cjson
.github
workflows CI.yml ci-fuzz.yml
CONTRIBUTING.md
fuzzing
inputs test1 test10 test11 test2 test3 test3.bu test3.uf test3.uu test4 test5 test6 test7 test8 test9
.gitignore CMakeLists.txt afl-prepare-linux.sh afl.c afl.sh cjson_read_fuzzer.c fuzz_main.c json.dict ossfuzz.sh
library_config cJSONConfig.cmake.in cJSONConfigVersion.cmake.in libcjson.pc.in libcjson_utils.pc.in uninstall.cmake
tests
inputs test1 test1.expected test10 test10.expected test11 test11.expected test2 test2.expected test3 test3.expected test4 test4.expected test5 test5.expected test6 test7 test7.expected test8 test8.expected test9 test9.expected
json-patch-tests .editorconfig .gitignore .npmignore README.md cjson-utils-tests.json package.json spec_tests.json tests.json
unity
auto colour_prompt.rb colour_reporter.rb generate_config.yml generate_module.rb generate_test_runner.rb parse_output.rb stylize_as_junit.rb test_file_filter.rb type_sanitizer.rb unity_test_summary.py unity_test_summary.rb unity_to_junit.py
docs ThrowTheSwitchCodingStandard.md UnityAssertionsCheatSheetSuitableforPrintingandPossiblyFraming.pdf UnityAssertionsReference.md UnityConfigurationGuide.md UnityGettingStartedGuide.md UnityHelperScriptsGuide.md license.txt
examples
example_1
src ProductionCode.c ProductionCode.h ProductionCode2.c ProductionCode2.h
makefile readme.txt
example_2
src ProductionCode.c ProductionCode.h ProductionCode2.c ProductionCode2.h
makefile readme.txt
example_3
helper UnityHelper.c UnityHelper.h
src ProductionCode.c ProductionCode.h ProductionCode2.c ProductionCode2.h
rakefile.rb rakefile_helper.rb readme.txt target_gcc_32.yml
unity_config.h
extras
eclipse error_parsers.txt
fixture
src unity_fixture.c unity_fixture.h unity_fixture_internals.h unity_fixture_malloc_overrides.h
rakefile.rb rakefile_helper.rb readme.txt
release build.info version.info
src unity.c unity.h unity_internals.h
.gitattributes .gitignore .travis.yml README.md
CMakeLists.txt cjson_add.c common.h compare_tests.c json_patch_tests.c minify_tests.c misc_tests.c misc_utils_tests.c old_utils_tests.c parse_array.c parse_examples.c parse_hex4.c parse_number.c parse_object.c parse_string.c parse_value.c parse_with_opts.c print_array.c print_number.c print_object.c print_string.c print_value.c readme_examples.c unity_setup.c
.editorconfig .gitattributes .gitignore .travis.yml CHANGELOG.md CMakeLists.txt CONTRIBUTORS.md LICENSE Makefile README.md SECURITY.md appveyor.yml cJSON.c cJSON.h cJSON_Utils.c cJSON_Utils.h test.c valgrind.supp
curl
.circleci config.yml
.github
ISSUE_TEMPLATE bug_report.yml config.yml docs.yml
scripts cleancmd.pl cmp-config.pl cmp-pkg-config.sh codespell-ignore.words codespell.sh distfiles.sh pyspelling.words pyspelling.yaml randcurl.pl requirements-docs.txt requirements-proselint.txt requirements.txt shellcheck-ci.sh shellcheck.sh spellcheck.curl trimmarkdownheader.pl typos.sh typos.toml verify-examples.pl verify-synopsis.pl yamlcheck.sh yamlcheck.yaml
workflows appveyor-status.yml checkdocs.yml checksrc.yml checkurls.yml codeql.yml configure-vs-cmake.yml curl-for-win.yml distcheck.yml fuzz.yml http3-linux.yml label.yml linux-old.yml linux.yml macos.yml non-native.yml windows.yml
CODEOWNERS CONTRIBUTING.md FUNDING.yml dependabot.yml labeler.yml lock.yml stale.yml
CMake CurlSymbolHiding.cmake CurlTests.c FindBrotli.cmake FindCares.cmake FindGSS.cmake FindGnuTLS.cmake FindLDAP.cmake FindLibbacktrace.cmake FindLibgsasl.cmake FindLibidn2.cmake FindLibpsl.cmake FindLibssh.cmake FindLibssh2.cmake FindLibuv.cmake FindMbedTLS.cmake FindNGHTTP2.cmake FindNGHTTP3.cmake FindNGTCP2.cmake FindNettle.cmake FindQuiche.cmake FindRustls.cmake FindWolfSSL.cmake FindZstd.cmake Macros.cmake OtherTests.cmake PickyWarnings.cmake Utilities.cmake cmake_uninstall.in.cmake curl-config.in.cmake unix-cache.cmake win32-cache.cmake
LICENSES BSD-4-Clause-UC.txt ISC.txt curl.txt
docs
cmdline-opts .gitignore CMakeLists.txt MANPAGE.md Makefile.am Makefile.inc _AUTHORS.md _BUGS.md _DESCRIPTION.md _ENVIRONMENT.md _EXITCODES.md _FILES.md _GLOBBING.md _NAME.md _OPTIONS.md _OUTPUT.md _PROGRESS.md _PROTOCOLS.md _PROXYPREFIX.md _SEEALSO.md _SYNOPSIS.md _URL.md _VARIABLES.md _VERSION.md _WWW.md abstract-unix-socket.md alt-svc.md anyauth.md append.md aws-sigv4.md basic.md ca-native.md cacert.md capath.md cert-status.md cert-type.md cert.md ciphers.md compressed-ssh.md compressed.md config.md connect-timeout.md connect-to.md continue-at.md cookie-jar.md cookie.md create-dirs.md create-file-mode.md crlf.md crlfile.md curves.md data-ascii.md data-binary.md data-raw.md data-urlencode.md data.md delegation.md digest.md disable-eprt.md disable-epsv.md disable.md disallow-username-in-url.md dns-interface.md dns-ipv4-addr.md dns-ipv6-addr.md dns-servers.md doh-cert-status.md doh-insecure.md doh-url.md dump-ca-embed.md dump-header.md ech.md egd-file.md engine.md etag-compare.md etag-save.md expect100-timeout.md fail-early.md fail-with-body.md fail.md false-start.md follow.md form-escape.md form-string.md form.md ftp-account.md ftp-alternative-to-user.md ftp-create-dirs.md ftp-method.md ftp-pasv.md ftp-port.md ftp-pret.md ftp-skip-pasv-ip.md ftp-ssl-ccc-mode.md ftp-ssl-ccc.md ftp-ssl-control.md get.md globoff.md happy-eyeballs-timeout-ms.md haproxy-clientip.md haproxy-protocol.md head.md header.md help.md hostpubmd5.md hostpubsha256.md hsts.md http0.9.md http1.0.md http1.1.md http2-prior-knowledge.md http2.md http3-only.md http3.md ignore-content-length.md insecure.md interface.md ip-tos.md ipfs-gateway.md ipv4.md ipv6.md json.md junk-session-cookies.md keepalive-cnt.md keepalive-time.md key-type.md key.md knownhosts.md krb.md libcurl.md limit-rate.md list-only.md local-port.md location-trusted.md location.md login-options.md mail-auth.md mail-from.md mail-rcpt-allowfails.md mail-rcpt.md mainpage.idx manual.md max-filesize.md max-redirs.md max-time.md metalink.md mptcp.md negotiate.md netrc-file.md netrc-optional.md netrc.md next.md no-alpn.md no-buffer.md no-clobber.md no-keepalive.md no-npn.md no-progress-meter.md no-sessionid.md noproxy.md ntlm-wb.md ntlm.md oauth2-bearer.md out-null.md output-dir.md output.md parallel-immediate.md parallel-max-host.md parallel-max.md parallel.md pass.md path-as-is.md pinnedpubkey.md post301.md post302.md post303.md preproxy.md progress-bar.md proto-default.md proto-redir.md proto.md proxy-anyauth.md proxy-basic.md proxy-ca-native.md proxy-cacert.md proxy-capath.md proxy-cert-type.md proxy-cert.md proxy-ciphers.md proxy-crlfile.md proxy-digest.md proxy-header.md proxy-http2.md proxy-insecure.md proxy-key-type.md proxy-key.md proxy-negotiate.md proxy-ntlm.md proxy-pass.md proxy-pinnedpubkey.md proxy-service-name.md proxy-ssl-allow-beast.md proxy-ssl-auto-client-cert.md proxy-tls13-ciphers.md proxy-tlsauthtype.md proxy-tlspassword.md proxy-tlsuser.md proxy-tlsv1.md proxy-user.md proxy.md proxy1.0.md proxytunnel.md pubkey.md quote.md random-file.md range.md rate.md raw.md referer.md remote-header-name.md remote-name-all.md remote-name.md remote-time.md remove-on-error.md request-target.md request.md resolve.md retry-all-errors.md retry-connrefused.md retry-delay.md retry-max-time.md retry.md sasl-authzid.md sasl-ir.md service-name.md show-error.md show-headers.md sigalgs.md silent.md skip-existing.md socks4.md socks4a.md socks5-basic.md socks5-gssapi-nec.md socks5-gssapi-service.md socks5-gssapi.md socks5-hostname.md socks5.md speed-limit.md speed-time.md ssl-allow-beast.md ssl-auto-client-cert.md ssl-no-revoke.md ssl-reqd.md ssl-revoke-best-effort.md ssl-sessions.md ssl.md sslv2.md sslv3.md stderr.md styled-output.md suppress-connect-headers.md tcp-fastopen.md tcp-nodelay.md telnet-option.md tftp-blksize.md tftp-no-options.md time-cond.md tls-earlydata.md tls-max.md tls13-ciphers.md tlsauthtype.md tlspassword.md tlsuser.md tlsv1.0.md tlsv1.1.md tlsv1.2.md tlsv1.3.md tlsv1.md tr-encoding.md trace-ascii.md trace-config.md trace-ids.md trace-time.md trace.md unix-socket.md upload-file.md upload-flags.md url-query.md url.md use-ascii.md user-agent.md user.md variable.md verbose.md version.md vlan-priority.md write-out.md xattr.md
examples .checksrc .gitignore 10-at-a-time.c CMakeLists.txt Makefile.am Makefile.example Makefile.inc README.md adddocsref.pl address-scope.c altsvc.c anyauthput.c block_ip.c cacertinmem.c certinfo.c chkspeed.c connect-to.c cookie_interface.c crawler.c debug.c default-scheme.c ephiperfifo.c evhiperfifo.c externalsocket.c fileupload.c ftp-delete.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c getredirect.c getreferrer.c ghiper.c headerapi.c hiperfifo.c hsts-preload.c htmltidy.c htmltitle.cpp http-options.c http-post.c http2-download.c http2-pushinmemory.c http2-serverpush.c http2-upload.c http3-present.c http3.c httpcustomheader.c httpput-postfields.c httpput.c https.c imap-append.c imap-authzid.c imap-copy.c imap-create.c imap-delete.c imap-examine.c imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c ipv6.c keepalive.c localport.c log_failed_transfers.c maxconnects.c multi-app.c multi-debugcallback.c multi-double.c multi-event.c multi-formadd.c multi-legacy.c multi-post.c multi-single.c multi-uv.c netrc.c parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c postinmemory.c postit2-formadd.c postit2.c progressfunc.c protofeats.c range.c resolve.c rtsp-options.c sendrecv.c sepheaders.c sessioninfo.c sftpget.c sftpuploadresume.c shared-connection-cache.c simple.c simplepost.c simplessl.c smooth-gtk-thread.c smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c synctime.c threaded.c unixsocket.c url2file.c urlapi.c usercertinmem.c version-check.pl websocket-cb.c websocket-updown.c websocket.c xmlstream.c
internals BUFQ.md BUFREF.md CHECKSRC.md CLIENT-READERS.md CLIENT-WRITERS.md CODE_STYLE.md CONNECTION-FILTERS.md CREDENTIALS.md CURLX.md DYNBUF.md HASH.md LLIST.md MID.md MQTT.md MULTI-EV.md NEW-PROTOCOL.md PEERS.md PORTING.md RATELIMITS.md README.md SCORECARD.md SPLAY.md STRPARSE.md THRDPOOL-AND-QUEUE.md TIME-KEEPING.md TLS-SESSIONS.md UINT_SETS.md WEBSOCKET.md
libcurl
opts CMakeLists.txt CURLINFO_ACTIVESOCKET.md CURLINFO_APPCONNECT_TIME.md CURLINFO_APPCONNECT_TIME_T.md CURLINFO_CAINFO.md CURLINFO_CAPATH.md CURLINFO_CERTINFO.md CURLINFO_CONDITION_UNMET.md CURLINFO_CONNECT_TIME.md CURLINFO_CONNECT_TIME_T.md CURLINFO_CONN_ID.md CURLINFO_CONTENT_LENGTH_DOWNLOAD.md CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md CURLINFO_CONTENT_LENGTH_UPLOAD.md CURLINFO_CONTENT_LENGTH_UPLOAD_T.md CURLINFO_CONTENT_TYPE.md CURLINFO_COOKIELIST.md CURLINFO_EARLYDATA_SENT_T.md CURLINFO_EFFECTIVE_METHOD.md CURLINFO_EFFECTIVE_URL.md CURLINFO_FILETIME.md CURLINFO_FILETIME_T.md CURLINFO_FTP_ENTRY_PATH.md CURLINFO_HEADER_SIZE.md CURLINFO_HTTPAUTH_AVAIL.md CURLINFO_HTTPAUTH_USED.md CURLINFO_HTTP_CONNECTCODE.md CURLINFO_HTTP_VERSION.md CURLINFO_LASTSOCKET.md CURLINFO_LOCAL_IP.md CURLINFO_LOCAL_PORT.md CURLINFO_NAMELOOKUP_TIME.md CURLINFO_NAMELOOKUP_TIME_T.md CURLINFO_NUM_CONNECTS.md CURLINFO_OS_ERRNO.md CURLINFO_POSTTRANSFER_TIME_T.md CURLINFO_PRETRANSFER_TIME.md CURLINFO_PRETRANSFER_TIME_T.md CURLINFO_PRIMARY_IP.md CURLINFO_PRIMARY_PORT.md CURLINFO_PRIVATE.md CURLINFO_PROTOCOL.md CURLINFO_PROXYAUTH_AVAIL.md CURLINFO_PROXYAUTH_USED.md CURLINFO_PROXY_ERROR.md CURLINFO_PROXY_SSL_VERIFYRESULT.md CURLINFO_QUEUE_TIME_T.md CURLINFO_REDIRECT_COUNT.md CURLINFO_REDIRECT_TIME.md CURLINFO_REDIRECT_TIME_T.md CURLINFO_REDIRECT_URL.md CURLINFO_REFERER.md CURLINFO_REQUEST_SIZE.md CURLINFO_RESPONSE_CODE.md CURLINFO_RETRY_AFTER.md CURLINFO_RTSP_CLIENT_CSEQ.md CURLINFO_RTSP_CSEQ_RECV.md CURLINFO_RTSP_SERVER_CSEQ.md CURLINFO_RTSP_SESSION_ID.md CURLINFO_SCHEME.md CURLINFO_SIZE_DELIVERED.md CURLINFO_SIZE_DOWNLOAD.md CURLINFO_SIZE_DOWNLOAD_T.md CURLINFO_SIZE_UPLOAD.md CURLINFO_SIZE_UPLOAD_T.md CURLINFO_SPEED_DOWNLOAD.md CURLINFO_SPEED_DOWNLOAD_T.md CURLINFO_SPEED_UPLOAD.md CURLINFO_SPEED_UPLOAD_T.md CURLINFO_SSL_ENGINES.md CURLINFO_SSL_VERIFYRESULT.md CURLINFO_STARTTRANSFER_TIME.md CURLINFO_STARTTRANSFER_TIME_T.md CURLINFO_TLS_SESSION.md CURLINFO_TLS_SSL_PTR.md CURLINFO_TOTAL_TIME.md CURLINFO_TOTAL_TIME_T.md CURLINFO_USED_PROXY.md CURLINFO_XFER_ID.md CURLMINFO_XFERS_ADDED.md CURLMINFO_XFERS_CURRENT.md CURLMINFO_XFERS_DONE.md CURLMINFO_XFERS_PENDING.md CURLMINFO_XFERS_RUNNING.md CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md CURLMOPT_MAXCONNECTS.md CURLMOPT_MAX_CONCURRENT_STREAMS.md CURLMOPT_MAX_HOST_CONNECTIONS.md CURLMOPT_MAX_PIPELINE_LENGTH.md CURLMOPT_MAX_TOTAL_CONNECTIONS.md CURLMOPT_NETWORK_CHANGED.md CURLMOPT_NOTIFYDATA.md CURLMOPT_NOTIFYFUNCTION.md CURLMOPT_PIPELINING.md CURLMOPT_PIPELINING_SERVER_BL.md CURLMOPT_PIPELINING_SITE_BL.md CURLMOPT_PUSHDATA.md CURLMOPT_PUSHFUNCTION.md CURLMOPT_QUICK_EXIT.md CURLMOPT_RESOLVE_THREADS_MAX.md CURLMOPT_SOCKETDATA.md CURLMOPT_SOCKETFUNCTION.md CURLMOPT_TIMERDATA.md CURLMOPT_TIMERFUNCTION.md CURLOPT_ABSTRACT_UNIX_SOCKET.md CURLOPT_ACCEPTTIMEOUT_MS.md CURLOPT_ACCEPT_ENCODING.md CURLOPT_ADDRESS_SCOPE.md CURLOPT_ALTSVC.md CURLOPT_ALTSVC_CTRL.md CURLOPT_APPEND.md CURLOPT_AUTOREFERER.md CURLOPT_AWS_SIGV4.md CURLOPT_BUFFERSIZE.md CURLOPT_CAINFO.md CURLOPT_CAINFO_BLOB.md CURLOPT_CAPATH.md CURLOPT_CA_CACHE_TIMEOUT.md CURLOPT_CERTINFO.md CURLOPT_CHUNK_BGN_FUNCTION.md CURLOPT_CHUNK_DATA.md CURLOPT_CHUNK_END_FUNCTION.md CURLOPT_CLOSESOCKETDATA.md CURLOPT_CLOSESOCKETFUNCTION.md CURLOPT_CONNECTTIMEOUT.md CURLOPT_CONNECTTIMEOUT_MS.md CURLOPT_CONNECT_ONLY.md CURLOPT_CONNECT_TO.md CURLOPT_CONV_FROM_NETWORK_FUNCTION.md CURLOPT_CONV_FROM_UTF8_FUNCTION.md CURLOPT_CONV_TO_NETWORK_FUNCTION.md CURLOPT_COOKIE.md CURLOPT_COOKIEFILE.md CURLOPT_COOKIEJAR.md CURLOPT_COOKIELIST.md CURLOPT_COOKIESESSION.md CURLOPT_COPYPOSTFIELDS.md CURLOPT_CRLF.md CURLOPT_CRLFILE.md CURLOPT_CURLU.md CURLOPT_CUSTOMREQUEST.md CURLOPT_DEBUGDATA.md CURLOPT_DEBUGFUNCTION.md CURLOPT_DEFAULT_PROTOCOL.md CURLOPT_DIRLISTONLY.md CURLOPT_DISALLOW_USERNAME_IN_URL.md CURLOPT_DNS_CACHE_TIMEOUT.md CURLOPT_DNS_INTERFACE.md CURLOPT_DNS_LOCAL_IP4.md CURLOPT_DNS_LOCAL_IP6.md CURLOPT_DNS_SERVERS.md CURLOPT_DNS_SHUFFLE_ADDRESSES.md CURLOPT_DNS_USE_GLOBAL_CACHE.md CURLOPT_DOH_SSL_VERIFYHOST.md CURLOPT_DOH_SSL_VERIFYPEER.md CURLOPT_DOH_SSL_VERIFYSTATUS.md CURLOPT_DOH_URL.md CURLOPT_ECH.md CURLOPT_EGDSOCKET.md CURLOPT_ERRORBUFFER.md CURLOPT_EXPECT_100_TIMEOUT_MS.md CURLOPT_FAILONERROR.md CURLOPT_FILETIME.md CURLOPT_FNMATCH_DATA.md CURLOPT_FNMATCH_FUNCTION.md CURLOPT_FOLLOWLOCATION.md CURLOPT_FORBID_REUSE.md CURLOPT_FRESH_CONNECT.md CURLOPT_FTPPORT.md CURLOPT_FTPSSLAUTH.md CURLOPT_FTP_ACCOUNT.md CURLOPT_FTP_ALTERNATIVE_TO_USER.md CURLOPT_FTP_CREATE_MISSING_DIRS.md CURLOPT_FTP_FILEMETHOD.md CURLOPT_FTP_SKIP_PASV_IP.md CURLOPT_FTP_SSL_CCC.md CURLOPT_FTP_USE_EPRT.md CURLOPT_FTP_USE_EPSV.md CURLOPT_FTP_USE_PRET.md CURLOPT_GSSAPI_DELEGATION.md CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md CURLOPT_HAPROXYPROTOCOL.md CURLOPT_HAPROXY_CLIENT_IP.md CURLOPT_HEADER.md CURLOPT_HEADERDATA.md CURLOPT_HEADERFUNCTION.md CURLOPT_HEADEROPT.md CURLOPT_HSTS.md CURLOPT_HSTSREADDATA.md CURLOPT_HSTSREADFUNCTION.md CURLOPT_HSTSWRITEDATA.md CURLOPT_HSTSWRITEFUNCTION.md CURLOPT_HSTS_CTRL.md CURLOPT_HTTP09_ALLOWED.md CURLOPT_HTTP200ALIASES.md CURLOPT_HTTPAUTH.md CURLOPT_HTTPGET.md CURLOPT_HTTPHEADER.md CURLOPT_HTTPPOST.md CURLOPT_HTTPPROXYTUNNEL.md CURLOPT_HTTP_CONTENT_DECODING.md CURLOPT_HTTP_TRANSFER_DECODING.md CURLOPT_HTTP_VERSION.md CURLOPT_IGNORE_CONTENT_LENGTH.md CURLOPT_INFILESIZE.md CURLOPT_INFILESIZE_LARGE.md CURLOPT_INTERFACE.md CURLOPT_INTERLEAVEDATA.md CURLOPT_INTERLEAVEFUNCTION.md CURLOPT_IOCTLDATA.md CURLOPT_IOCTLFUNCTION.md CURLOPT_IPRESOLVE.md CURLOPT_ISSUERCERT.md CURLOPT_ISSUERCERT_BLOB.md CURLOPT_KEEP_SENDING_ON_ERROR.md CURLOPT_KEYPASSWD.md CURLOPT_KRBLEVEL.md CURLOPT_LOCALPORT.md CURLOPT_LOCALPORTRANGE.md CURLOPT_LOGIN_OPTIONS.md CURLOPT_LOW_SPEED_LIMIT.md CURLOPT_LOW_SPEED_TIME.md CURLOPT_MAIL_AUTH.md CURLOPT_MAIL_FROM.md CURLOPT_MAIL_RCPT.md CURLOPT_MAIL_RCPT_ALLOWFAILS.md CURLOPT_MAXAGE_CONN.md CURLOPT_MAXCONNECTS.md CURLOPT_MAXFILESIZE.md CURLOPT_MAXFILESIZE_LARGE.md CURLOPT_MAXLIFETIME_CONN.md CURLOPT_MAXREDIRS.md CURLOPT_MAX_RECV_SPEED_LARGE.md CURLOPT_MAX_SEND_SPEED_LARGE.md CURLOPT_MIMEPOST.md CURLOPT_MIME_OPTIONS.md CURLOPT_NETRC.md CURLOPT_NETRC_FILE.md CURLOPT_NEW_DIRECTORY_PERMS.md CURLOPT_NEW_FILE_PERMS.md CURLOPT_NOBODY.md CURLOPT_NOPROGRESS.md CURLOPT_NOPROXY.md CURLOPT_NOSIGNAL.md CURLOPT_OPENSOCKETDATA.md CURLOPT_OPENSOCKETFUNCTION.md CURLOPT_PASSWORD.md CURLOPT_PATH_AS_IS.md CURLOPT_PINNEDPUBLICKEY.md CURLOPT_PIPEWAIT.md CURLOPT_PORT.md CURLOPT_POST.md CURLOPT_POSTFIELDS.md CURLOPT_POSTFIELDSIZE.md CURLOPT_POSTFIELDSIZE_LARGE.md CURLOPT_POSTQUOTE.md CURLOPT_POSTREDIR.md CURLOPT_PREQUOTE.md CURLOPT_PREREQDATA.md CURLOPT_PREREQFUNCTION.md CURLOPT_PRE_PROXY.md CURLOPT_PRIVATE.md CURLOPT_PROGRESSDATA.md CURLOPT_PROGRESSFUNCTION.md CURLOPT_PROTOCOLS.md CURLOPT_PROTOCOLS_STR.md CURLOPT_PROXY.md CURLOPT_PROXYAUTH.md CURLOPT_PROXYHEADER.md CURLOPT_PROXYPASSWORD.md CURLOPT_PROXYPORT.md CURLOPT_PROXYTYPE.md CURLOPT_PROXYUSERNAME.md CURLOPT_PROXYUSERPWD.md CURLOPT_PROXY_CAINFO.md CURLOPT_PROXY_CAINFO_BLOB.md CURLOPT_PROXY_CAPATH.md CURLOPT_PROXY_CRLFILE.md CURLOPT_PROXY_ISSUERCERT.md CURLOPT_PROXY_ISSUERCERT_BLOB.md CURLOPT_PROXY_KEYPASSWD.md CURLOPT_PROXY_PINNEDPUBLICKEY.md CURLOPT_PROXY_SERVICE_NAME.md CURLOPT_PROXY_SSLCERT.md CURLOPT_PROXY_SSLCERTTYPE.md CURLOPT_PROXY_SSLCERT_BLOB.md CURLOPT_PROXY_SSLKEY.md CURLOPT_PROXY_SSLKEYTYPE.md CURLOPT_PROXY_SSLKEY_BLOB.md CURLOPT_PROXY_SSLVERSION.md CURLOPT_PROXY_SSL_CIPHER_LIST.md CURLOPT_PROXY_SSL_OPTIONS.md CURLOPT_PROXY_SSL_VERIFYHOST.md CURLOPT_PROXY_SSL_VERIFYPEER.md CURLOPT_PROXY_TLS13_CIPHERS.md CURLOPT_PROXY_TLSAUTH_PASSWORD.md CURLOPT_PROXY_TLSAUTH_TYPE.md CURLOPT_PROXY_TLSAUTH_USERNAME.md CURLOPT_PROXY_TRANSFER_MODE.md CURLOPT_PUT.md CURLOPT_QUICK_EXIT.md CURLOPT_QUOTE.md CURLOPT_RANDOM_FILE.md CURLOPT_RANGE.md CURLOPT_READDATA.md CURLOPT_READFUNCTION.md CURLOPT_REDIR_PROTOCOLS.md CURLOPT_REDIR_PROTOCOLS_STR.md CURLOPT_REFERER.md CURLOPT_REQUEST_TARGET.md CURLOPT_RESOLVE.md CURLOPT_RESOLVER_START_DATA.md CURLOPT_RESOLVER_START_FUNCTION.md CURLOPT_RESUME_FROM.md CURLOPT_RESUME_FROM_LARGE.md CURLOPT_RTSP_CLIENT_CSEQ.md CURLOPT_RTSP_REQUEST.md CURLOPT_RTSP_SERVER_CSEQ.md CURLOPT_RTSP_SESSION_ID.md CURLOPT_RTSP_STREAM_URI.md CURLOPT_RTSP_TRANSPORT.md CURLOPT_SASL_AUTHZID.md CURLOPT_SASL_IR.md CURLOPT_SEEKDATA.md CURLOPT_SEEKFUNCTION.md CURLOPT_SERVER_RESPONSE_TIMEOUT.md CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md CURLOPT_SERVICE_NAME.md CURLOPT_SHARE.md CURLOPT_SOCKOPTDATA.md CURLOPT_SOCKOPTFUNCTION.md CURLOPT_SOCKS5_AUTH.md CURLOPT_SOCKS5_GSSAPI_NEC.md CURLOPT_SOCKS5_GSSAPI_SERVICE.md CURLOPT_SSH_AUTH_TYPES.md CURLOPT_SSH_COMPRESSION.md CURLOPT_SSH_HOSTKEYDATA.md CURLOPT_SSH_HOSTKEYFUNCTION.md CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md CURLOPT_SSH_KEYDATA.md CURLOPT_SSH_KEYFUNCTION.md CURLOPT_SSH_KNOWNHOSTS.md CURLOPT_SSH_PRIVATE_KEYFILE.md CURLOPT_SSH_PUBLIC_KEYFILE.md CURLOPT_SSLCERT.md CURLOPT_SSLCERTTYPE.md CURLOPT_SSLCERT_BLOB.md CURLOPT_SSLENGINE.md CURLOPT_SSLENGINE_DEFAULT.md CURLOPT_SSLKEY.md CURLOPT_SSLKEYTYPE.md CURLOPT_SSLKEY_BLOB.md CURLOPT_SSLVERSION.md CURLOPT_SSL_CIPHER_LIST.md CURLOPT_SSL_CTX_DATA.md CURLOPT_SSL_CTX_FUNCTION.md CURLOPT_SSL_EC_CURVES.md CURLOPT_SSL_ENABLE_ALPN.md CURLOPT_SSL_ENABLE_NPN.md CURLOPT_SSL_FALSESTART.md CURLOPT_SSL_OPTIONS.md CURLOPT_SSL_SESSIONID_CACHE.md CURLOPT_SSL_SIGNATURE_ALGORITHMS.md CURLOPT_SSL_VERIFYHOST.md CURLOPT_SSL_VERIFYPEER.md CURLOPT_SSL_VERIFYSTATUS.md CURLOPT_STDERR.md CURLOPT_STREAM_DEPENDS.md CURLOPT_STREAM_DEPENDS_E.md CURLOPT_STREAM_WEIGHT.md CURLOPT_SUPPRESS_CONNECT_HEADERS.md CURLOPT_TCP_FASTOPEN.md CURLOPT_TCP_KEEPALIVE.md CURLOPT_TCP_KEEPCNT.md CURLOPT_TCP_KEEPIDLE.md CURLOPT_TCP_KEEPINTVL.md CURLOPT_TCP_NODELAY.md CURLOPT_TELNETOPTIONS.md CURLOPT_TFTP_BLKSIZE.md CURLOPT_TFTP_NO_OPTIONS.md CURLOPT_TIMECONDITION.md CURLOPT_TIMEOUT.md CURLOPT_TIMEOUT_MS.md CURLOPT_TIMEVALUE.md CURLOPT_TIMEVALUE_LARGE.md CURLOPT_TLS13_CIPHERS.md CURLOPT_TLSAUTH_PASSWORD.md CURLOPT_TLSAUTH_TYPE.md CURLOPT_TLSAUTH_USERNAME.md CURLOPT_TRAILERDATA.md CURLOPT_TRAILERFUNCTION.md CURLOPT_TRANSFERTEXT.md CURLOPT_TRANSFER_ENCODING.md CURLOPT_UNIX_SOCKET_PATH.md CURLOPT_UNRESTRICTED_AUTH.md CURLOPT_UPKEEP_INTERVAL_MS.md CURLOPT_UPLOAD.md CURLOPT_UPLOAD_BUFFERSIZE.md CURLOPT_UPLOAD_FLAGS.md CURLOPT_URL.md CURLOPT_USERAGENT.md CURLOPT_USERNAME.md CURLOPT_USERPWD.md CURLOPT_USE_SSL.md CURLOPT_VERBOSE.md CURLOPT_WILDCARDMATCH.md CURLOPT_WRITEDATA.md CURLOPT_WRITEFUNCTION.md CURLOPT_WS_OPTIONS.md CURLOPT_XFERINFODATA.md CURLOPT_XFERINFOFUNCTION.md CURLOPT_XOAUTH2_BEARER.md CURLSHOPT_LOCKFUNC.md CURLSHOPT_SHARE.md CURLSHOPT_UNLOCKFUNC.md CURLSHOPT_UNSHARE.md CURLSHOPT_USERDATA.md Makefile.am Makefile.inc
.gitignore ABI.md CMakeLists.txt Makefile.am Makefile.inc curl_easy_cleanup.md curl_easy_duphandle.md curl_easy_escape.md curl_easy_getinfo.md curl_easy_header.md curl_easy_init.md curl_easy_nextheader.md curl_easy_option_by_id.md curl_easy_option_by_name.md curl_easy_option_next.md curl_easy_pause.md curl_easy_perform.md curl_easy_recv.md curl_easy_reset.md curl_easy_send.md curl_easy_setopt.md curl_easy_ssls_export.md curl_easy_ssls_import.md curl_easy_strerror.md curl_easy_unescape.md curl_easy_upkeep.md curl_escape.md curl_formadd.md curl_formfree.md curl_formget.md curl_free.md curl_getdate.md curl_getenv.md curl_global_cleanup.md curl_global_init.md curl_global_init_mem.md curl_global_sslset.md curl_global_trace.md curl_mime_addpart.md curl_mime_data.md curl_mime_data_cb.md curl_mime_encoder.md curl_mime_filedata.md curl_mime_filename.md curl_mime_free.md curl_mime_headers.md curl_mime_init.md curl_mime_name.md curl_mime_subparts.md curl_mime_type.md curl_mprintf.md curl_multi_add_handle.md curl_multi_assign.md curl_multi_cleanup.md curl_multi_fdset.md curl_multi_get_handles.md curl_multi_get_offt.md curl_multi_info_read.md curl_multi_init.md curl_multi_notify_disable.md curl_multi_notify_enable.md curl_multi_perform.md curl_multi_poll.md curl_multi_remove_handle.md curl_multi_setopt.md curl_multi_socket.md curl_multi_socket_action.md curl_multi_socket_all.md curl_multi_strerror.md curl_multi_timeout.md curl_multi_wait.md curl_multi_waitfds.md curl_multi_wakeup.md curl_pushheader_byname.md curl_pushheader_bynum.md curl_share_cleanup.md curl_share_init.md curl_share_setopt.md curl_share_strerror.md curl_slist_append.md curl_slist_free_all.md curl_strequal.md curl_strnequal.md curl_unescape.md curl_url.md curl_url_cleanup.md curl_url_dup.md curl_url_get.md curl_url_set.md curl_url_strerror.md curl_version.md curl_version_info.md curl_ws_meta.md curl_ws_recv.md curl_ws_send.md curl_ws_start_frame.md libcurl-easy.md libcurl-env-dbg.md libcurl-env.md libcurl-errors.md libcurl-multi.md libcurl-security.md libcurl-share.md libcurl-thread.md libcurl-tutorial.md libcurl-url.md libcurl-ws.md libcurl.m4 libcurl.md mksymbolsmanpage.pl symbols-in-versions symbols.pl
tests CI.md FILEFORMAT.md HTTP.md TEST-SUITE.md
.gitignore ALTSVC.md BINDINGS.md BUG-BOUNTY.md BUGS.md CIPHERS-TLS12.md CIPHERS.md CMakeLists.txt CODE_OF_CONDUCT.md CODE_REVIEW.md CONTRIBUTE.md CURL-DISABLE.md CURLDOWN.md DEPRECATE.md DISTROS.md EARLY-RELEASE.md ECH.md EXPERIMENTAL.md FAQ.md FEATURES.md GOVERNANCE.md HELP-US.md HISTORY.md HSTS.md HTTP-COOKIES.md HTTP3.md HTTPSRR.md INFRASTRUCTURE.md INSTALL-CMAKE.md INSTALL.md INTERNALS.md IPFS.md KNOWN_BUGS.md KNOWN_RISKS.md MAIL-ETIQUETTE.md MANUAL.md Makefile.am README.md RELEASE-PROCEDURE.md ROADMAP.md RUSTLS.md SECURITY-ADVISORY.md SPONSORS.md SSL-PROBLEMS.md SSLCERTS.md THANKS THANKS-filter TODO.md TheArtOfHttpScripting.md URL-SYNTAX.md VERIFY.md VERSIONS.md VULN-DISCLOSURE-POLICY.md curl-config.md mk-ca-bundle.md options-in-versions runtests.md testcurl.md wcurl.md
include
curl Makefile.am curl.h curlver.h easy.h header.h mprintf.h multi.h options.h stdcheaders.h system.h typecheck-gcc.h urlapi.h websockets.h
Makefile.am README.md
lib
curlx base64.c base64.h basename.c basename.h dynbuf.c dynbuf.h fopen.c fopen.h inet_ntop.c inet_ntop.h inet_pton.c inet_pton.h multibyte.c multibyte.h nonblock.c nonblock.h snprintf.c snprintf.h strcopy.c strcopy.h strdup.c strdup.h strerr.c strerr.h strparse.c strparse.h timediff.c timediff.h timeval.c timeval.h version_win32.c version_win32.h wait.c wait.h warnless.c warnless.h winapi.c winapi.h
vauth cleartext.c cram.c digest.c digest.h digest_sspi.c gsasl.c krb5_gssapi.c krb5_sspi.c ntlm.c ntlm_sspi.c oauth2.c spnego_gssapi.c spnego_sspi.c vauth.c vauth.h
vquic curl_ngtcp2.c curl_ngtcp2.h curl_quiche.c curl_quiche.h vquic-tls.c vquic-tls.h vquic.c vquic.h vquic_int.h
vssh libssh.c libssh2.c ssh.h vssh.c vssh.h
vtls apple.c apple.h cipher_suite.c cipher_suite.h gtls.c gtls.h hostcheck.c hostcheck.h keylog.c keylog.h mbedtls.c mbedtls.h openssl.c openssl.h rustls.c rustls.h schannel.c schannel.h schannel_int.h schannel_verify.c vtls.c vtls.h vtls_int.h vtls_scache.c vtls_scache.h vtls_spack.c vtls_spack.h wolfssl.c wolfssl.h x509asn1.c x509asn1.h
.gitignore CMakeLists.txt Makefile.am Makefile.inc Makefile.soname altsvc.c altsvc.h amigaos.c amigaos.h arpa_telnet.h asyn-ares.c asyn-base.c asyn-thrdd.c asyn.h bufq.c bufq.h bufref.c bufref.h cf-dns.c cf-dns.h cf-h1-proxy.c cf-h1-proxy.h cf-h2-proxy.c cf-h2-proxy.h cf-haproxy.c cf-haproxy.h cf-https-connect.c cf-https-connect.h cf-ip-happy.c cf-ip-happy.h cf-socket.c cf-socket.h cfilters.c cfilters.h config-mac.h config-os400.h config-riscos.h config-win32.h conncache.c conncache.h connect.c connect.h content_encoding.c content_encoding.h cookie.c cookie.h creds.c creds.h cshutdn.c cshutdn.h curl_addrinfo.c curl_addrinfo.h curl_config-cmake.h.in curl_ctype.h curl_endian.c curl_endian.h curl_fnmatch.c curl_fnmatch.h curl_fopen.c curl_fopen.h curl_get_line.c curl_get_line.h curl_gethostname.c curl_gethostname.h curl_gssapi.c curl_gssapi.h curl_hmac.h curl_ldap.h curl_md4.h curl_md5.h curl_memrchr.c curl_memrchr.h curl_ntlm_core.c curl_ntlm_core.h curl_printf.h curl_range.c curl_range.h curl_sasl.c curl_sasl.h curl_setup.h curl_sha256.h curl_sha512_256.c curl_sha512_256.h curl_share.c curl_share.h curl_sspi.c curl_sspi.h curl_threads.c curl_threads.h curl_trc.c curl_trc.h cw-out.c cw-out.h cw-pause.c cw-pause.h dict.c dict.h dllmain.c dnscache.c dnscache.h doh.c doh.h dynhds.c dynhds.h easy.c easy_lock.h easygetopt.c easyif.h easyoptions.c easyoptions.h escape.c escape.h fake_addrinfo.c fake_addrinfo.h file.c file.h fileinfo.c fileinfo.h formdata.c formdata.h ftp-int.h ftp.c ftp.h ftplistparser.c ftplistparser.h functypes.h getenv.c getinfo.c getinfo.h gopher.c gopher.h hash.c hash.h headers.c headers.h hmac.c hostip.c hostip.h hostip4.c hostip6.c hsts.c hsts.h http.c http.h http1.c http1.h http2.c http2.h http_aws_sigv4.c http_aws_sigv4.h http_chunks.c http_chunks.h http_digest.c http_digest.h http_negotiate.c http_negotiate.h http_ntlm.c http_ntlm.h http_proxy.c http_proxy.h httpsrr.c httpsrr.h idn.c idn.h if2ip.c if2ip.h imap.c imap.h ldap.c libcurl.def libcurl.rc libcurl.vers.in llist.c llist.h macos.c macos.h md4.c md5.c memdebug.c mime.c mime.h mprintf.c mqtt.c mqtt.h multi.c multi_ev.c multi_ev.h multi_ntfy.c multi_ntfy.h multihandle.h multiif.h netrc.c netrc.h noproxy.c noproxy.h openldap.c optiontable.pl parsedate.c parsedate.h peer.c peer.h pingpong.c pingpong.h pop3.c pop3.h progress.c progress.h protocol.c protocol.h psl.c psl.h rand.c rand.h ratelimit.c ratelimit.h request.c request.h rtsp.c rtsp.h select.c select.h sendf.c sendf.h setopt.c setopt.h setup-os400.h setup-vms.h setup-win32.h sha256.c sigpipe.h slist.c slist.h smb.c smb.h smtp.c smtp.h sockaddr.h socketpair.c socketpair.h socks.c socks.h socks_gssapi.c socks_sspi.c splay.c splay.h strcase.c strcase.h strequal.c strerror.c strerror.h system_win32.c system_win32.h telnet.c telnet.h tftp.c tftp.h thrdpool.c thrdpool.h thrdqueue.c thrdqueue.h transfer.c transfer.h uint-bset.c uint-bset.h uint-hash.c uint-hash.h uint-spbset.c uint-spbset.h uint-table.c uint-table.h url.c url.h urlapi-int.h urlapi.c urldata.h version.c ws.c ws.h
m4 .gitignore curl-amissl.m4 curl-apple-sectrust.m4 curl-compilers.m4 curl-confopts.m4 curl-functions.m4 curl-gnutls.m4 curl-mbedtls.m4 curl-openssl.m4 curl-override.m4 curl-reentrant.m4 curl-rustls.m4 curl-schannel.m4 curl-sysconfig.m4 curl-wolfssl.m4 xc-am-iface.m4 xc-cc-check.m4 xc-lt-iface.m4 xc-val-flgs.m4 zz40-xc-ovr.m4 zz50-xc-ovr.m4
projects
OS400
rpg-examples HEADERAPI HTTPPOST INMEMORY SIMPLE1 SIMPLE2 SMTPSRCMBR
.checksrc README.OS400 ccsidcurl.c ccsidcurl.h config400.default curl.cmd curl.inc.in curlcl.c curlmain.c initscript.sh make-docs.sh make-include.sh make-lib.sh make-src.sh make-tests.sh makefile.sh os400sys.c os400sys.h
Windows
tmpl .gitattributes README.txt curl-all.sln curl.sln curl.vcxproj curl.vcxproj.filters libcurl.sln libcurl.vcxproj libcurl.vcxproj.filters
.gitignore README.md generate.bat
vms Makefile.am backup_gnv_curl_src.com build_curl-config_script.com build_gnv_curl.com build_gnv_curl_pcsi_desc.com build_gnv_curl_pcsi_text.com build_gnv_curl_release_notes.com build_libcurl_pc.com build_vms.com clean_gnv_curl.com compare_curl_source.com config_h.com curl_crtl_init.c curl_gnv_build_steps.txt curl_release_note_start.txt curl_startup.com curlmsg.h curlmsg.msg curlmsg.sdl curlmsg_vms.h generate_config_vms_h_curl.com generate_vax_transfer.com gnv_conftest.c_first gnv_curl_configure.sh gnv_libcurl_symbols.opt gnv_link_curl.com macro32_exactcase.patch make_gnv_curl_install.sh make_pcsi_curl_kit_name.com pcsi_gnv_curl_file_list.txt pcsi_product_gnv_curl.com readme report_openssl_version.c setup_gnv_curl_build.com stage_curl_install.com vms_eco_level.h
Makefile.am README.md
scripts .checksrc CMakeLists.txt Makefile.am badwords badwords-all badwords.txt cd2cd cd2nroff cdall checksrc-all.pl checksrc.pl cmakelint.sh completion.pl contributors.sh contrithanks.sh coverage.sh delta dmaketgz extract-unit-protos firefox-db2pem.sh installcheck.sh maketgz managen mdlinkcheck mk-ca-bundle.pl mk-unity.pl nroff2cd perlcheck.sh pythonlint.sh randdisable release-notes.pl release-tools.sh schemetable.c singleuse.pl spacecheck.pl top-complexity top-length verify-release wcurl
src
toolx tool_time.c tool_time.h
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc config2setopts.c config2setopts.h curl.rc curlinfo.c mk-file-embed.pl mkhelp.pl slist_wc.c slist_wc.h terminal.c terminal.h tool_cb_dbg.c tool_cb_dbg.h tool_cb_hdr.c tool_cb_hdr.h tool_cb_prg.c tool_cb_prg.h tool_cb_rea.c tool_cb_rea.h tool_cb_see.c tool_cb_see.h tool_cb_soc.c tool_cb_soc.h tool_cb_wrt.c tool_cb_wrt.h tool_cfgable.c tool_cfgable.h tool_dirhie.c tool_dirhie.h tool_doswin.c tool_doswin.h tool_easysrc.c tool_easysrc.h tool_filetime.c tool_filetime.h tool_findfile.c tool_findfile.h tool_formparse.c tool_formparse.h tool_getparam.c tool_getparam.h tool_getpass.c tool_getpass.h tool_help.c tool_help.h tool_helpers.c tool_helpers.h tool_hugehelp.h tool_ipfs.c tool_ipfs.h tool_libinfo.c tool_libinfo.h tool_listhelp.c tool_main.c tool_main.h tool_msgs.c tool_msgs.h tool_operate.c tool_operate.h tool_operhlp.c tool_operhlp.h tool_paramhlp.c tool_paramhlp.h tool_parsecfg.c tool_parsecfg.h tool_progress.c tool_progress.h tool_sdecls.h tool_setopt.c tool_setopt.h tool_setup.h tool_ssls.c tool_ssls.h tool_stderr.c tool_stderr.h tool_urlglob.c tool_urlglob.h tool_util.c tool_util.h tool_version.h tool_vms.c tool_vms.h tool_writeout.c tool_writeout.h tool_writeout_json.c tool_writeout_json.h tool_xattr.c tool_xattr.h var.c var.h
tests
certs .gitignore CMakeLists.txt Makefile.am Makefile.inc genserv.pl srp-verifier-conf srp-verifier-db test-ca.cnf test-ca.prm test-client-cert.prm test-client-eku-only.prm test-localhost-san-first.prm test-localhost-san-last.prm test-localhost.nn.prm test-localhost.prm test-localhost0h.prm
cmake CMakeLists.txt test.c test.cpp test.sh
data .gitignore DISABLED Makefile.am data-xml1 data1400.c data1401.c data1402.c data1403.c data1404.c data1405.c data1406.c data1407.c data1420.c data1461.txt data1463.txt data1465.c data1481.c data1705-1.md data1705-2.md data1705-3.md data1705-4.md data1705-stdout.1 data1706-1.md data1706-2.md data1706-3.md data1706-4.md data1706-stdout.txt data320.html test1 test10 test100 test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 test1008 test1009 test101 test1010 test1011 test1012 test1013 test1014 test1015 test1016 test1017 test1018 test1019 test102 test1020 test1021 test1022 test1023 test1024 test1025 test1026 test1027 test1028 test1029 test103 test1030 test1031 test1032 test1033 test1034 test1035 test1036 test1037 test1038 test1039 test104 test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 test1048 test1049 test105 test1050 test1051 test1052 test1053 test1054 test1055 test1056 test1057 test1058 test1059 test106 test1060 test1061 test1062 test1063 test1064 test1065 test1066 test1067 test1068 test1069 test107 test1070 test1071 test1072 test1073 test1074 test1075 test1076 test1077 test1078 test1079 test108 test1080 test1081 test1082 test1083 test1084 test1085 test1086 test1087 test1088 test1089 test109 test1090 test1091 test1092 test1093 test1094 test1095 test1096 test1097 test1098 test1099 test11 test110 test1100 test1101 test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 test111 test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 test112 test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 test1128 test1129 test113 test1130 test1131 test1132 test1133 test1134 test1135 test1136 test1137 test1138 test1139 test114 test1140 test1141 test1142 test1143 test1144 test1145 test1146 test1147 test1148 test1149 test115 test1150 test1151 test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 test116 test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 test1168 test1169 test117 test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 test1178 test1179 test118 test1180 test1181 test1182 test1183 test1184 test1185 test1186 test1187 test1188 test1189 test119 test1190 test1191 test1192 test1193 test1194 test1195 test1196 test1197 test1198 test1199 test12 test120 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 test1208 test1209 test121 test1210 test1211 test1212 test1213 test1214 test1215 test1216 test1217 test1218 test1219 test122 test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 test1228 test1229 test123 test1230 test1231 test1232 test1233 test1234 test1235 test1236 test1237 test1238 test1239 test124 test1240 test1241 test1242 test1243 test1244 test1245 test1246 test1247 test1248 test1249 test125 test1250 test1251 test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 test126 test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 test1268 test1269 test127 test1270 test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 test1279 test128 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 test1288 test1289 test129 test1290 test1291 test1292 test1293 test1294 test1295 test1296 test1297 test1298 test1299 test13 test130 test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 test1309 test131 test1310 test1311 test1312 test1313 test1314 test1315 test1316 test1317 test1318 test1319 test132 test1320 test1321 test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 test133 test1330 test1331 test1332 test1333 test1334 test1335 test1336 test1337 test1338 test1339 test134 test1340 test1341 test1342 test1343 test1344 test1345 test1346 test1347 test1348 test1349 test135 test1350 test1351 test1352 test1353 test1354 test1355 test1356 test1357 test1358 test1359 test136 test1360 test1361 test1362 test1363 test1364 test1365 test1366 test1367 test1368 test1369 test137 test1370 test1371 test1372 test1373 test1374 test1375 test1376 test1377 test1378 test1379 test138 test1380 test1381 test1382 test1383 test1384 test1385 test1386 test1387 test1388 test1389 test139 test1390 test1391 test1392 test1393 test1394 test1395 test1396 test1397 test1398 test1399 test14 test140 test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 test1408 test1409 test141 test1410 test1411 test1412 test1413 test1414 test1415 test1416 test1417 test1418 test1419 test142 test1420 test1421 test1422 test1423 test1424 test1425 test1426 test1427 test1428 test1429 test143 test1430 test1431 test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 test144 test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 test1448 test1449 test145 test1450 test1451 test1452 test1453 test1454 test1455 test1456 test1457 test1458 test1459 test146 test1460 test1461 test1462 test1463 test1464 test1465 test1466 test1467 test1468 test1469 test147 test1470 test1471 test1472 test1473 test1474 test1475 test1476 test1477 test1478 test1479 test148 test1480 test1481 test1482 test1483 test1484 test1485 test1486 test1487 test1488 test1489 test149 test1490 test1491 test1492 test1493 test1494 test1495 test1496 test1497 test1498 test1499 test15 test150 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 test1508 test1509 test151 test1510 test1511 test1512 test1513 test1514 test1515 test1516 test1517 test1518 test1519 test152 test1520 test1521 test1522 test1523 test1524 test1525 test1526 test1527 test1528 test1529 test153 test1530 test1531 test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 test154 test1540 test1541 test1542 test1543 test1544 test1545 test1546 test1547 test1548 test1549 test155 test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 test1558 test1559 test156 test1560 test1561 test1562 test1563 test1564 test1565 test1566 test1567 test1568 test1569 test157 test1570 test1571 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 test158 test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 test1588 test1589 test159 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 test1598 test1599 test16 test160 test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 test1608 test1609 test161 test1610 test1611 test1612 test1613 test1614 test1615 test1616 test1617 test1618 test1619 test162 test1620 test1621 test1622 test1623 test1624 test1625 test1626 test1627 test1628 test1629 test163 test1630 test1631 test1632 test1633 test1634 test1635 test1636 test1637 test1638 test1639 test164 test1640 test1641 test1642 test1643 test1644 test1645 test165 test1650 test1651 test1652 test1653 test1654 test1655 test1656 test1657 test1658 test1659 test166 test1660 test1661 test1662 test1663 test1664 test1665 test1666 test1667 test1668 test1669 test167 test1670 test1671 test1672 test1673 test1674 test1675 test1676 test168 test1680 test1681 test1682 test1683 test1684 test1685 test169 test17 test170 test1700 test1701 test1702 test1703 test1704 test1705 test1706 test1707 test1708 test1709 test171 test1710 test1711 test1712 test1713 test1714 test1715 test172 test1720 test1721 test173 test174 test175 test176 test177 test178 test179 test18 test180 test1800 test1801 test1802 test181 test182 test183 test184 test1847 test1848 test1849 test185 test1850 test1851 test186 test187 test188 test189 test19 test190 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 test1908 test1909 test191 test1910 test1911 test1912 test1913 test1914 test1915 test1916 test1917 test1918 test1919 test192 test1920 test1921 test193 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test194 test1940 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 test195 test1955 test1956 test1957 test1958 test1959 test196 test1960 test1964 test1965 test1966 test197 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 test1978 test1979 test198 test1980 test1981 test1982 test1983 test1984 test199 test2 test20 test200 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 test2008 test2009 test201 test2010 test2011 test2012 test2013 test2014 test202 test2023 test2024 test2025 test2026 test2027 test2028 test2029 test203 test2030 test2031 test2032 test2033 test2034 test2035 test2037 test2038 test2039 test204 test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 test2048 test2049 test205 test2050 test2051 test2052 test2053 test2054 test2055 test2056 test2057 test2058 test2059 test206 test2060 test2061 test2062 test2063 test2064 test2065 test2066 test2067 test2068 test2069 test207 test2070 test2071 test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 test208 test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 test2088 test2089 test209 test2090 test2091 test2092 test21 test210 test2100 test2101 test2102 test2103 test2104 test211 test212 test213 test214 test215 test216 test217 test218 test219 test22 test220 test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 test221 test222 test223 test224 test225 test226 test227 test228 test229 test23 test230 test2300 test2301 test2302 test2303 test2304 test2306 test2307 test2308 test2309 test231 test232 test233 test234 test235 test236 test237 test238 test239 test24 test240 test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 test2408 test2409 test241 test2410 test2411 test242 test243 test244 test245 test246 test247 test248 test249 test25 test250 test2500 test2501 test2502 test2503 test2504 test2505 test2506 test251 test252 test253 test254 test255 test256 test257 test258 test259 test26 test260 test2600 test2601 test2602 test2603 test2604 test2605 test261 test262 test263 test264 test265 test266 test267 test268 test269 test27 test270 test2700 test2701 test2702 test2703 test2704 test2705 test2706 test2707 test2708 test2709 test271 test2710 test2711 test2712 test2713 test2714 test2715 test2716 test2717 test2718 test2719 test272 test2720 test2721 test2722 test2723 test273 test274 test275 test276 test277 test278 test279 test28 test280 test281 test282 test283 test284 test285 test286 test287 test288 test289 test29 test290 test291 test292 test293 test294 test295 test296 test297 test298 test299 test3 test30 test300 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 test3008 test3009 test301 test3010 test3011 test3012 test3013 test3014 test3015 test3016 test3017 test3018 test3019 test302 test3020 test3021 test3022 test3023 test3024 test3025 test3026 test3027 test3028 test3029 test303 test3030 test3031 test3032 test3033 test3034 test3035 test3036 test304 test305 test306 test307 test308 test309 test31 test310 test3100 test3101 test3102 test3103 test3104 test3105 test3106 test311 test312 test313 test314 test315 test316 test317 test318 test319 test32 test320 test3200 test3201 test3202 test3203 test3204 test3205 test3206 test3207 test3208 test3209 test321 test3210 test3211 test3212 test3213 test3214 test3215 test3216 test3217 test3218 test3219 test322 test3220 test323 test324 test325 test326 test327 test328 test329 test33 test330 test3300 test3301 test3302 test331 test332 test333 test334 test335 test336 test337 test338 test339 test34 test340 test341 test342 test343 test344 test345 test346 test347 test348 test349 test35 test350 test351 test352 test353 test354 test355 test356 test357 test358 test359 test36 test360 test361 test362 test363 test364 test365 test366 test367 test368 test369 test37 test370 test371 test372 test373 test374 test375 test376 test378 test379 test38 test380 test381 test383 test384 test385 test386 test387 test388 test389 test39 test390 test391 test392 test393 test394 test395 test396 test397 test398 test399 test4 test40 test400 test4000 test4001 test401 test402 test403 test404 test405 test406 test407 test408 test409 test41 test410 test411 test412 test413 test414 test415 test416 test417 test418 test419 test42 test420 test421 test422 test423 test424 test425 test426 test427 test428 test429 test43 test430 test431 test432 test433 test434 test435 test436 test437 test438 test439 test44 test440 test441 test442 test443 test444 test445 test446 test447 test448 test449 test45 test450 test451 test452 test453 test454 test455 test456 test457 test458 test459 test46 test460 test461 test462 test463 test467 test468 test469 test47 test470 test471 test472 test473 test474 test475 test476 test477 test478 test479 test48 test480 test481 test482 test483 test484 test485 test486 test487 test488 test489 test49 test490 test491 test492 test493 test494 test495 test496 test497 test498 test499 test5 test50 test500 test501 test502 test503 test504 test505 test506 test507 test508 test509 test51 test510 test511 test512 test513 test514 test515 test516 test517 test518 test519 test52 test520 test521 test522 test523 test524 test525 test526 test527 test528 test529 test53 test530 test531 test532 test533 test534 test535 test536 test537 test538 test539 test54 test540 test541 test542 test543 test544 test545 test546 test547 test548 test549 test55 test550 test551 test552 test553 test554 test555 test556 test557 test558 test559 test56 test560 test561 test562 test563 test564 test565 test566 test567 test568 test569 test57 test570 test571 test572 test573 test574 test575 test576 test577 test578 test579 test58 test580 test581 test582 test583 test584 test585 test586 test587 test588 test589 test59 test590 test591 test592 test593 test594 test595 test596 test597 test598 test599 test6 test60 test600 test601 test602 test603 test604 test605 test606 test607 test608 test609 test61 test610 test611 test612 test613 test614 test615 test616 test617 test618 test619 test62 test620 test621 test622 test623 test624 test625 test626 test627 test628 test629 test63 test630 test631 test632 test633 test634 test635 test636 test637 test638 test639 test64 test640 test641 test642 test643 test644 test645 test646 test647 test648 test649 test65 test650 test651 test652 test653 test654 test655 test656 test658 test659 test66 test660 test661 test662 test663 test664 test665 test666 test667 test668 test669 test67 test670 test671 test672 test673 test674 test675 test676 test677 test678 test679 test68 test680 test681 test682 test683 test684 test685 test686 test687 test688 test689 test69 test690 test691 test692 test693 test694 test695 test696 test697 test698 test699 test7 test70 test700 test701 test702 test703 test704 test705 test706 test707 test708 test709 test71 test710 test711 test712 test713 test714 test715 test716 test717 test718 test719 test72 test720 test721 test722 test723 test724 test725 test726 test727 test728 test729 test73 test730 test731 test732 test733 test734 test735 test736 test737 test738 test739 test74 test740 test741 test742 test743 test744 test745 test746 test747 test748 test749 test75 test750 test751 test752 test753 test754 test755 test756 test757 test758 test759 test76 test760 test761 test762 test763 test764 test765 test766 test767 test768 test769 test77 test770 test771 test772 test773 test774 test775 test776 test777 test778 test779 test78 test780 test781 test782 test783 test784 test785 test786 test787 test788 test789 test79 test790 test791 test792 test793 test794 test795 test796 test797 test798 test799 test8 test80 test800 test801 test802 test803 test804 test805 test806 test807 test808 test809 test81 test810 test811 test812 test813 test814 test815 test816 test817 test818 test819 test82 test820 test821 test822 test823 test824 test825 test826 test827 test828 test829 test83 test830 test831 test832 test833 test834 test835 test836 test837 test838 test839 test84 test840 test841 test842 test843 test844 test845 test846 test847 test848 test849 test85 test850 test851 test852 test853 test854 test855 test856 test857 test858 test859 test86 test860 test861 test862 test863 test864 test865 test866 test867 test868 test869 test87 test870 test871 test872 test873 test874 test875 test876 test877 test878 test879 test88 test880 test881 test882 test883 test884 test885 test886 test887 test888 test889 test89 test890 test891 test892 test893 test894 test895 test896 test897 test898 test899 test9 test90 test900 test901 test902 test903 test904 test905 test906 test907 test908 test909 test91 test910 test911 test912 test913 test914 test915 test916 test917 test918 test919 test92 test920 test921 test922 test923 test924 test925 test926 test927 test928 test929 test93 test930 test931 test932 test933 test934 test935 test936 test937 test938 test939 test94 test940 test941 test942 test943 test944 test945 test946 test947 test948 test949 test95 test950 test951 test952 test953 test954 test955 test956 test957 test958 test959 test96 test960 test961 test962 test963 test964 test965 test966 test967 test968 test969 test97 test970 test971 test972 test973 test974 test975 test976 test977 test978 test979 test98 test980 test981 test982 test983 test984 test985 test986 test987 test988 test989 test99 test990 test991 test992 test993 test994 test995 test996 test997 test998 test999
http
testenv
mod_curltest .gitignore mod_curltest.c
__init__.py caddy.py certs.py client.py curl.py dante.py dnsd.py env.py httpd.py nghttpx.py ports.py sshd.py vsftpd.py ws_echo_server.py
.gitignore CMakeLists.txt Makefile.am config.ini.in conftest.py requirements.txt scorecard.py test_01_basic.py test_02_download.py test_03_goaway.py test_04_stuttered.py test_05_errors.py test_06_eyeballs.py test_07_upload.py test_08_caddy.py test_09_push.py test_10_proxy.py test_11_unix.py test_12_reuse.py test_13_proxy_auth.py test_14_auth.py test_15_tracing.py test_16_info.py test_17_ssl_use.py test_18_methods.py test_19_shutdown.py test_20_websockets.py test_21_resolve.py test_22_httpsrr.py test_30_vsftpd.py test_31_vsftpds.py test_32_ftps_vsftpd.py test_40_socks.py test_50_scp.py test_51_sftp.py
libtest .gitignore CMakeLists.txt Makefile.am Makefile.inc cli_ftp_upload.c cli_h2_pausing.c cli_h2_serverpush.c cli_h2_upgrade_extreme.c cli_hx_download.c cli_hx_upload.c cli_tls_session_reuse.c cli_upload_pausing.c cli_ws_data.c cli_ws_pingpong.c first.c first.h lib1156.c lib1301.c lib1308.c lib1485.c lib1500.c lib1501.c lib1502.c lib1506.c lib1507.c lib1508.c lib1509.c lib1510.c lib1511.c lib1512.c lib1513.c lib1514.c lib1515.c lib1517.c lib1518.c lib1520.c lib1522.c lib1523.c lib1525.c lib1526.c lib1527.c lib1528.c lib1529.c lib1530.c lib1531.c lib1532.c lib1533.c lib1534.c lib1535.c lib1536.c lib1537.c lib1538.c lib1540.c lib1541.c lib1542.c lib1545.c lib1549.c lib1550.c lib1551.c lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c lib1559.c lib1560.c lib1564.c lib1565.c lib1567.c lib1568.c lib1569.c lib1571.c lib1576.c lib1582.c lib1587.c lib1588.c lib1589.c lib1591.c lib1592.c lib1593.c lib1594.c lib1597.c lib1598.c lib1599.c lib1662.c lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c lib1908.c lib1910.c lib1911.c lib1912.c lib1913.c lib1915.c lib1916.c lib1918.c lib1919.c lib1920.c lib1921.c lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c lib1940.c lib1945.c lib1947.c lib1948.c lib1955.c lib1956.c lib1957.c lib1958.c lib1959.c lib1960.c lib1964.c lib1965.c lib1970.c lib1971.c lib1972.c lib1973.c lib1974.c lib1975.c lib1977.c lib1978.c lib2023.c lib2032.c lib2082.c lib2301.c lib2302.c lib2304.c lib2306.c lib2308.c lib2309.c lib2402.c lib2404.c lib2405.c lib2502.c lib2504.c lib2505.c lib2506.c lib2700.c lib3010.c lib3025.c lib3026.c lib3027.c lib3033.c lib3034.c lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c lib3207.c lib3208.c lib500.c lib501.c lib502.c lib503.c lib504.c lib505.c lib506.c lib507.c lib508.c lib509.c lib510.c lib511.c lib512.c lib513.c lib514.c lib515.c lib516.c lib517.c lib518.c lib519.c lib520.c lib521.c lib523.c lib524.c lib525.c lib526.c lib530.c lib533.c lib536.c lib537.c lib539.c lib540.c lib541.c lib542.c lib543.c lib544.c lib547.c lib549.c lib552.c lib553.c lib554.c lib555.c lib556.c lib557.c lib558.c lib559.c lib560.c lib562.c lib564.c lib566.c lib567.c lib568.c lib569.c lib570.c lib571.c lib572.c lib573.c lib574.c lib575.c lib576.c lib578.c lib579.c lib582.c lib583.c lib586.c lib589.c lib590.c lib591.c lib597.c lib598.c lib599.c lib643.c lib650.c lib651.c lib652.c lib653.c lib654.c lib655.c lib658.c lib659.c lib661.c lib666.c lib667.c lib668.c lib670.c lib674.c lib676.c lib677.c lib678.c lib694.c lib695.c lib751.c lib753.c lib757.c lib758.c lib766.c memptr.c mk-lib1521.pl test1013.pl test1022.pl test307.pl test610.pl test613.pl testtrace.c testtrace.h testutil.c testutil.h unitcheck.h
server .checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc dnsd.c first.c first.h getpart.c mqttd.c resolve.c rtspd.c sockfilt.c socksd.c sws.c tftpd.c util.c
tunit .gitignore CMakeLists.txt Makefile.am Makefile.inc README.md tool1394.c tool1604.c tool1621.c tool1622.c tool1623.c tool1720.c
unit .gitignore CMakeLists.txt Makefile.am Makefile.inc README.md unit1300.c unit1302.c unit1303.c unit1304.c unit1305.c unit1307.c unit1309.c unit1323.c unit1330.c unit1395.c unit1396.c unit1397.c unit1398.c unit1399.c unit1600.c unit1601.c unit1602.c unit1603.c unit1605.c unit1606.c unit1607.c unit1608.c unit1609.c unit1610.c unit1611.c unit1612.c unit1614.c unit1615.c unit1616.c unit1620.c unit1625.c unit1626.c unit1627.c unit1636.c unit1650.c unit1651.c unit1652.c unit1653.c unit1654.c unit1655.c unit1656.c unit1657.c unit1658.c unit1660.c unit1661.c unit1663.c unit1664.c unit1666.c unit1667.c unit1668.c unit1669.c unit1674.c unit1675.c unit1676.c unit1979.c unit1980.c unit2600.c unit2601.c unit2602.c unit2603.c unit2604.c unit2605.c unit3200.c unit3205.c unit3211.c unit3212.c unit3213.c unit3214.c unit3216.c unit3219.c unit3300.c unit3301.c unit3302.c
.gitignore CMakeLists.txt Makefile.am allversions.pm appveyor.pm azure.pm config.in configurehelp.pm.in devtest.pl dictserver.py directories.pm ech_combos.py ech_tests.sh ftpserver.pl getpart.pm globalconfig.pm http-server.pl http2-server.pl http3-server.pl memanalyze.pl memanalyzer.pm negtelnetserver.py nghttpx.conf pathhelp.pm processhelp.pm requirements.txt rtspserver.pl runner.pm runtests.pl secureserver.pl serverhelp.pm servers.pm smbserver.py sshhelp.pm sshserver.pl test1119.pl test1135.pl test1139.pl test1140.pl test1165.pl test1167.pl test1173.pl test1175.pl test1177.pl test1222.pl test1275.pl test1276.pl test1477.pl test1486.pl test1488.pl test1544.pl test1707.pl test745.pl test971.pl testcurl.pl testutil.pm tftpserver.pl util.py valgrind.pm valgrind.supp
.clang-tidy.yml .dir-locals.el .editorconfig .git-blame-ignore-revs .gitattributes .gitignore .mailmap CHANGES.md CMakeLists.txt COPYING Dockerfile GIT-INFO.md Makefile.am README README.md RELEASE-NOTES REUSE.toml SECURITY.md acinclude.m4 appveyor.sh appveyor.yml configure.ac curl-config.in libcurl.pc.in renovate.json
examples .env config.ini crypto_test.lua env_test.lua fs_example.lua http_server.lua https_test.lua ini_example.lua json.lua log.lua path_fs_example.lua process_example.lua request_download.lua request_test.lua run_all.lua sqlite_example.lua sqlite_http_template.lua stash_test.lua template_test.lua timer.lua websocket.lua
iniparser
.github
ISSUE_TEMPLATE config.yml
workflows disable-pull-requests.yml trigger-gitlab-ci.yml
cmake JoinPaths.cmake config.cmake.in pc.in
example iniexample.c iniwrite.c parse.c twisted-errors.ini twisted-genhuge.py twisted-ofkey.ini twisted-ofval.ini twisted.ini
src dictionary.c dictionary.h iniparser.c iniparser.h
test
ressources
bad_ini ends_well.ini twisted-errors.ini twisted-ofkey.ini twisted-ofval.ini
good_ini empty.ini spaced.ini spaced2.ini twisted.ini
gruezi.ini old.ini quotes.ini utf8.ini
CMakeLists.txt test_dictionary.c test_iniparser.c unity-config.yml unity_config.h
.cmake-format.py .gitignore .gitlab-ci.yml .gitmessage .travis.yml AUTHORS CMakeLists.txt FAQ-en.md FAQ-zhcn.md INSTALL LICENSE README.md compile_commands.json
jinjac
example CMakeLists.txt example.c
jinjac_test_app CMakeLists.txt jinjac_test_app.c
libjinjac
include jinjac.h
src CMakeLists.txt ast.c ast.h block_statement.c block_statement.h buffer.c buffer.h buildin.c buildin.h common.h convert.c convert.h flex_decl.h jfunction.c jfunction.h jinja_expression.l jinja_expression.y jinjac_parse.c jinjac_parse.h jinjac_stream.c jinjac_stream.h jlist.c jlist.h jobject.c jobject.h parameter.c parameter.h str_obj.c str_obj.h trace.c trace.h
CMakeLists.txt
test .gitignore CMakeLists.txt autotest.rb test_01.expected test_01.jinja test_01b.expected test_01b.jinja test_01c.expected test_01c.jinja test_01d.expected test_01d.jinja test_02.expected test_02.jinja test_03.expected test_03.jinja test_04.expected test_04.jinja test_05.expected test_05.jinja test_06.expected test_06.jinja test_07.expected test_07.jinja test_08.expected test_08.jinja test_08b.expected test_08b.jinja test_09.expected test_09.jinja test_10.expected test_10.jinja test_11.expected test_11.jinja test_12.expected test_12.jinja test_13.expected test_13.jinja test_14.expected test_14.jinja test_15.expected test_15.jinja test_16.expected test_16.jinja test_17.expected test_17.jinja test_18.expected test_18.jinja test_18b.expected test_18b.jinja test_18c.expected test_18c.jinja test_19.expected test_19.jinja test_19b.expected test_19b.jinja test_19c.expected test_19c.jinja test_19d.expected test_19d.jinja test_19e.expected test_19e.jinja test_19f.expected test_19f.jinja test_20.expected test_20.jinja test_21.expected test_21.jinja test_22.expected test_22.jinja test_22a.expected test_22a.jinja test_22b.expected test_22b.jinja test_23.expected test_23.jinja test_24.expected test_24.jinja
.gitignore CMakeLists.txt LICENSE.txt README.md build_coverage.sh build_debug.sh build_release.sh cppcheck_analysis.sh
libev Changes LICENSE Makefile Makefile.am Makefile.in README Symbols.ev Symbols.event aclocal.m4 autogen.sh compile config.guess config.h config.h.in config.status config.sub configure configure.ac depcomp ev++.h ev.3 ev.c ev.h ev.pod ev_epoll.c ev_kqueue.c ev_poll.c ev_port.c ev_select.c ev_vars.h ev_win32.c ev_wrap.h event.c event.h install-sh libev.m4 libtool ltmain.sh missing mkinstalldirs stamp-h1
luajit
doc
img contact.png
bluequad-print.css bluequad.css contact.html ext_buffer.html ext_c_api.html ext_ffi.html ext_ffi_api.html ext_ffi_semantics.html ext_ffi_tutorial.html ext_jit.html ext_profiler.html extensions.html install.html luajit.html running.html
dynasm dasm_arm.h dasm_arm.lua dasm_arm64.h dasm_arm64.lua dasm_mips.h dasm_mips.lua dasm_mips64.lua dasm_ppc.h dasm_ppc.lua dasm_proto.h dasm_x64.lua dasm_x86.h dasm_x86.lua dynasm.lua
etc luajit.1 luajit.pc
src
host .gitignore README buildvm.c buildvm.h buildvm_asm.c buildvm_fold.c buildvm_lib.c buildvm_libbc.h buildvm_peobj.c genlibbc.lua genminilua.lua genversion.lua minilua.c
jit .gitignore bc.lua bcsave.lua dis_arm.lua dis_arm64.lua dis_arm64be.lua dis_mips.lua dis_mips64.lua dis_mips64el.lua dis_mips64r6.lua dis_mips64r6el.lua dis_mipsel.lua dis_ppc.lua dis_x64.lua dis_x86.lua dump.lua p.lua v.lua zone.lua
.gitignore Makefile Makefile.dep lauxlib.h lib_aux.c lib_base.c lib_bit.c lib_buffer.c lib_debug.c lib_ffi.c lib_init.c lib_io.c lib_jit.c lib_math.c lib_os.c lib_package.c lib_string.c lib_table.c lj_alloc.c lj_alloc.h lj_api.c lj_arch.h lj_asm.c lj_asm.h lj_asm_arm.h lj_asm_arm64.h lj_asm_mips.h lj_asm_ppc.h lj_asm_x86.h lj_assert.c lj_bc.c lj_bc.h lj_bcdump.h lj_bcread.c lj_bcwrite.c lj_buf.c lj_buf.h lj_carith.c lj_carith.h lj_ccall.c lj_ccall.h lj_ccallback.c lj_ccallback.h lj_cconv.c lj_cconv.h lj_cdata.c lj_cdata.h lj_char.c lj_char.h lj_clib.c lj_clib.h lj_cparse.c lj_cparse.h lj_crecord.c lj_crecord.h lj_ctype.c lj_ctype.h lj_debug.c lj_debug.h lj_def.h lj_dispatch.c lj_dispatch.h lj_emit_arm.h lj_emit_arm64.h lj_emit_mips.h lj_emit_ppc.h lj_emit_x86.h lj_err.c lj_err.h lj_errmsg.h lj_ff.h lj_ffrecord.c lj_ffrecord.h lj_frame.h lj_func.c lj_func.h lj_gc.c lj_gc.h lj_gdbjit.c lj_gdbjit.h lj_ir.c lj_ir.h lj_ircall.h lj_iropt.h lj_jit.h lj_lex.c lj_lex.h lj_lib.c lj_lib.h lj_load.c lj_mcode.c lj_mcode.h lj_meta.c lj_meta.h lj_obj.c lj_obj.h lj_opt_dce.c lj_opt_fold.c lj_opt_loop.c lj_opt_mem.c lj_opt_narrow.c lj_opt_sink.c lj_opt_split.c lj_parse.c lj_parse.h lj_prng.c lj_prng.h lj_profile.c lj_profile.h lj_record.c lj_record.h lj_serialize.c lj_serialize.h lj_snap.c lj_snap.h lj_state.c lj_state.h lj_str.c lj_str.h lj_strfmt.c lj_strfmt.h lj_strfmt_num.c lj_strscan.c lj_strscan.h lj_tab.c lj_tab.h lj_target.h lj_target_arm.h lj_target_arm64.h lj_target_mips.h lj_target_ppc.h lj_target_x86.h lj_trace.c lj_trace.h lj_traceerr.h lj_udata.c lj_udata.h lj_vm.h lj_vmevent.c lj_vmevent.h lj_vmmath.c ljamalg.c lua.h lua.hpp luaconf.h luajit.c luajit_rolling.h lualib.h msvcbuild.bat nxbuild.bat ps4build.bat ps5build.bat psvitabuild.bat vm_arm.dasc vm_arm64.dasc vm_mips.dasc vm_mips64.dasc vm_ppc.dasc vm_x64.dasc vm_x86.dasc xb1build.bat xedkbuild.bat
