676 			      const u64 *curve_prime, u64 *tmp)  in vli_mmod_fast_192()  argument
695 	while (carry || vli_cmp(curve_prime, result, ndigits) != 1)  in vli_mmod_fast_192()
696 		carry -= vli_sub(result, result, curve_prime, ndigits);  in vli_mmod_fast_192()
703 			      const u64 *curve_prime, u64 *tmp)  in vli_mmod_fast_256()  argument
770 			carry += vli_add(result, result, curve_prime, ndigits);  in vli_mmod_fast_256()
773 		while (carry || vli_cmp(curve_prime, result, ndigits) != 1)  in vli_mmod_fast_256()
774 			carry -= vli_sub(result, result, curve_prime, ndigits);  in vli_mmod_fast_256()
784 			  const u64 *curve_prime, unsigned int ndigits)  in vli_mmod_fast()  argument
789 	if (curve_prime[0] != -1ull) {  in vli_mmod_fast()
791 		if (curve_prime[ndigits - 1] == -1ull) {  in vli_mmod_fast()
792 			vli_mmod_special(result, product, curve_prime,  in vli_mmod_fast()
795 		} else if (curve_prime[ndigits - 1] == 1ull << 63 &&  in vli_mmod_fast()
796 			   curve_prime[ndigits - 2] == 0) {  in vli_mmod_fast()
797 			vli_mmod_special2(result, product, curve_prime,  in vli_mmod_fast()
801 		vli_mmod_barrett(result, product, curve_prime, ndigits);  in vli_mmod_fast()
807 		vli_mmod_fast_192(result, product, curve_prime, tmp);  in vli_mmod_fast()
810 		vli_mmod_fast_256(result, product, curve_prime, tmp);  in vli_mmod_fast()
835 			      const u64 *curve_prime, unsigned int ndigits)  in vli_mod_mult_fast()  argument
840 	vli_mmod_fast(result, product, curve_prime, ndigits);  in vli_mod_mult_fast()
845 				const u64 *curve_prime, unsigned int ndigits)  in vli_mod_square_fast()  argument
850 	vli_mmod_fast(result, product, curve_prime, ndigits);  in vli_mod_square_fast()
948 				      u64 *curve_prime, unsigned int ndigits)  in ecc_point_double_jacobian()  argument
958 	vli_mod_square_fast(t4, y1, curve_prime, ndigits);  in ecc_point_double_jacobian()
960 	vli_mod_mult_fast(t5, x1, t4, curve_prime, ndigits);  in ecc_point_double_jacobian()
962 	vli_mod_square_fast(t4, t4, curve_prime, ndigits);  in ecc_point_double_jacobian()
964 	vli_mod_mult_fast(y1, y1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
966 	vli_mod_square_fast(z1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
969 	vli_mod_add(x1, x1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
971 	vli_mod_add(z1, z1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
973 	vli_mod_sub(z1, x1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
975 	vli_mod_mult_fast(x1, x1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
978 	vli_mod_add(z1, x1, x1, curve_prime, ndigits);  in ecc_point_double_jacobian()
980 	vli_mod_add(x1, x1, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
982 		u64 carry = vli_add(x1, x1, curve_prime, ndigits);  in ecc_point_double_jacobian()
992 	vli_mod_square_fast(z1, x1, curve_prime, ndigits);  in ecc_point_double_jacobian()
994 	vli_mod_sub(z1, z1, t5, curve_prime, ndigits);  in ecc_point_double_jacobian()
996 	vli_mod_sub(z1, z1, t5, curve_prime, ndigits);  in ecc_point_double_jacobian()
998 	vli_mod_sub(t5, t5, z1, curve_prime, ndigits);  in ecc_point_double_jacobian()
1000 	vli_mod_mult_fast(x1, x1, t5, curve_prime, ndigits);  in ecc_point_double_jacobian()
1002 	vli_mod_sub(t4, x1, t4, curve_prime, ndigits);  in ecc_point_double_jacobian()
1010 static void apply_z(u64 *x1, u64 *y1, u64 *z, u64 *curve_prime,  in apply_z()  argument
1015 	vli_mod_square_fast(t1, z, curve_prime, ndigits);    /* z^2 */  in apply_z()
1016 	vli_mod_mult_fast(x1, x1, t1, curve_prime, ndigits); /* x1 * z^2 */  in apply_z()
1017 	vli_mod_mult_fast(t1, t1, z, curve_prime, ndigits);  /* z^3 */  in apply_z()
1018 	vli_mod_mult_fast(y1, y1, t1, curve_prime, ndigits); /* y1 * z^3 */  in apply_z()
1023 				u64 *p_initial_z, u64 *curve_prime,  in xycz_initial_double()  argument
