslldq	$8, %xmm2, %xmm1
11461        vpsrldq	$8, %xmm2, %xmm2
11462        vpxor	%xmm1, %xmm0, %xmm6
11463        vpxor	%xmm2, %xmm3, %xmm4
11464        # ghash_mid
11465        vpsrld	$31, %xmm6, %xmm0
11466        vpsrld	$31, %xmm4, %xmm1
11467        vpslld	$0x01, %xmm6, %xmm6
11468        vpslld	$0x01, %xmm4, %xmm4
11469        vpsrldq	$12, %xmm0, %xmm2
11470        vpslldq	$4, %xmm0, %xmm0
11471        vpslldq	$4, %xmm1, %xmm1
11472        vpor	%xmm2, %xmm4, %xmm4
11473        vpor	%xmm0, %xmm6, %xmm6
11474        vpor	%xmm1, %xmm4, %xmm4
11475        # ghash_red
11476        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
11477        vpclmulqdq	$16, %xmm2, %xmm6, %xmm0
11478        vpshufd	$0x4e, %xmm6, %xmm1
11479        vpxor	%xmm0, %xmm1, %xmm1
11480        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
11481        vpshufd	$0x4e, %xmm1, %xmm1
11482        vpxor	%xmm0, %xmm1, %xmm1
11483        vpxor	%xmm1, %xmm4, %xmm4
11484        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm4, %xmm4
11485        #   Encrypt counter
11486        vmovdqu	(%ebp), %xmm7
11487        vpxor	%xmm4, %xmm7, %xmm7
11488        vaesenc	16(%ebp), %xmm7, %xmm7
11489        vaesenc	32(%ebp), %xmm7, %xmm7
11490        vaesenc	48(%ebp), %xmm7, %xmm7
11491        vaesenc	64(%ebp), %xmm7, %xmm7
11492        vaesenc	80(%ebp), %xmm7, %xmm7
11493        vaesenc	96(%ebp), %xmm7, %xmm7
11494        vaesenc	112(%ebp), %xmm7, %xmm7
11495        vaesenc	128(%ebp), %xmm7, %xmm7
11496        vaesenc	144(%ebp), %xmm7, %xmm7
11497        cmpl	$11, 56(%esp)
11498        vmovdqu	160(%ebp), %xmm0
11499        jl	L_AES_GCM_init_avx2_calc_iv_2_aesenc_avx_last
11500        vaesenc	%xmm0, %xmm7, %xmm7
11501        vaesenc	176(%ebp), %xmm7, %xmm7
11502        cmpl	$13, 56(%esp)
11503        vmovdqu	192(%ebp), %xmm0
11504        jl	L_AES_GCM_init_avx2_calc_iv_2_aesenc_avx_last
11505        vaesenc	%xmm0, %xmm7, %xmm7
11506        vaesenc	208(%ebp), %xmm7, %xmm7
11507        vmovdqu	224(%ebp), %xmm0
11508L_AES_GCM_init_avx2_calc_iv_2_aesenc_avx_last:
11509        vaesenclast	%xmm0, %xmm7, %xmm7
11510        jmp	L_AES_GCM_init_avx2_iv_done
11511L_AES_GCM_init_avx2_iv_12:
11512        # # Calculate values when IV is 12 bytes
11513        # Set counter based on IV
11514        vmovdqu	L_avx2_aes_gcm_bswap_one, %xmm4
11515        vmovdqu	(%ebp), %xmm5
11516        vpblendd	$7, (%esi), %xmm4, %xmm4
11517        # H = Encrypt X(=0) and T = Encrypt counter
11518        vmovdqu	16(%ebp), %xmm6
11519        vpxor	%xmm5, %xmm4, %xmm7
11520        vaesenc	%xmm6, %xmm5, %xmm5
11521        vaesenc	%xmm6, %xmm7, %xmm7
11522        vmovdqu	32(%ebp), %xmm0
11523        vaesenc	%xmm0, %xmm5, %xmm5
11524        vaesenc	%xmm0, %xmm7, %xmm7
11525        vmovdqu	48(%ebp), %xmm0
11526        vaesenc	%xmm0, %xmm5, %xmm5
11527        vaesenc	%xmm0, %xmm7, %xmm7
11528        vmovdqu	64(%ebp), %xmm0
11529        vaesenc	%xmm0, %xmm5, %xmm5
11530        vaesenc	%xmm0, %xmm7, %xmm7
11531        vmovdqu	80(%ebp), %xmm0
11532        vaesenc	%xmm0, %xmm5, %xmm5
11533        vaesenc	%xmm0, %xmm7, %xmm7
11534        vmovdqu	96(%ebp), %xmm0
11535        vaesenc	%xmm0, %xmm5, %xmm5
11536        vaesenc	%xmm0, %xmm7, %xmm7
11537        vmovdqu	112(%ebp), %xmm0
11538        vaesenc	%xmm0, %xmm5, %xmm5
11539        vaesenc	%xmm0, %xmm7, %xmm7
11540        vmovdqu	128(%ebp), %xmm0
11541        vaesenc	%xmm0, %xmm5, %xmm5
11542        vaesenc	%xmm0, %xmm7, %xmm7
11543        vmovdqu	144(%ebp), %xmm0
11544        vaesenc	%xmm0, %xmm5, %xmm5
11545        vaesenc	%xmm0, %xmm7, %xmm7
11546        cmpl	$11, 56(%esp)
11547        vmovdqu	160(%ebp), %xmm0
11548        jl	L_AES_GCM_init_avx2_calc_iv_12_last
11549        vaesenc	%xmm0, %xmm5, %xmm5
11550        vaesenc	%xmm0, %xmm7, %xmm7
11551        vmovdqu	176(%ebp), %xmm0
11552        vaesenc	%xmm0, %xmm5, %xmm5
11553        vaesenc	%xmm0, %xmm7, %xmm7
11554        cmpl	$13, 56(%esp)
11555        vmovdqu	192(%ebp), %xmm0
11556        jl	L_AES_GCM_init_avx2_calc_iv_12_last
11557        vaesenc	%xmm0, %xmm5, %xmm5
11558        vaesenc	%xmm0, %xmm7, %xmm7
11559        vmovdqu	208(%ebp), %xmm0
11560        vaesenc	%xmm0, %xmm5, %xmm5
11561        vaesenc	%xmm0, %xmm7, %xmm7
11562        vmovdqu	224(%ebp), %xmm0
11563L_AES_GCM_init_avx2_calc_iv_12_last:
11564        vaesenclast	%xmm0, %xmm5, %xmm5
11565        vaesenclast	%xmm0, %xmm7, %xmm7
11566        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm5, %xmm5
11567L_AES_GCM_init_avx2_iv_done:
11568        vmovdqu	%xmm7, (%edi)
11569        movl	68(%esp), %ebp
11570        movl	72(%esp), %edi
11571        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm4, %xmm4
11572        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm4
11573        vmovdqu	%xmm5, (%ebp)
11574        vmovdqu	%xmm4, (%edi)
11575        addl	$32, %esp
11576        popl	%ebp
11577        popl	%edi
11578        popl	%esi
11579        popl	%ebx
11580        ret
11581.size	AES_GCM_init_avx2,.-AES_GCM_init_avx2
11582.text
11583.globl	AES_GCM_aad_update_avx2
11584.type	AES_GCM_aad_update_avx2,@function
11585.align	16
11586AES_GCM_aad_update_avx2:
11587        pushl	%esi
11588        pushl	%edi
11589        movl	12(%esp), %esi
11590        movl	16(%esp), %edx
11591        movl	20(%esp), %edi
11592        movl	24(%esp), %eax
11593        vmovdqu	(%edi), %xmm4
11594        vmovdqu	(%eax), %xmm5
11595        xorl	%ecx, %ecx
11596L_AES_GCM_aad_update_avx2_16_loop:
11597        vmovdqu	(%esi,%ecx,1), %xmm0
11598        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
11599        vpxor	%xmm0, %xmm4, %xmm4
11600        # ghash_gfmul_avx
11601        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
11602        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
11603        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
11604        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
11605        vpxor	%xmm1, %xmm2, %xmm2
11606        vpslldq	$8, %xmm2, %xmm1
11607        vpsrldq	$8, %xmm2, %xmm2
11608        vpxor	%xmm1, %xmm0, %xmm6
11609        vpxor	%xmm2, %xmm3, %xmm4
11610        # ghash_mid
11611        vpsrld	$31, %xmm6, %xmm0
11612        vpsrld	$31, %xmm4, %xmm1
11613        vpslld	$0x01, %xmm6, %xmm6
11614        vpslld	$0x01, %xmm4, %xmm4
11615        vpsrldq	$12, %xmm0, %xmm2
11616        vpslldq	$4, %xmm0, %xmm0
11617        vpslldq	$4, %xmm1, %xmm1
11618        vpor	%xmm2, %xmm4, %xmm4
11619        vpor	%xmm0, %xmm6, %xmm6
11620        vpor	%xmm1, %xmm4, %xmm4
11621        # ghash_red
11622        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
11623        vpclmulqdq	$16, %xmm2, %xmm6, %xmm0
11624        vpshufd	$0x4e, %xmm6, %xmm1
11625        vpxor	%xmm0, %xmm1, %xmm1
11626        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
11627        vpshufd	$0x4e, %xmm1, %xmm1
11628        vpxor	%xmm0, %xmm1, %xmm1
11629        vpxor	%xmm1, %xmm4, %xmm4
11630        addl	$16, %ecx
11631        cmpl	%edx, %ecx
11632        jl	L_AES_GCM_aad_update_avx2_16_loop
11633        vmovdqu	%xmm4, (%edi)
11634        popl	%edi
11635        popl	%esi
11636        ret
11637.size	AES_GCM_aad_update_avx2,.-AES_GCM_aad_update_avx2
11638.text
11639.globl	AES_GCM_encrypt_block_avx2
11640.type	AES_GCM_encrypt_block_avx2,@function
11641.align	16
11642AES_GCM_encrypt_block_avx2:
11643        pushl	%esi
11644        pushl	%edi
11645        movl	12(%esp), %ecx
11646        movl	16(%esp), %eax
11647        movl	20(%esp), %edi
11648        movl	24(%esp), %esi
11649        movl	28(%esp), %edx
11650        vmovdqu	(%edx), %xmm3
11651        # aesenc_block
11652        vmovdqu	%xmm3, %xmm1
11653        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm1, %xmm0
11654        vpaddd	L_aes_gcm_avx2_one, %xmm1, %xmm1
11655        vpxor	(%ecx), %xmm0, %xmm0
11656        vaesenc	16(%ecx), %xmm0, %xmm0
11657        vaesenc	32(%ecx), %xmm0, %xmm0