.gitattributes .gitignore .relver COPYRIGHT Makefile README
sqlite shell.c sqlite3.c sqlite3.h sqlite3ext.h
wolfssl
.github
ISSUE_TEMPLATE bug_report.yaml other.yaml
actions
install-apt-deps action.yml
scripts
zephyr-4.x external_libc.conf zephyr-test.sh
openssl-ech.sh tls-anvil-test.sh
workflows
disabled haproxy.yml hitch.yml hostap.yml
hostap-files
configs
07c9f183ea744ac04585fb6dd10220c75a5e2e74 hostapd.config tests wpa_supplicant.config
b607d2723e927a3446d89aed813f1aa6068186bb hostapd.config tests wpa_supplicant.config
hostap_2_10 extra.patch hostapd.config tests wpa_supplicant.config
Makefile README dbus-wpa_supplicant.conf
ada.yml arduino.yml async-examples.yml async.yml atecc608-sim.yml bind.yml cmake-autoconf.yml cmake.yml codespell.yml coverity-scan-fixes.yml cryptocb-only.yml curl.yml cyrus-sasl.yml disable-pk-algs.yml docker-Espressif.yml docker-OpenWrt.yml emnet-nonblock.yml fil-c.yml freertos-mem-track.yml gencertbuf.yml grpc.yml haproxy.yml hostap-vm.yml intelasm-c-fallback.yml ipmitool.yml jwt-cpp.yml krb5.yml libspdm.yml libssh2.yml libvncserver.yml linuxkm.yml macos-apple-native-cert-validation.yml mbedtls.sh mbedtls.yml membrowse-comment.yml membrowse-onboard.yml membrowse-report.yml memcached.sh memcached.yml mono.yml mosquitto.yml msmtp.yml msys2.yml multi-arch.yml multi-compiler.yml net-snmp.yml nginx.yml no-malloc.yml no-tls.yml nss.sh nss.yml ntp.yml ocsp.yml openldap.yml openssh.yml openssl-ech.yml opensslcoexist.yml openvpn.yml os-check.yml packaging.yml pam-ipmi.yml pq-all.yml pr-commit-check.yml psk.yml puf.yml python.yml rng-tools.yml rust-wrapper.yml se050-sim.yml smallStackSize.yml socat.yml softhsm.yml sssd.yml stm32-sim.yml stsafe-a120-sim.yml stunnel.yml symbol-prefixes.yml threadx.yml tls-anvil.yml trackmemory.yml watcomc.yml win-csharp-test.yml wolfCrypt-Wconversion.yml wolfboot-integration.yml wolfsm.yml xcode.yml zephyr-4.x.yml zephyr.yml
PULL_REQUEST_TEMPLATE.md SECURITY.md membrowse-targets.json
Docker
OpenWrt Dockerfile README.md runTests.sh
packaging
debian Dockerfile
fedora Dockerfile
wolfCLU Dockerfile README.md
yocto Dockerfile buildAndPush.sh
Dockerfile Dockerfile.cross-compiler README.md buildAndPush.sh include.am run.sh
IDE
ARDUINO
sketches
wolfssl_client README.md
wolfssl_server README.md
wolfssl_version README.md
README.md
Arduino_README_prepend.md README.md include.am keywords.txt library.properties.template wolfssl-arduino.cpp wolfssl-arduino.sh wolfssl.h
AURIX Cpu0_Main.c README.md include.am user_settings.h wolf_main.c
Android Android.bp README.md include.am user_settings.h
CRYPTOCELL README.md include.am main.c user_settings.h
CSBENCH include.am user_settings.h
ECLIPSE
DEOS
deos_wolfssl .options
README.md deos_malloc.c include.am tls_wolfssl.c tls_wolfssl.h user_settings.h
MICRIUM README.md client_wolfssl.c client_wolfssl.h include.am server_wolfssl.c server_wolfssl.h user_settings.h wolfsslRunTests.c
RTTHREAD README.md include.am user_settings.h wolfssl_test.c
SIFIVE README.md include.am
Espressif
ESP-IDF
examples
template
VisualGDB wolfssl_template_IDF_v5.1_ESP32.vgdbproj
components
wolfssl
include user_settings.h
CMakeLists.txt Kconfig README.md component.mk
main
include main.h
CMakeLists.txt Kconfig.projbuild component.mk main.c
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266
wolfssl_benchmark
VisualGDB wolfssl_benchmark_IDF_v4.4_ESP32.sln wolfssl_benchmark_IDF_v4.4_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32.sln wolfssl_benchmark_IDF_v5_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32C3.sln wolfssl_benchmark_IDF_v5_ESP32C3.vgdbproj wolfssl_benchmark_IDF_v5_ESP32S3.sln wolfssl_benchmark_IDF_v5_ESP32S3.vgdbproj
components
wolfssl
include user_settings.h
CMakeLists.txt Kconfig README.md component.mk
main
include main.h
CMakeLists.txt Kconfig.projbuild component.mk main.c
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266
wolfssl_client
VisualGDB README.md wolfssl_client_IDF_v5_ESP32.sln wolfssl_client_IDF_v5_ESP32.vgdbproj
components
wolfssl
include user_settings.h
CMakeLists.txt Kconfig README.md component.mk
main
include client-tls.h main.h time_helper.h wifi_connect.h
CMakeLists.txt Kconfig.projbuild client-tls.c component.mk main.c time_helper.c wifi_connect.c
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_client_ESP8266.vgdbproj
wolfssl_server
VisualGDB README.md wolfssl_server_IDF_v5_ESP32.sln wolfssl_server_IDF_v5_ESP32.vgdbproj
components
wolfssl
include user_settings.h
CMakeLists.txt Kconfig README.md component.mk
main
include main.h server-tls.h time_helper.h wifi_connect.h
CMakeLists.txt Kconfig.projbuild component.mk main.c server-tls.c time_helper.c wifi_connect.c
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_server_ESP8266.vgdbproj
wolfssl_test
VisualGDB wolfssl_test-IDF_v5_ESP32.sln wolfssl_test-IDF_v5_ESP32.vgdbproj wolfssl_test-IDF_v5_ESP32C3.sln wolfssl_test-IDF_v5_ESP32C3.vgdbproj wolfssl_test-IDF_v5_ESP32C6.sln wolfssl_test-IDF_v5_ESP32C6.vgdbproj wolfssl_test_IDF_v5_ESP32S3.sln wolfssl_test_IDF_v5_ESP32S3.vgdbproj
components
wolfssl
include user_settings.h
CMakeLists.txt Kconfig README.md component.mk
main
include main.h
CMakeLists.txt Kconfig.projbuild component.mk main.c
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32 sdkconfig.defaults.esp32c3 sdkconfig.defaults.esp32c6 sdkconfig.defaults.esp32h2 sdkconfig.defaults.esp32s2 sdkconfig.defaults.esp32s3 sdkconfig.defaults.esp8266 testAll.sh testMonitor.sh wolfssl_test_ESP8266.sln wolfssl_test_ESP8266.vgdbproj
wolfssl_test_idf
VisualGDB VisualGDB_wolfssl_test_idf.sln VisualGDB_wolfssl_test_idf.vgdbproj
main CMakeLists.txt Kconfig.projbuild component.mk main.c main_wip.c.ex time_helper.c time_helper.h
CMakeLists.txt Kconfig.projbuild README.md component.mk sdkconfig.defaults
README.md
libs CMakeLists.txt README.md component.mk tigard.cfg
test CMakeLists.txt README.md component.mk test_wolfssl.c
README.md README_32se.md UPDATE.md compileAllExamples.sh dummy_config_h dummy_test_paths.h setup.sh setup_win.bat user_settings.h
README.md include.am
GCC-ARM
Header user_settings.h
Source armtarget.c benchmark_main.c test_main.c tls_client.c tls_server.c wolf_main.c
Makefile Makefile.bench Makefile.client Makefile.common Makefile.server Makefile.static Makefile.test README.md include.am linker.ld linker_fips.ld
Gaisler-BCC README.md include.am
HEXAGON
DSP Makefile wolfssl_dsp.idl
Makefile README.md build.sh ecc-verify-benchmark.c ecc-verify.c include.am user_settings.h
HEXIWEAR
wolfSSL_HW .cwGeneratedFileSetLog user_settings.h
IAR-EWARM
Projects
benchmark benchmark-main.c current_time.c wolfCrypt-benchmark.ewd wolfCrypt-benchmark.ewp
common minimum-startup.c wolfssl.icf
lib wolfSSL-Lib.ewd wolfSSL-Lib.ewp
test test-main.c wolfCrypt-test.ewd wolfCrypt-test.ewp
user_settings.h wolfssl.eww
embOS
SAMV71_XULT
embOS_SAMV71_XULT_Linker_Script samv71q21_wolfssl.icf
embOS_SAMV71_XULT_user_settings user_settings.h user_settings_simple_example.h user_settings_verbose_example.h
embOS_wolfcrypt_benchmark_SAMV71_XULT
Application runBenchmarks.c
README_wolfcrypt_benchmark wolfcrypt_benchmark.ewd wolfcrypt_benchmark.ewp
embOS_wolfcrypt_lib_SAMV71_XULT README_wolfcrypt_lib wolfcrypt_lib.ewd wolfcrypt_lib.ewp
embOS_wolfcrypt_test_SAMV71_XULT
Application runWolfcryptTests.c
README_wolfcrypt_test wolfcrypt_test.ewd wolfcrypt_test.ewp
README_SAMV71
custom_port
custom_port_Linker_Script samv71q21_wolfssl.icf
custom_port_user_settings user_settings.h
wolfcrypt_benchmark_custom_port
Application runBenchmarks.c
wolfcrypt_test_custom_port
Application runWolfcryptTests.c
README_custom_port
extract_trial_here README_extract_trial_here
README
.gitignore README
IAR-MSP430 Makefile README.md include.am main.c user_settings.h
INTIME-RTOS Makefile README.md include.am libwolfssl.c libwolfssl.vcxproj user_settings.h wolfExamples.c wolfExamples.h wolfExamples.sln wolfExamples.vcxproj wolfssl-lib.sln wolfssl-lib.vcxproj
Infineon README.md include.am user_settings.h
KDS
config user_settings.h
include.am
LINUX-SGX README.md build.sh clean.sh include.am sgx_t_static.mk
LPCXPRESSO
lib_wolfssl lpc_18xx_port.c user_settings.h
wolf_example
src lpc_18xx_startup.c wolfssl_example.c
readme.txt
README.md
M68K
benchmark Makefile main.cpp
testwolfcrypt Makefile main.cpp
Makefile README.md include.am user_settings.h
MCUEXPRESSO
RT1170 fsl_caam_c.patch fsl_caam_h.patch user_settings.h
benchmark
source run_benchmark.c
wolfssl liblinks.xml
README.md include.am user_settings.h wolfcrypt_test.c
MDK-ARM
LPC43xx time-LCP43xx.c
MDK-ARM
wolfSSL Retarget.c cert_data.c cert_data.h config-BARE-METAL.h config-FS.h config-RTX-TCP-FS.h config-WOLFLIB.h main.c shell.c time-CortexM3-4.c time-dummy.c wolfssl_MDK_ARM.c wolfssl_MDK_ARM.h
STM32F2xx_StdPeriph_Lib time-STM32F2xx.c
MDK5-ARM
Conf user_settings.h
Inc wolfssl_MDK_ARM.h
Projects
CryptBenchmark Abstract.txt CryptBenchmark.sct CryptBenchmark.uvoptx CryptBenchmark.uvprojx main.c
CryptTest Abstract.txt CryptTest.sct CryptTest.uvoptx CryptTest.uvprojx main.c
EchoClient Abstract.txt EchoClient.uvoptx EchoClient.uvprojx main.c wolfssl-link.sct
EchoServer Abstract.txt EchoServer.uvoptx EchoServer.uvprojx main.c wolfssl-link.sct
SimpleClient Abstract.txt SimpleClient.uvoptx SimpleClient.uvprojx main.c wolfssl-link.sct
SimpleServer Abstract.txt SimpleServer.uvoptx SimpleServer.uvprojx main.c wolfssl-link.sct
wolfSSL-Full Abstract.txt main.c shell.c time-CortexM3-4.c wolfsslFull.uvoptx wolfsslFull.uvprojx
wolfSSL-Lib Abstract.txt wolfSSL-Lib.uvoptx wolfSSL-Lib.uvprojx
Src ssl-dummy.c
README.md include.am
MPLABX16
wolfcrypt_test.X
nbproject
private configurations.xml private.xml
configurations.xml include.am project.xml
Makefile
wolfssl.X
nbproject configurations.xml include.am project.xml
Makefile
README.md include.am main.c user_settings.h
MQX Makefile README-jp.md README.md client-tls.c include.am server-tls.c user_config.h user_settings.h
MSVS-2019-AZSPHERE
client client.c client.h
server server.c server.h
shared util.h
wolfssl_new_azsphere
HardwareDefinitions
avnet_mt3620_sk
inc
hw template_appliance.h
template_appliance.json
mt3620_rdb
inc
hw template_appliance.h
template_appliance.json
seeed_mt3620_mdb
inc
hw template_appliance.h
template_appliance.json
.gitignore CMakeLists.txt CMakeSettings.json app_manifest.json applibs_versions.h launch.vs.json main.c
README.md include.am user_settings.h
MYSQL CMakeLists_wolfCrypt.txt CMakeLists_wolfSSL.txt do.sh
NDS README.md
NETOS Makefile.wolfcrypt.inc README.md include.am user_settings.h user_settings.h-cert2425 user_settings.h-cert3389 wolfssl_netos_custom.c
OPENSTM32 README.md
PlatformIO
examples
wolfssl_benchmark
include README main.h
lib README
src CMakeLists.txt main.c
test README
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_benchmark.code-workspace
wolfssl_test
include README main.h
lib README
src CMakeLists.txt main.c
test README
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_test.code-workspace
README.md wolfssl_platformio.code-workspace
README.md include.am
QNX
CAAM-DRIVER Makefile
example-client Makefile client-tls.c
example-cmac Makefile cmac-test.c
example-server Makefile server-tls.c
testwolfcrypt Makefile
wolfssl Makefile user_settings.h
README.md include.am
RISCV
SIFIVE-HIFIVE1 Makefile README.md include.am main.c user_settings.h
SIFIVE-UNLEASHED README.md include.am
include.am
ROWLEY-CROSSWORKS-ARM Kinetis_FlashPlacement.xml README.md arm_startup.c benchmark_main.c hw.h include.am kinetis_hw.c retarget.c test_main.c user_settings.h wolfssl.hzp wolfssl_ltc.hzp
Renesas
cs+
Projects
common strings.h unistd.h user_settings.h wolfssl_dummy.c
t4_demo README_en.txt README_jp.txt t4_demo.mtpj wolf_client.c wolf_demo.h wolf_main.c wolf_server.c
test test.mtpj test_main.c
wolfssl_lib wolfssl_lib.mtpj
README include.am
e2studio
DK-S7G2
benchmark-template
src app_entry.c
example_server-template
src app_entry.c
wolfcrypttest-template
src app_entry.c
wolfssl-template-project configuration.xml
README.md include.am user_settings.h
Projects
common strings.h unistd.h user_settings.h wolfssl_dummy.c
test
src key_data.c key_data.h test_main.c wolf_client.c wolf_server.c wolfssl_demo.h
tools generate_rsa_keypair.sh genhexbuf.pl rsa_pss_sign.sh
wolfssl
src .gitkeep
wolfcrypt
src .gitkeep
README include.am
RA6M3
benchmark-wolfcrypt
common .gitkeep
script .gitkeep
src wolfssl_thread_entry.c
client-wolfssl
common
src .gitkeep
script .gitkeep
src wolfssl_thread_entry.c
wolfssl_thread_entry.h
common
ra6m3g README.md
src freertos_tcp_port.c
user_settings.h util.h
server-wolfssl
common
src .gitkeep
script .gitkeep
src wolfssl_thread_entry.c
wolfssl_thread_entry.h
test-wolfcrypt
common .gitkeep
script .gitkeep
src wolfssl_thread_entry.c
wolfssl
src .gitkeep
wolfcrypt .gitkeep
README.md README_APRA6M_en.md README_APRA6M_jp.md include.am
RA6M3G README.md
RA6M4
common user_settings.h wolfssl_demo.h
test
key_data key_data.h key_data_sce.c
src
SEGGER_RTT myprint.c
common .gitignore
test_main.c wolf_client.c wolfssl_sce_unit_test.c
test_RA6M4Debug.launch
tools
example_keys generate_SignedCA.sh rsa_private.pem rsa_public.pem
README.md
README.md include.am
RX65N
GR-ROSE
common strings.h unistd.h user_settings.h wolfssl_dummy.c
smc smc.scfg
test
src key_data.c key_data.h test_main.c wolf_client.c wolf_server.c wolfssl_demo.h
test.rcpc test_HardwareDebug.launch
tools
example_keys generate_SignedCA.sh rsa_private.pem rsa_public.pem
README.md
wolfssl wolfssl.rcpc
README_EN.md README_JP.md include.am
RSK
resource section.esi
wolfssl wolfssl.rcpc
wolfssl_demo key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h
InstructionManualForExample_RSK+RX65N-2MB_EN.pdf InstructionManualForExample_RSK+RX65N-2MB_JP.pdf README_EN.md README_JP.md include.am
RX72N
EnvisionKit
Simple
common sectioninfo.esi wolfssl_dummy.c
test
src
client simple_tcp_client.c simple_tls_tsip_client.c
server simple_tcp_server.c simple_tls_server.c
test_main.c wolfssl_simple_demo.h
test.rcpc test.scfg test_HardwareDebug.launch
wolfssl wolfssl.rcpc
README_EN.md README_JP.md
resource section.esi
tools
example_keys generate_SignedCA.sh rsa_private.pem rsa_public.pem
README.md
wolfssl wolfssl.rcpc
wolfssl_demo key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h wolfssl_tsip_unit_test.c
InstructionManualForExample_RX72N_EnvisonKit_EN.pdf InstructionManualForExample_RX72N_EnvisonKit_JP.pdf README_EN.md README_JP.md include.am
RZN2L
common user_settings.h wolfssl_demo.h
test
src
serial_io app_print.c
test wolf_client.c wolf_server.c wolfssl_rsip_unit_test.c
wolfCrypt .gitignore
wolfSSL .gitignore
local_system_init.c rzn2l_tst_thread_entry.c wolfssl_dummy.c
README.md include.am
SK-S7G2
common user_settings.h
wolfssl_lib configuration.xml
.gitignore README.md include.am
STARCORE README.txt include.am starcore_test.c user_settings.h
STM32Cube README.md STM32_Benchmarks.md default_conf.ftl include.am main.c wolfssl_example.c wolfssl_example.h
SimplicityStudio README.md include.am test_wolf.c user_settings.h
TRUESTUDIO
wolfssl user_settings.h
README include.am
VS-ARM README.md include.am user_settings.h wolfssl.sln wolfssl.vcxproj
VS-AZURE-SPHERE
client app_manifest.json client.c client.h client.vcxproj
server app_manifest.json server.c server.h server.vcxproj
shared util.h
wolfcrypt_test app_manifest.json wolfcrypt_test.vcxproj
README.md include.am user_settings.h wolfssl.sln wolfssl.vcxproj
VisualDSP include.am user_settings.h wolf_tasks.c
WICED-STUDIO README include.am user_settings.h
WIN README.txt include.am test.vcxproj user_settings.h user_settings_dtls.h wolfssl-fips.sln wolfssl-fips.vcxproj
WIN-SGX ReadMe.txt include.am wolfSSL_SGX.edl wolfSSL_SGX.sln wolfSSL_SGX.vcxproj
WIN-SRTP-KDF-140-3 README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxproj
WIN10 README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxproj
WINCE README.md include.am user_settings.h user_settings.h.140-2-deprecated
WORKBENCH README.md include.am
XCODE
Benchmark
wolfBench
Assets.xcassets
AppIcon.appiconset Contents.json
Base.lproj LaunchScreen.storyboard Main.storyboard
AppDelegate.h AppDelegate.m Info.plist ViewController.h ViewController.m main.m
wolfBench.xcodeproj project.pbxproj
include.am
wolfssl-FIPS.xcodeproj project.pbxproj
wolfssl.xcodeproj project.pbxproj
wolfssl_testsuite.xcodeproj project.pbxproj
README.md build-for-i386.sh include.am user_settings.h
XCODE-FIPSv2
macOS-C++
Intel user_settings.h
M1 user_settings.h
include.am user_settings.h
XCODE-FIPSv5 README include.am user_settings.h
XCODE-FIPSv6 README include.am user_settings.h
XilinxSDK
2018_2 lscript.ld
2019_2
wolfCrypt_example
src lscript.ld
wolfCrypt_example_system wolfCrypt_example_system.sprj
2022_1
wolfCrypt_FreeRTOS_example wolfCrypt_FreeRTOS_example.prj
wolfCrypt_FreeRTOS_example_system wolfCrypt_FreeRTOS_example_system.sprj
wolfCrypt_example wolfCrypt_example.prj
wolfCrypt_example_system wolfCrypt_example_system.sprj
.gitignore
README.md bench.sh combine.sh eclipse_formatter_profile.xml graph.sh include.am user_settings.h wolfssl_example.c
apple-universal
wolfssl-multiplatform
wolfssl-multiplatform
Assets.xcassets
AccentColor.colorset Contents.json
AppIcon.appiconset Contents.json
Contents.json
ContentView.swift simple_client_example.c simple_client_example.h wolfssl-multiplatform-Bridging-Header.h wolfssl_multiplatform.entitlements wolfssl_multiplatformApp.swift wolfssl_test_driver.c wolfssl_test_driver.h
wolfssl-multiplatform.xcodeproj project.pbxproj
.gitignore README.md build-wolfssl-framework.sh include.am
iotsafe Makefile README.md ca-cert.c devices.c devices.h include.am main.c memory-tls.c startup.c target.ld user_settings.h
iotsafe-raspberrypi Makefile README.md client-tls13.c include.am main.c
mynewt README.md apps.wolfcrypttest.pkg.yml crypto.wolfssl.pkg.yml crypto.wolfssl.syscfg.yml include.am setup.sh
zephyr README.md include.am
include.am
RTOS
nuttx
wolfssl .gitignore Kconfig Make.defs Makefile README.md setup-wolfssl.sh user_settings.h
include.am
bsdkm Makefile README.md bsdkm_wc_port.h include.am wolfkmod.c wolfkmod_aes.c x86_vecreg.c
certs
1024 ca-cert.der ca-cert.pem ca-key.der ca-key.pem client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der dh1024.der dh1024.pem dsa-pub-1024.pem dsa1024.der dsa1024.pem include.am rsa1024.der server-cert.der server-cert.pem server-key.der server-key.pem
3072 client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der include.am
4096 client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der include.am
acert
rsa_pss acert.pem acert_ietf.pem acert_ietf_pubkey.pem acert_pubkey.pem
acert.pem acert_ietf.pem acert_ietf_pubkey.pem acert_pubkey.pem include.am
aia ca-issuers-cert.pem multi-aia-cert.pem overflow-aia-cert.pem
crl
extra-crls ca-int-cert-revoked.pem claim-root.pem crl_critical_entry.pem crlnum_57oct.pem crlnum_64oct.pem general-server-crl.pem large_crlnum.pem large_crlnum2.pem
hash_der 0fdb2da4.r0
hash_pem 0fdb2da4.r0
bad_time_fmt.pem ca-int-ecc.pem ca-int.pem ca-int2-ecc.pem ca-int2.pem caEcc384Crl.pem caEccCrl.der caEccCrl.pem cliCrl.pem client-int-ecc.pem client-int.pem crl.der crl.pem crl.revoked crl2.der crl2.pem crl_reason.pem crl_rsapss.pem eccCliCRL.pem eccSrvCRL.pem gencrls.sh include.am server-goodaltCrl.pem server-goodaltwildCrl.pem server-goodcnCrl.pem server-goodcnwildCrl.pem server-int-ecc.pem server-int.pem wolfssl.cnf
dilithium bench_dilithium_level2_key.der bench_dilithium_level3_key.der bench_dilithium_level5_key.der include.am
ecc bp256r1-key.der bp256r1-key.pem ca-secp256k1-cert.pem ca-secp256k1-key.pem client-bp256r1-cert.der client-bp256r1-cert.pem client-secp256k1-cert.der client-secp256k1-cert.pem genecc.sh include.am secp256k1-key.der secp256k1-key.pem secp256k1-param.pem secp256k1-privkey.der secp256k1-privkey.pem server-bp256r1-cert.der server-bp256r1-cert.pem server-secp256k1-cert.der server-secp256k1-cert.pem server2-secp256k1-cert.der server2-secp256k1-cert.pem wolfssl.cnf wolfssl_384.cnf
ed25519 ca-ed25519-key.der ca-ed25519-key.pem ca-ed25519-priv.der ca-ed25519-priv.pem ca-ed25519.der ca-ed25519.pem client-ed25519-key.der client-ed25519-key.pem client-ed25519-priv.der client-ed25519-priv.pem client-ed25519.der client-ed25519.pem eddsa-ed25519.der eddsa-ed25519.pem gen-ed25519-certs.sh gen-ed25519-keys.sh gen-ed25519.sh include.am root-ed25519-key.der root-ed25519-key.pem root-ed25519-priv.der root-ed25519-priv.pem root-ed25519.der root-ed25519.pem server-ed25519-cert.pem server-ed25519-key.der server-ed25519-key.pem server-ed25519-priv.der server-ed25519-priv.pem server-ed25519.der server-ed25519.pem
ed448 ca-ed448-key.der ca-ed448-key.pem ca-ed448-priv.der ca-ed448-priv.pem ca-ed448.der ca-ed448.pem client-ed448-key.der client-ed448-key.pem client-ed448-priv.der client-ed448-priv.pem client-ed448.der client-ed448.pem gen-ed448-certs.sh gen-ed448-keys.sh include.am root-ed448-key.der root-ed448-key.pem root-ed448-priv.der root-ed448-priv.pem root-ed448.der root-ed448.pem server-ed448-cert.pem server-ed448-key.der server-ed448-key.pem server-ed448-priv.der server-ed448-priv.pem server-ed448.der server-ed448.pem
external DigiCertGlobalRootCA.pem README.txt ca-digicert-ev.pem ca-globalsign-root.pem ca-google-root.pem ca_collection.pem include.am
falcon bench_falcon_level1_key.der bench_falcon_level5_key.der include.am
intermediate
ca_false_intermediate gentestcert.sh int_ca.key server.key test_ca.key test_ca.pem test_int_not_cacert.pem test_sign_bynoca_srv.pem wolfssl_base.conf wolfssl_srv.conf
ca-ecc-bad-aki.der ca-ecc-bad-aki.pem ca-int-cert.der ca-int-cert.pem ca-int-ecc-cert.der ca-int-ecc-cert.pem ca-int-ecc-key.der ca-int-ecc-key.pem ca-int-key.der ca-int-key.pem ca-int2-cert.der ca-int2-cert.pem ca-int2-ecc-cert.der ca-int2-ecc-cert.pem ca-int2-ecc-key.der ca-int2-ecc-key.pem ca-int2-key.der ca-int2-key.pem client-chain-alt-ecc.pem client-chain-alt.pem client-chain-ecc.der client-chain-ecc.pem client-chain.der client-chain.pem client-int-cert.der client-int-cert.pem client-int-ecc-cert.der client-int-ecc-cert.pem genintcerts.sh include.am server-chain-alt-ecc.pem server-chain-alt.pem server-chain-ecc.der server-chain-ecc.pem server-chain-short.pem server-chain.der server-chain.pem server-int-cert.der server-int-cert.pem server-int-ecc-cert.der server-int-ecc-cert.pem
lms bc_hss_L2_H5_W8_root.der bc_hss_L3_H5_W4_root.der bc_lms_chain_ca.der bc_lms_chain_leaf.der bc_lms_native_bc_root.der bc_lms_sha256_h10_w8_root.der bc_lms_sha256_h5_w4_root.der include.am
mldsa README.txt include.am mldsa44-cert.der mldsa44-cert.pem mldsa44-key.pem mldsa44_bare-priv.der mldsa44_bare-seed.der mldsa44_oqskeypair.der mldsa44_priv-only.der mldsa44_pub-spki.der mldsa44_seed-only.der mldsa44_seed-priv.der mldsa65-cert.der mldsa65-cert.pem mldsa65-key.pem mldsa65_bare-priv.der mldsa65_bare-seed.der mldsa65_oqskeypair.der mldsa65_priv-only.der mldsa65_pub-spki.der mldsa65_seed-only.der mldsa65_seed-priv.der mldsa87-cert.der mldsa87-cert.pem mldsa87-key.pem mldsa87_bare-priv.der mldsa87_bare-seed.der mldsa87_oqskeypair.der mldsa87_priv-only.der mldsa87_pub-spki.der mldsa87_seed-only.der mldsa87_seed-priv.der
ocsp imposter-root-ca-cert.der imposter-root-ca-cert.pem imposter-root-ca-key.der imposter-root-ca-key.pem include.am index-ca-and-intermediate-cas.txt index-ca-and-intermediate-cas.txt.attr index-intermediate1-ca-issued-certs.txt index-intermediate1-ca-issued-certs.txt.attr index-intermediate2-ca-issued-certs.txt index-intermediate2-ca-issued-certs.txt.attr index-intermediate3-ca-issued-certs.txt index-intermediate3-ca-issued-certs.txt.attr intermediate1-ca-cert.der intermediate1-ca-cert.pem intermediate1-ca-key.der intermediate1-ca-key.pem intermediate2-ca-cert.der intermediate2-ca-cert.pem intermediate2-ca-key.der intermediate2-ca-key.pem intermediate3-ca-cert.der intermediate3-ca-cert.pem intermediate3-ca-key.der intermediate3-ca-key.pem ocsp-responder-cert.der ocsp-responder-cert.pem ocsp-responder-key.der ocsp-responder-key.pem openssl.cnf renewcerts-for-test.sh renewcerts.sh root-ca-cert.der root-ca-cert.pem root-ca-crl.pem root-ca-key.der root-ca-key.pem server1-cert.der server1-cert.pem server1-chain-noroot.pem server1-key.der server1-key.pem server2-cert.der server2-cert.pem server2-key.der server2-key.pem server3-cert.der server3-cert.pem server3-key.der server3-key.pem server4-cert.der server4-cert.pem server4-key.der server4-key.pem server5-cert.der server5-cert.pem server5-key.der server5-key.pem test-leaf-response.der test-multi-response.der test-response-nointern.der test-response-rsapss.der test-response.der
p521 ca-p521-key.der ca-p521-key.pem ca-p521-priv.der ca-p521-priv.pem ca-p521.der ca-p521.pem client-p521-key.der client-p521-key.pem client-p521-priv.der client-p521-priv.pem client-p521.der client-p521.pem gen-p521-certs.sh gen-p521-keys.sh include.am root-p521-key.der root-p521-key.pem root-p521-priv.der root-p521-priv.pem root-p521.der root-p521.pem server-p521-cert.pem server-p521-key.der server-p521-key.pem server-p521-priv.der server-p521-priv.pem server-p521.der server-p521.pem
renewcerts wolfssl.cnf
rpk client-cert-rpk.der client-ecc-cert-rpk.der include.am server-cert-rpk.der server-ecc-cert-rpk.der
rsapss ca-3072-rsapss-key.der ca-3072-rsapss-key.pem ca-3072-rsapss-priv.der ca-3072-rsapss-priv.pem ca-3072-rsapss.der ca-3072-rsapss.pem ca-rsapss-key.der ca-rsapss-key.pem ca-rsapss-priv.der ca-rsapss-priv.pem ca-rsapss.der ca-rsapss.pem client-3072-rsapss-key.der client-3072-rsapss-key.pem client-3072-rsapss-priv.der client-3072-rsapss-priv.pem client-3072-rsapss.der client-3072-rsapss.pem client-rsapss-key.der client-rsapss-key.pem client-rsapss-priv.der client-rsapss-priv.pem client-rsapss.der client-rsapss.pem gen-rsapss-keys.sh include.am renew-rsapss-certs.sh root-3072-rsapss-key.der root-3072-rsapss-key.pem root-3072-rsapss-priv.der root-3072-rsapss-priv.pem root-3072-rsapss.der root-3072-rsapss.pem root-rsapss-key.der root-rsapss-key.pem root-rsapss-priv.der root-rsapss-priv.pem root-rsapss.der root-rsapss.pem server-3072-rsapss-cert.pem server-3072-rsapss-key.der server-3072-rsapss-key.pem server-3072-rsapss-priv.der server-3072-rsapss-priv.pem server-3072-rsapss.der server-3072-rsapss.pem server-mix-rsapss-cert.pem server-rsapss-cert.pem server-rsapss-key.der server-rsapss-key.pem server-rsapss-priv.der server-rsapss-priv.pem server-rsapss.der server-rsapss.pem
sia timestamping-sia-cert.pem
slhdsa bench_slhdsa_sha2_128f_key.der bench_slhdsa_sha2_128s_key.der bench_slhdsa_sha2_192f_key.der bench_slhdsa_sha2_192s_key.der bench_slhdsa_sha2_256f_key.der bench_slhdsa_sha2_256s_key.der bench_slhdsa_shake128f_key.der bench_slhdsa_shake128s_key.der bench_slhdsa_shake192f_key.der bench_slhdsa_shake192s_key.der bench_slhdsa_shake256f_key.der bench_slhdsa_shake256s_key.der client-mldsa44-priv.pem client-mldsa44-sha2.der client-mldsa44-sha2.pem client-mldsa44-shake.der client-mldsa44-shake.pem gen-slhdsa-mldsa-certs.sh include.am root-slhdsa-sha2-128s-priv.der root-slhdsa-sha2-128s-priv.pem root-slhdsa-sha2-128s.der root-slhdsa-sha2-128s.pem root-slhdsa-shake-128s-priv.der root-slhdsa-shake-128s-priv.pem root-slhdsa-shake-128s.der root-slhdsa-shake-128s.pem server-mldsa44-priv.pem server-mldsa44-sha2.der server-mldsa44-sha2.pem server-mldsa44-shake.der server-mldsa44-shake.pem
sm2 ca-sm2-key.der ca-sm2-key.pem ca-sm2-priv.der ca-sm2-priv.pem ca-sm2.der ca-sm2.pem client-sm2-key.der client-sm2-key.pem client-sm2-priv.der client-sm2-priv.pem client-sm2.der client-sm2.pem fix_sm2_spki.py gen-sm2-certs.sh gen-sm2-keys.sh include.am root-sm2-key.der root-sm2-key.pem root-sm2-priv.der root-sm2-priv.pem root-sm2.der root-sm2.pem self-sm2-cert.pem self-sm2-key.pem self-sm2-priv.pem server-sm2-cert.der server-sm2-cert.pem server-sm2-key.der server-sm2-key.pem server-sm2-priv.der server-sm2-priv.pem server-sm2.der server-sm2.pem
statickeys dh-ffdhe2048-params.pem dh-ffdhe2048-pub.der dh-ffdhe2048-pub.pem dh-ffdhe2048.der dh-ffdhe2048.pem ecc-secp256r1.der ecc-secp256r1.pem gen-static.sh include.am x25519-pub.der x25519-pub.pem x25519.der x25519.pem
test
expired expired-ca.der expired-ca.pem expired-cert.der expired-cert.pem
catalog.txt cert-bad-neg-int.der cert-bad-oid.der cert-bad-utf8.der cert-ext-ia.cfg cert-ext-ia.der cert-ext-ia.pem cert-ext-joi.cfg cert-ext-joi.der cert-ext-joi.pem cert-ext-mnc.der cert-ext-multiple.cfg cert-ext-multiple.der cert-ext-multiple.pem cert-ext-nc-combined.der cert-ext-nc-combined.pem cert-ext-nc.cfg cert-ext-nc.der cert-ext-nc.pem cert-ext-ncdns.der cert-ext-ncdns.pem cert-ext-ncip.der cert-ext-ncip.pem cert-ext-ncmixed.der cert-ext-ncmulti.der cert-ext-ncmulti.pem cert-ext-ncrid.der cert-ext-ncrid.pem cert-ext-nct.cfg cert-ext-nct.der cert-ext-nct.pem cert-ext-ndir-exc.cfg cert-ext-ndir-exc.der cert-ext-ndir-exc.pem cert-ext-ndir.cfg cert-ext-ndir.der cert-ext-ndir.pem cert-ext-ns.der cert-over-max-altnames.cfg cert-over-max-altnames.der cert-over-max-altnames.pem cert-over-max-nc.cfg cert-over-max-nc.der cert-over-max-nc.pem client-ecc-cert-ski.hex cn-ip-literal.der cn-ip-wildcard.der crit-cert.pem crit-key.pem dh1024.der dh1024.pem dh512.der dh512.pem digsigku.pem encrypteddata.msg gen-badsig.sh gen-ext-certs.sh gen-testcerts.sh include.am kari-keyid-cms.msg ktri-keyid-cms.msg ossl-trusted-cert.pem server-badaltname.der server-badaltname.pem server-badaltnull.der server-badaltnull.pem server-badcn.der server-badcn.pem server-badcnnull.der server-badcnnull.pem server-cert-ecc-badsig.der server-cert-ecc-badsig.pem server-cert-rsa-badsig.der server-cert-rsa-badsig.pem server-duplicate-policy.pem server-garbage.der server-garbage.pem server-goodalt.der server-goodalt.pem server-goodaltwild.der server-goodaltwild.pem server-goodcn.der server-goodcn.pem server-goodcnwild.der server-goodcnwild.pem server-localhost.der server-localhost.pem smime-test-canon.p7s smime-test-multipart-badsig.p7s smime-test-multipart.p7s smime-test.p7s
test-pathlen assemble-chains.sh chainA-ICA1-key.pem chainA-ICA1-pathlen0.pem chainA-assembled.pem chainA-entity-key.pem chainA-entity.pem chainB-ICA1-key.pem chainB-ICA1-pathlen0.pem chainB-ICA2-key.pem chainB-ICA2-pathlen1.pem chainB-assembled.pem chainB-entity-key.pem chainB-entity.pem chainC-ICA1-key.pem chainC-ICA1-pathlen1.pem chainC-assembled.pem chainC-entity-key.pem chainC-entity.pem chainD-ICA1-key.pem chainD-ICA1-pathlen127.pem chainD-assembled.pem chainD-entity-key.pem chainD-entity.pem chainE-ICA1-key.pem chainE-ICA1-pathlen128.pem chainE-assembled.pem chainE-entity-key.pem chainE-entity.pem chainF-ICA1-key.pem chainF-ICA1-pathlen1.pem chainF-ICA2-key.pem chainF-ICA2-pathlen0.pem chainF-assembled.pem chainF-entity-key.pem chainF-entity.pem chainG-ICA1-key.pem chainG-ICA1-pathlen0.pem chainG-ICA2-key.pem chainG-ICA2-pathlen1.pem chainG-ICA3-key.pem chainG-ICA3-pathlen99.pem chainG-ICA4-key.pem chainG-ICA4-pathlen5.pem chainG-ICA5-key.pem chainG-ICA5-pathlen20.pem chainG-ICA6-key.pem chainG-ICA6-pathlen10.pem chainG-ICA7-key.pem chainG-ICA7-pathlen100.pem chainG-assembled.pem chainG-entity-key.pem chainG-entity.pem chainH-ICA1-key.pem chainH-ICA1-pathlen0.pem chainH-ICA2-key.pem chainH-ICA2-pathlen2.pem chainH-ICA3-key.pem chainH-ICA3-pathlen2.pem chainH-ICA4-key.pem chainH-ICA4-pathlen2.pem chainH-assembled.pem chainH-entity-key.pem chainH-entity.pem chainI-ICA1-key.pem chainI-ICA1-no_pathlen.pem chainI-ICA2-key.pem chainI-ICA2-no_pathlen.pem chainI-ICA3-key.pem chainI-ICA3-pathlen2.pem chainI-assembled.pem chainI-entity-key.pem chainI-entity.pem chainJ-ICA1-key.pem chainJ-ICA1-no_pathlen.pem chainJ-ICA2-key.pem chainJ-ICA2-no_pathlen.pem chainJ-ICA3-key.pem chainJ-ICA3-no_pathlen.pem chainJ-ICA4-key.pem chainJ-ICA4-pathlen2.pem chainJ-assembled.pem chainJ-entity-key.pem chainJ-entity.pem include.am refreshkeys.sh
test-serial0 ee_normal.pem ee_serial0.pem generate_certs.sh include.am intermediate_serial0.pem root_serial0.pem root_serial0_key.pem selfsigned_nonca_serial0.pem
xmss bc_xmss_chain_ca.der bc_xmss_chain_leaf.der bc_xmss_sha2_10_256_root.der bc_xmss_sha2_16_256_root.der bc_xmssmt_sha2_20_2_256_root.der bc_xmssmt_sha2_20_4_256_root.der bc_xmssmt_sha2_40_8_256_root.der include.am
ca-cert-chain.der ca-cert.der ca-cert.pem ca-ecc-cert.der ca-ecc-cert.pem ca-ecc-key.der ca-ecc-key.pem ca-ecc384-cert.der ca-ecc384-cert.pem ca-ecc384-key.der ca-ecc384-key.pem ca-key-pkcs8-attribute.der ca-key.der ca-key.pem check_dates.sh client-absolute-urn.pem client-ca-cert.der client-ca-cert.pem client-ca.pem client-cert-ext.der client-cert-ext.pem client-cert.der client-cert.pem client-crl-dist.der client-crl-dist.pem client-ecc-ca-cert.der client-ecc-ca-cert.pem client-ecc-cert.der client-ecc-cert.pem client-ecc384-cert.der client-ecc384-cert.pem client-ecc384-key.der client-ecc384-key.pem client-key.der client-key.pem client-keyEnc.pem client-keyPub.der client-keyPub.pem client-relative-uri.pem client-uri-cert.pem csr.attr.der csr.dsa.der csr.dsa.pem csr.ext.der csr.signed.der dh-priv-2048.der dh-priv-2048.pem dh-pub-2048.der dh-pub-2048.pem dh-pubkey-2048.der dh2048.der dh2048.pem dh3072.der dh3072.pem dh4096.der dh4096.pem dsa-pubkey-2048.der dsa2048.der dsa2048.pem dsa3072.der dsaparams.der dsaparams.pem ecc-client-key.der ecc-client-key.pem ecc-client-keyPub.der ecc-client-keyPub.pem ecc-key-comp.pem ecc-keyPkcs8.der ecc-keyPkcs8.pem ecc-keyPkcs8Enc.der ecc-keyPkcs8Enc.pem ecc-keyPub.der ecc-keyPub.pem ecc-params.der ecc-params.pem ecc-privOnlyCert.pem ecc-privOnlyKey.pem ecc-privkey.der ecc-privkey.pem ecc-privkeyPkcs8.der ecc-privkeyPkcs8.pem ecc-rsa-server.p12 empty-issuer-cert.pem entity-no-ca-bool-cert.pem entity-no-ca-bool-key.pem fpki-cert.der fpki-certpol-cert.der gen_revoked.sh include.am renewcerts.sh rid-cert.der rsa-pub-2048.pem rsa2048.der rsa3072.der server-cert-chain.der server-cert.der server-cert.pem server-ecc-comp.der server-ecc-comp.pem server-ecc-rsa.der server-ecc-rsa.pem server-ecc-self.der server-ecc-self.pem server-ecc.der server-ecc.pem server-ecc384-cert.der server-ecc384-cert.pem server-ecc384-key.der server-ecc384-key.pem server-key.der server-key.pem server-keyEnc.pem server-keyPkcs8.der server-keyPkcs8.pem server-keyPkcs8Enc.der server-keyPkcs8Enc.pem server-keyPkcs8Enc12.pem server-keyPkcs8Enc2.pem server-keyPub.der server-keyPub.pem server-revoked-cert.pem server-revoked-key.pem taoCert.txt test-ber-exp02-05-2022.p7b test-degenerate.p7b test-multiple-recipients.p7b test-servercert-rc2.p12 test-servercert.p12 test-stream-dec.p7b test-stream-sign.p7b wolfssl-website-ca.pem x942dh2048.der x942dh2048.pem
cmake
consumer CMakeLists.txt README.md main.c
modules FindARIA.cmake FindOQS.cmake
Config.cmake.in README.md config.in functions.cmake include.am options.h.in wolfssl-config-version.cmake.in wolfssl-targets.cmake.in
debian
source format
changelog.in control.in copyright include.am libwolfssl-dev.install libwolfssl.install rules.in
doc
dox_comments
header_files aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h puf.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wc_she.h wc_slhdsa.h wolfio.h
header_files-ja aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wolfio.h
formats
html
html_changes
search search.css search.js
customdoxygen.css doxygen.css menu.js menudata.js tabs.css
Doxyfile footer.html header.html mainpage.dox
pdf Doxyfile header.tex
images wolfssl_logo.png
QUIC.md README.txt README_DOXYGEN check_api.sh generate_documentation.sh include.am
examples
asn1 asn1.c dumpasn1.cfg gen_oid_names.rb include.am oid_names.h
async Makefile README.md async_client.c async_server.c async_tls.c async_tls.h include.am user_settings.h
benchmark include.am tls_bench.c tls_bench.h
client client.c client.h client.sln client.vcproj client.vcxproj include.am
configs README.md include.am user_settings_EBSnet.h user_settings_all.h user_settings_arduino.h user_settings_baremetal.h user_settings_ca.h user_settings_curve25519nonblock.h user_settings_dtls13.h user_settings_eccnonblock.h user_settings_espressif.h user_settings_fipsv2.h user_settings_fipsv5.h user_settings_min_ecc.h user_settings_openssl_compat.h user_settings_pkcs7.h user_settings_platformio.h user_settings_pq.h user_settings_rsa_only.h user_settings_stm32.h user_settings_template.h user_settings_tls12.h user_settings_tls13.h user_settings_wolfboot_keytools.h user_settings_wolfssh.h user_settings_wolftpm.h
crypto_policies
default wolfssl.txt
future wolfssl.txt
legacy wolfssl.txt
echoclient echoclient.c echoclient.h echoclient.sln echoclient.vcproj echoclient.vcxproj include.am quit
echoserver echoserver.c echoserver.h echoserver.sln echoserver.vcproj echoserver.vcxproj include.am
ocsp_responder include.am ocsp_responder.c ocsp_responder.h
pem include.am pem.c
sctp include.am sctp-client-dtls.c sctp-client.c sctp-server-dtls.c sctp-server.c
server include.am server.c server.h server.sln server.vcproj server.vcxproj
README.md include.am
linuxkm
patches
5.10.17 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v10v17.patch
5.10.236 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v10v236.patch
5.14.0-570.58.1.el9_6 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v14-570v58v1-el9_6.patch
5.15 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v15.patch
5.17 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17.patch
5.17-ubuntu-jammy-tegra WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch
6.1.73 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v1v73.patch
6.12 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v12.patch
6.15 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v15.patch
7.0 WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch
regen-patches.sh
Kbuild Makefile README.md get_thread_size.c include.am linuxkm-fips-hash-wrapper.sh linuxkm-fips-hash.c linuxkm_memory.c linuxkm_memory.h linuxkm_wc_port.h lkcapi_aes_glue.c lkcapi_dh_glue.c lkcapi_ecdh_glue.c lkcapi_ecdsa_glue.c lkcapi_glue.c lkcapi_rsa_glue.c lkcapi_sha_glue.c module_exports.c.template module_hooks.c pie_redirect_table.c wolfcrypt.lds x86_vector_register_glue.c
m4 ax_add_am_macro.m4 ax_am_jobserver.m4 ax_am_macros.m4 ax_append_compile_flags.m4 ax_append_flag.m4 ax_append_link_flags.m4 ax_append_to_file.m4 ax_atomic.m4 ax_bsdkm.m4 ax_check_compile_flag.m4 ax_check_link_flag.m4 ax_compiler_version.m4 ax_count_cpus.m4 ax_create_generic_config.m4 ax_debug.m4 ax_file_escapes.m4 ax_harden_compiler_flags.m4 ax_linuxkm.m4 ax_print_to_file.m4 ax_pthread.m4 ax_require_defined.m4 ax_tls.m4 ax_vcs_checkout.m4 hexversion.m4 lib_socket_nsl.m4 visibility.m4
mcapi
wolfcrypt_mcapi.X
nbproject configurations.xml include.am project.xml
Makefile
wolfcrypt_test.X
nbproject configurations.xml include.am project.xml
Makefile
wolfssl.X
nbproject configurations.xml include.am project.xml
Makefile
zlib.X
nbproject configurations.xml include.am project.xml
Makefile
PIC32MZ-serial.h README crypto.c crypto.h include.am mcapi_test.c user_settings.h
mplabx
wolfcrypt_benchmark.X
nbproject configurations.xml include.am project.xml
Makefile
wolfcrypt_test.X
nbproject configurations.xml include.am project.xml
Makefile
wolfssl.X
nbproject configurations.xml include.am project.xml
Makefile
PIC32MZ-serial.h README benchmark_main.c include.am test_main.c user_settings.h
mqx
util_lib
Sources include.am util.c util.h
wolfcrypt_benchmark
Debugger K70FN1M0.mem init_kinetis.tcl mass_erase_kinetis.tcl
Sources include.am main.c main.h
ReferencedRSESystems.xml wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch
wolfcrypt_test
Debugger K70FN1M0.mem init_kinetis.tcl mass_erase_kinetis.tcl
Sources include.am main.c main.h
ReferencedRSESystems.xml wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch
wolfssl include.am
wolfssl_client
Debugger K70FN1M0.mem init_kinetis.tcl mass_erase_kinetis.tcl
Sources include.am main.c main.h
ReferencedRSESystems.xml wolfssl_client_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launch
README
rpm include.am spec.in
scripts
bench bench_functions.sh
aria-cmake-build-test.sh asn1_oid_sum.pl benchmark.test benchmark_compare.sh cleanup_testfiles.sh crl-gen-openssl.test crl-revoked.test dertoc.pl dtls.test dtlscid.test external.test google.test include.am makedistsmall.sh memtest.sh ocsp-responder-openssl-interop.test ocsp-stapling-with-ca-as-responder.test ocsp-stapling-with-wolfssl-responder.test ocsp-stapling.test ocsp-stapling2.test ocsp-stapling_tls13multi.test ocsp.test openssl.test openssl_srtp.test pem.test ping.test pkcallbacks.test psk.test resume.test rsapss.test sniffer-gen.sh sniffer-ipv6.pcap sniffer-static-rsa.pcap sniffer-testsuite.test sniffer-tls12-keylog.out sniffer-tls12-keylog.pcap sniffer-tls12-keylog.sslkeylog sniffer-tls13-dh-resume.pcap sniffer-tls13-dh.pcap sniffer-tls13-ecc-resume.pcap sniffer-tls13-ecc.pcap sniffer-tls13-hrr.pcap sniffer-tls13-keylog.out sniffer-tls13-keylog.pcap sniffer-tls13-keylog.sslkeylog sniffer-tls13-x25519-resume.pcap sniffer-tls13-x25519.pcap stm32l4-v4_0_1_build.sh tls13.test trusted_peer.test unit.test.in user_settings_asm.sh
src bio.c conf.c crl.c dtls.c dtls13.c include.am internal.c keys.c ocsp.c pk.c pk_ec.c pk_rsa.c quic.c sniffer.c ssl.c ssl_api_cert.c ssl_api_crl_ocsp.c ssl_api_pk.c ssl_asn1.c ssl_bn.c ssl_certman.c ssl_crypto.c ssl_ech.c ssl_load.c ssl_misc.c ssl_p7p12.c ssl_sess.c ssl_sk.c tls.c tls13.c wolfio.c x509.c x509_str.c
sslSniffer
sslSnifferTest README_WIN.md include.am snifftest.c sslSniffTest.vcproj sslSniffTest.vcxproj
README.md sslSniffer.vcproj sslSniffer.vcxproj
support gen-debug-trace-error-codes.sh include.am wolfssl.pc.in
tests
api api.h api_decl.h create_ocsp_test_blobs.py include.am test_aes.c test_aes.h test_arc4.c test_arc4.h test_ascon.c test_ascon.h test_ascon_kats.h test_asn.c test_asn.h test_blake2.c test_blake2.h test_camellia.c test_camellia.h test_certman.c test_certman.h test_chacha.c test_chacha.h test_chacha20_poly1305.c test_chacha20_poly1305.h test_cmac.c test_cmac.h test_curve25519.c test_curve25519.h test_curve448.c test_curve448.h test_des3.c test_des3.h test_dh.c test_dh.h test_digest.h test_dsa.c test_dsa.h test_dtls.c test_dtls.h test_ecc.c test_ecc.h test_ed25519.c test_ed25519.h test_ed448.c test_ed448.h test_evp.c test_evp.h test_evp_cipher.c test_evp_cipher.h test_evp_digest.c test_evp_digest.h test_evp_pkey.c test_evp_pkey.h test_hash.c test_hash.h test_hmac.c test_hmac.h test_md2.c test_md2.h test_md4.c test_md4.h test_md5.c test_md5.h test_mldsa.c test_mldsa.h test_mlkem.c test_mlkem.h test_ocsp.c test_ocsp.h test_ocsp_test_blobs.h test_ossl_asn1.c test_ossl_asn1.h test_ossl_bio.c test_ossl_bio.h test_ossl_bn.c test_ossl_bn.h test_ossl_cipher.c test_ossl_cipher.h test_ossl_dgst.c test_ossl_dgst.h test_ossl_dh.c test_ossl_dh.h test_ossl_dsa.c test_ossl_dsa.h test_ossl_ec.c test_ossl_ec.h test_ossl_ecx.c test_ossl_ecx.h test_ossl_mac.c test_ossl_mac.h test_ossl_obj.c test_ossl_obj.h test_ossl_p7p12.c test_ossl_p7p12.h test_ossl_pem.c test_ossl_pem.h test_ossl_rand.c test_ossl_rand.h test_ossl_rsa.c test_ossl_rsa.h test_ossl_sk.c test_ossl_sk.h test_ossl_x509.c test_ossl_x509.h test_ossl_x509_acert.c test_ossl_x509_acert.h test_ossl_x509_crypto.c test_ossl_x509_crypto.h test_ossl_x509_ext.c test_ossl_x509_ext.h test_ossl_x509_info.c test_ossl_x509_info.h test_ossl_x509_io.c test_ossl_x509_io.h test_ossl_x509_lu.c test_ossl_x509_lu.h test_ossl_x509_name.c test_ossl_x509_name.h test_ossl_x509_pk.c test_ossl_x509_pk.h test_ossl_x509_str.c test_ossl_x509_str.h test_ossl_x509_vp.c test_ossl_x509_vp.h test_pkcs12.c test_pkcs12.h test_pkcs7.c test_pkcs7.h test_poly1305.c test_poly1305.h test_random.c test_random.h test_rc2.c test_rc2.h test_ripemd.c test_ripemd.h test_rsa.c test_rsa.h test_sha.c test_sha.h test_sha256.c test_sha256.h test_sha3.c test_sha3.h test_sha512.c test_sha512.h test_she.c test_she.h test_signature.c test_signature.h test_slhdsa.c test_slhdsa.h test_sm2.c test_sm2.h test_sm3.c test_sm3.h test_sm4.c test_sm4.h test_tls.c test_tls.h test_tls13.c test_tls13.h test_tls_ext.c test_tls_ext.h test_wc_encrypt.c test_wc_encrypt.h test_wolfmath.c test_wolfmath.h test_x509.c test_x509.h
emnet
IP IP.h
Makefile emnet_nonblock_test.c emnet_shim.c
freertos-mem-track-repro FreeRTOS.h repro.c run.sh semphr.h task.h user_settings.h
swdev .gitignore Makefile README.md swdev.c swdev.h swdev_loader.c swdev_loader.h user_settings.h
CONF_FILES_README.md NCONF_test.cnf README TXT_DB.txt api.c include.am quic.c srp.c suites.c test-altchains.conf test-chains.conf test-dhprime.conf test-dtls-downgrade.conf test-dtls-fails-cipher.conf test-dtls-fails.conf test-dtls-group.conf test-dtls-mtu.conf test-dtls-reneg-client.conf test-dtls-reneg-server.conf test-dtls-resume.conf test-dtls-sha2.conf test-dtls-srtp-fails.conf test-dtls-srtp.conf test-dtls.conf test-dtls13-cid.conf test-dtls13-downgrade-fails.conf test-dtls13-downgrade.conf test-dtls13-pq-hybrid-extra-frag.conf test-dtls13-pq-hybrid-extra.conf test-dtls13-pq-hybrid-frag.conf test-dtls13-pq-standalone-frag.conf test-dtls13-pq-standalone.conf test-dtls13-psk.conf test-dtls13.conf test-ecc-cust-curves.conf test-ed25519.conf test-ed448.conf test-enckeys.conf test-fails.conf test-maxfrag-dtls.conf test-maxfrag.conf test-p521.conf test-psk-no-id-sha2.conf test-psk-no-id.conf test-psk.conf test-rsapss.conf test-sctp-sha2.conf test-sctp.conf test-sha2.conf test-sig.conf test-sm2.conf test-tls-downgrade.conf test-tls13-down.conf test-tls13-ecc.conf test-tls13-pq-hybrid-extra.conf test-tls13-pq-hybrid.conf test-tls13-pq-standalone.conf test-tls13-psk-certs.conf test-tls13-psk.conf test-tls13-slhdsa-fail.conf test-tls13-slhdsa-sha2.conf test-tls13-slhdsa-shake.conf test-tls13.conf test-trustpeer.conf test.conf unit.c unit.h utils.c utils.h w64wrapper.c
testsuite include.am testsuite.c testsuite.sln testsuite.vcproj testsuite.vcxproj utils.c utils.h
tirtos
packages
ti
net
wolfssl
tests
EK_TM4C1294XL
wolfcrypt
benchmark TM4C1294NC.icf benchmark.cfg main.c package.bld.hide package.xdc
test TM4C1294NC.icf main.c package.bld.hide package.xdc test.cfg
package.bld package.xdc package.xs
.gitignore README include.am products.mak wolfssl.bld wolfssl.mak
wolfcrypt
benchmark README.md benchmark-VS2022.sln benchmark-VS2022.vcxproj benchmark-VS2022.vcxproj.user benchmark.c benchmark.h benchmark.sln benchmark.vcproj benchmark.vcxproj include.am
src
port
Espressif
esp_crt_bundle README.md cacrt_all.pem cacrt_deprecated.pem cacrt_local.pem esp_crt_bundle.c gen_crt_bundle.py pio_install_cryptography.py
README.md esp32_aes.c esp32_mp.c esp32_sha.c esp32_util.c esp_sdk_mem_lib.c esp_sdk_time_lib.c esp_sdk_wifi_lib.c
Renesas README.md renesas_common.c renesas_fspsm_aes.c renesas_fspsm_rsa.c renesas_fspsm_sha.c renesas_fspsm_util.c renesas_rx64_hw_sha.c renesas_rx64_hw_util.c renesas_tsip_aes.c renesas_tsip_rsa.c renesas_tsip_sha.c renesas_tsip_util.c
af_alg afalg_aes.c afalg_hash.c wc_afalg.c
aria aria-crypt.c aria-cryptocb.c
arm armv8-32-aes-asm.S armv8-32-aes-asm_c.c armv8-32-chacha-asm.S armv8-32-chacha-asm_c.c armv8-32-curve25519.S armv8-32-curve25519_c.c armv8-32-mlkem-asm.S armv8-32-mlkem-asm_c.c armv8-32-poly1305-asm.S armv8-32-poly1305-asm_c.c armv8-32-sha256-asm.S armv8-32-sha256-asm_c.c armv8-32-sha3-asm.S armv8-32-sha3-asm_c.c armv8-32-sha512-asm.S armv8-32-sha512-asm_c.c armv8-aes-asm.S armv8-aes-asm_c.c armv8-aes.c armv8-chacha-asm.S armv8-chacha-asm_c.c armv8-curve25519.S armv8-curve25519_c.c armv8-mlkem-asm.S armv8-mlkem-asm_c.c armv8-poly1305-asm.S armv8-poly1305-asm_c.c armv8-sha256-asm.S armv8-sha256-asm_c.c armv8-sha256.c armv8-sha3-asm.S armv8-sha3-asm_c.c armv8-sha512-asm.S armv8-sha512-asm_c.c armv8-sha512.c cryptoCell.c cryptoCellHash.c thumb2-aes-asm.S thumb2-aes-asm_c.c thumb2-chacha-asm.S thumb2-chacha-asm_c.c thumb2-curve25519.S thumb2-curve25519_c.c thumb2-mlkem-asm.S thumb2-mlkem-asm_c.c thumb2-poly1305-asm.S thumb2-poly1305-asm_c.c thumb2-sha256-asm.S thumb2-sha256-asm_c.c thumb2-sha3-asm.S thumb2-sha3-asm_c.c thumb2-sha512-asm.S thumb2-sha512-asm_c.c
atmel README.md atmel.c
autosar README.md cryif.c crypto.c csm.c include.am test.c
caam README.md caam_aes.c caam_doc.pdf caam_driver.c caam_error.c caam_integrity.c caam_qnx.c caam_sha.c wolfcaam_aes.c wolfcaam_cmac.c wolfcaam_ecdsa.c wolfcaam_fsl_nxp.c wolfcaam_hash.c wolfcaam_hmac.c wolfcaam_init.c wolfcaam_qnx.c wolfcaam_rsa.c wolfcaam_seco.c wolfcaam_x25519.c
cavium README.md README_Octeon.md cavium_nitrox.c cavium_octeon_sync.c
cuda README.md aes-cuda.cu
cypress README.md psoc6_crypto.c
devcrypto README.md devcrypto_aes.c devcrypto_ecdsa.c devcrypto_hash.c devcrypto_hmac.c devcrypto_rsa.c devcrypto_x25519.c wc_devcrypto.c
intel README.md quickassist.c quickassist_mem.c quickassist_sync.c
iotsafe iotsafe.c
kcapi README.md kcapi_aes.c kcapi_dh.c kcapi_ecc.c kcapi_hash.c kcapi_hmac.c kcapi_rsa.c
liboqs liboqs.c
maxim README.md max3266x.c maxq10xx.c
mynewt mynewt_port.c
nxp README.md README_SE050.md casper_port.c dcp_port.c hashcrypt_port.c ksdk_port.c se050_port.c
pic32 pic32mz-crypt.c
ppc32 ppc32-sha256-asm.S ppc32-sha256-asm_c.c ppc32-sha256-asm_cr.c
psa README.md psa.c psa_aes.c psa_hash.c psa_pkcbs.c
riscv riscv-64-aes.c riscv-64-chacha.c riscv-64-poly1305.c riscv-64-sha256.c riscv-64-sha3.c riscv-64-sha512.c
rpi_pico README.md pico.c
silabs README.md silabs_aes.c silabs_ecc.c silabs_hash.c silabs_random.c
st README.md STM32MP13.md STM32MP25.md stm32.c stsafe.c
ti ti-aes.c ti-ccm.c ti-des3.c ti-hash.c
tropicsquare README.md tropic01.c
xilinx xil-aesgcm.c xil-sha3.c xil-versal-glue.c xil-versal-trng.c
nrf51.c
ASN_TEMPLATE.md aes.c aes_asm.S aes_asm.asm aes_gcm_asm.S aes_gcm_asm.asm aes_gcm_x86_asm.S aes_xts_asm.S aes_xts_asm.asm arc4.c ascon.c asm.c asn.c asn_orig.c async.c blake2b.c blake2s.c camellia.c chacha.c chacha20_poly1305.c chacha_asm.S chacha_asm.asm cmac.c coding.c compress.c cpuid.c cryptocb.c curve25519.c curve448.c des3.c dh.c dilithium.c dsa.c ecc.c ecc_fp.c eccsi.c ed25519.c ed448.c error.c evp.c evp_pk.c falcon.c fe_448.c fe_low_mem.c fe_operations.c fe_x25519_128.h fe_x25519_asm.S fp_mont_small.i fp_mul_comba_12.i fp_mul_comba_17.i fp_mul_comba_20.i fp_mul_comba_24.i fp_mul_comba_28.i fp_mul_comba_3.i fp_mul_comba_32.i fp_mul_comba_4.i fp_mul_comba_48.i fp_mul_comba_6.i fp_mul_comba_64.i fp_mul_comba_7.i fp_mul_comba_8.i fp_mul_comba_9.i fp_mul_comba_small_set.i fp_sqr_comba_12.i fp_sqr_comba_17.i fp_sqr_comba_20.i fp_sqr_comba_24.i fp_sqr_comba_28.i fp_sqr_comba_3.i fp_sqr_comba_32.i fp_sqr_comba_4.i fp_sqr_comba_48.i fp_sqr_comba_6.i fp_sqr_comba_64.i fp_sqr_comba_7.i fp_sqr_comba_8.i fp_sqr_comba_9.i fp_sqr_comba_small_set.i ge_448.c ge_low_mem.c ge_operations.c hash.c hmac.c hpke.c include.am integer.c kdf.c logging.c md2.c md4.c md5.c memory.c misc.c pkcs12.c pkcs7.c poly1305.c poly1305_asm.S poly1305_asm.asm puf.c pwdbased.c random.c rc2.c ripemd.c rng_bank.c rsa.c sakke.c sha.c sha256.c sha256_asm.S sha3.c sha3_asm.S sha512.c sha512_asm.S signature.c siphash.c sm2.c sm3.c sm3_asm.S sm4.c sp_arm32.c sp_arm64.c sp_armthumb.c sp_c32.c sp_c64.c sp_cortexm.c sp_dsp32.c sp_int.c sp_sm2_arm32.c sp_sm2_arm64.c sp_sm2_armthumb.c sp_sm2_c32.c sp_sm2_c64.c sp_sm2_cortexm.c sp_sm2_x86_64.c sp_sm2_x86_64_asm.S sp_x86_64.c sp_x86_64_asm.S sp_x86_64_asm.asm srp.c tfm.c wc_dsp.c wc_encrypt.c wc_lms.c wc_lms_impl.c wc_mldsa_asm.S wc_mlkem.c wc_mlkem_asm.S wc_mlkem_poly.c wc_pkcs11.c wc_port.c wc_she.c wc_slhdsa.c wc_xmss.c wc_xmss_impl.c wolfentropy.c wolfevent.c wolfmath.c
test README.md include.am test-VS2022.sln test-VS2022.vcxproj test-VS2022.vcxproj.user test.c test.h test.sln test.vcproj test_paths.h.in
wolfssl
openssl aes.h asn1.h asn1t.h bio.h bn.h buffer.h camellia.h cmac.h cms.h compat_types.h conf.h crypto.h des.h dh.h dsa.h ec.h ec25519.h ec448.h ecdh.h ecdsa.h ed25519.h ed448.h engine.h err.h evp.h fips_rand.h hmac.h include.am kdf.h lhash.h md4.h md5.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h opensslv.h ossl_typ.h pem.h pkcs12.h pkcs7.h rand.h rc4.h ripemd.h rsa.h safestack.h sha.h sha3.h srp.h ssl.h ssl23.h stack.h tls1.h txt_db.h ui.h x509.h x509_vfy.h x509v3.h
wolfcrypt
port
Espressif esp-sdk-lib.h esp32-crypt.h esp_crt_bundle.h
Renesas renesas-fspsm-crypt.h renesas-fspsm-types.h renesas-rx64-hw-crypt.h renesas-tsip-crypt.h renesas_cmn.h renesas_fspsm_internal.h renesas_sync.h renesas_tsip_internal.h renesas_tsip_types.h
af_alg afalg_hash.h wc_afalg.h
aria aria-crypt.h aria-cryptocb.h
arm cryptoCell.h
atmel atmel.h
autosar CryIf.h Crypto.h Csm.h StandardTypes.h
caam caam_driver.h caam_error.h caam_qnx.h wolfcaam.h wolfcaam_aes.h wolfcaam_cmac.h wolfcaam_ecdsa.h wolfcaam_fsl_nxp.h wolfcaam_hash.h wolfcaam_qnx.h wolfcaam_rsa.h wolfcaam_seco.h wolfcaam_sha.h wolfcaam_x25519.h
cavium cavium_nitrox.h cavium_octeon_sync.h
cypress psoc6_crypto.h
devcrypto wc_devcrypto.h
intel quickassist.h quickassist_mem.h quickassist_sync.h
iotsafe iotsafe.h
kcapi kcapi_dh.h kcapi_ecc.h kcapi_hash.h kcapi_hmac.h kcapi_rsa.h wc_kcapi.h
liboqs liboqs.h
maxim max3266x-cryptocb.h max3266x.h maxq10xx.h
nxp casper_port.h dcp_port.h hashcrypt_port.h ksdk_port.h se050_port.h
pic32 pic32mz-crypt.h
psa psa.h
riscv riscv-64-asm.h
rpi_pico pico.h
silabs silabs_aes.h silabs_ecc.h silabs_hash.h silabs_random.h
st stm32.h stsafe.h
ti ti-ccm.h ti-hash.h
tropicsquare tropic01.h
xilinx xil-sha3.h xil-versal-glue.h xil-versal-trng.h
nrf51.h
aes.h arc4.h ascon.h asn.h asn_public.h async.h blake2-impl.h blake2-int.h blake2.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cpuid.h cryptocb.h curve25519.h curve448.h des3.h dh.h dilithium.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h falcon.h fe_448.h fe_operations.h fips_test.h ge_448.h ge_operations.h hash.h hmac.h hpke.h include.am integer.h kdf.h libwolfssl_sources.h libwolfssl_sources_asm.h logging.h md2.h md4.h md5.h mem_track.h memory.h misc.h mpi_class.h mpi_superclass.h oid_sum.h pkcs11.h pkcs12.h pkcs7.h poly1305.h puf.h pwdbased.h random.h rc2.h ripemd.h rng_bank.h rsa.h sakke.h selftest.h settings.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h sm2.h sm3.h sm4.h sp.h sp_int.h srp.h tfm.h types.h visibility.h wc_encrypt.h wc_lms.h wc_mlkem.h wc_pkcs11.h wc_port.h wc_she.h wc_slhdsa.h wc_xmss.h wolfentropy.h wolfevent.h wolfmath.h
callbacks.h certs_test.h certs_test_sm.h crl.h error-ssl.h include.am internal.h ocsp.h options.h.in quic.h sniffer.h sniffer_error.h sniffer_error.rc ssl.h test.h version.h version.h.in wolfio.h
wrapper
Ada
examples
src aes_verify_main.adb rsa_verify_main.adb sha256_main.adb spark_sockets.adb spark_sockets.ads spark_terminal.adb spark_terminal.ads tls_client.adb tls_client.ads tls_client_main.adb tls_server.adb tls_server.ads tls_server_main.adb
.gitignore alire.toml examples.gpr
tests
src
support test_support.adb test_support.ads tests_root_suite.adb tests_root_suite.ads
aes_bindings_tests.adb aes_bindings_tests.ads rsa_verify_bindings_tests.adb rsa_verify_bindings_tests.ads sha256_bindings_tests.adb sha256_bindings_tests.ads tests.adb
.gitignore README.md alire.toml tests.gpr valgrind.supp
.gitignore README.md ada_binding.c alire.toml default.gpr include.am restricted.adc user_settings.h wolfssl-full_runtime.adb wolfssl-full_runtime.ads wolfssl.adb wolfssl.ads wolfssl.gpr
CSharp
wolfCrypt-Test
Properties AssemblyInfo.cs
App.config wolfCrypt-Test.cs wolfCrypt-Test.csproj
wolfSSL-DTLS-PSK-Server
Properties AssemblyInfo.cs
App.config wolfSSL-DTLS-PSK-Server.cs wolfSSL-DTLS-PSK-Server.csproj
wolfSSL-DTLS-Server
Properties AssemblyInfo.cs
App.config wolfSSL-DTLS-Server.cs wolfSSL-DTLS-Server.csproj
wolfSSL-Example-IOCallbacks
Properties AssemblyInfo.cs
App.config wolfSSL-Example-IOCallbacks.cs wolfSSL-Example-IOCallbacks.csproj
wolfSSL-TLS-Client
Properties AssemblyInfo.cs
App.config wolfSSL-TLS-Client.cs wolfSSL-TLS-Client.csproj
wolfSSL-TLS-PSK-Client
Properties AssemblyInfo.cs
App.config wolfSSL-TLS-PSK-Client.cs wolfSSL-TLS-PSK-Client.csproj
wolfSSL-TLS-PSK-Server
Properties AssemblyInfo.cs
App.config wolfSSL-TLS-PSK-Server.cs wolfSSL-TLS-PSK-Server.csproj
wolfSSL-TLS-Server
Properties AssemblyInfo.cs
App.config wolfSSL-TLS-Server.cs wolfSSL-TLS-Server.csproj
wolfSSL-TLS-ServerThreaded
Properties AssemblyInfo.cs
App.config wolfSSL-TLS-ServerThreaded.cs wolfSSL-TLS-ServerThreaded.csproj
wolfSSL_CSharp
Properties AssemblyInfo.cs Resources.Designer.cs Resources.resx
X509.cs wolfCrypt.cs wolfSSL.cs wolfSSL_CSharp.csproj
README.md include.am user_settings.h wolfSSL_CSharp.sln wolfssl.vcxproj
python README.md
rust
wolfssl-wolfcrypt
src aes.rs blake2.rs chacha20_poly1305.rs cmac.rs cmac_mac.rs curve25519.rs dh.rs dilithium.rs ecc.rs ecdsa.rs ed25519.rs ed448.rs fips.rs hkdf.rs hmac.rs hmac_mac.rs kdf.rs lib.rs lms.rs mlkem.rs mlkem_kem.rs pbkdf2_password_hash.rs prf.rs random.rs rsa.rs rsa_pkcs1v15.rs sha.rs sha_digest.rs sys.rs
tests
common mod.rs
test_aes.rs test_blake2.rs test_chacha20_poly1305.rs test_cmac.rs test_cmac_mac.rs test_curve25519.rs test_dh.rs test_dilithium.rs test_ecc.rs test_ecdsa.rs test_ed25519.rs test_ed448.rs test_hkdf.rs test_hmac.rs test_hmac_mac.rs test_kdf.rs test_lms.rs test_mlkem.rs test_mlkem_kem.rs test_pbkdf2_password_hash.rs test_prf.rs test_random.rs test_rsa.rs test_rsa_pkcs1v15.rs test_sha.rs test_sha_digest.rs test_wolfcrypt.rs
CHANGELOG.md Cargo.lock Cargo.toml Makefile README.md build.rs headers.h
Makefile README.md include.am
include.am
zephyr
samples
wolfssl_benchmark
boards native_sim.conf nrf5340dk_nrf5340_cpuapp.conf nrf5340dk_nrf5340_cpuapp_ns.conf
CMakeLists.txt README install_test.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl_test
boards native_sim.conf nrf5340dk_nrf5340_cpuapp.conf nrf5340dk_nrf5340_cpuapp_ns.conf
CMakeLists.txt README install_test.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl_tls_sock
boards native_sim.conf
src tls_sock.c
CMakeLists.txt README install_sample.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl_tls_thread
boards native_sim.conf nrf5340dk_nrf5340_cpuapp.conf nrf5340dk_nrf5340_cpuapp_ns.conf
src tls_threaded.c
CMakeLists.txt README install_sample.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl options.h
CMakeLists.txt Kconfig Kconfig.tls-generic README.md include.am module.yml user_settings-no-malloc.h user_settings.h zephyr_init.c
.codespellexcludelines .cyignore .editorconfig .gitignore .wolfssl_known_macro_extras AUTHORS CMakeLists.txt CMakePresets.json CMakeSettings.json COPYING ChangeLog.md INSTALL LICENSING LPCExpresso.cproject LPCExpresso.project Makefile.am README README-async.md README.md SCRIPTS-LIST SECURITY-POLICY.md SECURITY-REPORT-TEMPLATE.md Vagrantfile autogen.sh commit-tests.sh configure.ac fips-check.sh fips-hash.sh gencertbuf.pl input pull_to_vagrant.sh quit resource.h stamp-h.in valgrind-bash.supp valgrind-error.sh wnr-example.conf wolfssl-VS2022.vcxproj wolfssl.rc wolfssl.vcproj wolfssl.vcxproj wolfssl64.sln
.clangd .gitignore DOCS.md Makefile README.md assert.c core.c crypto.c env.c fs.c http.c ini.c json.c log.c luna.h main.c makext.mk path.c process.c request.c sqlite.c stash.c template.c util.c
wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S raw 
    1/* armv8-curve25519
    2 *
    3 * Copyright (C) 2006-2026 wolfSSL Inc.
    4 *
    5 * This file is part of wolfSSL.
    6 *
    7 * wolfSSL is free software; you can redistribute it and/or modify
    8 * it under the terms of the GNU General Public License as published by
    9 * the Free Software Foundation; either version 3 of the License, or
   10 * (at your option) any later version.
   11 *
   12 * wolfSSL is distributed in the hope that it will be useful,
   13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
   14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   15 * GNU General Public License for more details.