1037 	apply_z(x1, y1, z, curve_prime, ndigits);  in xycz_initial_double()
1039 	ecc_point_double_jacobian(x1, y1, z, curve_prime, ndigits);  in xycz_initial_double()
1041 	apply_z(x2, y2, z, curve_prime, ndigits);  in xycz_initial_double()
1048 static void xycz_add(u64 *x1, u64 *y1, u64 *x2, u64 *y2, u64 *curve_prime,  in xycz_add()  argument
1055 	vli_mod_sub(t5, x2, x1, curve_prime, ndigits);  in xycz_add()
1057 	vli_mod_square_fast(t5, t5, curve_prime, ndigits);  in xycz_add()
1059 	vli_mod_mult_fast(x1, x1, t5, curve_prime, ndigits);  in xycz_add()
1061 	vli_mod_mult_fast(x2, x2, t5, curve_prime, ndigits);  in xycz_add()
1063 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add()
1065 	vli_mod_square_fast(t5, y2, curve_prime, ndigits);  in xycz_add()
1068 	vli_mod_sub(t5, t5, x1, curve_prime, ndigits);  in xycz_add()
1070 	vli_mod_sub(t5, t5, x2, curve_prime, ndigits);  in xycz_add()
1072 	vli_mod_sub(x2, x2, x1, curve_prime, ndigits);  in xycz_add()
1074 	vli_mod_mult_fast(y1, y1, x2, curve_prime, ndigits);  in xycz_add()
1076 	vli_mod_sub(x2, x1, t5, curve_prime, ndigits);  in xycz_add()
1078 	vli_mod_mult_fast(y2, y2, x2, curve_prime, ndigits);  in xycz_add()
1080 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add()
1089 static void xycz_add_c(u64 *x1, u64 *y1, u64 *x2, u64 *y2, u64 *curve_prime,  in xycz_add_c()  argument
1098 	vli_mod_sub(t5, x2, x1, curve_prime, ndigits);  in xycz_add_c()
1100 	vli_mod_square_fast(t5, t5, curve_prime, ndigits);  in xycz_add_c()
1102 	vli_mod_mult_fast(x1, x1, t5, curve_prime, ndigits);  in xycz_add_c()
1104 	vli_mod_mult_fast(x2, x2, t5, curve_prime, ndigits);  in xycz_add_c()
1106 	vli_mod_add(t5, y2, y1, curve_prime, ndigits);  in xycz_add_c()
1108 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add_c()
1111 	vli_mod_sub(t6, x2, x1, curve_prime, ndigits);  in xycz_add_c()
1113 	vli_mod_mult_fast(y1, y1, t6, curve_prime, ndigits);  in xycz_add_c()
1115 	vli_mod_add(t6, x1, x2, curve_prime, ndigits);  in xycz_add_c()
1117 	vli_mod_square_fast(x2, y2, curve_prime, ndigits);  in xycz_add_c()
1119 	vli_mod_sub(x2, x2, t6, curve_prime, ndigits);  in xycz_add_c()
1122 	vli_mod_sub(t7, x1, x2, curve_prime, ndigits);  in xycz_add_c()
1124 	vli_mod_mult_fast(y2, y2, t7, curve_prime, ndigits);  in xycz_add_c()
1126 	vli_mod_sub(y2, y2, y1, curve_prime, ndigits);  in xycz_add_c()
1129 	vli_mod_square_fast(t7, t5, curve_prime, ndigits);  in xycz_add_c()
1131 	vli_mod_sub(t7, t7, t6, curve_prime, ndigits);  in xycz_add_c()
1133 	vli_mod_sub(t6, t7, x1, curve_prime, ndigits);  in xycz_add_c()
1135 	vli_mod_mult_fast(t6, t6, t5, curve_prime, ndigits);  in xycz_add_c()
1137 	vli_mod_sub(y1, t6, y1, curve_prime, ndigits);  in xycz_add_c()
1152 	u64 *curve_prime = curve->p;  in ecc_point_mult()  local
1165 	xycz_initial_double(rx[1], ry[1], rx[0], ry[0], initial_z, curve_prime,  in ecc_point_mult()
1170 		xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb], curve_prime,  in ecc_point_mult()
1172 		xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb], curve_prime,  in ecc_point_mult()
1177 	xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb], curve_prime,  in ecc_point_mult()
1182 	vli_mod_sub(z, rx[1], rx[0], curve_prime, ndigits);  in ecc_point_mult()
1184 	vli_mod_mult_fast(z, z, ry[1 - nb], curve_prime, ndigits);  in ecc_point_mult()
1186 	vli_mod_mult_fast(z, z, point->x, curve_prime, ndigits);  in ecc_point_mult()
1189 	vli_mod_inv(z, z, curve_prime, point->ndigits);  in ecc_point_mult()
1192 	vli_mod_mult_fast(z, z, point->y, curve_prime, ndigits);  in ecc_point_mult()
1194 	vli_mod_mult_fast(z, z, rx[1 - nb], curve_prime, ndigits);  in ecc_point_mult()
1197 	xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb], curve_prime, ndigits);  in ecc_point_mult()
1199 	apply_z(rx[0], ry[0], z, curve_prime, ndigits);  in ecc_point_mult()