11658        vaesenc	48(%ecx), %xmm0, %xmm0
11659        vaesenc	64(%ecx), %xmm0, %xmm0
11660        vaesenc	80(%ecx), %xmm0, %xmm0
11661        vaesenc	96(%ecx), %xmm0, %xmm0
11662        vaesenc	112(%ecx), %xmm0, %xmm0
11663        vaesenc	128(%ecx), %xmm0, %xmm0
11664        vaesenc	144(%ecx), %xmm0, %xmm0
11665        cmpl	$11, %eax
11666        vmovdqu	160(%ecx), %xmm2
11667        jl	L_AES_GCM_encrypt_block_avx2_aesenc_block_aesenc_avx_last
11668        vaesenc	%xmm2, %xmm0, %xmm0
11669        vaesenc	176(%ecx), %xmm0, %xmm0
11670        cmpl	$13, %eax
11671        vmovdqu	192(%ecx), %xmm2
11672        jl	L_AES_GCM_encrypt_block_avx2_aesenc_block_aesenc_avx_last
11673        vaesenc	%xmm2, %xmm0, %xmm0
11674        vaesenc	208(%ecx), %xmm0, %xmm0
11675        vmovdqu	224(%ecx), %xmm2
11676L_AES_GCM_encrypt_block_avx2_aesenc_block_aesenc_avx_last:
11677        vaesenclast	%xmm2, %xmm0, %xmm0
11678        vmovdqu	%xmm1, %xmm3
11679        vmovdqu	(%esi), %xmm1
11680        vpxor	%xmm1, %xmm0, %xmm0
11681        vmovdqu	%xmm0, (%edi)
11682        vmovdqu	%xmm3, (%edx)
11683        popl	%edi
11684        popl	%esi
11685        ret
11686.size	AES_GCM_encrypt_block_avx2,.-AES_GCM_encrypt_block_avx2
11687.text
11688.globl	AES_GCM_ghash_block_avx2
11689.type	AES_GCM_ghash_block_avx2,@function
11690.align	16
11691AES_GCM_ghash_block_avx2:
11692        movl	4(%esp), %edx
11693        movl	8(%esp), %eax
11694        movl	12(%esp), %ecx
11695        vmovdqu	(%eax), %xmm4
11696        vmovdqu	(%ecx), %xmm5
11697        vmovdqu	(%edx), %xmm0
11698        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
11699        vpxor	%xmm0, %xmm4, %xmm4
11700        # ghash_gfmul_avx
11701        vpclmulqdq	$16, %xmm4, %xmm5, %xmm2
11702        vpclmulqdq	$0x01, %xmm4, %xmm5, %xmm1
11703        vpclmulqdq	$0x00, %xmm4, %xmm5, %xmm0
11704        vpclmulqdq	$0x11, %xmm4, %xmm5, %xmm3
11705        vpxor	%xmm1, %xmm2, %xmm2
11706        vpslldq	$8, %xmm2, %xmm1
11707        vpsrldq	$8, %xmm2, %xmm2
11708        vpxor	%xmm1, %xmm0, %xmm6
11709        vpxor	%xmm2, %xmm3, %xmm4
11710        # ghash_mid
11711        vpsrld	$31, %xmm6, %xmm0
11712        vpsrld	$31, %xmm4, %xmm1
11713        vpslld	$0x01, %xmm6, %xmm6
11714        vpslld	$0x01, %xmm4, %xmm4
11715        vpsrldq	$12, %xmm0, %xmm2
11716        vpslldq	$4, %xmm0, %xmm0
11717        vpslldq	$4, %xmm1, %xmm1
11718        vpor	%xmm2, %xmm4, %xmm4
11719        vpor	%xmm0, %xmm6, %xmm6
11720        vpor	%xmm1, %xmm4, %xmm4
11721        # ghash_red
11722        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
11723        vpclmulqdq	$16, %xmm2, %xmm6, %xmm0
11724        vpshufd	$0x4e, %xmm6, %xmm1
11725        vpxor	%xmm0, %xmm1, %xmm1
11726        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
11727        vpshufd	$0x4e, %xmm1, %xmm1
11728        vpxor	%xmm0, %xmm1, %xmm1
11729        vpxor	%xmm1, %xmm4, %xmm4
11730        vmovdqu	%xmm4, (%eax)
11731        ret
11732.size	AES_GCM_ghash_block_avx2,.-AES_GCM_ghash_block_avx2
11733.text
11734.globl	AES_GCM_encrypt_update_avx2
11735.type	AES_GCM_encrypt_update_avx2,@function
11736.align	16
11737AES_GCM_encrypt_update_avx2:
11738        pushl	%ebx
11739        pushl	%esi
11740        pushl	%edi
11741        pushl	%ebp
11742        subl	$0x60, %esp
11743        movl	144(%esp), %esi
11744        vmovdqu	(%esi), %xmm4
11745        vmovdqu	%xmm4, 64(%esp)
11746        movl	136(%esp), %esi
11747        movl	140(%esp), %ebp
11748        vmovdqu	(%esi), %xmm6
11749        vmovdqu	(%ebp), %xmm5
11750        vmovdqu	%xmm6, 80(%esp)
11751        movl	116(%esp), %ebp
11752        movl	124(%esp), %edi
11753        movl	128(%esp), %esi
11754        # Calculate H
11755        vpsrlq	$63, %xmm5, %xmm1
11756        vpsllq	$0x01, %xmm5, %xmm0
11757        vpslldq	$8, %xmm1, %xmm1
11758        vpor	%xmm1, %xmm0, %xmm0
11759        vpshufd	$0xff, %xmm5, %xmm5
11760        vpsrad	$31, %xmm5, %xmm5
11761        vpand	L_aes_gcm_avx2_mod2_128, %xmm5, %xmm5
11762        vpxor	%xmm0, %xmm5, %xmm5
11763        xorl	%ebx, %ebx
11764        cmpl	$0x40, 132(%esp)
11765        movl	132(%esp), %eax
11766        jl	L_AES_GCM_encrypt_update_avx2_done_64
11767        andl	$0xffffffc0, %eax
11768        vmovdqu	%xmm4, 64(%esp)
11769        vmovdqu	%xmm6, 80(%esp)
11770        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm3
11771        # H ^ 1
11772        vmovdqu	%xmm5, (%esp)
11773        vmovdqu	%xmm5, %xmm2
11774        # H ^ 2
11775        vpclmulqdq	$0x00, %xmm2, %xmm2, %xmm5
11776        vpclmulqdq	$0x11, %xmm2, %xmm2, %xmm6
11777        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
11778        vpshufd	$0x4e, %xmm5, %xmm5
11779        vpxor	%xmm4, %xmm5, %xmm5
11780        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
11781        vpshufd	$0x4e, %xmm5, %xmm5
11782        vpxor	%xmm4, %xmm5, %xmm5
11783        vpxor	%xmm5, %xmm6, %xmm0
11784        vmovdqu	%xmm0, 16(%esp)
11785        # H ^ 3
11786        # ghash_gfmul_red
11787        vpclmulqdq	$16, %xmm0, %xmm2, %xmm6
11788        vpclmulqdq	$0x01, %xmm0, %xmm2, %xmm5
11789        vpclmulqdq	$0x00, %xmm0, %xmm2, %xmm4
11790        vpxor	%xmm5, %xmm6, %xmm6
11791        vpslldq	$8, %xmm6, %xmm5
11792        vpsrldq	$8, %xmm6, %xmm6
11793        vpxor	%xmm4, %xmm5, %xmm5
11794        vpclmulqdq	$0x11, %xmm0, %xmm2, %xmm1
11795        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
11796        vpshufd	$0x4e, %xmm5, %xmm5
11797        vpxor	%xmm4, %xmm5, %xmm5
11798        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
11799        vpshufd	$0x4e, %xmm5, %xmm5
11800        vpxor	%xmm6, %xmm1, %xmm1
11801        vpxor	%xmm5, %xmm1, %xmm1
11802        vpxor	%xmm4, %xmm1, %xmm1
11803        vmovdqu	%xmm1, 32(%esp)
11804        # H ^ 4
11805        vpclmulqdq	$0x00, %xmm0, %xmm0, %xmm5
11806        vpclmulqdq	$0x11, %xmm0, %xmm0, %xmm6
11807        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
11808        vpshufd	$0x4e, %xmm5, %xmm5
11809        vpxor	%xmm4, %xmm5, %xmm5
11810        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
11811        vpshufd	$0x4e, %xmm5, %xmm5
11812        vpxor	%xmm4, %xmm5, %xmm5
11813        vpxor	%xmm5, %xmm6, %xmm2
11814        vmovdqu	%xmm2, 48(%esp)
11815        vmovdqu	80(%esp), %xmm6
11816        # First 64 bytes of input
11817        # aesenc_64
11818        # aesenc_ctr
11819        vmovdqu	64(%esp), %xmm4
11820        vmovdqu	L_aes_gcm_avx2_bswap_epi64, %xmm7
11821        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm1
11822        vpshufb	%xmm7, %xmm4, %xmm0
11823        vpaddd	L_aes_gcm_avx2_two, %xmm4, %xmm2
11824        vpshufb	%xmm7, %xmm1, %xmm1
11825        vpaddd	L_aes_gcm_avx2_three, %xmm4, %xmm3
11826        vpshufb	%xmm7, %xmm2, %xmm2
11827        vpaddd	L_aes_gcm_avx2_four, %xmm4, %xmm4
11828        vpshufb	%xmm7, %xmm3, %xmm3
11829        # aesenc_xor
11830        vmovdqu	(%ebp), %xmm7
11831        vmovdqu	%xmm4, 64(%esp)
11832        vpxor	%xmm7, %xmm0, %xmm0
11833        vpxor	%xmm7, %xmm1, %xmm1
11834        vpxor	%xmm7, %xmm2, %xmm2
11835        vpxor	%xmm7, %xmm3, %xmm3
11836        vmovdqu	16(%ebp), %xmm7
11837        vaesenc	%xmm7, %xmm0, %xmm0
11838        vaesenc	%xmm7, %xmm1, %xmm1
11839        vaesenc	%xmm7, %xmm2, %xmm2
11840        vaesenc	%xmm7, %xmm3, %xmm3
11841        vmovdqu	32(%ebp), %xmm7
11842        vaesenc	%xmm7, %xmm0, %xmm0
11843        vaesenc	%xmm7, %xmm1, %xmm1
11844        vaesenc	%xmm7, %xmm2, %xmm2
11845        vaesenc	%xmm7, %xmm3, %xmm3
11846        vmovdqu	48(%ebp), %xmm7
11847        vaesenc	%xmm7, %xmm0, %xmm0
11848        vaesenc	%xmm7, %xmm1, %xmm1
11849        vaesenc	%xmm7, %xmm2, %xmm2
11850        vaesenc	%xmm7, %xmm3, %xmm3
11851        vmovdqu	64(%ebp), %xmm7
11852        vaesenc	%xmm7, %xmm0, %xmm0
11853        vaesenc	%xmm7, %xmm1, %xmm1
11854        vaesenc	%xmm7, %xmm2, %xmm2