   16 *
   17 * You should have received a copy of the GNU General Public License
   18 * along with this program; if not, write to the Free Software
   19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
   20 */
   21
   22#include <wolfssl/wolfcrypt/libwolfssl_sources_asm.h>
   23
   24/* Generated using (from wolfssl):
   25 *   cd ../scripts
   26 *   ruby ./x25519/x25519.rb arm64 \
   27 *       ../wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S
   28 */
   29#ifdef WOLFSSL_ARMASM
   30#ifdef __aarch64__
   31#ifndef WOLFSSL_ARMASM_INLINE
   32#if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
   33#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
   34#ifndef __APPLE__
   35.text
   36.globl	fe_init
   37.type	fe_init,@function
   38.align	2
   39fe_init:
   40#else
   41.section	__TEXT,__text
   42.globl	_fe_init
   43.p2align	2
   44_fe_init:
   45#endif /* __APPLE__ */
   46	ret
   47#ifndef __APPLE__
   48	.size	fe_init,.-fe_init
   49#endif /* __APPLE__ */
   50#ifndef __APPLE__
   51.text
   52.globl	fe_frombytes
   53.type	fe_frombytes,@function
   54.align	2
   55fe_frombytes:
   56#else
   57.section	__TEXT,__text
   58.globl	_fe_frombytes
   59.p2align	2
   60_fe_frombytes:
   61#endif /* __APPLE__ */
   62	ldp	x2, x3, [x1]
   63	ldp	x4, x5, [x1, #16]
   64	and	x5, x5, #0x7fffffffffffffff
   65	stp	x2, x3, [x0]
   66	stp	x4, x5, [x0, #16]
   67	ret
   68#ifndef __APPLE__
   69	.size	fe_frombytes,.-fe_frombytes
   70#endif /* __APPLE__ */
   71#ifndef __APPLE__
   72.text
   73.globl	fe_tobytes
   74.type	fe_tobytes,@function
   75.align	2
   76fe_tobytes:
   77#else
   78.section	__TEXT,__text
   79.globl	_fe_tobytes
   80.p2align	2
   81_fe_tobytes:
   82#endif /* __APPLE__ */
   83	mov	x7, #19
   84	ldp	x2, x3, [x1]
   85	ldp	x4, x5, [x1, #16]
   86	adds	x6, x2, x7
   87	adcs	x6, x3, xzr
   88	adcs	x6, x4, xzr
   89	adc	x6, x5, xzr
   90	and	x6, x7, x6, asr 63
   91	adds	x2, x2, x6
   92	adcs	x3, x3, xzr
   93	adcs	x4, x4, xzr
   94	adc	x5, x5, xzr
   95	and	x5, x5, #0x7fffffffffffffff
   96	stp	x2, x3, [x0]
   97	stp	x4, x5, [x0, #16]
   98	ret
   99#ifndef __APPLE__
  100	.size	fe_tobytes,.-fe_tobytes
  101#endif /* __APPLE__ */
  102#ifndef __APPLE__
  103.text
  104.globl	fe_1
  105.type	fe_1,@function
  106.align	2
  107fe_1:
  108#else
  109.section	__TEXT,__text
  110.globl	_fe_1
  111.p2align	2
  112_fe_1:
  113#endif /* __APPLE__ */
  114	# Set one
  115	mov	x1, #1
  116	stp	x1, xzr, [x0]
  117	stp	xzr, xzr, [x0, #16]
  118	ret
  119#ifndef __APPLE__
  120	.size	fe_1,.-fe_1
  121#endif /* __APPLE__ */
  122#ifndef __APPLE__
  123.text
  124.globl	fe_0
  125.type	fe_0,@function
  126.align	2
  127fe_0:
  128#else
  129.section	__TEXT,__text
  130.globl	_fe_0
  131.p2align	2
  132_fe_0:
  133#endif /* __APPLE__ */
  134	# Set zero
  135	stp	xzr, xzr, [x0]
  136	stp	xzr, xzr, [x0, #16]
  137	ret
  138#ifndef __APPLE__
  139	.size	fe_0,.-fe_0
  140#endif /* __APPLE__ */
  141#ifndef __APPLE__
  142.text
  143.globl	fe_copy
  144.type	fe_copy,@function
  145.align	2
  146fe_copy:
  147#else
  148.section	__TEXT,__text
  149.globl	_fe_copy
  150.p2align	2
  151_fe_copy:
  152#endif /* __APPLE__ */
  153	# Copy
  154	ldp	x2, x3, [x1]
  155	ldp	x4, x5, [x1, #16]
  156	stp	x2, x3, [x0]
  157	stp	x4, x5, [x0, #16]
  158	ret
  159#ifndef __APPLE__
  160	.size	fe_copy,.-fe_copy
  161#endif /* __APPLE__ */
  162#ifndef __APPLE__
  163.text
  164.globl	fe_sub
  165.type	fe_sub,@function
  166.align	2
  167fe_sub:
  168#else
  169.section	__TEXT,__text
  170.globl	_fe_sub
  171.p2align	2
  172_fe_sub:
  173#endif /* __APPLE__ */
  174	# Sub
  175	ldp	x3, x4, [x1]
  176	ldp	x5, x6, [x1, #16]
  177	ldp	x7, x8, [x2]
  178	ldp	x9, x10, [x2, #16]
  179	subs	x3, x3, x7
  180	sbcs	x4, x4, x8
  181	sbcs	x5, x5, x9
  182	sbcs	x6, x6, x10
  183	csetm	x11, cc
  184	mov	x12, #-19
  185	#   Mask the modulus
  186	extr	x11, x11, x6, #63
  187	mul	x12, x11, x12
  188	#   Add modulus (if underflow)
  189	subs	x3, x3, x12
  190	sbcs	x4, x4, xzr
  191	and	x6, x6, #0x7fffffffffffffff
  192	sbcs	x5, x5, xzr
  193	sbc	x6, x6, xzr
  194	stp	x3, x4, [x0]
  195	stp	x5, x6, [x0, #16]
  196	ret
  197#ifndef __APPLE__
  198	.size	fe_sub,.-fe_sub
  199#endif /* __APPLE__ */
  200#ifndef __APPLE__
  201.text
  202.globl	fe_add
  203.type	fe_add,@function
  204.align	2
  205fe_add:
  206#else
  207.section	__TEXT,__text
  208.globl	_fe_add
  209.p2align	2
  210_fe_add:
  211#endif /* __APPLE__ */
  212	# Add
  213	ldp	x3, x4, [x1]
  214	ldp	x5, x6, [x1, #16]
  215	ldp	x7, x8, [x2]
  216	ldp	x9, x10, [x2, #16]
  217	adds	x3, x3, x7
  218	adcs	x4, x4, x8
  219	adcs	x5, x5, x9
  220	adcs	x6, x6, x10
  221	cset	x11, cs
  222	mov	x12, #19
  223	#   Mask the modulus
  224	extr	x11, x11, x6, #63
  225	mul	x12, x11, x12
  226	#   Sub modulus (if overflow)
  227	adds	x3, x3, x12
  228	adcs	x4, x4, xzr
  229	and	x6, x6, #0x7fffffffffffffff
  230	adcs	x5, x5, xzr
  231	adc	x6, x6, xzr
  232	stp	x3, x4, [x0]
  233	stp	x5, x6, [x0, #16]
  234	ret
  235#ifndef __APPLE__
  236	.size	fe_add,.-fe_add
  237#endif /* __APPLE__ */
  238#ifndef __APPLE__
  239.text
  240.globl	fe_neg
  241.type	fe_neg,@function
  242.align	2
  243fe_neg:
  244#else
  245.section	__TEXT,__text
  246.globl	_fe_neg
  247.p2align	2
  248_fe_neg:
  249#endif /* __APPLE__ */
  250	ldp	x2, x3, [x1]
  251	ldp	x4, x5, [x1, #16]
  252	mov	x6, #-19
  253	mov	x7, #-1
  254	mov	x8, #-1
  255	mov	x9, #0x7fffffffffffffff
  256	subs	x6, x6, x2
  257	sbcs	x7, x7, x3
  258	sbcs	x8, x8, x4
  259	sbc	x9, x9, x5
  260	stp	x6, x7, [x0]
  261	stp	x8, x9, [x0, #16]
  262	ret
  263#ifndef __APPLE__
  264	.size	fe_neg,.-fe_neg
  265#endif /* __APPLE__ */
  266#ifndef __APPLE__
  267.text
  268.globl	fe_isnonzero
  269.type	fe_isnonzero,@function
  270.align	2
  271fe_isnonzero:
  272#else
  273.section	__TEXT,__text
  274.globl	_fe_isnonzero
  275.p2align	2
  276_fe_isnonzero:
  277#endif /* __APPLE__ */
  278	mov	x6, #19
  279	ldp	x1, x2, [x0]
  280	ldp	x3, x4, [x0, #16]
  281	adds	x5, x1, x6
  282	adcs	x5, x2, xzr
  283	adcs	x5, x3, xzr
  284	adc	x5, x4, xzr
  285	and	x5, x6, x5, asr 63
  286	adds	x1, x1, x5
  287	adcs	x2, x2, xzr
  288	adcs	x3, x3, xzr
  289	adc	x4, x4, xzr
  290	and	x4, x4, #0x7fffffffffffffff
  291	orr	x0, x1, x2
  292	orr	x3, x3, x4
  293	orr	x0, x0, x3
  294	ret
  295#ifndef __APPLE__
  296	.size	fe_isnonzero,.-fe_isnonzero
  297#endif /* __APPLE__ */
  298#ifndef __APPLE__
  299.text
  300.globl	fe_isnegative
  301.type	fe_isnegative,@function
  302.align	2
  303fe_isnegative:
  304#else
  305.section	__TEXT,__text
  306.globl	_fe_isnegative
  307.p2align	2
  308_fe_isnegative:
  309#endif /* __APPLE__ */
  310	mov	x6, #19
  311	ldp	x1, x2, [x0]
  312	ldp	x3, x4, [x0, #16]
  313	adds	x5, x1, x6
  314	adcs	x5, x2, xzr
  315	adcs	x5, x3, xzr
  316	adc	x5, x4, xzr
  317	and	x0, x1, #1
  318	eor	x0, x0, x5, lsr 63
  319	ret
  320#ifndef __APPLE__
  321	.size	fe_isnegative,.-fe_isnegative
  322#endif /* __APPLE__ */
  323#ifndef __APPLE__
  324.text
  325.globl	fe_cmov_table
  326.type	fe_cmov_table,@function
  327.align	2
  328fe_cmov_table:
  329#else
  330.section	__TEXT,__text
  331.globl	_fe_cmov_table
  332.p2align	2
  333_fe_cmov_table:
  334#endif /* __APPLE__ */
  335	stp	x29, x30, [sp, #-128]!
  336	add	x29, sp, #0
  337	stp	x17, x19, [x29, #40]
  338	stp	x20, x21, [x29, #56]
  339	stp	x22, x23, [x29, #72]
  340	stp	x24, x25, [x29, #88]
  341	stp	x26, x27, [x29, #104]
  342	str	x28, [x29, #120]
  343	str	x0, [x29, #16]
  344	sxtb	x2, w2
  345	sbfx	x3, x2, #7, #1
  346	eor	x0, x2, x3
  347	sub	x0, x0, x3
  348	mov	x4, #1
  349	mov	x5, xzr
  350	mov	x6, xzr
  351	mov	x7, xzr
  352	mov	x8, #1
  353	mov	x9, xzr
  354	mov	x10, xzr
  355	mov	x11, xzr
  356	mov	x12, xzr
  357	mov	x13, xzr
  358	mov	x14, xzr
  359	mov	x15, xzr
  360	cmp	x0, #1
  361	ldp	x16, x17, [x1]
  362	ldp	x19, x20, [x1, #16]
  363	ldp	x21, x22, [x1, #32]
  364	ldp	x23, x24, [x1, #48]
  365	ldp	x25, x26, [x1, #64]
  366	ldp	x27, x28, [x1, #80]
  367	csel	x4, x16, x4, eq
  368	csel	x5, x17, x5, eq
  369	csel	x6, x19, x6, eq
  370	csel	x7, x20, x7, eq
  371	csel	x8, x21, x8, eq
  372	csel	x9, x22, x9, eq
  373	csel	x10, x23, x10, eq
  374	csel	x11, x24, x11, eq
  375	csel	x12, x25, x12, eq
  376	csel	x13, x26, x13, eq
  377	csel	x14, x27, x14, eq
  378	csel	x15, x28, x15, eq
  379	cmp	x0, #2
  380	ldp	x16, x17, [x1, #96]
  381	ldp	x19, x20, [x1, #112]
  382	ldp	x21, x22, [x1, #128]
  383	ldp	x23, x24, [x1, #144]
  384	ldp	x25, x26, [x1, #160]
  385	ldp	x27, x28, [x1, #176]
  386	csel	x4, x16, x4, eq
  387	csel	x5, x17, x5, eq
  388	csel	x6, x19, x6, eq
  389	csel	x7, x20, x7, eq
  390	csel	x8, x21, x8, eq
  391	csel	x9, x22, x9, eq
  392	csel	x10, x23, x10, eq
  393	csel	x11, x24, x11, eq
  394	csel	x12, x25, x12, eq
  395	csel	x13, x26, x13, eq
  396	csel	x14, x27, x14, eq
  397	csel	x15, x28, x15, eq
  398	cmp	x0, #3
  399	ldp	x16, x17, [x1, #192]
  400	ldp	x19, x20, [x1, #208]
  401	ldp	x21, x22, [x1, #224]
  402	ldp	x23, x24, [x1, #240]
  403	ldp	x25, x26, [x1, #256]
  404	ldp	x27, x28, [x1, #272]
  405	csel	x4, x16, x4, eq
  406	csel	x5, x17, x5, eq
  407	csel	x6, x19, x6, eq
  408	csel	x7, x20, x7, eq
  409	csel	x8, x21, x8, eq
  410	csel	x9, x22, x9, eq
  411	csel	x10, x23, x10, eq
  412	csel	x11, x24, x11, eq
  413	csel	x12, x25, x12, eq
  414	csel	x13, x26, x13, eq
  415	csel	x14, x27, x14, eq
  416	csel	x15, x28, x15, eq
  417	cmp	x0, #4
  418	ldp	x16, x17, [x1, #288]
  419	ldp	x19, x20, [x1, #304]
  420	ldp	x21, x22, [x1, #320]
  421	ldp	x23, x24, [x1, #336]
  422	ldp	x25, x26, [x1, #352]
  423	ldp	x27, x28, [x1, #368]
  424	csel	x4, x16, x4, eq
  425	csel	x5, x17, x5, eq
  426	csel	x6, x19, x6, eq
  427	csel	x7, x20, x7, eq
  428	csel	x8, x21, x8, eq
  429	csel	x9, x22, x9, eq
  430	csel	x10, x23, x10, eq
  431	csel	x11, x24, x11, eq
  432	csel	x12, x25, x12, eq
  433	csel	x13, x26, x13, eq
  434	csel	x14, x27, x14, eq
  435	csel	x15, x28, x15, eq
  436	add	x1, x1, #0x180
  437	cmp	x0, #5
  438	ldp	x16, x17, [x1]
  439	ldp	x19, x20, [x1, #16]
  440	ldp	x21, x22, [x1, #32]
  441	ldp	x23, x24, [x1, #48]
  442	ldp	x25, x26, [x1, #64]
  443	ldp	x27, x28, [x1, #80]
  444	csel	x4, x16, x4, eq
  445	csel	x5, x17, x5, eq
  446	csel	x6, x19, x6, eq
  447	csel	x7, x20, x7, eq
  448	csel	x8, x21, x8, eq
  449	csel	x9, x22, x9, eq
  450	csel	x10, x23, x10, eq
  451	csel	x11, x24, x11, eq
  452	csel	x12, x25, x12, eq
  453	csel	x13, x26, x13, eq
  454	csel	x14, x27, x14, eq
  455	csel	x15, x28, x15, eq
  456	cmp	x0, #6
  457	ldp	x16, x17, [x1, #96]
  458	ldp	x19, x20, [x1, #112]
  459	ldp	x21, x22, [x1, #128]
  460	ldp	x23, x24, [x1, #144]
  461	ldp	x25, x26, [x1, #160]
  462	ldp	x27, x28, [x1, #176]
  463	csel	x4, x16, x4, eq
  464	csel	x5, x17, x5, eq
  465	csel	x6, x19, x6, eq
  466	csel	x7, x20, x7, eq
  467	csel	x8, x21, x8, eq
  468	csel	x9, x22, x9, eq
  469	csel	x10, x23, x10, eq
  470	csel	x11, x24, x11, eq
  471	csel	x12, x25, x12, eq
  472	csel	x13, x26, x13, eq
  473	csel	x14, x27, x14, eq
  474	csel	x15, x28, x15, eq
  475	cmp	x0, #7
  476	ldp	x16, x17, [x1, #192]
  477	ldp	x19, x20, [x1, #208]
  478	ldp	x21, x22, [x1, #224]
  479	ldp	x23, x24, [x1, #240]
  480	ldp	x25, x26, [x1, #256]
  481	ldp	x27, x28, [x1, #272]
  482	csel	x4, x16, x4, eq
  483	csel	x5, x17, x5, eq
  484	csel	x6, x19, x6, eq
  485	csel	x7, x20, x7, eq
  486	csel	x8, x21, x8, eq
  487	csel	x9, x22, x9, eq
  488	csel	x10, x23, x10, eq
  489	csel	x11, x24, x11, eq
  490	csel	x12, x25, x12, eq
  491	csel	x13, x26, x13, eq
  492	csel	x14, x27, x14, eq
  493	csel	x15, x28, x15, eq
  494	cmp	x0, #8
  495	ldp	x16, x17, [x1, #288]
  496	ldp	x19, x20, [x1, #304]
  497	ldp	x21, x22, [x1, #320]
  498	ldp	x23, x24, [x1, #336]
  499	ldp	x25, x26, [x1, #352]
  500	ldp	x27, x28, [x1, #368]
  501	csel	x4, x16, x4, eq
  502	csel	x5, x17, x5, eq
  503	csel	x6, x19, x6, eq
  504	csel	x7, x20, x7, eq
  505	csel	x8, x21, x8, eq
  506	csel	x9, x22, x9, eq
  507	csel	x10, x23, x10, eq
  508	csel	x11, x24, x11, eq
  509	csel	x12, x25, x12, eq
  510	csel	x13, x26, x13, eq
  511	csel	x14, x27, x14, eq
  512	csel	x15, x28, x15, eq
  513	mov	x16, #-19
  514	mov	x17, #-1
  515	mov	x19, #-1
  516	mov	x20, #0x7fffffffffffffff
  517	subs	x16, x16, x12
  518	sbcs	x17, x17, x13
  519	sbcs	x19, x19, x14
  520	sbc	x20, x20, x15
  521	cmp	x2, #0
  522	mov	x3, x4
  523	csel	x4, x8, x4, lt
  524	csel	x8, x3, x8, lt
  525	mov	x3, x5
  526	csel	x5, x9, x5, lt
  527	csel	x9, x3, x9, lt
  528	mov	x3, x6
  529	csel	x6, x10, x6, lt
  530	csel	x10, x3, x10, lt
  531	mov	x3, x7
  532	csel	x7, x11, x7, lt
  533	csel	x11, x3, x11, lt
  534	csel	x12, x16, x12, lt
  535	csel	x13, x17, x13, lt
  536	csel	x14, x19, x14, lt
  537	csel	x15, x20, x15, lt
  538	ldr	x0, [x29, #16]
  539	stp	x4, x5, [x0]
  540	stp	x6, x7, [x0, #16]
  541	stp	x8, x9, [x0, #32]
  542	stp	x10, x11, [x0, #48]
  543	stp	x12, x13, [x0, #64]
  544	stp	x14, x15, [x0, #80]
  545	ldp	x17, x19, [x29, #40]
  546	ldp	x20, x21, [x29, #56]
  547	ldp	x22, x23, [x29, #72]
  548	ldp	x24, x25, [x29, #88]
  549	ldp	x26, x27, [x29, #104]
  550	ldr	x28, [x29, #120]
  551	ldp	x29, x30, [sp], #0x80
  552	ret
  553#ifndef __APPLE__
  554	.size	fe_cmov_table,.-fe_cmov_table
  555#endif /* __APPLE__ */
  556#ifndef __APPLE__
  557.text
  558.globl	fe_invert_nct
  559.type	fe_invert_nct,@function
  560.align	2
  561fe_invert_nct:
  562#else
  563.section	__TEXT,__text
  564.globl	_fe_invert_nct
  565.p2align	2
  566_fe_invert_nct:
  567#endif /* __APPLE__ */
  568	stp	x29, x30, [sp, #-80]!
  569	add	x29, sp, #0
  570	stp	x17, x19, [x29, #24]
  571	stp	x20, x21, [x29, #40]
  572	stp	x22, x23, [x29, #56]
  573	str	x24, [x29, #72]
  574	mov	x19, #-19
  575	mov	x20, #-1
  576	mov	x21, #0x7fffffffffffffff
  577	ldr	x6, [x1]
  578	ldr	x7, [x1, #8]
  579	ldr	x8, [x1, #16]
  580	ldr	x9, [x1, #24]
  581	mov	x2, x19
  582	mov	x3, x20
  583	mov	x4, x20
  584	mov	x5, x21
  585	mov	x10, xzr
  586	mov	x11, xzr
  587	mov	x12, xzr
  588	mov	x13, xzr
  589	mov	x14, #1
  590	mov	x15, xzr
  591	mov	x16, xzr
  592	mov	x17, xzr
  593	mov	x22, #0xff
  594	cmp	x9, #0
  595	beq	L_fe_invert_nct_num_bits_init_v_0
  596	mov	x24, #0x100
  597	clz	x23, x9
  598	sub	x23, x24, x23
  599	b	L_fe_invert_nct_num_bits_init_v_3
  600L_fe_invert_nct_num_bits_init_v_0:
  601	cmp	x8, #0
  602	beq	L_fe_invert_nct_num_bits_init_v_1
  603	mov	x24, #0xc0
  604	clz	x23, x8
  605	sub	x23, x24, x23
  606	b	L_fe_invert_nct_num_bits_init_v_3
  607L_fe_invert_nct_num_bits_init_v_1:
  608	cmp	x7, #0
  609	beq	L_fe_invert_nct_num_bits_init_v_2
  610	mov	x24, #0x80
  611	clz	x23, x7
  612	sub	x23, x24, x23
  613	b	L_fe_invert_nct_num_bits_init_v_3
  614L_fe_invert_nct_num_bits_init_v_2:
  615	mov	x24, #0x40
  616	clz	x23, x6
  617	sub	x23, x24, x23
  618L_fe_invert_nct_num_bits_init_v_3:
  619	tst	x6, #1
  620	bne	L_fe_invert_nct_loop
  621L_fe_invert_nct_even_init_v_0:
  622	extr	x6, x7, x6, #1
  623	extr	x7, x8, x7, #1
  624	extr	x8, x9, x8, #1
  625	lsr	x9, x9, #1
  626	sub	x23, x23, #1
  627	ands	x24, x14, #1
  628	beq	L_fe_invert_nct_even_init_v_1
  629	adds	x14, x14, x19
  630	adcs	x15, x15, x20
  631	adcs	x16, x16, x20
  632	adcs	x17, x17, x21
  633	cset	x24, cs
  634L_fe_invert_nct_even_init_v_1:
  635	extr	x14, x15, x14, #1
  636	extr	x15, x16, x15, #1
  637	extr	x16, x17, x16, #1
  638	extr	x17, x24, x17, #1
  639	tst	x6, #1
  640	beq	L_fe_invert_nct_even_init_v_0
  641L_fe_invert_nct_loop:
  642	cmp	x22, #1
  643	beq	L_fe_invert_nct_u_done
  644	cmp	x23, #1
  645	beq	L_fe_invert_nct_v_done
  646	cmp	x22, x23
  647	bhi	L_fe_invert_nct_u_larger
  648	bcc	L_fe_invert_nct_v_larger
  649	cmp	x5, x9
  650	bhi	L_fe_invert_nct_u_larger
  651	bcc	L_fe_invert_nct_v_larger
  652	cmp	x4, x8
  653	bhi	L_fe_invert_nct_u_larger
  654	bcc	L_fe_invert_nct_v_larger
  655	cmp	x3, x7
  656	bhi	L_fe_invert_nct_u_larger
  657	bcc	L_fe_invert_nct_v_larger
  658	cmp	x2, x6
  659	bcc	L_fe_invert_nct_v_larger
  660L_fe_invert_nct_u_larger:
  661	subs	x2, x2, x6
  662	sbcs	x3, x3, x7
  663	sbcs	x4, x4, x8
  664	sbc	x5, x5, x9
  665	subs	x10, x10, x14
  666	sbcs	x11, x11, x15
  667	sbcs	x12, x12, x16
  668	sbcs	x13, x13, x17
  669	bcs	L_fe_invert_nct_sub_uv
  670	adds	x10, x10, x19
  671	adcs	x11, x11, x20
  672	adcs	x12, x12, x20
  673	adc	x13, x13, x21
  674L_fe_invert_nct_sub_uv:
  675	cmp	x5, #0
  676	beq	L_fe_invert_nct_nct_num_bits_u_0
  677	mov	x24, #0x100
  678	clz	x22, x5
  679	sub	x22, x24, x22
  680	b	L_fe_invert_nct_nct_num_bits_u_3
  681L_fe_invert_nct_nct_num_bits_u_0:
  682	cmp	x4, #0
  683	beq	L_fe_invert_nct_nct_num_bits_u_1
  684	mov	x24, #0xc0
  685	clz	x22, x4
  686	sub	x22, x24, x22
  687	b	L_fe_invert_nct_nct_num_bits_u_3
  688L_fe_invert_nct_nct_num_bits_u_1:
  689	cmp	x3, #0
  690	beq	L_fe_invert_nct_nct_num_bits_u_2
  691	mov	x24, #0x80
  692	clz	x22, x3
  693	sub	x22, x24, x22
  694	b	L_fe_invert_nct_nct_num_bits_u_3
  695L_fe_invert_nct_nct_num_bits_u_2:
  696	mov	x24, #0x40
  697	clz	x22, x2
  698	sub	x22, x24, x22
  699L_fe_invert_nct_nct_num_bits_u_3:
  700L_fe_invert_nct_even_u_0:
  701	extr	x2, x3, x2, #1
  702	extr	x3, x4, x3, #1
  703	extr	x4, x5, x4, #1
  704	lsr	x5, x5, #1
  705	sub	x22, x22, #1
  706	ands	x24, x10, #1
  707	beq	L_fe_invert_nct_even_u_1
  708	adds	x10, x10, x19
  709	adcs	x11, x11, x20
  710	adcs	x12, x12, x20
  711	adcs	x13, x13, x21
  712	cset	x24, cs
  713L_fe_invert_nct_even_u_1:
  714	extr	x10, x11, x10, #1
  715	extr	x11, x12, x11, #1
  716	extr	x12, x13, x12, #1
  717	extr	x13, x24, x13, #1
  718	tst	x2, #1
  719	beq	L_fe_invert_nct_even_u_0
  720	b	L_fe_invert_nct_loop
  721L_fe_invert_nct_v_larger:
  722	subs	x6, x6, x2
  723	sbcs	x7, x7, x3
  724	sbcs	x8, x8, x4
  725	sbc	x9, x9, x5
  726	subs	x14, x14, x10
  727	sbcs	x15, x15, x11
  728	sbcs	x16, x16, x12
  729	sbcs	x17, x17, x13
  730	bcs	L_fe_invert_nct_sub_vu
  731	adds	x14, x14, x19
  732	adcs	x15, x15, x20
  733	adcs	x16, x16, x20
  734	adc	x17, x17, x21
  735L_fe_invert_nct_sub_vu:
  736	cmp	x9, #0
  737	beq	L_fe_invert_nct_nct_num_bits_v_0
  738	mov	x24, #0x100
  739	clz	x23, x9
  740	sub	x23, x24, x23
  741	b	L_fe_invert_nct_nct_num_bits_v_3
  742L_fe_invert_nct_nct_num_bits_v_0:
  743	cmp	x8, #0
  744	beq	L_fe_invert_nct_nct_num_bits_v_1
  745	mov	x24, #0xc0
  746	clz	x23, x8
  747	sub	x23, x24, x23
  748	b	L_fe_invert_nct_nct_num_bits_v_3
  749L_fe_invert_nct_nct_num_bits_v_1:
  750	cmp	x7, #0
  751	beq	L_fe_invert_nct_nct_num_bits_v_2
  752	mov	x24, #0x80
  753	clz	x23, x7
  754	sub	x23, x24, x23
  755	b	L_fe_invert_nct_nct_num_bits_v_3
  756L_fe_invert_nct_nct_num_bits_v_2:
  757	mov	x24, #0x40
  758	clz	x23, x6
  759	sub	x23, x24, x23
  760L_fe_invert_nct_nct_num_bits_v_3:
  761L_fe_invert_nct_even_v_0:
  762	extr	x6, x7, x6, #1
  763	extr	x7, x8, x7, #1
  764	extr	x8, x9, x8, #1
  765	lsr	x9, x9, #1
  766	sub	x23, x23, #1
  767	ands	x24, x14, #1
  768	beq	L_fe_invert_nct_even_v_1
  769	adds	x14, x14, x19
  770	adcs	x15, x15, x20
  771	adcs	x16, x16, x20
  772	adcs	x17, x17, x21
  773	cset	x24, cs
  774L_fe_invert_nct_even_v_1:
  775	extr	x14, x15, x14, #1
  776	extr	x15, x16, x15, #1
  777	extr	x16, x17, x16, #1
  778	extr	x17, x24, x17, #1
  779	tst	x6, #1
  780	beq	L_fe_invert_nct_even_v_0
  781	b	L_fe_invert_nct_loop
  782L_fe_invert_nct_u_done:
  783	str	x10, [x0]
  784	str	x11, [x0, #8]
  785	str	x12, [x0, #16]
  786	str	x13, [x0, #24]
  787	b	L_fe_invert_nct_done
  788L_fe_invert_nct_v_done:
  789	str	x14, [x0]
  790	str	x15, [x0, #8]
  791	str	x16, [x0, #16]
  792	str	x17, [x0, #24]
  793L_fe_invert_nct_done:
  794	ldp	x17, x19, [x29, #24]
  795	ldp	x20, x21, [x29, #40]
  796	ldp	x22, x23, [x29, #56]
  797	ldr	x24, [x29, #72]
  798	ldp	x29, x30, [sp], #0x50
  799	ret
  800#ifndef __APPLE__
  801	.size	fe_invert_nct,.-fe_invert_nct
  802#endif /* __APPLE__ */
  803#ifndef __APPLE__
  804.text
  805.globl	fe_mul
  806.type	fe_mul,@function
  807.align	2
  808fe_mul:
  809#else
  810.section	__TEXT,__text
  811.globl	_fe_mul
  812.p2align	2
  813_fe_mul:
  814#endif /* __APPLE__ */
  815	stp	x29, x30, [sp, #-64]!
  816	add	x29, sp, #0
  817	stp	x17, x19, [x29, #24]
  818	stp	x20, x21, [x29, #40]
  819	str	x22, [x29, #56]
  820	# Multiply
  821	ldp	x14, x15, [x1]
  822	ldp	x16, x17, [x1, #16]
  823	ldp	x19, x20, [x2]
  824	ldp	x21, x22, [x2, #16]
  825	# A[0] * B[0]
  826	umulh	x7, x14, x19
  827	mul	x6, x14, x19
  828	# A[2] * B[0]
  829	umulh	x9, x16, x19
  830	mul	x8, x16, x19
  831	# A[1] * B[0]
  832	mul	x3, x15, x19
  833	adds	x7, x7, x3
  834	umulh	x4, x15, x19
  835	adcs	x8, x8, x4
  836	# A[1] * B[3]
  837	umulh	x11, x15, x22
  838	adc	x9, x9, xzr
  839	mul	x10, x15, x22
  840	# A[0] * B[1]
  841	mul	x3, x14, x20
  842	adds	x7, x7, x3
  843	umulh	x4, x14, x20
  844	adcs	x8, x8, x4
  845	# A[2] * B[1]
  846	mul	x3, x16, x20
  847	adcs	x9, x9, x3
  848	umulh	x4, x16, x20
  849	adcs	x10, x10, x4
  850	adc	x11, x11, xzr
  851	# A[1] * B[2]
  852	mul	x3, x15, x21
  853	adds	x9, x9, x3
  854	umulh	x4, x15, x21
  855	adcs	x10, x10, x4
  856	adcs	x11, x11, xzr
  857	adc	x12, xzr, xzr
  858	# A[0] * B[2]
  859	mul	x3, x14, x21
  860	adds	x8, x8, x3
  861	umulh	x4, x14, x21
  862	adcs	x9, x9, x4
  863	adcs	x10, x10, xzr
  864	adcs	x11, x11, xzr
  865	adc	x12, x12, xzr
  866	# A[1] * B[1]
  867	mul	x3, x15, x20
  868	adds	x8, x8, x3
  869	umulh	x4, x15, x20
  870	adcs	x9, x9, x4
  871	# A[3] * B[1]
  872	mul	x3, x17, x20
  873	adcs	x10, x10, x3
  874	umulh	x4, x17, x20
  875	adcs	x11, x11, x4
  876	adc	x12, x12, xzr
  877	# A[2] * B[2]
  878	mul	x3, x16, x21
  879	adds	x10, x10, x3
  880	umulh	x4, x16, x21
  881	adcs	x11, x11, x4
  882	# A[3] * B[3]
  883	mul	x3, x17, x22
  884	adcs	x12, x12, x3
  885	umulh	x13, x17, x22
  886	adc	x13, x13, xzr
  887	# A[0] * B[3]
  888	mul	x3, x14, x22
  889	adds	x9, x9, x3
  890	umulh	x4, x14, x22
  891	adcs	x10, x10, x4
  892	# A[2] * B[3]
  893	mul	x3, x16, x22
  894	adcs	x11, x11, x3
  895	umulh	x4, x16, x22
  896	adcs	x12, x12, x4
  897	adc	x13, x13, xzr
  898	# A[3] * B[0]
  899	mul	x3, x17, x19
  900	adds	x9, x9, x3
  901	umulh	x4, x17, x19
  902	adcs	x10, x10, x4
  903	# A[3] * B[2]
  904	mul	x3, x17, x21
  905	adcs	x11, x11, x3
  906	umulh	x4, x17, x21
  907	adcs	x12, x12, x4
  908	adc	x13, x13, xzr
  909	# Reduce
  910	mov	x3, #38
  911	mul	x4, x3, x13
  912	adds	x9, x9, x4
  913	umulh	x5, x3, x13
  914	adc	x5, x5, xzr
  915	mov	x3, #19
  916	extr	x5, x5, x9, #63
  917	mul	x5, x5, x3
  918	and	x9, x9, #0x7fffffffffffffff
  919	mov	x3, #38
  920	mul	x4, x3, x10
  921	adds	x6, x6, x4
  922	umulh	x10, x3, x10
  923	mul	x4, x3, x11
  924	adcs	x7, x7, x4
  925	umulh	x11, x3, x11
  926	mul	x4, x3, x12
  927	adcs	x8, x8, x4
  928	umulh	x12, x3, x12
  929	adc	x9, x9, xzr
  930	#  Add high product results in
  931	adds	x6, x6, x5
  932	adcs	x7, x7, x10
  933	adcs	x8, x8, x11
  934	adc	x9, x9, x12
  935	# Reduce if top bit set
  936	mov	x3, #19
  937	and	x4, x3, x9, asr 63
  938	adds	x6, x6, x4
  939	adcs	x7, x7, xzr
  940	and	x9, x9, #0x7fffffffffffffff
  941	adcs	x8, x8, xzr
  942	adc	x9, x9, xzr
  943	# Store
  944	stp	x6, x7, [x0]
  945	stp	x8, x9, [x0, #16]
  946	ldp	x17, x19, [x29, #24]
  947	ldp	x20, x21, [x29, #40]
  948	ldr	x22, [x29, #56]
  949	ldp	x29, x30, [sp], #0x40
  950	ret
  951#ifndef __APPLE__
  952	.size	fe_mul,.-fe_mul
  953#endif /* __APPLE__ */
  954#ifndef __APPLE__
  955.text
  956.globl	fe_sq
  957.type	fe_sq,@function
  958.align	2
  959fe_sq:
  960#else
  961.section	__TEXT,__text
  962.globl	_fe_sq
  963.p2align	2
  964_fe_sq:
  965#endif /* __APPLE__ */
  966	# Square
  967	ldp	x13, x14, [x1]
  968	ldp	x15, x16, [x1, #16]
  969	#  A[0] * A[1]
  970	umulh	x7, x13, x14
  971	mul	x6, x13, x14
  972	#  A[0] * A[3]
  973	umulh	x9, x13, x16
  974	mul	x8, x13, x16
  975	#  A[0] * A[2]
  976	mul	x2, x13, x15
  977	adds	x7, x7, x2
  978	umulh	x3, x13, x15
  979	adcs	x8, x8, x3
  980	#  A[1] * A[3]
  981	mul	x2, x14, x16
  982	adcs	x9, x9, x2
  983	umulh	x10, x14, x16
  984	adc	x10, x10, xzr
  985	#  A[1] * A[2]
  986	mul	x2, x14, x15
  987	adds	x8, x8, x2
  988	umulh	x3, x14, x15
  989	adcs	x9, x9, x3
  990	#  A[2] * A[3]
  991	mul	x2, x15, x16
  992	adcs	x10, x10, x2
  993	umulh	x11, x15, x16
  994	adc	x11, x11, xzr
  995	# Double
  996	adds	x6, x6, x6
  997	adcs	x7, x7, x7
  998	adcs	x8, x8, x8
  999	adcs	x9, x9, x9
 1000	adcs	x10, x10, x10
 1001	adcs	x11, x11, x11
 1002	adc	x12, xzr, xzr
 1003	#  A[0] * A[0]
 1004	umulh	x3, x13, x13
 1005	mul	x5, x13, x13
 1006	#  A[1] * A[1]
 1007	mul	x2, x14, x14
 1008	adds	x6, x6, x3
 1009	umulh	x3, x14, x14
 1010	adcs	x7, x7, x2
 1011	#  A[2] * A[2]
 1012	mul	x2, x15, x15
 1013	adcs	x8, x8, x3
 1014	umulh	x3, x15, x15
 1015	adcs	x9, x9, x2
 1016	#  A[3] * A[3]
 1017	mul	x2, x16, x16
 1018	adcs	x10, x10, x3
 1019	umulh	x3, x16, x16
 1020	adcs	x11, x11, x2
 1021	adc	x12, x12, x3
 1022	# Reduce
 1023	mov	x2, #38
 1024	mul	x3, x2, x12
 1025	adds	x8, x8, x3
 1026	umulh	x4, x2, x12
 1027	adc	x4, x4, xzr
 1028	mov	x2, #19
 1029	extr	x4, x4, x8, #63
 1030	mul	x4, x4, x2
 1031	and	x8, x8, #0x7fffffffffffffff
 1032	mov	x2, #38
 1033	mul	x3, x2, x9
 1034	adds	x5, x5, x3
 1035	umulh	x9, x2, x9
 1036	mul	x3, x2, x10
 1037	adcs	x6, x6, x3
 1038	umulh	x10, x2, x10
 1039	mul	x3, x2, x11
 1040	adcs	x7, x7, x3
 1041	umulh	x11, x2, x11
 1042	adc	x8, x8, xzr
 1043	#  Add high product results in
 1044	adds	x5, x5, x4
 1045	adcs	x6, x6, x9
 1046	adcs	x7, x7, x10
 1047	adc	x8, x8, x11
 1048	# Reduce if top bit set
 1049	mov	x2, #19
 1050	and	x3, x2, x8, asr 63
 1051	adds	x5, x5, x3
 1052	adcs	x6, x6, xzr
 1053	and	x8, x8, #0x7fffffffffffffff
 1054	adcs	x7, x7, xzr
 1055	adc	x8, x8, xzr
 1056	# Store
 1057	stp	x5, x6, [x0]
 1058	stp	x7, x8, [x0, #16]
 1059	ret
 1060#ifndef __APPLE__
 1061	.size	fe_sq,.-fe_sq
 1062#endif /* __APPLE__ */
 1063#ifndef __APPLE__
 1064.text
 1065.globl	fe_invert
 1066.type	fe_invert,@function
 1067.align	2
 1068fe_invert:
 1069#else
 1070.section	__TEXT,__text
 1071.globl	_fe_invert
 1072.p2align	2
 1073_fe_invert:
 1074#endif /* __APPLE__ */
 1075	stp	x29, x30, [sp, #-176]!
 1076	add	x29, sp, #0
 1077	stp	x17, x20, [x29, #160]
 1078	# Invert
 1079	str	x0, [x29, #144]
 1080	str	x1, [x29, #152]
 1081	add	x0, x29, #16
 1082#ifndef NDEBUG
 1083	ldr	x1, [x29, #152]
 1084#endif /* !NDEBUG */
 1085#ifndef __APPLE__
 1086	bl	fe_sq
 1087#else
 1088	bl	_fe_sq
 1089#endif /* __APPLE__ */
 1090	add	x0, x29, #48
 1091	add	x1, x29, #16
 1092#ifndef __APPLE__
 1093	bl	fe_sq
 1094#else
 1095	bl	_fe_sq
 1096#endif /* __APPLE__ */
 1097#ifndef NDEBUG
 1098	add	x0, x29, #48
 1099#endif /* !NDEBUG */
 1100	add	x1, x29, #48
 1101#ifndef __APPLE__
 1102	bl	fe_sq
 1103#else
 1104	bl	_fe_sq
 1105#endif /* __APPLE__ */
 1106#ifndef NDEBUG
 1107	add	x0, x29, #48
 1108#endif /* !NDEBUG */
 1109	ldr	x1, [x29, #152]
 1110	add	x2, x29, #48
 1111#ifndef __APPLE__
 1112	bl	fe_mul
 1113#else
 1114	bl	_fe_mul
 1115#endif /* __APPLE__ */
 1116	add	x0, x29, #16
 1117	add	x1, x29, #16
 1118	add	x2, x29, #48
 1119#ifndef __APPLE__
 1120	bl	fe_mul
 1121#else
 1122	bl	_fe_mul
 1123#endif /* __APPLE__ */
 1124	add	x0, x29, #0x50
 1125#ifndef NDEBUG
 1126	add	x1, x29, #16
 1127#endif /* !NDEBUG */
 1128#ifndef __APPLE__
 1129	bl	fe_sq
 1130#else
 1131	bl	_fe_sq
 1132#endif /* __APPLE__ */
 1133	add	x0, x29, #48
 1134	add	x1, x29, #48
 1135	add	x2, x29, #0x50
 1136#ifndef __APPLE__
 1137	bl	fe_mul
 1138#else
 1139	bl	_fe_mul
 1140#endif /* __APPLE__ */
 1141	# Loop: 5 times
 1142	mov	x20, #5
 1143	ldp	x6, x7, [x29, #48]
 1144	ldp	x8, x9, [x29, #64]
 1145L_fe_invert1:
 1146	# Square
 1147	#  A[0] * A[1]
 1148	umulh	x12, x6, x7
 1149	mul	x11, x6, x7
 1150	#  A[0] * A[3]
 1151	umulh	x14, x6, x9
 1152	mul	x13, x6, x9
 1153	#  A[0] * A[2]
 1154	mul	x3, x6, x8
 1155	adds	x12, x12, x3
 1156	umulh	x4, x6, x8
 1157	adcs	x13, x13, x4
 1158	#  A[1] * A[3]
 1159	mul	x3, x7, x9
 1160	adcs	x14, x14, x3
 1161	umulh	x15, x7, x9
 1162	adc	x15, x15, xzr
 1163	#  A[1] * A[2]
 1164	mul	x3, x7, x8
 1165	adds	x13, x13, x3
 1166	umulh	x4, x7, x8
 1167	adcs	x14, x14, x4
 1168	#  A[2] * A[3]
 1169	mul	x3, x8, x9
 1170	adcs	x15, x15, x3
 1171	umulh	x16, x8, x9
 1172	adc	x16, x16, xzr
 1173	# Double
 1174	adds	x11, x11, x11
 1175	adcs	x12, x12, x12
 1176	adcs	x13, x13, x13
 1177	adcs	x14, x14, x14
 1178	adcs	x15, x15, x15
 1179	adcs	x16, x16, x16
 1180	adc	x17, xzr, xzr
 1181	#  A[0] * A[0]
 1182	umulh	x4, x6, x6
 1183	mul	x10, x6, x6
 1184	#  A[1] * A[1]
 1185	mul	x3, x7, x7
 1186	adds	x11, x11, x4
 1187	umulh	x4, x7, x7
 1188	adcs	x12, x12, x3
 1189	#  A[2] * A[2]
 1190	mul	x3, x8, x8
 1191	adcs	x13, x13, x4
 1192	umulh	x4, x8, x8
 1193	adcs	x14, x14, x3
 1194	#  A[3] * A[3]
 1195	mul	x3, x9, x9
 1196	adcs	x15, x15, x4
 1197	umulh	x4, x9, x9
 1198	adcs	x16, x16, x3
 1199	adc	x17, x17, x4
 1200	# Reduce
 1201	mov	x3, #38
 1202	mul	x4, x3, x17
 1203	adds	x13, x13, x4
 1204	umulh	x5, x3, x17
 1205	adc	x5, x5, xzr
 1206	mov	x3, #19
 1207	extr	x5, x5, x13, #63
 1208	mul	x5, x5, x3
 1209	and	x13, x13, #0x7fffffffffffffff
 1210	mov	x3, #38
 1211	mul	x4, x3, x14
 1212	adds	x10, x10, x4
 1213	umulh	x14, x3, x14
 1214	mul	x4, x3, x15
 1215	adcs	x11, x11, x4
 1216	umulh	x15, x3, x15
 1217	mul	x4, x3, x16
 1218	adcs	x12, x12, x4
 1219	umulh	x16, x3, x16
 1220	adc	x13, x13, xzr
 1221	#  Add high product results in
 1222	adds	x6, x10, x5
 1223	adcs	x7, x11, x14
 1224	adcs	x8, x12, x15
 1225	adc	x9, x13, x16
 1226	subs	x20, x20, #1
 1227	bne	L_fe_invert1
 1228	# Store
 1229	stp	x6, x7, [x29, #80]
 1230	stp	x8, x9, [x29, #96]
 1231#ifndef NDEBUG
 1232	add	x0, x29, #48
 1233#endif /* !NDEBUG */
 1234	add	x1, x29, #0x50
 1235	add	x2, x29, #48
 1236#ifndef __APPLE__
 1237	bl	fe_mul
 1238#else
 1239	bl	_fe_mul
 1240#endif /* __APPLE__ */
 1241	# Loop: 10 times
 1242	mov	x20, #10
 1243	ldp	x6, x7, [x29, #48]
 1244	ldp	x8, x9, [x29, #64]
 1245L_fe_invert2:
 1246	# Square
 1247	#  A[0] * A[1]
 1248	umulh	x12, x6, x7
 1249	mul	x11, x6, x7
 1250	#  A[0] * A[3]
 1251	umulh	x14, x6, x9
 1252	mul	x13, x6, x9
 1253	#  A[0] * A[2]
 1254	mul	x3, x6, x8
 1255	adds	x12, x12, x3
 1256	umulh	x4, x6, x8
 1257	adcs	x13, x13, x4
 1258	#  A[1] * A[3]
 1259	mul	x3, x7, x9
 1260	adcs	x14, x14, x3
 1261	umulh	x15, x7, x9
 1262	adc	x15, x15, xzr
 1263	#  A[1] * A[2]
 1264	mul	x3, x7, x8
 1265	adds	x13, x13, x3
 1266	umulh	x4, x7, x8
 1267	adcs	x14, x14, x4
 1268	#  A[2] * A[3]
 1269	mul	x3, x8, x9
 1270	adcs	x15, x15, x3
 1271	umulh	x16, x8, x9
 1272	adc	x16, x16, xzr
 1273	# Double
 1274	adds	x11, x11, x11
 1275	adcs	x12, x12, x12
 1276	adcs	x13, x13, x13
 1277	adcs	x14, x14, x14
 1278	adcs	x15, x15, x15
 1279	adcs	x16, x16, x16
 1280	adc	x17, xzr, xzr
 1281	#  A[0] * A[0]
 1282	umulh	x4, x6, x6
 1283	mul	x10, x6, x6
 1284	#  A[1] * A[1]
 1285	mul	x3, x7, x7
 1286	adds	x11, x11, x4
 1287	umulh	x4, x7, x7
 1288	adcs	x12, x12, x3
 1289	#  A[2] * A[2]
 1290	mul	x3, x8, x8
 1291	adcs	x13, x13, x4
 1292	umulh	x4, x8, x8
 1293	adcs	x14, x14, x3
 1294	#  A[3] * A[3]
 1295	mul	x3, x9, x9
 1296	adcs	x15, x15, x4
 1297	umulh	x4, x9, x9
 1298	adcs	x16, x16, x3
 1299	adc	x17, x17, x4
 1300	# Reduce
 1301	mov	x3, #38
 1302	mul	x4, x3, x17
 1303	adds	x13, x13, x4
 1304	umulh	x5, x3, x17
 1305	adc	x5, x5, xzr
 1306	mov	x3, #19
 1307	extr	x5, x5, x13, #63
 1308	mul	x5, x5, x3
 1309	and	x13, x13, #0x7fffffffffffffff
 1310	mov	x3, #38
 1311	mul	x4, x3, x14
 1312	adds	x10, x10, x4
 1313	umulh	x14, x3, x14
 1314	mul	x4, x3, x15
 1315	adcs	x11, x11, x4
 1316	umulh	x15, x3, x15
 1317	mul	x4, x3, x16
 1318	adcs	x12, x12, x4
 1319	umulh	x16, x3, x16
 1320	adc	x13, x13, xzr
 1321	#  Add high product results in
 1322	adds	x6, x10, x5
 1323	adcs	x7, x11, x14
 1324	adcs	x8, x12, x15
 1325	adc	x9, x13, x16
 1326	subs	x20, x20, #1
 1327	bne	L_fe_invert2
 1328	# Store
 1329	stp	x6, x7, [x29, #80]
 1330	stp	x8, x9, [x29, #96]
 1331	add	x0, x29, #0x50
 1332#ifndef NDEBUG
 1333	add	x1, x29, #0x50
 1334#endif /* !NDEBUG */
 1335	add	x2, x29, #48
 1336#ifndef __APPLE__
 1337	bl	fe_mul
 1338#else
 1339	bl	_fe_mul
 1340#endif /* __APPLE__ */
 1341	# Loop: 20 times
 1342	mov	x20, #20
 1343	ldp	x6, x7, [x29, #80]
 1344	ldp	x8, x9, [x29, #96]
 1345L_fe_invert3:
 1346	# Square
 1347	#  A[0] * A[1]
 1348	umulh	x12, x6, x7
 1349	mul	x11, x6, x7
 1350	#  A[0] * A[3]
 1351	umulh	x14, x6, x9
 1352	mul	x13, x6, x9
 1353	#  A[0] * A[2]
 1354	mul	x3, x6, x8
 1355	adds	x12, x12, x3
 1356	umulh	x4, x6, x8
 1357	adcs	x13, x13, x4
 1358	#  A[1] * A[3]
 1359	mul	x3, x7, x9
 1360	adcs	x14, x14, x3
 1361	umulh	x15, x7, x9
 1362	adc	x15, x15, xzr
 1363	#  A[1] * A[2]
 1364	mul	x3, x7, x8
 1365	adds	x13, x13, x3
 1366	umulh	x4, x7, x8
 1367	adcs	x14, x14, x4
 1368	#  A[2] * A[3]
 1369	mul	x3, x8, x9
 1370	adcs	x15, x15, x3
 1371	umulh	x16, x8, x9
 1372	adc	x16, x16, xzr
 1373	# Double
 1374	adds	x11, x11, x11
 1375	adcs	x12, x12, x12
 1376	adcs	x13, x13, x13
 1377	adcs	x14, x14, x14
 1378	adcs	x15, x15, x15
 1379	adcs	x16, x16, x16
 1380	adc	x17, xzr, xzr
 1381	#  A[0] * A[0]
 1382	umulh	x4, x6, x6
 1383	mul	x10, x6, x6
 1384	#  A[1] * A[1]
 1385	mul	x3, x7, x7
 1386	adds	x11, x11, x4
 1387	umulh	x4, x7, x7
 1388	adcs	x12, x12, x3
 1389	#  A[2] * A[2]
 1390	mul	x3, x8, x8
 1391	adcs	x13, x13, x4
 1392	umulh	x4, x8, x8
 1393	adcs	x14, x14, x3
 1394	#  A[3] * A[3]
 1395	mul	x3, x9, x9
 1396	adcs	x15, x15, x4
 1397	umulh	x4, x9, x9
 1398	adcs	x16, x16, x3
 1399	adc	x17, x17, x4
 1400	# Reduce
 1401	mov	x3, #38
 1402	mul	x4, x3, x17
 1403	adds	x13, x13, x4
 1404	umulh	x5, x3, x17
 1405	adc	x5, x5, xzr
 1406	mov	x3, #19
 1407	extr	x5, x5, x13, #63
 1408	mul	x5, x5, x3
 1409	and	x13, x13, #0x7fffffffffffffff
 1410	mov	x3, #38
 1411	mul	x4, x3, x14
 1412	adds	x10, x10, x4
 1413	umulh	x14, x3, x14
 1414	mul	x4, x3, x15
 1415	adcs	x11, x11, x4
 1416	umulh	x15, x3, x15
 1417	mul	x4, x3, x16
 1418	adcs	x12, x12, x4
 1419	umulh	x16, x3, x16
 1420	adc	x13, x13, xzr
 1421	#  Add high product results in
 1422	adds	x6, x10, x5
 1423	adcs	x7, x11, x14
 1424	adcs	x8, x12, x15
 1425	adc	x9, x13, x16
 1426	subs	x20, x20, #1
 1427	bne	L_fe_invert3
 1428	# Store
 1429	stp	x6, x7, [x29, #112]
 1430	stp	x8, x9, [x29, #128]
 1431#ifndef NDEBUG
 1432	add	x0, x29, #0x50
 1433#endif /* !NDEBUG */
 1434	add	x1, x29, #0x70
 1435	add	x2, x29, #0x50
 1436#ifndef __APPLE__
 1437	bl	fe_mul
 1438#else
 1439	bl	_fe_mul
 1440#endif /* __APPLE__ */
 1441	# Loop: 10 times
 1442	mov	x20, #10
 1443	ldp	x6, x7, [x29, #80]
 1444	ldp	x8, x9, [x29, #96]
 1445L_fe_invert4:
 1446	# Square
 1447	#  A[0] * A[1]
 1448	umulh	x12, x6, x7
 1449	mul	x11, x6, x7
 1450	#  A[0] * A[3]
 1451	umulh	x14, x6, x9
 1452	mul	x13, x6, x9
 1453	#  A[0] * A[2]
 1454	mul	x3, x6, x8
 1455	adds	x12, x12, x3
 1456	umulh	x4, x6, x8
 1457	adcs	x13, x13, x4
 1458	#  A[1] * A[3]
 1459	mul	x3, x7, x9
 1460	adcs	x14, x14, x3
 1461	umulh	x15, x7, x9
 1462	adc	x15, x15, xzr
 1463	#  A[1] * A[2]
 1464	mul	x3, x7, x8
 1465	adds	x13, x13, x3
 1466	umulh	x4, x7, x8
 1467	adcs	x14, x14, x4
 1468	#  A[2] * A[3]
 1469	mul	x3, x8, x9
 1470	adcs	x15, x15, x3
 1471	umulh	x16, x8, x9
 1472	adc	x16, x16, xzr
 1473	# Double
 1474	adds	x11, x11, x11
 1475	adcs	x12, x12, x12
 1476	adcs	x13, x13, x13
 1477	adcs	x14, x14, x14
 1478	adcs	x15, x15, x15
 1479	adcs	x16, x16, x16
 1480	adc	x17, xzr, xzr
 1481	#  A[0] * A[0]
 1482	umulh	x4, x6, x6
 1483	mul	x10, x6, x6
 1484	#  A[1] * A[1]
 1485	mul	x3, x7, x7
 1486	adds	x11, x11, x4
 1487	umulh	x4, x7, x7
 1488	adcs	x12, x12, x3
 1489	#  A[2] * A[2]
 1490	mul	x3, x8, x8
 1491	adcs	x13, x13, x4
 1492	umulh	x4, x8, x8
 1493	adcs	x14, x14, x3
 1494	#  A[3] * A[3]
 1495	mul	x3, x9, x9
 1496	adcs	x15, x15, x4
 1497	umulh	x4, x9, x9
 1498	adcs	x16, x16, x3
 1499	adc	x17, x17, x4
 1500	# Reduce
 1501	mov	x3, #38
 1502	mul	x4, x3, x17
 1503	adds	x13, x13, x4
 1504	umulh	x5, x3, x17
 1505	adc	x5, x5, xzr
 1506	mov	x3, #19
 1507	extr	x5, x5, x13, #63
 1508	mul	x5, x5, x3
 1509	and	x13, x13, #0x7fffffffffffffff
 1510	mov	x3, #38
 1511	mul	x4, x3, x14
 1512	adds	x10, x10, x4
 1513	umulh	x14, x3, x14
 1514	mul	x4, x3, x15
 1515	adcs	x11, x11, x4
 1516	umulh	x15, x3, x15
 1517	mul	x4, x3, x16
 1518	adcs	x12, x12, x4
 1519	umulh	x16, x3, x16
 1520	adc	x13, x13, xzr
 1521	#  Add high product results in
 1522	adds	x6, x10, x5
 1523	adcs	x7, x11, x14
 1524	adcs	x8, x12, x15
 1525	adc	x9, x13, x16
 1526	subs	x20, x20, #1
 1527	bne	L_fe_invert4
 1528	# Store
 1529	stp	x6, x7, [x29, #80]
 1530	stp	x8, x9, [x29, #96]
 1531	add	x0, x29, #48
 1532	add	x1, x29, #0x50
 1533	add	x2, x29, #48
 1534#ifndef __APPLE__
 1535	bl	fe_mul
 1536#else
 1537	bl	_fe_mul
 1538#endif /* __APPLE__ */
 1539	# Loop: 50 times
 1540	mov	x20, #50
 1541	ldp	x6, x7, [x29, #48]
 1542	ldp	x8, x9, [x29, #64]
 1543L_fe_invert5:
 1544	# Square
 1545	#  A[0] * A[1]
 1546	umulh	x12, x6, x7
 1547	mul	x11, x6, x7
 1548	#  A[0] * A[3]
 1549	umulh	x14, x6, x9
 1550	mul	x13, x6, x9
 1551	#  A[0] * A[2]
 1552	mul	x3, x6, x8
 1553	adds	x12, x12, x3
 1554	umulh	x4, x6, x8
 1555	adcs	x13, x13, x4
 1556	#  A[1] * A[3]
 1557	mul	x3, x7, x9
 1558	adcs	x14, x14, x3
 1559	umulh	x15, x7, x9
 1560	adc	x15, x15, xzr
 1561	#  A[1] * A[2]
 1562	mul	x3, x7, x8
 1563	adds	x13, x13, x3
 1564	umulh	x4, x7, x8
 1565	adcs	x14, x14, x4
 1566	#  A[2] * A[3]
 1567	mul	x3, x8, x9
 1568	adcs	x15, x15, x3
 1569	umulh	x16, x8, x9
 1570	adc	x16, x16, xzr
 1571	# Double
 1572	adds	x11, x11, x11
 1573	adcs	x12, x12, x12
 1574	adcs	x13, x13, x13
 1575	adcs	x14, x14, x14
 1576	adcs	x15, x15, x15
 1577	adcs	x16, x16, x16
 1578	adc	x17, xzr, xzr
 1579	#  A[0] * A[0]
 1580	umulh	x4, x6, x6
 1581	mul	x10, x6, x6
 1582	#  A[1] * A[1]
 1583	mul	x3, x7, x7
 1584	adds	x11, x11, x4
 1585	umulh	x4, x7, x7
 1586	adcs	x12, x12, x3
 1587	#  A[2] * A[2]
 1588	mul	x3, x8, x8
 1589	adcs	x13, x13, x4
 1590	umulh	x4, x8, x8
 1591	adcs	x14, x14, x3
 1592	#  A[3] * A[3]
 1593	mul	x3, x9, x9
 1594	adcs	x15, x15, x4
 1595	umulh	x4, x9, x9
 1596	adcs	x16, x16, x3
 1597	adc	x17, x17, x4
 1598	# Reduce
 1599	mov	x3, #38
 1600	mul	x4, x3, x17
 1601	adds	x13, x13, x4
 1602	umulh	x5, x3, x17
 1603	adc	x5, x5, xzr
 1604	mov	x3, #19
 1605	extr	x5, x5, x13, #63
 1606	mul	x5, x5, x3
 1607	and	x13, x13, #0x7fffffffffffffff
 1608	mov	x3, #38
 1609	mul	x4, x3, x14
 1610	adds	x10, x10, x4
 1611	umulh	x14, x3, x14
 1612	mul	x4, x3, x15
 1613	adcs	x11, x11, x4
 1614	umulh	x15, x3, x15
 1615	mul	x4, x3, x16
 1616	adcs	x12, x12, x4
 1617	umulh	x16, x3, x16
 1618	adc	x13, x13, xzr
 1619	#  Add high product results in
 1620	adds	x6, x10, x5
 1621	adcs	x7, x11, x14
 1622	adcs	x8, x12, x15
 1623	adc	x9, x13, x16
 1624	subs	x20, x20, #1
 1625	bne	L_fe_invert5
 1626	# Store
 1627	stp	x6, x7, [x29, #80]
 1628	stp	x8, x9, [x29, #96]
 1629	add	x0, x29, #0x50
 1630#ifndef NDEBUG
 1631	add	x1, x29, #0x50
 1632#endif /* !NDEBUG */
 1633	add	x2, x29, #48
 1634#ifndef __APPLE__
 1635	bl	fe_mul
 1636#else
 1637	bl	_fe_mul
 1638#endif /* __APPLE__ */
 1639	# Loop: 100 times
 1640	mov	x20, #0x64
 1641	ldp	x6, x7, [x29, #80]
 1642	ldp	x8, x9, [x29, #96]
 1643L_fe_invert6:
 1644	# Square
 1645	#  A[0] * A[1]
 1646	umulh	x12, x6, x7
 1647	mul	x11, x6, x7
 1648	#  A[0] * A[3]
 1649	umulh	x14, x6, x9
 1650	mul	x13, x6, x9
 1651	#  A[0] * A[2]
 1652	mul	x3, x6, x8
 1653	adds	x12, x12, x3
 1654	umulh	x4, x6, x8
 1655	adcs	x13, x13, x4
 1656	#  A[1] * A[3]
 1657	mul	x3, x7, x9
 1658	adcs	x14, x14, x3
 1659	umulh	x15, x7, x9
 1660	adc	x15, x15, xzr
 1661	#  A[1] * A[2]
 1662	mul	x3, x7, x8
 1663	adds	x13, x13, x3
 1664	umulh	x4, x7, x8
 1665	adcs	x14, x14, x4
 1666	#  A[2] * A[3]
 1667	mul	x3, x8, x9
 1668	adcs	x15, x15, x3
 1669	umulh	x16, x8, x9
 1670	adc	x16, x16, xzr
 1671	# Double
 1672	adds	x11, x11, x11
 1673	adcs	x12, x12, x12
 1674	adcs	x13, x13, x13
 1675	adcs	x14, x14, x14
 1676	adcs	x15, x15, x15
 1677	adcs	x16, x16, x16
 1678	adc	x17, xzr, xzr
 1679	#  A[0] * A[0]
 1680	umulh	x4, x6, x6
 1681	mul	x10, x6, x6
 1682	#  A[1] * A[1]
 1683	mul	x3, x7, x7
 1684	adds	x11, x11, x4
 1685	umulh	x4, x7, x7
 1686	adcs	x12, x12, x3
 1687	#  A[2] * A[2]
 1688	mul	x3, x8, x8
 1689	adcs	x13, x13, x4
 1690	umulh	x4, x8, x8
 1691	adcs	x14, x14, x3
 1692	#  A[3] * A[3]
 1693	mul	x3, x9, x9
 1694	adcs	x15, x15, x4
 1695	umulh	x4, x9, x9
 1696	adcs	x16, x16, x3
 1697	adc	x17, x17, x4
 1698	# Reduce
 1699	mov	x3, #38
 1700	mul	x4, x3, x17
 1701	adds	x13, x13, x4
 1702	umulh	x5, x3, x17
 1703	adc	x5, x5, xzr
 1704	mov	x3, #19
 1705	extr	x5, x5, x13, #63
 1706	mul	x5, x5, x3
 1707	and	x13, x13, #0x7fffffffffffffff
 1708	mov	x3, #38
 1709	mul	x4, x3, x14
 1710	adds	x10, x10, x4
 1711	umulh	x14, x3, x14
 1712	mul	x4, x3, x15
 1713	adcs	x11, x11, x4
 1714	umulh	x15, x3, x15
 1715	mul	x4, x3, x16
 1716	adcs	x12, x12, x4
 1717	umulh	x16, x3, x16
 1718	adc	x13, x13, xzr
 1719	#  Add high product results in
 1720	adds	x6, x10, x5
 1721	adcs	x7, x11, x14
 1722	adcs	x8, x12, x15
 1723	adc	x9, x13, x16
 1724	subs	x20, x20, #1
 1725	bne	L_fe_invert6
 1726	# Store
 1727	stp	x6, x7, [x29, #112]
 1728	stp	x8, x9, [x29, #128]
 1729#ifndef NDEBUG
 1730	add	x0, x29, #0x50
 1731#endif /* !NDEBUG */
 1732	add	x1, x29, #0x70
 1733	add	x2, x29, #0x50
 1734#ifndef __APPLE__
 1735	bl	fe_mul
 1736#else
 1737	bl	_fe_mul
 1738#endif /* __APPLE__ */
 1739	# Loop: 50 times
 1740	mov	x20, #50
 1741	ldp	x6, x7, [x29, #80]
 1742	ldp	x8, x9, [x29, #96]
 1743L_fe_invert7:
 1744	# Square
 1745	#  A[0] * A[1]
 1746	umulh	x12, x6, x7
 1747	mul	x11, x6, x7
 1748	#  A[0] * A[3]
 1749	umulh	x14, x6, x9
 1750	mul	x13, x6, x9
 1751	#  A[0] * A[2]
 1752	mul	x3, x6, x8
 1753	adds	x12, x12, x3
 1754	umulh	x4, x6, x8
 1755	adcs	x13, x13, x4
 1756	#  A[1] * A[3]
 1757	mul	x3, x7, x9
 1758	adcs	x14, x14, x3
 1759	umulh	x15, x7, x9
 1760	adc	x15, x15, xzr
 1761	#  A[1] * A[2]
 1762	mul	x3, x7, x8
 1763	adds	x13, x13, x3
 1764	umulh	x4, x7, x8
 1765	adcs	x14, x14, x4
 1766	#  A[2] * A[3]
 1767	mul	x3, x8, x9
 1768	adcs	x15, x15, x3
 1769	umulh	x16, x8, x9
 1770	adc	x16, x16, xzr
 1771	# Double
 1772	adds	x11, x11, x11
 1773	adcs	x12, x12, x12
 1774	adcs	x13, x13, x13
 1775	adcs	x14, x14, x14
 1776	adcs	x15, x15, x15
 1777	adcs	x16, x16, x16
 1778	adc	x17, xzr, xzr
 1779	#  A[0] * A[0]
 1780	umulh	x4, x6, x6
 1781	mul	x10, x6, x6
 1782	#  A[1] * A[1]
 1783	mul	x3, x7, x7
 1784	adds	x11, x11, x4
 1785	umulh	x4, x7, x7
 1786	adcs	x12, x12, x3
 1787	#  A[2] * A[2]
 1788	mul	x3, x8, x8
 1789	adcs	x13, x13, x4
 1790	umulh	x4, x8, x8
 1791	adcs	x14, x14, x3
 1792	#  A[3] * A[3]
 1793	mul	x3, x9, x9
 1794	adcs	x15, x15, x4
 1795	umulh	x4, x9, x9
 1796	adcs	x16, x16, x3
 1797	adc	x17, x17, x4
 1798	# Reduce
 1799	mov	x3, #38
 1800	mul	x4, x3, x17
 1801	adds	x13, x13, x4
 1802	umulh	x5, x3, x17
 1803	adc	x5, x5, xzr
 1804	mov	x3, #19
 1805	extr	x5, x5, x13, #63
 1806	mul	x5, x5, x3
 1807	and	x13, x13, #0x7fffffffffffffff
 1808	mov	x3, #38
 1809	mul	x4, x3, x14
 1810	adds	x10, x10, x4
 1811	umulh	x14, x3, x14
 1812	mul	x4, x3, x15
 1813	adcs	x11, x11, x4
 1814	umulh	x15, x3, x15
 1815	mul	x4, x3, x16
 1816	adcs	x12, x12, x4
 1817	umulh	x16, x3, x16
 1818	adc	x13, x13, xzr
 1819	#  Add high product results in
 1820	adds	x6, x10, x5
 1821	adcs	x7, x11, x14
 1822	adcs	x8, x12, x15
 1823	adc	x9, x13, x16
 1824	subs	x20, x20, #1
 1825	bne	L_fe_invert7
 1826	# Store
 1827	stp	x6, x7, [x29, #80]
 1828	stp	x8, x9, [x29, #96]
 1829	add	x0, x29, #48
 1830	add	x1, x29, #0x50
 1831	add	x2, x29, #48
 1832#ifndef __APPLE__
 1833	bl	fe_mul
 1834#else
 1835	bl	_fe_mul
 1836#endif /* __APPLE__ */
 1837	# Loop: 5 times
 1838	mov	x20, #5
 1839	ldp	x6, x7, [x29, #48]
 1840	ldp	x8, x9, [x29, #64]
 1841L_fe_invert8:
 1842	# Square
 1843	#  A[0] * A[1]
 1844	umulh	x12, x6, x7
 1845	mul	x11, x6, x7
 1846	#  A[0] * A[3]
 1847	umulh	x14, x6, x9
 1848	mul	x13, x6, x9
 1849	#  A[0] * A[2]
 1850	mul	x3, x6, x8
 1851	adds	x12, x12, x3
 1852	umulh	x4, x6, x8
 1853	adcs	x13, x13, x4
 1854	#  A[1] * A[3]
 1855	mul	x3, x7, x9
 1856	adcs	x14, x14, x3
 1857	umulh	x15, x7, x9
 1858	adc	x15, x15, xzr
 1859	#  A[1] * A[2]
 1860	mul	x3, x7, x8
 1861	adds	x13, x13, x3
 1862	umulh	x4, x7, x8
 1863	adcs	x14, x14, x4
 1864	#  A[2] * A[3]
 1865	mul	x3, x8, x9
 1866	adcs	x15, x15, x3
 1867	umulh	x16, x8, x9
 1868	adc	x16, x16, xzr
 1869	# Double
 1870	adds	x11, x11, x11
 1871	adcs	x12, x12, x12
 1872	adcs	x13, x13, x13
 1873	adcs	x14, x14, x14
 1874	adcs	x15, x15, x15
 1875	adcs	x16, x16, x16
 1876	adc	x17, xzr, xzr
 1877	#  A[0] * A[0]
 1878	umulh	x4, x6, x6
 1879	mul	x10, x6, x6
 1880	#  A[1] * A[1]
 1881	mul	x3, x7, x7
 1882	adds	x11, x11, x4
 1883	umulh	x4, x7, x7
 1884	adcs	x12, x12, x3
 1885	#  A[2] * A[2]
 1886	mul	x3, x8, x8
 1887	adcs	x13, x13, x4
 1888	umulh	x4, x8, x8
 1889	adcs	x14, x14, x3
 1890	#  A[3] * A[3]
 1891	mul	x3, x9, x9
 1892	adcs	x15, x15, x4
 1893	umulh	x4, x9, x9
 1894	adcs	x16, x16, x3
 1895	adc	x17, x17, x4
 1896	# Reduce
 1897	mov	x3, #38
 1898	mul	x4, x3, x17
 1899	adds	x13, x13, x4
 1900	umulh	x5, x3, x17
 1901	adc	x5, x5, xzr
 1902	mov	x3, #19
 1903	extr	x5, x5, x13, #63
 1904	mul	x5, x5, x3
 1905	and	x13, x13, #0x7fffffffffffffff
 1906	mov	x3, #38
 1907	mul	x4, x3, x14
 1908	adds	x10, x10, x4
 1909	umulh	x14, x3, x14
 1910	mul	x4, x3, x15
 1911	adcs	x11, x11, x4
 1912	umulh	x15, x3, x15
 1913	mul	x4, x3, x16
 1914	adcs	x12, x12, x4
 1915	umulh	x16, x3, x16
 1916	adc	x13, x13, xzr
 1917	#  Add high product results in
 1918	adds	x6, x10, x5
 1919	adcs	x7, x11, x14
 1920	adcs	x8, x12, x15
 1921	adc	x9, x13, x16
 1922	subs	x20, x20, #1
 1923	bne	L_fe_invert8
 1924	# Store
 1925	stp	x6, x7, [x29, #48]
 1926	stp	x8, x9, [x29, #64]
 1927	ldr	x0, [x29, #144]
 1928	add	x1, x29, #48
 1929	add	x2, x29, #16
 1930#ifndef __APPLE__
 1931	bl	fe_mul
 1932#else
 1933	bl	_fe_mul
 1934#endif /* __APPLE__ */
 1935	ldp	x17, x20, [x29, #160]
 1936	ldp	x29, x30, [sp], #0xb0
 1937	ret
 1938#ifndef __APPLE__
 1939	.size	fe_invert,.-fe_invert
 1940#endif /* __APPLE__ */
 1941#if !defined(HAVE_ED25519) && !defined(WOLFSSL_CURVE25519_USE_ED25519)
 1942#ifndef __APPLE__
 1943	.text
 1944	.section	.rodata
 1945	.type	L_curve25519_base_x2, %object
 1946	.size	L_curve25519_base_x2, 32
 1947#else
 1948	.section	__DATA,__data
 1949#endif /* __APPLE__ */
 1950	# 16-byte aligned, 128-bit aligned
 1951#ifndef __APPLE__
 1952	.align	4
 1953#else
 1954	.p2align	4
 1955#endif /* __APPLE__ */
 1956L_curve25519_base_x2:
 1957	.quad	0x5cae469cdd684efb,0x8f3f5ced1e350b5c
 1958	.quad	0xd9750c687d157114,0x20d342d51873f1b7
 1959#ifndef __APPLE__
 1960.text
 1961.globl	curve25519_base
 1962.type	curve25519_base,@function
 1963.align	2
 1964curve25519_base:
 1965#else
 1966.section	__TEXT,__text
 1967.globl	_curve25519_base
 1968.p2align	2
 1969_curve25519_base:
 1970#endif /* __APPLE__ */
 1971	stp	x29, x30, [sp, #-272]!
 1972	add	x29, sp, #0
 1973	stp	x17, x19, [x29, #184]
 1974	stp	x20, x21, [x29, #200]
 1975	stp	x22, x23, [x29, #216]
 1976	stp	x24, x25, [x29, #232]
 1977	stp	x26, x27, [x29, #248]
 1978	str	x28, [x29, #264]
 1979#ifndef __APPLE__
 1980	adrp x2, L_curve25519_base_x2
 1981	add  x2, x2, :lo12:L_curve25519_base_x2
 1982#else
 1983	adrp x2, L_curve25519_base_x2@PAGE
 1984	add  x2, x2, L_curve25519_base_x2@PAGEOFF
 1985#endif /* __APPLE__ */
 1986	ldp	x6, x7, [x2]
 1987	ldp	x8, x9, [x2, #16]
 1988	mov	x10, #1
 1989	mov	x11, xzr
 1990	mov	x12, xzr
 1991	mov	x13, xzr
 1992	# Set base point x-ordinate
 1993	mov	x24, #9
 1994	stp	x24, xzr, [x0]
 1995	stp	xzr, xzr, [x0, #16]
 1996	# Set one
 1997	mov	x24, #1
 1998	stp	x24, xzr, [x29, #16]
 1999	stp	xzr, xzr, [x29, #32]
 2000	mov	x2, xzr
 2001	mov	x23, x0
 2002	mov	x24, #0xfd
 2003L_curve25519_base_bits:
 2004	lsr	x3, x24, #6
 2005	and	x4, x24, #63
 2006	ldr	x5, [x1, x3, LSL 3]
 2007	lsr	x5, x5, x4
 2008	eor	x2, x2, x5
 2009	# Conditional Swap
 2010	subs	xzr, xzr, x2, lsl 63
 2011	ldp	x25, x26, [x29, #16]
 2012	ldp	x27, x28, [x29, #32]
 2013	csel	x19, x25, x10, ne
 2014	csel	x25, x10, x25, ne
 2015	csel	x20, x26, x11, ne
 2016	csel	x26, x11, x26, ne
 2017	csel	x21, x27, x12, ne
 2018	csel	x27, x12, x27, ne
 2019	csel	x22, x28, x13, ne
 2020	csel	x28, x13, x28, ne
 2021	# Conditional Swap
 2022	subs	xzr, xzr, x2, lsl 63
 2023	ldp	x10, x11, [x0]
 2024	ldp	x12, x13, [x0, #16]
 2025	csel	x14, x10, x6, ne
 2026	csel	x10, x6, x10, ne
 2027	csel	x15, x11, x7, ne
 2028	csel	x11, x7, x11, ne
 2029	csel	x16, x12, x8, ne
 2030	csel	x12, x8, x12, ne
 2031	csel	x17, x13, x9, ne
 2032	csel	x13, x9, x13, ne
 2033	mov	x2, x5
 2034	# Add
 2035	adds	x6, x10, x25
 2036	adcs	x7, x11, x26
 2037	adcs	x8, x12, x27
 2038	adcs	x9, x13, x28
 2039	cset	x5, cs
 2040	mov	x3, #19
 2041	extr	x5, x5, x9, #63
 2042	mul	x3, x5, x3
 2043	#   Sub modulus (if overflow)
 2044	adds	x6, x6, x3
 2045	adcs	x7, x7, xzr
 2046	and	x9, x9, #0x7fffffffffffffff
 2047	adcs	x8, x8, xzr
 2048	adc	x9, x9, xzr
 2049	# Sub
 2050	subs	x25, x10, x25
 2051	sbcs	x26, x11, x26
 2052	sbcs	x27, x12, x27
 2053	sbcs	x28, x13, x28
 2054	csetm	x5, cc
 2055	mov	x3, #-19
 2056	extr	x5, x5, x28, #63
 2057	mul	x3, x5, x3
 2058	#   Add modulus (if underflow)
 2059	subs	x25, x25, x3
 2060	sbcs	x26, x26, xzr
 2061	and	x28, x28, #0x7fffffffffffffff
 2062	sbcs	x27, x27, xzr
 2063	sbc	x28, x28, xzr
 2064	stp	x25, x26, [x29, #80]
 2065	stp	x27, x28, [x29, #96]
 2066	# Add
 2067	adds	x10, x14, x19
 2068	adcs	x11, x15, x20
 2069	adcs	x12, x16, x21
 2070	adcs	x13, x17, x22
 2071	cset	x5, cs
 2072	mov	x3, #19
 2073	extr	x5, x5, x13, #63
 2074	mul	x3, x5, x3
 2075	#   Sub modulus (if overflow)
 2076	adds	x10, x10, x3
 2077	adcs	x11, x11, xzr
 2078	and	x13, x13, #0x7fffffffffffffff
 2079	adcs	x12, x12, xzr
 2080	adc	x13, x13, xzr
 2081	# Sub
 2082	subs	x14, x14, x19
 2083	sbcs	x15, x15, x20
 2084	sbcs	x16, x16, x21
 2085	sbcs	x17, x17, x22
 2086	csetm	x5, cc
 2087	mov	x3, #-19
 2088	extr	x5, x5, x17, #63
 2089	mul	x3, x5, x3
 2090	#   Add modulus (if underflow)
 2091	subs	x14, x14, x3
 2092	sbcs	x15, x15, xzr
 2093	and	x17, x17, #0x7fffffffffffffff
 2094	sbcs	x16, x16, xzr
 2095	sbc	x17, x17, xzr
 2096	# Multiply
 2097	# A[0] * B[0]
 2098	umulh	x20, x14, x6
 2099	mul	x19, x14, x6
 2100	# A[2] * B[0]
 2101	umulh	x22, x16, x6
 2102	mul	x21, x16, x6
 2103	# A[1] * B[0]
 2104	mul	x3, x15, x6
 2105	adds	x20, x20, x3
 2106	umulh	x4, x15, x6
 2107	adcs	x21, x21, x4
 2108	# A[1] * B[3]
 2109	umulh	x26, x15, x9
 2110	adc	x22, x22, xzr
 2111	mul	x25, x15, x9
 2112	# A[0] * B[1]
 2113	mul	x3, x14, x7
 2114	adds	x20, x20, x3
 2115	umulh	x4, x14, x7
 2116	adcs	x21, x21, x4
 2117	# A[2] * B[1]
 2118	mul	x3, x16, x7
 2119	adcs	x22, x22, x3
 2120	umulh	x4, x16, x7
 2121	adcs	x25, x25, x4
 2122	adc	x26, x26, xzr
 2123	# A[1] * B[2]
 2124	mul	x3, x15, x8
 2125	adds	x22, x22, x3
 2126	umulh	x4, x15, x8
 2127	adcs	x25, x25, x4
 2128	adcs	x26, x26, xzr
 2129	adc	x27, xzr, xzr
 2130	# A[0] * B[2]
 2131	mul	x3, x14, x8
 2132	adds	x21, x21, x3
 2133	umulh	x4, x14, x8
 2134	adcs	x22, x22, x4
 2135	adcs	x25, x25, xzr
 2136	adcs	x26, x26, xzr
 2137	adc	x27, x27, xzr
 2138	# A[1] * B[1]
 2139	mul	x3, x15, x7
 2140	adds	x21, x21, x3
 2141	umulh	x4, x15, x7
 2142	adcs	x22, x22, x4
 2143	# A[3] * B[1]
 2144	mul	x3, x17, x7
 2145	adcs	x25, x25, x3
 2146	umulh	x4, x17, x7
 2147	adcs	x26, x26, x4
 2148	adc	x27, x27, xzr
 2149	# A[2] * B[2]
 2150	mul	x3, x16, x8
 2151	adds	x25, x25, x3
 2152	umulh	x4, x16, x8
 2153	adcs	x26, x26, x4
 2154	# A[3] * B[3]
 2155	mul	x3, x17, x9
 2156	adcs	x27, x27, x3
 2157	umulh	x28, x17, x9
 2158	adc	x28, x28, xzr
 2159	# A[0] * B[3]
 2160	mul	x3, x14, x9
 2161	adds	x22, x22, x3
 2162	umulh	x4, x14, x9
 2163	adcs	x25, x25, x4
 2164	# A[2] * B[3]
 2165	mul	x3, x16, x9
 2166	adcs	x26, x26, x3
 2167	umulh	x4, x16, x9
 2168	adcs	x27, x27, x4
 2169	adc	x28, x28, xzr
 2170	# A[3] * B[0]
 2171	mul	x3, x17, x6
 2172	adds	x22, x22, x3
 2173	umulh	x4, x17, x6
 2174	adcs	x25, x25, x4
 2175	# A[3] * B[2]
 2176	mul	x3, x17, x8
 2177	adcs	x26, x26, x3
 2178	umulh	x4, x17, x8
 2179	adcs	x27, x27, x4
 2180	adc	x28, x28, xzr
 2181	# Reduce
 2182	mov	x3, #38
 2183	mul	x4, x3, x28
 2184	adds	x22, x22, x4
 2185	umulh	x5, x3, x28
 2186	adc	x5, x5, xzr
 2187	mov	x3, #19
 2188	extr	x5, x5, x22, #63
 2189	mul	x5, x5, x3
 2190	and	x22, x22, #0x7fffffffffffffff
 2191	mov	x3, #38
 2192	mul	x4, x3, x25
 2193	adds	x19, x19, x4
 2194	umulh	x25, x3, x25
 2195	mul	x4, x3, x26
 2196	adcs	x20, x20, x4
 2197	umulh	x26, x3, x26
 2198	mul	x4, x3, x27
 2199	adcs	x21, x21, x4
 2200	umulh	x27, x3, x27
 2201	adc	x22, x22, xzr
 2202	#  Add high product results in
 2203	adds	x19, x19, x5
 2204	adcs	x20, x20, x25
 2205	adcs	x21, x21, x26
 2206	adc	x22, x22, x27
 2207	# Store
 2208	stp	x19, x20, [x29, #48]
 2209	stp	x21, x22, [x29, #64]
 2210	# Multiply
 2211	ldp	x25, x26, [x29, #80]
 2212	ldp	x27, x28, [x29, #96]
 2213	# A[0] * B[0]
 2214	umulh	x20, x10, x25
 2215	mul	x19, x10, x25
 2216	# A[2] * B[0]
 2217	umulh	x22, x12, x25
 2218	mul	x21, x12, x25
 2219	# A[1] * B[0]
 2220	mul	x3, x11, x25
 2221	adds	x20, x20, x3
 2222	umulh	x4, x11, x25
 2223	adcs	x21, x21, x4
 2224	# A[1] * B[3]
 2225	umulh	x15, x11, x28
 2226	adc	x22, x22, xzr
 2227	mul	x14, x11, x28
 2228	# A[0] * B[1]
 2229	mul	x3, x10, x26
 2230	adds	x20, x20, x3
 2231	umulh	x4, x10, x26
 2232	adcs	x21, x21, x4
 2233	# A[2] * B[1]
 2234	mul	x3, x12, x26
 2235	adcs	x22, x22, x3
 2236	umulh	x4, x12, x26
 2237	adcs	x14, x14, x4
 2238	adc	x15, x15, xzr
 2239	# A[1] * B[2]
 2240	mul	x3, x11, x27
 2241	adds	x22, x22, x3
 2242	umulh	x4, x11, x27
 2243	adcs	x14, x14, x4
 2244	adcs	x15, x15, xzr
 2245	adc	x16, xzr, xzr
 2246	# A[0] * B[2]
 2247	mul	x3, x10, x27
 2248	adds	x21, x21, x3
 2249	umulh	x4, x10, x27
 2250	adcs	x22, x22, x4
 2251	adcs	x14, x14, xzr
 2252	adcs	x15, x15, xzr
 2253	adc	x16, x16, xzr
 2254	# A[1] * B[1]
 2255	mul	x3, x11, x26
 2256	adds	x21, x21, x3
 2257	umulh	x4, x11, x26
 2258	adcs	x22, x22, x4
 2259	# A[3] * B[1]
 2260	mul	x3, x13, x26
 2261	adcs	x14, x14, x3
 2262	umulh	x4, x13, x26
 2263	adcs	x15, x15, x4
 2264	adc	x16, x16, xzr
 2265	# A[2] * B[2]
 2266	mul	x3, x12, x27
 2267	adds	x14, x14, x3
 2268	umulh	x4, x12, x27
 2269	adcs	x15, x15, x4
 2270	# A[3] * B[3]
 2271	mul	x3, x13, x28
 2272	adcs	x16, x16, x3
 2273	umulh	x17, x13, x28
 2274	adc	x17, x17, xzr
 2275	# A[0] * B[3]
 2276	mul	x3, x10, x28
 2277	adds	x22, x22, x3
 2278	umulh	x4, x10, x28
 2279	adcs	x14, x14, x4
 2280	# A[2] * B[3]
 2281	mul	x3, x12, x28
 2282	adcs	x15, x15, x3
 2283	umulh	x4, x12, x28
 2284	adcs	x16, x16, x4
 2285	adc	x17, x17, xzr
 2286	# A[3] * B[0]
 2287	mul	x3, x13, x25
 2288	adds	x22, x22, x3
 2289	umulh	x4, x13, x25
 2290	adcs	x14, x14, x4
 2291	# A[3] * B[2]
 2292	mul	x3, x13, x27
 2293	adcs	x15, x15, x3
 2294	umulh	x4, x13, x27
 2295	adcs	x16, x16, x4
 2296	adc	x17, x17, xzr
 2297	# Reduce
 2298	mov	x3, #38
 2299	mul	x4, x3, x17
 2300	adds	x22, x22, x4
 2301	umulh	x5, x3, x17
 2302	adc	x5, x5, xzr
 2303	mov	x3, #19
 2304	extr	x5, x5, x22, #63
 2305	mul	x5, x5, x3
 2306	and	x22, x22, #0x7fffffffffffffff
 2307	mov	x3, #38
 2308	mul	x4, x3, x14
 2309	adds	x19, x19, x4
 2310	umulh	x14, x3, x14
 2311	mul	x4, x3, x15
 2312	adcs	x20, x20, x4
 2313	umulh	x15, x3, x15
 2314	mul	x4, x3, x16
 2315	adcs	x21, x21, x4
 2316	umulh	x16, x3, x16
 2317	adc	x22, x22, xzr
 2318	#  Add high product results in
 2319	adds	x19, x19, x5
 2320	adcs	x20, x20, x14
 2321	adcs	x21, x21, x15
 2322	adc	x22, x22, x16
 2323	# Square
 2324	#  A[0] * A[1]
 2325	umulh	x12, x25, x26
 2326	mul	x11, x25, x26
 2327	#  A[0] * A[3]
 2328	umulh	x14, x25, x28
 2329	mul	x13, x25, x28
 2330	#  A[0] * A[2]
 2331	mul	x3, x25, x27
 2332	adds	x12, x12, x3
 2333	umulh	x4, x25, x27
 2334	adcs	x13, x13, x4
 2335	#  A[1] * A[3]
 2336	mul	x3, x26, x28
 2337	adcs	x14, x14, x3
 2338	umulh	x15, x26, x28
 2339	adc	x15, x15, xzr
 2340	#  A[1] * A[2]
 2341	mul	x3, x26, x27
 2342	adds	x13, x13, x3
 2343	umulh	x4, x26, x27
 2344	adcs	x14, x14, x4
 2345	#  A[2] * A[3]
 2346	mul	x3, x27, x28
 2347	adcs	x15, x15, x3
 2348	umulh	x16, x27, x28
 2349	adc	x16, x16, xzr
 2350	# Double
 2351	adds	x11, x11, x11
 2352	adcs	x12, x12, x12
 2353	adcs	x13, x13, x13
 2354	adcs	x14, x14, x14
 2355	adcs	x15, x15, x15
 2356	adcs	x16, x16, x16
 2357	adc	x17, xzr, xzr
 2358	#  A[0] * A[0]
 2359	umulh	x4, x25, x25
 2360	mul	x10, x25, x25
 2361	#  A[1] * A[1]
 2362	mul	x3, x26, x26
 2363	adds	x11, x11, x4
 2364	umulh	x4, x26, x26
 2365	adcs	x12, x12, x3
 2366	#  A[2] * A[2]
 2367	mul	x3, x27, x27
 2368	adcs	x13, x13, x4
 2369	umulh	x4, x27, x27
 2370	adcs	x14, x14, x3
 2371	#  A[3] * A[3]
 2372	mul	x3, x28, x28
 2373	adcs	x15, x15, x4
 2374	umulh	x4, x28, x28
 2375	adcs	x16, x16, x3
 2376	adc	x17, x17, x4
 2377	# Reduce
 2378	mov	x3, #38
 2379	mul	x4, x3, x17
 2380	adds	x13, x13, x4
 2381	umulh	x5, x3, x17
 2382	adc	x5, x5, xzr
 2383	mov	x3, #19
 2384	extr	x5, x5, x13, #63
 2385	mul	x5, x5, x3
 2386	and	x13, x13, #0x7fffffffffffffff
 2387	mov	x3, #38
 2388	mul	x4, x3, x14
 2389	adds	x10, x10, x4
 2390	umulh	x14, x3, x14
 2391	mul	x4, x3, x15
 2392	adcs	x11, x11, x4
 2393	umulh	x15, x3, x15
 2394	mul	x4, x3, x16
 2395	adcs	x12, x12, x4
 2396	umulh	x16, x3, x16
 2397	adc	x13, x13, xzr
 2398	#  Add high product results in
 2399	adds	x10, x10, x5
 2400	adcs	x11, x11, x14
 2401	adcs	x12, x12, x15
 2402	adc	x13, x13, x16
 2403	# Square
 2404	#  A[0] * A[1]
 2405	umulh	x16, x6, x7
 2406	mul	x15, x6, x7
 2407	#  A[0] * A[3]
 2408	umulh	x25, x6, x9
 2409	mul	x17, x6, x9
 2410	#  A[0] * A[2]
 2411	mul	x3, x6, x8
 2412	adds	x16, x16, x3
 2413	umulh	x4, x6, x8
 2414	adcs	x17, x17, x4
 2415	#  A[1] * A[3]
 2416	mul	x3, x7, x9
 2417	adcs	x25, x25, x3
 2418	umulh	x26, x7, x9
 2419	adc	x26, x26, xzr
 2420	#  A[1] * A[2]
 2421	mul	x3, x7, x8
 2422	adds	x17, x17, x3
 2423	umulh	x4, x7, x8
 2424	adcs	x25, x25, x4
 2425	#  A[2] * A[3]
 2426	mul	x3, x8, x9
 2427	adcs	x26, x26, x3
 2428	umulh	x27, x8, x9
 2429	adc	x27, x27, xzr
 2430	# Double
 2431	adds	x15, x15, x15
 2432	adcs	x16, x16, x16
 2433	adcs	x17, x17, x17
 2434	adcs	x25, x25, x25
 2435	adcs	x26, x26, x26
 2436	adcs	x27, x27, x27
 2437	adc	x28, xzr, xzr
 2438	#  A[0] * A[0]
 2439	umulh	x4, x6, x6
 2440	mul	x14, x6, x6
 2441	#  A[1] * A[1]
 2442	mul	x3, x7, x7
 2443	adds	x15, x15, x4
 2444	umulh	x4, x7, x7
 2445	adcs	x16, x16, x3
 2446	#  A[2] * A[2]
 2447	mul	x3, x8, x8
 2448	adcs	x17, x17, x4
 2449	umulh	x4, x8, x8
 2450	adcs	x25, x25, x3
 2451	#  A[3] * A[3]
 2452	mul	x3, x9, x9
 2453	adcs	x26, x26, x4
 2454	umulh	x4, x9, x9
 2455	adcs	x27, x27, x3
 2456	adc	x28, x28, x4
 2457	# Reduce
 2458	mov	x3, #38
 2459	mul	x4, x3, x28
 2460	adds	x17, x17, x4
 2461	umulh	x5, x3, x28
 2462	adc	x5, x5, xzr
 2463	mov	x3, #19
 2464	extr	x5, x5, x17, #63
 2465	mul	x5, x5, x3
 2466	and	x17, x17, #0x7fffffffffffffff
 2467	mov	x3, #38
 2468	mul	x4, x3, x25
 2469	adds	x14, x14, x4
 2470	umulh	x25, x3, x25
 2471	mul	x4, x3, x26
 2472	adcs	x15, x15, x4
 2473	umulh	x26, x3, x26
 2474	mul	x4, x3, x27
 2475	adcs	x16, x16, x4
 2476	umulh	x27, x3, x27
 2477	adc	x17, x17, xzr
 2478	#  Add high product results in
 2479	adds	x14, x14, x5
 2480	adcs	x15, x15, x25
 2481	adcs	x16, x16, x26
 2482	adc	x17, x17, x27
 2483	# Multiply
 2484	# A[0] * B[0]
 2485	umulh	x7, x14, x10
 2486	mul	x6, x14, x10
 2487	# A[2] * B[0]
 2488	umulh	x9, x16, x10
 2489	mul	x8, x16, x10
 2490	# A[1] * B[0]
 2491	mul	x3, x15, x10
 2492	adds	x7, x7, x3
 2493	umulh	x4, x15, x10
 2494	adcs	x8, x8, x4
 2495	# A[1] * B[3]
 2496	umulh	x26, x15, x13
 2497	adc	x9, x9, xzr
 2498	mul	x25, x15, x13
 2499	# A[0] * B[1]
 2500	mul	x3, x14, x11
 2501	adds	x7, x7, x3
 2502	umulh	x4, x14, x11
 2503	adcs	x8, x8, x4
 2504	# A[2] * B[1]
 2505	mul	x3, x16, x11
 2506	adcs	x9, x9, x3
 2507	umulh	x4, x16, x11
 2508	adcs	x25, x25, x4
 2509	adc	x26, x26, xzr
 2510	# A[1] * B[2]
 2511	mul	x3, x15, x12
 2512	adds	x9, x9, x3
 2513	umulh	x4, x15, x12
 2514	adcs	x25, x25, x4
 2515	adcs	x26, x26, xzr
 2516	adc	x27, xzr, xzr
 2517	# A[0] * B[2]
 2518	mul	x3, x14, x12
 2519	adds	x8, x8, x3
 2520	umulh	x4, x14, x12
 2521	adcs	x9, x9, x4
 2522	adcs	x25, x25, xzr
 2523	adcs	x26, x26, xzr
 2524	adc	x27, x27, xzr
 2525	# A[1] * B[1]
 2526	mul	x3, x15, x11
 2527	adds	x8, x8, x3
 2528	umulh	x4, x15, x11
 2529	adcs	x9, x9, x4
 2530	# A[3] * B[1]
 2531	mul	x3, x17, x11
 2532	adcs	x25, x25, x3
 2533	umulh	x4, x17, x11
 2534	adcs	x26, x26, x4
 2535	adc	x27, x27, xzr
 2536	# A[2] * B[2]
 2537	mul	x3, x16, x12
 2538	adds	x25, x25, x3
 2539	umulh	x4, x16, x12
 2540	adcs	x26, x26, x4
 2541	# A[3] * B[3]
 2542	mul	x3, x17, x13
 2543	adcs	x27, x27, x3
 2544	umulh	x28, x17, x13
 2545	adc	x28, x28, xzr
 2546	# A[0] * B[3]
 2547	mul	x3, x14, x13
 2548	adds	x9, x9, x3
 2549	umulh	x4, x14, x13
 2550	adcs	x25, x25, x4
 2551	# A[2] * B[3]
 2552	mul	x3, x16, x13
 2553	adcs	x26, x26, x3
 2554	umulh	x4, x16, x13
 2555	adcs	x27, x27, x4
 2556	adc	x28, x28, xzr
 2557	# A[3] * B[0]
 2558	mul	x3, x17, x10
 2559	adds	x9, x9, x3
 2560	umulh	x4, x17, x10
 2561	adcs	x25, x25, x4
 2562	# A[3] * B[2]
 2563	mul	x3, x17, x12
 2564	adcs	x26, x26, x3
 2565	umulh	x4, x17, x12
 2566	adcs	x27, x27, x4
 2567	adc	x28, x28, xzr
 2568	# Reduce
 2569	mov	x3, #38
 2570	mul	x4, x3, x28
 2571	adds	x9, x9, x4
 2572	umulh	x5, x3, x28
 2573	adc	x5, x5, xzr
 2574	mov	x3, #19
 2575	extr	x5, x5, x9, #63
 2576	mul	x5, x5, x3
 2577	and	x9, x9, #0x7fffffffffffffff
 2578	mov	x3, #38
 2579	mul	x4, x3, x25
 2580	adds	x6, x6, x4
 2581	umulh	x25, x3, x25
 2582	mul	x4, x3, x26
 2583	adcs	x7, x7, x4
 2584	umulh	x26, x3, x26
 2585	mul	x4, x3, x27
 2586	adcs	x8, x8, x4
 2587	umulh	x27, x3, x27
 2588	adc	x9, x9, xzr
 2589	#  Add high product results in
 2590	adds	x6, x6, x5
 2591	adcs	x7, x7, x25
 2592	adcs	x8, x8, x26
 2593	adc	x9, x9, x27
 2594	# Store
 2595	stp	x6, x7, [x0]
 2596	stp	x8, x9, [x0, #16]
 2597	# Sub
 2598	subs	x14, x14, x10
 2599	sbcs	x15, x15, x11
 2600	sbcs	x16, x16, x12
 2601	sbcs	x17, x17, x13
 2602	csetm	x5, cc
 2603	mov	x3, #-19
 2604	#   Mask the modulus
 2605	extr	x5, x5, x17, #63
 2606	mul	x3, x5, x3
 2607	#   Add modulus (if underflow)
 2608	subs	x14, x14, x3
 2609	sbcs	x15, x15, xzr
 2610	and	x17, x17, #0x7fffffffffffffff
 2611	sbcs	x16, x16, xzr
 2612	sbc	x17, x17, xzr
 2613	# Multiply by 121666
 2614	mov	x5, #0xdb42
 2615	movk	x5, #1, lsl 16
 2616	mul	x6, x14, x5
 2617	umulh	x7, x14, x5
 2618	mul	x3, x15, x5
 2619	umulh	x8, x15, x5
 2620	adds	x7, x7, x3
 2621	adc	x8, x8, xzr
 2622	mul	x3, x16, x5
 2623	umulh	x9, x16, x5
 2624	adds	x8, x8, x3
 2625	adc	x9, x9, xzr
 2626	mul	x3, x17, x5
 2627	umulh	x4, x17, x5
 2628	adds	x9, x9, x3
 2629	adc	x4, x4, xzr
 2630	mov	x5, #19
 2631	extr	x4, x4, x9, #63
 2632	mul	x4, x4, x5
 2633	adds	x6, x6, x4
 2634	adcs	x7, x7, xzr
 2635	and	x9, x9, #0x7fffffffffffffff
 2636	adcs	x8, x8, xzr
 2637	adc	x9, x9, xzr
 2638	# Add
 2639	adds	x10, x10, x6
 2640	adcs	x11, x11, x7
 2641	adcs	x12, x12, x8
 2642	adcs	x13, x13, x9
 2643	cset	x5, cs
 2644	mov	x3, #19
 2645	#   Mask the modulus
 2646	extr	x5, x5, x13, #63
 2647	mul	x3, x5, x3
 2648	#   Sub modulus (if overflow)
 2649	adds	x10, x10, x3
 2650	adcs	x11, x11, xzr
 2651	and	x13, x13, #0x7fffffffffffffff
 2652	adcs	x12, x12, xzr
 2653	adc	x13, x13, xzr
 2654	# Multiply
 2655	# A[0] * B[0]
 2656	umulh	x7, x14, x10
 2657	mul	x6, x14, x10
 2658	# A[2] * B[0]
 2659	umulh	x9, x16, x10
 2660	mul	x8, x16, x10
 2661	# A[1] * B[0]
 2662	mul	x3, x15, x10
 2663	adds	x7, x7, x3
 2664	umulh	x4, x15, x10
 2665	adcs	x8, x8, x4
 2666	# A[1] * B[3]
 2667	umulh	x26, x15, x13
 2668	adc	x9, x9, xzr
 2669	mul	x25, x15, x13
 2670	# A[0] * B[1]
 2671	mul	x3, x14, x11
 2672	adds	x7, x7, x3
 2673	umulh	x4, x14, x11
 2674	adcs	x8, x8, x4
 2675	# A[2] * B[1]
 2676	mul	x3, x16, x11
 2677	adcs	x9, x9, x3
 2678	umulh	x4, x16, x11
 2679	adcs	x25, x25, x4
 2680	adc	x26, x26, xzr
 2681	# A[1] * B[2]
 2682	mul	x3, x15, x12
 2683	adds	x9, x9, x3
 2684	umulh	x4, x15, x12
 2685	adcs	x25, x25, x4
 2686	adcs	x26, x26, xzr
 2687	adc	x27, xzr, xzr
 2688	# A[0] * B[2]
 2689	mul	x3, x14, x12
 2690	adds	x8, x8, x3
 2691	umulh	x4, x14, x12
 2692	adcs	x9, x9, x4
 2693	adcs	x25, x25, xzr
 2694	adcs	x26, x26, xzr
 2695	adc	x27, x27, xzr
 2696	# A[1] * B[1]
 2697	mul	x3, x15, x11
 2698	adds	x8, x8, x3
 2699	umulh	x4, x15, x11
 2700	adcs	x9, x9, x4
 2701	# A[3] * B[1]
 2702	mul	x3, x17, x11
 2703	adcs	x25, x25, x3
 2704	umulh	x4, x17, x11
 2705	adcs	x26, x26, x4
 2706	adc	x27, x27, xzr
 2707	# A[2] * B[2]
 2708	mul	x3, x16, x12
 2709	adds	x25, x25, x3
 2710	umulh	x4, x16, x12
 2711	adcs	x26, x26, x4
 2712	# A[3] * B[3]
 2713	mul	x3, x17, x13
 2714	adcs	x27, x27, x3
 2715	umulh	x28, x17, x13
 2716	adc	x28, x28, xzr
 2717	# A[0] * B[3]
 2718	mul	x3, x14, x13
 2719	adds	x9, x9, x3
 2720	umulh	x4, x14, x13
 2721	adcs	x25, x25, x4
 2722	# A[2] * B[3]
 2723	mul	x3, x16, x13
 2724	adcs	x26, x26, x3
 2725	umulh	x4, x16, x13
 2726	adcs	x27, x27, x4
 2727	adc	x28, x28, xzr
 2728	# A[3] * B[0]
 2729	mul	x3, x17, x10
 2730	adds	x9, x9, x3
 2731	umulh	x4, x17, x10
 2732	adcs	x25, x25, x4
 2733	# A[3] * B[2]
 2734	mul	x3, x17, x12
 2735	adcs	x26, x26, x3
 2736	umulh	x4, x17, x12
 2737	adcs	x27, x27, x4
 2738	adc	x28, x28, xzr
 2739	# Reduce
 2740	mov	x3, #38
 2741	mul	x4, x3, x28
 2742	adds	x9, x9, x4
 2743	umulh	x5, x3, x28
 2744	adc	x5, x5, xzr
 2745	mov	x3, #19
 2746	extr	x5, x5, x9, #63
 2747	mul	x5, x5, x3
 2748	and	x9, x9, #0x7fffffffffffffff
 2749	mov	x3, #38
 2750	mul	x4, x3, x25
 2751	adds	x6, x6, x4
 2752	umulh	x25, x3, x25
 2753	mul	x4, x3, x26
 2754	adcs	x7, x7, x4
 2755	umulh	x26, x3, x26
 2756	mul	x4, x3, x27
 2757	adcs	x8, x8, x4
 2758	umulh	x27, x3, x27
 2759	adc	x9, x9, xzr
 2760	#  Add high product results in
 2761	adds	x6, x6, x5
 2762	adcs	x7, x7, x25
 2763	adcs	x8, x8, x26
 2764	adc	x9, x9, x27
 2765	# Store
 2766	stp	x6, x7, [x29, #16]
 2767	stp	x8, x9, [x29, #32]
 2768	# Add
 2769	ldp	x25, x26, [x29, #48]
 2770	ldp	x27, x28, [x29, #64]
 2771	adds	x10, x25, x19
 2772	adcs	x11, x26, x20
 2773	adcs	x12, x27, x21
 2774	adcs	x13, x28, x22
 2775	cset	x5, cs
 2776	mov	x3, #19
 2777	extr	x5, x5, x13, #63
 2778	mul	x3, x5, x3
 2779	#   Sub modulus (if overflow)
 2780	adds	x10, x10, x3
 2781	adcs	x11, x11, xzr
 2782	and	x13, x13, #0x7fffffffffffffff
 2783	adcs	x12, x12, xzr
 2784	adc	x13, x13, xzr
 2785	# Sub
 2786	subs	x19, x25, x19
 2787	sbcs	x20, x26, x20
 2788	sbcs	x21, x27, x21
 2789	sbcs	x22, x28, x22
 2790	csetm	x5, cc
 2791	mov	x3, #-19
 2792	extr	x5, x5, x22, #63
 2793	mul	x3, x5, x3
 2794	#   Add modulus (if underflow)
 2795	subs	x19, x19, x3
 2796	sbcs	x20, x20, xzr
 2797	and	x22, x22, #0x7fffffffffffffff
 2798	sbcs	x21, x21, xzr
 2799	sbc	x22, x22, xzr
 2800	# Square
 2801	#  A[0] * A[1]
 2802	umulh	x8, x10, x11
 2803	mul	x7, x10, x11
 2804	#  A[0] * A[3]
 2805	umulh	x25, x10, x13
 2806	mul	x9, x10, x13
 2807	#  A[0] * A[2]
 2808	mul	x3, x10, x12
 2809	adds	x8, x8, x3
 2810	umulh	x4, x10, x12
 2811	adcs	x9, x9, x4
 2812	#  A[1] * A[3]
 2813	mul	x3, x11, x13
 2814	adcs	x25, x25, x3
 2815	umulh	x26, x11, x13
 2816	adc	x26, x26, xzr
 2817	#  A[1] * A[2]
 2818	mul	x3, x11, x12
 2819	adds	x9, x9, x3
 2820	umulh	x4, x11, x12
 2821	adcs	x25, x25, x4
 2822	#  A[2] * A[3]
 2823	mul	x3, x12, x13
 2824	adcs	x26, x26, x3
 2825	umulh	x27, x12, x13
 2826	adc	x27, x27, xzr
 2827	# Double
 2828	adds	x7, x7, x7
 2829	adcs	x8, x8, x8
 2830	adcs	x9, x9, x9
 2831	adcs	x25, x25, x25
 2832	adcs	x26, x26, x26
 2833	adcs	x27, x27, x27
 2834	adc	x28, xzr, xzr
 2835	#  A[0] * A[0]
 2836	umulh	x4, x10, x10
 2837	mul	x6, x10, x10
 2838	#  A[1] * A[1]
 2839	mul	x3, x11, x11
 2840	adds	x7, x7, x4
 2841	umulh	x4, x11, x11
 2842	adcs	x8, x8, x3
 2843	#  A[2] * A[2]
 2844	mul	x3, x12, x12
 2845	adcs	x9, x9, x4
 2846	umulh	x4, x12, x12
 2847	adcs	x25, x25, x3
 2848	#  A[3] * A[3]
 2849	mul	x3, x13, x13
 2850	adcs	x26, x26, x4
 2851	umulh	x4, x13, x13
 2852	adcs	x27, x27, x3
 2853	adc	x28, x28, x4
 2854	# Reduce
 2855	mov	x3, #38
 2856	mul	x4, x3, x28
 2857	adds	x9, x9, x4
 2858	umulh	x5, x3, x28
 2859	adc	x5, x5, xzr
 2860	mov	x3, #19
 2861	extr	x5, x5, x9, #63
 2862	mul	x5, x5, x3
 2863	and	x9, x9, #0x7fffffffffffffff
 2864	mov	x3, #38
 2865	mul	x4, x3, x25
 2866	adds	x6, x6, x4
 2867	umulh	x25, x3, x25
 2868	mul	x4, x3, x26
 2869	adcs	x7, x7, x4
 2870	umulh	x26, x3, x26
 2871	mul	x4, x3, x27
 2872	adcs	x8, x8, x4
 2873	umulh	x27, x3, x27
 2874	adc	x9, x9, xzr
 2875	#  Add high product results in
 2876	adds	x6, x6, x5
 2877	adcs	x7, x7, x25
 2878	adcs	x8, x8, x26
 2879	adc	x9, x9, x27
 2880	# Square
 2881	#  A[0] * A[1]
 2882	umulh	x16, x19, x20
 2883	mul	x15, x19, x20
 2884	#  A[0] * A[3]
 2885	umulh	x25, x19, x22
 2886	mul	x17, x19, x22
 2887	#  A[0] * A[2]
 2888	mul	x3, x19, x21
 2889	adds	x16, x16, x3
 2890	umulh	x4, x19, x21
 2891	adcs	x17, x17, x4
 2892	#  A[1] * A[3]
 2893	mul	x3, x20, x22
 2894	adcs	x25, x25, x3
 2895	umulh	x26, x20, x22
 2896	adc	x26, x26, xzr
 2897	#  A[1] * A[2]
 2898	mul	x3, x20, x21
 2899	adds	x17, x17, x3
 2900	umulh	x4, x20, x21
 2901	adcs	x25, x25, x4
 2902	#  A[2] * A[3]
 2903	mul	x3, x21, x22
 2904	adcs	x26, x26, x3
 2905	umulh	x27, x21, x22
 2906	adc	x27, x27, xzr
 2907	# Double
 2908	adds	x15, x15, x15
 2909	adcs	x16, x16, x16
 2910	adcs	x17, x17, x17
 2911	adcs	x25, x25, x25
 2912	adcs	x26, x26, x26
 2913	adcs	x27, x27, x27
 2914	adc	x28, xzr, xzr
 2915	#  A[0] * A[0]
 2916	umulh	x4, x19, x19
 2917	mul	x14, x19, x19
 2918	#  A[1] * A[1]
 2919	mul	x3, x20, x20
 2920	adds	x15, x15, x4
 2921	umulh	x4, x20, x20
 2922	adcs	x16, x16, x3
 2923	#  A[2] * A[2]
 2924	mul	x3, x21, x21
 2925	adcs	x17, x17, x4
 2926	umulh	x4, x21, x21
 2927	adcs	x25, x25, x3
 2928	#  A[3] * A[3]
 2929	mul	x3, x22, x22
 2930	adcs	x26, x26, x4
 2931	umulh	x4, x22, x22
 2932	adcs	x27, x27, x3
 2933	adc	x28, x28, x4
 2934	# Reduce
 2935	mov	x3, #38
 2936	mul	x4, x3, x28
 2937	adds	x17, x17, x4
 2938	umulh	x5, x3, x28
 2939	adc	x5, x5, xzr
 2940	mov	x3, #19
 2941	extr	x5, x5, x17, #63
 2942	mul	x5, x5, x3
 2943	and	x17, x17, #0x7fffffffffffffff
 2944	mov	x3, #38
 2945	mul	x4, x3, x25
 2946	adds	x14, x14, x4
 2947	umulh	x25, x3, x25
 2948	mul	x4, x3, x26
 2949	adcs	x15, x15, x4
 2950	umulh	x26, x3, x26
 2951	mul	x4, x3, x27
 2952	adcs	x16, x16, x4
 2953	umulh	x27, x3, x27
 2954	adc	x17, x17, xzr
 2955	#  Add high product results in
 2956	adds	x14, x14, x5
 2957	adcs	x15, x15, x25
 2958	adcs	x16, x16, x26
 2959	adc	x17, x17, x27
 2960	# Multiply by 9
 2961	mov	x5, #9
 2962	mul	x10, x14, x5
 2963	umulh	x11, x14, x5
 2964	mul	x3, x15, x5
 2965	umulh	x12, x15, x5
 2966	adds	x11, x11, x3
 2967	adc	x12, x12, xzr
 2968	mul	x3, x16, x5
 2969	umulh	x13, x16, x5
 2970	adds	x12, x12, x3
 2971	adc	x13, x13, xzr
 2972	mul	x3, x17, x5
 2973	umulh	x4, x17, x5
 2974	adds	x13, x13, x3
 2975	adc	x4, x4, xzr
 2976	mov	x5, #19
 2977	extr	x4, x4, x13, #63
 2978	mul	x4, x4, x5
 2979	adds	x10, x10, x4
 2980	adcs	x11, x11, xzr
 2981	and	x13, x13, #0x7fffffffffffffff
 2982	adcs	x12, x12, xzr
 2983	adc	x13, x13, xzr
 2984	subs	x24, x24, #1
 2985	cmp	x24, #3
 2986	bge	L_curve25519_base_bits
 2987	# Conditional Swap
 2988	subs	xzr, xzr, x2, lsl 63
 2989	ldp	x25, x26, [x29, #16]
 2990	ldp	x27, x28, [x29, #32]
 2991	csel	x19, x25, x10, ne
 2992	csel	x25, x10, x25, ne
 2993	csel	x20, x26, x11, ne
 2994	csel	x26, x11, x26, ne
 2995	csel	x21, x27, x12, ne
 2996	csel	x27, x12, x27, ne
 2997	csel	x22, x28, x13, ne
 2998	csel	x28, x13, x28, ne
 2999	# Conditional Swap
 3000	subs	xzr, xzr, x2, lsl 63
 3001	ldp	x10, x11, [x0]
 3002	ldp	x12, x13, [x0, #16]
 3003	csel	x14, x10, x6, ne
 3004	csel	x10, x6, x10, ne
 3005	csel	x15, x11, x7, ne
 3006	csel	x11, x7, x11, ne
 3007	csel	x16, x12, x8, ne
 3008	csel	x12, x8, x12, ne
 3009	csel	x17, x13, x9, ne
 3010	csel	x13, x9, x13, ne
 3011L_curve25519_base_3:
 3012	# Add
 3013	adds	x6, x10, x25
 3014	adcs	x7, x11, x26
 3015	adcs	x8, x12, x27
 3016	adcs	x9, x13, x28
 3017	cset	x5, cs
 3018	mov	x3, #19
 3019	extr	x5, x5, x9, #63
 3020	mul	x3, x5, x3
 3021	#   Sub modulus (if overflow)
 3022	adds	x6, x6, x3
 3023	adcs	x7, x7, xzr
 3024	and	x9, x9, #0x7fffffffffffffff
 3025	adcs	x8, x8, xzr
 3026	adc	x9, x9, xzr
 3027	# Sub
 3028	subs	x25, x10, x25
 3029	sbcs	x26, x11, x26
 3030	sbcs	x27, x12, x27
 3031	sbcs	x28, x13, x28
 3032	csetm	x5, cc
 3033	mov	x3, #-19
 3034	extr	x5, x5, x28, #63
 3035	mul	x3, x5, x3
 3036	#   Add modulus (if underflow)
 3037	subs	x25, x25, x3
 3038	sbcs	x26, x26, xzr
 3039	and	x28, x28, #0x7fffffffffffffff
 3040	sbcs	x27, x27, xzr
 3041	sbc	x28, x28, xzr
 3042	# Square
 3043	#  A[0] * A[1]
 3044	umulh	x21, x25, x26
 3045	mul	x20, x25, x26
 3046	#  A[0] * A[3]
 3047	umulh	x14, x25, x28
 3048	mul	x22, x25, x28
 3049	#  A[0] * A[2]
 3050	mul	x3, x25, x27
 3051	adds	x21, x21, x3
 3052	umulh	x4, x25, x27
 3053	adcs	x22, x22, x4
 3054	#  A[1] * A[3]
 3055	mul	x3, x26, x28
 3056	adcs	x14, x14, x3
 3057	umulh	x15, x26, x28
 3058	adc	x15, x15, xzr
 3059	#  A[1] * A[2]
 3060	mul	x3, x26, x27
 3061	adds	x22, x22, x3
 3062	umulh	x4, x26, x27
 3063	adcs	x14, x14, x4
 3064	#  A[2] * A[3]
 3065	mul	x3, x27, x28
 3066	adcs	x15, x15, x3
 3067	umulh	x16, x27, x28
 3068	adc	x16, x16, xzr
 3069	# Double
 3070	adds	x20, x20, x20
 3071	adcs	x21, x21, x21
 3072	adcs	x22, x22, x22
 3073	adcs	x14, x14, x14
 3074	adcs	x15, x15, x15
 3075	adcs	x16, x16, x16
 3076	adc	x17, xzr, xzr
 3077	#  A[0] * A[0]
 3078	umulh	x4, x25, x25
 3079	mul	x19, x25, x25
 3080	#  A[1] * A[1]
 3081	mul	x3, x26, x26
 3082	adds	x20, x20, x4
 3083	umulh	x4, x26, x26
 3084	adcs	x21, x21, x3
 3085	#  A[2] * A[2]
 3086	mul	x3, x27, x27
 3087	adcs	x22, x22, x4
 3088	umulh	x4, x27, x27
 3089	adcs	x14, x14, x3
 3090	#  A[3] * A[3]
 3091	mul	x3, x28, x28
 3092	adcs	x15, x15, x4
 3093	umulh	x4, x28, x28
 3094	adcs	x16, x16, x3
 3095	adc	x17, x17, x4
 3096	# Reduce
 3097	mov	x3, #38
 3098	mul	x4, x3, x17
 3099	adds	x22, x22, x4
 3100	umulh	x5, x3, x17
 3101	adc	x5, x5, xzr
 3102	mov	x3, #19
 3103	extr	x5, x5, x22, #63
 3104	mul	x5, x5, x3
 3105	and	x22, x22, #0x7fffffffffffffff
 3106	mov	x3, #38
 3107	mul	x4, x3, x14
 3108	adds	x19, x19, x4
 3109	umulh	x14, x3, x14
 3110	mul	x4, x3, x15
 3111	adcs	x20, x20, x4
 3112	umulh	x15, x3, x15
 3113	mul	x4, x3, x16
 3114	adcs	x21, x21, x4
 3115	umulh	x16, x3, x16
 3116	adc	x22, x22, xzr
 3117	#  Add high product results in
 3118	adds	x19, x19, x5
 3119	adcs	x20, x20, x14
 3120	adcs	x21, x21, x15
 3121	adc	x22, x22, x16
 3122	# Square
 3123	#  A[0] * A[1]
 3124	umulh	x16, x6, x7
 3125	mul	x15, x6, x7
 3126	#  A[0] * A[3]
 3127	umulh	x25, x6, x9
 3128	mul	x17, x6, x9
 3129	#  A[0] * A[2]
 3130	mul	x3, x6, x8
 3131	adds	x16, x16, x3
 3132	umulh	x4, x6, x8
 3133	adcs	x17, x17, x4
 3134	#  A[1] * A[3]
 3135	mul	x3, x7, x9
 3136	adcs	x25, x25, x3
 3137	umulh	x26, x7, x9
 3138	adc	x26, x26, xzr
 3139	#  A[1] * A[2]
 3140	mul	x3, x7, x8
 3141	adds	x17, x17, x3
 3142	umulh	x4, x7, x8
 3143	adcs	x25, x25, x4
 3144	#  A[2] * A[3]
 3145	mul	x3, x8, x9
 3146	adcs	x26, x26, x3
 3147	umulh	x27, x8, x9
 3148	adc	x27, x27, xzr
 3149	# Double
 3150	adds	x15, x15, x15
 3151	adcs	x16, x16, x16
 3152	adcs	x17, x17, x17
 3153	adcs	x25, x25, x25
 3154	adcs	x26, x26, x26
 3155	adcs	x27, x27, x27
 3156	adc	x28, xzr, xzr
 3157	#  A[0] * A[0]
 3158	umulh	x4, x6, x6
 3159	mul	x14, x6, x6
 3160	#  A[1] * A[1]
 3161	mul	x3, x7, x7
 3162	adds	x15, x15, x4
 3163	umulh	x4, x7, x7
 3164	adcs	x16, x16, x3
 3165	#  A[2] * A[2]
 3166	mul	x3, x8, x8
 3167	adcs	x17, x17, x4
 3168	umulh	x4, x8, x8
 3169	adcs	x25, x25, x3
 3170	#  A[3] * A[3]
 3171	mul	x3, x9, x9
 3172	adcs	x26, x26, x4
 3173	umulh	x4, x9, x9
 3174	adcs	x27, x27, x3
 3175	adc	x28, x28, x4
 3176	# Reduce
 3177	mov	x3, #38
 3178	mul	x4, x3, x28
 3179	adds	x17, x17, x4
 3180	umulh	x5, x3, x28
 3181	adc	x5, x5, xzr
 3182	mov	x3, #19
 3183	extr	x5, x5, x17, #63
 3184	mul	x5, x5, x3
 3185	and	x17, x17, #0x7fffffffffffffff
 3186	mov	x3, #38
 3187	mul	x4, x3, x25
 3188	adds	x14, x14, x4
 3189	umulh	x25, x3, x25
 3190	mul	x4, x3, x26
 3191	adcs	x15, x15, x4
 3192	umulh	x26, x3, x26
 3193	mul	x4, x3, x27
 3194	adcs	x16, x16, x4
 3195	umulh	x27, x3, x27
 3196	adc	x17, x17, xzr
 3197	#  Add high product results in
 3198	adds	x14, x14, x5
 3199	adcs	x15, x15, x25
 3200	adcs	x16, x16, x26
 3201	adc	x17, x17, x27
 3202	# Multiply
 3203	# A[0] * B[0]
 3204	umulh	x11, x14, x19
 3205	mul	x10, x14, x19
 3206	# A[2] * B[0]
 3207	umulh	x13, x16, x19
 3208	mul	x12, x16, x19
 3209	# A[1] * B[0]
 3210	mul	x3, x15, x19
 3211	adds	x11, x11, x3
 3212	umulh	x4, x15, x19
 3213	adcs	x12, x12, x4
 3214	# A[1] * B[3]
 3215	umulh	x26, x15, x22
 3216	adc	x13, x13, xzr
 3217	mul	x25, x15, x22
 3218	# A[0] * B[1]
 3219	mul	x3, x14, x20
 3220	adds	x11, x11, x3
 3221	umulh	x4, x14, x20
 3222	adcs	x12, x12, x4
 3223	# A[2] * B[1]
 3224	mul	x3, x16, x20
 3225	adcs	x13, x13, x3
 3226	umulh	x4, x16, x20
 3227	adcs	x25, x25, x4
 3228	adc	x26, x26, xzr
 3229	# A[1] * B[2]
 3230	mul	x3, x15, x21
 3231	adds	x13, x13, x3
 3232	umulh	x4, x15, x21
 3233	adcs	x25, x25, x4
 3234	adcs	x26, x26, xzr
 3235	adc	x27, xzr, xzr
 3236	# A[0] * B[2]
 3237	mul	x3, x14, x21
 3238	adds	x12, x12, x3
 3239	umulh	x4, x14, x21
 3240	adcs	x13, x13, x4
 3241	adcs	x25, x25, xzr
 3242	adcs	x26, x26, xzr
 3243	adc	x27, x27, xzr
 3244	# A[1] * B[1]
 3245	mul	x3, x15, x20
 3246	adds	x12, x12, x3
 3247	umulh	x4, x15, x20
 3248	adcs	x13, x13, x4
 3249	# A[3] * B[1]
 3250	mul	x3, x17, x20
 3251	adcs	x25, x25, x3
 3252	umulh	x4, x17, x20
 3253	adcs	x26, x26, x4
 3254	adc	x27, x27, xzr
 3255	# A[2] * B[2]
 3256	mul	x3, x16, x21
 3257	adds	x25, x25, x3
 3258	umulh	x4, x16, x21
 3259	adcs	x26, x26, x4
 3260	# A[3] * B[3]
 3261	mul	x3, x17, x22
 3262	adcs	x27, x27, x3
 3263	umulh	x28, x17, x22
 3264	adc	x28, x28, xzr
 3265	# A[0] * B[3]
 3266	mul	x3, x14, x22
 3267	adds	x13, x13, x3
 3268	umulh	x4, x14, x22
 3269	adcs	x25, x25, x4
 3270	# A[2] * B[3]
 3271	mul	x3, x16, x22
 3272	adcs	x26, x26, x3
 3273	umulh	x4, x16, x22
 3274	adcs	x27, x27, x4
 3275	adc	x28, x28, xzr
 3276	# A[3] * B[0]
 3277	mul	x3, x17, x19
 3278	adds	x13, x13, x3
 3279	umulh	x4, x17, x19
 3280	adcs	x25, x25, x4
 3281	# A[3] * B[2]
 3282	mul	x3, x17, x21
 3283	adcs	x26, x26, x3
 3284	umulh	x4, x17, x21
 3285	adcs	x27, x27, x4
 3286	adc	x28, x28, xzr
 3287	# Reduce
 3288	mov	x3, #38
 3289	mul	x4, x3, x28
 3290	adds	x13, x13, x4
 3291	umulh	x5, x3, x28
 3292	adc	x5, x5, xzr
 3293	mov	x3, #19
 3294	extr	x5, x5, x13, #63
 3295	mul	x5, x5, x3
 3296	and	x13, x13, #0x7fffffffffffffff
 3297	mov	x3, #38
 3298	mul	x4, x3, x25
 3299	adds	x10, x10, x4
 3300	umulh	x25, x3, x25
 3301	mul	x4, x3, x26
 3302	adcs	x11, x11, x4
 3303	umulh	x26, x3, x26
 3304	mul	x4, x3, x27
 3305	adcs	x12, x12, x4
 3306	umulh	x27, x3, x27
 3307	adc	x13, x13, xzr
 3308	#  Add high product results in
 3309	adds	x10, x10, x5
 3310	adcs	x11, x11, x25
 3311	adcs	x12, x12, x26
 3312	adc	x13, x13, x27
 3313	# Store
 3314	stp	x10, x11, [x0]
 3315	stp	x12, x13, [x0, #16]
 3316	# Sub
 3317	subs	x14, x14, x19
 3318	sbcs	x15, x15, x20
 3319	sbcs	x16, x16, x21
 3320	sbcs	x17, x17, x22
 3321	csetm	x5, cc
 3322	mov	x3, #-19
 3323	#   Mask the modulus
 3324	extr	x5, x5, x17, #63
 3325	mul	x3, x5, x3
 3326	#   Add modulus (if underflow)
 3327	subs	x14, x14, x3
 3328	sbcs	x15, x15, xzr
 3329	and	x17, x17, #0x7fffffffffffffff
 3330	sbcs	x16, x16, xzr
 3331	sbc	x17, x17, xzr
 3332	# Multiply by 121666
 3333	mov	x5, #0xdb42
 3334	movk	x5, #1, lsl 16
 3335	mul	x6, x14, x5
 3336	umulh	x7, x14, x5
 3337	mul	x3, x15, x5
 3338	umulh	x8, x15, x5
 3339	adds	x7, x7, x3
 3340	adc	x8, x8, xzr
 3341	mul	x3, x16, x5
 3342	umulh	x9, x16, x5
 3343	adds	x8, x8, x3
 3344	adc	x9, x9, xzr
 3345	mul	x3, x17, x5
 3346	umulh	x4, x17, x5
 3347	adds	x9, x9, x3
 3348	adc	x4, x4, xzr
 3349	mov	x5, #19
 3350	extr	x4, x4, x9, #63
 3351	mul	x4, x4, x5
 3352	adds	x6, x6, x4
 3353	adcs	x7, x7, xzr
 3354	and	x9, x9, #0x7fffffffffffffff
 3355	adcs	x8, x8, xzr
 3356	adc	x9, x9, xzr
 3357	# Add
 3358	adds	x19, x19, x6
 3359	adcs	x20, x20, x7
 3360	adcs	x21, x21, x8
 3361	adcs	x22, x22, x9
 3362	cset	x5, cs
 3363	mov	x3, #19
 3364	#   Mask the modulus
 3365	extr	x5, x5, x22, #63
 3366	mul	x3, x5, x3
 3367	#   Sub modulus (if overflow)
 3368	adds	x19, x19, x3
 3369	adcs	x20, x20, xzr
 3370	and	x22, x22, #0x7fffffffffffffff
 3371	adcs	x21, x21, xzr
 3372	adc	x22, x22, xzr
 3373	# Multiply
 3374	# A[0] * B[0]
 3375	umulh	x26, x14, x19
 3376	mul	x25, x14, x19
 3377	# A[2] * B[0]
 3378	umulh	x28, x16, x19
 3379	mul	x27, x16, x19
 3380	# A[1] * B[0]
 3381	mul	x3, x15, x19
 3382	adds	x26, x26, x3
 3383	umulh	x4, x15, x19
 3384	adcs	x27, x27, x4
 3385	# A[1] * B[3]
 3386	umulh	x7, x15, x22
 3387	adc	x28, x28, xzr
 3388	mul	x6, x15, x22
 3389	# A[0] * B[1]
 3390	mul	x3, x14, x20
 3391	adds	x26, x26, x3
 3392	umulh	x4, x14, x20
 3393	adcs	x27, x27, x4
 3394	# A[2] * B[1]
 3395	mul	x3, x16, x20
 3396	adcs	x28, x28, x3
 3397	umulh	x4, x16, x20
 3398	adcs	x6, x6, x4
 3399	adc	x7, x7, xzr
 3400	# A[1] * B[2]
 3401	mul	x3, x15, x21
 3402	adds	x28, x28, x3
 3403	umulh	x4, x15, x21
 3404	adcs	x6, x6, x4
 3405	adcs	x7, x7, xzr
 3406	adc	x8, xzr, xzr
 3407	# A[0] * B[2]
 3408	mul	x3, x14, x21
 3409	adds	x27, x27, x3
 3410	umulh	x4, x14, x21
 3411	adcs	x28, x28, x4
 3412	adcs	x6, x6, xzr
 3413	adcs	x7, x7, xzr
 3414	adc	x8, x8, xzr
 3415	# A[1] * B[1]
 3416	mul	x3, x15, x20
 3417	adds	x27, x27, x3
 3418	umulh	x4, x15, x20
 3419	adcs	x28, x28, x4
 3420	# A[3] * B[1]
 3421	mul	x3, x17, x20
 3422	adcs	x6, x6, x3
 3423	umulh	x4, x17, x20
 3424	adcs	x7, x7, x4
 3425	adc	x8, x8, xzr
 3426	# A[2] * B[2]
 3427	mul	x3, x16, x21
 3428	adds	x6, x6, x3
 3429	umulh	x4, x16, x21
 3430	adcs	x7, x7, x4
 3431	# A[3] * B[3]
 3432	mul	x3, x17, x22
 3433	adcs	x8, x8, x3
 3434	umulh	x9, x17, x22
 3435	adc	x9, x9, xzr
 3436	# A[0] * B[3]
 3437	mul	x3, x14, x22
 3438	adds	x28, x28, x3
 3439	umulh	x4, x14, x22
 3440	adcs	x6, x6, x4
 3441	# A[2] * B[3]
 3442	mul	x3, x16, x22
 3443	adcs	x7, x7, x3
 3444	umulh	x4, x16, x22
 3445	adcs	x8, x8, x4
 3446	adc	x9, x9, xzr
 3447	# A[3] * B[0]
 3448	mul	x3, x17, x19
 3449	adds	x28, x28, x3
 3450	umulh	x4, x17, x19
 3451	adcs	x6, x6, x4
 3452	# A[3] * B[2]
 3453	mul	x3, x17, x21
 3454	adcs	x7, x7, x3
 3455	umulh	x4, x17, x21
 3456	adcs	x8, x8, x4
 3457	adc	x9, x9, xzr
 3458	# Reduce
 3459	mov	x3, #38
 3460	mul	x4, x3, x9
 3461	adds	x28, x28, x4
 3462	umulh	x5, x3, x9
 3463	adc	x5, x5, xzr
 3464	mov	x3, #19
 3465	extr	x5, x5, x28, #63
 3466	mul	x5, x5, x3
 3467	and	x28, x28, #0x7fffffffffffffff
 3468	mov	x3, #38
 3469	mul	x4, x3, x6
 3470	adds	x25, x25, x4
 3471	umulh	x6, x3, x6
 3472	mul	x4, x3, x7
 3473	adcs	x26, x26, x4
 3474	umulh	x7, x3, x7
 3475	mul	x4, x3, x8
 3476	adcs	x27, x27, x4
 3477	umulh	x8, x3, x8
 3478	adc	x28, x28, xzr
 3479	#  Add high product results in
 3480	adds	x25, x25, x5
 3481	adcs	x26, x26, x6
 3482	adcs	x27, x27, x7
 3483	adc	x28, x28, x8
 3484	# Store
 3485	stp	x25, x26, [x29, #16]
 3486	stp	x27, x28, [x29, #32]
 3487	subs	x24, x24, #1
 3488	bge	L_curve25519_base_3
 3489	# Invert
 3490	add	x0, x29, #48
 3491	add	x1, x29, #16
 3492#ifndef __APPLE__
 3493	bl	fe_sq
 3494#else
 3495	bl	_fe_sq
 3496#endif /* __APPLE__ */
 3497	add	x0, x29, #0x50
 3498	add	x1, x29, #48
 3499#ifndef __APPLE__
 3500	bl	fe_sq
 3501#else
 3502	bl	_fe_sq
 3503#endif /* __APPLE__ */
 3504#ifndef NDEBUG
 3505	add	x0, x29, #0x50
 3506#endif /* !NDEBUG */
 3507	add	x1, x29, #0x50
 3508#ifndef __APPLE__
 3509	bl	fe_sq
 3510#else
 3511	bl	_fe_sq
 3512#endif /* __APPLE__ */
 3513#ifndef NDEBUG
 3514	add	x0, x29, #0x50
 3515#endif /* !NDEBUG */
 3516	add	x1, x29, #16
 3517	add	x2, x29, #0x50
 3518#ifndef __APPLE__
 3519	bl	fe_mul
 3520#else
 3521	bl	_fe_mul
 3522#endif /* __APPLE__ */
 3523	add	x0, x29, #48
 3524	add	x1, x29, #48
 3525	add	x2, x29, #0x50
 3526#ifndef __APPLE__
 3527	bl	fe_mul
 3528#else
 3529	bl	_fe_mul
 3530#endif /* __APPLE__ */
 3531	add	x0, x29, #0x70
 3532#ifndef NDEBUG
 3533	add	x1, x29, #48
 3534#endif /* !NDEBUG */
 3535#ifndef __APPLE__
 3536	bl	fe_sq
 3537#else
 3538	bl	_fe_sq
 3539#endif /* __APPLE__ */
 3540	add	x0, x29, #0x50
 3541	add	x1, x29, #0x50
 3542	add	x2, x29, #0x70
 3543#ifndef __APPLE__
 3544	bl	fe_mul
 3545#else
 3546	bl	_fe_mul
 3547#endif /* __APPLE__ */
 3548	# Loop: 5 times
 3549	mov	x24, #5
 3550	ldp	x6, x7, [x29, #80]
 3551	ldp	x8, x9, [x29, #96]
 3552L_curve25519_base_inv_1:
 3553	# Square
 3554	#  A[0] * A[1]
 3555	umulh	x12, x6, x7
 3556	mul	x11, x6, x7
 3557	#  A[0] * A[3]
 3558	umulh	x14, x6, x9
 3559	mul	x13, x6, x9
 3560	#  A[0] * A[2]
 3561	mul	x3, x6, x8
 3562	adds	x12, x12, x3
 3563	umulh	x4, x6, x8
 3564	adcs	x13, x13, x4
 3565	#  A[1] * A[3]
 3566	mul	x3, x7, x9
 3567	adcs	x14, x14, x3
 3568	umulh	x15, x7, x9
 3569	adc	x15, x15, xzr
 3570	#  A[1] * A[2]
 3571	mul	x3, x7, x8
 3572	adds	x13, x13, x3
 3573	umulh	x4, x7, x8
 3574	adcs	x14, x14, x4
 3575	#  A[2] * A[3]
 3576	mul	x3, x8, x9
 3577	adcs	x15, x15, x3
 3578	umulh	x16, x8, x9
 3579	adc	x16, x16, xzr
 3580	# Double
 3581	adds	x11, x11, x11
 3582	adcs	x12, x12, x12
 3583	adcs	x13, x13, x13
 3584	adcs	x14, x14, x14
 3585	adcs	x15, x15, x15
 3586	adcs	x16, x16, x16
 3587	adc	x17, xzr, xzr
 3588	#  A[0] * A[0]
 3589	umulh	x4, x6, x6
 3590	mul	x10, x6, x6
 3591	#  A[1] * A[1]
 3592	mul	x3, x7, x7
 3593	adds	x11, x11, x4
 3594	umulh	x4, x7, x7
 3595	adcs	x12, x12, x3
 3596	#  A[2] * A[2]
 3597	mul	x3, x8, x8
 3598	adcs	x13, x13, x4
 3599	umulh	x4, x8, x8
 3600	adcs	x14, x14, x3
 3601	#  A[3] * A[3]
 3602	mul	x3, x9, x9
 3603	adcs	x15, x15, x4
 3604	umulh	x4, x9, x9
 3605	adcs	x16, x16, x3
 3606	adc	x17, x17, x4
 3607	# Reduce
 3608	mov	x3, #38
 3609	mul	x4, x3, x17
 3610	adds	x13, x13, x4
 3611	umulh	x5, x3, x17
 3612	adc	x5, x5, xzr
 3613	mov	x3, #19
 3614	extr	x5, x5, x13, #63
 3615	mul	x5, x5, x3
 3616	and	x13, x13, #0x7fffffffffffffff
 3617	mov	x3, #38
 3618	mul	x4, x3, x14
 3619	adds	x10, x10, x4
 3620	umulh	x14, x3, x14
 3621	mul	x4, x3, x15
 3622	adcs	x11, x11, x4
 3623	umulh	x15, x3, x15
 3624	mul	x4, x3, x16
 3625	adcs	x12, x12, x4
 3626	umulh	x16, x3, x16
 3627	adc	x13, x13, xzr
 3628	#  Add high product results in
 3629	adds	x6, x10, x5
 3630	adcs	x7, x11, x14
 3631	adcs	x8, x12, x15
 3632	adc	x9, x13, x16
 3633	subs	x24, x24, #1
 3634	bne	L_curve25519_base_inv_1
 3635	# Store
 3636	stp	x6, x7, [x29, #112]
 3637	stp	x8, x9, [x29, #128]
 3638#ifndef NDEBUG
 3639	add	x0, x29, #0x50
 3640#endif /* !NDEBUG */
 3641	add	x1, x29, #0x70
 3642	add	x2, x29, #0x50
 3643#ifndef __APPLE__
 3644	bl	fe_mul
 3645#else
 3646	bl	_fe_mul
 3647#endif /* __APPLE__ */
 3648	# Loop: 10 times
 3649	mov	x24, #10
 3650	ldp	x6, x7, [x29, #80]
 3651	ldp	x8, x9, [x29, #96]
 3652L_curve25519_base_inv_2:
 3653	# Square
 3654	#  A[0] * A[1]
 3655	umulh	x12, x6, x7
 3656	mul	x11, x6, x7
 3657	#  A[0] * A[3]
 3658	umulh	x14, x6, x9
 3659	mul	x13, x6, x9
 3660	#  A[0] * A[2]
 3661	mul	x3, x6, x8
 3662	adds	x12, x12, x3
 3663	umulh	x4, x6, x8
 3664	adcs	x13, x13, x4
 3665	#  A[1] * A[3]
 3666	mul	x3, x7, x9
 3667	adcs	x14, x14, x3
 3668	umulh	x15, x7, x9
 3669	adc	x15, x15, xzr
 3670	#  A[1] * A[2]
 3671	mul	x3, x7, x8
 3672	adds	x13, x13, x3
 3673	umulh	x4, x7, x8
 3674	adcs	x14, x14, x4
 3675	#  A[2] * A[3]
 3676	mul	x3, x8, x9
 3677	adcs	x15, x15, x3
 3678	umulh	x16, x8, x9
 3679	adc	x16, x16, xzr
 3680	# Double
 3681	adds	x11, x11, x11
 3682	adcs	x12, x12, x12
 3683	adcs	x13, x13, x13
 3684	adcs	x14, x14, x14
 3685	adcs	x15, x15, x15
 3686	adcs	x16, x16, x16
 3687	adc	x17, xzr, xzr
 3688	#  A[0] * A[0]
 3689	umulh	x4, x6, x6
 3690	mul	x10, x6, x6
 3691	#  A[1] * A[1]
 3692	mul	x3, x7, x7
 3693	adds	x11, x11, x4
 3694	umulh	x4, x7, x7
 3695	adcs	x12, x12, x3
 3696	#  A[2] * A[2]
 3697	mul	x3, x8, x8
 3698	adcs	x13, x13, x4
 3699	umulh	x4, x8, x8
 3700	adcs	x14, x14, x3
 3701	#  A[3] * A[3]
 3702	mul	x3, x9, x9
 3703	adcs	x15, x15, x4
 3704	umulh	x4, x9, x9
 3705	adcs	x16, x16, x3
 3706	adc	x17, x17, x4
 3707	# Reduce
 3708	mov	x3, #38
 3709	mul	x4, x3, x17
 3710	adds	x13, x13, x4
 3711	umulh	x5, x3, x17
 3712	adc	x5, x5, xzr
 3713	mov	x3, #19
 3714	extr	x5, x5, x13, #63
 3715	mul	x5, x5, x3
 3716	and	x13, x13, #0x7fffffffffffffff
 3717	mov	x3, #38
 3718	mul	x4, x3, x14
 3719	adds	x10, x10, x4
 3720	umulh	x14, x3, x14
 3721	mul	x4, x3, x15
 3722	adcs	x11, x11, x4
 3723	umulh	x15, x3, x15
 3724	mul	x4, x3, x16
 3725	adcs	x12, x12, x4
 3726	umulh	x16, x3, x16
 3727	adc	x13, x13, xzr
 3728	#  Add high product results in
 3729	adds	x6, x10, x5
 3730	adcs	x7, x11, x14
 3731	adcs	x8, x12, x15
 3732	adc	x9, x13, x16
 3733	subs	x24, x24, #1
 3734	bne	L_curve25519_base_inv_2
 3735	# Store
 3736	stp	x6, x7, [x29, #112]
 3737	stp	x8, x9, [x29, #128]
 3738	add	x0, x29, #0x70
 3739#ifndef NDEBUG
 3740	add	x1, x29, #0x70
 3741#endif /* !NDEBUG */
 3742	add	x2, x29, #0x50
 3743#ifndef __APPLE__
 3744	bl	fe_mul
 3745#else
 3746	bl	_fe_mul
 3747#endif /* __APPLE__ */
 3748	# Loop: 20 times
 3749	mov	x24, #20
 3750	ldp	x6, x7, [x29, #112]
 3751	ldp	x8, x9, [x29, #128]
 3752L_curve25519_base_inv_3:
 3753	# Square
 3754	#  A[0] * A[1]
 3755	umulh	x12, x6, x7
 3756	mul	x11, x6, x7
 3757	#  A[0] * A[3]
 3758	umulh	x14, x6, x9
 3759	mul	x13, x6, x9
 3760	#  A[0] * A[2]
 3761	mul	x3, x6, x8
 3762	adds	x12, x12, x3
 3763	umulh	x4, x6, x8
 3764	adcs	x13, x13, x4
 3765	#  A[1] * A[3]
 3766	mul	x3, x7, x9
 3767	adcs	x14, x14, x3
 3768	umulh	x15, x7, x9
 3769	adc	x15, x15, xzr
 3770	#  A[1] * A[2]
 3771	mul	x3, x7, x8
 3772	adds	x13, x13, x3
 3773	umulh	x4, x7, x8
 3774	adcs	x14, x14, x4
 3775	#  A[2] * A[3]
 3776	mul	x3, x8, x9
 3777	adcs	x15, x15, x3
 3778	umulh	x16, x8, x9
 3779	adc	x16, x16, xzr
 3780	# Double
 3781	adds	x11, x11, x11
 3782	adcs	x12, x12, x12
 3783	adcs	x13, x13, x13
 3784	adcs	x14, x14, x14
 3785	adcs	x15, x15, x15
 3786	adcs	x16, x16, x16
 3787	adc	x17, xzr, xzr
 3788	#  A[0] * A[0]
 3789	umulh	x4, x6, x6
 3790	mul	x10, x6, x6
 3791	#  A[1] * A[1]
 3792	mul	x3, x7, x7
 3793	adds	x11, x11, x4
 3794	umulh	x4, x7, x7
 3795	adcs	x12, x12, x3
 3796	#  A[2] * A[2]
 3797	mul	x3, x8, x8
 3798	adcs	x13, x13, x4
 3799	umulh	x4, x8, x8
 3800	adcs	x14, x14, x3
 3801	#  A[3] * A[3]
 3802	mul	x3, x9, x9
 3803	adcs	x15, x15, x4
 3804	umulh	x4, x9, x9
 3805	adcs	x16, x16, x3
 3806	adc	x17, x17, x4
 3807	# Reduce
 3808	mov	x3, #38
 3809	mul	x4, x3, x17
 3810	adds	x13, x13, x4
 3811	umulh	x5, x3, x17
 3812	adc	x5, x5, xzr
 3813	mov	x3, #19
 3814	extr	x5, x5, x13, #63
 3815	mul	x5, x5, x3
 3816	and	x13, x13, #0x7fffffffffffffff
 3817	mov	x3, #38
 3818	mul	x4, x3, x14
 3819	adds	x10, x10, x4
 3820	umulh	x14, x3, x14
 3821	mul	x4, x3, x15
 3822	adcs	x11, x11, x4
 3823	umulh	x15, x3, x15
 3824	mul	x4, x3, x16
 3825	adcs	x12, x12, x4
 3826	umulh	x16, x3, x16
 3827	adc	x13, x13, xzr
 3828	#  Add high product results in
 3829	adds	x6, x10, x5
 3830	adcs	x7, x11, x14
 3831	adcs	x8, x12, x15
 3832	adc	x9, x13, x16
 3833	subs	x24, x24, #1
 3834	bne	L_curve25519_base_inv_3
 3835	# Store
 3836	stp	x6, x7, [x29, #144]
 3837	stp	x8, x9, [x29, #160]
 3838#ifndef NDEBUG
 3839	add	x0, x29, #0x70
 3840#endif /* !NDEBUG */
 3841	add	x1, x29, #0x90
 3842	add	x2, x29, #0x70
 3843#ifndef __APPLE__
 3844	bl	fe_mul
 3845#else
 3846	bl	_fe_mul
 3847#endif /* __APPLE__ */
 3848	# Loop: 10 times
 3849	mov	x24, #10
 3850	ldp	x6, x7, [x29, #112]
 3851	ldp	x8, x9, [x29, #128]
 3852L_curve25519_base_inv_4:
 3853	# Square
 3854	#  A[0] * A[1]
 3855	umulh	x12, x6, x7
 3856	mul	x11, x6, x7
 3857	#  A[0] * A[3]
 3858	umulh	x14, x6, x9
 3859	mul	x13, x6, x9
 3860	#  A[0] * A[2]
 3861	mul	x3, x6, x8
 3862	adds	x12, x12, x3
 3863	umulh	x4, x6, x8
 3864	adcs	x13, x13, x4
 3865	#  A[1] * A[3]
 3866	mul	x3, x7, x9
 3867	adcs	x14, x14, x3
 3868	umulh	x15, x7, x9
 3869	adc	x15, x15, xzr
 3870	#  A[1] * A[2]
 3871	mul	x3, x7, x8
 3872	adds	x13, x13, x3
 3873	umulh	x4, x7, x8
 3874	adcs	x14, x14, x4
 3875	#  A[2] * A[3]
 3876	mul	x3, x8, x9
 3877	adcs	x15, x15, x3
 3878	umulh	x16, x8, x9
 3879	adc	x16, x16, xzr
 3880	# Double
 3881	adds	x11, x11, x11
 3882	adcs	x12, x12, x12
 3883	adcs	x13, x13, x13
 3884	adcs	x14, x14, x14
 3885	adcs	x15, x15, x15
 3886	adcs	x16, x16, x16
 3887	adc	x17, xzr, xzr
 3888	#  A[0] * A[0]
 3889	umulh	x4, x6, x6
 3890	mul	x10, x6, x6
 3891	#  A[1] * A[1]
 3892	mul	x3, x7, x7
 3893	adds	x11, x11, x4
 3894	umulh	x4, x7, x7
 3895	adcs	x12, x12, x3
 3896	#  A[2] * A[2]
 3897	mul	x3, x8, x8
 3898	adcs	x13, x13, x4
 3899	umulh	x4, x8, x8
 3900	adcs	x14, x14, x3
 3901	#  A[3] * A[3]
 3902	mul	x3, x9, x9
 3903	adcs	x15, x15, x4
 3904	umulh	x4, x9, x9
 3905	adcs	x16, x16, x3
 3906	adc	x17, x17, x4
 3907	# Reduce
 3908	mov	x3, #38
 3909	mul	x4, x3, x17
 3910	adds	x13, x13, x4
 3911	umulh	x5, x3, x17
 3912	adc	x5, x5, xzr
 3913	mov	x3, #19
 3914	extr	x5, x5, x13, #63
 3915	mul	x5, x5, x3
 3916	and	x13, x13, #0x7fffffffffffffff
 3917	mov	x3, #38
 3918	mul	x4, x3, x14
 3919	adds	x10, x10, x4
 3920	umulh	x14, x3, x14
 3921	mul	x4, x3, x15
 3922	adcs	x11, x11, x4
 3923	umulh	x15, x3, x15
 3924	mul	x4, x3, x16
 3925	adcs	x12, x12, x4
 3926	umulh	x16, x3, x16
 3927	adc	x13, x13, xzr
 3928	#  Add high product results in
 3929	adds	x6, x10, x5
 3930	adcs	x7, x11, x14
 3931	adcs	x8, x12, x15
 3932	adc	x9, x13, x16
 3933	subs	x24, x24, #1
 3934	bne	L_curve25519_base_inv_4
 3935	# Store
 3936	stp	x6, x7, [x29, #112]
 3937	stp	x8, x9, [x29, #128]
 3938	add	x0, x29, #0x50
 3939	add	x1, x29, #0x70
 3940	add	x2, x29, #0x50
 3941#ifndef __APPLE__
 3942	bl	fe_mul
 3943#else
 3944	bl	_fe_mul
 3945#endif /* __APPLE__ */
 3946	# Loop: 50 times
 3947	mov	x24, #50
 3948	ldp	x6, x7, [x29, #80]
 3949	ldp	x8, x9, [x29, #96]
 3950L_curve25519_base_inv_5:
 3951	# Square
 3952	#  A[0] * A[1]
 3953	umulh	x12, x6, x7
 3954	mul	x11, x6, x7
 3955	#  A[0] * A[3]
 3956	umulh	x14, x6, x9
 3957	mul	x13, x6, x9
 3958	#  A[0] * A[2]
 3959	mul	x3, x6, x8
 3960	adds	x12, x12, x3
 3961	umulh	x4, x6, x8
 3962	adcs	x13, x13, x4
 3963	#  A[1] * A[3]
 3964	mul	x3, x7, x9
 3965	adcs	x14, x14, x3
 3966	umulh	x15, x7, x9
 3967	adc	x15, x15, xzr
 3968	#  A[1] * A[2]
 3969	mul	x3, x7, x8
 3970	adds	x13, x13, x3
 3971	umulh	x4, x7, x8
 3972	adcs	x14, x14, x4
 3973	#  A[2] * A[3]
 3974	mul	x3, x8, x9
 3975	adcs	x15, x15, x3
 3976	umulh	x16, x8, x9
 3977	adc	x16, x16, xzr
 3978	# Double
 3979	adds	x11, x11, x11
 3980	adcs	x12, x12, x12
 3981	adcs	x13, x13, x13
 3982	adcs	x14, x14, x14
 3983	adcs	x15, x15, x15
 3984	adcs	x16, x16, x16
 3985	adc	x17, xzr, xzr
 3986	#  A[0] * A[0]
 3987	umulh	x4, x6, x6
 3988	mul	x10, x6, x6
 3989	#  A[1] * A[1]
 3990	mul	x3, x7, x7
 3991	adds	x11, x11, x4
 3992	umulh	x4, x7, x7
 3993	adcs	x12, x12, x3
 3994	#  A[2] * A[2]
 3995	mul	x3, x8, x8
 3996	adcs	x13, x13, x4
 3997	umulh	x4, x8, x8
 3998	adcs	x14, x14, x3
 3999	#  A[3] * A[3]
 4000	mul	x3, x9, x9
 4001	adcs	x15, x15, x4
 4002	umulh	x4, x9, x9
 4003	adcs	x16, x16, x3
 4004	adc	x17, x17, x4
 4005	# Reduce
 4006	mov	x3, #38
 4007	mul	x4, x3, x17
 4008	adds	x13, x13, x4
 4009	umulh	x5, x3, x17
 4010	adc	x5, x5, xzr
 4011	mov	x3, #19
 4012	extr	x5, x5, x13, #63
 4013	mul	x5, x5, x3
 4014	and	x13, x13, #0x7fffffffffffffff
 4015	mov	x3, #38
 4016	mul	x4, x3, x14
 4017	adds	x10, x10, x4
 4018	umulh	x14, x3, x14
 4019	mul	x4, x3, x15
 4020	adcs	x11, x11, x4
 4021	umulh	x15, x3, x15
 4022	mul	x4, x3, x16
 4023	adcs	x12, x12, x4
 4024	umulh	x16, x3, x16
 4025	adc	x13, x13, xzr
 4026	#  Add high product results in
 4027	adds	x6, x10, x5
 4028	adcs	x7, x11, x14
 4029	adcs	x8, x12, x15
 4030	adc	x9, x13, x16
 4031	subs	x24, x24, #1
 4032	bne	L_curve25519_base_inv_5
 4033	# Store
 4034	stp	x6, x7, [x29, #112]
 4035	stp	x8, x9, [x29, #128]
 4036	add	x0, x29, #0x70
 4037#ifndef NDEBUG
 4038	add	x1, x29, #0x70
 4039#endif /* !NDEBUG */
 4040	add	x2, x29, #0x50
 4041#ifndef __APPLE__
 4042	bl	fe_mul
 4043#else
 4044	bl	_fe_mul
 4045#endif /* __APPLE__ */
 4046	# Loop: 100 times
 4047	mov	x24, #0x64
 4048	ldp	x6, x7, [x29, #112]
 4049	ldp	x8, x9, [x29, #128]
 4050L_curve25519_base_inv_6:
 4051	# Square
 4052	#  A[0] * A[1]
 4053	umulh	x12, x6, x7
 4054	mul	x11, x6, x7
 4055	#  A[0] * A[3]
 4056	umulh	x14, x6, x9
 4057	mul	x13, x6, x9
 4058	#  A[0] * A[2]
 4059	mul	x3, x6, x8
 4060	adds	x12, x12, x3
 4061	umulh	x4, x6, x8
 4062	adcs	x13, x13, x4
 4063	#  A[1] * A[3]
 4064	mul	x3, x7, x9
 4065	adcs	x14, x14, x3
 4066	umulh	x15, x7, x9
 4067	adc	x15, x15, xzr
 4068	#  A[1] * A[2]
 4069	mul	x3, x7, x8
 4070	adds	x13, x13, x3
 4071	umulh	x4, x7, x8
 4072	adcs	x14, x14, x4
 4073	#  A[2] * A[3]
 4074	mul	x3, x8, x9
 4075	adcs	x15, x15, x3
 4076	umulh	x16, x8, x9
 4077	adc	x16, x16, xzr
 4078	# Double
 4079	adds	x11, x11, x11
 4080	adcs	x12, x12, x12
 4081	adcs	x13, x13, x13
 4082	adcs	x14, x14, x14
 4083	adcs	x15, x15, x15
 4084	adcs	x16, x16, x16
 4085	adc	x17, xzr, xzr
 4086	#  A[0] * A[0]
 4087	umulh	x4, x6, x6
 4088	mul	x10, x6, x6
 4089	#  A[1] * A[1]
 4090	mul	x3, x7, x7
 4091	adds	x11, x11, x4
 4092	umulh	x4, x7, x7
 4093	adcs	x12, x12, x3
 4094	#  A[2] * A[2]
 4095	mul	x3, x8, x8
 4096	adcs	x13, x13, x4
 4097	umulh	x4, x8, x8
 4098	adcs	x14, x14, x3
 4099	#  A[3] * A[3]
 4100	mul	x3, x9, x9
 4101	adcs	x15, x15, x4
 4102	umulh	x4, x9, x9
 4103	adcs	x16, x16, x3
 4104	adc	x17, x17, x4
 4105	# Reduce
 4106	mov	x3, #38
 4107	mul	x4, x3, x17
 4108	adds	x13, x13, x4
 4109	umulh	x5, x3, x17
 4110	adc	x5, x5, xzr
 4111	mov	x3, #19
 4112	extr	x5, x5, x13, #63
 4113	mul	x5, x5, x3
 4114	and	x13, x13, #0x7fffffffffffffff
 4115	mov	x3, #38
 4116	mul	x4, x3, x14
 4117	adds	x10, x10, x4
 4118	umulh	x14, x3, x14
 4119	mul	x4, x3, x15
 4120	adcs	x11, x11, x4
 4121	umulh	x15, x3, x15
 4122	mul	x4, x3, x16
 4123	adcs	x12, x12, x4
 4124	umulh	x16, x3, x16
 4125	adc	x13, x13, xzr
 4126	#  Add high product results in
 4127	adds	x6, x10, x5
 4128	adcs	x7, x11, x14
 4129	adcs	x8, x12, x15
 4130	adc	x9, x13, x16
 4131	subs	x24, x24, #1
 4132	bne	L_curve25519_base_inv_6
 4133	# Store
 4134	stp	x6, x7, [x29, #144]
 4135	stp	x8, x9, [x29, #160]
 4136#ifndef NDEBUG
 4137	add	x0, x29, #0x70
 4138#endif /* !NDEBUG */
 4139	add	x1, x29, #0x90
 4140	add	x2, x29, #0x70
 4141#ifndef __APPLE__
 4142	bl	fe_mul
 4143#else
 4144	bl	_fe_mul
 4145#endif /* __APPLE__ */
 4146	# Loop: 50 times
 4147	mov	x24, #50
 4148	ldp	x6, x7, [x29, #112]
 4149	ldp	x8, x9, [x29, #128]
 4150L_curve25519_base_inv_7:
 4151	# Square
 4152	#  A[0] * A[1]
 4153	umulh	x12, x6, x7
 4154	mul	x11, x6, x7
 4155	#  A[0] * A[3]
 4156	umulh	x14, x6, x9
 4157	mul	x13, x6, x9
 4158	#  A[0] * A[2]
 4159	mul	x3, x6, x8
 4160	adds	x12, x12, x3
 4161	umulh	x4, x6, x8
 4162	adcs	x13, x13, x4
 4163	#  A[1] * A[3]
 4164	mul	x3, x7, x9
 4165	adcs	x14, x14, x3
 4166	umulh	x15, x7, x9
 4167	adc	x15, x15, xzr
 4168	#  A[1] * A[2]
 4169	mul	x3, x7, x8
 4170	adds	x13, x13, x3
 4171	umulh	x4, x7, x8
 4172	adcs	x14, x14, x4
 4173	#  A[2] * A[3]
 4174	mul	x3, x8, x9
 4175	adcs	x15, x15, x3
 4176	umulh	x16, x8, x9
 4177	adc	x16, x16, xzr
 4178	# Double
 4179	adds	x11, x11, x11
 4180	adcs	x12, x12, x12
 4181	adcs	x13, x13, x13
 4182	adcs	x14, x14, x14
 4183	adcs	x15, x15, x15
 4184	adcs	x16, x16, x16
 4185	adc	x17, xzr, xzr
 4186	#  A[0] * A[0]
 4187	umulh	x4, x6, x6
 4188	mul	x10, x6, x6
 4189	#  A[1] * A[1]
 4190	mul	x3, x7, x7
 4191	adds	x11, x11, x4
 4192	umulh	x4, x7, x7
 4193	adcs	x12, x12, x3
 4194	#  A[2] * A[2]
 4195	mul	x3, x8, x8
 4196	adcs	x13, x13, x4
 4197	umulh	x4, x8, x8
 4198	adcs	x14, x14, x3
 4199	#  A[3] * A[3]
 4200	mul	x3, x9, x9
 4201	adcs	x15, x15, x4
 4202	umulh	x4, x9, x9
 4203	adcs	x16, x16, x3
 4204	adc	x17, x17, x4
 4205	# Reduce
 4206	mov	x3, #38
 4207	mul	x4, x3, x17
 4208	adds	x13, x13, x4
 4209	umulh	x5, x3, x17
 4210	adc	x5, x5, xzr
 4211	mov	x3, #19
 4212	extr	x5, x5, x13, #63
 4213	mul	x5, x5, x3
 4214	and	x13, x13, #0x7fffffffffffffff
 4215	mov	x3, #38
 4216	mul	x4, x3, x14
 4217	adds	x10, x10, x4
 4218	umulh	x14, x3, x14
 4219	mul	x4, x3, x15
 4220	adcs	x11, x11, x4
 4221	umulh	x15, x3, x15
 4222	mul	x4, x3, x16
 4223	adcs	x12, x12, x4
 4224	umulh	x16, x3, x16
 4225	adc	x13, x13, xzr
 4226	#  Add high product results in
 4227	adds	x6, x10, x5
 4228	adcs	x7, x11, x14
 4229	adcs	x8, x12, x15
 4230	adc	x9, x13, x16
 4231	subs	x24, x24, #1
 4232	bne	L_curve25519_base_inv_7
 4233	# Store
 4234	stp	x6, x7, [x29, #112]
 4235	stp	x8, x9, [x29, #128]
 4236	add	x0, x29, #0x50
 4237	add	x1, x29, #0x70
 4238	add	x2, x29, #0x50
 4239#ifndef __APPLE__
 4240	bl	fe_mul
 4241#else
 4242	bl	_fe_mul
 4243#endif /* __APPLE__ */
 4244	# Loop: 5 times
 4245	mov	x24, #5
 4246	ldp	x6, x7, [x29, #80]
 4247	ldp	x8, x9, [x29, #96]
 4248L_curve25519_base_inv_8:
 4249	# Square
 4250	#  A[0] * A[1]
 4251	umulh	x12, x6, x7
 4252	mul	x11, x6, x7
 4253	#  A[0] * A[3]
 4254	umulh	x14, x6, x9
 4255	mul	x13, x6, x9
 4256	#  A[0] * A[2]
 4257	mul	x3, x6, x8
 4258	adds	x12, x12, x3
 4259	umulh	x4, x6, x8
 4260	adcs	x13, x13, x4
 4261	#  A[1] * A[3]
 4262	mul	x3, x7, x9
 4263	adcs	x14, x14, x3
 4264	umulh	x15, x7, x9
 4265	adc	x15, x15, xzr
 4266	#  A[1] * A[2]
 4267	mul	x3, x7, x8
 4268	adds	x13, x13, x3
 4269	umulh	x4, x7, x8
 4270	adcs	x14, x14, x4
 4271	#  A[2] * A[3]
 4272	mul	x3, x8, x9
 4273	adcs	x15, x15, x3
 4274	umulh	x16, x8, x9
 4275	adc	x16, x16, xzr
 4276	# Double
 4277	adds	x11, x11, x11
 4278	adcs	x12, x12, x12
 4279	adcs	x13, x13, x13
 4280	adcs	x14, x14, x14
 4281	adcs	x15, x15, x15
 4282	adcs	x16, x16, x16
 4283	adc	x17, xzr, xzr
 4284	#  A[0] * A[0]
 4285	umulh	x4, x6, x6
 4286	mul	x10, x6, x6
 4287	#  A[1] * A[1]
 4288	mul	x3, x7, x7
 4289	adds	x11, x11, x4
 4290	umulh	x4, x7, x7
 4291	adcs	x12, x12, x3
 4292	#  A[2] * A[2]
 4293	mul	x3, x8, x8
 4294	adcs	x13, x13, x4
 4295	umulh	x4, x8, x8
 4296	adcs	x14, x14, x3
 4297	#  A[3] * A[3]
 4298	mul	x3, x9, x9
 4299	adcs	x15, x15, x4
 4300	umulh	x4, x9, x9
 4301	adcs	x16, x16, x3
 4302	adc	x17, x17, x4
 4303	# Reduce
 4304	mov	x3, #38
 4305	mul	x4, x3, x17
 4306	adds	x13, x13, x4
 4307	umulh	x5, x3, x17
 4308	adc	x5, x5, xzr
 4309	mov	x3, #19
 4310	extr	x5, x5, x13, #63
 4311	mul	x5, x5, x3
 4312	and	x13, x13, #0x7fffffffffffffff
 4313	mov	x3, #38
 4314	mul	x4, x3, x14
 4315	adds	x10, x10, x4
 4316	umulh	x14, x3, x14
 4317	mul	x4, x3, x15
 4318	adcs	x11, x11, x4
 4319	umulh	x15, x3, x15
 4320	mul	x4, x3, x16
 4321	adcs	x12, x12, x4
 4322	umulh	x16, x3, x16
 4323	adc	x13, x13, xzr
 4324	#  Add high product results in
 4325	adds	x6, x10, x5
 4326	adcs	x7, x11, x14
 4327	adcs	x8, x12, x15
 4328	adc	x9, x13, x16
 4329	subs	x24, x24, #1
 4330	bne	L_curve25519_base_inv_8
 4331	# Store
 4332	stp	x6, x7, [x29, #80]
 4333	stp	x8, x9, [x29, #96]
 4334	add	x0, x29, #16
 4335	add	x1, x29, #0x50
 4336	add	x2, x29, #48
 4337#ifndef __APPLE__
 4338	bl	fe_mul
 4339#else
 4340	bl	_fe_mul
 4341#endif /* __APPLE__ */
 4342	mov	x0, x23
 4343	# Multiply
 4344	ldp	x6, x7, [x0]
 4345	ldp	x8, x9, [x0, #16]
 4346	ldp	x10, x11, [x29, #16]
 4347	ldp	x12, x13, [x29, #32]
 4348	# A[0] * B[0]
 4349	umulh	x15, x6, x10
 4350	mul	x14, x6, x10
 4351	# A[2] * B[0]
 4352	umulh	x17, x8, x10
 4353	mul	x16, x8, x10
 4354	# A[1] * B[0]
 4355	mul	x3, x7, x10
 4356	adds	x15, x15, x3
 4357	umulh	x4, x7, x10
 4358	adcs	x16, x16, x4
 4359	# A[1] * B[3]
 4360	umulh	x20, x7, x13
 4361	adc	x17, x17, xzr
 4362	mul	x19, x7, x13
 4363	# A[0] * B[1]
 4364	mul	x3, x6, x11
 4365	adds	x15, x15, x3
 4366	umulh	x4, x6, x11
 4367	adcs	x16, x16, x4
 4368	# A[2] * B[1]
 4369	mul	x3, x8, x11
 4370	adcs	x17, x17, x3
 4371	umulh	x4, x8, x11
 4372	adcs	x19, x19, x4
 4373	adc	x20, x20, xzr
 4374	# A[1] * B[2]
 4375	mul	x3, x7, x12
 4376	adds	x17, x17, x3
 4377	umulh	x4, x7, x12
 4378	adcs	x19, x19, x4
 4379	adcs	x20, x20, xzr
 4380	adc	x21, xzr, xzr
 4381	# A[0] * B[2]
 4382	mul	x3, x6, x12
 4383	adds	x16, x16, x3
 4384	umulh	x4, x6, x12
 4385	adcs	x17, x17, x4
 4386	adcs	x19, x19, xzr
 4387	adcs	x20, x20, xzr
 4388	adc	x21, x21, xzr
 4389	# A[1] * B[1]
 4390	mul	x3, x7, x11
 4391	adds	x16, x16, x3
 4392	umulh	x4, x7, x11
 4393	adcs	x17, x17, x4
 4394	# A[3] * B[1]
 4395	mul	x3, x9, x11
 4396	adcs	x19, x19, x3
 4397	umulh	x4, x9, x11
 4398	adcs	x20, x20, x4
 4399	adc	x21, x21, xzr
 4400	# A[2] * B[2]
 4401	mul	x3, x8, x12
 4402	adds	x19, x19, x3
 4403	umulh	x4, x8, x12
 4404	adcs	x20, x20, x4
 4405	# A[3] * B[3]
 4406	mul	x3, x9, x13
 4407	adcs	x21, x21, x3
 4408	umulh	x22, x9, x13
 4409	adc	x22, x22, xzr
 4410	# A[0] * B[3]
 4411	mul	x3, x6, x13
 4412	adds	x17, x17, x3
 4413	umulh	x4, x6, x13
 4414	adcs	x19, x19, x4
 4415	# A[2] * B[3]
 4416	mul	x3, x8, x13
 4417	adcs	x20, x20, x3
 4418	umulh	x4, x8, x13
 4419	adcs	x21, x21, x4
 4420	adc	x22, x22, xzr
 4421	# A[3] * B[0]
 4422	mul	x3, x9, x10
 4423	adds	x17, x17, x3
 4424	umulh	x4, x9, x10
 4425	adcs	x19, x19, x4
 4426	# A[3] * B[2]
 4427	mul	x3, x9, x12
 4428	adcs	x20, x20, x3
 4429	umulh	x4, x9, x12
 4430	adcs	x21, x21, x4
 4431	adc	x22, x22, xzr
 4432	# Reduce
 4433	mov	x3, #38
 4434	mul	x4, x3, x22
 4435	adds	x17, x17, x4
 4436	umulh	x5, x3, x22
 4437	adc	x5, x5, xzr
 4438	mov	x3, #19
 4439	extr	x5, x5, x17, #63
 4440	mul	x5, x5, x3
 4441	and	x17, x17, #0x7fffffffffffffff
 4442	mov	x3, #38
 4443	mul	x4, x3, x19
 4444	adds	x14, x14, x4
 4445	umulh	x19, x3, x19
 4446	mul	x4, x3, x20
 4447	adcs	x15, x15, x4
 4448	umulh	x20, x3, x20
 4449	mul	x4, x3, x21
 4450	adcs	x16, x16, x4
 4451	umulh	x21, x3, x21
 4452	adc	x17, x17, xzr
 4453	#  Add high product results in
 4454	adds	x14, x14, x5
 4455	adcs	x15, x15, x19
 4456	adcs	x16, x16, x20
 4457	adc	x17, x17, x21
 4458	# Reduce if top bit set
 4459	mov	x3, #19
 4460	and	x4, x3, x17, asr 63
 4461	adds	x14, x14, x4
 4462	adcs	x15, x15, xzr
 4463	and	x17, x17, #0x7fffffffffffffff
 4464	adcs	x16, x16, xzr
 4465	adc	x17, x17, xzr
 4466	adds	x4, x14, x3
 4467	adcs	x4, x15, xzr
 4468	adcs	x4, x16, xzr
 4469	adc	x4, x17, xzr
 4470	and	x4, x3, x4, asr 63
 4471	adds	x14, x14, x4
 4472	adcs	x15, x15, xzr
 4473	mov	x4, #0x7fffffffffffffff
 4474	adcs	x16, x16, xzr
 4475	adc	x17, x17, xzr
 4476	and	x17, x17, x4
 4477	# Store
 4478	stp	x14, x15, [x0]
 4479	stp	x16, x17, [x0, #16]
 4480	mov	x0, xzr
 4481	ldp	x17, x19, [x29, #184]
 4482	ldp	x20, x21, [x29, #200]
 4483	ldp	x22, x23, [x29, #216]
 4484	ldp	x24, x25, [x29, #232]
 4485	ldp	x26, x27, [x29, #248]
 4486	ldr	x28, [x29, #264]
 4487	ldp	x29, x30, [sp], #0x110
 4488	ret
 4489#ifndef __APPLE__
 4490	.size	curve25519_base,.-curve25519_base
 4491#endif /* __APPLE__ */
 4492#endif /* !HAVE_ED25519 && !WOLFSSL_CURVE25519_USE_ED25519 */
 4493#ifndef __APPLE__
 4494.text
 4495.globl	curve25519
 4496.type	curve25519,@function
 4497.align	2
 4498curve25519:
 4499#else
 4500.section	__TEXT,__text
 4501.globl	_curve25519
 4502.p2align	2
 4503_curve25519:
 4504#endif /* __APPLE__ */
 4505	stp	x29, x30, [sp, #-288]!