11855        vaesenc	%xmm7, %xmm3, %xmm3
11856        vmovdqu	80(%ebp), %xmm7
11857        vaesenc	%xmm7, %xmm0, %xmm0
11858        vaesenc	%xmm7, %xmm1, %xmm1
11859        vaesenc	%xmm7, %xmm2, %xmm2
11860        vaesenc	%xmm7, %xmm3, %xmm3
11861        vmovdqu	96(%ebp), %xmm7
11862        vaesenc	%xmm7, %xmm0, %xmm0
11863        vaesenc	%xmm7, %xmm1, %xmm1
11864        vaesenc	%xmm7, %xmm2, %xmm2
11865        vaesenc	%xmm7, %xmm3, %xmm3
11866        vmovdqu	112(%ebp), %xmm7
11867        vaesenc	%xmm7, %xmm0, %xmm0
11868        vaesenc	%xmm7, %xmm1, %xmm1
11869        vaesenc	%xmm7, %xmm2, %xmm2
11870        vaesenc	%xmm7, %xmm3, %xmm3
11871        vmovdqu	128(%ebp), %xmm7
11872        vaesenc	%xmm7, %xmm0, %xmm0
11873        vaesenc	%xmm7, %xmm1, %xmm1
11874        vaesenc	%xmm7, %xmm2, %xmm2
11875        vaesenc	%xmm7, %xmm3, %xmm3
11876        vmovdqu	144(%ebp), %xmm7
11877        vaesenc	%xmm7, %xmm0, %xmm0
11878        vaesenc	%xmm7, %xmm1, %xmm1
11879        vaesenc	%xmm7, %xmm2, %xmm2
11880        vaesenc	%xmm7, %xmm3, %xmm3
11881        cmpl	$11, 120(%esp)
11882        vmovdqu	160(%ebp), %xmm7
11883        jl	L_AES_GCM_encrypt_update_avx2_aesenc_64_enc_done
11884        vaesenc	%xmm7, %xmm0, %xmm0
11885        vaesenc	%xmm7, %xmm1, %xmm1
11886        vaesenc	%xmm7, %xmm2, %xmm2
11887        vaesenc	%xmm7, %xmm3, %xmm3
11888        vmovdqu	176(%ebp), %xmm7
11889        vaesenc	%xmm7, %xmm0, %xmm0
11890        vaesenc	%xmm7, %xmm1, %xmm1
11891        vaesenc	%xmm7, %xmm2, %xmm2
11892        vaesenc	%xmm7, %xmm3, %xmm3
11893        cmpl	$13, 120(%esp)
11894        vmovdqu	192(%ebp), %xmm7
11895        jl	L_AES_GCM_encrypt_update_avx2_aesenc_64_enc_done
11896        vaesenc	%xmm7, %xmm0, %xmm0
11897        vaesenc	%xmm7, %xmm1, %xmm1
11898        vaesenc	%xmm7, %xmm2, %xmm2
11899        vaesenc	%xmm7, %xmm3, %xmm3
11900        vmovdqu	208(%ebp), %xmm7
11901        vaesenc	%xmm7, %xmm0, %xmm0
11902        vaesenc	%xmm7, %xmm1, %xmm1
11903        vaesenc	%xmm7, %xmm2, %xmm2
11904        vaesenc	%xmm7, %xmm3, %xmm3
11905        vmovdqu	224(%ebp), %xmm7
11906L_AES_GCM_encrypt_update_avx2_aesenc_64_enc_done:
11907        # aesenc_last
11908        vaesenclast	%xmm7, %xmm0, %xmm0
11909        vaesenclast	%xmm7, %xmm1, %xmm1
11910        vaesenclast	%xmm7, %xmm2, %xmm2
11911        vaesenclast	%xmm7, %xmm3, %xmm3
11912        vmovdqu	(%esi), %xmm7
11913        vmovdqu	16(%esi), %xmm4
11914        vpxor	%xmm7, %xmm0, %xmm0
11915        vpxor	%xmm4, %xmm1, %xmm1
11916        vmovdqu	%xmm0, (%edi)
11917        vmovdqu	%xmm1, 16(%edi)
11918        vmovdqu	32(%esi), %xmm7
11919        vmovdqu	48(%esi), %xmm4
11920        vpxor	%xmm7, %xmm2, %xmm2
11921        vpxor	%xmm4, %xmm3, %xmm3
11922        vmovdqu	%xmm2, 32(%edi)
11923        vmovdqu	%xmm3, 48(%edi)
11924        cmpl	$0x40, %eax
11925        movl	$0x40, %ebx
11926        movl	%esi, %ecx
11927        movl	%edi, %edx
11928        jle	L_AES_GCM_encrypt_update_avx2_end_64
11929        # More 64 bytes of input
11930L_AES_GCM_encrypt_update_avx2_ghash_64:
11931        # aesenc_64_ghash
11932        leal	(%esi,%ebx,1), %ecx
11933        leal	(%edi,%ebx,1), %edx
11934        # aesenc_64
11935        # aesenc_ctr
11936        vmovdqu	64(%esp), %xmm4
11937        vmovdqu	L_aes_gcm_avx2_bswap_epi64, %xmm7
11938        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm1
11939        vpshufb	%xmm7, %xmm4, %xmm0
11940        vpaddd	L_aes_gcm_avx2_two, %xmm4, %xmm2
11941        vpshufb	%xmm7, %xmm1, %xmm1
11942        vpaddd	L_aes_gcm_avx2_three, %xmm4, %xmm3
11943        vpshufb	%xmm7, %xmm2, %xmm2
11944        vpaddd	L_aes_gcm_avx2_four, %xmm4, %xmm4
11945        vpshufb	%xmm7, %xmm3, %xmm3
11946        # aesenc_xor
11947        vmovdqu	(%ebp), %xmm7
11948        vmovdqu	%xmm4, 64(%esp)
11949        vpxor	%xmm7, %xmm0, %xmm0
11950        vpxor	%xmm7, %xmm1, %xmm1
11951        vpxor	%xmm7, %xmm2, %xmm2
11952        vpxor	%xmm7, %xmm3, %xmm3
11953        vmovdqu	16(%ebp), %xmm7
11954        vaesenc	%xmm7, %xmm0, %xmm0
11955        vaesenc	%xmm7, %xmm1, %xmm1
11956        vaesenc	%xmm7, %xmm2, %xmm2
11957        vaesenc	%xmm7, %xmm3, %xmm3
11958        vmovdqu	32(%ebp), %xmm7
11959        vaesenc	%xmm7, %xmm0, %xmm0
11960        vaesenc	%xmm7, %xmm1, %xmm1
11961        vaesenc	%xmm7, %xmm2, %xmm2
11962        vaesenc	%xmm7, %xmm3, %xmm3
11963        vmovdqu	48(%ebp), %xmm7
11964        vaesenc	%xmm7, %xmm0, %xmm0
11965        vaesenc	%xmm7, %xmm1, %xmm1
11966        vaesenc	%xmm7, %xmm2, %xmm2
11967        vaesenc	%xmm7, %xmm3, %xmm3
11968        vmovdqu	64(%ebp), %xmm7
11969        vaesenc	%xmm7, %xmm0, %xmm0
11970        vaesenc	%xmm7, %xmm1, %xmm1
11971        vaesenc	%xmm7, %xmm2, %xmm2
11972        vaesenc	%xmm7, %xmm3, %xmm3
11973        vmovdqu	80(%ebp), %xmm7
11974        vaesenc	%xmm7, %xmm0, %xmm0
11975        vaesenc	%xmm7, %xmm1, %xmm1
11976        vaesenc	%xmm7, %xmm2, %xmm2
11977        vaesenc	%xmm7, %xmm3, %xmm3
11978        vmovdqu	96(%ebp), %xmm7
11979        vaesenc	%xmm7, %xmm0, %xmm0
11980        vaesenc	%xmm7, %xmm1, %xmm1
11981        vaesenc	%xmm7, %xmm2, %xmm2
11982        vaesenc	%xmm7, %xmm3, %xmm3
11983        vmovdqu	112(%ebp), %xmm7
11984        vaesenc	%xmm7, %xmm0, %xmm0
11985        vaesenc	%xmm7, %xmm1, %xmm1
11986        vaesenc	%xmm7, %xmm2, %xmm2
11987        vaesenc	%xmm7, %xmm3, %xmm3
11988        vmovdqu	128(%ebp), %xmm7
11989        vaesenc	%xmm7, %xmm0, %xmm0
11990        vaesenc	%xmm7, %xmm1, %xmm1
11991        vaesenc	%xmm7, %xmm2, %xmm2
11992        vaesenc	%xmm7, %xmm3, %xmm3
11993        vmovdqu	144(%ebp), %xmm7
11994        vaesenc	%xmm7, %xmm0, %xmm0
11995        vaesenc	%xmm7, %xmm1, %xmm1
11996        vaesenc	%xmm7, %xmm2, %xmm2
11997        vaesenc	%xmm7, %xmm3, %xmm3
11998        cmpl	$11, 120(%esp)
11999        vmovdqu	160(%ebp), %xmm7
12000        jl	L_AES_GCM_encrypt_update_avx2_aesenc_64_ghash_aesenc_64_enc_done
12001        vaesenc	%xmm7, %xmm0, %xmm0
12002        vaesenc	%xmm7, %xmm1, %xmm1
12003        vaesenc	%xmm7, %xmm2, %xmm2
12004        vaesenc	%xmm7, %xmm3, %xmm3
12005        vmovdqu	176(%ebp), %xmm7
12006        vaesenc	%xmm7, %xmm0, %xmm0
12007        vaesenc	%xmm7, %xmm1, %xmm1
12008        vaesenc	%xmm7, %xmm2, %xmm2
12009        vaesenc	%xmm7, %xmm3, %xmm3
12010        cmpl	$13, 120(%esp)
12011        vmovdqu	192(%ebp), %xmm7
12012        jl	L_AES_GCM_encrypt_update_avx2_aesenc_64_ghash_aesenc_64_enc_done
12013        vaesenc	%xmm7, %xmm0, %xmm0
12014        vaesenc	%xmm7, %xmm1, %xmm1
12015        vaesenc	%xmm7, %xmm2, %xmm2
12016        vaesenc	%xmm7, %xmm3, %xmm3
12017        vmovdqu	208(%ebp), %xmm7
12018        vaesenc	%xmm7, %xmm0, %xmm0
12019        vaesenc	%xmm7, %xmm1, %xmm1
12020        vaesenc	%xmm7, %xmm2, %xmm2
12021        vaesenc	%xmm7, %xmm3, %xmm3
12022        vmovdqu	224(%ebp), %xmm7
12023L_AES_GCM_encrypt_update_avx2_aesenc_64_ghash_aesenc_64_enc_done:
12024        # aesenc_last
12025        vaesenclast	%xmm7, %xmm0, %xmm0
12026        vaesenclast	%xmm7, %xmm1, %xmm1
12027        vaesenclast	%xmm7, %xmm2, %xmm2
12028        vaesenclast	%xmm7, %xmm3, %xmm3
12029        vmovdqu	(%ecx), %xmm7
12030        vmovdqu	16(%ecx), %xmm4
12031        vpxor	%xmm7, %xmm0, %xmm0
12032        vpxor	%xmm4, %xmm1, %xmm1
12033        vmovdqu	%xmm0, (%edx)
12034        vmovdqu	%xmm1, 16(%edx)
12035        vmovdqu	32(%ecx), %xmm7
12036        vmovdqu	48(%ecx), %xmm4
12037        vpxor	%xmm7, %xmm2, %xmm2
12038        vpxor	%xmm4, %xmm3, %xmm3
12039        vmovdqu	%xmm2, 32(%edx)
12040        vmovdqu	%xmm3, 48(%edx)
12041        # pclmul_1
12042        vmovdqu	-64(%edx), %xmm1
12043        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12044        vmovdqu	48(%esp), %xmm2
12045        vpxor	%xmm6, %xmm1, %xmm1
12046        vpclmulqdq	$16, %xmm2, %xmm1, %xmm5
12047        vpclmulqdq	$0x01, %xmm2, %xmm1, %xmm3