 4506	add	x29, sp, #0
 4507	stp	x17, x19, [x29, #200]
 4508	stp	x20, x21, [x29, #216]
 4509	stp	x22, x23, [x29, #232]
 4510	stp	x24, x25, [x29, #248]
 4511	stp	x26, x27, [x29, #264]
 4512	str	x28, [x29, #280]
 4513	mov	x23, xzr
 4514	str	x0, [x29, #176]
 4515	ldp	x6, x7, [x2]
 4516	ldp	x8, x9, [x2, #16]
 4517	mov	x10, #1
 4518	mov	x11, xzr
 4519	mov	x12, xzr
 4520	mov	x13, xzr
 4521	stp	x10, x11, [x0]
 4522	stp	x12, x13, [x0, #16]
 4523	# Set zero
 4524	stp	xzr, xzr, [x29, #16]
 4525	stp	xzr, xzr, [x29, #32]
 4526	mov	x24, #0xfe
 4527L_curve25519_bits:
 4528	lsr	x3, x24, #6
 4529	and	x4, x24, #63
 4530	ldr	x5, [x1, x3, LSL 3]
 4531	lsr	x5, x5, x4
 4532	eor	x23, x23, x5
 4533	# Conditional Swap
 4534	subs	xzr, xzr, x23, lsl 63
 4535	ldp	x25, x26, [x29, #16]
 4536	ldp	x27, x28, [x29, #32]
 4537	csel	x19, x25, x10, ne
 4538	csel	x25, x10, x25, ne
 4539	csel	x20, x26, x11, ne
 4540	csel	x26, x11, x26, ne
 4541	csel	x21, x27, x12, ne
 4542	csel	x27, x12, x27, ne
 4543	csel	x22, x28, x13, ne
 4544	csel	x28, x13, x28, ne
 4545	# Conditional Swap
 4546	subs	xzr, xzr, x23, lsl 63
 4547	ldp	x10, x11, [x0]
 4548	ldp	x12, x13, [x0, #16]
 4549	csel	x14, x10, x6, ne
 4550	csel	x10, x6, x10, ne
 4551	csel	x15, x11, x7, ne
 4552	csel	x11, x7, x11, ne
 4553	csel	x16, x12, x8, ne
 4554	csel	x12, x8, x12, ne
 4555	csel	x17, x13, x9, ne
 4556	csel	x13, x9, x13, ne
 4557	mov	x23, x5
 4558	# Add
 4559	adds	x6, x10, x25
 4560	adcs	x7, x11, x26
 4561	adcs	x8, x12, x27
 4562	adcs	x9, x13, x28
 4563	cset	x5, cs
 4564	mov	x3, #19
 4565	extr	x5, x5, x9, #63
 4566	mul	x3, x5, x3
 4567	#   Sub modulus (if overflow)
 4568	adds	x6, x6, x3
 4569	adcs	x7, x7, xzr
 4570	and	x9, x9, #0x7fffffffffffffff
 4571	adcs	x8, x8, xzr
 4572	adc	x9, x9, xzr
 4573	# Sub
 4574	subs	x25, x10, x25
 4575	sbcs	x26, x11, x26
 4576	sbcs	x27, x12, x27
 4577	sbcs	x28, x13, x28
 4578	csetm	x5, cc
 4579	mov	x3, #-19
 4580	extr	x5, x5, x28, #63
 4581	mul	x3, x5, x3
 4582	#   Add modulus (if underflow)
 4583	subs	x25, x25, x3
 4584	sbcs	x26, x26, xzr
 4585	and	x28, x28, #0x7fffffffffffffff
 4586	sbcs	x27, x27, xzr
 4587	sbc	x28, x28, xzr
 4588	stp	x25, x26, [x29, #80]
 4589	stp	x27, x28, [x29, #96]
 4590	# Add
 4591	adds	x10, x14, x19
 4592	adcs	x11, x15, x20
 4593	adcs	x12, x16, x21
 4594	adcs	x13, x17, x22
 4595	cset	x5, cs
 4596	mov	x3, #19
 4597	extr	x5, x5, x13, #63
 4598	mul	x3, x5, x3
 4599	#   Sub modulus (if overflow)
 4600	adds	x10, x10, x3
 4601	adcs	x11, x11, xzr
 4602	and	x13, x13, #0x7fffffffffffffff
 4603	adcs	x12, x12, xzr
 4604	adc	x13, x13, xzr
 4605	# Sub
 4606	subs	x14, x14, x19
 4607	sbcs	x15, x15, x20
 4608	sbcs	x16, x16, x21
 4609	sbcs	x17, x17, x22
 4610	csetm	x5, cc
 4611	mov	x3, #-19
 4612	extr	x5, x5, x17, #63
 4613	mul	x3, x5, x3
 4614	#   Add modulus (if underflow)
 4615	subs	x14, x14, x3
 4616	sbcs	x15, x15, xzr
 4617	and	x17, x17, #0x7fffffffffffffff
 4618	sbcs	x16, x16, xzr
 4619	sbc	x17, x17, xzr
 4620	# Multiply
 4621	# A[0] * B[0]
 4622	umulh	x20, x14, x6
 4623	mul	x19, x14, x6
 4624	# A[2] * B[0]
 4625	umulh	x22, x16, x6
 4626	mul	x21, x16, x6
 4627	# A[1] * B[0]
 4628	mul	x3, x15, x6
 4629	adds	x20, x20, x3
 4630	umulh	x4, x15, x6
 4631	adcs	x21, x21, x4
 4632	# A[1] * B[3]
 4633	umulh	x26, x15, x9
 4634	adc	x22, x22, xzr
 4635	mul	x25, x15, x9
 4636	# A[0] * B[1]
 4637	mul	x3, x14, x7
 4638	adds	x20, x20, x3
 4639	umulh	x4, x14, x7
 4640	adcs	x21, x21, x4
 4641	# A[2] * B[1]
 4642	mul	x3, x16, x7
 4643	adcs	x22, x22, x3
 4644	umulh	x4, x16, x7
 4645	adcs	x25, x25, x4
 4646	adc	x26, x26, xzr
 4647	# A[1] * B[2]
 4648	mul	x3, x15, x8
 4649	adds	x22, x22, x3
 4650	umulh	x4, x15, x8
 4651	adcs	x25, x25, x4
 4652	adcs	x26, x26, xzr
 4653	adc	x27, xzr, xzr
 4654	# A[0] * B[2]
 4655	mul	x3, x14, x8
 4656	adds	x21, x21, x3
 4657	umulh	x4, x14, x8
 4658	adcs	x22, x22, x4
 4659	adcs	x25, x25, xzr
 4660	adcs	x26, x26, xzr
 4661	adc	x27, x27, xzr
 4662	# A[1] * B[1]
 4663	mul	x3, x15, x7
 4664	adds	x21, x21, x3
 4665	umulh	x4, x15, x7
 4666	adcs	x22, x22, x4
 4667	# A[3] * B[1]
 4668	mul	x3, x17, x7
 4669	adcs	x25, x25, x3
 4670	umulh	x4, x17, x7
 4671	adcs	x26, x26, x4
 4672	adc	x27, x27, xzr
 4673	# A[2] * B[2]
 4674	mul	x3, x16, x8
 4675	adds	x25, x25, x3
 4676	umulh	x4, x16, x8
 4677	adcs	x26, x26, x4
 4678	# A[3] * B[3]
 4679	mul	x3, x17, x9
 4680	adcs	x27, x27, x3
 4681	umulh	x28, x17, x9
 4682	adc	x28, x28, xzr
 4683	# A[0] * B[3]
 4684	mul	x3, x14, x9
 4685	adds	x22, x22, x3
 4686	umulh	x4, x14, x9
 4687	adcs	x25, x25, x4
 4688	# A[2] * B[3]
 4689	mul	x3, x16, x9
 4690	adcs	x26, x26, x3
 4691	umulh	x4, x16, x9
 4692	adcs	x27, x27, x4
 4693	adc	x28, x28, xzr
 4694	# A[3] * B[0]
 4695	mul	x3, x17, x6
 4696	adds	x22, x22, x3
 4697	umulh	x4, x17, x6
 4698	adcs	x25, x25, x4
 4699	# A[3] * B[2]
 4700	mul	x3, x17, x8
 4701	adcs	x26, x26, x3
 4702	umulh	x4, x17, x8
 4703	adcs	x27, x27, x4
 4704	adc	x28, x28, xzr
 4705	# Reduce
 4706	mov	x3, #38
 4707	mul	x4, x3, x28
 4708	adds	x22, x22, x4
 4709	umulh	x5, x3, x28
 4710	adc	x5, x5, xzr
 4711	mov	x3, #19
 4712	extr	x5, x5, x22, #63
 4713	mul	x5, x5, x3
 4714	and	x22, x22, #0x7fffffffffffffff
 4715	mov	x3, #38
 4716	mul	x4, x3, x25
 4717	adds	x19, x19, x4
 4718	umulh	x25, x3, x25
 4719	mul	x4, x3, x26
 4720	adcs	x20, x20, x4
 4721	umulh	x26, x3, x26
 4722	mul	x4, x3, x27
 4723	adcs	x21, x21, x4
 4724	umulh	x27, x3, x27
 4725	adc	x22, x22, xzr
 4726	#  Add high product results in
 4727	adds	x19, x19, x5
 4728	adcs	x20, x20, x25
 4729	adcs	x21, x21, x26
 4730	adc	x22, x22, x27
 4731	# Store
 4732	stp	x19, x20, [x29, #48]
 4733	stp	x21, x22, [x29, #64]
 4734	# Multiply
 4735	ldp	x25, x26, [x29, #80]
 4736	ldp	x27, x28, [x29, #96]
 4737	# A[0] * B[0]
 4738	umulh	x20, x10, x25
 4739	mul	x19, x10, x25
 4740	# A[2] * B[0]
 4741	umulh	x22, x12, x25
 4742	mul	x21, x12, x25
 4743	# A[1] * B[0]
 4744	mul	x3, x11, x25
 4745	adds	x20, x20, x3
 4746	umulh	x4, x11, x25
 4747	adcs	x21, x21, x4
 4748	# A[1] * B[3]
 4749	umulh	x15, x11, x28
 4750	adc	x22, x22, xzr
 4751	mul	x14, x11, x28
 4752	# A[0] * B[1]
 4753	mul	x3, x10, x26
 4754	adds	x20, x20, x3
 4755	umulh	x4, x10, x26
 4756	adcs	x21, x21, x4
 4757	# A[2] * B[1]
 4758	mul	x3, x12, x26
 4759	adcs	x22, x22, x3
 4760	umulh	x4, x12, x26
 4761	adcs	x14, x14, x4
 4762	adc	x15, x15, xzr
 4763	# A[1] * B[2]
 4764	mul	x3, x11, x27
 4765	adds	x22, x22, x3
 4766	umulh	x4, x11, x27
 4767	adcs	x14, x14, x4
 4768	adcs	x15, x15, xzr
 4769	adc	x16, xzr, xzr
 4770	# A[0] * B[2]
 4771	mul	x3, x10, x27
 4772	adds	x21, x21, x3
 4773	umulh	x4, x10, x27
 4774	adcs	x22, x22, x4
 4775	adcs	x14, x14, xzr
 4776	adcs	x15, x15, xzr
 4777	adc	x16, x16, xzr
 4778	# A[1] * B[1]
 4779	mul	x3, x11, x26
 4780	adds	x21, x21, x3
 4781	umulh	x4, x11, x26
 4782	adcs	x22, x22, x4
 4783	# A[3] * B[1]
 4784	mul	x3, x13, x26
 4785	adcs	x14, x14, x3
 4786	umulh	x4, x13, x26
 4787	adcs	x15, x15, x4
 4788	adc	x16, x16, xzr
 4789	# A[2] * B[2]
 4790	mul	x3, x12, x27
 4791	adds	x14, x14, x3
 4792	umulh	x4, x12, x27
 4793	adcs	x15, x15, x4
 4794	# A[3] * B[3]
 4795	mul	x3, x13, x28
 4796	adcs	x16, x16, x3
 4797	umulh	x17, x13, x28
 4798	adc	x17, x17, xzr
 4799	# A[0] * B[3]
 4800	mul	x3, x10, x28
 4801	adds	x22, x22, x3
 4802	umulh	x4, x10, x28
 4803	adcs	x14, x14, x4
 4804	# A[2] * B[3]
 4805	mul	x3, x12, x28
 4806	adcs	x15, x15, x3
 4807	umulh	x4, x12, x28
 4808	adcs	x16, x16, x4
 4809	adc	x17, x17, xzr
 4810	# A[3] * B[0]
 4811	mul	x3, x13, x25
 4812	adds	x22, x22, x3
 4813	umulh	x4, x13, x25
 4814	adcs	x14, x14, x4
 4815	# A[3] * B[2]
 4816	mul	x3, x13, x27
 4817	adcs	x15, x15, x3
 4818	umulh	x4, x13, x27
 4819	adcs	x16, x16, x4
 4820	adc	x17, x17, xzr
 4821	# Reduce
 4822	mov	x3, #38
 4823	mul	x4, x3, x17
 4824	adds	x22, x22, x4
 4825	umulh	x5, x3, x17
 4826	adc	x5, x5, xzr
 4827	mov	x3, #19
 4828	extr	x5, x5, x22, #63
 4829	mul	x5, x5, x3
 4830	and	x22, x22, #0x7fffffffffffffff
 4831	mov	x3, #38
 4832	mul	x4, x3, x14
 4833	adds	x19, x19, x4
 4834	umulh	x14, x3, x14
 4835	mul	x4, x3, x15
 4836	adcs	x20, x20, x4
 4837	umulh	x15, x3, x15
 4838	mul	x4, x3, x16
 4839	adcs	x21, x21, x4
 4840	umulh	x16, x3, x16
 4841	adc	x22, x22, xzr
 4842	#  Add high product results in
 4843	adds	x19, x19, x5
 4844	adcs	x20, x20, x14
 4845	adcs	x21, x21, x15
 4846	adc	x22, x22, x16
 4847	# Square
 4848	#  A[0] * A[1]
 4849	umulh	x12, x25, x26
 4850	mul	x11, x25, x26
 4851	#  A[0] * A[3]
 4852	umulh	x14, x25, x28
 4853	mul	x13, x25, x28
 4854	#  A[0] * A[2]
 4855	mul	x3, x25, x27
 4856	adds	x12, x12, x3
 4857	umulh	x4, x25, x27
 4858	adcs	x13, x13, x4
 4859	#  A[1] * A[3]
 4860	mul	x3, x26, x28
 4861	adcs	x14, x14, x3
 4862	umulh	x15, x26, x28
 4863	adc	x15, x15, xzr
 4864	#  A[1] * A[2]
 4865	mul	x3, x26, x27
 4866	adds	x13, x13, x3
 4867	umulh	x4, x26, x27
 4868	adcs	x14, x14, x4
 4869	#  A[2] * A[3]
 4870	mul	x3, x27, x28
 4871	adcs	x15, x15, x3
 4872	umulh	x16, x27, x28
 4873	adc	x16, x16, xzr
 4874	# Double
 4875	adds	x11, x11, x11
 4876	adcs	x12, x12, x12
 4877	adcs	x13, x13, x13
 4878	adcs	x14, x14, x14
 4879	adcs	x15, x15, x15
 4880	adcs	x16, x16, x16
 4881	adc	x17, xzr, xzr
 4882	#  A[0] * A[0]
 4883	umulh	x4, x25, x25
 4884	mul	x10, x25, x25
 4885	#  A[1] * A[1]
 4886	mul	x3, x26, x26
 4887	adds	x11, x11, x4
 4888	umulh	x4, x26, x26
 4889	adcs	x12, x12, x3
 4890	#  A[2] * A[2]
 4891	mul	x3, x27, x27
 4892	adcs	x13, x13, x4
 4893	umulh	x4, x27, x27
 4894	adcs	x14, x14, x3
 4895	#  A[3] * A[3]
 4896	mul	x3, x28, x28
 4897	adcs	x15, x15, x4
 4898	umulh	x4, x28, x28
 4899	adcs	x16, x16, x3
 4900	adc	x17, x17, x4
 4901	# Reduce
 4902	mov	x3, #38
 4903	mul	x4, x3, x17
 4904	adds	x13, x13, x4
 4905	umulh	x5, x3, x17
 4906	adc	x5, x5, xzr
 4907	mov	x3, #19
 4908	extr	x5, x5, x13, #63
 4909	mul	x5, x5, x3
 4910	and	x13, x13, #0x7fffffffffffffff
 4911	mov	x3, #38
 4912	mul	x4, x3, x14
 4913	adds	x10, x10, x4
 4914	umulh	x14, x3, x14
 4915	mul	x4, x3, x15
 4916	adcs	x11, x11, x4
 4917	umulh	x15, x3, x15
 4918	mul	x4, x3, x16
 4919	adcs	x12, x12, x4
 4920	umulh	x16, x3, x16
 4921	adc	x13, x13, xzr
 4922	#  Add high product results in
 4923	adds	x10, x10, x5
 4924	adcs	x11, x11, x14
 4925	adcs	x12, x12, x15
 4926	adc	x13, x13, x16
 4927	# Square
 4928	#  A[0] * A[1]
 4929	umulh	x16, x6, x7
 4930	mul	x15, x6, x7
 4931	#  A[0] * A[3]
 4932	umulh	x25, x6, x9
 4933	mul	x17, x6, x9
 4934	#  A[0] * A[2]
 4935	mul	x3, x6, x8
 4936	adds	x16, x16, x3
 4937	umulh	x4, x6, x8
 4938	adcs	x17, x17, x4
 4939	#  A[1] * A[3]
 4940	mul	x3, x7, x9
 4941	adcs	x25, x25, x3
 4942	umulh	x26, x7, x9
 4943	adc	x26, x26, xzr
 4944	#  A[1] * A[2]
 4945	mul	x3, x7, x8
 4946	adds	x17, x17, x3
 4947	umulh	x4, x7, x8
 4948	adcs	x25, x25, x4
 4949	#  A[2] * A[3]
 4950	mul	x3, x8, x9
 4951	adcs	x26, x26, x3
 4952	umulh	x27, x8, x9
 4953	adc	x27, x27, xzr
 4954	# Double
 4955	adds	x15, x15, x15
 4956	adcs	x16, x16, x16
 4957	adcs	x17, x17, x17
 4958	adcs	x25, x25, x25
 4959	adcs	x26, x26, x26
 4960	adcs	x27, x27, x27
 4961	adc	x28, xzr, xzr
 4962	#  A[0] * A[0]
 4963	umulh	x4, x6, x6
 4964	mul	x14, x6, x6
 4965	#  A[1] * A[1]
 4966	mul	x3, x7, x7
 4967	adds	x15, x15, x4
 4968	umulh	x4, x7, x7
 4969	adcs	x16, x16, x3
 4970	#  A[2] * A[2]
 4971	mul	x3, x8, x8
 4972	adcs	x17, x17, x4
 4973	umulh	x4, x8, x8
 4974	adcs	x25, x25, x3
 4975	#  A[3] * A[3]
 4976	mul	x3, x9, x9
 4977	adcs	x26, x26, x4
 4978	umulh	x4, x9, x9
 4979	adcs	x27, x27, x3
 4980	adc	x28, x28, x4
 4981	# Reduce
 4982	mov	x3, #38
 4983	mul	x4, x3, x28
 4984	adds	x17, x17, x4
 4985	umulh	x5, x3, x28
 4986	adc	x5, x5, xzr
 4987	mov	x3, #19
 4988	extr	x5, x5, x17, #63
 4989	mul	x5, x5, x3
 4990	and	x17, x17, #0x7fffffffffffffff
 4991	mov	x3, #38
 4992	mul	x4, x3, x25
 4993	adds	x14, x14, x4
 4994	umulh	x25, x3, x25
 4995	mul	x4, x3, x26
 4996	adcs	x15, x15, x4
 4997	umulh	x26, x3, x26
 4998	mul	x4, x3, x27
 4999	adcs	x16, x16, x4
 5000	umulh	x27, x3, x27
 5001	adc	x17, x17, xzr
 5002	#  Add high product results in
 5003	adds	x14, x14, x5
 5004	adcs	x15, x15, x25
 5005	adcs	x16, x16, x26
 5006	adc	x17, x17, x27
 5007	# Multiply
 5008	# A[0] * B[0]
 5009	umulh	x7, x14, x10
 5010	mul	x6, x14, x10
 5011	# A[2] * B[0]
 5012	umulh	x9, x16, x10
 5013	mul	x8, x16, x10
 5014	# A[1] * B[0]
 5015	mul	x3, x15, x10
 5016	adds	x7, x7, x3
 5017	umulh	x4, x15, x10
 5018	adcs	x8, x8, x4
 5019	# A[1] * B[3]
 5020	umulh	x26, x15, x13
 5021	adc	x9, x9, xzr
 5022	mul	x25, x15, x13
 5023	# A[0] * B[1]
 5024	mul	x3, x14, x11
 5025	adds	x7, x7, x3
 5026	umulh	x4, x14, x11
 5027	adcs	x8, x8, x4
 5028	# A[2] * B[1]
 5029	mul	x3, x16, x11
 5030	adcs	x9, x9, x3
 5031	umulh	x4, x16, x11
 5032	adcs	x25, x25, x4
 5033	adc	x26, x26, xzr
 5034	# A[1] * B[2]
 5035	mul	x3, x15, x12
 5036	adds	x9, x9, x3
 5037	umulh	x4, x15, x12
 5038	adcs	x25, x25, x4
 5039	adcs	x26, x26, xzr
 5040	adc	x27, xzr, xzr
 5041	# A[0] * B[2]
 5042	mul	x3, x14, x12
 5043	adds	x8, x8, x3
 5044	umulh	x4, x14, x12
 5045	adcs	x9, x9, x4
 5046	adcs	x25, x25, xzr
 5047	adcs	x26, x26, xzr
 5048	adc	x27, x27, xzr
 5049	# A[1] * B[1]
 5050	mul	x3, x15, x11
 5051	adds	x8, x8, x3
 5052	umulh	x4, x15, x11
 5053	adcs	x9, x9, x4
 5054	# A[3] * B[1]
 5055	mul	x3, x17, x11
 5056	adcs	x25, x25, x3
 5057	umulh	x4, x17, x11
 5058	adcs	x26, x26, x4
 5059	adc	x27, x27, xzr
 5060	# A[2] * B[2]
 5061	mul	x3, x16, x12
 5062	adds	x25, x25, x3
 5063	umulh	x4, x16, x12
 5064	adcs	x26, x26, x4
 5065	# A[3] * B[3]
 5066	mul	x3, x17, x13
 5067	adcs	x27, x27, x3
 5068	umulh	x28, x17, x13
 5069	adc	x28, x28, xzr
 5070	# A[0] * B[3]
 5071	mul	x3, x14, x13
 5072	adds	x9, x9, x3
 5073	umulh	x4, x14, x13
 5074	adcs	x25, x25, x4
 5075	# A[2] * B[3]
 5076	mul	x3, x16, x13
 5077	adcs	x26, x26, x3
 5078	umulh	x4, x16, x13
 5079	adcs	x27, x27, x4
 5080	adc	x28, x28, xzr
 5081	# A[3] * B[0]
 5082	mul	x3, x17, x10
 5083	adds	x9, x9, x3
 5084	umulh	x4, x17, x10
 5085	adcs	x25, x25, x4
 5086	# A[3] * B[2]
 5087	mul	x3, x17, x12
 5088	adcs	x26, x26, x3
 5089	umulh	x4, x17, x12
 5090	adcs	x27, x27, x4
 5091	adc	x28, x28, xzr
 5092	# Reduce
 5093	mov	x3, #38
 5094	mul	x4, x3, x28
 5095	adds	x9, x9, x4
 5096	umulh	x5, x3, x28
 5097	adc	x5, x5, xzr
 5098	mov	x3, #19
 5099	extr	x5, x5, x9, #63
 5100	mul	x5, x5, x3
 5101	and	x9, x9, #0x7fffffffffffffff
 5102	mov	x3, #38
 5103	mul	x4, x3, x25
 5104	adds	x6, x6, x4
 5105	umulh	x25, x3, x25
 5106	mul	x4, x3, x26
 5107	adcs	x7, x7, x4
 5108	umulh	x26, x3, x26
 5109	mul	x4, x3, x27
 5110	adcs	x8, x8, x4
 5111	umulh	x27, x3, x27
 5112	adc	x9, x9, xzr
 5113	#  Add high product results in
 5114	adds	x6, x6, x5
 5115	adcs	x7, x7, x25
 5116	adcs	x8, x8, x26
 5117	adc	x9, x9, x27
 5118	# Store
 5119	stp	x6, x7, [x0]
 5120	stp	x8, x9, [x0, #16]
 5121	# Sub
 5122	subs	x14, x14, x10
 5123	sbcs	x15, x15, x11
 5124	sbcs	x16, x16, x12
 5125	sbcs	x17, x17, x13
 5126	csetm	x5, cc
 5127	mov	x3, #-19
 5128	#   Mask the modulus
 5129	extr	x5, x5, x17, #63
 5130	mul	x3, x5, x3
 5131	#   Add modulus (if underflow)
 5132	subs	x14, x14, x3
 5133	sbcs	x15, x15, xzr
 5134	and	x17, x17, #0x7fffffffffffffff
 5135	sbcs	x16, x16, xzr
 5136	sbc	x17, x17, xzr
 5137	# Multiply by 121666
 5138	mov	x5, #0xdb42
 5139	movk	x5, #1, lsl 16
 5140	mul	x6, x14, x5
 5141	umulh	x7, x14, x5
 5142	mul	x3, x15, x5
 5143	umulh	x8, x15, x5
 5144	adds	x7, x7, x3
 5145	adc	x8, x8, xzr
 5146	mul	x3, x16, x5
 5147	umulh	x9, x16, x5
 5148	adds	x8, x8, x3
 5149	adc	x9, x9, xzr
 5150	mul	x3, x17, x5
 5151	umulh	x4, x17, x5
 5152	adds	x9, x9, x3
 5153	adc	x4, x4, xzr
 5154	mov	x5, #19
 5155	extr	x4, x4, x9, #63
 5156	mul	x4, x4, x5
 5157	adds	x6, x6, x4
 5158	adcs	x7, x7, xzr
 5159	and	x9, x9, #0x7fffffffffffffff
 5160	adcs	x8, x8, xzr
 5161	adc	x9, x9, xzr
 5162	# Add
 5163	adds	x10, x10, x6
 5164	adcs	x11, x11, x7
 5165	adcs	x12, x12, x8
 5166	adcs	x13, x13, x9
 5167	cset	x5, cs
 5168	mov	x3, #19
 5169	#   Mask the modulus
 5170	extr	x5, x5, x13, #63
 5171	mul	x3, x5, x3
 5172	#   Sub modulus (if overflow)
 5173	adds	x10, x10, x3
 5174	adcs	x11, x11, xzr
 5175	and	x13, x13, #0x7fffffffffffffff
 5176	adcs	x12, x12, xzr
 5177	adc	x13, x13, xzr
 5178	# Multiply
 5179	# A[0] * B[0]
 5180	umulh	x7, x14, x10
 5181	mul	x6, x14, x10
 5182	# A[2] * B[0]
 5183	umulh	x9, x16, x10
 5184	mul	x8, x16, x10
 5185	# A[1] * B[0]
 5186	mul	x3, x15, x10
 5187	adds	x7, x7, x3
 5188	umulh	x4, x15, x10
 5189	adcs	x8, x8, x4
 5190	# A[1] * B[3]
 5191	umulh	x26, x15, x13
 5192	adc	x9, x9, xzr
 5193	mul	x25, x15, x13
 5194	# A[0] * B[1]
 5195	mul	x3, x14, x11
 5196	adds	x7, x7, x3
 5197	umulh	x4, x14, x11
 5198	adcs	x8, x8, x4
 5199	# A[2] * B[1]
 5200	mul	x3, x16, x11
 5201	adcs	x9, x9, x3
 5202	umulh	x4, x16, x11
 5203	adcs	x25, x25, x4
 5204	adc	x26, x26, xzr
 5205	# A[1] * B[2]
 5206	mul	x3, x15, x12
 5207	adds	x9, x9, x3
 5208	umulh	x4, x15, x12
 5209	adcs	x25, x25, x4
 5210	adcs	x26, x26, xzr
 5211	adc	x27, xzr, xzr
 5212	# A[0] * B[2]
 5213	mul	x3, x14, x12
 5214	adds	x8, x8, x3
 5215	umulh	x4, x14, x12
 5216	adcs	x9, x9, x4
 5217	adcs	x25, x25, xzr
 5218	adcs	x26, x26, xzr
 5219	adc	x27, x27, xzr
 5220	# A[1] * B[1]
 5221	mul	x3, x15, x11
 5222	adds	x8, x8, x3
 5223	umulh	x4, x15, x11
 5224	adcs	x9, x9, x4
 5225	# A[3] * B[1]
 5226	mul	x3, x17, x11
 5227	adcs	x25, x25, x3
 5228	umulh	x4, x17, x11
 5229	adcs	x26, x26, x4
 5230	adc	x27, x27, xzr
 5231	# A[2] * B[2]
 5232	mul	x3, x16, x12
 5233	adds	x25, x25, x3
 5234	umulh	x4, x16, x12
 5235	adcs	x26, x26, x4
 5236	# A[3] * B[3]
 5237	mul	x3, x17, x13
 5238	adcs	x27, x27, x3
 5239	umulh	x28, x17, x13
 5240	adc	x28, x28, xzr
 5241	# A[0] * B[3]
 5242	mul	x3, x14, x13
 5243	adds	x9, x9, x3
 5244	umulh	x4, x14, x13
 5245	adcs	x25, x25, x4
 5246	# A[2] * B[3]
 5247	mul	x3, x16, x13
 5248	adcs	x26, x26, x3
 5249	umulh	x4, x16, x13
 5250	adcs	x27, x27, x4
 5251	adc	x28, x28, xzr
 5252	# A[3] * B[0]
 5253	mul	x3, x17, x10
 5254	adds	x9, x9, x3
 5255	umulh	x4, x17, x10
 5256	adcs	x25, x25, x4
 5257	# A[3] * B[2]
 5258	mul	x3, x17, x12
 5259	adcs	x26, x26, x3
 5260	umulh	x4, x17, x12
 5261	adcs	x27, x27, x4
 5262	adc	x28, x28, xzr
 5263	# Reduce
 5264	mov	x3, #38
 5265	mul	x4, x3, x28
 5266	adds	x9, x9, x4
 5267	umulh	x5, x3, x28
 5268	adc	x5, x5, xzr
 5269	mov	x3, #19
 5270	extr	x5, x5, x9, #63
 5271	mul	x5, x5, x3
 5272	and	x9, x9, #0x7fffffffffffffff
 5273	mov	x3, #38
 5274	mul	x4, x3, x25
 5275	adds	x6, x6, x4
 5276	umulh	x25, x3, x25
 5277	mul	x4, x3, x26
 5278	adcs	x7, x7, x4
 5279	umulh	x26, x3, x26
 5280	mul	x4, x3, x27
 5281	adcs	x8, x8, x4
 5282	umulh	x27, x3, x27
 5283	adc	x9, x9, xzr
 5284	#  Add high product results in
 5285	adds	x6, x6, x5
 5286	adcs	x7, x7, x25
 5287	adcs	x8, x8, x26
 5288	adc	x9, x9, x27
 5289	# Store
 5290	stp	x6, x7, [x29, #16]
 5291	stp	x8, x9, [x29, #32]
 5292	# Add
 5293	ldp	x25, x26, [x29, #48]
 5294	ldp	x27, x28, [x29, #64]
 5295	adds	x10, x25, x19
 5296	adcs	x11, x26, x20
 5297	adcs	x12, x27, x21
 5298	adcs	x13, x28, x22
 5299	cset	x5, cs
 5300	mov	x3, #19
 5301	extr	x5, x5, x13, #63
 5302	mul	x3, x5, x3
 5303	#   Sub modulus (if overflow)
 5304	adds	x10, x10, x3
 5305	adcs	x11, x11, xzr
 5306	and	x13, x13, #0x7fffffffffffffff
 5307	adcs	x12, x12, xzr
 5308	adc	x13, x13, xzr
 5309	# Sub
 5310	subs	x19, x25, x19
 5311	sbcs	x20, x26, x20
 5312	sbcs	x21, x27, x21
 5313	sbcs	x22, x28, x22
 5314	csetm	x5, cc
 5315	mov	x3, #-19
 5316	extr	x5, x5, x22, #63
 5317	mul	x3, x5, x3
 5318	#   Add modulus (if underflow)
 5319	subs	x19, x19, x3
 5320	sbcs	x20, x20, xzr
 5321	and	x22, x22, #0x7fffffffffffffff
 5322	sbcs	x21, x21, xzr
 5323	sbc	x22, x22, xzr
 5324	# Square
 5325	#  A[0] * A[1]
 5326	umulh	x8, x10, x11
 5327	mul	x7, x10, x11
 5328	#  A[0] * A[3]
 5329	umulh	x25, x10, x13
 5330	mul	x9, x10, x13
 5331	#  A[0] * A[2]
 5332	mul	x3, x10, x12
 5333	adds	x8, x8, x3
 5334	umulh	x4, x10, x12
 5335	adcs	x9, x9, x4
 5336	#  A[1] * A[3]
 5337	mul	x3, x11, x13
 5338	adcs	x25, x25, x3
 5339	umulh	x26, x11, x13
 5340	adc	x26, x26, xzr
 5341	#  A[1] * A[2]
 5342	mul	x3, x11, x12
 5343	adds	x9, x9, x3
 5344	umulh	x4, x11, x12
 5345	adcs	x25, x25, x4
 5346	#  A[2] * A[3]
 5347	mul	x3, x12, x13
 5348	adcs	x26, x26, x3
 5349	umulh	x27, x12, x13
 5350	adc	x27, x27, xzr
 5351	# Double
 5352	adds	x7, x7, x7
 5353	adcs	x8, x8, x8
 5354	adcs	x9, x9, x9
 5355	adcs	x25, x25, x25
 5356	adcs	x26, x26, x26
 5357	adcs	x27, x27, x27
 5358	adc	x28, xzr, xzr
 5359	#  A[0] * A[0]
 5360	umulh	x4, x10, x10
 5361	mul	x6, x10, x10
 5362	#  A[1] * A[1]
 5363	mul	x3, x11, x11
 5364	adds	x7, x7, x4
 5365	umulh	x4, x11, x11
 5366	adcs	x8, x8, x3
 5367	#  A[2] * A[2]
 5368	mul	x3, x12, x12
 5369	adcs	x9, x9, x4
 5370	umulh	x4, x12, x12
 5371	adcs	x25, x25, x3
 5372	#  A[3] * A[3]
 5373	mul	x3, x13, x13
 5374	adcs	x26, x26, x4
 5375	umulh	x4, x13, x13
 5376	adcs	x27, x27, x3
 5377	adc	x28, x28, x4
 5378	# Reduce
 5379	mov	x3, #38
 5380	mul	x4, x3, x28
 5381	adds	x9, x9, x4
 5382	umulh	x5, x3, x28
 5383	adc	x5, x5, xzr
 5384	mov	x3, #19
 5385	extr	x5, x5, x9, #63
 5386	mul	x5, x5, x3
 5387	and	x9, x9, #0x7fffffffffffffff
 5388	mov	x3, #38
 5389	mul	x4, x3, x25
 5390	adds	x6, x6, x4
 5391	umulh	x25, x3, x25
 5392	mul	x4, x3, x26
 5393	adcs	x7, x7, x4
 5394	umulh	x26, x3, x26
 5395	mul	x4, x3, x27
 5396	adcs	x8, x8, x4
 5397	umulh	x27, x3, x27
 5398	adc	x9, x9, xzr
 5399	#  Add high product results in
 5400	adds	x6, x6, x5
 5401	adcs	x7, x7, x25
 5402	adcs	x8, x8, x26
 5403	adc	x9, x9, x27
 5404	# Square
 5405	#  A[0] * A[1]
 5406	umulh	x16, x19, x20
 5407	mul	x15, x19, x20
 5408	#  A[0] * A[3]
 5409	umulh	x25, x19, x22
 5410	mul	x17, x19, x22
 5411	#  A[0] * A[2]
 5412	mul	x3, x19, x21
 5413	adds	x16, x16, x3
 5414	umulh	x4, x19, x21
 5415	adcs	x17, x17, x4
 5416	#  A[1] * A[3]
 5417	mul	x3, x20, x22
 5418	adcs	x25, x25, x3
 5419	umulh	x26, x20, x22
 5420	adc	x26, x26, xzr
 5421	#  A[1] * A[2]
 5422	mul	x3, x20, x21
 5423	adds	x17, x17, x3
 5424	umulh	x4, x20, x21
 5425	adcs	x25, x25, x4
 5426	#  A[2] * A[3]
 5427	mul	x3, x21, x22
 5428	adcs	x26, x26, x3
 5429	umulh	x27, x21, x22
 5430	adc	x27, x27, xzr
 5431	# Double
 5432	adds	x15, x15, x15
 5433	adcs	x16, x16, x16
 5434	adcs	x17, x17, x17
 5435	adcs	x25, x25, x25
 5436	adcs	x26, x26, x26
 5437	adcs	x27, x27, x27
 5438	adc	x28, xzr, xzr
 5439	#  A[0] * A[0]
 5440	umulh	x4, x19, x19
 5441	mul	x14, x19, x19
 5442	#  A[1] * A[1]
 5443	mul	x3, x20, x20
 5444	adds	x15, x15, x4
 5445	umulh	x4, x20, x20
 5446	adcs	x16, x16, x3
 5447	#  A[2] * A[2]
 5448	mul	x3, x21, x21
 5449	adcs	x17, x17, x4
 5450	umulh	x4, x21, x21
 5451	adcs	x25, x25, x3
 5452	#  A[3] * A[3]
 5453	mul	x3, x22, x22
 5454	adcs	x26, x26, x4
 5455	umulh	x4, x22, x22
 5456	adcs	x27, x27, x3
 5457	adc	x28, x28, x4
 5458	# Reduce
 5459	mov	x3, #38
 5460	mul	x4, x3, x28
 5461	adds	x17, x17, x4
 5462	umulh	x5, x3, x28
 5463	adc	x5, x5, xzr
 5464	mov	x3, #19
 5465	extr	x5, x5, x17, #63
 5466	mul	x5, x5, x3
 5467	and	x17, x17, #0x7fffffffffffffff
 5468	mov	x3, #38
 5469	mul	x4, x3, x25
 5470	adds	x14, x14, x4
 5471	umulh	x25, x3, x25
 5472	mul	x4, x3, x26
 5473	adcs	x15, x15, x4
 5474	umulh	x26, x3, x26
 5475	mul	x4, x3, x27
 5476	adcs	x16, x16, x4
 5477	umulh	x27, x3, x27
 5478	adc	x17, x17, xzr
 5479	#  Add high product results in
 5480	adds	x14, x14, x5
 5481	adcs	x15, x15, x25
 5482	adcs	x16, x16, x26
 5483	adc	x17, x17, x27
 5484	# Multiply
 5485	ldp	x19, x20, [x2]
 5486	ldp	x21, x22, [x2, #16]
 5487	# A[0] * B[0]
 5488	umulh	x11, x19, x14
 5489	mul	x10, x19, x14
 5490	# A[2] * B[0]
 5491	umulh	x13, x21, x14
 5492	mul	x12, x21, x14
 5493	# A[1] * B[0]
 5494	mul	x3, x20, x14
 5495	adds	x11, x11, x3
 5496	umulh	x4, x20, x14
 5497	adcs	x12, x12, x4
 5498	# A[1] * B[3]
 5499	umulh	x26, x20, x17
 5500	adc	x13, x13, xzr
 5501	mul	x25, x20, x17
 5502	# A[0] * B[1]
 5503	mul	x3, x19, x15
 5504	adds	x11, x11, x3
 5505	umulh	x4, x19, x15
 5506	adcs	x12, x12, x4
 5507	# A[2] * B[1]
 5508	mul	x3, x21, x15
 5509	adcs	x13, x13, x3
 5510	umulh	x4, x21, x15
 5511	adcs	x25, x25, x4
 5512	adc	x26, x26, xzr
 5513	# A[1] * B[2]
 5514	mul	x3, x20, x16
 5515	adds	x13, x13, x3
 5516	umulh	x4, x20, x16
 5517	adcs	x25, x25, x4
 5518	adcs	x26, x26, xzr
 5519	adc	x27, xzr, xzr
 5520	# A[0] * B[2]
 5521	mul	x3, x19, x16
 5522	adds	x12, x12, x3
 5523	umulh	x4, x19, x16
 5524	adcs	x13, x13, x4
 5525	adcs	x25, x25, xzr
 5526	adcs	x26, x26, xzr
 5527	adc	x27, x27, xzr
 5528	# A[1] * B[1]
 5529	mul	x3, x20, x15
 5530	adds	x12, x12, x3
 5531	umulh	x4, x20, x15
 5532	adcs	x13, x13, x4
 5533	# A[3] * B[1]
 5534	mul	x3, x22, x15
 5535	adcs	x25, x25, x3
 5536	umulh	x4, x22, x15
 5537	adcs	x26, x26, x4
 5538	adc	x27, x27, xzr
 5539	# A[2] * B[2]
 5540	mul	x3, x21, x16
 5541	adds	x25, x25, x3
 5542	umulh	x4, x21, x16
 5543	adcs	x26, x26, x4
 5544	# A[3] * B[3]
 5545	mul	x3, x22, x17
 5546	adcs	x27, x27, x3
 5547	umulh	x28, x22, x17
 5548	adc	x28, x28, xzr
 5549	# A[0] * B[3]
 5550	mul	x3, x19, x17
 5551	adds	x13, x13, x3
 5552	umulh	x4, x19, x17
 5553	adcs	x25, x25, x4
 5554	# A[2] * B[3]
 5555	mul	x3, x21, x17
 5556	adcs	x26, x26, x3
 5557	umulh	x4, x21, x17
 5558	adcs	x27, x27, x4
 5559	adc	x28, x28, xzr
 5560	# A[3] * B[0]
 5561	mul	x3, x22, x14
 5562	adds	x13, x13, x3
 5563	umulh	x4, x22, x14
 5564	adcs	x25, x25, x4
 5565	# A[3] * B[2]
 5566	mul	x3, x22, x16
 5567	adcs	x26, x26, x3
 5568	umulh	x4, x22, x16
 5569	adcs	x27, x27, x4
 5570	adc	x28, x28, xzr
 5571	# Reduce
 5572	mov	x3, #38
 5573	mul	x4, x3, x28
 5574	adds	x13, x13, x4
 5575	umulh	x5, x3, x28
 5576	adc	x5, x5, xzr
 5577	mov	x3, #19
 5578	extr	x5, x5, x13, #63
 5579	mul	x5, x5, x3
 5580	and	x13, x13, #0x7fffffffffffffff
 5581	mov	x3, #38
 5582	mul	x4, x3, x25
 5583	adds	x10, x10, x4
 5584	umulh	x25, x3, x25
 5585	mul	x4, x3, x26
 5586	adcs	x11, x11, x4
 5587	umulh	x26, x3, x26
 5588	mul	x4, x3, x27
 5589	adcs	x12, x12, x4
 5590	umulh	x27, x3, x27
 5591	adc	x13, x13, xzr
 5592	#  Add high product results in
 5593	adds	x10, x10, x5
 5594	adcs	x11, x11, x25
 5595	adcs	x12, x12, x26
 5596	adc	x13, x13, x27
 5597	subs	x24, x24, #1
 5598	cmp	x24, #3
 5599	bge	L_curve25519_bits
 5600	# Conditional Swap
 5601	subs	xzr, xzr, x23, lsl 63
 5602	ldp	x25, x26, [x29, #16]
 5603	ldp	x27, x28, [x29, #32]
 5604	csel	x19, x25, x10, ne
 5605	csel	x25, x10, x25, ne
 5606	csel	x20, x26, x11, ne
 5607	csel	x26, x11, x26, ne
 5608	csel	x21, x27, x12, ne
 5609	csel	x27, x12, x27, ne
 5610	csel	x22, x28, x13, ne
 5611	csel	x28, x13, x28, ne
 5612	# Conditional Swap
 5613	subs	xzr, xzr, x23, lsl 63
 5614	ldp	x10, x11, [x0]
 5615	ldp	x12, x13, [x0, #16]
 5616	csel	x14, x10, x6, ne
 5617	csel	x10, x6, x10, ne
 5618	csel	x15, x11, x7, ne
 5619	csel	x11, x7, x11, ne
 5620	csel	x16, x12, x8, ne
 5621	csel	x12, x8, x12, ne
 5622	csel	x17, x13, x9, ne
 5623	csel	x13, x9, x13, ne
 5624L_curve25519_3:
 5625	# Add
 5626	adds	x6, x10, x25
 5627	adcs	x7, x11, x26
 5628	adcs	x8, x12, x27
 5629	adcs	x9, x13, x28
 5630	cset	x5, cs
 5631	mov	x3, #19
 5632	extr	x5, x5, x9, #63
 5633	mul	x3, x5, x3
 5634	#   Sub modulus (if overflow)
 5635	adds	x6, x6, x3
 5636	adcs	x7, x7, xzr
 5637	and	x9, x9, #0x7fffffffffffffff
 5638	adcs	x8, x8, xzr
 5639	adc	x9, x9, xzr
 5640	# Sub
 5641	subs	x25, x10, x25
 5642	sbcs	x26, x11, x26
 5643	sbcs	x27, x12, x27
 5644	sbcs	x28, x13, x28
 5645	csetm	x5, cc
 5646	mov	x3, #-19
 5647	extr	x5, x5, x28, #63
 5648	mul	x3, x5, x3
 5649	#   Add modulus (if underflow)
 5650	subs	x25, x25, x3
 5651	sbcs	x26, x26, xzr
 5652	and	x28, x28, #0x7fffffffffffffff
 5653	sbcs	x27, x27, xzr
 5654	sbc	x28, x28, xzr
 5655	# Square
 5656	#  A[0] * A[1]
 5657	umulh	x21, x25, x26
 5658	mul	x20, x25, x26
 5659	#  A[0] * A[3]
 5660	umulh	x14, x25, x28
 5661	mul	x22, x25, x28
 5662	#  A[0] * A[2]
 5663	mul	x3, x25, x27
 5664	adds	x21, x21, x3
 5665	umulh	x4, x25, x27
 5666	adcs	x22, x22, x4
 5667	#  A[1] * A[3]
 5668	mul	x3, x26, x28
 5669	adcs	x14, x14, x3
 5670	umulh	x15, x26, x28
 5671	adc	x15, x15, xzr
 5672	#  A[1] * A[2]
 5673	mul	x3, x26, x27
 5674	adds	x22, x22, x3
 5675	umulh	x4, x26, x27
 5676	adcs	x14, x14, x4
 5677	#  A[2] * A[3]
 5678	mul	x3, x27, x28
 5679	adcs	x15, x15, x3
 5680	umulh	x16, x27, x28
 5681	adc	x16, x16, xzr
 5682	# Double
 5683	adds	x20, x20, x20
 5684	adcs	x21, x21, x21
 5685	adcs	x22, x22, x22
 5686	adcs	x14, x14, x14
 5687	adcs	x15, x15, x15
 5688	adcs	x16, x16, x16
 5689	adc	x17, xzr, xzr
 5690	#  A[0] * A[0]
 5691	umulh	x4, x25, x25
 5692	mul	x19, x25, x25
 5693	#  A[1] * A[1]
 5694	mul	x3, x26, x26
 5695	adds	x20, x20, x4
 5696	umulh	x4, x26, x26
 5697	adcs	x21, x21, x3
 5698	#  A[2] * A[2]
 5699	mul	x3, x27, x27
 5700	adcs	x22, x22, x4
 5701	umulh	x4, x27, x27
 5702	adcs	x14, x14, x3
 5703	#  A[3] * A[3]
 5704	mul	x3, x28, x28
 5705	adcs	x15, x15, x4
 5706	umulh	x4, x28, x28
 5707	adcs	x16, x16, x3
 5708	adc	x17, x17, x4
 5709	# Reduce
 5710	mov	x3, #38
 5711	mul	x4, x3, x17
 5712	adds	x22, x22, x4
 5713	umulh	x5, x3, x17
 5714	adc	x5, x5, xzr
 5715	mov	x3, #19
 5716	extr	x5, x5, x22, #63
 5717	mul	x5, x5, x3
 5718	and	x22, x22, #0x7fffffffffffffff
 5719	mov	x3, #38
 5720	mul	x4, x3, x14
 5721	adds	x19, x19, x4
 5722	umulh	x14, x3, x14
 5723	mul	x4, x3, x15
 5724	adcs	x20, x20, x4
 5725	umulh	x15, x3, x15
 5726	mul	x4, x3, x16
 5727	adcs	x21, x21, x4
 5728	umulh	x16, x3, x16
 5729	adc	x22, x22, xzr
 5730	#  Add high product results in
 5731	adds	x19, x19, x5
 5732	adcs	x20, x20, x14
 5733	adcs	x21, x21, x15
 5734	adc	x22, x22, x16
 5735	# Square
 5736	#  A[0] * A[1]
 5737	umulh	x16, x6, x7
 5738	mul	x15, x6, x7
 5739	#  A[0] * A[3]
 5740	umulh	x25, x6, x9
 5741	mul	x17, x6, x9
 5742	#  A[0] * A[2]
 5743	mul	x3, x6, x8
 5744	adds	x16, x16, x3
 5745	umulh	x4, x6, x8
 5746	adcs	x17, x17, x4
 5747	#  A[1] * A[3]
 5748	mul	x3, x7, x9
 5749	adcs	x25, x25, x3
 5750	umulh	x26, x7, x9
 5751	adc	x26, x26, xzr
 5752	#  A[1] * A[2]
 5753	mul	x3, x7, x8
 5754	adds	x17, x17, x3
 5755	umulh	x4, x7, x8
 5756	adcs	x25, x25, x4
 5757	#  A[2] * A[3]
 5758	mul	x3, x8, x9
 5759	adcs	x26, x26, x3
 5760	umulh	x27, x8, x9
 5761	adc	x27, x27, xzr
 5762	# Double
 5763	adds	x15, x15, x15
 5764	adcs	x16, x16, x16
 5765	adcs	x17, x17, x17
 5766	adcs	x25, x25, x25
 5767	adcs	x26, x26, x26
 5768	adcs	x27, x27, x27
 5769	adc	x28, xzr, xzr
 5770	#  A[0] * A[0]
 5771	umulh	x4, x6, x6
 5772	mul	x14, x6, x6
 5773	#  A[1] * A[1]
 5774	mul	x3, x7, x7
 5775	adds	x15, x15, x4
 5776	umulh	x4, x7, x7
 5777	adcs	x16, x16, x3
 5778	#  A[2] * A[2]
 5779	mul	x3, x8, x8
 5780	adcs	x17, x17, x4
 5781	umulh	x4, x8, x8
 5782	adcs	x25, x25, x3
 5783	#  A[3] * A[3]
 5784	mul	x3, x9, x9
 5785	adcs	x26, x26, x4
 5786	umulh	x4, x9, x9
 5787	adcs	x27, x27, x3
 5788	adc	x28, x28, x4
 5789	# Reduce
 5790	mov	x3, #38
 5791	mul	x4, x3, x28
 5792	adds	x17, x17, x4
 5793	umulh	x5, x3, x28
 5794	adc	x5, x5, xzr
 5795	mov	x3, #19
 5796	extr	x5, x5, x17, #63
 5797	mul	x5, x5, x3
 5798	and	x17, x17, #0x7fffffffffffffff
 5799	mov	x3, #38
 5800	mul	x4, x3, x25
 5801	adds	x14, x14, x4
 5802	umulh	x25, x3, x25
 5803	mul	x4, x3, x26
 5804	adcs	x15, x15, x4
 5805	umulh	x26, x3, x26
 5806	mul	x4, x3, x27
 5807	adcs	x16, x16, x4
 5808	umulh	x27, x3, x27
 5809	adc	x17, x17, xzr
 5810	#  Add high product results in
 5811	adds	x14, x14, x5
 5812	adcs	x15, x15, x25
 5813	adcs	x16, x16, x26
 5814	adc	x17, x17, x27
 5815	# Multiply
 5816	# A[0] * B[0]
 5817	umulh	x11, x14, x19
 5818	mul	x10, x14, x19
 5819	# A[2] * B[0]
 5820	umulh	x13, x16, x19
 5821	mul	x12, x16, x19
 5822	# A[1] * B[0]
 5823	mul	x3, x15, x19
 5824	adds	x11, x11, x3
 5825	umulh	x4, x15, x19
 5826	adcs	x12, x12, x4
 5827	# A[1] * B[3]
 5828	umulh	x26, x15, x22
 5829	adc	x13, x13, xzr
 5830	mul	x25, x15, x22
 5831	# A[0] * B[1]
 5832	mul	x3, x14, x20
 5833	adds	x11, x11, x3
 5834	umulh	x4, x14, x20
 5835	adcs	x12, x12, x4
 5836	# A[2] * B[1]
 5837	mul	x3, x16, x20
 5838	adcs	x13, x13, x3
 5839	umulh	x4, x16, x20
 5840	adcs	x25, x25, x4
 5841	adc	x26, x26, xzr
 5842	# A[1] * B[2]
 5843	mul	x3, x15, x21
 5844	adds	x13, x13, x3
 5845	umulh	x4, x15, x21
 5846	adcs	x25, x25, x4
 5847	adcs	x26, x26, xzr
 5848	adc	x27, xzr, xzr
 5849	# A[0] * B[2]
 5850	mul	x3, x14, x21
 5851	adds	x12, x12, x3
 5852	umulh	x4, x14, x21
 5853	adcs	x13, x13, x4
 5854	adcs	x25, x25, xzr
 5855	adcs	x26, x26, xzr
 5856	adc	x27, x27, xzr
 5857	# A[1] * B[1]
 5858	mul	x3, x15, x20
 5859	adds	x12, x12, x3
 5860	umulh	x4, x15, x20
 5861	adcs	x13, x13, x4
 5862	# A[3] * B[1]
 5863	mul	x3, x17, x20
 5864	adcs	x25, x25, x3
 5865	umulh	x4, x17, x20
 5866	adcs	x26, x26, x4
 5867	adc	x27, x27, xzr
 5868	# A[2] * B[2]
 5869	mul	x3, x16, x21
 5870	adds	x25, x25, x3
 5871	umulh	x4, x16, x21
 5872	adcs	x26, x26, x4
 5873	# A[3] * B[3]
 5874	mul	x3, x17, x22
 5875	adcs	x27, x27, x3
 5876	umulh	x28, x17, x22
 5877	adc	x28, x28, xzr
 5878	# A[0] * B[3]
 5879	mul	x3, x14, x22
 5880	adds	x13, x13, x3
 5881	umulh	x4, x14, x22
 5882	adcs	x25, x25, x4
 5883	# A[2] * B[3]
 5884	mul	x3, x16, x22
 5885	adcs	x26, x26, x3
 5886	umulh	x4, x16, x22
 5887	adcs	x27, x27, x4
 5888	adc	x28, x28, xzr
 5889	# A[3] * B[0]
 5890	mul	x3, x17, x19
 5891	adds	x13, x13, x3
 5892	umulh	x4, x17, x19
 5893	adcs	x25, x25, x4
 5894	# A[3] * B[2]
 5895	mul	x3, x17, x21
 5896	adcs	x26, x26, x3
 5897	umulh	x4, x17, x21
 5898	adcs	x27, x27, x4
 5899	adc	x28, x28, xzr
 5900	# Reduce
 5901	mov	x3, #38
 5902	mul	x4, x3, x28
 5903	adds	x13, x13, x4
 5904	umulh	x5, x3, x28
 5905	adc	x5, x5, xzr
 5906	mov	x3, #19
 5907	extr	x5, x5, x13, #63
 5908	mul	x5, x5, x3
 5909	and	x13, x13, #0x7fffffffffffffff
 5910	mov	x3, #38
 5911	mul	x4, x3, x25
 5912	adds	x10, x10, x4
 5913	umulh	x25, x3, x25
 5914	mul	x4, x3, x26
 5915	adcs	x11, x11, x4
 5916	umulh	x26, x3, x26
 5917	mul	x4, x3, x27
 5918	adcs	x12, x12, x4
 5919	umulh	x27, x3, x27
 5920	adc	x13, x13, xzr
 5921	#  Add high product results in
 5922	adds	x10, x10, x5
 5923	adcs	x11, x11, x25
 5924	adcs	x12, x12, x26
 5925	adc	x13, x13, x27
 5926	# Store
 5927	stp	x10, x11, [x0]
 5928	stp	x12, x13, [x0, #16]
 5929	# Sub
 5930	subs	x14, x14, x19
 5931	sbcs	x15, x15, x20
 5932	sbcs	x16, x16, x21
 5933	sbcs	x17, x17, x22
 5934	csetm	x5, cc
 5935	mov	x3, #-19
 5936	#   Mask the modulus
 5937	extr	x5, x5, x17, #63
 5938	mul	x3, x5, x3
 5939	#   Add modulus (if underflow)
 5940	subs	x14, x14, x3
 5941	sbcs	x15, x15, xzr
 5942	and	x17, x17, #0x7fffffffffffffff
 5943	sbcs	x16, x16, xzr
 5944	sbc	x17, x17, xzr
 5945	# Multiply by 121666
 5946	mov	x5, #0xdb42
 5947	movk	x5, #1, lsl 16
 5948	mul	x6, x14, x5
 5949	umulh	x7, x14, x5
 5950	mul	x3, x15, x5
 5951	umulh	x8, x15, x5
 5952	adds	x7, x7, x3
 5953	adc	x8, x8, xzr
 5954	mul	x3, x16, x5
 5955	umulh	x9, x16, x5
 5956	adds	x8, x8, x3
 5957	adc	x9, x9, xzr
 5958	mul	x3, x17, x5
 5959	umulh	x4, x17, x5
 5960	adds	x9, x9, x3
 5961	adc	x4, x4, xzr
 5962	mov	x5, #19
 5963	extr	x4, x4, x9, #63
 5964	mul	x4, x4, x5
 5965	adds	x6, x6, x4
 5966	adcs	x7, x7, xzr
 5967	and	x9, x9, #0x7fffffffffffffff
 5968	adcs	x8, x8, xzr
 5969	adc	x9, x9, xzr
 5970	# Add
 5971	adds	x19, x19, x6
 5972	adcs	x20, x20, x7
 5973	adcs	x21, x21, x8
 5974	adcs	x22, x22, x9
 5975	cset	x5, cs
 5976	mov	x3, #19
 5977	#   Mask the modulus
 5978	extr	x5, x5, x22, #63
 5979	mul	x3, x5, x3
 5980	#   Sub modulus (if overflow)
 5981	adds	x19, x19, x3
 5982	adcs	x20, x20, xzr
 5983	and	x22, x22, #0x7fffffffffffffff
 5984	adcs	x21, x21, xzr
 5985	adc	x22, x22, xzr
 5986	# Multiply
 5987	# A[0] * B[0]
 5988	umulh	x26, x14, x19
 5989	mul	x25, x14, x19
 5990	# A[2] * B[0]
 5991	umulh	x28, x16, x19
 5992	mul	x27, x16, x19
 5993	# A[1] * B[0]
 5994	mul	x3, x15, x19
 5995	adds	x26, x26, x3
 5996	umulh	x4, x15, x19
 5997	adcs	x27, x27, x4
 5998	# A[1] * B[3]
 5999	umulh	x7, x15, x22
 6000	adc	x28, x28, xzr
 6001	mul	x6, x15, x22
 6002	# A[0] * B[1]
 6003	mul	x3, x14, x20
 6004	adds	x26, x26, x3
 6005	umulh	x4, x14, x20
 6006	adcs	x27, x27, x4
 6007	# A[2] * B[1]
 6008	mul	x3, x16, x20
 6009	adcs	x28, x28, x3
 6010	umulh	x4, x16, x20
 6011	adcs	x6, x6, x4
 6012	adc	x7, x7, xzr
 6013	# A[1] * B[2]
 6014	mul	x3, x15, x21
 6015	adds	x28, x28, x3
 6016	umulh	x4, x15, x21
 6017	adcs	x6, x6, x4
 6018	adcs	x7, x7, xzr
 6019	adc	x8, xzr, xzr
 6020	# A[0] * B[2]
 6021	mul	x3, x14, x21
 6022	adds	x27, x27, x3
 6023	umulh	x4, x14, x21
 6024	adcs	x28, x28, x4
 6025	adcs	x6, x6, xzr
 6026	adcs	x7, x7, xzr
 6027	adc	x8, x8, xzr
 6028	# A[1] * B[1]
 6029	mul	x3, x15, x20
 6030	adds	x27, x27, x3
 6031	umulh	x4, x15, x20
 6032	adcs	x28, x28, x4
 6033	# A[3] * B[1]
 6034	mul	x3, x17, x20
 6035	adcs	x6, x6, x3
 6036	umulh	x4, x17, x20
 6037	adcs	x7, x7, x4
 6038	adc	x8, x8, xzr
 6039	# A[2] * B[2]
 6040	mul	x3, x16, x21
 6041	adds	x6, x6, x3
 6042	umulh	x4, x16, x21
 6043	adcs	x7, x7, x4
 6044	# A[3] * B[3]
 6045	mul	x3, x17, x22
 6046	adcs	x8, x8, x3
 6047	umulh	x9, x17, x22
 6048	adc	x9, x9, xzr
 6049	# A[0] * B[3]
 6050	mul	x3, x14, x22
 6051	adds	x28, x28, x3
 6052	umulh	x4, x14, x22
 6053	adcs	x6, x6, x4
 6054	# A[2] * B[3]
 6055	mul	x3, x16, x22
 6056	adcs	x7, x7, x3
 6057	umulh	x4, x16, x22
 6058	adcs	x8, x8, x4
 6059	adc	x9, x9, xzr
 6060	# A[3] * B[0]
 6061	mul	x3, x17, x19
 6062	adds	x28, x28, x3
 6063	umulh	x4, x17, x19
 6064	adcs	x6, x6, x4
 6065	# A[3] * B[2]
 6066	mul	x3, x17, x21
 6067	adcs	x7, x7, x3
 6068	umulh	x4, x17, x21
 6069	adcs	x8, x8, x4
 6070	adc	x9, x9, xzr
 6071	# Reduce
 6072	mov	x3, #38
 6073	mul	x4, x3, x9
 6074	adds	x28, x28, x4
 6075	umulh	x5, x3, x9
 6076	adc	x5, x5, xzr
 6077	mov	x3, #19
 6078	extr	x5, x5, x28, #63
 6079	mul	x5, x5, x3
 6080	and	x28, x28, #0x7fffffffffffffff
 6081	mov	x3, #38
 6082	mul	x4, x3, x6
 6083	adds	x25, x25, x4
 6084	umulh	x6, x3, x6
 6085	mul	x4, x3, x7
 6086	adcs	x26, x26, x4
 6087	umulh	x7, x3, x7
 6088	mul	x4, x3, x8
 6089	adcs	x27, x27, x4
 6090	umulh	x8, x3, x8
 6091	adc	x28, x28, xzr
 6092	#  Add high product results in
 6093	adds	x25, x25, x5
 6094	adcs	x26, x26, x6
 6095	adcs	x27, x27, x7
 6096	adc	x28, x28, x8
 6097	# Store
 6098	stp	x25, x26, [x29, #16]
 6099	stp	x27, x28, [x29, #32]
 6100	subs	x24, x24, #1
 6101	bge	L_curve25519_3
 6102	# Invert
 6103	add	x0, x29, #48
 6104	add	x1, x29, #16
 6105#ifndef __APPLE__
 6106	bl	fe_sq
 6107#else
 6108	bl	_fe_sq
 6109#endif /* __APPLE__ */
 6110	add	x0, x29, #0x50
 6111	add	x1, x29, #48
 6112#ifndef __APPLE__
 6113	bl	fe_sq
 6114#else
 6115	bl	_fe_sq
 6116#endif /* __APPLE__ */
 6117#ifndef NDEBUG
 6118	add	x0, x29, #0x50
 6119#endif /* !NDEBUG */
 6120	add	x1, x29, #0x50
 6121#ifndef __APPLE__
 6122	bl	fe_sq
 6123#else
 6124	bl	_fe_sq
 6125#endif /* __APPLE__ */
 6126#ifndef NDEBUG
 6127	add	x0, x29, #0x50
 6128#endif /* !NDEBUG */
 6129	add	x1, x29, #16
 6130	add	x2, x29, #0x50
 6131#ifndef __APPLE__
 6132	bl	fe_mul
 6133#else
 6134	bl	_fe_mul
 6135#endif /* __APPLE__ */
 6136	add	x0, x29, #48
 6137	add	x1, x29, #48
 6138	add	x2, x29, #0x50
 6139#ifndef __APPLE__
 6140	bl	fe_mul
 6141#else
 6142	bl	_fe_mul
 6143#endif /* __APPLE__ */
 6144	add	x0, x29, #0x70
 6145#ifndef NDEBUG
 6146	add	x1, x29, #48
 6147#endif /* !NDEBUG */
 6148#ifndef __APPLE__
 6149	bl	fe_sq
 6150#else
 6151	bl	_fe_sq
 6152#endif /* __APPLE__ */
 6153	add	x0, x29, #0x50
 6154	add	x1, x29, #0x50
 6155	add	x2, x29, #0x70
 6156#ifndef __APPLE__
 6157	bl	fe_mul
 6158#else
 6159	bl	_fe_mul
 6160#endif /* __APPLE__ */
 6161	# Loop: 5 times
 6162	mov	x24, #5
 6163	ldp	x6, x7, [x29, #80]
 6164	ldp	x8, x9, [x29, #96]
 6165L_curve25519_inv_1:
 6166	# Square
 6167	#  A[0] * A[1]
 6168	umulh	x12, x6, x7
 6169	mul	x11, x6, x7
 6170	#  A[0] * A[3]
 6171	umulh	x14, x6, x9
 6172	mul	x13, x6, x9
 6173	#  A[0] * A[2]
 6174	mul	x3, x6, x8
 6175	adds	x12, x12, x3
 6176	umulh	x4, x6, x8
 6177	adcs	x13, x13, x4
 6178	#  A[1] * A[3]
 6179	mul	x3, x7, x9
 6180	adcs	x14, x14, x3
 6181	umulh	x15, x7, x9
 6182	adc	x15, x15, xzr
 6183	#  A[1] * A[2]
 6184	mul	x3, x7, x8
 6185	adds	x13, x13, x3
 6186	umulh	x4, x7, x8
 6187	adcs	x14, x14, x4
 6188	#  A[2] * A[3]
 6189	mul	x3, x8, x9
 6190	adcs	x15, x15, x3
 6191	umulh	x16, x8, x9
 6192	adc	x16, x16, xzr
 6193	# Double
 6194	adds	x11, x11, x11
 6195	adcs	x12, x12, x12
 6196	adcs	x13, x13, x13
 6197	adcs	x14, x14, x14