12048        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm6
12049        vpclmulqdq	$0x11, %xmm2, %xmm1, %xmm7
12050        # pclmul_2
12051        vmovdqu	-48(%edx), %xmm1
12052        vmovdqu	32(%esp), %xmm0
12053        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12054        vpxor	%xmm3, %xmm5, %xmm5
12055        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
12056        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
12057        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
12058        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
12059        vpxor	%xmm1, %xmm7, %xmm7
12060        # pclmul_n
12061        vmovdqu	-32(%edx), %xmm1
12062        vmovdqu	16(%esp), %xmm0
12063        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12064        vpxor	%xmm2, %xmm5, %xmm5
12065        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
12066        vpxor	%xmm3, %xmm5, %xmm5
12067        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
12068        vpxor	%xmm4, %xmm6, %xmm6
12069        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
12070        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
12071        vpxor	%xmm1, %xmm7, %xmm7
12072        # pclmul_n
12073        vmovdqu	-16(%edx), %xmm1
12074        vmovdqu	(%esp), %xmm0
12075        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12076        vpxor	%xmm2, %xmm5, %xmm5
12077        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
12078        vpxor	%xmm3, %xmm5, %xmm5
12079        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
12080        vpxor	%xmm4, %xmm6, %xmm6
12081        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
12082        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
12083        vpxor	%xmm1, %xmm7, %xmm7
12084        # aesenc_pclmul_l
12085        vpxor	%xmm2, %xmm5, %xmm5
12086        vpxor	%xmm4, %xmm6, %xmm6
12087        vpxor	%xmm3, %xmm5, %xmm5
12088        vpslldq	$8, %xmm5, %xmm1
12089        vpsrldq	$8, %xmm5, %xmm5
12090        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm0
12091        vpxor	%xmm1, %xmm6, %xmm6
12092        vpxor	%xmm5, %xmm7, %xmm7
12093        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
12094        vpshufd	$0x4e, %xmm6, %xmm6
12095        vpxor	%xmm3, %xmm6, %xmm6
12096        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
12097        vpshufd	$0x4e, %xmm6, %xmm6
12098        vpxor	%xmm3, %xmm6, %xmm6
12099        vpxor	%xmm7, %xmm6, %xmm6
12100        # aesenc_64_ghash - end
12101        addl	$0x40, %ebx
12102        cmpl	%eax, %ebx
12103        jl	L_AES_GCM_encrypt_update_avx2_ghash_64
12104L_AES_GCM_encrypt_update_avx2_end_64:
12105        vmovdqu	%xmm6, 80(%esp)
12106        vmovdqu	48(%edx), %xmm3
12107        vmovdqu	(%esp), %xmm7
12108        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm3, %xmm3
12109        vpclmulqdq	$16, %xmm3, %xmm7, %xmm5
12110        vpclmulqdq	$0x01, %xmm3, %xmm7, %xmm1
12111        vpclmulqdq	$0x00, %xmm3, %xmm7, %xmm4
12112        vpclmulqdq	$0x11, %xmm3, %xmm7, %xmm6
12113        vpxor	%xmm1, %xmm5, %xmm5
12114        vmovdqu	32(%edx), %xmm3
12115        vmovdqu	16(%esp), %xmm7
12116        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm3, %xmm3
12117        vpclmulqdq	$16, %xmm3, %xmm7, %xmm2
12118        vpclmulqdq	$0x01, %xmm3, %xmm7, %xmm1
12119        vpclmulqdq	$0x00, %xmm3, %xmm7, %xmm0
12120        vpclmulqdq	$0x11, %xmm3, %xmm7, %xmm3
12121        vpxor	%xmm1, %xmm2, %xmm2
12122        vpxor	%xmm3, %xmm6, %xmm6
12123        vpxor	%xmm2, %xmm5, %xmm5
12124        vpxor	%xmm0, %xmm4, %xmm4
12125        vmovdqu	16(%edx), %xmm3
12126        vmovdqu	32(%esp), %xmm7
12127        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm3, %xmm3
12128        vpclmulqdq	$16, %xmm3, %xmm7, %xmm2
12129        vpclmulqdq	$0x01, %xmm3, %xmm7, %xmm1
12130        vpclmulqdq	$0x00, %xmm3, %xmm7, %xmm0
12131        vpclmulqdq	$0x11, %xmm3, %xmm7, %xmm3
12132        vpxor	%xmm1, %xmm2, %xmm2
12133        vpxor	%xmm3, %xmm6, %xmm6
12134        vpxor	%xmm2, %xmm5, %xmm5
12135        vpxor	%xmm0, %xmm4, %xmm4
12136        vmovdqu	80(%esp), %xmm0
12137        vmovdqu	(%edx), %xmm3
12138        vmovdqu	48(%esp), %xmm7
12139        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm3, %xmm3
12140        vpxor	%xmm0, %xmm3, %xmm3
12141        vpclmulqdq	$16, %xmm3, %xmm7, %xmm2
12142        vpclmulqdq	$0x01, %xmm3, %xmm7, %xmm1
12143        vpclmulqdq	$0x00, %xmm3, %xmm7, %xmm0
12144        vpclmulqdq	$0x11, %xmm3, %xmm7, %xmm3
12145        vpxor	%xmm1, %xmm2, %xmm2
12146        vpxor	%xmm3, %xmm6, %xmm6
12147        vpxor	%xmm2, %xmm5, %xmm5
12148        vpxor	%xmm0, %xmm4, %xmm4
12149        vpslldq	$8, %xmm5, %xmm7
12150        vpsrldq	$8, %xmm5, %xmm5
12151        vpxor	%xmm7, %xmm4, %xmm4
12152        vpxor	%xmm5, %xmm6, %xmm6
12153        # ghash_red
12154        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm2
12155        vpclmulqdq	$16, %xmm2, %xmm4, %xmm0
12156        vpshufd	$0x4e, %xmm4, %xmm1
12157        vpxor	%xmm0, %xmm1, %xmm1
12158        vpclmulqdq	$16, %xmm2, %xmm1, %xmm0
12159        vpshufd	$0x4e, %xmm1, %xmm1
12160        vpxor	%xmm0, %xmm1, %xmm1
12161        vpxor	%xmm1, %xmm6, %xmm6
12162        vmovdqu	(%esp), %xmm5
12163        vmovdqu	64(%esp), %xmm4
12164L_AES_GCM_encrypt_update_avx2_done_64:
12165        cmpl	132(%esp), %ebx
12166        je	L_AES_GCM_encrypt_update_avx2_done_enc
12167        movl	132(%esp), %eax
12168        andl	$0xfffffff0, %eax
12169        cmpl	%eax, %ebx
12170        jge	L_AES_GCM_encrypt_update_avx2_last_block_done
12171        leal	(%esi,%ebx,1), %ecx
12172        leal	(%edi,%ebx,1), %edx
12173        # aesenc_block
12174        vmovdqu	%xmm4, %xmm1
12175        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm1, %xmm0
12176        vpaddd	L_aes_gcm_avx2_one, %xmm1, %xmm1
12177        vpxor	(%ebp), %xmm0, %xmm0
12178        vaesenc	16(%ebp), %xmm0, %xmm0
12179        vaesenc	32(%ebp), %xmm0, %xmm0
12180        vaesenc	48(%ebp), %xmm0, %xmm0
12181        vaesenc	64(%ebp), %xmm0, %xmm0
12182        vaesenc	80(%ebp), %xmm0, %xmm0
12183        vaesenc	96(%ebp), %xmm0, %xmm0
12184        vaesenc	112(%ebp), %xmm0, %xmm0
12185        vaesenc	128(%ebp), %xmm0, %xmm0
12186        vaesenc	144(%ebp), %xmm0, %xmm0
12187        cmpl	$11, 120(%esp)
12188        vmovdqu	160(%ebp), %xmm2
12189        jl	L_AES_GCM_encrypt_update_avx2_aesenc_block_aesenc_avx_last
12190        vaesenc	%xmm2, %xmm0, %xmm0
12191        vaesenc	176(%ebp), %xmm0, %xmm0
12192        cmpl	$13, 120(%esp)
12193        vmovdqu	192(%ebp), %xmm2
12194        jl	L_AES_GCM_encrypt_update_avx2_aesenc_block_aesenc_avx_last
12195        vaesenc	%xmm2, %xmm0, %xmm0
12196        vaesenc	208(%ebp), %xmm0, %xmm0
12197        vmovdqu	224(%ebp), %xmm2
12198L_AES_GCM_encrypt_update_avx2_aesenc_block_aesenc_avx_last:
12199        vaesenclast	%xmm2, %xmm0, %xmm0
12200        vmovdqu	%xmm1, %xmm4
12201        vmovdqu	(%ecx), %xmm1
12202        vpxor	%xmm1, %xmm0, %xmm0
12203        vmovdqu	%xmm0, (%edx)
12204        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
12205        vpxor	%xmm0, %xmm6, %xmm6
12206        addl	$16, %ebx
12207        cmpl	%eax, %ebx
12208        jge	L_AES_GCM_encrypt_update_avx2_last_block_ghash
12209L_AES_GCM_encrypt_update_avx2_last_block_start:
12210        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm4, %xmm7
12211        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm4
12212        vmovdqu	%xmm4, 64(%esp)
12213        # aesenc_gfmul_sb
12214        vpclmulqdq	$0x01, %xmm5, %xmm6, %xmm2
12215        vpclmulqdq	$16, %xmm5, %xmm6, %xmm3
12216        vpclmulqdq	$0x00, %xmm5, %xmm6, %xmm1
12217        vpclmulqdq	$0x11, %xmm5, %xmm6, %xmm4
12218        vpxor	(%ebp), %xmm7, %xmm7
12219        vaesenc	16(%ebp), %xmm7, %xmm7
12220        vpxor	%xmm2, %xmm3, %xmm3