 6198	adcs	x15, x15, x15
 6199	adcs	x16, x16, x16
 6200	adc	x17, xzr, xzr
 6201	#  A[0] * A[0]
 6202	umulh	x4, x6, x6
 6203	mul	x10, x6, x6
 6204	#  A[1] * A[1]
 6205	mul	x3, x7, x7
 6206	adds	x11, x11, x4
 6207	umulh	x4, x7, x7
 6208	adcs	x12, x12, x3
 6209	#  A[2] * A[2]
 6210	mul	x3, x8, x8
 6211	adcs	x13, x13, x4
 6212	umulh	x4, x8, x8
 6213	adcs	x14, x14, x3
 6214	#  A[3] * A[3]
 6215	mul	x3, x9, x9
 6216	adcs	x15, x15, x4
 6217	umulh	x4, x9, x9
 6218	adcs	x16, x16, x3
 6219	adc	x17, x17, x4
 6220	# Reduce
 6221	mov	x3, #38
 6222	mul	x4, x3, x17
 6223	adds	x13, x13, x4
 6224	umulh	x5, x3, x17
 6225	adc	x5, x5, xzr
 6226	mov	x3, #19
 6227	extr	x5, x5, x13, #63
 6228	mul	x5, x5, x3
 6229	and	x13, x13, #0x7fffffffffffffff
 6230	mov	x3, #38
 6231	mul	x4, x3, x14
 6232	adds	x10, x10, x4
 6233	umulh	x14, x3, x14
 6234	mul	x4, x3, x15
 6235	adcs	x11, x11, x4
 6236	umulh	x15, x3, x15
 6237	mul	x4, x3, x16
 6238	adcs	x12, x12, x4
 6239	umulh	x16, x3, x16
 6240	adc	x13, x13, xzr
 6241	#  Add high product results in
 6242	adds	x6, x10, x5
 6243	adcs	x7, x11, x14
 6244	adcs	x8, x12, x15
 6245	adc	x9, x13, x16
 6246	subs	x24, x24, #1
 6247	bne	L_curve25519_inv_1
 6248	# Store
 6249	stp	x6, x7, [x29, #112]
 6250	stp	x8, x9, [x29, #128]
 6251#ifndef NDEBUG
 6252	add	x0, x29, #0x50
 6253#endif /* !NDEBUG */
 6254	add	x1, x29, #0x70
 6255	add	x2, x29, #0x50
 6256#ifndef __APPLE__
 6257	bl	fe_mul
 6258#else
 6259	bl	_fe_mul
 6260#endif /* __APPLE__ */
 6261	# Loop: 10 times
 6262	mov	x24, #10
 6263	ldp	x6, x7, [x29, #80]
 6264	ldp	x8, x9, [x29, #96]
 6265L_curve25519_inv_2:
 6266	# Square
 6267	#  A[0] * A[1]
 6268	umulh	x12, x6, x7
 6269	mul	x11, x6, x7
 6270	#  A[0] * A[3]
 6271	umulh	x14, x6, x9
 6272	mul	x13, x6, x9
 6273	#  A[0] * A[2]
 6274	mul	x3, x6, x8
 6275	adds	x12, x12, x3
 6276	umulh	x4, x6, x8
 6277	adcs	x13, x13, x4
 6278	#  A[1] * A[3]
 6279	mul	x3, x7, x9
 6280	adcs	x14, x14, x3
 6281	umulh	x15, x7, x9
 6282	adc	x15, x15, xzr
 6283	#  A[1] * A[2]
 6284	mul	x3, x7, x8
 6285	adds	x13, x13, x3
 6286	umulh	x4, x7, x8
 6287	adcs	x14, x14, x4
 6288	#  A[2] * A[3]
 6289	mul	x3, x8, x9
 6290	adcs	x15, x15, x3
 6291	umulh	x16, x8, x9
 6292	adc	x16, x16, xzr
 6293	# Double
 6294	adds	x11, x11, x11
 6295	adcs	x12, x12, x12
 6296	adcs	x13, x13, x13
 6297	adcs	x14, x14, x14
 6298	adcs	x15, x15, x15
 6299	adcs	x16, x16, x16
 6300	adc	x17, xzr, xzr
 6301	#  A[0] * A[0]
 6302	umulh	x4, x6, x6
 6303	mul	x10, x6, x6
 6304	#  A[1] * A[1]
 6305	mul	x3, x7, x7
 6306	adds	x11, x11, x4
 6307	umulh	x4, x7, x7
 6308	adcs	x12, x12, x3
 6309	#  A[2] * A[2]
 6310	mul	x3, x8, x8
 6311	adcs	x13, x13, x4
 6312	umulh	x4, x8, x8
 6313	adcs	x14, x14, x3
 6314	#  A[3] * A[3]
 6315	mul	x3, x9, x9
 6316	adcs	x15, x15, x4
 6317	umulh	x4, x9, x9
 6318	adcs	x16, x16, x3
 6319	adc	x17, x17, x4
 6320	# Reduce
 6321	mov	x3, #38
 6322	mul	x4, x3, x17
 6323	adds	x13, x13, x4
 6324	umulh	x5, x3, x17
 6325	adc	x5, x5, xzr
 6326	mov	x3, #19
 6327	extr	x5, x5, x13, #63
 6328	mul	x5, x5, x3
 6329	and	x13, x13, #0x7fffffffffffffff
 6330	mov	x3, #38
 6331	mul	x4, x3, x14
 6332	adds	x10, x10, x4
 6333	umulh	x14, x3, x14
 6334	mul	x4, x3, x15
 6335	adcs	x11, x11, x4
 6336	umulh	x15, x3, x15
 6337	mul	x4, x3, x16
 6338	adcs	x12, x12, x4
 6339	umulh	x16, x3, x16
 6340	adc	x13, x13, xzr
 6341	#  Add high product results in
 6342	adds	x6, x10, x5
 6343	adcs	x7, x11, x14
 6344	adcs	x8, x12, x15
 6345	adc	x9, x13, x16
 6346	subs	x24, x24, #1
 6347	bne	L_curve25519_inv_2
 6348	# Store
 6349	stp	x6, x7, [x29, #112]
 6350	stp	x8, x9, [x29, #128]
 6351	add	x0, x29, #0x70
 6352#ifndef NDEBUG
 6353	add	x1, x29, #0x70
 6354#endif /* !NDEBUG */
 6355	add	x2, x29, #0x50
 6356#ifndef __APPLE__
 6357	bl	fe_mul
 6358#else
 6359	bl	_fe_mul
 6360#endif /* __APPLE__ */
 6361	# Loop: 20 times
 6362	mov	x24, #20
 6363	ldp	x6, x7, [x29, #112]
 6364	ldp	x8, x9, [x29, #128]
 6365L_curve25519_inv_3:
 6366	# Square
 6367	#  A[0] * A[1]
 6368	umulh	x12, x6, x7
 6369	mul	x11, x6, x7
 6370	#  A[0] * A[3]
 6371	umulh	x14, x6, x9
 6372	mul	x13, x6, x9
 6373	#  A[0] * A[2]
 6374	mul	x3, x6, x8
 6375	adds	x12, x12, x3
 6376	umulh	x4, x6, x8
 6377	adcs	x13, x13, x4
 6378	#  A[1] * A[3]
 6379	mul	x3, x7, x9
 6380	adcs	x14, x14, x3
 6381	umulh	x15, x7, x9
 6382	adc	x15, x15, xzr
 6383	#  A[1] * A[2]
 6384	mul	x3, x7, x8
 6385	adds	x13, x13, x3
 6386	umulh	x4, x7, x8
 6387	adcs	x14, x14, x4
 6388	#  A[2] * A[3]
 6389	mul	x3, x8, x9
 6390	adcs	x15, x15, x3
 6391	umulh	x16, x8, x9
 6392	adc	x16, x16, xzr
 6393	# Double
 6394	adds	x11, x11, x11
 6395	adcs	x12, x12, x12
 6396	adcs	x13, x13, x13
 6397	adcs	x14, x14, x14
 6398	adcs	x15, x15, x15
 6399	adcs	x16, x16, x16
 6400	adc	x17, xzr, xzr
 6401	#  A[0] * A[0]
 6402	umulh	x4, x6, x6
 6403	mul	x10, x6, x6
 6404	#  A[1] * A[1]
 6405	mul	x3, x7, x7
 6406	adds	x11, x11, x4
 6407	umulh	x4, x7, x7
 6408	adcs	x12, x12, x3
 6409	#  A[2] * A[2]
 6410	mul	x3, x8, x8
 6411	adcs	x13, x13, x4
 6412	umulh	x4, x8, x8
 6413	adcs	x14, x14, x3
 6414	#  A[3] * A[3]
 6415	mul	x3, x9, x9
 6416	adcs	x15, x15, x4
 6417	umulh	x4, x9, x9
 6418	adcs	x16, x16, x3
 6419	adc	x17, x17, x4
 6420	# Reduce
 6421	mov	x3, #38
 6422	mul	x4, x3, x17
 6423	adds	x13, x13, x4
 6424	umulh	x5, x3, x17
 6425	adc	x5, x5, xzr
 6426	mov	x3, #19
 6427	extr	x5, x5, x13, #63
 6428	mul	x5, x5, x3
 6429	and	x13, x13, #0x7fffffffffffffff
 6430	mov	x3, #38
 6431	mul	x4, x3, x14
 6432	adds	x10, x10, x4
 6433	umulh	x14, x3, x14
 6434	mul	x4, x3, x15
 6435	adcs	x11, x11, x4
 6436	umulh	x15, x3, x15
 6437	mul	x4, x3, x16
 6438	adcs	x12, x12, x4
 6439	umulh	x16, x3, x16
 6440	adc	x13, x13, xzr
 6441	#  Add high product results in
 6442	adds	x6, x10, x5
 6443	adcs	x7, x11, x14
 6444	adcs	x8, x12, x15
 6445	adc	x9, x13, x16
 6446	subs	x24, x24, #1
 6447	bne	L_curve25519_inv_3
 6448	# Store
 6449	stp	x6, x7, [x29, #144]
 6450	stp	x8, x9, [x29, #160]
 6451#ifndef NDEBUG
 6452	add	x0, x29, #0x70
 6453#endif /* !NDEBUG */
 6454	add	x1, x29, #0x90
 6455	add	x2, x29, #0x70
 6456#ifndef __APPLE__
 6457	bl	fe_mul
 6458#else
 6459	bl	_fe_mul
 6460#endif /* __APPLE__ */
 6461	# Loop: 10 times
 6462	mov	x24, #10
 6463	ldp	x6, x7, [x29, #112]
 6464	ldp	x8, x9, [x29, #128]
 6465L_curve25519_inv_4:
 6466	# Square
 6467	#  A[0] * A[1]
 6468	umulh	x12, x6, x7
 6469	mul	x11, x6, x7
 6470	#  A[0] * A[3]
 6471	umulh	x14, x6, x9
 6472	mul	x13, x6, x9
 6473	#  A[0] * A[2]
 6474	mul	x3, x6, x8
 6475	adds	x12, x12, x3
 6476	umulh	x4, x6, x8
 6477	adcs	x13, x13, x4
 6478	#  A[1] * A[3]
 6479	mul	x3, x7, x9
 6480	adcs	x14, x14, x3
 6481	umulh	x15, x7, x9
 6482	adc	x15, x15, xzr
 6483	#  A[1] * A[2]
 6484	mul	x3, x7, x8
 6485	adds	x13, x13, x3
 6486	umulh	x4, x7, x8
 6487	adcs	x14, x14, x4
 6488	#  A[2] * A[3]
 6489	mul	x3, x8, x9
 6490	adcs	x15, x15, x3
 6491	umulh	x16, x8, x9
 6492	adc	x16, x16, xzr
 6493	# Double
 6494	adds	x11, x11, x11
 6495	adcs	x12, x12, x12
 6496	adcs	x13, x13, x13
 6497	adcs	x14, x14, x14
 6498	adcs	x15, x15, x15
 6499	adcs	x16, x16, x16
 6500	adc	x17, xzr, xzr
 6501	#  A[0] * A[0]
 6502	umulh	x4, x6, x6
 6503	mul	x10, x6, x6
 6504	#  A[1] * A[1]
 6505	mul	x3, x7, x7
 6506	adds	x11, x11, x4
 6507	umulh	x4, x7, x7
 6508	adcs	x12, x12, x3
 6509	#  A[2] * A[2]
 6510	mul	x3, x8, x8
 6511	adcs	x13, x13, x4
 6512	umulh	x4, x8, x8
 6513	adcs	x14, x14, x3
 6514	#  A[3] * A[3]
 6515	mul	x3, x9, x9
 6516	adcs	x15, x15, x4
 6517	umulh	x4, x9, x9
 6518	adcs	x16, x16, x3
 6519	adc	x17, x17, x4
 6520	# Reduce
 6521	mov	x3, #38
 6522	mul	x4, x3, x17
 6523	adds	x13, x13, x4
 6524	umulh	x5, x3, x17
 6525	adc	x5, x5, xzr
 6526	mov	x3, #19
 6527	extr	x5, x5, x13, #63
 6528	mul	x5, x5, x3
 6529	and	x13, x13, #0x7fffffffffffffff
 6530	mov	x3, #38
 6531	mul	x4, x3, x14
 6532	adds	x10, x10, x4
 6533	umulh	x14, x3, x14
 6534	mul	x4, x3, x15
 6535	adcs	x11, x11, x4
 6536	umulh	x15, x3, x15
 6537	mul	x4, x3, x16
 6538	adcs	x12, x12, x4
 6539	umulh	x16, x3, x16
 6540	adc	x13, x13, xzr
 6541	#  Add high product results in
 6542	adds	x6, x10, x5
 6543	adcs	x7, x11, x14
 6544	adcs	x8, x12, x15
 6545	adc	x9, x13, x16
 6546	subs	x24, x24, #1
 6547	bne	L_curve25519_inv_4
 6548	# Store
 6549	stp	x6, x7, [x29, #112]
 6550	stp	x8, x9, [x29, #128]
 6551	add	x0, x29, #0x50
 6552	add	x1, x29, #0x70
 6553	add	x2, x29, #0x50
 6554#ifndef __APPLE__
 6555	bl	fe_mul
 6556#else
 6557	bl	_fe_mul
 6558#endif /* __APPLE__ */
 6559	# Loop: 50 times
 6560	mov	x24, #50
 6561	ldp	x6, x7, [x29, #80]
 6562	ldp	x8, x9, [x29, #96]
 6563L_curve25519_inv_5:
 6564	# Square
 6565	#  A[0] * A[1]
 6566	umulh	x12, x6, x7
 6567	mul	x11, x6, x7
 6568	#  A[0] * A[3]
 6569	umulh	x14, x6, x9
 6570	mul	x13, x6, x9
 6571	#  A[0] * A[2]
 6572	mul	x3, x6, x8
 6573	adds	x12, x12, x3
 6574	umulh	x4, x6, x8
 6575	adcs	x13, x13, x4
 6576	#  A[1] * A[3]
 6577	mul	x3, x7, x9
 6578	adcs	x14, x14, x3
 6579	umulh	x15, x7, x9
 6580	adc	x15, x15, xzr
 6581	#  A[1] * A[2]
 6582	mul	x3, x7, x8
 6583	adds	x13, x13, x3
 6584	umulh	x4, x7, x8
 6585	adcs	x14, x14, x4
 6586	#  A[2] * A[3]
 6587	mul	x3, x8, x9
 6588	adcs	x15, x15, x3
 6589	umulh	x16, x8, x9
 6590	adc	x16, x16, xzr
 6591	# Double
 6592	adds	x11, x11, x11
 6593	adcs	x12, x12, x12
 6594	adcs	x13, x13, x13
 6595	adcs	x14, x14, x14
 6596	adcs	x15, x15, x15
 6597	adcs	x16, x16, x16
 6598	adc	x17, xzr, xzr
 6599	#  A[0] * A[0]
 6600	umulh	x4, x6, x6
 6601	mul	x10, x6, x6
 6602	#  A[1] * A[1]
 6603	mul	x3, x7, x7
 6604	adds	x11, x11, x4
 6605	umulh	x4, x7, x7
 6606	adcs	x12, x12, x3
 6607	#  A[2] * A[2]
 6608	mul	x3, x8, x8
 6609	adcs	x13, x13, x4
 6610	umulh	x4, x8, x8
 6611	adcs	x14, x14, x3
 6612	#  A[3] * A[3]
 6613	mul	x3, x9, x9
 6614	adcs	x15, x15, x4
 6615	umulh	x4, x9, x9
 6616	adcs	x16, x16, x3
 6617	adc	x17, x17, x4
 6618	# Reduce
 6619	mov	x3, #38
 6620	mul	x4, x3, x17
 6621	adds	x13, x13, x4
 6622	umulh	x5, x3, x17
 6623	adc	x5, x5, xzr
 6624	mov	x3, #19
 6625	extr	x5, x5, x13, #63
 6626	mul	x5, x5, x3
 6627	and	x13, x13, #0x7fffffffffffffff
 6628	mov	x3, #38
 6629	mul	x4, x3, x14
 6630	adds	x10, x10, x4
 6631	umulh	x14, x3, x14
 6632	mul	x4, x3, x15
 6633	adcs	x11, x11, x4
 6634	umulh	x15, x3, x15
 6635	mul	x4, x3, x16
 6636	adcs	x12, x12, x4
 6637	umulh	x16, x3, x16
 6638	adc	x13, x13, xzr
 6639	#  Add high product results in
 6640	adds	x6, x10, x5
 6641	adcs	x7, x11, x14
 6642	adcs	x8, x12, x15
 6643	adc	x9, x13, x16
 6644	subs	x24, x24, #1
 6645	bne	L_curve25519_inv_5
 6646	# Store
 6647	stp	x6, x7, [x29, #112]
 6648	stp	x8, x9, [x29, #128]
 6649	add	x0, x29, #0x70
 6650#ifndef NDEBUG
 6651	add	x1, x29, #0x70
 6652#endif /* !NDEBUG */
 6653	add	x2, x29, #0x50
 6654#ifndef __APPLE__
 6655	bl	fe_mul
 6656#else
 6657	bl	_fe_mul
 6658#endif /* __APPLE__ */
 6659	# Loop: 100 times
 6660	mov	x24, #0x64
 6661	ldp	x6, x7, [x29, #112]
 6662	ldp	x8, x9, [x29, #128]
 6663L_curve25519_inv_6:
 6664	# Square
 6665	#  A[0] * A[1]
 6666	umulh	x12, x6, x7
 6667	mul	x11, x6, x7
 6668	#  A[0] * A[3]
 6669	umulh	x14, x6, x9
 6670	mul	x13, x6, x9
 6671	#  A[0] * A[2]
 6672	mul	x3, x6, x8
 6673	adds	x12, x12, x3
 6674	umulh	x4, x6, x8
 6675	adcs	x13, x13, x4
 6676	#  A[1] * A[3]
 6677	mul	x3, x7, x9
 6678	adcs	x14, x14, x3
 6679	umulh	x15, x7, x9
 6680	adc	x15, x15, xzr
 6681	#  A[1] * A[2]
 6682	mul	x3, x7, x8
 6683	adds	x13, x13, x3
 6684	umulh	x4, x7, x8
 6685	adcs	x14, x14, x4
 6686	#  A[2] * A[3]
 6687	mul	x3, x8, x9
 6688	adcs	x15, x15, x3
 6689	umulh	x16, x8, x9
 6690	adc	x16, x16, xzr
 6691	# Double
 6692	adds	x11, x11, x11
 6693	adcs	x12, x12, x12
 6694	adcs	x13, x13, x13
 6695	adcs	x14, x14, x14
 6696	adcs	x15, x15, x15
 6697	adcs	x16, x16, x16
 6698	adc	x17, xzr, xzr
 6699	#  A[0] * A[0]
 6700	umulh	x4, x6, x6
 6701	mul	x10, x6, x6
 6702	#  A[1] * A[1]
 6703	mul	x3, x7, x7
 6704	adds	x11, x11, x4
 6705	umulh	x4, x7, x7
 6706	adcs	x12, x12, x3
 6707	#  A[2] * A[2]
 6708	mul	x3, x8, x8
 6709	adcs	x13, x13, x4
 6710	umulh	x4, x8, x8
 6711	adcs	x14, x14, x3
 6712	#  A[3] * A[3]
 6713	mul	x3, x9, x9
 6714	adcs	x15, x15, x4
 6715	umulh	x4, x9, x9
 6716	adcs	x16, x16, x3
 6717	adc	x17, x17, x4
 6718	# Reduce
 6719	mov	x3, #38
 6720	mul	x4, x3, x17
 6721	adds	x13, x13, x4
 6722	umulh	x5, x3, x17
 6723	adc	x5, x5, xzr
 6724	mov	x3, #19
 6725	extr	x5, x5, x13, #63
 6726	mul	x5, x5, x3
 6727	and	x13, x13, #0x7fffffffffffffff
 6728	mov	x3, #38
 6729	mul	x4, x3, x14
 6730	adds	x10, x10, x4
 6731	umulh	x14, x3, x14
 6732	mul	x4, x3, x15
 6733	adcs	x11, x11, x4
 6734	umulh	x15, x3, x15
 6735	mul	x4, x3, x16
 6736	adcs	x12, x12, x4
 6737	umulh	x16, x3, x16
 6738	adc	x13, x13, xzr
 6739	#  Add high product results in
 6740	adds	x6, x10, x5
 6741	adcs	x7, x11, x14
 6742	adcs	x8, x12, x15
 6743	adc	x9, x13, x16
 6744	subs	x24, x24, #1
 6745	bne	L_curve25519_inv_6
 6746	# Store
 6747	stp	x6, x7, [x29, #144]
 6748	stp	x8, x9, [x29, #160]
 6749#ifndef NDEBUG
 6750	add	x0, x29, #0x70
 6751#endif /* !NDEBUG */
 6752	add	x1, x29, #0x90
 6753	add	x2, x29, #0x70
 6754#ifndef __APPLE__
 6755	bl	fe_mul
 6756#else
 6757	bl	_fe_mul
 6758#endif /* __APPLE__ */
 6759	# Loop: 50 times
 6760	mov	x24, #50
 6761	ldp	x6, x7, [x29, #112]
 6762	ldp	x8, x9, [x29, #128]
 6763L_curve25519_inv_7:
 6764	# Square
 6765	#  A[0] * A[1]
 6766	umulh	x12, x6, x7
 6767	mul	x11, x6, x7
 6768	#  A[0] * A[3]
 6769	umulh	x14, x6, x9
 6770	mul	x13, x6, x9
 6771	#  A[0] * A[2]
 6772	mul	x3, x6, x8
 6773	adds	x12, x12, x3
 6774	umulh	x4, x6, x8
 6775	adcs	x13, x13, x4
 6776	#  A[1] * A[3]
 6777	mul	x3, x7, x9
 6778	adcs	x14, x14, x3
 6779	umulh	x15, x7, x9
 6780	adc	x15, x15, xzr
 6781	#  A[1] * A[2]
 6782	mul	x3, x7, x8
 6783	adds	x13, x13, x3
 6784	umulh	x4, x7, x8
 6785	adcs	x14, x14, x4
 6786	#  A[2] * A[3]
 6787	mul	x3, x8, x9
 6788	adcs	x15, x15, x3
 6789	umulh	x16, x8, x9
 6790	adc	x16, x16, xzr
 6791	# Double
 6792	adds	x11, x11, x11
 6793	adcs	x12, x12, x12
 6794	adcs	x13, x13, x13
 6795	adcs	x14, x14, x14
 6796	adcs	x15, x15, x15
 6797	adcs	x16, x16, x16
 6798	adc	x17, xzr, xzr
 6799	#  A[0] * A[0]
 6800	umulh	x4, x6, x6
 6801	mul	x10, x6, x6
 6802	#  A[1] * A[1]
 6803	mul	x3, x7, x7
 6804	adds	x11, x11, x4
 6805	umulh	x4, x7, x7
 6806	adcs	x12, x12, x3
 6807	#  A[2] * A[2]
 6808	mul	x3, x8, x8
 6809	adcs	x13, x13, x4
 6810	umulh	x4, x8, x8
 6811	adcs	x14, x14, x3
 6812	#  A[3] * A[3]
 6813	mul	x3, x9, x9
 6814	adcs	x15, x15, x4
 6815	umulh	x4, x9, x9
 6816	adcs	x16, x16, x3
 6817	adc	x17, x17, x4
 6818	# Reduce
 6819	mov	x3, #38
 6820	mul	x4, x3, x17
 6821	adds	x13, x13, x4
 6822	umulh	x5, x3, x17
 6823	adc	x5, x5, xzr
 6824	mov	x3, #19
 6825	extr	x5, x5, x13, #63
 6826	mul	x5, x5, x3
 6827	and	x13, x13, #0x7fffffffffffffff
 6828	mov	x3, #38
 6829	mul	x4, x3, x14
 6830	adds	x10, x10, x4
 6831	umulh	x14, x3, x14
 6832	mul	x4, x3, x15
 6833	adcs	x11, x11, x4
 6834	umulh	x15, x3, x15
 6835	mul	x4, x3, x16
 6836	adcs	x12, x12, x4
 6837	umulh	x16, x3, x16
 6838	adc	x13, x13, xzr
 6839	#  Add high product results in
 6840	adds	x6, x10, x5
 6841	adcs	x7, x11, x14
 6842	adcs	x8, x12, x15
 6843	adc	x9, x13, x16
 6844	subs	x24, x24, #1
 6845	bne	L_curve25519_inv_7
 6846	# Store
 6847	stp	x6, x7, [x29, #112]
 6848	stp	x8, x9, [x29, #128]
 6849	add	x0, x29, #0x50
 6850	add	x1, x29, #0x70
 6851	add	x2, x29, #0x50
 6852#ifndef __APPLE__
 6853	bl	fe_mul
 6854#else
 6855	bl	_fe_mul
 6856#endif /* __APPLE__ */
 6857	# Loop: 5 times
 6858	mov	x24, #5
 6859	ldp	x6, x7, [x29, #80]
 6860	ldp	x8, x9, [x29, #96]
 6861L_curve25519_inv_8:
 6862	# Square
 6863	#  A[0] * A[1]
 6864	umulh	x12, x6, x7
 6865	mul	x11, x6, x7
 6866	#  A[0] * A[3]
 6867	umulh	x14, x6, x9
 6868	mul	x13, x6, x9
 6869	#  A[0] * A[2]
 6870	mul	x3, x6, x8
 6871	adds	x12, x12, x3
 6872	umulh	x4, x6, x8
 6873	adcs	x13, x13, x4
 6874	#  A[1] * A[3]
 6875	mul	x3, x7, x9
 6876	adcs	x14, x14, x3
 6877	umulh	x15, x7, x9
 6878	adc	x15, x15, xzr
 6879	#  A[1] * A[2]
 6880	mul	x3, x7, x8
 6881	adds	x13, x13, x3
 6882	umulh	x4, x7, x8
 6883	adcs	x14, x14, x4
 6884	#  A[2] * A[3]
 6885	mul	x3, x8, x9
 6886	adcs	x15, x15, x3
 6887	umulh	x16, x8, x9
 6888	adc	x16, x16, xzr
 6889	# Double
 6890	adds	x11, x11, x11
 6891	adcs	x12, x12, x12
 6892	adcs	x13, x13, x13
 6893	adcs	x14, x14, x14
 6894	adcs	x15, x15, x15
 6895	adcs	x16, x16, x16
 6896	adc	x17, xzr, xzr
 6897	#  A[0] * A[0]
 6898	umulh	x4, x6, x6
 6899	mul	x10, x6, x6
 6900	#  A[1] * A[1]
 6901	mul	x3, x7, x7
 6902	adds	x11, x11, x4
 6903	umulh	x4, x7, x7
 6904	adcs	x12, x12, x3
 6905	#  A[2] * A[2]
 6906	mul	x3, x8, x8
 6907	adcs	x13, x13, x4
 6908	umulh	x4, x8, x8
 6909	adcs	x14, x14, x3
 6910	#  A[3] * A[3]
 6911	mul	x3, x9, x9
 6912	adcs	x15, x15, x4
 6913	umulh	x4, x9, x9
 6914	adcs	x16, x16, x3
 6915	adc	x17, x17, x4
 6916	# Reduce
 6917	mov	x3, #38
 6918	mul	x4, x3, x17
 6919	adds	x13, x13, x4
 6920	umulh	x5, x3, x17
 6921	adc	x5, x5, xzr
 6922	mov	x3, #19
 6923	extr	x5, x5, x13, #63
 6924	mul	x5, x5, x3
 6925	and	x13, x13, #0x7fffffffffffffff
 6926	mov	x3, #38
 6927	mul	x4, x3, x14
 6928	adds	x10, x10, x4
 6929	umulh	x14, x3, x14
 6930	mul	x4, x3, x15
 6931	adcs	x11, x11, x4
 6932	umulh	x15, x3, x15
 6933	mul	x4, x3, x16
 6934	adcs	x12, x12, x4
 6935	umulh	x16, x3, x16
 6936	adc	x13, x13, xzr
 6937	#  Add high product results in
 6938	adds	x6, x10, x5
 6939	adcs	x7, x11, x14
 6940	adcs	x8, x12, x15
 6941	adc	x9, x13, x16
 6942	subs	x24, x24, #1
 6943	bne	L_curve25519_inv_8
 6944	# Store
 6945	stp	x6, x7, [x29, #80]
 6946	stp	x8, x9, [x29, #96]
 6947	add	x0, x29, #16
 6948	add	x1, x29, #0x50
 6949	add	x2, x29, #48
 6950#ifndef __APPLE__
 6951	bl	fe_mul
 6952#else
 6953	bl	_fe_mul
 6954#endif /* __APPLE__ */
 6955	ldr	x0, [x29, #176]
 6956	# Multiply
 6957	ldp	x6, x7, [x0]
 6958	ldp	x8, x9, [x0, #16]
 6959	ldp	x10, x11, [x29, #16]
 6960	ldp	x12, x13, [x29, #32]
 6961	# A[0] * B[0]
 6962	umulh	x15, x6, x10
 6963	mul	x14, x6, x10
 6964	# A[2] * B[0]
 6965	umulh	x17, x8, x10
 6966	mul	x16, x8, x10
 6967	# A[1] * B[0]
 6968	mul	x3, x7, x10
 6969	adds	x15, x15, x3
 6970	umulh	x4, x7, x10
 6971	adcs	x16, x16, x4
 6972	# A[1] * B[3]
 6973	umulh	x20, x7, x13
 6974	adc	x17, x17, xzr
 6975	mul	x19, x7, x13
 6976	# A[0] * B[1]
 6977	mul	x3, x6, x11
 6978	adds	x15, x15, x3
 6979	umulh	x4, x6, x11
 6980	adcs	x16, x16, x4
 6981	# A[2] * B[1]
 6982	mul	x3, x8, x11
 6983	adcs	x17, x17, x3
 6984	umulh	x4, x8, x11
 6985	adcs	x19, x19, x4
 6986	adc	x20, x20, xzr
 6987	# A[1] * B[2]
 6988	mul	x3, x7, x12
 6989	adds	x17, x17, x3
 6990	umulh	x4, x7, x12
 6991	adcs	x19, x19, x4
 6992	adcs	x20, x20, xzr
 6993	adc	x21, xzr, xzr
 6994	# A[0] * B[2]
 6995	mul	x3, x6, x12
 6996	adds	x16, x16, x3
 6997	umulh	x4, x6, x12
 6998	adcs	x17, x17, x4
 6999	adcs	x19, x19, xzr
 7000	adcs	x20, x20, xzr
 7001	adc	x21, x21, xzr
 7002	# A[1] * B[1]
 7003	mul	x3, x7, x11
 7004	adds	x16, x16, x3
 7005	umulh	x4, x7, x11
 7006	adcs	x17, x17, x4
 7007	# A[3] * B[1]
 7008	mul	x3, x9, x11
 7009	adcs	x19, x19, x3
 7010	umulh	x4, x9, x11
 7011	adcs	x20, x20, x4
 7012	adc	x21, x21, xzr
 7013	# A[2] * B[2]
 7014	mul	x3, x8, x12
 7015	adds	x19, x19, x3
 7016	umulh	x4, x8, x12
 7017	adcs	x20, x20, x4
 7018	# A[3] * B[3]
 7019	mul	x3, x9, x13
 7020	adcs	x21, x21, x3
 7021	umulh	x22, x9, x13
 7022	adc	x22, x22, xzr
 7023	# A[0] * B[3]
 7024	mul	x3, x6, x13
 7025	adds	x17, x17, x3
 7026	umulh	x4, x6, x13
 7027	adcs	x19, x19, x4
 7028	# A[2] * B[3]
 7029	mul	x3, x8, x13
 7030	adcs	x20, x20, x3
 7031	umulh	x4, x8, x13
 7032	adcs	x21, x21, x4
 7033	adc	x22, x22, xzr
 7034	# A[3] * B[0]
 7035	mul	x3, x9, x10
 7036	adds	x17, x17, x3
 7037	umulh	x4, x9, x10
 7038	adcs	x19, x19, x4
 7039	# A[3] * B[2]
 7040	mul	x3, x9, x12
 7041	adcs	x20, x20, x3
 7042	umulh	x4, x9, x12
 7043	adcs	x21, x21, x4
 7044	adc	x22, x22, xzr
 7045	# Reduce
 7046	mov	x3, #38
 7047	mul	x4, x3, x22
 7048	adds	x17, x17, x4
 7049	umulh	x5, x3, x22
 7050	adc	x5, x5, xzr
 7051	mov	x3, #19
 7052	extr	x5, x5, x17, #63
 7053	mul	x5, x5, x3
 7054	and	x17, x17, #0x7fffffffffffffff
 7055	mov	x3, #38
 7056	mul	x4, x3, x19
 7057	adds	x14, x14, x4
 7058	umulh	x19, x3, x19
 7059	mul	x4, x3, x20
 7060	adcs	x15, x15, x4
 7061	umulh	x20, x3, x20
 7062	mul	x4, x3, x21
 7063	adcs	x16, x16, x4
 7064	umulh	x21, x3, x21
 7065	adc	x17, x17, xzr
 7066	#  Add high product results in
 7067	adds	x14, x14, x5
 7068	adcs	x15, x15, x19
 7069	adcs	x16, x16, x20
 7070	adc	x17, x17, x21
 7071	# Reduce if top bit set
 7072	mov	x3, #19
 7073	and	x4, x3, x17, asr 63
 7074	adds	x14, x14, x4
 7075	adcs	x15, x15, xzr
 7076	and	x17, x17, #0x7fffffffffffffff
 7077	adcs	x16, x16, xzr
 7078	adc	x17, x17, xzr
 7079	adds	x4, x14, x3
 7080	adcs	x4, x15, xzr
 7081	adcs	x4, x16, xzr
 7082	adc	x4, x17, xzr
 7083	and	x4, x3, x4, asr 63
 7084	adds	x14, x14, x4
 7085	adcs	x15, x15, xzr
 7086	mov	x4, #0x7fffffffffffffff
 7087	adcs	x16, x16, xzr
 7088	adc	x17, x17, xzr
 7089	and	x17, x17, x4
 7090	# Store
 7091	stp	x14, x15, [x0]
 7092	stp	x16, x17, [x0, #16]
 7093	mov	x0, xzr
 7094	ldp	x17, x19, [x29, #200]
 7095	ldp	x20, x21, [x29, #216]
 7096	ldp	x22, x23, [x29, #232]
 7097	ldp	x24, x25, [x29, #248]
 7098	ldp	x26, x27, [x29, #264]
 7099	ldr	x28, [x29, #280]
 7100	ldp	x29, x30, [sp], #0x120
 7101	ret
 7102#ifndef __APPLE__
 7103	.size	curve25519,.-curve25519
 7104#endif /* __APPLE__ */
 7105#ifndef __APPLE__
 7106.text
 7107.globl	fe_pow22523
 7108.type	fe_pow22523,@function
 7109.align	2
 7110fe_pow22523:
 7111#else
 7112.section	__TEXT,__text
 7113.globl	_fe_pow22523
 7114.p2align	2
 7115_fe_pow22523:
 7116#endif /* __APPLE__ */
 7117	stp	x29, x30, [sp, #-144]!
 7118	add	x29, sp, #0
 7119	stp	x17, x23, [x29, #128]
 7120	# pow22523
 7121	str	x0, [x29, #112]
 7122	str	x1, [x29, #120]
 7123	add	x0, x29, #16
 7124#ifndef NDEBUG
 7125	ldr	x1, [x29, #120]
 7126#endif /* !NDEBUG */
 7127#ifndef __APPLE__
 7128	bl	fe_sq
 7129#else
 7130	bl	_fe_sq
 7131#endif /* __APPLE__ */
 7132	add	x0, x29, #48
 7133	add	x1, x29, #16
 7134#ifndef __APPLE__
 7135	bl	fe_sq
 7136#else
 7137	bl	_fe_sq
 7138#endif /* __APPLE__ */
 7139#ifndef NDEBUG
 7140	add	x0, x29, #48
 7141#endif /* !NDEBUG */
 7142	add	x1, x29, #48
 7143#ifndef __APPLE__
 7144	bl	fe_sq
 7145#else
 7146	bl	_fe_sq
 7147#endif /* __APPLE__ */
 7148#ifndef NDEBUG
 7149	add	x0, x29, #48
 7150#endif /* !NDEBUG */
 7151	ldr	x1, [x29, #120]
 7152	add	x2, x29, #48
 7153#ifndef __APPLE__
 7154	bl	fe_mul
 7155#else
 7156	bl	_fe_mul
 7157#endif /* __APPLE__ */
 7158	add	x0, x29, #16
 7159	add	x1, x29, #16
 7160	add	x2, x29, #48
 7161#ifndef __APPLE__
 7162	bl	fe_mul
 7163#else
 7164	bl	_fe_mul
 7165#endif /* __APPLE__ */
 7166#ifndef NDEBUG
 7167	add	x0, x29, #16
 7168#endif /* !NDEBUG */
 7169#ifndef NDEBUG
 7170	add	x1, x29, #16
 7171#endif /* !NDEBUG */
 7172#ifndef __APPLE__
 7173	bl	fe_sq
 7174#else
 7175	bl	_fe_sq
 7176#endif /* __APPLE__ */
 7177#ifndef NDEBUG
 7178	add	x0, x29, #16
 7179#endif /* !NDEBUG */
 7180	add	x1, x29, #48
 7181	add	x2, x29, #16
 7182#ifndef __APPLE__
 7183	bl	fe_mul
 7184#else
 7185	bl	_fe_mul
 7186#endif /* __APPLE__ */
 7187	# Loop: 5 times
 7188	mov	x23, #5
 7189	ldp	x6, x7, [x29, #16]
 7190	ldp	x8, x9, [x29, #32]
 7191L_fe_pow22523_1:
 7192	# Square
 7193	#  A[0] * A[1]
 7194	umulh	x12, x6, x7
 7195	mul	x11, x6, x7
 7196	#  A[0] * A[3]
 7197	umulh	x14, x6, x9
 7198	mul	x13, x6, x9
 7199	#  A[0] * A[2]
 7200	mul	x3, x6, x8
 7201	adds	x12, x12, x3
 7202	umulh	x4, x6, x8
 7203	adcs	x13, x13, x4
 7204	#  A[1] * A[3]
 7205	mul	x3, x7, x9
 7206	adcs	x14, x14, x3
 7207	umulh	x15, x7, x9
 7208	adc	x15, x15, xzr
 7209	#  A[1] * A[2]
 7210	mul	x3, x7, x8
 7211	adds	x13, x13, x3
 7212	umulh	x4, x7, x8
 7213	adcs	x14, x14, x4
 7214	#  A[2] * A[3]
 7215	mul	x3, x8, x9
 7216	adcs	x15, x15, x3
 7217	umulh	x16, x8, x9
 7218	adc	x16, x16, xzr
 7219	# Double
 7220	adds	x11, x11, x11
 7221	adcs	x12, x12, x12
 7222	adcs	x13, x13, x13
 7223	adcs	x14, x14, x14
 7224	adcs	x15, x15, x15
 7225	adcs	x16, x16, x16
 7226	adc	x17, xzr, xzr
 7227	#  A[0] * A[0]
 7228	umulh	x4, x6, x6
 7229	mul	x10, x6, x6
 7230	#  A[1] * A[1]
 7231	mul	x3, x7, x7
 7232	adds	x11, x11, x4
 7233	umulh	x4, x7, x7
 7234	adcs	x12, x12, x3
 7235	#  A[2] * A[2]
 7236	mul	x3, x8, x8
 7237	adcs	x13, x13, x4
 7238	umulh	x4, x8, x8
 7239	adcs	x14, x14, x3
 7240	#  A[3] * A[3]
 7241	mul	x3, x9, x9
 7242	adcs	x15, x15, x4
 7243	umulh	x4, x9, x9
 7244	adcs	x16, x16, x3
 7245	adc	x17, x17, x4
 7246	# Reduce
 7247	mov	x3, #38
 7248	mul	x4, x3, x17
 7249	adds	x13, x13, x4
 7250	umulh	x5, x3, x17
 7251	adc	x5, x5, xzr
 7252	mov	x3, #19
 7253	extr	x5, x5, x13, #63
 7254	mul	x5, x5, x3
 7255	and	x13, x13, #0x7fffffffffffffff
 7256	mov	x3, #38
 7257	mul	x4, x3, x14
 7258	adds	x10, x10, x4
 7259	umulh	x14, x3, x14
 7260	mul	x4, x3, x15
 7261	adcs	x11, x11, x4
 7262	umulh	x15, x3, x15
 7263	mul	x4, x3, x16
 7264	adcs	x12, x12, x4
 7265	umulh	x16, x3, x16
 7266	adc	x13, x13, xzr
 7267	#  Add high product results in
 7268	adds	x6, x10, x5
 7269	adcs	x7, x11, x14
 7270	adcs	x8, x12, x15
 7271	adc	x9, x13, x16
 7272	subs	x23, x23, #1
 7273	bne	L_fe_pow22523_1
 7274	# Store
 7275	stp	x6, x7, [x29, #48]
 7276	stp	x8, x9, [x29, #64]
 7277#ifndef NDEBUG
 7278	add	x0, x29, #16
 7279#endif /* !NDEBUG */
 7280#ifndef NDEBUG
 7281	add	x1, x29, #48
 7282#endif /* !NDEBUG */
 7283	add	x2, x29, #16
 7284#ifndef __APPLE__
 7285	bl	fe_mul
 7286#else
 7287	bl	_fe_mul
 7288#endif /* __APPLE__ */
 7289	# Loop: 10 times
 7290	mov	x23, #10
 7291	ldp	x6, x7, [x29, #16]
 7292	ldp	x8, x9, [x29, #32]
 7293L_fe_pow22523_2:
 7294	# Square
 7295	#  A[0] * A[1]
 7296	umulh	x12, x6, x7
 7297	mul	x11, x6, x7
 7298	#  A[0] * A[3]
 7299	umulh	x14, x6, x9
 7300	mul	x13, x6, x9
 7301	#  A[0] * A[2]
 7302	mul	x3, x6, x8
 7303	adds	x12, x12, x3
 7304	umulh	x4, x6, x8
 7305	adcs	x13, x13, x4
 7306	#  A[1] * A[3]
 7307	mul	x3, x7, x9
 7308	adcs	x14, x14, x3
 7309	umulh	x15, x7, x9
 7310	adc	x15, x15, xzr
 7311	#  A[1] * A[2]
 7312	mul	x3, x7, x8
 7313	adds	x13, x13, x3
 7314	umulh	x4, x7, x8
 7315	adcs	x14, x14, x4
 7316	#  A[2] * A[3]
 7317	mul	x3, x8, x9
 7318	adcs	x15, x15, x3
 7319	umulh	x16, x8, x9
 7320	adc	x16, x16, xzr
 7321	# Double
 7322	adds	x11, x11, x11
 7323	adcs	x12, x12, x12
 7324	adcs	x13, x13, x13
 7325	adcs	x14, x14, x14
 7326	adcs	x15, x15, x15
 7327	adcs	x16, x16, x16
 7328	adc	x17, xzr, xzr
 7329	#  A[0] * A[0]
 7330	umulh	x4, x6, x6
 7331	mul	x10, x6, x6
 7332	#  A[1] * A[1]
 7333	mul	x3, x7, x7
 7334	adds	x11, x11, x4
 7335	umulh	x4, x7, x7
 7336	adcs	x12, x12, x3
 7337	#  A[2] * A[2]
 7338	mul	x3, x8, x8
 7339	adcs	x13, x13, x4
 7340	umulh	x4, x8, x8
 7341	adcs	x14, x14, x3
 7342	#  A[3] * A[3]
 7343	mul	x3, x9, x9
 7344	adcs	x15, x15, x4
 7345	umulh	x4, x9, x9
 7346	adcs	x16, x16, x3
 7347	adc	x17, x17, x4
 7348	# Reduce
 7349	mov	x3, #38
 7350	mul	x4, x3, x17
 7351	adds	x13, x13, x4
 7352	umulh	x5, x3, x17
 7353	adc	x5, x5, xzr
 7354	mov	x3, #19
 7355	extr	x5, x5, x13, #63
 7356	mul	x5, x5, x3
 7357	and	x13, x13, #0x7fffffffffffffff
 7358	mov	x3, #38
 7359	mul	x4, x3, x14
 7360	adds	x10, x10, x4
 7361	umulh	x14, x3, x14
 7362	mul	x4, x3, x15
 7363	adcs	x11, x11, x4
 7364	umulh	x15, x3, x15
 7365	mul	x4, x3, x16
 7366	adcs	x12, x12, x4
 7367	umulh	x16, x3, x16
 7368	adc	x13, x13, xzr
 7369	#  Add high product results in
 7370	adds	x6, x10, x5
 7371	adcs	x7, x11, x14
 7372	adcs	x8, x12, x15
 7373	adc	x9, x13, x16
 7374	subs	x23, x23, #1
 7375	bne	L_fe_pow22523_2
 7376	# Store
 7377	stp	x6, x7, [x29, #48]
 7378	stp	x8, x9, [x29, #64]
 7379	add	x0, x29, #48
 7380#ifndef NDEBUG
 7381	add	x1, x29, #48
 7382#endif /* !NDEBUG */
 7383	add	x2, x29, #16
 7384#ifndef __APPLE__
 7385	bl	fe_mul
 7386#else
 7387	bl	_fe_mul
 7388#endif /* __APPLE__ */
 7389	# Loop: 20 times
 7390	mov	x23, #20
 7391	ldp	x6, x7, [x29, #48]
 7392	ldp	x8, x9, [x29, #64]
 7393L_fe_pow22523_3:
 7394	# Square
 7395	#  A[0] * A[1]
 7396	umulh	x12, x6, x7
 7397	mul	x11, x6, x7
 7398	#  A[0] * A[3]
 7399	umulh	x14, x6, x9
 7400	mul	x13, x6, x9
 7401	#  A[0] * A[2]
 7402	mul	x3, x6, x8
 7403	adds	x12, x12, x3
 7404	umulh	x4, x6, x8
 7405	adcs	x13, x13, x4
 7406	#  A[1] * A[3]
 7407	mul	x3, x7, x9
 7408	adcs	x14, x14, x3
 7409	umulh	x15, x7, x9
 7410	adc	x15, x15, xzr
 7411	#  A[1] * A[2]
 7412	mul	x3, x7, x8
 7413	adds	x13, x13, x3
 7414	umulh	x4, x7, x8
 7415	adcs	x14, x14, x4
 7416	#  A[2] * A[3]
 7417	mul	x3, x8, x9
 7418	adcs	x15, x15, x3
 7419	umulh	x16, x8, x9
 7420	adc	x16, x16, xzr
 7421	# Double
 7422	adds	x11, x11, x11
 7423	adcs	x12, x12, x12
 7424	adcs	x13, x13, x13
 7425	adcs	x14, x14, x14
 7426	adcs	x15, x15, x15
 7427	adcs	x16, x16, x16
 7428	adc	x17, xzr, xzr
 7429	#  A[0] * A[0]
 7430	umulh	x4, x6, x6
 7431	mul	x10, x6, x6
 7432	#  A[1] * A[1]
 7433	mul	x3, x7, x7
 7434	adds	x11, x11, x4
 7435	umulh	x4, x7, x7
 7436	adcs	x12, x12, x3
 7437	#  A[2] * A[2]
 7438	mul	x3, x8, x8
 7439	adcs	x13, x13, x4
 7440	umulh	x4, x8, x8
 7441	adcs	x14, x14, x3
 7442	#  A[3] * A[3]
 7443	mul	x3, x9, x9
 7444	adcs	x15, x15, x4
 7445	umulh	x4, x9, x9
 7446	adcs	x16, x16, x3
 7447	adc	x17, x17, x4
 7448	# Reduce
 7449	mov	x3, #38
 7450	mul	x4, x3, x17
 7451	adds	x13, x13, x4
 7452	umulh	x5, x3, x17
 7453	adc	x5, x5, xzr
 7454	mov	x3, #19
 7455	extr	x5, x5, x13, #63
 7456	mul	x5, x5, x3
 7457	and	x13, x13, #0x7fffffffffffffff
 7458	mov	x3, #38
 7459	mul	x4, x3, x14
 7460	adds	x10, x10, x4
 7461	umulh	x14, x3, x14
 7462	mul	x4, x3, x15
 7463	adcs	x11, x11, x4
 7464	umulh	x15, x3, x15
 7465	mul	x4, x3, x16
 7466	adcs	x12, x12, x4
 7467	umulh	x16, x3, x16
 7468	adc	x13, x13, xzr
 7469	#  Add high product results in
 7470	adds	x6, x10, x5
 7471	adcs	x7, x11, x14
 7472	adcs	x8, x12, x15
 7473	adc	x9, x13, x16
 7474	subs	x23, x23, #1
 7475	bne	L_fe_pow22523_3
 7476	# Store
 7477	stp	x6, x7, [x29, #80]
 7478	stp	x8, x9, [x29, #96]
 7479#ifndef NDEBUG
 7480	add	x0, x29, #48
 7481#endif /* !NDEBUG */
 7482	add	x1, x29, #0x50
 7483	add	x2, x29, #48
 7484#ifndef __APPLE__
 7485	bl	fe_mul
 7486#else
 7487	bl	_fe_mul
 7488#endif /* __APPLE__ */
 7489	# Loop: 10 times
 7490	mov	x23, #10
 7491	ldp	x6, x7, [x29, #48]
 7492	ldp	x8, x9, [x29, #64]
 7493L_fe_pow22523_4:
 7494	# Square
 7495	#  A[0] * A[1]
 7496	umulh	x12, x6, x7
 7497	mul	x11, x6, x7
 7498	#  A[0] * A[3]
 7499	umulh	x14, x6, x9
 7500	mul	x13, x6, x9
 7501	#  A[0] * A[2]
 7502	mul	x3, x6, x8
 7503	adds	x12, x12, x3
 7504	umulh	x4, x6, x8
 7505	adcs	x13, x13, x4
 7506	#  A[1] * A[3]
 7507	mul	x3, x7, x9
 7508	adcs	x14, x14, x3
 7509	umulh	x15, x7, x9
 7510	adc	x15, x15, xzr
 7511	#  A[1] * A[2]
 7512	mul	x3, x7, x8
 7513	adds	x13, x13, x3
 7514	umulh	x4, x7, x8
 7515	adcs	x14, x14, x4
 7516	#  A[2] * A[3]
 7517	mul	x3, x8, x9
 7518	adcs	x15, x15, x3
 7519	umulh	x16, x8, x9
 7520	adc	x16, x16, xzr
 7521	# Double
 7522	adds	x11, x11, x11
 7523	adcs	x12, x12, x12
 7524	adcs	x13, x13, x13
 7525	adcs	x14, x14, x14
 7526	adcs	x15, x15, x15
 7527	adcs	x16, x16, x16
 7528	adc	x17, xzr, xzr
 7529	#  A[0] * A[0]
 7530	umulh	x4, x6, x6
 7531	mul	x10, x6, x6
 7532	#  A[1] * A[1]
 7533	mul	x3, x7, x7
 7534	adds	x11, x11, x4
 7535	umulh	x4, x7, x7
 7536	adcs	x12, x12, x3
 7537	#  A[2] * A[2]
 7538	mul	x3, x8, x8
 7539	adcs	x13, x13, x4
 7540	umulh	x4, x8, x8
 7541	adcs	x14, x14, x3
 7542	#  A[3] * A[3]
 7543	mul	x3, x9, x9
 7544	adcs	x15, x15, x4
 7545	umulh	x4, x9, x9
 7546	adcs	x16, x16, x3
 7547	adc	x17, x17, x4
 7548	# Reduce
 7549	mov	x3, #38
 7550	mul	x4, x3, x17
 7551	adds	x13, x13, x4
 7552	umulh	x5, x3, x17
 7553	adc	x5, x5, xzr
 7554	mov	x3, #19
 7555	extr	x5, x5, x13, #63
 7556	mul	x5, x5, x3
 7557	and	x13, x13, #0x7fffffffffffffff
 7558	mov	x3, #38
 7559	mul	x4, x3, x14
 7560	adds	x10, x10, x4
 7561	umulh	x14, x3, x14
 7562	mul	x4, x3, x15
 7563	adcs	x11, x11, x4
 7564	umulh	x15, x3, x15
 7565	mul	x4, x3, x16
 7566	adcs	x12, x12, x4
 7567	umulh	x16, x3, x16
 7568	adc	x13, x13, xzr
 7569	#  Add high product results in
 7570	adds	x6, x10, x5
 7571	adcs	x7, x11, x14
 7572	adcs	x8, x12, x15
 7573	adc	x9, x13, x16
 7574	subs	x23, x23, #1
 7575	bne	L_fe_pow22523_4
 7576	# Store
 7577	stp	x6, x7, [x29, #48]
 7578	stp	x8, x9, [x29, #64]
 7579	add	x0, x29, #16
 7580	add	x1, x29, #48
 7581	add	x2, x29, #16
 7582#ifndef __APPLE__
 7583	bl	fe_mul
 7584#else
 7585	bl	_fe_mul
 7586#endif /* __APPLE__ */
 7587	# Loop: 50 times
 7588	mov	x23, #50
 7589	ldp	x6, x7, [x29, #16]
 7590	ldp	x8, x9, [x29, #32]
 7591L_fe_pow22523_5:
 7592	# Square
 7593	#  A[0] * A[1]
 7594	umulh	x12, x6, x7
 7595	mul	x11, x6, x7
 7596	#  A[0] * A[3]
 7597	umulh	x14, x6, x9
 7598	mul	x13, x6, x9
 7599	#  A[0] * A[2]
 7600	mul	x3, x6, x8
 7601	adds	x12, x12, x3
 7602	umulh	x4, x6, x8
 7603	adcs	x13, x13, x4
 7604	#  A[1] * A[3]
 7605	mul	x3, x7, x9
 7606	adcs	x14, x14, x3
 7607	umulh	x15, x7, x9
 7608	adc	x15, x15, xzr
 7609	#  A[1] * A[2]
 7610	mul	x3, x7, x8
 7611	adds	x13, x13, x3
 7612	umulh	x4, x7, x8
 7613	adcs	x14, x14, x4
 7614	#  A[2] * A[3]
 7615	mul	x3, x8, x9
 7616	adcs	x15, x15, x3
 7617	umulh	x16, x8, x9
 7618	adc	x16, x16, xzr
 7619	# Double
 7620	adds	x11, x11, x11
 7621	adcs	x12, x12, x12
 7622	adcs	x13, x13, x13
 7623	adcs	x14, x14, x14
 7624	adcs	x15, x15, x15
 7625	adcs	x16, x16, x16
 7626	adc	x17, xzr, xzr
 7627	#  A[0] * A[0]
 7628	umulh	x4, x6, x6
 7629	mul	x10, x6, x6
 7630	#  A[1] * A[1]
 7631	mul	x3, x7, x7
 7632	adds	x11, x11, x4
 7633	umulh	x4, x7, x7
 7634	adcs	x12, x12, x3
 7635	#  A[2] * A[2]
 7636	mul	x3, x8, x8
 7637	adcs	x13, x13, x4
 7638	umulh	x4, x8, x8
 7639	adcs	x14, x14, x3
 7640	#  A[3] * A[3]
 7641	mul	x3, x9, x9
 7642	adcs	x15, x15, x4
 7643	umulh	x4, x9, x9
 7644	adcs	x16, x16, x3
 7645	adc	x17, x17, x4
 7646	# Reduce
 7647	mov	x3, #38
 7648	mul	x4, x3, x17
 7649	adds	x13, x13, x4
 7650	umulh	x5, x3, x17
 7651	adc	x5, x5, xzr
 7652	mov	x3, #19
 7653	extr	x5, x5, x13, #63
 7654	mul	x5, x5, x3
 7655	and	x13, x13, #0x7fffffffffffffff
 7656	mov	x3, #38
 7657	mul	x4, x3, x14
 7658	adds	x10, x10, x4
 7659	umulh	x14, x3, x14
 7660	mul	x4, x3, x15
 7661	adcs	x11, x11, x4
 7662	umulh	x15, x3, x15
 7663	mul	x4, x3, x16
 7664	adcs	x12, x12, x4
 7665	umulh	x16, x3, x16
 7666	adc	x13, x13, xzr
 7667	#  Add high product results in
 7668	adds	x6, x10, x5
 7669	adcs	x7, x11, x14
 7670	adcs	x8, x12, x15
 7671	adc	x9, x13, x16
 7672	subs	x23, x23, #1
 7673	bne	L_fe_pow22523_5
 7674	# Store
 7675	stp	x6, x7, [x29, #48]
 7676	stp	x8, x9, [x29, #64]
 7677	add	x0, x29, #48
 7678#ifndef NDEBUG
 7679	add	x1, x29, #48
 7680#endif /* !NDEBUG */
 7681	add	x2, x29, #16
 7682#ifndef __APPLE__
 7683	bl	fe_mul
 7684#else
 7685	bl	_fe_mul
 7686#endif /* __APPLE__ */
 7687	# Loop: 100 times
 7688	mov	x23, #0x64
 7689	ldp	x6, x7, [x29, #48]
 7690	ldp	x8, x9, [x29, #64]
 7691L_fe_pow22523_6:
 7692	# Square
 7693	#  A[0] * A[1]
 7694	umulh	x12, x6, x7
 7695	mul	x11, x6, x7
 7696	#  A[0] * A[3]
 7697	umulh	x14, x6, x9
 7698	mul	x13, x6, x9
 7699	#  A[0] * A[2]
 7700	mul	x3, x6, x8
 7701	adds	x12, x12, x3
 7702	umulh	x4, x6, x8
 7703	adcs	x13, x13, x4
 7704	#  A[1] * A[3]
 7705	mul	x3, x7, x9
 7706	adcs	x14, x14, x3
 7707	umulh	x15, x7, x9
 7708	adc	x15, x15, xzr
 7709	#  A[1] * A[2]
 7710	mul	x3, x7, x8
 7711	adds	x13, x13, x3
 7712	umulh	x4, x7, x8
 7713	adcs	x14, x14, x4
 7714	#  A[2] * A[3]
 7715	mul	x3, x8, x9
 7716	adcs	x15, x15, x3
 7717	umulh	x16, x8, x9
 7718	adc	x16, x16, xzr
 7719	# Double
 7720	adds	x11, x11, x11
 7721	adcs	x12, x12, x12
 7722	adcs	x13, x13, x13
 7723	adcs	x14, x14, x14
 7724	adcs	x15, x15, x15
 7725	adcs	x16, x16, x16
 7726	adc	x17, xzr, xzr
 7727	#  A[0] * A[0]
 7728	umulh	x4, x6, x6
 7729	mul	x10, x6, x6
 7730	#  A[1] * A[1]
 7731	mul	x3, x7, x7
 7732	adds	x11, x11, x4
 7733	umulh	x4, x7, x7
 7734	adcs	x12, x12, x3
 7735	#  A[2] * A[2]
 7736	mul	x3, x8, x8
 7737	adcs	x13, x13, x4
 7738	umulh	x4, x8, x8
 7739	adcs	x14, x14, x3
 7740	#  A[3] * A[3]
 7741	mul	x3, x9, x9
 7742	adcs	x15, x15, x4
 7743	umulh	x4, x9, x9
 7744	adcs	x16, x16, x3
 7745	adc	x17, x17, x4
 7746	# Reduce
 7747	mov	x3, #38
 7748	mul	x4, x3, x17
 7749	adds	x13, x13, x4
 7750	umulh	x5, x3, x17
 7751	adc	x5, x5, xzr
 7752	mov	x3, #19
 7753	extr	x5, x5, x13, #63
 7754	mul	x5, x5, x3
 7755	and	x13, x13, #0x7fffffffffffffff
 7756	mov	x3, #38
 7757	mul	x4, x3, x14
 7758	adds	x10, x10, x4
 7759	umulh	x14, x3, x14
 7760	mul	x4, x3, x15
 7761	adcs	x11, x11, x4
 7762	umulh	x15, x3, x15
 7763	mul	x4, x3, x16
 7764	adcs	x12, x12, x4
 7765	umulh	x16, x3, x16
 7766	adc	x13, x13, xzr
 7767	#  Add high product results in
 7768	adds	x6, x10, x5
 7769	adcs	x7, x11, x14
 7770	adcs	x8, x12, x15
 7771	adc	x9, x13, x16
 7772	subs	x23, x23, #1
 7773	bne	L_fe_pow22523_6
 7774	# Store
 7775	stp	x6, x7, [x29, #80]
 7776	stp	x8, x9, [x29, #96]
 7777#ifndef NDEBUG
 7778	add	x0, x29, #48
 7779#endif /* !NDEBUG */
 7780	add	x1, x29, #0x50
 7781	add	x2, x29, #48
 7782#ifndef __APPLE__
 7783	bl	fe_mul
 7784#else
 7785	bl	_fe_mul
 7786#endif /* __APPLE__ */
 7787	# Loop: 50 times
 7788	mov	x23, #50
 7789	ldp	x6, x7, [x29, #48]
 7790	ldp	x8, x9, [x29, #64]
 7791L_fe_pow22523_7:
 7792	# Square
 7793	#  A[0] * A[1]
 7794	umulh	x12, x6, x7
 7795	mul	x11, x6, x7
 7796	#  A[0] * A[3]
 7797	umulh	x14, x6, x9
 7798	mul	x13, x6, x9
 7799	#  A[0] * A[2]
 7800	mul	x3, x6, x8
 7801	adds	x12, x12, x3
 7802	umulh	x4, x6, x8
 7803	adcs	x13, x13, x4
 7804	#  A[1] * A[3]
 7805	mul	x3, x7, x9
 7806	adcs	x14, x14, x3
 7807	umulh	x15, x7, x9
 7808	adc	x15, x15, xzr
 7809	#  A[1] * A[2]
 7810	mul	x3, x7, x8
 7811	adds	x13, x13, x3
 7812	umulh	x4, x7, x8
 7813	adcs	x14, x14, x4
 7814	#  A[2] * A[3]
 7815	mul	x3, x8, x9
 7816	adcs	x15, x15, x3
 7817	umulh	x16, x8, x9
 7818	adc	x16, x16, xzr
 7819	# Double
 7820	adds	x11, x11, x11
 7821	adcs	x12, x12, x12
 7822	adcs	x13, x13, x13
 7823	adcs	x14, x14, x14
 7824	adcs	x15, x15, x15
 7825	adcs	x16, x16, x16
 7826	adc	x17, xzr, xzr
 7827	#  A[0] * A[0]
 7828	umulh	x4, x6, x6
 7829	mul	x10, x6, x6
 7830	#  A[1] * A[1]
 7831	mul	x3, x7, x7
 7832	adds	x11, x11, x4
 7833	umulh	x4, x7, x7
 7834	adcs	x12, x12, x3
 7835	#  A[2] * A[2]
 7836	mul	x3, x8, x8
 7837	adcs	x13, x13, x4
 7838	umulh	x4, x8, x8
 7839	adcs	x14, x14, x3
 7840	#  A[3] * A[3]
 7841	mul	x3, x9, x9
 7842	adcs	x15, x15, x4
 7843	umulh	x4, x9, x9
 7844	adcs	x16, x16, x3
 7845	adc	x17, x17, x4
 7846	# Reduce
 7847	mov	x3, #38
 7848	mul	x4, x3, x17
 7849	adds	x13, x13, x4
 7850	umulh	x5, x3, x17
 7851	adc	x5, x5, xzr
 7852	mov	x3, #19
 7853	extr	x5, x5, x13, #63
 7854	mul	x5, x5, x3
 7855	and	x13, x13, #0x7fffffffffffffff
 7856	mov	x3, #38
 7857	mul	x4, x3, x14
 7858	adds	x10, x10, x4
 7859	umulh	x14, x3, x14
 7860	mul	x4, x3, x15
 7861	adcs	x11, x11, x4
 7862	umulh	x15, x3, x15
 7863	mul	x4, x3, x16
 7864	adcs	x12, x12, x4
 7865	umulh	x16, x3, x16
 7866	adc	x13, x13, xzr
 7867	#  Add high product results in
 7868	adds	x6, x10, x5
 7869	adcs	x7, x11, x14
 7870	adcs	x8, x12, x15
 7871	adc	x9, x13, x16
 7872	subs	x23, x23, #1
 7873	bne	L_fe_pow22523_7
 7874	# Store
 7875	stp	x6, x7, [x29, #48]
 7876	stp	x8, x9, [x29, #64]
 7877	add	x0, x29, #16
 7878	add	x1, x29, #48
 7879	add	x2, x29, #16
 7880#ifndef __APPLE__
 7881	bl	fe_mul
 7882#else
 7883	bl	_fe_mul
 7884#endif /* __APPLE__ */
 7885#ifndef NDEBUG
 7886	add	x0, x29, #16
 7887#endif /* !NDEBUG */
 7888	add	x1, x29, #16
 7889#ifndef __APPLE__
 7890	bl	fe_sq
 7891#else
 7892	bl	_fe_sq
 7893#endif /* __APPLE__ */
 7894#ifndef __APPLE__
 7895	bl	fe_sq
 7896#else
 7897	bl	_fe_sq
 7898#endif /* __APPLE__ */
 7899	ldr	x0, [x29, #112]
 7900#ifndef NDEBUG
 7901	add	x1, x29, #16
 7902#endif /* !NDEBUG */
 7903	ldr	x2, [x29, #120]
 7904#ifndef __APPLE__
 7905	bl	fe_mul
 7906#else
 7907	bl	_fe_mul
 7908#endif /* __APPLE__ */
 7909	ldp	x17, x23, [x29, #128]
 7910	ldp	x29, x30, [sp], #0x90
 7911	ret
 7912#ifndef __APPLE__
 7913	.size	fe_pow22523,.-fe_pow22523
 7914#endif /* __APPLE__ */
 7915#ifndef __APPLE__
 7916.text
 7917.globl	ge_p1p1_to_p2
 7918.type	ge_p1p1_to_p2,@function
 7919.align	2
 7920ge_p1p1_to_p2:
 7921#else
 7922.section	__TEXT,__text
 7923.globl	_ge_p1p1_to_p2
 7924.p2align	2
 7925_ge_p1p1_to_p2:
 7926#endif /* __APPLE__ */
 7927	stp	x29, x30, [sp, #-80]!