12221        vpslldq	$8, %xmm3, %xmm2
12222        vpsrldq	$8, %xmm3, %xmm3
12223        vaesenc	32(%ebp), %xmm7, %xmm7
12224        vpxor	%xmm1, %xmm2, %xmm2
12225        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm2, %xmm1
12226        vaesenc	48(%ebp), %xmm7, %xmm7
12227        vaesenc	64(%ebp), %xmm7, %xmm7
12228        vaesenc	80(%ebp), %xmm7, %xmm7
12229        vpshufd	$0x4e, %xmm2, %xmm2
12230        vpxor	%xmm1, %xmm2, %xmm2
12231        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm2, %xmm1
12232        vaesenc	96(%ebp), %xmm7, %xmm7
12233        vaesenc	112(%ebp), %xmm7, %xmm7
12234        vaesenc	128(%ebp), %xmm7, %xmm7
12235        vpshufd	$0x4e, %xmm2, %xmm2
12236        vaesenc	144(%ebp), %xmm7, %xmm7
12237        vpxor	%xmm3, %xmm4, %xmm4
12238        vpxor	%xmm4, %xmm2, %xmm2
12239        vmovdqu	160(%ebp), %xmm0
12240        cmpl	$11, 120(%esp)
12241        jl	L_AES_GCM_encrypt_update_avx2_aesenc_gfmul_sb_last
12242        vaesenc	%xmm0, %xmm7, %xmm7
12243        vaesenc	176(%ebp), %xmm7, %xmm7
12244        vmovdqu	192(%ebp), %xmm0
12245        cmpl	$13, 120(%esp)
12246        jl	L_AES_GCM_encrypt_update_avx2_aesenc_gfmul_sb_last
12247        vaesenc	%xmm0, %xmm7, %xmm7
12248        vaesenc	208(%ebp), %xmm7, %xmm7
12249        vmovdqu	224(%ebp), %xmm0
12250L_AES_GCM_encrypt_update_avx2_aesenc_gfmul_sb_last:
12251        vaesenclast	%xmm0, %xmm7, %xmm7
12252        vmovdqu	(%esi,%ebx,1), %xmm3
12253        vpxor	%xmm1, %xmm2, %xmm6
12254        vpxor	%xmm3, %xmm7, %xmm7
12255        vmovdqu	%xmm7, (%edi,%ebx,1)
12256        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm7, %xmm7
12257        vpxor	%xmm7, %xmm6, %xmm6
12258        vmovdqu	64(%esp), %xmm4
12259        addl	$16, %ebx
12260        cmpl	%eax, %ebx
12261        jl	L_AES_GCM_encrypt_update_avx2_last_block_start
12262L_AES_GCM_encrypt_update_avx2_last_block_ghash:
12263        # ghash_gfmul_red
12264        vpclmulqdq	$16, %xmm5, %xmm6, %xmm2
12265        vpclmulqdq	$0x01, %xmm5, %xmm6, %xmm1
12266        vpclmulqdq	$0x00, %xmm5, %xmm6, %xmm0
12267        vpxor	%xmm1, %xmm2, %xmm2
12268        vpslldq	$8, %xmm2, %xmm1
12269        vpsrldq	$8, %xmm2, %xmm2
12270        vpxor	%xmm0, %xmm1, %xmm1
12271        vpclmulqdq	$0x11, %xmm5, %xmm6, %xmm6
12272        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm1, %xmm0
12273        vpshufd	$0x4e, %xmm1, %xmm1
12274        vpxor	%xmm0, %xmm1, %xmm1
12275        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm1, %xmm0
12276        vpshufd	$0x4e, %xmm1, %xmm1
12277        vpxor	%xmm2, %xmm6, %xmm6
12278        vpxor	%xmm1, %xmm6, %xmm6
12279        vpxor	%xmm0, %xmm6, %xmm6
12280L_AES_GCM_encrypt_update_avx2_last_block_done:
12281L_AES_GCM_encrypt_update_avx2_done_enc:
12282        movl	136(%esp), %esi
12283        movl	144(%esp), %edi
12284        vmovdqu	%xmm6, (%esi)
12285        vmovdqu	%xmm4, (%edi)
12286        addl	$0x60, %esp
12287        popl	%ebp
12288        popl	%edi
12289        popl	%esi
12290        popl	%ebx
12291        ret
12292.size	AES_GCM_encrypt_update_avx2,.-AES_GCM_encrypt_update_avx2
12293.text
12294.globl	AES_GCM_encrypt_final_avx2
12295.type	AES_GCM_encrypt_final_avx2,@function
12296.align	16
12297AES_GCM_encrypt_final_avx2:
12298        pushl	%esi
12299        pushl	%edi
12300        pushl	%ebp
12301        subl	$16, %esp
12302        movl	32(%esp), %ebp
12303        movl	52(%esp), %esi
12304        movl	56(%esp), %edi
12305        vmovdqu	(%ebp), %xmm4
12306        vmovdqu	(%esi), %xmm5
12307        vmovdqu	(%edi), %xmm6
12308        vpsrlq	$63, %xmm5, %xmm1
12309        vpsllq	$0x01, %xmm5, %xmm0
12310        vpslldq	$8, %xmm1, %xmm1
12311        vpor	%xmm1, %xmm0, %xmm0
12312        vpshufd	$0xff, %xmm5, %xmm5
12313        vpsrad	$31, %xmm5, %xmm5
12314        vpand	L_aes_gcm_avx2_mod2_128, %xmm5, %xmm5
12315        vpxor	%xmm0, %xmm5, %xmm5
12316        # calc_tag
12317        movl	44(%esp), %ecx
12318        shll	$3, %ecx
12319        vpinsrd	$0x00, %ecx, %xmm0, %xmm0
12320        movl	48(%esp), %ecx
12321        shll	$3, %ecx
12322        vpinsrd	$2, %ecx, %xmm0, %xmm0
12323        movl	44(%esp), %ecx
12324        shrl	$29, %ecx
12325        vpinsrd	$0x01, %ecx, %xmm0, %xmm0
12326        movl	48(%esp), %ecx
12327        shrl	$29, %ecx
12328        vpinsrd	$3, %ecx, %xmm0, %xmm0
12329        vpxor	%xmm4, %xmm0, %xmm0
12330        # ghash_gfmul_red
12331        vpclmulqdq	$16, %xmm5, %xmm0, %xmm7
12332        vpclmulqdq	$0x01, %xmm5, %xmm0, %xmm3
12333        vpclmulqdq	$0x00, %xmm5, %xmm0, %xmm2
12334        vpxor	%xmm3, %xmm7, %xmm7
12335        vpslldq	$8, %xmm7, %xmm3
12336        vpsrldq	$8, %xmm7, %xmm7
12337        vpxor	%xmm2, %xmm3, %xmm3
12338        vpclmulqdq	$0x11, %xmm5, %xmm0, %xmm0
12339        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm3, %xmm2
12340        vpshufd	$0x4e, %xmm3, %xmm3
12341        vpxor	%xmm2, %xmm3, %xmm3
12342        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm3, %xmm2
12343        vpshufd	$0x4e, %xmm3, %xmm3
12344        vpxor	%xmm7, %xmm0, %xmm0
12345        vpxor	%xmm3, %xmm0, %xmm0
12346        vpxor	%xmm2, %xmm0, %xmm0
12347        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
12348        vpxor	%xmm6, %xmm0, %xmm0
12349        movl	36(%esp), %edi
12350        # store_tag
12351        cmpl	$16, 40(%esp)
12352        je	L_AES_GCM_encrypt_final_avx2_store_tag_16
12353        xorl	%ecx, %ecx
12354        vmovdqu	%xmm0, (%esp)
12355L_AES_GCM_encrypt_final_avx2_store_tag_loop:
12356        movzbl	(%esp,%ecx,1), %eax
12357        movb	%al, (%edi,%ecx,1)
12358        incl	%ecx
12359        cmpl	40(%esp), %ecx
12360        jne	L_AES_GCM_encrypt_final_avx2_store_tag_loop
12361        jmp	L_AES_GCM_encrypt_final_avx2_store_tag_done
12362L_AES_GCM_encrypt_final_avx2_store_tag_16:
12363        vmovdqu	%xmm0, (%edi)
12364L_AES_GCM_encrypt_final_avx2_store_tag_done:
12365        addl	$16, %esp
12366        popl	%ebp
12367        popl	%edi
12368        popl	%esi
12369        ret
12370.size	AES_GCM_encrypt_final_avx2,.-AES_GCM_encrypt_final_avx2
12371.text
12372.globl	AES_GCM_decrypt_update_avx2
12373.type	AES_GCM_decrypt_update_avx2,@function
12374.align	16
12375AES_GCM_decrypt_update_avx2:
12376        pushl	%ebx
12377        pushl	%esi
12378        pushl	%edi
12379        pushl	%ebp
12380        subl	$0xa0, %esp
12381        movl	208(%esp), %esi
12382        vmovdqu	(%esi), %xmm4
12383        movl	200(%esp), %esi
12384        movl	204(%esp), %ebp
12385        vmovdqu	(%esi), %xmm6
12386        vmovdqu	(%ebp), %xmm5
12387        movl	180(%esp), %ebp
12388        movl	188(%esp), %edi
12389        movl	192(%esp), %esi
12390        # Calculate H
12391        vpsrlq	$63, %xmm5, %xmm1
12392        vpsllq	$0x01, %xmm5, %xmm0
12393        vpslldq	$8, %xmm1, %xmm1
12394        vpor	%xmm1, %xmm0, %xmm0
12395        vpshufd	$0xff, %xmm5, %xmm5
12396        vpsrad	$31, %xmm5, %xmm5
12397        vpand	L_aes_gcm_avx2_mod2_128, %xmm5, %xmm5
12398        vpxor	%xmm0, %xmm5, %xmm5
12399        xorl	%ebx, %ebx
12400        cmpl	$0x40, 196(%esp)
12401        movl	196(%esp), %eax
12402        jl	L_AES_GCM_decrypt_update_avx2_done_64
12403        andl	$0xffffffc0, %eax
12404        vmovdqu	%xmm4, 64(%esp)
12405        vmovdqu	%xmm6, 80(%esp)
12406        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm3
12407        # H ^ 1
12408        vmovdqu	%xmm5, (%esp)
12409        vmovdqu	%xmm5, %xmm2
12410        # H ^ 2
12411        vpclmulqdq	$0x00, %xmm2, %xmm2, %xmm5
12412        vpclmulqdq	$0x11, %xmm2, %xmm2, %xmm6
12413        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
12414        vpshufd	$0x4e, %xmm5, %xmm5
12415        vpxor	%xmm4, %xmm5, %xmm5
12416        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
12417        vpshufd	$0x4e, %xmm5, %xmm5
12418        vpxor	%xmm4, %xmm5, %xmm5
12419        vpxor	%xmm5, %xmm6, %xmm0
12420        vmovdqu	%xmm0, 16(%esp)
12421        # H ^ 3
12422        # ghash_gfmul_red
12423        vpclmulqdq	$16, %xmm0, %xmm2, %xmm6
12424        vpclmulqdq	$0x01, %xmm0, %xmm2, %xmm5
12425        vpclmulqdq	$0x00, %xmm0, %xmm2, %xmm4
12426        vpxor	%xmm5, %xmm6, %xmm6
12427        vpslldq	$8, %xmm6, %xmm5
12428        vpsrldq	$8, %xmm6, %xmm6
12429        vpxor	%xmm4, %xmm5, %xmm5
12430        vpclmulqdq	$0x11, %xmm0, %xmm2, %xmm1
12431        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
12432        vpshufd	$0x4e, %xmm5, %xmm5
12433        vpxor	%xmm4, %xmm5, %xmm5
12434        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
12435        vpshufd	$0x4e, %xmm5, %xmm5
12436        vpxor	%xmm6, %xmm1, %xmm1
12437        vpxor	%xmm5, %xmm1, %xmm1
12438        vpxor	%xmm4, %xmm1, %xmm1
12439        vmovdqu	%xmm1, 32(%esp)
12440        # H ^ 4
12441        vpclmulqdq	$0x00, %xmm0, %xmm0, %xmm5
12442        vpclmulqdq	$0x11, %xmm0, %xmm0, %xmm6
12443        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
12444        vpshufd	$0x4e, %xmm5, %xmm5
12445        vpxor	%xmm4, %xmm5, %xmm5
12446        vpclmulqdq	$16, %xmm3, %xmm5, %xmm4
12447        vpshufd	$0x4e, %xmm5, %xmm5
12448        vpxor	%xmm4, %xmm5, %xmm5
12449        vpxor	%xmm5, %xmm6, %xmm2
12450        vmovdqu	%xmm2, 48(%esp)
12451        vmovdqu	80(%esp), %xmm6
12452        cmpl	%esi, %edi
12453        jne	L_AES_GCM_decrypt_update_avx2_ghash_64
12454L_AES_GCM_decrypt_update_avx2_ghash_64_inplace:
12455        # aesenc_64_ghash
12456        leal	(%esi,%ebx,1), %ecx
12457        leal	(%edi,%ebx,1), %edx
12458        # aesenc_64
12459        # aesenc_ctr
12460        vmovdqu	64(%esp), %xmm4
12461        vmovdqu	L_aes_gcm_avx2_bswap_epi64, %xmm7
12462        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm1
12463        vpshufb	%xmm7, %xmm4, %xmm0
12464        vpaddd	L_aes_gcm_avx2_two, %xmm4, %xmm2
12465        vpshufb	%xmm7, %xmm1, %xmm1
12466        vpaddd	L_aes_gcm_avx2_three, %xmm4, %xmm3
12467        vpshufb	%xmm7, %xmm2, %xmm2
12468        vpaddd	L_aes_gcm_avx2_four, %xmm4, %xmm4
12469        vpshufb	%xmm7, %xmm3, %xmm3
12470        # aesenc_xor
12471        vmovdqu	(%ebp), %xmm7
12472        vmovdqu	%xmm4, 64(%esp)
12473        vpxor	%xmm7, %xmm0, %xmm0
12474        vpxor	%xmm7, %xmm1, %xmm1
12475        vpxor	%xmm7, %xmm2, %xmm2
12476        vpxor	%xmm7, %xmm3, %xmm3
12477        vmovdqu	16(%ebp), %xmm7
12478        vaesenc	%xmm7, %xmm0, %xmm0
12479        vaesenc	%xmm7, %xmm1, %xmm1
12480        vaesenc	%xmm7, %xmm2, %xmm2
12481        vaesenc	%xmm7, %xmm3, %xmm3
12482        vmovdqu	32(%ebp), %xmm7
12483        vaesenc	%xmm7, %xmm0, %xmm0
12484        vaesenc	%xmm7, %xmm1, %xmm1
12485        vaesenc	%xmm7, %xmm2, %xmm2
12486        vaesenc	%xmm7, %xmm3, %xmm3
12487        vmovdqu	48(%ebp), %xmm7
12488        vaesenc	%xmm7, %xmm0, %xmm0
12489        vaesenc	%xmm7, %xmm1, %xmm1
12490        vaesenc	%xmm7, %xmm2, %xmm2
12491        vaesenc	%xmm7, %xmm3, %xmm3
12492        vmovdqu	64(%ebp), %xmm7
12493        vaesenc	%xmm7, %xmm0, %xmm0
12494        vaesenc	%xmm7, %xmm1, %xmm1
12495        vaesenc	%xmm7, %xmm2, %xmm2
12496        vaesenc	%xmm7, %xmm3, %xmm3
12497        vmovdqu	80(%ebp), %xmm7
12498        vaesenc	%xmm7, %xmm0, %xmm0
12499        vaesenc	%xmm7, %xmm1, %xmm1
12500        vaesenc	%xmm7, %xmm2, %xmm2
12501        vaesenc	%xmm7, %xmm3, %xmm3
12502        vmovdqu	96(%ebp), %xmm7
12503        vaesenc	%xmm7, %xmm0, %xmm0
12504        vaesenc	%xmm7, %xmm1, %xmm1
12505        vaesenc	%xmm7, %xmm2, %xmm2
12506        vaesenc	%xmm7, %xmm3, %xmm3
12507        vmovdqu	112(%ebp), %xmm7
12508        vaesenc	%xmm7, %xmm0, %xmm0
12509        vaesenc	%xmm7, %xmm1, %xmm1
12510        vaesenc	%xmm7, %xmm2, %xmm2
12511        vaesenc	%xmm7, %xmm3, %xmm3
12512        vmovdqu	128(%ebp), %xmm7
12513        vaesenc	%xmm7, %xmm0, %xmm0
12514        vaesenc	%xmm7, %xmm1, %xmm1
12515        vaesenc	%xmm7, %xmm2, %xmm2
12516        vaesenc	%xmm7, %xmm3, %xmm3
12517        vmovdqu	144(%ebp), %xmm7
12518        vaesenc	%xmm7, %xmm0, %xmm0
12519        vaesenc	%xmm7, %xmm1, %xmm1
12520        vaesenc	%xmm7, %xmm2, %xmm2
12521        vaesenc	%xmm7, %xmm3, %xmm3
12522        cmpl	$11, 184(%esp)
12523        vmovdqu	160(%ebp), %xmm7
12524        jl	L_AES_GCM_decrypt_update_avx2_inplace_aesenc_64_ghash_aesenc_64_enc_done
12525        vaesenc	%xmm7, %xmm0, %xmm0
12526        vaesenc	%xmm7, %xmm1, %xmm1
12527        vaesenc	%xmm7, %xmm2, %xmm2
12528        vaesenc	%xmm7, %xmm3, %xmm3
12529        vmovdqu	176(%ebp), %xmm7
12530        vaesenc	%xmm7, %xmm0, %xmm0
12531        vaesenc	%xmm7, %xmm1, %xmm1
12532        vaesenc	%xmm7, %xmm2, %xmm2
12533        vaesenc	%xmm7, %xmm3, %xmm3
12534        cmpl	$13, 184(%esp)
12535        vmovdqu	192(%ebp), %xmm7
12536        jl	L_AES_GCM_decrypt_update_avx2_inplace_aesenc_64_ghash_aesenc_64_enc_done
12537        vaesenc	%xmm7, %xmm0, %xmm0
12538        vaesenc	%xmm7, %xmm1, %xmm1
12539        vaesenc	%xmm7, %xmm2, %xmm2
12540        vaesenc	%xmm7, %xmm3, %xmm3
12541        vmovdqu	208(%ebp), %xmm7
12542        vaesenc	%xmm7, %xmm0, %xmm0
12543        vaesenc	%xmm7, %xmm1, %xmm1
12544        vaesenc	%xmm7, %xmm2, %xmm2
12545        vaesenc	%xmm7, %xmm3, %xmm3
12546        vmovdqu	224(%ebp), %xmm7
12547L_AES_GCM_decrypt_update_avx2_inplace_aesenc_64_ghash_aesenc_64_enc_done:
12548        # aesenc_last
12549        vaesenclast	%xmm7, %xmm0, %xmm0
12550        vaesenclast	%xmm7, %xmm1, %xmm1
12551        vaesenclast	%xmm7, %xmm2, %xmm2
12552        vaesenclast	%xmm7, %xmm3, %xmm3
12553        vmovdqu	(%ecx), %xmm7
12554        vmovdqu	16(%ecx), %xmm4
12555        vpxor	%xmm7, %xmm0, %xmm0
12556        vpxor	%xmm4, %xmm1, %xmm1
12557        vmovdqu	%xmm7, 96(%esp)
12558        vmovdqu	%xmm4, 112(%esp)
12559        vmovdqu	%xmm0, (%edx)
12560        vmovdqu	%xmm1, 16(%edx)
12561        vmovdqu	32(%ecx), %xmm7
12562        vmovdqu	48(%ecx), %xmm4
12563        vpxor	%xmm7, %xmm2, %xmm2
12564        vpxor	%xmm4, %xmm3, %xmm3
12565        vmovdqu	%xmm7, 128(%esp)
12566        vmovdqu	%xmm4, 144(%esp)
12567        vmovdqu	%xmm2, 32(%edx)
12568        vmovdqu	%xmm3, 48(%edx)
12569        # pclmul_1
12570        vmovdqu	96(%esp), %xmm1
12571        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12572        vmovdqu	48(%esp), %xmm2
12573        vpxor	%xmm6, %xmm1, %xmm1
12574        vpclmulqdq	$16, %xmm2, %xmm1, %xmm5
12575        vpclmulqdq	$0x01, %xmm2, %xmm1, %xmm3
12576        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm6
12577        vpclmulqdq	$0x11, %xmm2, %xmm1, %xmm7
12578        # pclmul_2
12579        vmovdqu	112(%esp), %xmm1
12580        vmovdqu	32(%esp), %xmm0
12581        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12582        vpxor	%xmm3, %xmm5, %xmm5
12583        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
12584        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
12585        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
12586        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
12587        vpxor	%xmm1, %xmm7, %xmm7
12588        # pclmul_n
12589        vmovdqu	128(%esp), %xmm1
12590        vmovdqu	16(%esp), %xmm0
12591        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12592        vpxor	%xmm2, %xmm5, %xmm5
12593        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
12594        vpxor	%xmm3, %xmm5, %xmm5
12595        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
12596        vpxor	%xmm4, %xmm6, %xmm6
12597        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
12598        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
12599        vpxor	%xmm1, %xmm7, %xmm7
12600        # pclmul_n
12601        vmovdqu	144(%esp), %xmm1
12602        vmovdqu	(%esp), %xmm0
12603        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12604        vpxor	%xmm2, %xmm5, %xmm5