 7928	add	x29, sp, #0
 7929	stp	x17, x19, [x29, #40]
 7930	stp	x20, x21, [x29, #56]
 7931	str	x22, [x29, #72]
 7932	str	x0, [x29, #16]
 7933	str	x1, [x29, #24]
 7934	mov	x2, x1
 7935	add	x1, x1, #0x60
 7936	# Multiply
 7937	ldp	x10, x11, [x1]
 7938	ldp	x12, x13, [x1, #16]
 7939	ldp	x6, x7, [x2]
 7940	ldp	x8, x9, [x2, #16]
 7941	# A[0] * B[0]
 7942	umulh	x15, x10, x6
 7943	mul	x14, x10, x6
 7944	# A[2] * B[0]
 7945	umulh	x17, x12, x6
 7946	mul	x16, x12, x6
 7947	# A[1] * B[0]
 7948	mul	x3, x11, x6
 7949	adds	x15, x15, x3
 7950	umulh	x4, x11, x6
 7951	adcs	x16, x16, x4
 7952	# A[1] * B[3]
 7953	umulh	x20, x11, x9
 7954	adc	x17, x17, xzr
 7955	mul	x19, x11, x9
 7956	# A[0] * B[1]
 7957	mul	x3, x10, x7
 7958	adds	x15, x15, x3
 7959	umulh	x4, x10, x7
 7960	adcs	x16, x16, x4
 7961	# A[2] * B[1]
 7962	mul	x3, x12, x7
 7963	adcs	x17, x17, x3
 7964	umulh	x4, x12, x7
 7965	adcs	x19, x19, x4
 7966	adc	x20, x20, xzr
 7967	# A[1] * B[2]
 7968	mul	x3, x11, x8
 7969	adds	x17, x17, x3
 7970	umulh	x4, x11, x8
 7971	adcs	x19, x19, x4
 7972	adcs	x20, x20, xzr
 7973	adc	x21, xzr, xzr
 7974	# A[0] * B[2]
 7975	mul	x3, x10, x8
 7976	adds	x16, x16, x3
 7977	umulh	x4, x10, x8
 7978	adcs	x17, x17, x4
 7979	adcs	x19, x19, xzr
 7980	adcs	x20, x20, xzr
 7981	adc	x21, x21, xzr
 7982	# A[1] * B[1]
 7983	mul	x3, x11, x7
 7984	adds	x16, x16, x3
 7985	umulh	x4, x11, x7
 7986	adcs	x17, x17, x4
 7987	# A[3] * B[1]
 7988	mul	x3, x13, x7
 7989	adcs	x19, x19, x3
 7990	umulh	x4, x13, x7
 7991	adcs	x20, x20, x4
 7992	adc	x21, x21, xzr
 7993	# A[2] * B[2]
 7994	mul	x3, x12, x8
 7995	adds	x19, x19, x3
 7996	umulh	x4, x12, x8
 7997	adcs	x20, x20, x4
 7998	# A[3] * B[3]
 7999	mul	x3, x13, x9
 8000	adcs	x21, x21, x3
 8001	umulh	x22, x13, x9
 8002	adc	x22, x22, xzr
 8003	# A[0] * B[3]
 8004	mul	x3, x10, x9
 8005	adds	x17, x17, x3
 8006	umulh	x4, x10, x9
 8007	adcs	x19, x19, x4
 8008	# A[2] * B[3]
 8009	mul	x3, x12, x9
 8010	adcs	x20, x20, x3
 8011	umulh	x4, x12, x9
 8012	adcs	x21, x21, x4
 8013	adc	x22, x22, xzr
 8014	# A[3] * B[0]
 8015	mul	x3, x13, x6
 8016	adds	x17, x17, x3
 8017	umulh	x4, x13, x6
 8018	adcs	x19, x19, x4
 8019	# A[3] * B[2]
 8020	mul	x3, x13, x8
 8021	adcs	x20, x20, x3
 8022	umulh	x4, x13, x8
 8023	adcs	x21, x21, x4
 8024	adc	x22, x22, xzr
 8025	# Reduce
 8026	mov	x3, #38
 8027	mul	x4, x3, x22
 8028	adds	x17, x17, x4
 8029	umulh	x5, x3, x22
 8030	adc	x5, x5, xzr
 8031	mov	x3, #19
 8032	extr	x5, x5, x17, #63
 8033	mul	x5, x5, x3
 8034	and	x17, x17, #0x7fffffffffffffff
 8035	mov	x3, #38
 8036	mul	x4, x3, x19
 8037	adds	x14, x14, x4
 8038	umulh	x19, x3, x19
 8039	mul	x4, x3, x20
 8040	adcs	x15, x15, x4
 8041	umulh	x20, x3, x20
 8042	mul	x4, x3, x21
 8043	adcs	x16, x16, x4
 8044	umulh	x21, x3, x21
 8045	adc	x17, x17, xzr
 8046	#  Add high product results in
 8047	adds	x14, x14, x5
 8048	adcs	x15, x15, x19
 8049	adcs	x16, x16, x20
 8050	adc	x17, x17, x21
 8051	# Store
 8052	stp	x14, x15, [x0]
 8053	stp	x16, x17, [x0, #16]
 8054	sub	x2, x1, #32
 8055	add	x0, x0, #0x40
 8056	# Multiply
 8057	ldp	x6, x7, [x2]
 8058	ldp	x8, x9, [x2, #16]
 8059	# A[0] * B[0]
 8060	umulh	x15, x10, x6
 8061	mul	x14, x10, x6
 8062	# A[2] * B[0]
 8063	umulh	x17, x12, x6
 8064	mul	x16, x12, x6
 8065	# A[1] * B[0]
 8066	mul	x3, x11, x6
 8067	adds	x15, x15, x3
 8068	umulh	x4, x11, x6
 8069	adcs	x16, x16, x4
 8070	# A[1] * B[3]
 8071	umulh	x20, x11, x9
 8072	adc	x17, x17, xzr
 8073	mul	x19, x11, x9
 8074	# A[0] * B[1]
 8075	mul	x3, x10, x7
 8076	adds	x15, x15, x3
 8077	umulh	x4, x10, x7
 8078	adcs	x16, x16, x4
 8079	# A[2] * B[1]
 8080	mul	x3, x12, x7
 8081	adcs	x17, x17, x3
 8082	umulh	x4, x12, x7
 8083	adcs	x19, x19, x4
 8084	adc	x20, x20, xzr
 8085	# A[1] * B[2]
 8086	mul	x3, x11, x8
 8087	adds	x17, x17, x3
 8088	umulh	x4, x11, x8
 8089	adcs	x19, x19, x4
 8090	adcs	x20, x20, xzr
 8091	adc	x21, xzr, xzr
 8092	# A[0] * B[2]
 8093	mul	x3, x10, x8
 8094	adds	x16, x16, x3
 8095	umulh	x4, x10, x8
 8096	adcs	x17, x17, x4
 8097	adcs	x19, x19, xzr
 8098	adcs	x20, x20, xzr
 8099	adc	x21, x21, xzr
 8100	# A[1] * B[1]
 8101	mul	x3, x11, x7
 8102	adds	x16, x16, x3
 8103	umulh	x4, x11, x7
 8104	adcs	x17, x17, x4
 8105	# A[3] * B[1]
 8106	mul	x3, x13, x7
 8107	adcs	x19, x19, x3
 8108	umulh	x4, x13, x7
 8109	adcs	x20, x20, x4
 8110	adc	x21, x21, xzr
 8111	# A[2] * B[2]
 8112	mul	x3, x12, x8
 8113	adds	x19, x19, x3
 8114	umulh	x4, x12, x8
 8115	adcs	x20, x20, x4
 8116	# A[3] * B[3]
 8117	mul	x3, x13, x9
 8118	adcs	x21, x21, x3
 8119	umulh	x22, x13, x9
 8120	adc	x22, x22, xzr
 8121	# A[0] * B[3]
 8122	mul	x3, x10, x9
 8123	adds	x17, x17, x3
 8124	umulh	x4, x10, x9
 8125	adcs	x19, x19, x4
 8126	# A[2] * B[3]
 8127	mul	x3, x12, x9
 8128	adcs	x20, x20, x3
 8129	umulh	x4, x12, x9
 8130	adcs	x21, x21, x4
 8131	adc	x22, x22, xzr
 8132	# A[3] * B[0]
 8133	mul	x3, x13, x6
 8134	adds	x17, x17, x3
 8135	umulh	x4, x13, x6
 8136	adcs	x19, x19, x4
 8137	# A[3] * B[2]
 8138	mul	x3, x13, x8
 8139	adcs	x20, x20, x3
 8140	umulh	x4, x13, x8
 8141	adcs	x21, x21, x4
 8142	adc	x22, x22, xzr
 8143	# Reduce
 8144	mov	x3, #38
 8145	mul	x4, x3, x22
 8146	adds	x17, x17, x4
 8147	umulh	x5, x3, x22
 8148	adc	x5, x5, xzr
 8149	mov	x3, #19
 8150	extr	x5, x5, x17, #63
 8151	mul	x5, x5, x3
 8152	and	x17, x17, #0x7fffffffffffffff
 8153	mov	x3, #38
 8154	mul	x4, x3, x19
 8155	adds	x14, x14, x4
 8156	umulh	x19, x3, x19
 8157	mul	x4, x3, x20
 8158	adcs	x15, x15, x4
 8159	umulh	x20, x3, x20
 8160	mul	x4, x3, x21
 8161	adcs	x16, x16, x4
 8162	umulh	x21, x3, x21
 8163	adc	x17, x17, xzr
 8164	#  Add high product results in
 8165	adds	x14, x14, x5
 8166	adcs	x15, x15, x19
 8167	adcs	x16, x16, x20
 8168	adc	x17, x17, x21
 8169	# Store
 8170	stp	x14, x15, [x0]
 8171	stp	x16, x17, [x0, #16]
 8172	sub	x1, x1, #0x40
 8173	sub	x0, x0, #32
 8174	# Multiply
 8175	ldp	x10, x11, [x1]
 8176	ldp	x12, x13, [x1, #16]
 8177	# A[0] * B[0]
 8178	umulh	x15, x10, x6
 8179	mul	x14, x10, x6
 8180	# A[2] * B[0]
 8181	umulh	x17, x12, x6
 8182	mul	x16, x12, x6
 8183	# A[1] * B[0]
 8184	mul	x3, x11, x6
 8185	adds	x15, x15, x3
 8186	umulh	x4, x11, x6
 8187	adcs	x16, x16, x4
 8188	# A[1] * B[3]
 8189	umulh	x20, x11, x9
 8190	adc	x17, x17, xzr
 8191	mul	x19, x11, x9
 8192	# A[0] * B[1]
 8193	mul	x3, x10, x7
 8194	adds	x15, x15, x3
 8195	umulh	x4, x10, x7
 8196	adcs	x16, x16, x4
 8197	# A[2] * B[1]
 8198	mul	x3, x12, x7
 8199	adcs	x17, x17, x3
 8200	umulh	x4, x12, x7
 8201	adcs	x19, x19, x4
 8202	adc	x20, x20, xzr
 8203	# A[1] * B[2]
 8204	mul	x3, x11, x8
 8205	adds	x17, x17, x3
 8206	umulh	x4, x11, x8
 8207	adcs	x19, x19, x4
 8208	adcs	x20, x20, xzr
 8209	adc	x21, xzr, xzr
 8210	# A[0] * B[2]
 8211	mul	x3, x10, x8
 8212	adds	x16, x16, x3
 8213	umulh	x4, x10, x8
 8214	adcs	x17, x17, x4
 8215	adcs	x19, x19, xzr
 8216	adcs	x20, x20, xzr
 8217	adc	x21, x21, xzr
 8218	# A[1] * B[1]
 8219	mul	x3, x11, x7
 8220	adds	x16, x16, x3
 8221	umulh	x4, x11, x7
 8222	adcs	x17, x17, x4
 8223	# A[3] * B[1]
 8224	mul	x3, x13, x7
 8225	adcs	x19, x19, x3
 8226	umulh	x4, x13, x7
 8227	adcs	x20, x20, x4
 8228	adc	x21, x21, xzr
 8229	# A[2] * B[2]
 8230	mul	x3, x12, x8
 8231	adds	x19, x19, x3
 8232	umulh	x4, x12, x8
 8233	adcs	x20, x20, x4
 8234	# A[3] * B[3]
 8235	mul	x3, x13, x9
 8236	adcs	x21, x21, x3
 8237	umulh	x22, x13, x9
 8238	adc	x22, x22, xzr
 8239	# A[0] * B[3]
 8240	mul	x3, x10, x9
 8241	adds	x17, x17, x3
 8242	umulh	x4, x10, x9
 8243	adcs	x19, x19, x4
 8244	# A[2] * B[3]
 8245	mul	x3, x12, x9
 8246	adcs	x20, x20, x3
 8247	umulh	x4, x12, x9
 8248	adcs	x21, x21, x4
 8249	adc	x22, x22, xzr
 8250	# A[3] * B[0]
 8251	mul	x3, x13, x6
 8252	adds	x17, x17, x3
 8253	umulh	x4, x13, x6
 8254	adcs	x19, x19, x4
 8255	# A[3] * B[2]
 8256	mul	x3, x13, x8
 8257	adcs	x20, x20, x3
 8258	umulh	x4, x13, x8
 8259	adcs	x21, x21, x4
 8260	adc	x22, x22, xzr
 8261	# Reduce
 8262	mov	x3, #38
 8263	mul	x4, x3, x22
 8264	adds	x17, x17, x4
 8265	umulh	x5, x3, x22
 8266	adc	x5, x5, xzr
 8267	mov	x3, #19
 8268	extr	x5, x5, x17, #63
 8269	mul	x5, x5, x3
 8270	and	x17, x17, #0x7fffffffffffffff
 8271	mov	x3, #38
 8272	mul	x4, x3, x19
 8273	adds	x14, x14, x4
 8274	umulh	x19, x3, x19
 8275	mul	x4, x3, x20
 8276	adcs	x15, x15, x4
 8277	umulh	x20, x3, x20
 8278	mul	x4, x3, x21
 8279	adcs	x16, x16, x4
 8280	umulh	x21, x3, x21
 8281	adc	x17, x17, xzr
 8282	#  Add high product results in
 8283	adds	x14, x14, x5
 8284	adcs	x15, x15, x19
 8285	adcs	x16, x16, x20
 8286	adc	x17, x17, x21
 8287	# Store
 8288	stp	x14, x15, [x0]
 8289	stp	x16, x17, [x0, #16]
 8290	ldp	x17, x19, [x29, #40]
 8291	ldp	x20, x21, [x29, #56]
 8292	ldr	x22, [x29, #72]
 8293	ldp	x29, x30, [sp], #0x50
 8294	ret
 8295#ifndef __APPLE__
 8296	.size	ge_p1p1_to_p2,.-ge_p1p1_to_p2
 8297#endif /* __APPLE__ */
 8298#ifndef __APPLE__
 8299.text
 8300.globl	ge_p1p1_to_p3
 8301.type	ge_p1p1_to_p3,@function
 8302.align	2
 8303ge_p1p1_to_p3:
 8304#else
 8305.section	__TEXT,__text
 8306.globl	_ge_p1p1_to_p3
 8307.p2align	2
 8308_ge_p1p1_to_p3:
 8309#endif /* __APPLE__ */
 8310	stp	x29, x30, [sp, #-112]!
 8311	add	x29, sp, #0
 8312	stp	x17, x19, [x29, #40]
 8313	stp	x20, x21, [x29, #56]
 8314	stp	x22, x23, [x29, #72]
 8315	stp	x24, x25, [x29, #88]
 8316	str	x26, [x29, #104]
 8317	str	x0, [x29, #16]
 8318	str	x1, [x29, #24]
 8319	mov	x2, x1
 8320	add	x1, x1, #0x60
 8321	# Multiply
 8322	ldp	x10, x11, [x1]
 8323	ldp	x12, x13, [x1, #16]
 8324	ldp	x6, x7, [x2]
 8325	ldp	x8, x9, [x2, #16]
 8326	# A[0] * B[0]
 8327	umulh	x15, x10, x6
 8328	mul	x14, x10, x6
 8329	# A[2] * B[0]
 8330	umulh	x17, x12, x6
 8331	mul	x16, x12, x6
 8332	# A[1] * B[0]
 8333	mul	x3, x11, x6
 8334	adds	x15, x15, x3
 8335	umulh	x4, x11, x6
 8336	adcs	x16, x16, x4
 8337	# A[1] * B[3]
 8338	umulh	x20, x11, x9
 8339	adc	x17, x17, xzr
 8340	mul	x19, x11, x9
 8341	# A[0] * B[1]
 8342	mul	x3, x10, x7
 8343	adds	x15, x15, x3
 8344	umulh	x4, x10, x7
 8345	adcs	x16, x16, x4
 8346	# A[2] * B[1]
 8347	mul	x3, x12, x7
 8348	adcs	x17, x17, x3
 8349	umulh	x4, x12, x7
 8350	adcs	x19, x19, x4
 8351	adc	x20, x20, xzr
 8352	# A[1] * B[2]
 8353	mul	x3, x11, x8
 8354	adds	x17, x17, x3
 8355	umulh	x4, x11, x8
 8356	adcs	x19, x19, x4
 8357	adcs	x20, x20, xzr
 8358	adc	x21, xzr, xzr
 8359	# A[0] * B[2]
 8360	mul	x3, x10, x8
 8361	adds	x16, x16, x3
 8362	umulh	x4, x10, x8
 8363	adcs	x17, x17, x4
 8364	adcs	x19, x19, xzr
 8365	adcs	x20, x20, xzr
 8366	adc	x21, x21, xzr
 8367	# A[1] * B[1]
 8368	mul	x3, x11, x7
 8369	adds	x16, x16, x3
 8370	umulh	x4, x11, x7
 8371	adcs	x17, x17, x4
 8372	# A[3] * B[1]
 8373	mul	x3, x13, x7
 8374	adcs	x19, x19, x3
 8375	umulh	x4, x13, x7
 8376	adcs	x20, x20, x4
 8377	adc	x21, x21, xzr
 8378	# A[2] * B[2]
 8379	mul	x3, x12, x8
 8380	adds	x19, x19, x3
 8381	umulh	x4, x12, x8
 8382	adcs	x20, x20, x4
 8383	# A[3] * B[3]
 8384	mul	x3, x13, x9
 8385	adcs	x21, x21, x3
 8386	umulh	x22, x13, x9
 8387	adc	x22, x22, xzr
 8388	# A[0] * B[3]
 8389	mul	x3, x10, x9
 8390	adds	x17, x17, x3
 8391	umulh	x4, x10, x9
 8392	adcs	x19, x19, x4
 8393	# A[2] * B[3]
 8394	mul	x3, x12, x9
 8395	adcs	x20, x20, x3
 8396	umulh	x4, x12, x9
 8397	adcs	x21, x21, x4
 8398	adc	x22, x22, xzr
 8399	# A[3] * B[0]
 8400	mul	x3, x13, x6
 8401	adds	x17, x17, x3
 8402	umulh	x4, x13, x6
 8403	adcs	x19, x19, x4
 8404	# A[3] * B[2]
 8405	mul	x3, x13, x8
 8406	adcs	x20, x20, x3
 8407	umulh	x4, x13, x8
 8408	adcs	x21, x21, x4
 8409	adc	x22, x22, xzr
 8410	# Reduce
 8411	mov	x3, #38
 8412	mul	x4, x3, x22
 8413	adds	x17, x17, x4
 8414	umulh	x5, x3, x22
 8415	adc	x5, x5, xzr
 8416	mov	x3, #19
 8417	extr	x5, x5, x17, #63
 8418	mul	x5, x5, x3
 8419	and	x17, x17, #0x7fffffffffffffff
 8420	mov	x3, #38
 8421	mul	x4, x3, x19
 8422	adds	x14, x14, x4
 8423	umulh	x19, x3, x19
 8424	mul	x4, x3, x20
 8425	adcs	x15, x15, x4
 8426	umulh	x20, x3, x20
 8427	mul	x4, x3, x21
 8428	adcs	x16, x16, x4
 8429	umulh	x21, x3, x21
 8430	adc	x17, x17, xzr
 8431	#  Add high product results in
 8432	adds	x14, x14, x5
 8433	adcs	x15, x15, x19
 8434	adcs	x16, x16, x20
 8435	adc	x17, x17, x21
 8436	# Store
 8437	stp	x14, x15, [x0]
 8438	stp	x16, x17, [x0, #16]
 8439	sub	x1, x1, #0x40
 8440	add	x0, x0, #0x60
 8441	# Multiply
 8442	ldp	x23, x24, [x1]
 8443	ldp	x25, x26, [x1, #16]
 8444	# A[0] * B[0]
 8445	umulh	x15, x23, x6
 8446	mul	x14, x23, x6
 8447	# A[2] * B[0]
 8448	umulh	x17, x25, x6
 8449	mul	x16, x25, x6
 8450	# A[1] * B[0]
 8451	mul	x3, x24, x6
 8452	adds	x15, x15, x3
 8453	umulh	x4, x24, x6
 8454	adcs	x16, x16, x4
 8455	# A[1] * B[3]
 8456	umulh	x20, x24, x9
 8457	adc	x17, x17, xzr
 8458	mul	x19, x24, x9
 8459	# A[0] * B[1]
 8460	mul	x3, x23, x7
 8461	adds	x15, x15, x3
 8462	umulh	x4, x23, x7
 8463	adcs	x16, x16, x4
 8464	# A[2] * B[1]
 8465	mul	x3, x25, x7
 8466	adcs	x17, x17, x3
 8467	umulh	x4, x25, x7
 8468	adcs	x19, x19, x4
 8469	adc	x20, x20, xzr
 8470	# A[1] * B[2]
 8471	mul	x3, x24, x8
 8472	adds	x17, x17, x3
 8473	umulh	x4, x24, x8
 8474	adcs	x19, x19, x4
 8475	adcs	x20, x20, xzr
 8476	adc	x21, xzr, xzr
 8477	# A[0] * B[2]
 8478	mul	x3, x23, x8
 8479	adds	x16, x16, x3
 8480	umulh	x4, x23, x8
 8481	adcs	x17, x17, x4
 8482	adcs	x19, x19, xzr
 8483	adcs	x20, x20, xzr
 8484	adc	x21, x21, xzr
 8485	# A[1] * B[1]
 8486	mul	x3, x24, x7
 8487	adds	x16, x16, x3
 8488	umulh	x4, x24, x7
 8489	adcs	x17, x17, x4
 8490	# A[3] * B[1]
 8491	mul	x3, x26, x7
 8492	adcs	x19, x19, x3
 8493	umulh	x4, x26, x7
 8494	adcs	x20, x20, x4
 8495	adc	x21, x21, xzr
 8496	# A[2] * B[2]
 8497	mul	x3, x25, x8
 8498	adds	x19, x19, x3
 8499	umulh	x4, x25, x8
 8500	adcs	x20, x20, x4
 8501	# A[3] * B[3]
 8502	mul	x3, x26, x9
 8503	adcs	x21, x21, x3
 8504	umulh	x22, x26, x9
 8505	adc	x22, x22, xzr
 8506	# A[0] * B[3]
 8507	mul	x3, x23, x9
 8508	adds	x17, x17, x3
 8509	umulh	x4, x23, x9
 8510	adcs	x19, x19, x4
 8511	# A[2] * B[3]
 8512	mul	x3, x25, x9
 8513	adcs	x20, x20, x3
 8514	umulh	x4, x25, x9
 8515	adcs	x21, x21, x4
 8516	adc	x22, x22, xzr
 8517	# A[3] * B[0]
 8518	mul	x3, x26, x6
 8519	adds	x17, x17, x3
 8520	umulh	x4, x26, x6
 8521	adcs	x19, x19, x4
 8522	# A[3] * B[2]
 8523	mul	x3, x26, x8
 8524	adcs	x20, x20, x3
 8525	umulh	x4, x26, x8
 8526	adcs	x21, x21, x4
 8527	adc	x22, x22, xzr
 8528	# Reduce
 8529	mov	x3, #38
 8530	mul	x4, x3, x22
 8531	adds	x17, x17, x4
 8532	umulh	x5, x3, x22
 8533	adc	x5, x5, xzr
 8534	mov	x3, #19
 8535	extr	x5, x5, x17, #63
 8536	mul	x5, x5, x3
 8537	and	x17, x17, #0x7fffffffffffffff
 8538	mov	x3, #38
 8539	mul	x4, x3, x19
 8540	adds	x14, x14, x4
 8541	umulh	x19, x3, x19
 8542	mul	x4, x3, x20
 8543	adcs	x15, x15, x4
 8544	umulh	x20, x3, x20
 8545	mul	x4, x3, x21
 8546	adcs	x16, x16, x4
 8547	umulh	x21, x3, x21
 8548	adc	x17, x17, xzr
 8549	#  Add high product results in
 8550	adds	x14, x14, x5
 8551	adcs	x15, x15, x19
 8552	adcs	x16, x16, x20
 8553	adc	x17, x17, x21
 8554	# Store
 8555	stp	x14, x15, [x0]
 8556	stp	x16, x17, [x0, #16]
 8557	add	x2, x1, #32
 8558	sub	x0, x0, #0x40
 8559	# Multiply
 8560	ldp	x6, x7, [x2]
 8561	ldp	x8, x9, [x2, #16]
 8562	# A[0] * B[0]
 8563	umulh	x15, x23, x6
 8564	mul	x14, x23, x6
 8565	# A[2] * B[0]
 8566	umulh	x17, x25, x6
 8567	mul	x16, x25, x6
 8568	# A[1] * B[0]
 8569	mul	x3, x24, x6
 8570	adds	x15, x15, x3
 8571	umulh	x4, x24, x6
 8572	adcs	x16, x16, x4
 8573	# A[1] * B[3]
 8574	umulh	x20, x24, x9
 8575	adc	x17, x17, xzr
 8576	mul	x19, x24, x9
 8577	# A[0] * B[1]
 8578	mul	x3, x23, x7
 8579	adds	x15, x15, x3
 8580	umulh	x4, x23, x7
 8581	adcs	x16, x16, x4
 8582	# A[2] * B[1]
 8583	mul	x3, x25, x7
 8584	adcs	x17, x17, x3
 8585	umulh	x4, x25, x7
 8586	adcs	x19, x19, x4
 8587	adc	x20, x20, xzr
 8588	# A[1] * B[2]
 8589	mul	x3, x24, x8
 8590	adds	x17, x17, x3
 8591	umulh	x4, x24, x8
 8592	adcs	x19, x19, x4
 8593	adcs	x20, x20, xzr
 8594	adc	x21, xzr, xzr
 8595	# A[0] * B[2]
 8596	mul	x3, x23, x8
 8597	adds	x16, x16, x3
 8598	umulh	x4, x23, x8
 8599	adcs	x17, x17, x4
 8600	adcs	x19, x19, xzr
 8601	adcs	x20, x20, xzr
 8602	adc	x21, x21, xzr
 8603	# A[1] * B[1]
 8604	mul	x3, x24, x7
 8605	adds	x16, x16, x3
 8606	umulh	x4, x24, x7
 8607	adcs	x17, x17, x4
 8608	# A[3] * B[1]
 8609	mul	x3, x26, x7
 8610	adcs	x19, x19, x3
 8611	umulh	x4, x26, x7
 8612	adcs	x20, x20, x4
 8613	adc	x21, x21, xzr
 8614	# A[2] * B[2]
 8615	mul	x3, x25, x8
 8616	adds	x19, x19, x3
 8617	umulh	x4, x25, x8
 8618	adcs	x20, x20, x4
 8619	# A[3] * B[3]
 8620	mul	x3, x26, x9
 8621	adcs	x21, x21, x3
 8622	umulh	x22, x26, x9
 8623	adc	x22, x22, xzr
 8624	# A[0] * B[3]
 8625	mul	x3, x23, x9
 8626	adds	x17, x17, x3
 8627	umulh	x4, x23, x9
 8628	adcs	x19, x19, x4
 8629	# A[2] * B[3]
 8630	mul	x3, x25, x9
 8631	adcs	x20, x20, x3
 8632	umulh	x4, x25, x9
 8633	adcs	x21, x21, x4
 8634	adc	x22, x22, xzr
 8635	# A[3] * B[0]
 8636	mul	x3, x26, x6
 8637	adds	x17, x17, x3
 8638	umulh	x4, x26, x6
 8639	adcs	x19, x19, x4
 8640	# A[3] * B[2]
 8641	mul	x3, x26, x8
 8642	adcs	x20, x20, x3
 8643	umulh	x4, x26, x8
 8644	adcs	x21, x21, x4
 8645	adc	x22, x22, xzr
 8646	# Reduce
 8647	mov	x3, #38
 8648	mul	x4, x3, x22
 8649	adds	x17, x17, x4
 8650	umulh	x5, x3, x22
 8651	adc	x5, x5, xzr
 8652	mov	x3, #19
 8653	extr	x5, x5, x17, #63
 8654	mul	x5, x5, x3
 8655	and	x17, x17, #0x7fffffffffffffff
 8656	mov	x3, #38
 8657	mul	x4, x3, x19
 8658	adds	x14, x14, x4
 8659	umulh	x19, x3, x19
 8660	mul	x4, x3, x20
 8661	adcs	x15, x15, x4
 8662	umulh	x20, x3, x20
 8663	mul	x4, x3, x21
 8664	adcs	x16, x16, x4
 8665	umulh	x21, x3, x21
 8666	adc	x17, x17, xzr
 8667	#  Add high product results in
 8668	adds	x14, x14, x5
 8669	adcs	x15, x15, x19
 8670	adcs	x16, x16, x20
 8671	adc	x17, x17, x21
 8672	# Store
 8673	stp	x14, x15, [x0]
 8674	stp	x16, x17, [x0, #16]
 8675	add	x1, x1, #0x40
 8676	add	x0, x0, #32
 8677	# Multiply
 8678	# A[0] * B[0]
 8679	umulh	x15, x10, x6
 8680	mul	x14, x10, x6
 8681	# A[2] * B[0]
 8682	umulh	x17, x12, x6
 8683	mul	x16, x12, x6
 8684	# A[1] * B[0]
 8685	mul	x3, x11, x6
 8686	adds	x15, x15, x3
 8687	umulh	x4, x11, x6
 8688	adcs	x16, x16, x4
 8689	# A[1] * B[3]
 8690	umulh	x20, x11, x9
 8691	adc	x17, x17, xzr
 8692	mul	x19, x11, x9
 8693	# A[0] * B[1]
 8694	mul	x3, x10, x7
 8695	adds	x15, x15, x3
 8696	umulh	x4, x10, x7
 8697	adcs	x16, x16, x4
 8698	# A[2] * B[1]
 8699	mul	x3, x12, x7
 8700	adcs	x17, x17, x3
 8701	umulh	x4, x12, x7
 8702	adcs	x19, x19, x4
 8703	adc	x20, x20, xzr
 8704	# A[1] * B[2]
 8705	mul	x3, x11, x8
 8706	adds	x17, x17, x3
 8707	umulh	x4, x11, x8
 8708	adcs	x19, x19, x4
 8709	adcs	x20, x20, xzr
 8710	adc	x21, xzr, xzr
 8711	# A[0] * B[2]
 8712	mul	x3, x10, x8
 8713	adds	x16, x16, x3
 8714	umulh	x4, x10, x8
 8715	adcs	x17, x17, x4
 8716	adcs	x19, x19, xzr
 8717	adcs	x20, x20, xzr
 8718	adc	x21, x21, xzr
 8719	# A[1] * B[1]
 8720	mul	x3, x11, x7
 8721	adds	x16, x16, x3
 8722	umulh	x4, x11, x7
 8723	adcs	x17, x17, x4
 8724	# A[3] * B[1]
 8725	mul	x3, x13, x7
 8726	adcs	x19, x19, x3
 8727	umulh	x4, x13, x7
 8728	adcs	x20, x20, x4
 8729	adc	x21, x21, xzr
 8730	# A[2] * B[2]
 8731	mul	x3, x12, x8
 8732	adds	x19, x19, x3
 8733	umulh	x4, x12, x8
 8734	adcs	x20, x20, x4
 8735	# A[3] * B[3]
 8736	mul	x3, x13, x9
 8737	adcs	x21, x21, x3
 8738	umulh	x22, x13, x9
 8739	adc	x22, x22, xzr
 8740	# A[0] * B[3]
 8741	mul	x3, x10, x9
 8742	adds	x17, x17, x3
 8743	umulh	x4, x10, x9
 8744	adcs	x19, x19, x4
 8745	# A[2] * B[3]
 8746	mul	x3, x12, x9
 8747	adcs	x20, x20, x3
 8748	umulh	x4, x12, x9
 8749	adcs	x21, x21, x4
 8750	adc	x22, x22, xzr
 8751	# A[3] * B[0]
 8752	mul	x3, x13, x6
 8753	adds	x17, x17, x3
 8754	umulh	x4, x13, x6
 8755	adcs	x19, x19, x4
 8756	# A[3] * B[2]
 8757	mul	x3, x13, x8
 8758	adcs	x20, x20, x3
 8759	umulh	x4, x13, x8
 8760	adcs	x21, x21, x4
 8761	adc	x22, x22, xzr
 8762	# Reduce
 8763	mov	x3, #38
 8764	mul	x4, x3, x22
 8765	adds	x17, x17, x4
 8766	umulh	x5, x3, x22
 8767	adc	x5, x5, xzr
 8768	mov	x3, #19
 8769	extr	x5, x5, x17, #63
 8770	mul	x5, x5, x3
 8771	and	x17, x17, #0x7fffffffffffffff
 8772	mov	x3, #38
 8773	mul	x4, x3, x19
 8774	adds	x14, x14, x4
 8775	umulh	x19, x3, x19
 8776	mul	x4, x3, x20
 8777	adcs	x15, x15, x4
 8778	umulh	x20, x3, x20
 8779	mul	x4, x3, x21
 8780	adcs	x16, x16, x4
 8781	umulh	x21, x3, x21
 8782	adc	x17, x17, xzr
 8783	#  Add high product results in
 8784	adds	x14, x14, x5
 8785	adcs	x15, x15, x19
 8786	adcs	x16, x16, x20
 8787	adc	x17, x17, x21
 8788	# Store
 8789	stp	x14, x15, [x0]
 8790	stp	x16, x17, [x0, #16]
 8791	ldp	x17, x19, [x29, #40]
 8792	ldp	x20, x21, [x29, #56]
 8793	ldp	x22, x23, [x29, #72]
 8794	ldp	x24, x25, [x29, #88]
 8795	ldr	x26, [x29, #104]
 8796	ldp	x29, x30, [sp], #0x70
 8797	ret
 8798#ifndef __APPLE__
 8799	.size	ge_p1p1_to_p3,.-ge_p1p1_to_p3
 8800#endif /* __APPLE__ */
 8801#ifndef __APPLE__
 8802.text
 8803.globl	ge_p2_dbl
 8804.type	ge_p2_dbl,@function
 8805.align	2
 8806ge_p2_dbl:
 8807#else
 8808.section	__TEXT,__text
 8809.globl	_ge_p2_dbl
 8810.p2align	2
 8811_ge_p2_dbl:
 8812#endif /* __APPLE__ */
 8813	stp	x29, x30, [sp, #-128]!
 8814	add	x29, sp, #0
 8815	stp	x17, x19, [x29, #40]
 8816	stp	x20, x21, [x29, #56]
 8817	stp	x22, x23, [x29, #72]
 8818	stp	x24, x25, [x29, #88]
 8819	stp	x26, x27, [x29, #104]
 8820	str	x28, [x29, #120]
 8821	str	x0, [x29, #16]
 8822	str	x1, [x29, #24]
 8823	add	x0, x0, #0x40
 8824	# Square
 8825	ldp	x4, x5, [x1]
 8826	ldp	x6, x7, [x1, #16]
 8827	#  A[0] * A[1]
 8828	umulh	x10, x4, x5
 8829	mul	x9, x4, x5
 8830	#  A[0] * A[3]
 8831	umulh	x12, x4, x7
 8832	mul	x11, x4, x7
 8833	#  A[0] * A[2]
 8834	mul	x25, x4, x6
 8835	adds	x10, x10, x25
 8836	umulh	x26, x4, x6
 8837	adcs	x11, x11, x26
 8838	#  A[1] * A[3]
 8839	mul	x25, x5, x7
 8840	adcs	x12, x12, x25
 8841	umulh	x13, x5, x7
 8842	adc	x13, x13, xzr
 8843	#  A[1] * A[2]
 8844	mul	x25, x5, x6
 8845	adds	x11, x11, x25
 8846	umulh	x26, x5, x6
 8847	adcs	x12, x12, x26
 8848	#  A[2] * A[3]
 8849	mul	x25, x6, x7
 8850	adcs	x13, x13, x25
 8851	umulh	x14, x6, x7
 8852	adc	x14, x14, xzr
 8853	# Double
 8854	adds	x9, x9, x9
 8855	adcs	x10, x10, x10
 8856	adcs	x11, x11, x11
 8857	adcs	x12, x12, x12
 8858	adcs	x13, x13, x13
 8859	adcs	x14, x14, x14
 8860	adc	x15, xzr, xzr
 8861	#  A[0] * A[0]
 8862	umulh	x26, x4, x4
 8863	mul	x8, x4, x4
 8864	#  A[1] * A[1]
 8865	mul	x25, x5, x5
 8866	adds	x9, x9, x26
 8867	umulh	x26, x5, x5
 8868	adcs	x10, x10, x25
 8869	#  A[2] * A[2]
 8870	mul	x25, x6, x6
 8871	adcs	x11, x11, x26
 8872	umulh	x26, x6, x6
 8873	adcs	x12, x12, x25
 8874	#  A[3] * A[3]
 8875	mul	x25, x7, x7
 8876	adcs	x13, x13, x26
 8877	umulh	x26, x7, x7
 8878	adcs	x14, x14, x25
 8879	adc	x15, x15, x26
 8880	# Reduce
 8881	mov	x25, #38
 8882	mul	x26, x25, x15
 8883	adds	x11, x11, x26
 8884	umulh	x27, x25, x15
 8885	adc	x27, x27, xzr
 8886	mov	x25, #19
 8887	extr	x27, x27, x11, #63
 8888	mul	x27, x27, x25
 8889	and	x11, x11, #0x7fffffffffffffff
 8890	mov	x25, #38
 8891	mul	x26, x25, x12
 8892	adds	x8, x8, x26
 8893	umulh	x12, x25, x12
 8894	mul	x26, x25, x13
 8895	adcs	x9, x9, x26
 8896	umulh	x13, x25, x13
 8897	mul	x26, x25, x14
 8898	adcs	x10, x10, x26
 8899	umulh	x14, x25, x14
 8900	adc	x11, x11, xzr
 8901	#  Add high product results in
 8902	adds	x8, x8, x27
 8903	adcs	x9, x9, x12
 8904	adcs	x10, x10, x13
 8905	adc	x11, x11, x14
 8906	# Store
 8907	stp	x8, x9, [x0]
 8908	stp	x10, x11, [x0, #16]
 8909	add	x2, x1, #32
 8910	sub	x0, x0, #32
 8911	# Square
 8912	ldp	x16, x17, [x2]
 8913	ldp	x19, x20, [x2, #16]
 8914	#  A[0] * A[1]
 8915	umulh	x23, x16, x17
 8916	mul	x22, x16, x17
 8917	#  A[0] * A[3]
 8918	umulh	x4, x16, x20
 8919	mul	x24, x16, x20
 8920	#  A[0] * A[2]
 8921	mul	x25, x16, x19
 8922	adds	x23, x23, x25
 8923	umulh	x26, x16, x19
 8924	adcs	x24, x24, x26
 8925	#  A[1] * A[3]
 8926	mul	x25, x17, x20
 8927	adcs	x4, x4, x25
 8928	umulh	x5, x17, x20
 8929	adc	x5, x5, xzr
 8930	#  A[1] * A[2]
 8931	mul	x25, x17, x19
 8932	adds	x24, x24, x25
 8933	umulh	x26, x17, x19
 8934	adcs	x4, x4, x26
 8935	#  A[2] * A[3]
 8936	mul	x25, x19, x20
 8937	adcs	x5, x5, x25
 8938	umulh	x6, x19, x20
 8939	adc	x6, x6, xzr
 8940	# Double
 8941	adds	x22, x22, x22
 8942	adcs	x23, x23, x23
 8943	adcs	x24, x24, x24
 8944	adcs	x4, x4, x4
 8945	adcs	x5, x5, x5
 8946	adcs	x6, x6, x6
 8947	adc	x7, xzr, xzr
 8948	#  A[0] * A[0]
 8949	umulh	x26, x16, x16
 8950	mul	x21, x16, x16
 8951	#  A[1] * A[1]
 8952	mul	x25, x17, x17
 8953	adds	x22, x22, x26
 8954	umulh	x26, x17, x17
 8955	adcs	x23, x23, x25
 8956	#  A[2] * A[2]
 8957	mul	x25, x19, x19
 8958	adcs	x24, x24, x26
 8959	umulh	x26, x19, x19
 8960	adcs	x4, x4, x25
 8961	#  A[3] * A[3]
 8962	mul	x25, x20, x20
 8963	adcs	x5, x5, x26
 8964	umulh	x26, x20, x20
 8965	adcs	x6, x6, x25
 8966	adc	x7, x7, x26
 8967	# Reduce
 8968	mov	x25, #38
 8969	mul	x26, x25, x7
 8970	adds	x24, x24, x26
 8971	umulh	x27, x25, x7
 8972	adc	x27, x27, xzr
 8973	mov	x25, #19
 8974	extr	x27, x27, x24, #63
 8975	mul	x27, x27, x25
 8976	and	x24, x24, #0x7fffffffffffffff
 8977	mov	x25, #38
 8978	mul	x26, x25, x4
 8979	adds	x21, x21, x26
 8980	umulh	x4, x25, x4
 8981	mul	x26, x25, x5
 8982	adcs	x22, x22, x26
 8983	umulh	x5, x25, x5
 8984	mul	x26, x25, x6
 8985	adcs	x23, x23, x26
 8986	umulh	x6, x25, x6
 8987	adc	x24, x24, xzr
 8988	#  Add high product results in
 8989	adds	x21, x21, x27
 8990	adcs	x22, x22, x4
 8991	adcs	x23, x23, x5
 8992	adc	x24, x24, x6
 8993	add	x3, x0, #32
 8994	mov	x2, x0
 8995	add	x1, x0, #32
 8996	# Add
 8997	adds	x4, x21, x8
 8998	adcs	x5, x22, x9
 8999	adcs	x6, x23, x10
 9000	adcs	x7, x24, x11
 9001	cset	x28, cs
 9002	mov	x25, #19
 9003	extr	x28, x28, x7, #63
 9004	mul	x25, x28, x25
 9005	#   Sub modulus (if overflow)
 9006	adds	x4, x4, x25
 9007	adcs	x5, x5, xzr
 9008	and	x7, x7, #0x7fffffffffffffff
 9009	adcs	x6, x6, xzr
 9010	adc	x7, x7, xzr
 9011	# Sub
 9012	subs	x12, x21, x8
 9013	sbcs	x13, x22, x9
 9014	sbcs	x14, x23, x10
 9015	sbcs	x15, x24, x11
 9016	csetm	x28, cc
 9017	mov	x25, #-19
 9018	extr	x28, x28, x15, #63
 9019	mul	x25, x28, x25
 9020	#   Add modulus (if underflow)
 9021	subs	x12, x12, x25
 9022	sbcs	x13, x13, xzr
 9023	and	x15, x15, #0x7fffffffffffffff
 9024	sbcs	x14, x14, xzr
 9025	sbc	x15, x15, xzr
 9026	stp	x4, x5, [x0]
 9027	stp	x6, x7, [x0, #16]
 9028	stp	x12, x13, [x1]
 9029	stp	x14, x15, [x1, #16]
 9030	ldr	x1, [x29, #24]
 9031	add	x2, x1, #32
 9032	sub	x0, x0, #32
 9033	# Add
 9034	ldp	x8, x9, [x1]
 9035	ldp	x10, x11, [x1, #16]
 9036	adds	x8, x8, x16
 9037	adcs	x9, x9, x17
 9038	adcs	x10, x10, x19
 9039	adcs	x11, x11, x20
 9040	cset	x28, cs
 9041	mov	x25, #19
 9042	#   Mask the modulus
 9043	extr	x28, x28, x11, #63
 9044	mul	x25, x28, x25
 9045	#   Sub modulus (if overflow)
 9046	adds	x8, x8, x25
 9047	adcs	x9, x9, xzr
 9048	and	x11, x11, #0x7fffffffffffffff
 9049	adcs	x10, x10, xzr
 9050	adc	x11, x11, xzr
 9051	mov	x1, x0
 9052	# Square
 9053	#  A[0] * A[1]
 9054	umulh	x23, x8, x9
 9055	mul	x22, x8, x9
 9056	#  A[0] * A[3]
 9057	umulh	x4, x8, x11
 9058	mul	x24, x8, x11
 9059	#  A[0] * A[2]
 9060	mul	x25, x8, x10
 9061	adds	x23, x23, x25
 9062	umulh	x26, x8, x10
 9063	adcs	x24, x24, x26
 9064	#  A[1] * A[3]
 9065	mul	x25, x9, x11
 9066	adcs	x4, x4, x25
 9067	umulh	x5, x9, x11
 9068	adc	x5, x5, xzr
 9069	#  A[1] * A[2]
 9070	mul	x25, x9, x10
 9071	adds	x24, x24, x25
 9072	umulh	x26, x9, x10
 9073	adcs	x4, x4, x26
 9074	#  A[2] * A[3]
 9075	mul	x25, x10, x11
 9076	adcs	x5, x5, x25
 9077	umulh	x6, x10, x11
 9078	adc	x6, x6, xzr
 9079	# Double
 9080	adds	x22, x22, x22
 9081	adcs	x23, x23, x23
 9082	adcs	x24, x24, x24
 9083	adcs	x4, x4, x4
 9084	adcs	x5, x5, x5
 9085	adcs	x6, x6, x6
 9086	adc	x7, xzr, xzr
 9087	#  A[0] * A[0]
 9088	umulh	x26, x8, x8
 9089	mul	x21, x8, x8
 9090	#  A[1] * A[1]
 9091	mul	x25, x9, x9
 9092	adds	x22, x22, x26
 9093	umulh	x26, x9, x9
 9094	adcs	x23, x23, x25
 9095	#  A[2] * A[2]
 9096	mul	x25, x10, x10
 9097	adcs	x24, x24, x26
 9098	umulh	x26, x10, x10
 9099	adcs	x4, x4, x25
 9100	#  A[3] * A[3]
 9101	mul	x25, x11, x11
 9102	adcs	x5, x5, x26
 9103	umulh	x26, x11, x11
 9104	adcs	x6, x6, x25
 9105	adc	x7, x7, x26
 9106	# Reduce
 9107	mov	x25, #38
 9108	mul	x26, x25, x7
 9109	adds	x24, x24, x26
 9110	umulh	x27, x25, x7
 9111	adc	x27, x27, xzr
 9112	mov	x25, #19
 9113	extr	x27, x27, x24, #63
 9114	mul	x27, x27, x25
 9115	and	x24, x24, #0x7fffffffffffffff
 9116	mov	x25, #38
 9117	mul	x26, x25, x4
 9118	adds	x21, x21, x26
 9119	umulh	x4, x25, x4
 9120	mul	x26, x25, x5
 9121	adcs	x22, x22, x26
 9122	umulh	x5, x25, x5
 9123	mul	x26, x25, x6
 9124	adcs	x23, x23, x26
 9125	umulh	x6, x25, x6
 9126	adc	x24, x24, xzr
 9127	#  Add high product results in
 9128	adds	x21, x21, x27
 9129	adcs	x22, x22, x4
 9130	adcs	x23, x23, x5
 9131	adc	x24, x24, x6
 9132	add	x2, x0, #32
 9133	# Sub
 9134	ldp	x8, x9, [x2]
 9135	ldp	x10, x11, [x2, #16]
 9136	subs	x21, x21, x8
 9137	sbcs	x22, x22, x9
 9138	sbcs	x23, x23, x10
 9139	sbcs	x24, x24, x11
 9140	csetm	x28, cc
 9141	mov	x25, #-19
 9142	#   Mask the modulus
 9143	extr	x28, x28, x24, #63
 9144	mul	x25, x28, x25
 9145	#   Add modulus (if underflow)
 9146	subs	x21, x21, x25
 9147	sbcs	x22, x22, xzr
 9148	and	x24, x24, #0x7fffffffffffffff
 9149	sbcs	x23, x23, xzr
 9150	sbc	x24, x24, xzr
 9151	stp	x21, x22, [x0]
 9152	stp	x23, x24, [x0, #16]
 9153	ldr	x2, [x29, #24]
 9154	add	x2, x2, #0x40
 9155	add	x0, x0, #0x60
 9156	# Square * 2
 9157	ldp	x16, x17, [x2]
 9158	ldp	x19, x20, [x2, #16]
 9159	#  A[0] * A[1]
 9160	umulh	x6, x16, x17
 9161	mul	x5, x16, x17
 9162	#  A[0] * A[3]
 9163	umulh	x8, x16, x20
 9164	mul	x7, x16, x20
 9165	#  A[0] * A[2]
 9166	mul	x25, x16, x19
 9167	adds	x6, x6, x25
 9168	umulh	x26, x16, x19
 9169	adcs	x7, x7, x26
 9170	#  A[1] * A[3]
 9171	mul	x25, x17, x20
 9172	adcs	x8, x8, x25
 9173	umulh	x9, x17, x20
 9174	adc	x9, x9, xzr
 9175	#  A[1] * A[2]
 9176	mul	x25, x17, x19
 9177	adds	x7, x7, x25
 9178	umulh	x26, x17, x19
 9179	adcs	x8, x8, x26
 9180	#  A[2] * A[3]
 9181	mul	x25, x19, x20
 9182	adcs	x9, x9, x25
 9183	umulh	x10, x19, x20
 9184	adc	x10, x10, xzr
 9185	# Double
 9186	adds	x5, x5, x5
 9187	adcs	x6, x6, x6
 9188	adcs	x7, x7, x7
 9189	adcs	x8, x8, x8
 9190	adcs	x9, x9, x9
 9191	adcs	x10, x10, x10
 9192	adc	x11, xzr, xzr
 9193	#  A[0] * A[0]
 9194	umulh	x26, x16, x16
 9195	mul	x4, x16, x16
 9196	#  A[1] * A[1]
 9197	mul	x25, x17, x17
 9198	adds	x5, x5, x26
 9199	umulh	x26, x17, x17
 9200	adcs	x6, x6, x25
 9201	#  A[2] * A[2]
 9202	mul	x25, x19, x19
 9203	adcs	x7, x7, x26
 9204	umulh	x26, x19, x19
 9205	adcs	x8, x8, x25
 9206	#  A[3] * A[3]
 9207	mul	x25, x20, x20
 9208	adcs	x9, x9, x26
 9209	umulh	x26, x20, x20
 9210	adcs	x10, x10, x25
 9211	adc	x11, x11, x26
 9212	# Reduce
 9213	mov	x25, #38
 9214	mul	x26, x25, x11
 9215	adds	x7, x7, x26
 9216	umulh	x27, x25, x11
 9217	adc	x27, x27, xzr
 9218	mov	x25, #19
 9219	extr	x27, x27, x7, #63
 9220	mul	x27, x27, x25
 9221	and	x7, x7, #0x7fffffffffffffff
 9222	mov	x25, #38
 9223	mul	x26, x25, x8
 9224	adds	x4, x4, x26
 9225	umulh	x8, x25, x8
 9226	mul	x26, x25, x9
 9227	adcs	x5, x5, x26
 9228	umulh	x9, x25, x9
 9229	mul	x26, x25, x10
 9230	adcs	x6, x6, x26
 9231	umulh	x10, x25, x10
 9232	adc	x7, x7, xzr
 9233	#  Add high product results in
 9234	adds	x4, x4, x27
 9235	adcs	x5, x5, x8
 9236	adcs	x6, x6, x9
 9237	adc	x7, x7, x10
 9238	mov	x25, #19
 9239	lsr	x26, x7, #62
 9240	extr	x7, x7, x6, #63
 9241	extr	x6, x6, x5, #63
 9242	extr	x5, x5, x4, #63
 9243	lsl	x4, x4, #1
 9244	mul	x26, x26, x25
 9245	adds	x4, x4, x26
 9246	adcs	x5, x5, xzr
 9247	and	x7, x7, #0x7fffffffffffffff
 9248	adcs	x6, x6, xzr
 9249	adc	x7, x7, xzr
 9250	# Store
 9251	sub	x1, x0, #32
 9252	# Sub
 9253	subs	x4, x4, x12
 9254	sbcs	x5, x5, x13
 9255	sbcs	x6, x6, x14
 9256	sbcs	x7, x7, x15
 9257	csetm	x28, cc
 9258	mov	x25, #-19
 9259	#   Mask the modulus
 9260	extr	x28, x28, x7, #63
 9261	mul	x25, x28, x25
 9262	#   Add modulus (if underflow)
 9263	subs	x4, x4, x25
 9264	sbcs	x5, x5, xzr
 9265	and	x7, x7, #0x7fffffffffffffff
 9266	sbcs	x6, x6, xzr
 9267	sbc	x7, x7, xzr
 9268	stp	x4, x5, [x0]
 9269	stp	x6, x7, [x0, #16]
 9270	ldp	x17, x19, [x29, #40]
 9271	ldp	x20, x21, [x29, #56]
 9272	ldp	x22, x23, [x29, #72]
 9273	ldp	x24, x25, [x29, #88]
 9274	ldp	x26, x27, [x29, #104]
 9275	ldr	x28, [x29, #120]
 9276	ldp	x29, x30, [sp], #0x80
 9277	ret
 9278#ifndef __APPLE__
 9279	.size	ge_p2_dbl,.-ge_p2_dbl
 9280#endif /* __APPLE__ */
 9281#ifndef __APPLE__
 9282.text
 9283.globl	ge_madd
 9284.type	ge_madd,@function
 9285.align	2
 9286ge_madd:
 9287#else
 9288.section	__TEXT,__text
 9289.globl	_ge_madd
 9290.p2align	2
 9291_ge_madd:
 9292#endif /* __APPLE__ */
 9293	stp	x29, x30, [sp, #-144]!
 9294	add	x29, sp, #0
 9295	stp	x17, x19, [x29, #56]
 9296	stp	x20, x21, [x29, #72]
 9297	stp	x22, x23, [x29, #88]
 9298	stp	x24, x25, [x29, #104]
 9299	stp	x26, x27, [x29, #120]
 9300	str	x28, [x29, #136]
 9301	str	x0, [x29, #16]
 9302	str	x1, [x29, #24]
 9303	str	x2, [x29, #32]
 9304	mov	x3, x1
 9305	add	x2, x1, #32
 9306	add	x1, x0, #32
 9307	# Add
 9308	ldp	x8, x9, [x2]
 9309	ldp	x10, x11, [x2, #16]
 9310	ldp	x4, x5, [x3]
 9311	ldp	x6, x7, [x3, #16]
 9312	adds	x16, x8, x4
 9313	adcs	x17, x9, x5
 9314	adcs	x19, x10, x6
 9315	adcs	x20, x11, x7
 9316	cset	x28, cs
 9317	mov	x25, #19
 9318	extr	x28, x28, x20, #63
 9319	mul	x25, x28, x25
 9320	#   Sub modulus (if overflow)
 9321	adds	x16, x16, x25
 9322	adcs	x17, x17, xzr
 9323	and	x20, x20, #0x7fffffffffffffff
 9324	adcs	x19, x19, xzr
 9325	adc	x20, x20, xzr
 9326	# Sub
 9327	subs	x12, x8, x4
 9328	sbcs	x13, x9, x5
 9329	sbcs	x14, x10, x6
 9330	sbcs	x15, x11, x7
 9331	csetm	x28, cc
 9332	mov	x25, #-19
 9333	extr	x28, x28, x15, #63
 9334	mul	x25, x28, x25
 9335	#   Add modulus (if underflow)
 9336	subs	x12, x12, x25
 9337	sbcs	x13, x13, xzr
 9338	and	x15, x15, #0x7fffffffffffffff
 9339	sbcs	x14, x14, xzr
 9340	sbc	x15, x15, xzr
 9341	ldr	x2, [x29, #32]
 9342	mov	x1, x0
 9343	# Multiply
 9344	ldp	x8, x9, [x2]
 9345	ldp	x10, x11, [x2, #16]
 9346	# A[0] * B[0]
 9347	umulh	x22, x16, x8
 9348	mul	x21, x16, x8
 9349	# A[2] * B[0]
 9350	umulh	x24, x19, x8
 9351	mul	x23, x19, x8
 9352	# A[1] * B[0]
 9353	mul	x25, x17, x8
 9354	adds	x22, x22, x25
 9355	umulh	x26, x17, x8
 9356	adcs	x23, x23, x26
 9357	# A[1] * B[3]
 9358	umulh	x5, x17, x11
 9359	adc	x24, x24, xzr
 9360	mul	x4, x17, x11
 9361	# A[0] * B[1]
 9362	mul	x25, x16, x9
 9363	adds	x22, x22, x25
 9364	umulh	x26, x16, x9
 9365	adcs	x23, x23, x26
 9366	# A[2] * B[1]
 9367	mul	x25, x19, x9
 9368	adcs	x24, x24, x25
 9369	umulh	x26, x19, x9
 9370	adcs	x4, x4, x26
 9371	adc	x5, x5, xzr
 9372	# A[1] * B[2]
 9373	mul	x25, x17, x10
 9374	adds	x24, x24, x25
 9375	umulh	x26, x17, x10
 9376	adcs	x4, x4, x26
 9377	adcs	x5, x5, xzr
 9378	adc	x6, xzr, xzr
 9379	# A[0] * B[2]
 9380	mul	x25, x16, x10
 9381	adds	x23, x23, x25
 9382	umulh	x26, x16, x10
 9383	adcs	x24, x24, x26
 9384	adcs	x4, x4, xzr
 9385	adcs	x5, x5, xzr
 9386	adc	x6, x6, xzr
 9387	# A[1] * B[1]
 9388	mul	x25, x17, x9
 9389	adds	x23, x23, x25
 9390	umulh	x26, x17, x9
 9391	adcs	x24, x24, x26
 9392	# A[3] * B[1]
 9393	mul	x25, x20, x9
 9394	adcs	x4, x4, x25
 9395	umulh	x26, x20, x9
 9396	adcs	x5, x5, x26
 9397	adc	x6, x6, xzr
 9398	# A[2] * B[2]
 9399	mul	x25, x19, x10
 9400	adds	x4, x4, x25
 9401	umulh	x26, x19, x10
 9402	adcs	x5, x5, x26
 9403	# A[3] * B[3]
 9404	mul	x25, x20, x11
 9405	adcs	x6, x6, x25
 9406	umulh	x7, x20, x11
 9407	adc	x7, x7, xzr
 9408	# A[0] * B[3]
 9409	mul	x25, x16, x11
 9410	adds	x24, x24, x25
 9411	umulh	x26, x16, x11
 9412	adcs	x4, x4, x26
 9413	# A[2] * B[3]
 9414	mul	x25, x19, x11
 9415	adcs	x5, x5, x25
 9416	umulh	x26, x19, x11
 9417	adcs	x6, x6, x26
 9418	adc	x7, x7, xzr
 9419	# A[3] * B[0]
 9420	mul	x25, x20, x8
 9421	adds	x24, x24, x25
 9422	umulh	x26, x20, x8
 9423	adcs	x4, x4, x26
 9424	# A[3] * B[2]
 9425	mul	x25, x20, x10
 9426	adcs	x5, x5, x25
 9427	umulh	x26, x20, x10
 9428	adcs	x6, x6, x26
 9429	adc	x7, x7, xzr
 9430	# Reduce
 9431	mov	x25, #38
 9432	mul	x26, x25, x7
 9433	adds	x24, x24, x26
 9434	umulh	x27, x25, x7
 9435	adc	x27, x27, xzr
 9436	mov	x25, #19
 9437	extr	x27, x27, x24, #63
 9438	mul	x27, x27, x25
 9439	and	x24, x24, #0x7fffffffffffffff
 9440	mov	x25, #38
 9441	mul	x26, x25, x4
 9442	adds	x21, x21, x26
 9443	umulh	x4, x25, x4
 9444	mul	x26, x25, x5
 9445	adcs	x22, x22, x26
 9446	umulh	x5, x25, x5
 9447	mul	x26, x25, x6
 9448	adcs	x23, x23, x26
 9449	umulh	x6, x25, x6
 9450	adc	x24, x24, xzr
 9451	#  Add high product results in
 9452	adds	x21, x21, x27
 9453	adcs	x22, x22, x4
 9454	adcs	x23, x23, x5
 9455	adc	x24, x24, x6
 9456	add	x2, x2, #32
 9457	add	x1, x0, #32
 9458	add	x0, x0, #32
 9459	# Multiply
 9460	ldp	x16, x17, [x2]
 9461	ldp	x19, x20, [x2, #16]
 9462	# A[0] * B[0]
 9463	umulh	x5, x12, x16
 9464	mul	x4, x12, x16
 9465	# A[2] * B[0]
 9466	umulh	x7, x14, x16
 9467	mul	x6, x14, x16
 9468	# A[1] * B[0]
 9469	mul	x25, x13, x16
 9470	adds	x5, x5, x25
 9471	umulh	x26, x13, x16
 9472	adcs	x6, x6, x26
 9473	# A[1] * B[3]
 9474	umulh	x9, x13, x20
 9475	adc	x7, x7, xzr
 9476	mul	x8, x13, x20
 9477	# A[0] * B[1]
 9478	mul	x25, x12, x17
 9479	adds	x5, x5, x25
 9480	umulh	x26, x12, x17
 9481	adcs	x6, x6, x26
 9482	# A[2] * B[1]
 9483	mul	x25, x14, x17
 9484	adcs	x7, x7, x25
 9485	umulh	x26, x14, x17
 9486	adcs	x8, x8, x26
 9487	adc	x9, x9, xzr
 9488	# A[1] * B[2]
 9489	mul	x25, x13, x19
 9490	adds	x7, x7, x25
 9491	umulh	x26, x13, x19
 9492	adcs	x8, x8, x26
 9493	adcs	x9, x9, xzr
 9494	adc	x10, xzr, xzr
 9495	# A[0] * B[2]
 9496	mul	x25, x12, x19
 9497	adds	x6, x6, x25
 9498	umulh	x26, x12, x19
 9499	adcs	x7, x7, x26
 9500	adcs	x8, x8, xzr
 9501	adcs	x9, x9, xzr
 9502	adc	x10, x10, xzr
 9503	# A[1] * B[1]
 9504	mul	x25, x13, x17
 9505	adds	x6, x6, x25
 9506	umulh	x26, x13, x17
 9507	adcs	x7, x7, x26
 9508	# A[3] * B[1]
 9509	mul	x25, x15, x17
 9510	adcs	x8, x8, x25
 9511	umulh	x26, x15, x17
 9512	adcs	x9, x9, x26
 9513	adc	x10, x10, xzr
 9514	# A[2] * B[2]
 9515	mul	x25, x14, x19
 9516	adds	x8, x8, x25
 9517	umulh	x26, x14, x19
 9518	adcs	x9, x9, x26
 9519	# A[3] * B[3]
 9520	mul	x25, x15, x20
 9521	adcs	x10, x10, x25
 9522	umulh	x11, x15, x20
 9523	adc	x11, x11, xzr
 9524	# A[0] * B[3]
 9525	mul	x25, x12, x20
 9526	adds	x7, x7, x25
 9527	umulh	x26, x12, x20
 9528	adcs	x8, x8, x26
 9529	# A[2] * B[3]
 9530	mul	x25, x14, x20
 9531	adcs	x9, x9, x25
 9532	umulh	x26, x14, x20
 9533	adcs	x10, x10, x26
 9534	adc	x11, x11, xzr
 9535	# A[3] * B[0]
 9536	mul	x25, x15, x16
 9537	adds	x7, x7, x25
 9538	umulh	x26, x15, x16
 9539	adcs	x8, x8, x26
 9540	# A[3] * B[2]
 9541	mul	x25, x15, x19
 9542	adcs	x9, x9, x25
 9543	umulh	x26, x15, x19
 9544	adcs	x10, x10, x26
 9545	adc	x11, x11, xzr
 9546	# Reduce
 9547	mov	x25, #38
 9548	mul	x26, x25, x11
 9549	adds	x7, x7, x26
 9550	umulh	x27, x25, x11
 9551	adc	x27, x27, xzr
 9552	mov	x25, #19
 9553	extr	x27, x27, x7, #63
 9554	mul	x27, x27, x25
 9555	and	x7, x7, #0x7fffffffffffffff
 9556	mov	x25, #38
 9557	mul	x26, x25, x8
 9558	adds	x4, x4, x26
 9559	umulh	x8, x25, x8
 9560	mul	x26, x25, x9
 9561	adcs	x5, x5, x26
 9562	umulh	x9, x25, x9
 9563	mul	x26, x25, x10
 9564	adcs	x6, x6, x26
 9565	umulh	x10, x25, x10
 9566	adc	x7, x7, xzr
 9567	#  Add high product results in
 9568	adds	x4, x4, x27
 9569	adcs	x5, x5, x8
 9570	adcs	x6, x6, x9
 9571	adc	x7, x7, x10
 9572	mov	x3, x0
 9573	sub	x2, x0, #32
 9574	sub	x1, x0, #32
 9575	# Add
 9576	adds	x8, x21, x4
 9577	adcs	x9, x22, x5
 9578	adcs	x10, x23, x6
 9579	adcs	x11, x24, x7
 9580	cset	x28, cs
 9581	mov	x25, #19
 9582	extr	x28, x28, x11, #63
 9583	mul	x25, x28, x25
 9584	#   Sub modulus (if overflow)
 9585	adds	x8, x8, x25
 9586	adcs	x9, x9, xzr
 9587	and	x11, x11, #0x7fffffffffffffff
 9588	adcs	x10, x10, xzr
 9589	adc	x11, x11, xzr
 9590	# Sub
 9591	subs	x12, x21, x4
 9592	sbcs	x13, x22, x5
 9593	sbcs	x14, x23, x6
 9594	sbcs	x15, x24, x7
 9595	csetm	x28, cc
 9596	mov	x25, #-19
 9597	extr	x28, x28, x15, #63
 9598	mul	x25, x28, x25
 9599	#   Add modulus (if underflow)
 9600	subs	x12, x12, x25
 9601	sbcs	x13, x13, xzr
 9602	and	x15, x15, #0x7fffffffffffffff
 9603	sbcs	x14, x14, xzr
 9604	sbc	x15, x15, xzr
 9605	stp	x8, x9, [x0]
 9606	stp	x10, x11, [x0, #16]
 9607	stp	x12, x13, [x1]
 9608	stp	x14, x15, [x1, #16]
 9609	ldr	x1, [x29, #24]
 9610	ldr	x2, [x29, #32]
 9611	add	x2, x2, #0x40
 9612	add	x1, x1, #0x60
 9613	add	x0, x0, #0x40
 9614	# Multiply
 9615	ldp	x21, x22, [x1]
 9616	ldp	x23, x24, [x1, #16]
 9617	ldp	x4, x5, [x2]
 9618	ldp	x6, x7, [x2, #16]
 9619	# A[0] * B[0]
 9620	umulh	x17, x21, x4
 9621	mul	x16, x21, x4
 9622	# A[2] * B[0]
 9623	umulh	x20, x23, x4
 9624	mul	x19, x23, x4
 9625	# A[1] * B[0]
 9626	mul	x25, x22, x4
 9627	adds	x17, x17, x25
 9628	umulh	x26, x22, x4
 9629	adcs	x19, x19, x26
 9630	# A[1] * B[3]
 9631	umulh	x9, x22, x7
 9632	adc	x20, x20, xzr
 9633	mul	x8, x22, x7
 9634	# A[0] * B[1]
 9635	mul	x25, x21, x5
 9636	adds	x17, x17, x25
 9637	umulh	x26, x21, x5
 9638	adcs	x19, x19, x26
 9639	# A[2] * B[1]
 9640	mul	x25, x23, x5
 9641	adcs	x20, x20, x25
 9642	umulh	x26, x23, x5
 9643	adcs	x8, x8, x26
 9644	adc	x9, x9, xzr
 9645	# A[1] * B[2]
 9646	mul	x25, x22, x6
 9647	adds	x20, x20, x25
 9648	umulh	x26, x22, x6
 9649	adcs	x8, x8, x26
 9650	adcs	x9, x9, xzr
 9651	adc	x10, xzr, xzr
 9652	# A[0] * B[2]
 9653	mul	x25, x21, x6
 9654	adds	x19, x19, x25
 9655	umulh	x26, x21, x6
 9656	adcs	x20, x20, x26
 9657	adcs	x8, x8, xzr
 9658	adcs	x9, x9, xzr
 9659	adc	x10, x10, xzr
 9660	# A[1] * B[1]
 9661	mul	x25, x22, x5
 9662	adds	x19, x19, x25
 9663	umulh	x26, x22, x5
 9664	adcs	x20, x20, x26
 9665	# A[3] * B[1]
 9666	mul	x25, x24, x5
 9667	adcs	x8, x8, x25
 9668	umulh	x26, x24, x5
 9669	adcs	x9, x9, x26
 9670	adc	x10, x10, xzr
 9671	# A[2] * B[2]
 9672	mul	x25, x23, x6
 9673	adds	x8, x8, x25
 9674	umulh	x26, x23, x6
 9675	adcs	x9, x9, x26
 9676	# A[3] * B[3]
 9677	mul	x25, x24, x7
 9678	adcs	x10, x10, x25
 9679	umulh	x11, x24, x7
 9680	adc	x11, x11, xzr
 9681	# A[0] * B[3]
 9682	mul	x25, x21, x7
 9683	adds	x20, x20, x25
 9684	umulh	x26, x21, x7
 9685	adcs	x8, x8, x26
 9686	# A[2] * B[3]
 9687	mul	x25, x23, x7
 9688	adcs	x9, x9, x25
 9689	umulh	x26, x23, x7
 9690	adcs	x10, x10, x26
 9691	adc	x11, x11, xzr
 9692	# A[3] * B[0]
 9693	mul	x25, x24, x4
 9694	adds	x20, x20, x25
 9695	umulh	x26, x24, x4
 9696	adcs	x8, x8, x26
 9697	# A[3] * B[2]
 9698	mul	x25, x24, x6
 9699	adcs	x9, x9, x25
 9700	umulh	x26, x24, x6
 9701	adcs	x10, x10, x26
 9702	adc	x11, x11, xzr
 9703	# Reduce
 9704	mov	x25, #38
 9705	mul	x26, x25, x11
 9706	adds	x20, x20, x26
 9707	umulh	x27, x25, x11
 9708	adc	x27, x27, xzr
 9709	mov	x25, #19
 9710	extr	x27, x27, x20, #63
 9711	mul	x27, x27, x25
 9712	and	x20, x20, #0x7fffffffffffffff
 9713	mov	x25, #38
 9714	mul	x26, x25, x8
 9715	adds	x16, x16, x26
 9716	umulh	x8, x25, x8
 9717	mul	x26, x25, x9
 9718	adcs	x17, x17, x26
 9719	umulh	x9, x25, x9
 9720	mul	x26, x25, x10
 9721	adcs	x19, x19, x26
 9722	umulh	x10, x25, x10
 9723	adc	x20, x20, xzr
 9724	#  Add high product results in
 9725	adds	x16, x16, x27
 9726	adcs	x17, x17, x8
 9727	adcs	x19, x19, x9
 9728	adc	x20, x20, x10
 9729	sub	x1, x1, #32
 9730	# Double
 9731	ldp	x12, x13, [x1]
 9732	ldp	x14, x15, [x1, #16]
 9733	adds	x12, x12, x12
 9734	adcs	x13, x13, x13
 9735	adcs	x14, x14, x14
 9736	adc	x15, x15, x15
 9737	mov	x25, #-19
 9738	asr	x28, x15, #63
 9739	#   Mask the modulus
 9740	and	x25, x28, x25
 9741	and	x26, x28, #0x7fffffffffffffff
 9742	#   Sub modulus (if overflow)
 9743	subs	x12, x12, x25
 9744	sbcs	x13, x13, x28
 9745	sbcs	x14, x14, x28
 9746	sbc	x15, x15, x26
 9747	mov	x3, x0
 9748	sub	x2, x0, #32
 9749	mov	x1, x0
 9750	sub	x0, x0, #32
 9751	# Add
 9752	adds	x8, x12, x16
 9753	adcs	x9, x13, x17
 9754	adcs	x10, x14, x19
 9755	adcs	x11, x15, x20
 9756	cset	x28, cs
 9757	mov	x25, #19
 9758	extr	x28, x28, x11, #63
 9759	mul	x25, x28, x25
 9760	#   Sub modulus (if overflow)
 9761	adds	x8, x8, x25
 9762	adcs	x9, x9, xzr
 9763	and	x11, x11, #0x7fffffffffffffff
 9764	adcs	x10, x10, xzr
 9765	adc	x11, x11, xzr
 9766	# Sub
 9767	subs	x4, x12, x16
 9768	sbcs	x5, x13, x17
 9769	sbcs	x6, x14, x19
 9770	sbcs	x7, x15, x20
 9771	csetm	x28, cc
 9772	mov	x25, #-19
 9773	extr	x28, x28, x7, #63
 9774	mul	x25, x28, x25
 9775	#   Add modulus (if underflow)
 9776	subs	x4, x4, x25
 9777	sbcs	x5, x5, xzr
 9778	and	x7, x7, #0x7fffffffffffffff
 9779	sbcs	x6, x6, xzr
 9780	sbc	x7, x7, xzr
 9781	stp	x8, x9, [x0]
 9782	stp	x10, x11, [x0, #16]
 9783	stp	x4, x5, [x1]
 9784	stp	x6, x7, [x1, #16]
 9785	ldp	x17, x19, [x29, #56]
 9786	ldp	x20, x21, [x29, #72]
 9787	ldp	x22, x23, [x29, #88]
 9788	ldp	x24, x25, [x29, #104]
 9789	ldp	x26, x27, [x29, #120]
 9790	ldr	x28, [x29, #136]
 9791	ldp	x29, x30, [sp], #0x90
 9792	ret
 9793#ifndef __APPLE__
 9794	.size	ge_madd,.-ge_madd
 9795#endif /* __APPLE__ */
 9796#ifndef __APPLE__
 9797.text
 9798.globl	ge_msub
 9799.type	ge_msub,@function
 9800.align	2
 9801ge_msub:
 9802#else
 9803.section	__TEXT,__text
 9804.globl	_ge_msub
 9805.p2align	2
 9806_ge_msub:
 9807#endif /* __APPLE__ */
 9808	stp	x29, x30, [sp, #-144]!
 9809	add	x29, sp, #0
 9810	stp	x17, x19, [x29, #56]
 9811	stp	x20, x21, [x29, #72]
 9812	stp	x22, x23, [x29, #88]
 9813	stp	x24, x25, [x29, #104]
 9814	stp	x26, x27, [x29, #120]
 9815	str	x28, [x29, #136]
 9816	str	x0, [x29, #16]
 9817	str	x1, [x29, #24]
 9818	str	x2, [x29, #32]
 9819	mov	x3, x1
 9820	add	x2, x1, #32
 9821	add	x1, x0, #32
 9822	# Add
 9823	ldp	x8, x9, [x2]
 9824	ldp	x10, x11, [x2, #16]
 9825	ldp	x4, x5, [x3]
 9826	ldp	x6, x7, [x3, #16]
 9827	adds	x16, x8, x4
 9828	adcs	x17, x9, x5
 9829	adcs	x19, x10, x6
 9830	adcs	x20, x11, x7
 9831	cset	x28, cs
 9832	mov	x25, #19
 9833	extr	x28, x28, x20, #63
 9834	mul	x25, x28, x25
 9835	#   Sub modulus (if overflow)
 9836	adds	x16, x16, x25
 9837	adcs	x17, x17, xzr
 9838	and	x20, x20, #0x7fffffffffffffff
 9839	adcs	x19, x19, xzr
 9840	adc	x20, x20, xzr
 9841	# Sub
 9842	subs	x12, x8, x4
 9843	sbcs	x13, x9, x5
 9844	sbcs	x14, x10, x6
 9845	sbcs	x15, x11, x7
 9846	csetm	x28, cc
 9847	mov	x25, #-19
 9848	extr	x28, x28, x15, #63
 9849	mul	x25, x28, x25
 9850	#   Add modulus (if underflow)
 9851	subs	x12, x12, x25
 9852	sbcs	x13, x13, xzr
 9853	and	x15, x15, #0x7fffffffffffffff
 9854	sbcs	x14, x14, xzr
 9855	sbc	x15, x15, xzr
 9856	ldr	x2, [x29, #32]
 9857	add	x2, x2, #32
 9858	mov	x1, x0
 9859	# Multiply
 9860	ldp	x8, x9, [x2]
 9861	ldp	x10, x11, [x2, #16]
 9862	# A[0] * B[0]
 9863	umulh	x22, x16, x8
 9864	mul	x21, x16, x8
 9865	# A[2] * B[0]
 9866	umulh	x24, x19, x8
 9867	mul	x23, x19, x8
 9868	# A[1] * B[0]
 9869	mul	x25, x17, x8
 9870	adds	x22, x22, x25
 9871	umulh	x26, x17, x8
 9872	adcs	x23, x23, x26
 9873	# A[1] * B[3]
 9874	umulh	x5, x17, x11
 9875	adc	x24, x24, xzr
 9876	mul	x4, x17, x11
 9877	# A[0] * B[1]
 9878	mul	x25, x16, x9
 9879	adds	x22, x22, x25
 9880	umulh	x26, x16, x9
 9881	adcs	x23, x23, x26
 9882	# A[2] * B[1]
 9883	mul	x25, x19, x9
 9884	adcs	x24, x24, x25
 9885	umulh	x26, x19, x9
 9886	adcs	x4, x4, x26
 9887	adc	x5, x5, xzr
 9888	# A[1] * B[2]
 9889	mul	x25, x17, x10
 9890	adds	x24, x24, x25
 9891	umulh	x26, x17, x10
 9892	adcs	x4, x4, x26
 9893	adcs	x5, x5, xzr
 9894	adc	x6, xzr, xzr
 9895	# A[0] * B[2]
 9896	mul	x25, x16, x10
 9897	adds	x23, x23, x25
 9898	umulh	x26, x16, x10
 9899	adcs	x24, x24, x26
 9900	adcs	x4, x4, xzr
 9901	adcs	x5, x5, xzr
 9902	adc	x6, x6, xzr
 9903	# A[1] * B[1]
 9904	mul	x25, x17, x9
 9905	adds	x23, x23, x25
 9906	umulh	x26, x17, x9
 9907	adcs	x24, x24, x26
 9908	# A[3] * B[1]
 9909	mul	x25, x20, x9
 9910	adcs	x4, x4, x25
 9911	umulh	x26, x20, x9
 9912	adcs	x5, x5, x26
 9913	adc	x6, x6, xzr
 9914	# A[2] * B[2]
 9915	mul	x25, x19, x10
 9916	adds	x4, x4, x25
 9917	umulh	x26, x19, x10
 9918	adcs	x5, x5, x26
 9919	# A[3] * B[3]
 9920	mul	x25, x20, x11
 9921	adcs	x6, x6, x25
 9922	umulh	x7, x20, x11
 9923	adc	x7, x7, xzr
 9924	# A[0] * B[3]
 9925	mul	x25, x16, x11
 9926	adds	x24, x24, x25
 9927	umulh	x26, x16, x11
 9928	adcs	x4, x4, x26
 9929	# A[2] * B[3]
 9930	mul	x25, x19, x11
 9931	adcs	x5, x5, x25
 9932	umulh	x26, x19, x11
 9933	adcs	x6, x6, x26
 9934	adc	x7, x7, xzr
 9935	# A[3] * B[0]
 9936	mul	x25, x20, x8
 9937	adds	x24, x24, x25
 9938	umulh	x26, x20, x8
 9939	adcs	x4, x4, x26
 9940	# A[3] * B[2]
 9941	mul	x25, x20, x10
 9942	adcs	x5, x5, x25
 9943	umulh	x26, x20, x10
 9944	adcs	x6, x6, x26
 9945	adc	x7, x7, xzr
 9946	# Reduce
 9947	mov	x25, #38
 9948	mul	x26, x25, x7
 9949	adds	x24, x24, x26
 9950	umulh	x27, x25, x7
 9951	adc	x27, x27, xzr
 9952	mov	x25, #19
 9953	extr	x27, x27, x24, #63
 9954	mul	x27, x27, x25
 9955	and	x24, x24, #0x7fffffffffffffff
 9956	mov	x25, #38
 9957	mul	x26, x25, x4
 9958	adds	x21, x21, x26
 9959	umulh	x4, x25, x4
 9960	mul	x26, x25, x5
 9961	adcs	x22, x22, x26
 9962	umulh	x5, x25, x5
 9963	mul	x26, x25, x6
 9964	adcs	x23, x23, x26
 9965	umulh	x6, x25, x6
 9966	adc	x24, x24, xzr
 9967	#  Add high product results in
 9968	adds	x21, x21, x27
 9969	adcs	x22, x22, x4
 9970	adcs	x23, x23, x5
 9971	adc	x24, x24, x6
 9972	sub	x2, x2, #32
 9973	add	x1, x0, #32
 9974	add	x0, x0, #32
 9975	# Multiply
 9976	ldp	x16, x17, [x2]
 9977	ldp	x19, x20, [x2, #16]
 9978	# A[0] * B[0]
 9979	umulh	x5, x12, x16
 9980	mul	x4, x12, x16
 9981	# A[2] * B[0]
 9982	umulh	x7, x14, x16
 9983	mul	x6, x14, x16
 9984	# A[1] * B[0]
 9985	mul	x25, x13, x16
 9986	adds	x5, x5, x25
 9987	umulh	x26, x13, x16
 9988	adcs	x6, x6, x26
 9989	# A[1] * B[3]
 9990	umulh	x9, x13, x20
 9991	adc	x7, x7, xzr
 9992	mul	x8, x13, x20
 9993	# A[0] * B[1]
 9994	mul	x25, x12, x17
 9995	adds	x5, x5, x25
 9996	umulh	x26, x12, x17
 9997	adcs	x6, x6, x26
 9998	# A[2] * B[1]
 9999	mul	x25, x14, x17
10000	adcs	x7, x7, x25
10001	umulh	x26, x14, x17
10002	adcs	x8, x8, x26
10003	adc	x9, x9, xzr
10004	# A[1] * B[2]
10005	mul	x25, x13, x19
10006	adds	x7, x7, x25
10007	umulh	x26, x13, x19
10008	adcs	x8, x8, x26
10009	adcs	x9, x9, xzr
10010	adc	x10, xzr, xzr
10011	# A[0] * B[2]
10012	mul	x25, x12, x19
10013	adds	x6, x6, x25
10014	umulh	x26, x12, x19
10015	adcs	x7, x7, x26
10016	adcs	x8, x8, xzr
10017	adcs	x9, x9, xzr
10018	adc	x10, x10, xzr
10019	# A[1] * B[1]
10020	mul	x25, x13, x17
10021	adds	x6, x6, x25
10022	umulh	x26, x13, x17
10023	adcs	x7, x7, x26
10024	# A[3] * B[1]
10025	mul	x25, x15, x17
10026	adcs	x8, x8, x25
10027	umulh	x26, x15, x17
10028	adcs	x9, x9, x26
10029	adc	x10, x10, xzr
10030	# A[2] * B[2]
10031	mul	x25, x14, x19
10032	adds	x8, x8, x25
10033	umulh	x26, x14, x19
10034	adcs	x9, x9, x26
10035	# A[3] * B[3]
10036	mul	x25, x15, x20
10037	adcs	x10, x10, x25
10038	umulh	x11, x15, x20
10039	adc	x11, x11, xzr
10040	# A[0] * B[3]
10041	mul	x25, x12, x20
10042	adds	x7, x7, x25
10043	umulh	x26, x12, x20
10044	adcs	x8, x8, x26
10045	# A[2] * B[3]
10046	mul	x25, x14, x20
10047	adcs	x9, x9, x25
10048	umulh	x26, x14, x20
10049	adcs	x10, x10, x26
10050	adc	x11, x11, xzr
10051	# A[3] * B[0]
10052	mul	x25, x15, x16
10053	adds	x7, x7, x25
10054	umulh	x26, x15, x16
10055	adcs	x8, x8, x26
10056	# A[3] * B[2]
10057	mul	x25, x15, x19
10058	adcs	x9, x9, x25
10059	umulh	x26, x15, x19
10060	adcs	x10, x10, x26
10061	adc	x11, x11, xzr
10062	# Reduce
10063	mov	x25, #38
10064	mul	x26, x25, x11
10065	adds	x7, x7, x26
10066	umulh	x27, x25, x11
10067	adc	x27, x27, xzr
10068	mov	x25, #19
10069	extr	x27, x27, x7, #63
10070	mul	x27, x27, x25
10071	and	x7, x7, #0x7fffffffffffffff
10072	mov	x25, #38
10073	mul	x26, x25, x8
10074	adds	x4, x4, x26
10075	umulh	x8, x25, x8
10076	mul	x26, x25, x9
10077	adcs	x5, x5, x26
10078	umulh	x9, x25, x9
10079	mul	x26, x25, x10
10080	adcs	x6, x6, x26
10081	umulh	x10, x25, x10
10082	adc	x7, x7, xzr
10083	#  Add high product results in
10084	adds	x4, x4, x27
10085	adcs	x5, x5, x8
10086	adcs	x6, x6, x9
10087	adc	x7, x7, x10
10088	mov	x3, x0
10089	sub	x2, x0, #32
10090	sub	x1, x0, #32
10091	# Add
10092	adds	x8, x21, x4
10093	adcs	x9, x22, x5
10094	adcs	x10, x23, x6
10095	adcs	x11, x24, x7
10096	cset	x28, cs
10097	mov	x25, #19
10098	extr	x28, x28, x11, #63
10099	mul	x25, x28, x25
10100	#   Sub modulus (if overflow)
10101	adds	x8, x8, x25
10102	adcs	x9, x9, xzr
10103	and	x11, x11, #0x7fffffffffffffff
10104	adcs	x10, x10, xzr
10105	adc	x11, x11, xzr
10106	# Sub
10107	subs	x12, x21, x4
10108	sbcs	x13, x22, x5
10109	sbcs	x14, x23, x6
10110	sbcs	x15, x24, x7
10111	csetm	x28, cc
10112	mov	x25, #-19
10113	extr	x28, x28, x15, #63
10114	mul	x25, x28, x25
10115	#   Add modulus (if underflow)
10116	subs	x12, x12, x25
10117	sbcs	x13, x13, xzr
10118	and	x15, x15, #0x7fffffffffffffff
10119	sbcs	x14, x14, xzr
10120	sbc	x15, x15, xzr
10121	stp	x8, x9, [x0]
10122	stp	x10, x11, [x0, #16]
10123	stp	x12, x13, [x1]
10124	stp	x14, x15, [x1, #16]
10125	ldr	x1, [x29, #24]
10126	ldr	x2, [x29, #32]
10127	add	x2, x2, #0x40
10128	add	x1, x1, #0x60
10129	add	x0, x0, #0x40
10130	# Multiply
10131	ldp	x21, x22, [x1]
10132	ldp	x23, x24, [x1, #16]
10133	ldp	x4, x5, [x2]
10134	ldp	x6, x7, [x2, #16]
10135	# A[0] * B[0]
10136	umulh	x17, x21, x4
10137	mul	x16, x21, x4
10138	# A[2] * B[0]
10139	umulh	x20, x23, x4
10140	mul	x19, x23, x4
10141	# A[1] * B[0]
10142	mul	x25, x22, x4
10143	adds	x17, x17, x25
10144	umulh	x26, x22, x4
10145	adcs	x19, x19, x26
10146	# A[1] * B[3]
10147	umulh	x9, x22, x7
10148	adc	x20, x20, xzr
10149	mul	x8, x22, x7
10150	# A[0] * B[1]
10151	mul	x25, x21, x5
10152	adds	x17, x17, x25
10153	umulh	x26, x21, x5
10154	adcs	x19, x19, x26
10155	# A[2] * B[1]
10156	mul	x25, x23, x5
10157	adcs	x20, x20, x25
10158	umulh	x26, x23, x5
10159	adcs	x8, x8, x26
10160	adc	x9, x9, xzr
10161	# A[1] * B[2]
10162	mul	x25, x22, x6
10163	adds	x20, x20, x25
10164	umulh	x26, x22, x6
10165	adcs	x8, x8, x26
10166	adcs	x9, x9, xzr
10167	adc	x10, xzr, xzr
10168	# A[0] * B[2]
10169	mul	x25, x21, x6
10170	adds	x19, x19, x25
10171	umulh	x26, x21, x6
10172	adcs	x20, x20, x26
10173	adcs	x8, x8, xzr
10174	adcs	x9, x9, xzr
10175	adc	x10, x10, xzr
10176	# A[1] * B[1]
10177	mul	x25, x22, x5
10178	adds	x19, x19, x25
10179	umulh	x26, x22, x5
10180	adcs	x20, x20, x26
10181	# A[3] * B[1]
10182	mul	x25, x24, x5
10183	adcs	x8, x8, x25
10184	umulh	x26, x24, x5
10185	adcs	x9, x9, x26
10186	adc	x10, x10, xzr
10187	# A[2] * B[2]
10188	mul	x25, x23, x6
10189	adds	x8, x8, x25
10190	umulh	x26, x23, x6
10191	adcs	x9, x9, x26
10192	# A[3] * B[3]
10193	mul	x25, x24, x7
10194	adcs	x10, x10, x25
10195	umulh	x11, x24, x7
10196	adc	x11, x11, xzr
10197	# A[0] * B[3]
10198	mul	x25, x21, x7
10199	adds	x20, x20, x25
10200	umulh	x26, x21, x7
10201	adcs	x8, x8, x26
10202	# A[2] * B[3]
10203	mul	x25, x23, x7
10204	adcs	x9, x9, x25
10205	umulh	x26, x23, x7
10206	adcs	x10, x10, x26
10207	adc	x11, x11, xzr
10208	# A[3] * B[0]
10209	mul	x25, x24, x4
10210	adds	x20, x20, x25
10211	umulh	x26, x24, x4
10212	adcs	x8, x8, x26
10213	# A[3] * B[2]
10214	mul	x25, x24, x6
10215	adcs	x9, x9, x25
10216	umulh	x26, x24, x6
10217	adcs	x10, x10, x26
10218	adc	x11, x11, xzr
10219	# Reduce
10220	mov	x25, #38
10221	mul	x26, x25, x11
10222	adds	x20, x20, x26
10223	umulh	x27, x25, x11
10224	adc	x27, x27, xzr
10225	mov	x25, #19
10226	extr	x27, x27, x20, #63
10227	mul	x27, x27, x25
10228	and	x20, x20, #0x7fffffffffffffff
10229	mov	x25, #38
10230	mul	x26, x25, x8
10231	adds	x16, x16, x26
10232	umulh	x8, x25, x8
10233	mul	x26, x25, x9
10234	adcs	x17, x17, x26
10235	umulh	x9, x25, x9
10236	mul	x26, x25, x10
10237	adcs	x19, x19, x26
10238	umulh	x10, x25, x10
10239	adc	x20, x20, xzr
10240	#  Add high product results in
10241	adds	x16, x16, x27
10242	adcs	x17, x17, x8
10243	adcs	x19, x19, x9
10244	adc	x20, x20, x10
10245	sub	x1, x1, #32
10246	# Double
10247	ldp	x12, x13, [x1]
10248	ldp	x14, x15, [x1, #16]
10249	adds	x12, x12, x12
10250	adcs	x13, x13, x13
10251	adcs	x14, x14, x14
10252	adc	x15, x15, x15
10253	mov	x25, #-19
10254	asr	x28, x15, #63
10255	#   Mask the modulus
10256	and	x25, x28, x25
10257	and	x26, x28, #0x7fffffffffffffff
10258	#   Sub modulus (if overflow)
10259	subs	x12, x12, x25
10260	sbcs	x13, x13, x28
10261	sbcs	x14, x14, x28
10262	sbc	x15, x15, x26
10263	mov	x3, x0
10264	sub	x2, x0, #32
10265	sub	x1, x0, #32
10266	# Add
10267	adds	x8, x12, x16
10268	adcs	x9, x13, x17
10269	adcs	x10, x14, x19
10270	adcs	x11, x15, x20
10271	cset	x28, cs
10272	mov	x25, #19
10273	extr	x28, x28, x11, #63
10274	mul	x25, x28, x25
10275	#   Sub modulus (if overflow)
10276	adds	x8, x8, x25
10277	adcs	x9, x9, xzr
10278	and	x11, x11, #0x7fffffffffffffff
10279	adcs	x10, x10, xzr
10280	adc	x11, x11, xzr
10281	# Sub
10282	subs	x4, x12, x16
10283	sbcs	x5, x13, x17
10284	sbcs	x6, x14, x19
10285	sbcs	x7, x15, x20
10286	csetm	x28, cc
10287	mov	x25, #-19
10288	extr	x28, x28, x7, #63
10289	mul	x25, x28, x25
10290	#   Add modulus (if underflow)
10291	subs	x4, x4, x25
10292	sbcs	x5, x5, xzr
10293	and	x7, x7, #0x7fffffffffffffff
10294	sbcs	x6, x6, xzr
10295	sbc	x7, x7, xzr
10296	stp	x8, x9, [x0]
10297	stp	x10, x11, [x0, #16]
10298	stp	x4, x5, [x1]
10299	stp	x6, x7, [x1, #16]
10300	ldp	x17, x19, [x29, #56]
10301	ldp	x20, x21, [x29, #72]
10302	ldp	x22, x23, [x29, #88]
10303	ldp	x24, x25, [x29, #104]
10304	ldp	x26, x27, [x29, #120]
10305	ldr	x28, [x29, #136]
10306	ldp	x29, x30, [sp], #0x90
10307	ret
10308#ifndef __APPLE__
10309	.size	ge_msub,.-ge_msub
10310#endif /* __APPLE__ */
10311#ifndef __APPLE__
10312.text
10313.globl	ge_add
10314.type	ge_add,@function
10315.align	2
10316ge_add:
10317#else
10318.section	__TEXT,__text
10319.globl	_ge_add
10320.p2align	2
10321_ge_add:
10322#endif /* __APPLE__ */
10323	stp	x29, x30, [sp, #-144]!