12605        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
12606        vpxor	%xmm3, %xmm5, %xmm5
12607        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
12608        vpxor	%xmm4, %xmm6, %xmm6
12609        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
12610        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
12611        vpxor	%xmm1, %xmm7, %xmm7
12612        # aesenc_pclmul_l
12613        vpxor	%xmm2, %xmm5, %xmm5
12614        vpxor	%xmm4, %xmm6, %xmm6
12615        vpxor	%xmm3, %xmm5, %xmm5
12616        vpslldq	$8, %xmm5, %xmm1
12617        vpsrldq	$8, %xmm5, %xmm5
12618        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm0
12619        vpxor	%xmm1, %xmm6, %xmm6
12620        vpxor	%xmm5, %xmm7, %xmm7
12621        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
12622        vpshufd	$0x4e, %xmm6, %xmm6
12623        vpxor	%xmm3, %xmm6, %xmm6
12624        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
12625        vpshufd	$0x4e, %xmm6, %xmm6
12626        vpxor	%xmm3, %xmm6, %xmm6
12627        vpxor	%xmm7, %xmm6, %xmm6
12628        # aesenc_64_ghash - end
12629        addl	$0x40, %ebx
12630        cmpl	%eax, %ebx
12631        jl	L_AES_GCM_decrypt_update_avx2_ghash_64_inplace
12632        jmp	L_AES_GCM_decrypt_update_avx2_ghash_64_done
12633L_AES_GCM_decrypt_update_avx2_ghash_64:
12634        # aesenc_64_ghash
12635        leal	(%esi,%ebx,1), %ecx
12636        leal	(%edi,%ebx,1), %edx
12637        # aesenc_64
12638        # aesenc_ctr
12639        vmovdqu	64(%esp), %xmm4
12640        vmovdqu	L_aes_gcm_avx2_bswap_epi64, %xmm7
12641        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm1
12642        vpshufb	%xmm7, %xmm4, %xmm0
12643        vpaddd	L_aes_gcm_avx2_two, %xmm4, %xmm2
12644        vpshufb	%xmm7, %xmm1, %xmm1
12645        vpaddd	L_aes_gcm_avx2_three, %xmm4, %xmm3
12646        vpshufb	%xmm7, %xmm2, %xmm2
12647        vpaddd	L_aes_gcm_avx2_four, %xmm4, %xmm4
12648        vpshufb	%xmm7, %xmm3, %xmm3
12649        # aesenc_xor
12650        vmovdqu	(%ebp), %xmm7
12651        vmovdqu	%xmm4, 64(%esp)
12652        vpxor	%xmm7, %xmm0, %xmm0
12653        vpxor	%xmm7, %xmm1, %xmm1
12654        vpxor	%xmm7, %xmm2, %xmm2
12655        vpxor	%xmm7, %xmm3, %xmm3
12656        vmovdqu	16(%ebp), %xmm7
12657        vaesenc	%xmm7, %xmm0, %xmm0
12658        vaesenc	%xmm7, %xmm1, %xmm1
12659        vaesenc	%xmm7, %xmm2, %xmm2
12660        vaesenc	%xmm7, %xmm3, %xmm3
12661        vmovdqu	32(%ebp), %xmm7
12662        vaesenc	%xmm7, %xmm0, %xmm0
12663        vaesenc	%xmm7, %xmm1, %xmm1
12664        vaesenc	%xmm7, %xmm2, %xmm2
12665        vaesenc	%xmm7, %xmm3, %xmm3
12666        vmovdqu	48(%ebp), %xmm7
12667        vaesenc	%xmm7, %xmm0, %xmm0
12668        vaesenc	%xmm7, %xmm1, %xmm1
12669        vaesenc	%xmm7, %xmm2, %xmm2
12670        vaesenc	%xmm7, %xmm3, %xmm3
12671        vmovdqu	64(%ebp), %xmm7
12672        vaesenc	%xmm7, %xmm0, %xmm0
12673        vaesenc	%xmm7, %xmm1, %xmm1
12674        vaesenc	%xmm7, %xmm2, %xmm2
12675        vaesenc	%xmm7, %xmm3, %xmm3
12676        vmovdqu	80(%ebp), %xmm7
12677        vaesenc	%xmm7, %xmm0, %xmm0
12678        vaesenc	%xmm7, %xmm1, %xmm1
12679        vaesenc	%xmm7, %xmm2, %xmm2
12680        vaesenc	%xmm7, %xmm3, %xmm3
12681        vmovdqu	96(%ebp), %xmm7
12682        vaesenc	%xmm7, %xmm0, %xmm0
12683        vaesenc	%xmm7, %xmm1, %xmm1
12684        vaesenc	%xmm7, %xmm2, %xmm2
12685        vaesenc	%xmm7, %xmm3, %xmm3
12686        vmovdqu	112(%ebp), %xmm7
12687        vaesenc	%xmm7, %xmm0, %xmm0
12688        vaesenc	%xmm7, %xmm1, %xmm1
12689        vaesenc	%xmm7, %xmm2, %xmm2
12690        vaesenc	%xmm7, %xmm3, %xmm3
12691        vmovdqu	128(%ebp), %xmm7
12692        vaesenc	%xmm7, %xmm0, %xmm0
12693        vaesenc	%xmm7, %xmm1, %xmm1
12694        vaesenc	%xmm7, %xmm2, %xmm2
12695        vaesenc	%xmm7, %xmm3, %xmm3
12696        vmovdqu	144(%ebp), %xmm7
12697        vaesenc	%xmm7, %xmm0, %xmm0
12698        vaesenc	%xmm7, %xmm1, %xmm1
12699        vaesenc	%xmm7, %xmm2, %xmm2
12700        vaesenc	%xmm7, %xmm3, %xmm3
12701        cmpl	$11, 184(%esp)
12702        vmovdqu	160(%ebp), %xmm7
12703        jl	L_AES_GCM_decrypt_update_avx2_aesenc_64_ghash_aesenc_64_enc_done
12704        vaesenc	%xmm7, %xmm0, %xmm0
12705        vaesenc	%xmm7, %xmm1, %xmm1
12706        vaesenc	%xmm7, %xmm2, %xmm2
12707        vaesenc	%xmm7, %xmm3, %xmm3
12708        vmovdqu	176(%ebp), %xmm7
12709        vaesenc	%xmm7, %xmm0, %xmm0
12710        vaesenc	%xmm7, %xmm1, %xmm1
12711        vaesenc	%xmm7, %xmm2, %xmm2
12712        vaesenc	%xmm7, %xmm3, %xmm3
12713        cmpl	$13, 184(%esp)
12714        vmovdqu	192(%ebp), %xmm7
12715        jl	L_AES_GCM_decrypt_update_avx2_aesenc_64_ghash_aesenc_64_enc_done
12716        vaesenc	%xmm7, %xmm0, %xmm0
12717        vaesenc	%xmm7, %xmm1, %xmm1
12718        vaesenc	%xmm7, %xmm2, %xmm2
12719        vaesenc	%xmm7, %xmm3, %xmm3
12720        vmovdqu	208(%ebp), %xmm7
12721        vaesenc	%xmm7, %xmm0, %xmm0
12722        vaesenc	%xmm7, %xmm1, %xmm1
12723        vaesenc	%xmm7, %xmm2, %xmm2
12724        vaesenc	%xmm7, %xmm3, %xmm3
12725        vmovdqu	224(%ebp), %xmm7
12726L_AES_GCM_decrypt_update_avx2_aesenc_64_ghash_aesenc_64_enc_done:
12727        # aesenc_last
12728        vaesenclast	%xmm7, %xmm0, %xmm0
12729        vaesenclast	%xmm7, %xmm1, %xmm1
12730        vaesenclast	%xmm7, %xmm2, %xmm2
12731        vaesenclast	%xmm7, %xmm3, %xmm3
12732        vmovdqu	(%ecx), %xmm7
12733        vmovdqu	16(%ecx), %xmm4
12734        vpxor	%xmm7, %xmm0, %xmm0
12735        vpxor	%xmm4, %xmm1, %xmm1
12736        vmovdqu	%xmm7, (%ecx)
12737        vmovdqu	%xmm4, 16(%ecx)
12738        vmovdqu	%xmm0, (%edx)
12739        vmovdqu	%xmm1, 16(%edx)
12740        vmovdqu	32(%ecx), %xmm7
12741        vmovdqu	48(%ecx), %xmm4
12742        vpxor	%xmm7, %xmm2, %xmm2
12743        vpxor	%xmm4, %xmm3, %xmm3
12744        vmovdqu	%xmm7, 32(%ecx)
12745        vmovdqu	%xmm4, 48(%ecx)
12746        vmovdqu	%xmm2, 32(%edx)
12747        vmovdqu	%xmm3, 48(%edx)
12748        # pclmul_1
12749        vmovdqu	(%ecx), %xmm1
12750        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12751        vmovdqu	48(%esp), %xmm2
12752        vpxor	%xmm6, %xmm1, %xmm1
12753        vpclmulqdq	$16, %xmm2, %xmm1, %xmm5
12754        vpclmulqdq	$0x01, %xmm2, %xmm1, %xmm3
12755        vpclmulqdq	$0x00, %xmm2, %xmm1, %xmm6
12756        vpclmulqdq	$0x11, %xmm2, %xmm1, %xmm7
12757        # pclmul_2
12758        vmovdqu	16(%ecx), %xmm1
12759        vmovdqu	32(%esp), %xmm0
12760        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12761        vpxor	%xmm3, %xmm5, %xmm5
12762        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
12763        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
12764        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
12765        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
12766        vpxor	%xmm1, %xmm7, %xmm7
12767        # pclmul_n
12768        vmovdqu	32(%ecx), %xmm1
12769        vmovdqu	16(%esp), %xmm0
12770        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12771        vpxor	%xmm2, %xmm5, %xmm5
12772        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
12773        vpxor	%xmm3, %xmm5, %xmm5
12774        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
12775        vpxor	%xmm4, %xmm6, %xmm6
12776        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
12777        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
12778        vpxor	%xmm1, %xmm7, %xmm7
12779        # pclmul_n
12780        vmovdqu	48(%ecx), %xmm1
12781        vmovdqu	(%esp), %xmm0
12782        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm1, %xmm1
12783        vpxor	%xmm2, %xmm5, %xmm5
12784        vpclmulqdq	$16, %xmm0, %xmm1, %xmm2
12785        vpxor	%xmm3, %xmm5, %xmm5
12786        vpclmulqdq	$0x01, %xmm0, %xmm1, %xmm3