10324	add	x29, sp, #0
10325	stp	x17, x19, [x29, #56]
10326	stp	x20, x21, [x29, #72]
10327	stp	x22, x23, [x29, #88]
10328	stp	x24, x25, [x29, #104]
10329	stp	x26, x27, [x29, #120]
10330	str	x28, [x29, #136]
10331	str	x0, [x29, #16]
10332	str	x1, [x29, #24]
10333	str	x2, [x29, #32]
10334	mov	x3, x1
10335	add	x2, x1, #32
10336	add	x1, x0, #32
10337	# Add
10338	ldp	x8, x9, [x2]
10339	ldp	x10, x11, [x2, #16]
10340	ldp	x4, x5, [x3]
10341	ldp	x6, x7, [x3, #16]
10342	adds	x16, x8, x4
10343	adcs	x17, x9, x5
10344	adcs	x19, x10, x6
10345	adcs	x20, x11, x7
10346	cset	x28, cs
10347	mov	x25, #19
10348	extr	x28, x28, x20, #63
10349	mul	x25, x28, x25
10350	#   Sub modulus (if overflow)
10351	adds	x16, x16, x25
10352	adcs	x17, x17, xzr
10353	and	x20, x20, #0x7fffffffffffffff
10354	adcs	x19, x19, xzr
10355	adc	x20, x20, xzr
10356	# Sub
10357	subs	x12, x8, x4
10358	sbcs	x13, x9, x5
10359	sbcs	x14, x10, x6
10360	sbcs	x15, x11, x7
10361	csetm	x28, cc
10362	mov	x25, #-19
10363	extr	x28, x28, x15, #63
10364	mul	x25, x28, x25
10365	#   Add modulus (if underflow)
10366	subs	x12, x12, x25
10367	sbcs	x13, x13, xzr
10368	and	x15, x15, #0x7fffffffffffffff
10369	sbcs	x14, x14, xzr
10370	sbc	x15, x15, xzr
10371	ldr	x2, [x29, #32]
10372	mov	x1, x0
10373	# Multiply
10374	ldp	x8, x9, [x2]
10375	ldp	x10, x11, [x2, #16]
10376	# A[0] * B[0]
10377	umulh	x22, x16, x8
10378	mul	x21, x16, x8
10379	# A[2] * B[0]
10380	umulh	x24, x19, x8
10381	mul	x23, x19, x8
10382	# A[1] * B[0]
10383	mul	x25, x17, x8
10384	adds	x22, x22, x25
10385	umulh	x26, x17, x8
10386	adcs	x23, x23, x26
10387	# A[1] * B[3]
10388	umulh	x5, x17, x11
10389	adc	x24, x24, xzr
10390	mul	x4, x17, x11
10391	# A[0] * B[1]
10392	mul	x25, x16, x9
10393	adds	x22, x22, x25
10394	umulh	x26, x16, x9
10395	adcs	x23, x23, x26
10396	# A[2] * B[1]
10397	mul	x25, x19, x9
10398	adcs	x24, x24, x25
10399	umulh	x26, x19, x9
10400	adcs	x4, x4, x26
10401	adc	x5, x5, xzr
10402	# A[1] * B[2]
10403	mul	x25, x17, x10
10404	adds	x24, x24, x25
10405	umulh	x26, x17, x10
10406	adcs	x4, x4, x26
10407	adcs	x5, x5, xzr
10408	adc	x6, xzr, xzr
10409	# A[0] * B[2]
10410	mul	x25, x16, x10
10411	adds	x23, x23, x25
10412	umulh	x26, x16, x10
10413	adcs	x24, x24, x26
10414	adcs	x4, x4, xzr
10415	adcs	x5, x5, xzr
10416	adc	x6, x6, xzr
10417	# A[1] * B[1]
10418	mul	x25, x17, x9
10419	adds	x23, x23, x25
10420	umulh	x26, x17, x9
10421	adcs	x24, x24, x26
10422	# A[3] * B[1]
10423	mul	x25, x20, x9
10424	adcs	x4, x4, x25
10425	umulh	x26, x20, x9
10426	adcs	x5, x5, x26
10427	adc	x6, x6, xzr
10428	# A[2] * B[2]
10429	mul	x25, x19, x10
10430	adds	x4, x4, x25
10431	umulh	x26, x19, x10
10432	adcs	x5, x5, x26
10433	# A[3] * B[3]
10434	mul	x25, x20, x11
10435	adcs	x6, x6, x25
10436	umulh	x7, x20, x11
10437	adc	x7, x7, xzr
10438	# A[0] * B[3]
10439	mul	x25, x16, x11
10440	adds	x24, x24, x25
10441	umulh	x26, x16, x11
10442	adcs	x4, x4, x26
10443	# A[2] * B[3]
10444	mul	x25, x19, x11
10445	adcs	x5, x5, x25
10446	umulh	x26, x19, x11
10447	adcs	x6, x6, x26
10448	adc	x7, x7, xzr
10449	# A[3] * B[0]
10450	mul	x25, x20, x8
10451	adds	x24, x24, x25
10452	umulh	x26, x20, x8
10453	adcs	x4, x4, x26
10454	# A[3] * B[2]
10455	mul	x25, x20, x10
10456	adcs	x5, x5, x25
10457	umulh	x26, x20, x10
10458	adcs	x6, x6, x26
10459	adc	x7, x7, xzr
10460	# Reduce
10461	mov	x25, #38
10462	mul	x26, x25, x7
10463	adds	x24, x24, x26
10464	umulh	x27, x25, x7
10465	adc	x27, x27, xzr
10466	mov	x25, #19
10467	extr	x27, x27, x24, #63
10468	mul	x27, x27, x25
10469	and	x24, x24, #0x7fffffffffffffff
10470	mov	x25, #38
10471	mul	x26, x25, x4
10472	adds	x21, x21, x26
10473	umulh	x4, x25, x4
10474	mul	x26, x25, x5
10475	adcs	x22, x22, x26
10476	umulh	x5, x25, x5
10477	mul	x26, x25, x6
10478	adcs	x23, x23, x26
10479	umulh	x6, x25, x6
10480	adc	x24, x24, xzr
10481	#  Add high product results in
10482	adds	x21, x21, x27
10483	adcs	x22, x22, x4
10484	adcs	x23, x23, x5
10485	adc	x24, x24, x6
10486	# Store
10487	stp	x21, x22, [x0]
10488	stp	x23, x24, [x0, #16]
10489	add	x2, x2, #32
10490	add	x1, x0, #32
10491	add	x0, x0, #32
10492	# Multiply
10493	ldp	x16, x17, [x2]
10494	ldp	x19, x20, [x2, #16]
10495	# A[0] * B[0]
10496	umulh	x5, x12, x16
10497	mul	x4, x12, x16
10498	# A[2] * B[0]
10499	umulh	x7, x14, x16
10500	mul	x6, x14, x16
10501	# A[1] * B[0]
10502	mul	x25, x13, x16
10503	adds	x5, x5, x25
10504	umulh	x26, x13, x16
10505	adcs	x6, x6, x26
10506	# A[1] * B[3]
10507	umulh	x9, x13, x20
10508	adc	x7, x7, xzr
10509	mul	x8, x13, x20
10510	# A[0] * B[1]
10511	mul	x25, x12, x17
10512	adds	x5, x5, x25
10513	umulh	x26, x12, x17
10514	adcs	x6, x6, x26
10515	# A[2] * B[1]
10516	mul	x25, x14, x17
10517	adcs	x7, x7, x25
10518	umulh	x26, x14, x17
10519	adcs	x8, x8, x26
10520	adc	x9, x9, xzr
10521	# A[1] * B[2]
10522	mul	x25, x13, x19
10523	adds	x7, x7, x25
10524	umulh	x26, x13, x19
10525	adcs	x8, x8, x26
10526	adcs	x9, x9, xzr
10527	adc	x10, xzr, xzr
10528	# A[0] * B[2]
10529	mul	x25, x12, x19
10530	adds	x6, x6, x25
10531	umulh	x26, x12, x19
10532	adcs	x7, x7, x26
10533	adcs	x8, x8, xzr
10534	adcs	x9, x9, xzr
10535	adc	x10, x10, xzr
10536	# A[1] * B[1]
10537	mul	x25, x13, x17
10538	adds	x6, x6, x25
10539	umulh	x26, x13, x17
10540	adcs	x7, x7, x26
10541	# A[3] * B[1]
10542	mul	x25, x15, x17
10543	adcs	x8, x8, x25
10544	umulh	x26, x15, x17
10545	adcs	x9, x9, x26
10546	adc	x10, x10, xzr
10547	# A[2] * B[2]
10548	mul	x25, x14, x19
10549	adds	x8, x8, x25
10550	umulh	x26, x14, x19
10551	adcs	x9, x9, x26
10552	# A[3] * B[3]
10553	mul	x25, x15, x20
10554	adcs	x10, x10, x25
10555	umulh	x11, x15, x20
10556	adc	x11, x11, xzr
10557	# A[0] * B[3]
10558	mul	x25, x12, x20
10559	adds	x7, x7, x25
10560	umulh	x26, x12, x20
10561	adcs	x8, x8, x26
10562	# A[2] * B[3]
10563	mul	x25, x14, x20
10564	adcs	x9, x9, x25
10565	umulh	x26, x14, x20
10566	adcs	x10, x10, x26
10567	adc	x11, x11, xzr
10568	# A[3] * B[0]
10569	mul	x25, x15, x16
10570	adds	x7, x7, x25
10571	umulh	x26, x15, x16
10572	adcs	x8, x8, x26
10573	# A[3] * B[2]
10574	mul	x25, x15, x19
10575	adcs	x9, x9, x25
10576	umulh	x26, x15, x19
10577	adcs	x10, x10, x26
10578	adc	x11, x11, xzr
10579	# Reduce
10580	mov	x25, #38
10581	mul	x26, x25, x11
10582	adds	x7, x7, x26
10583	umulh	x27, x25, x11
10584	adc	x27, x27, xzr
10585	mov	x25, #19
10586	extr	x27, x27, x7, #63
10587	mul	x27, x27, x25
10588	and	x7, x7, #0x7fffffffffffffff
10589	mov	x25, #38
10590	mul	x26, x25, x8
10591	adds	x4, x4, x26
10592	umulh	x8, x25, x8
10593	mul	x26, x25, x9
10594	adcs	x5, x5, x26
10595	umulh	x9, x25, x9
10596	mul	x26, x25, x10
10597	adcs	x6, x6, x26
10598	umulh	x10, x25, x10
10599	adc	x7, x7, xzr
10600	#  Add high product results in
10601	adds	x4, x4, x27
10602	adcs	x5, x5, x8
10603	adcs	x6, x6, x9
10604	adc	x7, x7, x10
10605	# Store
10606	stp	x4, x5, [x0]
10607	stp	x6, x7, [x0, #16]
10608	mov	x3, x0
10609	sub	x2, x0, #32
10610	sub	x1, x0, #32
10611	# Add
10612	adds	x8, x21, x4
10613	adcs	x9, x22, x5
10614	adcs	x10, x23, x6
10615	adcs	x11, x24, x7
10616	cset	x28, cs
10617	mov	x25, #19
10618	extr	x28, x28, x11, #63
10619	mul	x25, x28, x25
10620	#   Sub modulus (if overflow)
10621	adds	x8, x8, x25
10622	adcs	x9, x9, xzr
10623	and	x11, x11, #0x7fffffffffffffff
10624	adcs	x10, x10, xzr
10625	adc	x11, x11, xzr
10626	# Sub
10627	subs	x12, x21, x4
10628	sbcs	x13, x22, x5
10629	sbcs	x14, x23, x6
10630	sbcs	x15, x24, x7
10631	csetm	x28, cc
10632	mov	x25, #-19
10633	extr	x28, x28, x15, #63
10634	mul	x25, x28, x25
10635	#   Add modulus (if underflow)
10636	subs	x12, x12, x25
10637	sbcs	x13, x13, xzr
10638	and	x15, x15, #0x7fffffffffffffff
10639	sbcs	x14, x14, xzr
10640	sbc	x15, x15, xzr
10641	stp	x8, x9, [x0]
10642	stp	x10, x11, [x0, #16]
10643	stp	x12, x13, [x1]
10644	stp	x14, x15, [x1, #16]
10645	ldr	x1, [x29, #24]
10646	ldr	x2, [x29, #32]
10647	add	x2, x2, #0x60
10648	add	x1, x1, #0x60
10649	add	x0, x0, #0x40
10650	# Multiply
10651	ldp	x21, x22, [x1]
10652	ldp	x23, x24, [x1, #16]
10653	ldp	x4, x5, [x2]
10654	ldp	x6, x7, [x2, #16]
10655	# A[0] * B[0]
10656	umulh	x17, x21, x4
10657	mul	x16, x21, x4
10658	# A[2] * B[0]
10659	umulh	x20, x23, x4
10660	mul	x19, x23, x4
10661	# A[1] * B[0]
10662	mul	x25, x22, x4
10663	adds	x17, x17, x25
10664	umulh	x26, x22, x4
10665	adcs	x19, x19, x26
10666	# A[1] * B[3]
10667	umulh	x9, x22, x7
10668	adc	x20, x20, xzr
10669	mul	x8, x22, x7
10670	# A[0] * B[1]
10671	mul	x25, x21, x5
10672	adds	x17, x17, x25
10673	umulh	x26, x21, x5
10674	adcs	x19, x19, x26
10675	# A[2] * B[1]
10676	mul	x25, x23, x5
10677	adcs	x20, x20, x25
10678	umulh	x26, x23, x5
10679	adcs	x8, x8, x26
10680	adc	x9, x9, xzr
10681	# A[1] * B[2]
10682	mul	x25, x22, x6
10683	adds	x20, x20, x25
10684	umulh	x26, x22, x6
10685	adcs	x8, x8, x26
10686	adcs	x9, x9, xzr
10687	adc	x10, xzr, xzr
10688	# A[0] * B[2]
10689	mul	x25, x21, x6
10690	adds	x19, x19, x25
10691	umulh	x26, x21, x6
10692	adcs	x20, x20, x26
10693	adcs	x8, x8, xzr
10694	adcs	x9, x9, xzr
10695	adc	x10, x10, xzr
10696	# A[1] * B[1]
10697	mul	x25, x22, x5
10698	adds	x19, x19, x25
10699	umulh	x26, x22, x5
10700	adcs	x20, x20, x26
10701	# A[3] * B[1]
10702	mul	x25, x24, x5
10703	adcs	x8, x8, x25
10704	umulh	x26, x24, x5
10705	adcs	x9, x9, x26
10706	adc	x10, x10, xzr
10707	# A[2] * B[2]
10708	mul	x25, x23, x6
10709	adds	x8, x8, x25
10710	umulh	x26, x23, x6
10711	adcs	x9, x9, x26
10712	# A[3] * B[3]
10713	mul	x25, x24, x7
10714	adcs	x10, x10, x25
10715	umulh	x11, x24, x7
10716	adc	x11, x11, xzr
10717	# A[0] * B[3]
10718	mul	x25, x21, x7
10719	adds	x20, x20, x25
10720	umulh	x26, x21, x7
10721	adcs	x8, x8, x26
10722	# A[2] * B[3]
10723	mul	x25, x23, x7
10724	adcs	x9, x9, x25
10725	umulh	x26, x23, x7
10726	adcs	x10, x10, x26
10727	adc	x11, x11, xzr
10728	# A[3] * B[0]
10729	mul	x25, x24, x4
10730	adds	x20, x20, x25
10731	umulh	x26, x24, x4
10732	adcs	x8, x8, x26
10733	# A[3] * B[2]
10734	mul	x25, x24, x6
10735	adcs	x9, x9, x25
10736	umulh	x26, x24, x6
10737	adcs	x10, x10, x26
10738	adc	x11, x11, xzr
10739	# Reduce
10740	mov	x25, #38
10741	mul	x26, x25, x11
10742	adds	x20, x20, x26
10743	umulh	x27, x25, x11
10744	adc	x27, x27, xzr
10745	mov	x25, #19
10746	extr	x27, x27, x20, #63
10747	mul	x27, x27, x25
10748	and	x20, x20, #0x7fffffffffffffff
10749	mov	x25, #38
10750	mul	x26, x25, x8
10751	adds	x16, x16, x26
10752	umulh	x8, x25, x8
10753	mul	x26, x25, x9
10754	adcs	x17, x17, x26
10755	umulh	x9, x25, x9
10756	mul	x26, x25, x10
10757	adcs	x19, x19, x26
10758	umulh	x10, x25, x10
10759	adc	x20, x20, xzr
10760	#  Add high product results in
10761	adds	x16, x16, x27
10762	adcs	x17, x17, x8
10763	adcs	x19, x19, x9
10764	adc	x20, x20, x10
10765	# Store
10766	stp	x16, x17, [x0]
10767	stp	x19, x20, [x0, #16]
10768	sub	x3, x2, #32
10769	sub	x2, x1, #32
10770	sub	x1, x0, #32
10771	# Multiply
10772	ldp	x4, x5, [x2]
10773	ldp	x6, x7, [x2, #16]
10774	ldp	x12, x13, [x3]
10775	ldp	x14, x15, [x3, #16]
10776	# A[0] * B[0]
10777	umulh	x9, x4, x12
10778	mul	x8, x4, x12
10779	# A[2] * B[0]
10780	umulh	x11, x6, x12
10781	mul	x10, x6, x12
10782	# A[1] * B[0]
10783	mul	x25, x5, x12
10784	adds	x9, x9, x25
10785	umulh	x26, x5, x12
10786	adcs	x10, x10, x26
10787	# A[1] * B[3]
10788	umulh	x17, x5, x15
10789	adc	x11, x11, xzr
10790	mul	x16, x5, x15
10791	# A[0] * B[1]
10792	mul	x25, x4, x13
10793	adds	x9, x9, x25
10794	umulh	x26, x4, x13
10795	adcs	x10, x10, x26
10796	# A[2] * B[1]
10797	mul	x25, x6, x13
10798	adcs	x11, x11, x25
10799	umulh	x26, x6, x13
10800	adcs	x16, x16, x26
10801	adc	x17, x17, xzr
10802	# A[1] * B[2]
10803	mul	x25, x5, x14
10804	adds	x11, x11, x25
10805	umulh	x26, x5, x14
10806	adcs	x16, x16, x26
10807	adcs	x17, x17, xzr
10808	adc	x19, xzr, xzr
10809	# A[0] * B[2]
10810	mul	x25, x4, x14
10811	adds	x10, x10, x25
10812	umulh	x26, x4, x14
10813	adcs	x11, x11, x26
10814	adcs	x16, x16, xzr
10815	adcs	x17, x17, xzr
10816	adc	x19, x19, xzr
10817	# A[1] * B[1]
10818	mul	x25, x5, x13
10819	adds	x10, x10, x25
10820	umulh	x26, x5, x13
10821	adcs	x11, x11, x26
10822	# A[3] * B[1]
10823	mul	x25, x7, x13
10824	adcs	x16, x16, x25
10825	umulh	x26, x7, x13
10826	adcs	x17, x17, x26
10827	adc	x19, x19, xzr
10828	# A[2] * B[2]
10829	mul	x25, x6, x14
10830	adds	x16, x16, x25
10831	umulh	x26, x6, x14
10832	adcs	x17, x17, x26
10833	# A[3] * B[3]
10834	mul	x25, x7, x15
10835	adcs	x19, x19, x25
10836	umulh	x20, x7, x15
10837	adc	x20, x20, xzr
10838	# A[0] * B[3]
10839	mul	x25, x4, x15
10840	adds	x11, x11, x25
10841	umulh	x26, x4, x15
10842	adcs	x16, x16, x26
10843	# A[2] * B[3]
10844	mul	x25, x6, x15
10845	adcs	x17, x17, x25
10846	umulh	x26, x6, x15
10847	adcs	x19, x19, x26
10848	adc	x20, x20, xzr
10849	# A[3] * B[0]
10850	mul	x25, x7, x12
10851	adds	x11, x11, x25
10852	umulh	x26, x7, x12
10853	adcs	x16, x16, x26
10854	# A[3] * B[2]
10855	mul	x25, x7, x14
10856	adcs	x17, x17, x25
10857	umulh	x26, x7, x14
10858	adcs	x19, x19, x26
10859	adc	x20, x20, xzr
10860	# Reduce
10861	mov	x25, #38
10862	mul	x26, x25, x20
10863	adds	x11, x11, x26
10864	umulh	x27, x25, x20
10865	adc	x27, x27, xzr
10866	mov	x25, #19
10867	extr	x27, x27, x11, #63
10868	mul	x27, x27, x25
10869	and	x11, x11, #0x7fffffffffffffff
10870	mov	x25, #38
10871	mul	x26, x25, x16
10872	adds	x8, x8, x26
10873	umulh	x16, x25, x16
10874	mul	x26, x25, x17
10875	adcs	x9, x9, x26
10876	umulh	x17, x25, x17
10877	mul	x26, x25, x19
10878	adcs	x10, x10, x26
10879	umulh	x19, x25, x19
10880	adc	x11, x11, xzr
10881	#  Add high product results in
10882	adds	x8, x8, x27
10883	adcs	x9, x9, x16
10884	adcs	x10, x10, x17
10885	adc	x11, x11, x19
10886	# Double
10887	adds	x8, x8, x8
10888	adcs	x9, x9, x9
10889	adcs	x10, x10, x10
10890	adc	x11, x11, x11
10891	mov	x25, #-19
10892	asr	x28, x11, #63
10893	#   Mask the modulus
10894	and	x25, x28, x25
10895	and	x26, x28, #0x7fffffffffffffff
10896	#   Sub modulus (if overflow)
10897	subs	x8, x8, x25
10898	sbcs	x9, x9, x28
10899	sbcs	x10, x10, x28
10900	sbc	x11, x11, x26
10901	mov	x3, x0
10902	sub	x2, x0, #32
10903	mov	x1, x0
10904	sub	x0, x0, #32
10905	# Add
10906	ldp	x4, x5, [x3]
10907	ldp	x6, x7, [x3, #16]
10908	adds	x21, x8, x4
10909	adcs	x22, x9, x5
10910	adcs	x23, x10, x6
10911	adcs	x24, x11, x7
10912	cset	x28, cs
10913	mov	x25, #19
10914	extr	x28, x28, x24, #63
10915	mul	x25, x28, x25
10916	#   Sub modulus (if overflow)
10917	adds	x21, x21, x25
10918	adcs	x22, x22, xzr
10919	and	x24, x24, #0x7fffffffffffffff
10920	adcs	x23, x23, xzr
10921	adc	x24, x24, xzr
10922	# Sub
10923	subs	x12, x8, x4
10924	sbcs	x13, x9, x5
10925	sbcs	x14, x10, x6
10926	sbcs	x15, x11, x7
10927	csetm	x28, cc
10928	mov	x25, #-19
10929	extr	x28, x28, x15, #63
10930	mul	x25, x28, x25
10931	#   Add modulus (if underflow)
10932	subs	x12, x12, x25
10933	sbcs	x13, x13, xzr
10934	and	x15, x15, #0x7fffffffffffffff
10935	sbcs	x14, x14, xzr
10936	sbc	x15, x15, xzr
10937	stp	x21, x22, [x0]
10938	stp	x23, x24, [x0, #16]
10939	stp	x12, x13, [x1]
10940	stp	x14, x15, [x1, #16]
10941	ldp	x17, x19, [x29, #56]
10942	ldp	x20, x21, [x29, #72]
10943	ldp	x22, x23, [x29, #88]
10944	ldp	x24, x25, [x29, #104]
10945	ldp	x26, x27, [x29, #120]
10946	ldr	x28, [x29, #136]
10947	ldp	x29, x30, [sp], #0x90
10948	ret
10949#ifndef __APPLE__
10950	.size	ge_add,.-ge_add
10951#endif /* __APPLE__ */
10952#ifndef __APPLE__
10953.text
10954.globl	ge_sub
10955.type	ge_sub,@function
10956.align	2
10957ge_sub:
10958#else
10959.section	__TEXT,__text
10960.globl	_ge_sub
10961.p2align	2
10962_ge_sub:
10963#endif /* __APPLE__ */
10964	stp	x29, x30, [sp, #-144]!
10965	add	x29, sp, #0
10966	stp	x17, x19, [x29, #56]
10967	stp	x20, x21, [x29, #72]
10968	stp	x22, x23, [x29, #88]
10969	stp	x24, x25, [x29, #104]
10970	stp	x26, x27, [x29, #120]
10971	str	x28, [x29, #136]
10972	str	x0, [x29, #16]
10973	str	x1, [x29, #24]
10974	str	x2, [x29, #32]
10975	mov	x3, x1
10976	add	x2, x1, #32
10977	add	x1, x0, #32
10978	# Add
10979	ldp	x8, x9, [x2]
10980	ldp	x10, x11, [x2, #16]
10981	ldp	x4, x5, [x3]
10982	ldp	x6, x7, [x3, #16]
10983	adds	x16, x8, x4
10984	adcs	x17, x9, x5
10985	adcs	x19, x10, x6
10986	adcs	x20, x11, x7
10987	cset	x28, cs
10988	mov	x25, #19
10989	extr	x28, x28, x20, #63
10990	mul	x25, x28, x25
10991	#   Sub modulus (if overflow)
10992	adds	x16, x16, x25
10993	adcs	x17, x17, xzr
10994	and	x20, x20, #0x7fffffffffffffff
10995	adcs	x19, x19, xzr
10996	adc	x20, x20, xzr
10997	# Sub
10998	subs	x12, x8, x4
10999	sbcs	x13, x9, x5
11000	sbcs	x14, x10, x6
11001	sbcs	x15, x11, x7
11002	csetm	x28, cc
11003	mov	x25, #-19
11004	extr	x28, x28, x15, #63
11005	mul	x25, x28, x25
11006	#   Add modulus (if underflow)
11007	subs	x12, x12, x25
11008	sbcs	x13, x13, xzr
11009	and	x15, x15, #0x7fffffffffffffff
11010	sbcs	x14, x14, xzr
11011	sbc	x15, x15, xzr
11012	ldr	x2, [x29, #32]
11013	add	x2, x2, #32
11014	mov	x1, x0
11015	# Multiply
11016	ldp	x8, x9, [x2]
11017	ldp	x10, x11, [x2, #16]
11018	# A[0] * B[0]
11019	umulh	x22, x16, x8
11020	mul	x21, x16, x8
11021	# A[2] * B[0]
11022	umulh	x24, x19, x8
11023	mul	x23, x19, x8
11024	# A[1] * B[0]
11025	mul	x25, x17, x8
11026	adds	x22, x22, x25
11027	umulh	x26, x17, x8
11028	adcs	x23, x23, x26
11029	# A[1] * B[3]
11030	umulh	x5, x17, x11
11031	adc	x24, x24, xzr
11032	mul	x4, x17, x11
11033	# A[0] * B[1]
11034	mul	x25, x16, x9
11035	adds	x22, x22, x25
11036	umulh	x26, x16, x9
11037	adcs	x23, x23, x26
11038	# A[2] * B[1]
11039	mul	x25, x19, x9
11040	adcs	x24, x24, x25
11041	umulh	x26, x19, x9
11042	adcs	x4, x4, x26
11043	adc	x5, x5, xzr
11044	# A[1] * B[2]
11045	mul	x25, x17, x10
11046	adds	x24, x24, x25
11047	umulh	x26, x17, x10
11048	adcs	x4, x4, x26
11049	adcs	x5, x5, xzr
11050	adc	x6, xzr, xzr
11051	# A[0] * B[2]
11052	mul	x25, x16, x10
11053	adds	x23, x23, x25
11054	umulh	x26, x16, x10
11055	adcs	x24, x24, x26
11056	adcs	x4, x4, xzr
11057	adcs	x5, x5, xzr
11058	adc	x6, x6, xzr
11059	# A[1] * B[1]
11060	mul	x25, x17, x9
11061	adds	x23, x23, x25
11062	umulh	x26, x17, x9
11063	adcs	x24, x24, x26
11064	# A[3] * B[1]
11065	mul	x25, x20, x9
11066	adcs	x4, x4, x25
11067	umulh	x26, x20, x9
11068	adcs	x5, x5, x26
11069	adc	x6, x6, xzr
11070	# A[2] * B[2]
11071	mul	x25, x19, x10
11072	adds	x4, x4, x25
11073	umulh	x26, x19, x10
11074	adcs	x5, x5, x26
11075	# A[3] * B[3]
11076	mul	x25, x20, x11
11077	adcs	x6, x6, x25
11078	umulh	x7, x20, x11
11079	adc	x7, x7, xzr
11080	# A[0] * B[3]
11081	mul	x25, x16, x11
11082	adds	x24, x24, x25
11083	umulh	x26, x16, x11
11084	adcs	x4, x4, x26
11085	# A[2] * B[3]
11086	mul	x25, x19, x11
11087	adcs	x5, x5, x25
11088	umulh	x26, x19, x11
11089	adcs	x6, x6, x26
11090	adc	x7, x7, xzr
11091	# A[3] * B[0]
11092	mul	x25, x20, x8
11093	adds	x24, x24, x25
11094	umulh	x26, x20, x8
11095	adcs	x4, x4, x26
11096	# A[3] * B[2]
11097	mul	x25, x20, x10
11098	adcs	x5, x5, x25
11099	umulh	x26, x20, x10
11100	adcs	x6, x6, x26
11101	adc	x7, x7, xzr
11102	# Reduce
11103	mov	x25, #38
11104	mul	x26, x25, x7
11105	adds	x24, x24, x26
11106	umulh	x27, x25, x7
11107	adc	x27, x27, xzr
11108	mov	x25, #19
11109	extr	x27, x27, x24, #63
11110	mul	x27, x27, x25
11111	and	x24, x24, #0x7fffffffffffffff
11112	mov	x25, #38
11113	mul	x26, x25, x4
11114	adds	x21, x21, x26
11115	umulh	x4, x25, x4
11116	mul	x26, x25, x5
11117	adcs	x22, x22, x26
11118	umulh	x5, x25, x5
11119	mul	x26, x25, x6
11120	adcs	x23, x23, x26
11121	umulh	x6, x25, x6
11122	adc	x24, x24, xzr
11123	#  Add high product results in
11124	adds	x21, x21, x27
11125	adcs	x22, x22, x4
11126	adcs	x23, x23, x5
11127	adc	x24, x24, x6
11128	# Reduce if top bit set
11129	mov	x25, #19
11130	and	x26, x25, x24, asr 63
11131	adds	x21, x21, x26
11132	adcs	x22, x22, xzr
11133	and	x24, x24, #0x7fffffffffffffff
11134	adcs	x23, x23, xzr
11135	adc	x24, x24, xzr
11136	# Store
11137	stp	x21, x22, [x0]
11138	stp	x23, x24, [x0, #16]
11139	sub	x2, x2, #32
11140	add	x1, x0, #32
11141	add	x0, x0, #32
11142	# Multiply
11143	ldp	x16, x17, [x2]
11144	ldp	x19, x20, [x2, #16]
11145	# A[0] * B[0]
11146	umulh	x5, x12, x16
11147	mul	x4, x12, x16
11148	# A[2] * B[0]
11149	umulh	x7, x14, x16
11150	mul	x6, x14, x16
11151	# A[1] * B[0]
11152	mul	x25, x13, x16
11153	adds	x5, x5, x25
11154	umulh	x26, x13, x16
11155	adcs	x6, x6, x26
11156	# A[1] * B[3]
11157	umulh	x9, x13, x20
11158	adc	x7, x7, xzr
11159	mul	x8, x13, x20
11160	# A[0] * B[1]
11161	mul	x25, x12, x17
11162	adds	x5, x5, x25
11163	umulh	x26, x12, x17
11164	adcs	x6, x6, x26
11165	# A[2] * B[1]
11166	mul	x25, x14, x17
11167	adcs	x7, x7, x25
11168	umulh	x26, x14, x17
11169	adcs	x8, x8, x26
11170	adc	x9, x9, xzr
11171	# A[1] * B[2]
11172	mul	x25, x13, x19
11173	adds	x7, x7, x25
11174	umulh	x26, x13, x19
11175	adcs	x8, x8, x26
11176	adcs	x9, x9, xzr
11177	adc	x10, xzr, xzr
11178	# A[0] * B[2]
11179	mul	x25, x12, x19
11180	adds	x6, x6, x25
11181	umulh	x26, x12, x19
11182	adcs	x7, x7, x26
11183	adcs	x8, x8, xzr
11184	adcs	x9, x9, xzr
11185	adc	x10, x10, xzr
11186	# A[1] * B[1]
11187	mul	x25, x13, x17
11188	adds	x6, x6, x25
11189	umulh	x26, x13, x17
11190	adcs	x7, x7, x26
11191	# A[3] * B[1]
11192	mul	x25, x15, x17
11193	adcs	x8, x8, x25
11194	umulh	x26, x15, x17
11195	adcs	x9, x9, x26
11196	adc	x10, x10, xzr
11197	# A[2] * B[2]
11198	mul	x25, x14, x19
11199	adds	x8, x8, x25
11200	umulh	x26, x14, x19
11201	adcs	x9, x9, x26
11202	# A[3] * B[3]
11203	mul	x25, x15, x20
11204	adcs	x10, x10, x25
11205	umulh	x11, x15, x20
11206	adc	x11, x11, xzr
11207	# A[0] * B[3]
11208	mul	x25, x12, x20
11209	adds	x7, x7, x25
11210	umulh	x26, x12, x20
11211	adcs	x8, x8, x26
11212	# A[2] * B[3]
11213	mul	x25, x14, x20
11214	adcs	x9, x9, x25
11215	umulh	x26, x14, x20
11216	adcs	x10, x10, x26
11217	adc	x11, x11, xzr
11218	# A[3] * B[0]
11219	mul	x25, x15, x16
11220	adds	x7, x7, x25
11221	umulh	x26, x15, x16
11222	adcs	x8, x8, x26
11223	# A[3] * B[2]
11224	mul	x25, x15, x19
11225	adcs	x9, x9, x25
11226	umulh	x26, x15, x19
11227	adcs	x10, x10, x26
11228	adc	x11, x11, xzr
11229	# Reduce
11230	mov	x25, #38
11231	mul	x26, x25, x11
11232	adds	x7, x7, x26
11233	umulh	x27, x25, x11
11234	adc	x27, x27, xzr
11235	mov	x25, #19
11236	extr	x27, x27, x7, #63
11237	mul	x27, x27, x25
11238	and	x7, x7, #0x7fffffffffffffff
11239	mov	x25, #38
11240	mul	x26, x25, x8
11241	adds	x4, x4, x26
11242	umulh	x8, x25, x8
11243	mul	x26, x25, x9
11244	adcs	x5, x5, x26
11245	umulh	x9, x25, x9
11246	mul	x26, x25, x10
11247	adcs	x6, x6, x26
11248	umulh	x10, x25, x10
11249	adc	x7, x7, xzr
11250	#  Add high product results in
11251	adds	x4, x4, x27
11252	adcs	x5, x5, x8
11253	adcs	x6, x6, x9
11254	adc	x7, x7, x10
11255	# Store
11256	stp	x4, x5, [x0]
11257	stp	x6, x7, [x0, #16]
11258	mov	x3, x0
11259	sub	x2, x0, #32
11260	sub	x1, x0, #32
11261	# Add
11262	adds	x8, x21, x4
11263	adcs	x9, x22, x5
11264	adcs	x10, x23, x6
11265	adcs	x11, x24, x7
11266	cset	x28, cs
11267	mov	x25, #19
11268	extr	x28, x28, x11, #63
11269	mul	x25, x28, x25
11270	#   Sub modulus (if overflow)
11271	adds	x8, x8, x25
11272	adcs	x9, x9, xzr
11273	and	x11, x11, #0x7fffffffffffffff
11274	adcs	x10, x10, xzr
11275	adc	x11, x11, xzr
11276	# Sub
11277	subs	x12, x21, x4
11278	sbcs	x13, x22, x5
11279	sbcs	x14, x23, x6
11280	sbcs	x15, x24, x7
11281	csetm	x28, cc
11282	mov	x25, #-19
11283	extr	x28, x28, x15, #63
11284	mul	x25, x28, x25
11285	#   Add modulus (if underflow)
11286	subs	x12, x12, x25
11287	sbcs	x13, x13, xzr
11288	and	x15, x15, #0x7fffffffffffffff
11289	sbcs	x14, x14, xzr
11290	sbc	x15, x15, xzr
11291	stp	x8, x9, [x0]
11292	stp	x10, x11, [x0, #16]
11293	stp	x12, x13, [x1]
11294	stp	x14, x15, [x1, #16]
11295	ldr	x1, [x29, #24]
11296	ldr	x2, [x29, #32]
11297	add	x2, x2, #0x60
11298	add	x1, x1, #0x60
11299	add	x0, x0, #0x40
11300	# Multiply
11301	ldp	x21, x22, [x1]
11302	ldp	x23, x24, [x1, #16]
11303	ldp	x4, x5, [x2]
11304	ldp	x6, x7, [x2, #16]
11305	# A[0] * B[0]
11306	umulh	x17, x21, x4
11307	mul	x16, x21, x4
11308	# A[2] * B[0]
11309	umulh	x20, x23, x4
11310	mul	x19, x23, x4
11311	# A[1] * B[0]
11312	mul	x25, x22, x4
11313	adds	x17, x17, x25
11314	umulh	x26, x22, x4
11315	adcs	x19, x19, x26
11316	# A[1] * B[3]
11317	umulh	x9, x22, x7
11318	adc	x20, x20, xzr
11319	mul	x8, x22, x7
11320	# A[0] * B[1]
11321	mul	x25, x21, x5
11322	adds	x17, x17, x25
11323	umulh	x26, x21, x5
11324	adcs	x19, x19, x26
11325	# A[2] * B[1]
11326	mul	x25, x23, x5
11327	adcs	x20, x20, x25
11328	umulh	x26, x23, x5
11329	adcs	x8, x8, x26
11330	adc	x9, x9, xzr
11331	# A[1] * B[2]
11332	mul	x25, x22, x6
11333	adds	x20, x20, x25
11334	umulh	x26, x22, x6
11335	adcs	x8, x8, x26
11336	adcs	x9, x9, xzr
11337	adc	x10, xzr, xzr
11338	# A[0] * B[2]
11339	mul	x25, x21, x6
11340	adds	x19, x19, x25
11341	umulh	x26, x21, x6
11342	adcs	x20, x20, x26
11343	adcs	x8, x8, xzr
11344	adcs	x9, x9, xzr
11345	adc	x10, x10, xzr
11346	# A[1] * B[1]
11347	mul	x25, x22, x5
11348	adds	x19, x19, x25
11349	umulh	x26, x22, x5
11350	adcs	x20, x20, x26
11351	# A[3] * B[1]
11352	mul	x25, x24, x5
11353	adcs	x8, x8, x25
11354	umulh	x26, x24, x5
11355	adcs	x9, x9, x26
11356	adc	x10, x10, xzr
11357	# A[2] * B[2]
11358	mul	x25, x23, x6
11359	adds	x8, x8, x25
11360	umulh	x26, x23, x6
11361	adcs	x9, x9, x26
11362	# A[3] * B[3]
11363	mul	x25, x24, x7
11364	adcs	x10, x10, x25
11365	umulh	x11, x24, x7
11366	adc	x11, x11, xzr
11367	# A[0] * B[3]
11368	mul	x25, x21, x7
11369	adds	x20, x20, x25
11370	umulh	x26, x21, x7
11371	adcs	x8, x8, x26
11372	# A[2] * B[3]
11373	mul	x25, x23, x7
11374	adcs	x9, x9, x25
11375	umulh	x26, x23, x7
11376	adcs	x10, x10, x26
11377	adc	x11, x11, xzr
11378	# A[3] * B[0]
11379	mul	x25, x24, x4
11380	adds	x20, x20, x25
11381	umulh	x26, x24, x4
11382	adcs	x8, x8, x26
11383	# A[3] * B[2]
11384	mul	x25, x24, x6
11385	adcs	x9, x9, x25
11386	umulh	x26, x24, x6
11387	adcs	x10, x10, x26
11388	adc	x11, x11, xzr
11389	# Reduce
11390	mov	x25, #38
11391	mul	x26, x25, x11
11392	adds	x20, x20, x26
11393	umulh	x27, x25, x11
11394	adc	x27, x27, xzr
11395	mov	x25, #19
11396	extr	x27, x27, x20, #63
11397	mul	x27, x27, x25
11398	and	x20, x20, #0x7fffffffffffffff
11399	mov	x25, #38
11400	mul	x26, x25, x8
11401	adds	x16, x16, x26
11402	umulh	x8, x25, x8
11403	mul	x26, x25, x9
11404	adcs	x17, x17, x26
11405	umulh	x9, x25, x9
11406	mul	x26, x25, x10
11407	adcs	x19, x19, x26
11408	umulh	x10, x25, x10
11409	adc	x20, x20, xzr
11410	#  Add high product results in
11411	adds	x16, x16, x27
11412	adcs	x17, x17, x8
11413	adcs	x19, x19, x9
11414	adc	x20, x20, x10
11415	# Reduce if top bit set
11416	mov	x25, #19
11417	and	x26, x25, x20, asr 63
11418	adds	x16, x16, x26
11419	adcs	x17, x17, xzr
11420	and	x20, x20, #0x7fffffffffffffff
11421	adcs	x19, x19, xzr
11422	adc	x20, x20, xzr
11423	# Store
11424	stp	x16, x17, [x0]
11425	stp	x19, x20, [x0, #16]
11426	sub	x3, x2, #32
11427	sub	x2, x1, #32
11428	sub	x1, x0, #32
11429	# Multiply
11430	ldp	x4, x5, [x2]
11431	ldp	x6, x7, [x2, #16]
11432	ldp	x12, x13, [x3]
11433	ldp	x14, x15, [x3, #16]
11434	# A[0] * B[0]
11435	umulh	x9, x4, x12
11436	mul	x8, x4, x12
11437	# A[2] * B[0]
11438	umulh	x11, x6, x12
11439	mul	x10, x6, x12
11440	# A[1] * B[0]
11441	mul	x25, x5, x12
11442	adds	x9, x9, x25
11443	umulh	x26, x5, x12
11444	adcs	x10, x10, x26
11445	# A[1] * B[3]
11446	umulh	x17, x5, x15
11447	adc	x11, x11, xzr
11448	mul	x16, x5, x15
11449	# A[0] * B[1]
11450	mul	x25, x4, x13
11451	adds	x9, x9, x25
11452	umulh	x26, x4, x13
11453	adcs	x10, x10, x26
11454	# A[2] * B[1]
11455	mul	x25, x6, x13
11456	adcs	x11, x11, x25
11457	umulh	x26, x6, x13
11458	adcs	x16, x16, x26
11459	adc	x17, x17, xzr
11460	# A[1] * B[2]
11461	mul	x25, x5, x14
11462	adds	x11, x11, x25
11463	umulh	x26, x5, x14
11464	adcs	x16, x16, x26
11465	adcs	x17, x17, xzr
11466	adc	x19, xzr, xzr
11467	# A[0] * B[2]
11468	mul	x25, x4, x14
11469	adds	x10, x10, x25
11470	umulh	x26, x4, x14
11471	adcs	x11, x11, x26
11472	adcs	x16, x16, xzr
11473	adcs	x17, x17, xzr
11474	adc	x19, x19, xzr
11475	# A[1] * B[1]
11476	mul	x25, x5, x13
11477	adds	x10, x10, x25
11478	umulh	x26, x5, x13
11479	adcs	x11, x11, x26
11480	# A[3] * B[1]
11481	mul	x25, x7, x13
11482	adcs	x16, x16, x25
11483	umulh	x26, x7, x13
11484	adcs	x17, x17, x26
11485	adc	x19, x19, xzr
11486	# A[2] * B[2]
11487	mul	x25, x6, x14
11488	adds	x16, x16, x25
11489	umulh	x26, x6, x14
11490	adcs	x17, x17, x26
11491	# A[3] * B[3]
11492	mul	x25, x7, x15
11493	adcs	x19, x19, x25
11494	umulh	x20, x7, x15
11495	adc	x20, x20, xzr
11496	# A[0] * B[3]
11497	mul	x25, x4, x15
11498	adds	x11, x11, x25
11499	umulh	x26, x4, x15
11500	adcs	x16, x16, x26
11501	# A[2] * B[3]
11502	mul	x25, x6, x15
11503	adcs	x17, x17, x25
11504	umulh	x26, x6, x15
11505	adcs	x19, x19, x26
11506	adc	x20, x20, xzr
11507	# A[3] * B[0]
11508	mul	x25, x7, x12
11509	adds	x11, x11, x25
11510	umulh	x26, x7, x12
11511	adcs	x16, x16, x26
11512	# A[3] * B[2]
11513	mul	x25, x7, x14
11514	adcs	x17, x17, x25
11515	umulh	x26, x7, x14
11516	adcs	x19, x19, x26
11517	adc	x20, x20, xzr
11518	# Reduce
11519	mov	x25, #38
11520	mul	x26, x25, x20
11521	adds	x11, x11, x26
11522	umulh	x27, x25, x20
11523	adc	x27, x27, xzr
11524	mov	x25, #19
11525	extr	x27, x27, x11, #63
11526	mul	x27, x27, x25
11527	and	x11, x11, #0x7fffffffffffffff
11528	mov	x25, #38
11529	mul	x26, x25, x16
11530	adds	x8, x8, x26
11531	umulh	x16, x25, x16
11532	mul	x26, x25, x17
11533	adcs	x9, x9, x26
11534	umulh	x17, x25, x17
11535	mul	x26, x25, x19
11536	adcs	x10, x10, x26
11537	umulh	x19, x25, x19
11538	adc	x11, x11, xzr
11539	#  Add high product results in
11540	adds	x8, x8, x27
11541	adcs	x9, x9, x16
11542	adcs	x10, x10, x17
11543	adc	x11, x11, x19
11544	# Double
11545	adds	x8, x8, x8
11546	adcs	x9, x9, x9
11547	adcs	x10, x10, x10
11548	adc	x11, x11, x11
11549	mov	x25, #-19
11550	asr	x28, x11, #63
11551	#   Mask the modulus
11552	and	x25, x28, x25
11553	and	x26, x28, #0x7fffffffffffffff
11554	#   Sub modulus (if overflow)
11555	subs	x8, x8, x25
11556	sbcs	x9, x9, x28
11557	sbcs	x10, x10, x28
11558	sbc	x11, x11, x26
11559	mov	x3, x0
11560	sub	x2, x0, #32
11561	# Add
11562	ldp	x4, x5, [x3]
11563	ldp	x6, x7, [x3, #16]
11564	adds	x12, x8, x4
11565	adcs	x13, x9, x5
11566	adcs	x14, x10, x6
11567	adcs	x15, x11, x7
11568	cset	x28, cs
11569	mov	x25, #19
11570	extr	x28, x28, x15, #63
11571	mul	x25, x28, x25
11572	#   Sub modulus (if overflow)
11573	adds	x12, x12, x25
11574	adcs	x13, x13, xzr
11575	and	x15, x15, #0x7fffffffffffffff
11576	adcs	x14, x14, xzr
11577	adc	x15, x15, xzr
11578	# Sub
11579	subs	x21, x8, x4
11580	sbcs	x22, x9, x5
11581	sbcs	x23, x10, x6
11582	sbcs	x24, x11, x7
11583	csetm	x28, cc
11584	mov	x25, #-19
11585	extr	x28, x28, x24, #63
11586	mul	x25, x28, x25
11587	#   Add modulus (if underflow)
11588	subs	x21, x21, x25
11589	sbcs	x22, x22, xzr
11590	and	x24, x24, #0x7fffffffffffffff
11591	sbcs	x23, x23, xzr
11592	sbc	x24, x24, xzr
11593	stp	x12, x13, [x0]
11594	stp	x14, x15, [x0, #16]
11595	stp	x21, x22, [x1]
11596	stp	x23, x24, [x1, #16]
11597	ldp	x17, x19, [x29, #56]
11598	ldp	x20, x21, [x29, #72]
11599	ldp	x22, x23, [x29, #88]
11600	ldp	x24, x25, [x29, #104]
11601	ldp	x26, x27, [x29, #120]
11602	ldr	x28, [x29, #136]
11603	ldp	x29, x30, [sp], #0x90
11604	ret
11605#ifndef __APPLE__
11606	.size	ge_sub,.-ge_sub
11607#endif /* __APPLE__ */
11608#ifdef HAVE_ED25519
11609#ifndef __APPLE__
11610.text
11611.globl	sc_reduce
11612.type	sc_reduce,@function
11613.align	2
11614sc_reduce:
11615#else
11616.section	__TEXT,__text
11617.globl	_sc_reduce
11618.p2align	2
11619_sc_reduce:
11620#endif /* __APPLE__ */
11621	stp	x29, x30, [sp, #-64]!
11622	add	x29, sp, #0
11623	stp	x17, x19, [x29, #16]
11624	stp	x20, x21, [x29, #32]
11625	stp	x22, x23, [x29, #48]
11626	ldp	x2, x3, [x0]
11627	ldp	x4, x5, [x0, #16]
11628	ldp	x6, x7, [x0, #32]
11629	ldp	x8, x9, [x0, #48]
11630	lsr	x23, x9, #56
11631	lsl	x9, x9, #4
11632	orr	x9, x9, x8, lsr 60
11633	lsl	x8, x8, #4
11634	orr	x8, x8, x7, lsr 60
11635	lsl	x7, x7, #4
11636	orr	x7, x7, x6, lsr 60
11637	lsl	x6, x6, #4
11638	mov	x1, #15
11639	orr	x6, x6, x5, lsr 60
11640	bic	x5, x5, x1, lsl 60
11641	bic	x9, x9, x1, lsl 60
11642	# Add order times bits 504..511
11643	mov	x11, #0x2c13
11644	movk	x11, #0xa30a, lsl 16
11645	movk	x11, #0x9ce5, lsl 32
11646	movk	x11, #0xa7ed, lsl 48
11647	mov	x13, #0x6329
11648	movk	x13, #0x5d08, lsl 16
11649	movk	x13, #0x621, lsl 32
11650	movk	x13, #0xeb21, lsl 48
11651	mul	x10, x23, x11
11652	umulh	x11, x23, x11
11653	mul	x12, x23, x13
11654	umulh	x13, x23, x13
11655	adds	x6, x6, x10
11656	adcs	x7, x7, x11
11657	adcs	x8, x8, xzr
11658	adc	x9, x9, xzr
11659	adds	x7, x7, x12
11660	adcs	x8, x8, x13
11661	adc	x9, x9, xzr
11662	subs	x8, x8, x23
11663	sbc	x9, x9, xzr
11664	# Sub product of top 4 words and order
11665	mov	x1, #0x2c13
11666	movk	x1, #0xa30a, lsl 16
11667	movk	x1, #0x9ce5, lsl 32
11668	movk	x1, #0xa7ed, lsl 48
11669	mul	x10, x6, x1
11670	umulh	x11, x6, x1
11671	mul	x12, x7, x1
11672	umulh	x13, x7, x1
11673	mul	x14, x8, x1
11674	umulh	x15, x8, x1
11675	mul	x16, x9, x1
11676	umulh	x17, x9, x1
11677	adds	x2, x2, x10
11678	adcs	x3, x3, x11
11679	adcs	x4, x4, x14
11680	adcs	x5, x5, x15
11681	adc	x19, xzr, xzr
11682	adds	x3, x3, x12
11683	adcs	x4, x4, x13
11684	adcs	x5, x5, x16
11685	adc	x19, x19, x17
11686	mov	x1, #0x6329
11687	movk	x1, #0x5d08, lsl 16
11688	movk	x1, #0x621, lsl 32
11689	movk	x1, #0xeb21, lsl 48
11690	mul	x10, x6, x1
11691	umulh	x11, x6, x1
11692	mul	x12, x7, x1
11693	umulh	x13, x7, x1
11694	mul	x14, x8, x1
11695	umulh	x15, x8, x1
11696	mul	x16, x9, x1
11697	umulh	x17, x9, x1
11698	adds	x3, x3, x10
11699	adcs	x4, x4, x11
11700	adcs	x5, x5, x14
11701	adcs	x19, x19, x15
11702	adc	x20, xzr, xzr
11703	adds	x4, x4, x12
11704	adcs	x5, x5, x13
11705	adcs	x19, x19, x16
11706	adc	x20, x20, x17
11707	subs	x4, x4, x6
11708	sbcs	x5, x5, x7
11709	sbcs	x6, x19, x8
11710	sbc	x7, x20, x9
11711	asr	x23, x7, #57
11712	#   Conditionally subtract order starting at bit 125
11713	mov	x10, xzr
11714	mov	x13, xzr
11715	mov	x11, #0xba7d
11716	movk	x11, #0x4b9e, lsl 16
11717	movk	x11, #0x4c63, lsl 32
11718	movk	x11, #0xcb02, lsl 48
11719	mov	x12, #0xf39a
11720	movk	x12, #0xd45e, lsl 16
11721	movk	x12, #0xdf3b, lsl 32
11722	movk	x12, #0x29b, lsl 48
11723	movk	x10, #0xa000, lsl 48
11724	movk	x13, #0x200, lsl 48
11725	and	x10, x10, x23
11726	and	x11, x11, x23
11727	and	x12, x12, x23
11728	and	x13, x13, x23
11729	adds	x3, x3, x10
11730	adcs	x4, x4, x11
11731	adcs	x5, x5, x12
11732	adcs	x6, x6, xzr
11733	adc	x7, x7, x13
11734	#   Move bits 252-376 to own registers
11735	lsl	x7, x7, #4
11736	orr	x7, x7, x6, lsr 60
11737	lsl	x6, x6, #4
11738	mov	x23, #15
11739	orr	x6, x6, x5, lsr 60
11740	bic	x5, x5, x23, lsl 60
11741	# Sub product of top 2 words and order
11742	#   * -5812631a5cf5d3ed
11743	mov	x1, #0x2c13
11744	movk	x1, #0xa30a, lsl 16
11745	movk	x1, #0x9ce5, lsl 32
11746	movk	x1, #0xa7ed, lsl 48
11747	mul	x10, x6, x1
11748	umulh	x11, x6, x1
11749	mul	x12, x7, x1
11750	umulh	x13, x7, x1
11751	adds	x2, x2, x10
11752	adcs	x3, x3, x11
11753	adc	x19, xzr, xzr
11754	adds	x3, x3, x12
11755	adc	x19, x19, x13
11756	#   * -14def9dea2f79cd7
11757	mov	x1, #0x6329
11758	movk	x1, #0x5d08, lsl 16
11759	movk	x1, #0x621, lsl 32
11760	movk	x1, #0xeb21, lsl 48
11761	mul	x10, x6, x1
11762	umulh	x11, x6, x1
11763	mul	x12, x7, x1
11764	umulh	x13, x7, x1
11765	adds	x3, x3, x10
11766	adcs	x4, x4, x11
11767	adc	x20, xzr, xzr
11768	adds	x4, x4, x12
11769	adc	x20, x20, x13
11770	#   Add overflows at 2 * 64
11771	mov	x1, #15
11772	bic	x5, x5, x1, lsl 60
11773	adds	x4, x4, x19
11774	adc	x5, x5, x20
11775	#   Subtract top at 2 * 64
11776	subs	x4, x4, x6
11777	sbcs	x5, x5, x7
11778	sbc	x1, x1, x1
11779	#   Conditional sub order
11780	mov	x10, #0xd3ed
11781	movk	x10, #0x5cf5, lsl 16
11782	movk	x10, #0x631a, lsl 32
11783	movk	x10, #0x5812, lsl 48
11784	mov	x11, #0x9cd6
11785	movk	x11, #0xa2f7, lsl 16
11786	movk	x11, #0xf9de, lsl 32
11787	movk	x11, #0x14de, lsl 48
11788	and	x10, x10, x1
11789	and	x11, x11, x1
11790	adds	x2, x2, x10
11791	adcs	x3, x3, x11
11792	and	x1, x1, #0x1000000000000000
11793	adcs	x4, x4, xzr
11794	mov	x23, #15
11795	adc	x5, x5, x1
11796	bic	x5, x5, x23, lsl 60
11797	# Store result
11798	stp	x2, x3, [x0]
11799	stp	x4, x5, [x0, #16]
11800	ldp	x17, x19, [x29, #16]
11801	ldp	x20, x21, [x29, #32]
11802	ldp	x22, x23, [x29, #48]
11803	ldp	x29, x30, [sp], #0x40
11804	ret
11805#ifndef __APPLE__
11806	.size	sc_reduce,.-sc_reduce
11807#endif /* __APPLE__ */
11808#ifndef __APPLE__
11809.text
11810.globl	sc_muladd
11811.type	sc_muladd,@function
11812.align	2
11813sc_muladd:
11814#else
11815.section	__TEXT,__text
11816.globl	_sc_muladd
11817.p2align	2
11818_sc_muladd:
11819#endif /* __APPLE__ */
11820	stp	x29, x30, [sp, #-96]!
11821	add	x29, sp, #0
11822	stp	x17, x19, [x29, #24]
11823	stp	x20, x21, [x29, #40]
11824	stp	x22, x23, [x29, #56]
11825	stp	x24, x25, [x29, #72]
11826	str	x26, [x29, #88]
11827	# Multiply
11828	ldp	x12, x13, [x1]
11829	ldp	x14, x15, [x1, #16]
11830	ldp	x16, x17, [x2]
11831	ldp	x19, x20, [x2, #16]
11832	# A[0] * B[0]
11833	umulh	x5, x12, x16
11834	mul	x4, x12, x16
11835	# A[2] * B[0]
11836	umulh	x7, x14, x16
11837	mul	x6, x14, x16
11838	# A[1] * B[0]
11839	mul	x21, x13, x16
11840	adds	x5, x5, x21
11841	umulh	x22, x13, x16
11842	adcs	x6, x6, x22
11843	# A[1] * B[3]
11844	umulh	x9, x13, x20
11845	adc	x7, x7, xzr
11846	mul	x8, x13, x20
11847	# A[0] * B[1]
11848	mul	x21, x12, x17
11849	adds	x5, x5, x21
11850	umulh	x22, x12, x17
11851	adcs	x6, x6, x22
11852	# A[2] * B[1]
11853	mul	x21, x14, x17
11854	adcs	x7, x7, x21
11855	umulh	x22, x14, x17
11856	adcs	x8, x8, x22
11857	adc	x9, x9, xzr
11858	# A[1] * B[2]
11859	mul	x21, x13, x19
11860	adds	x7, x7, x21
11861	umulh	x22, x13, x19
11862	adcs	x8, x8, x22
11863	adcs	x9, x9, xzr
11864	adc	x10, xzr, xzr
11865	# A[0] * B[2]
11866	mul	x21, x12, x19
11867	adds	x6, x6, x21
11868	umulh	x22, x12, x19
11869	adcs	x7, x7, x22
11870	adcs	x8, x8, xzr
11871	adcs	x9, x9, xzr
11872	adc	x10, x10, xzr
11873	# A[1] * B[1]
11874	mul	x21, x13, x17
11875	adds	x6, x6, x21
11876	umulh	x22, x13, x17
11877	adcs	x7, x7, x22
11878	# A[3] * B[1]
11879	mul	x21, x15, x17
11880	adcs	x8, x8, x21
11881	umulh	x22, x15, x17
11882	adcs	x9, x9, x22
11883	adc	x10, x10, xzr
11884	# A[2] * B[2]
11885	mul	x21, x14, x19
11886	adds	x8, x8, x21
11887	umulh	x22, x14, x19
11888	adcs	x9, x9, x22
11889	# A[3] * B[3]
11890	mul	x21, x15, x20
11891	adcs	x10, x10, x21
11892	umulh	x11, x15, x20
11893	adc	x11, x11, xzr
11894	# A[0] * B[3]
11895	mul	x21, x12, x20
11896	adds	x7, x7, x21
11897	umulh	x22, x12, x20
11898	adcs	x8, x8, x22
11899	# A[2] * B[3]
11900	mul	x21, x14, x20
11901	adcs	x9, x9, x21
11902	umulh	x22, x14, x20
11903	adcs	x10, x10, x22
11904	adc	x11, x11, xzr
11905	# A[3] * B[0]
11906	mul	x21, x15, x16
11907	adds	x7, x7, x21
11908	umulh	x22, x15, x16
11909	adcs	x8, x8, x22
11910	# A[3] * B[2]
11911	mul	x21, x15, x19
11912	adcs	x9, x9, x21
11913	umulh	x22, x15, x19
11914	adcs	x10, x10, x22
11915	adc	x11, x11, xzr
11916	# Add c to a * b
11917	ldp	x12, x13, [x3]
11918	ldp	x14, x15, [x3, #16]
11919	adds	x4, x4, x12
11920	adcs	x5, x5, x13
11921	adcs	x6, x6, x14
11922	adcs	x7, x7, x15
11923	adcs	x8, x8, xzr
11924	adcs	x9, x9, xzr
11925	adcs	x10, x10, xzr
11926	adc	x11, x11, xzr
11927	lsr	x25, x11, #56
11928	lsl	x11, x11, #4
11929	orr	x11, x11, x10, lsr 60
11930	lsl	x10, x10, #4
11931	orr	x10, x10, x9, lsr 60
11932	lsl	x9, x9, #4
11933	orr	x9, x9, x8, lsr 60
11934	lsl	x8, x8, #4
11935	mov	x26, #15
11936	orr	x8, x8, x7, lsr 60
11937	bic	x7, x7, x26, lsl 60
11938	bic	x11, x11, x26, lsl 60
11939	# Add order times bits 504..507
11940	mov	x22, #0x2c13
11941	movk	x22, #0xa30a, lsl 16
11942	movk	x22, #0x9ce5, lsl 32
11943	movk	x22, #0xa7ed, lsl 48
11944	mov	x24, #0x6329
11945	movk	x24, #0x5d08, lsl 16
11946	movk	x24, #0x621, lsl 32
11947	movk	x24, #0xeb21, lsl 48
11948	mul	x21, x25, x22
11949	umulh	x22, x25, x22
11950	mul	x23, x25, x24
11951	umulh	x24, x25, x24
11952	adds	x8, x8, x21
11953	adcs	x9, x9, x22
11954	adcs	x10, x10, xzr
11955	adc	x11, x11, xzr
11956	adds	x9, x9, x23
11957	adcs	x10, x10, x24
11958	adc	x11, x11, xzr
11959	subs	x10, x10, x25
11960	sbc	x11, x11, xzr
11961	# Sub product of top 4 words and order
11962	mov	x26, #0x2c13
11963	movk	x26, #0xa30a, lsl 16
11964	movk	x26, #0x9ce5, lsl 32
11965	movk	x26, #0xa7ed, lsl 48
11966	mul	x16, x8, x26
11967	umulh	x17, x8, x26
11968	mul	x19, x9, x26
11969	umulh	x20, x9, x26
11970	mul	x21, x10, x26
11971	umulh	x22, x10, x26
11972	mul	x23, x11, x26
11973	umulh	x24, x11, x26
11974	adds	x4, x4, x16
11975	adcs	x5, x5, x17
11976	adcs	x6, x6, x21
11977	adcs	x7, x7, x22
11978	adc	x12, xzr, xzr
11979	adds	x5, x5, x19
11980	adcs	x6, x6, x20
11981	adcs	x7, x7, x23
11982	adc	x12, x12, x24
11983	mov	x26, #0x6329
11984	movk	x26, #0x5d08, lsl 16
11985	movk	x26, #0x621, lsl 32
11986	movk	x26, #0xeb21, lsl 48
11987	mul	x16, x8, x26
11988	umulh	x17, x8, x26
11989	mul	x19, x9, x26
11990	umulh	x20, x9, x26
11991	mul	x21, x10, x26
11992	umulh	x22, x10, x26
11993	mul	x23, x11, x26
11994	umulh	x24, x11, x26
11995	adds	x5, x5, x16
11996	adcs	x6, x6, x17
11997	adcs	x7, x7, x21
11998	adcs	x12, x12, x22
11999	adc	x13, xzr, xzr
12000	adds	x6, x6, x19
12001	adcs	x7, x7, x20
12002	adcs	x12, x12, x23
12003	adc	x13, x13, x24
12004	subs	x6, x6, x8
12005	sbcs	x7, x7, x9
12006	sbcs	x8, x12, x10
12007	sbc	x9, x13, x11
12008	asr	x25, x9, #57
12009	#   Conditionally subtract order starting at bit 125
12010	mov	x16, xzr
12011	mov	x20, xzr
12012	mov	x17, #0xba7d
12013	movk	x17, #0x4b9e, lsl 16
12014	movk	x17, #0x4c63, lsl 32
12015	movk	x17, #0xcb02, lsl 48
12016	mov	x19, #0xf39a
12017	movk	x19, #0xd45e, lsl 16
12018	movk	x19, #0xdf3b, lsl 32
12019	movk	x19, #0x29b, lsl 48
12020	movk	x16, #0xa000, lsl 48
12021	movk	x20, #0x200, lsl 48
12022	and	x16, x16, x25
12023	and	x17, x17, x25
12024	and	x19, x19, x25
12025	and	x20, x20, x25
12026	adds	x5, x5, x16
12027	adcs	x6, x6, x17
12028	adcs	x7, x7, x19
12029	adcs	x8, x8, xzr
12030	adc	x9, x9, x20
12031	#   Move bits 252-376 to own registers
12032	lsl	x9, x9, #4
12033	orr	x9, x9, x8, lsr 60
12034	lsl	x8, x8, #4
12035	mov	x25, #15
12036	orr	x8, x8, x7, lsr 60
12037	bic	x7, x7, x25, lsl 60
12038	# Sub product of top 2 words and order
12039	#   * -5812631a5cf5d3ed
12040	mov	x26, #0x2c13
12041	movk	x26, #0xa30a, lsl 16
12042	movk	x26, #0x9ce5, lsl 32
12043	movk	x26, #0xa7ed, lsl 48
12044	mul	x16, x8, x26
12045	umulh	x17, x8, x26
12046	mul	x19, x9, x26
12047	umulh	x20, x9, x26
12048	adds	x4, x4, x16
12049	adcs	x5, x5, x17
12050	adc	x12, xzr, xzr
12051	adds	x5, x5, x19
12052	adc	x12, x12, x20
12053	#   * -14def9dea2f79cd7
12054	mov	x26, #0x6329
12055	movk	x26, #0x5d08, lsl 16
12056	movk	x26, #0x621, lsl 32
12057	movk	x26, #0xeb21, lsl 48
12058	mul	x16, x8, x26
12059	umulh	x17, x8, x26
12060	mul	x19, x9, x26
12061	umulh	x20, x9, x26
12062	adds	x5, x5, x16
12063	adcs	x6, x6, x17
12064	adc	x13, xzr, xzr
12065	adds	x6, x6, x19
12066	adc	x13, x13, x20
12067	#   Add overflows at 2 * 64
12068	mov	x26, #15
12069	bic	x7, x7, x26, lsl 60
12070	adds	x6, x6, x12
12071	adc	x7, x7, x13
12072	#   Subtract top at 2 * 64
12073	subs	x6, x6, x8
12074	sbcs	x7, x7, x9
12075	sbc	x26, x26, x26
12076	#   Conditional sub order
12077	mov	x16, #0xd3ed
12078	movk	x16, #0x5cf5, lsl 16
12079	movk	x16, #0x631a, lsl 32
12080	movk	x16, #0x5812, lsl 48
12081	mov	x17, #0x9cd6
12082	movk	x17, #0xa2f7, lsl 16
12083	movk	x17, #0xf9de, lsl 32
12084	movk	x17, #0x14de, lsl 48
12085	and	x16, x16, x26
12086	and	x17, x17, x26
12087	adds	x4, x4, x16
12088	adcs	x5, x5, x17
12089	and	x26, x26, #0x1000000000000000
12090	adcs	x6, x6, xzr
12091	mov	x25, #15
12092	adc	x7, x7, x26
12093	bic	x7, x7, x25, lsl 60
12094	# Store result
12095	stp	x4, x5, [x0]
12096	stp	x6, x7, [x0, #16]
12097	ldp	x17, x19, [x29, #24]
12098	ldp	x20, x21, [x29, #40]
12099	ldp	x22, x23, [x29, #56]
12100	ldp	x24, x25, [x29, #72]
12101	ldr	x26, [x29, #88]
12102	ldp	x29, x30, [sp], #0x60
12103	ret
12104#ifndef __APPLE__
12105	.size	sc_muladd,.-sc_muladd
12106#endif /* __APPLE__ */
12107#endif /* HAVE_ED25519 */
12108#endif /* !CURVE25519_SMALL || !ED25519_SMALL */
12109#endif /* HAVE_CURVE25519 || HAVE_ED25519 */
12110#endif /* __aarch64__ */
12111#endif /* WOLFSSL_ARMASM */
12112
12113#if defined(__linux__) && defined(__ELF__)
12114.section	.note.GNU-stack,"",%progbits
12115#endif
12116#endif /* !WOLFSSL_ARMASM_INLINE */