12787        vpxor	%xmm4, %xmm6, %xmm6
12788        vpclmulqdq	$0x00, %xmm0, %xmm1, %xmm4
12789        vpclmulqdq	$0x11, %xmm0, %xmm1, %xmm1
12790        vpxor	%xmm1, %xmm7, %xmm7
12791        # aesenc_pclmul_l
12792        vpxor	%xmm2, %xmm5, %xmm5
12793        vpxor	%xmm4, %xmm6, %xmm6
12794        vpxor	%xmm3, %xmm5, %xmm5
12795        vpslldq	$8, %xmm5, %xmm1
12796        vpsrldq	$8, %xmm5, %xmm5
12797        vmovdqu	L_aes_gcm_avx2_mod2_128, %xmm0
12798        vpxor	%xmm1, %xmm6, %xmm6
12799        vpxor	%xmm5, %xmm7, %xmm7
12800        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
12801        vpshufd	$0x4e, %xmm6, %xmm6
12802        vpxor	%xmm3, %xmm6, %xmm6
12803        vpclmulqdq	$16, %xmm0, %xmm6, %xmm3
12804        vpshufd	$0x4e, %xmm6, %xmm6
12805        vpxor	%xmm3, %xmm6, %xmm6
12806        vpxor	%xmm7, %xmm6, %xmm6
12807        # aesenc_64_ghash - end
12808        addl	$0x40, %ebx
12809        cmpl	%eax, %ebx
12810        jl	L_AES_GCM_decrypt_update_avx2_ghash_64
12811L_AES_GCM_decrypt_update_avx2_ghash_64_done:
12812        vmovdqu	(%esp), %xmm5
12813        vmovdqu	64(%esp), %xmm4
12814L_AES_GCM_decrypt_update_avx2_done_64:
12815        cmpl	196(%esp), %ebx
12816        jge	L_AES_GCM_decrypt_update_avx2_done_dec
12817        movl	196(%esp), %eax
12818        andl	$0xfffffff0, %eax
12819        cmpl	%eax, %ebx
12820        jge	L_AES_GCM_decrypt_update_avx2_last_block_done
12821L_AES_GCM_decrypt_update_avx2_last_block_start:
12822        vmovdqu	(%esi,%ebx,1), %xmm0
12823        vpshufb	L_aes_gcm_avx2_bswap_epi64, %xmm4, %xmm7
12824        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
12825        vpaddd	L_aes_gcm_avx2_one, %xmm4, %xmm4
12826        vmovdqu	%xmm4, 64(%esp)
12827        vpxor	%xmm6, %xmm0, %xmm4
12828        # aesenc_gfmul_sb
12829        vpclmulqdq	$0x01, %xmm5, %xmm4, %xmm2
12830        vpclmulqdq	$16, %xmm5, %xmm4, %xmm3
12831        vpclmulqdq	$0x00, %xmm5, %xmm4, %xmm1
12832        vpclmulqdq	$0x11, %xmm5, %xmm4, %xmm4
12833        vpxor	(%ebp), %xmm7, %xmm7
12834        vaesenc	16(%ebp), %xmm7, %xmm7
12835        vpxor	%xmm2, %xmm3, %xmm3
12836        vpslldq	$8, %xmm3, %xmm2
12837        vpsrldq	$8, %xmm3, %xmm3
12838        vaesenc	32(%ebp), %xmm7, %xmm7
12839        vpxor	%xmm1, %xmm2, %xmm2
12840        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm2, %xmm1
12841        vaesenc	48(%ebp), %xmm7, %xmm7
12842        vaesenc	64(%ebp), %xmm7, %xmm7
12843        vaesenc	80(%ebp), %xmm7, %xmm7
12844        vpshufd	$0x4e, %xmm2, %xmm2
12845        vpxor	%xmm1, %xmm2, %xmm2
12846        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm2, %xmm1
12847        vaesenc	96(%ebp), %xmm7, %xmm7
12848        vaesenc	112(%ebp), %xmm7, %xmm7
12849        vaesenc	128(%ebp), %xmm7, %xmm7
12850        vpshufd	$0x4e, %xmm2, %xmm2
12851        vaesenc	144(%ebp), %xmm7, %xmm7
12852        vpxor	%xmm3, %xmm4, %xmm4
12853        vpxor	%xmm4, %xmm2, %xmm2
12854        vmovdqu	160(%ebp), %xmm0
12855        cmpl	$11, 184(%esp)
12856        jl	L_AES_GCM_decrypt_update_avx2_aesenc_gfmul_sb_last
12857        vaesenc	%xmm0, %xmm7, %xmm7
12858        vaesenc	176(%ebp), %xmm7, %xmm7
12859        vmovdqu	192(%ebp), %xmm0
12860        cmpl	$13, 184(%esp)
12861        jl	L_AES_GCM_decrypt_update_avx2_aesenc_gfmul_sb_last
12862        vaesenc	%xmm0, %xmm7, %xmm7
12863        vaesenc	208(%ebp), %xmm7, %xmm7
12864        vmovdqu	224(%ebp), %xmm0
12865L_AES_GCM_decrypt_update_avx2_aesenc_gfmul_sb_last:
12866        vaesenclast	%xmm0, %xmm7, %xmm7
12867        vmovdqu	(%esi,%ebx,1), %xmm3
12868        vpxor	%xmm1, %xmm2, %xmm6
12869        vpxor	%xmm3, %xmm7, %xmm7
12870        vmovdqu	%xmm7, (%edi,%ebx,1)
12871        vmovdqu	64(%esp), %xmm4
12872        addl	$16, %ebx
12873        cmpl	%eax, %ebx
12874        jl	L_AES_GCM_decrypt_update_avx2_last_block_start
12875L_AES_GCM_decrypt_update_avx2_last_block_done:
12876L_AES_GCM_decrypt_update_avx2_done_dec:
12877        movl	200(%esp), %esi
12878        movl	208(%esp), %edi
12879        vmovdqu	64(%esp), %xmm4
12880        vmovdqu	%xmm6, (%esi)
12881        vmovdqu	%xmm4, (%edi)
12882        addl	$0xa0, %esp
12883        popl	%ebp
12884        popl	%edi
12885        popl	%esi
12886        popl	%ebx
12887        ret
12888.size	AES_GCM_decrypt_update_avx2,.-AES_GCM_decrypt_update_avx2
12889.text
12890.globl	AES_GCM_decrypt_final_avx2
12891.type	AES_GCM_decrypt_final_avx2,@function
12892.align	16
12893AES_GCM_decrypt_final_avx2:
12894        pushl	%ebx
12895        pushl	%esi
12896        pushl	%edi
12897        pushl	%ebp
12898        subl	$16, %esp
12899        movl	36(%esp), %ebp
12900        movl	56(%esp), %esi
12901        movl	60(%esp), %edi
12902        vmovdqu	(%ebp), %xmm4
12903        vmovdqu	(%esi), %xmm5
12904        vmovdqu	(%edi), %xmm6
12905        vpsrlq	$63, %xmm5, %xmm1
12906        vpsllq	$0x01, %xmm5, %xmm0
12907        vpslldq	$8, %xmm1, %xmm1
12908        vpor	%xmm1, %xmm0, %xmm0
12909        vpshufd	$0xff, %xmm5, %xmm5
12910        vpsrad	$31, %xmm5, %xmm5
12911        vpand	L_aes_gcm_avx2_mod2_128, %xmm5, %xmm5
12912        vpxor	%xmm0, %xmm5, %xmm5
12913        # calc_tag
12914        movl	48(%esp), %ecx
12915        shll	$3, %ecx
12916        vpinsrd	$0x00, %ecx, %xmm0, %xmm0
12917        movl	52(%esp), %ecx
12918        shll	$3, %ecx
12919        vpinsrd	$2, %ecx, %xmm0, %xmm0
12920        movl	48(%esp), %ecx
12921        shrl	$29, %ecx
12922        vpinsrd	$0x01, %ecx, %xmm0, %xmm0
12923        movl	52(%esp), %ecx
12924        shrl	$29, %ecx
12925        vpinsrd	$3, %ecx, %xmm0, %xmm0
12926        vpxor	%xmm4, %xmm0, %xmm0
12927        # ghash_gfmul_red
12928        vpclmulqdq	$16, %xmm5, %xmm0, %xmm7
12929        vpclmulqdq	$0x01, %xmm5, %xmm0, %xmm3
12930        vpclmulqdq	$0x00, %xmm5, %xmm0, %xmm2
12931        vpxor	%xmm3, %xmm7, %xmm7
12932        vpslldq	$8, %xmm7, %xmm3
12933        vpsrldq	$8, %xmm7, %xmm7
12934        vpxor	%xmm2, %xmm3, %xmm3
12935        vpclmulqdq	$0x11, %xmm5, %xmm0, %xmm0
12936        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm3, %xmm2
12937        vpshufd	$0x4e, %xmm3, %xmm3
12938        vpxor	%xmm2, %xmm3, %xmm3
12939        vpclmulqdq	$16, L_aes_gcm_avx2_mod2_128, %xmm3, %xmm2
12940        vpshufd	$0x4e, %xmm3, %xmm3
12941        vpxor	%xmm7, %xmm0, %xmm0
12942        vpxor	%xmm3, %xmm0, %xmm0
12943        vpxor	%xmm2, %xmm0, %xmm0
12944        vpshufb	L_aes_gcm_avx2_bswap_mask, %xmm0, %xmm0
12945        vpxor	%xmm6, %xmm0, %xmm0
12946        movl	40(%esp), %esi
12947        movl	64(%esp), %edi
12948        # cmp_tag
12949        cmpl	$16, 44(%esp)
12950        je	L_AES_GCM_decrypt_final_avx2_cmp_tag_16
12951        xorl	%ecx, %ecx
12952        xorl	%edx, %edx
12953        vmovdqu	%xmm0, (%esp)
12954L_AES_GCM_decrypt_final_avx2_cmp_tag_loop:
12955        movzbl	(%esp,%ecx,1), %eax
12956        xorb	(%esi,%ecx,1), %al
12957        orb	%al, %dl
12958        incl	%ecx
12959        cmpl	44(%esp), %ecx
12960        jne	L_AES_GCM_decrypt_final_avx2_cmp_tag_loop
12961        cmpb	$0x00, %dl
12962        sete	%dl
12963        jmp	L_AES_GCM_decrypt_final_avx2_cmp_tag_done
12964L_AES_GCM_decrypt_final_avx2_cmp_tag_16:
12965        vmovdqu	(%esi), %xmm1
12966        vpcmpeqb	%xmm1, %xmm0, %xmm0
12967        vpmovmskb	%xmm0, %ecx
12968        # %%edx == 0xFFFF then return 1 else => return 0
12969        xorl	%edx, %edx
12970        cmpl	$0xffff, %ecx
12971        sete	%dl
12972L_AES_GCM_decrypt_final_avx2_cmp_tag_done:
12973        movl	%edx, (%edi)
12974        addl	$16, %esp
12975        popl	%ebp
12976        popl	%edi
12977        popl	%esi
12978        popl	%ebx
12979        ret
12980.size	AES_GCM_decrypt_final_avx2,.-AES_GCM_decrypt_final_avx2
12981#endif /* WOLFSSL_AESGCM_STREAM */
12982#endif /* HAVE_INTEL_AVX2 */
12983
12984#if defined(__linux__) && defined(__ELF__)
12985.section	.note.GNU-stack,"",%progbits
12986#endif