• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1.text
2.globl	aesni_encrypt
3.type	aesni_encrypt,@function
4.align	16
5aesni_encrypt:
6.L_aesni_encrypt_begin:
7	%ifdef __CET__
8
9.byte	243,15,30,251
10	%endif
11
12	movl	4(%esp),%eax
13	movl	12(%esp),%edx
14	movups	(%eax),%xmm2
15	movl	240(%edx),%ecx
16	movl	8(%esp),%eax
17	movups	(%edx),%xmm0
18	movups	16(%edx),%xmm1
19	leal	32(%edx),%edx
20	xorps	%xmm0,%xmm2
21.L000enc1_loop_1:
22.byte	102,15,56,220,209
23	decl	%ecx
24	movups	(%edx),%xmm1
25	leal	16(%edx),%edx
26	jnz	.L000enc1_loop_1
27.byte	102,15,56,221,209
28	pxor	%xmm0,%xmm0
29	pxor	%xmm1,%xmm1
30	movups	%xmm2,(%eax)
31	pxor	%xmm2,%xmm2
32	ret
33.size	aesni_encrypt,.-.L_aesni_encrypt_begin
34.globl	aesni_decrypt
35.type	aesni_decrypt,@function
36.align	16
37aesni_decrypt:
38.L_aesni_decrypt_begin:
39	%ifdef __CET__
40
41.byte	243,15,30,251
42	%endif
43
44	movl	4(%esp),%eax
45	movl	12(%esp),%edx
46	movups	(%eax),%xmm2
47	movl	240(%edx),%ecx
48	movl	8(%esp),%eax
49	movups	(%edx),%xmm0
50	movups	16(%edx),%xmm1
51	leal	32(%edx),%edx
52	xorps	%xmm0,%xmm2
53.L001dec1_loop_2:
54.byte	102,15,56,222,209
55	decl	%ecx
56	movups	(%edx),%xmm1
57	leal	16(%edx),%edx
58	jnz	.L001dec1_loop_2
59.byte	102,15,56,223,209
60	pxor	%xmm0,%xmm0
61	pxor	%xmm1,%xmm1
62	movups	%xmm2,(%eax)
63	pxor	%xmm2,%xmm2
64	ret
65.size	aesni_decrypt,.-.L_aesni_decrypt_begin
66.type	_aesni_encrypt2,@function
67.align	16
68_aesni_encrypt2:
69	%ifdef __CET__
70
71.byte	243,15,30,251
72	%endif
73
74	movups	(%edx),%xmm0
75	shll	$4,%ecx
76	movups	16(%edx),%xmm1
77	xorps	%xmm0,%xmm2
78	pxor	%xmm0,%xmm3
79	movups	32(%edx),%xmm0
80	leal	32(%edx,%ecx,1),%edx
81	negl	%ecx
82	addl	$16,%ecx
83.L002enc2_loop:
84.byte	102,15,56,220,209
85.byte	102,15,56,220,217
86	movups	(%edx,%ecx,1),%xmm1
87	addl	$32,%ecx
88.byte	102,15,56,220,208
89.byte	102,15,56,220,216
90	movups	-16(%edx,%ecx,1),%xmm0
91	jnz	.L002enc2_loop
92.byte	102,15,56,220,209
93.byte	102,15,56,220,217
94.byte	102,15,56,221,208
95.byte	102,15,56,221,216
96	ret
97.size	_aesni_encrypt2,.-_aesni_encrypt2
98.type	_aesni_decrypt2,@function
99.align	16
100_aesni_decrypt2:
101	%ifdef __CET__
102
103.byte	243,15,30,251
104	%endif
105
106	movups	(%edx),%xmm0
107	shll	$4,%ecx
108	movups	16(%edx),%xmm1
109	xorps	%xmm0,%xmm2
110	pxor	%xmm0,%xmm3
111	movups	32(%edx),%xmm0
112	leal	32(%edx,%ecx,1),%edx
113	negl	%ecx
114	addl	$16,%ecx
115.L003dec2_loop:
116.byte	102,15,56,222,209
117.byte	102,15,56,222,217
118	movups	(%edx,%ecx,1),%xmm1
119	addl	$32,%ecx
120.byte	102,15,56,222,208
121.byte	102,15,56,222,216
122	movups	-16(%edx,%ecx,1),%xmm0
123	jnz	.L003dec2_loop
124.byte	102,15,56,222,209
125.byte	102,15,56,222,217
126.byte	102,15,56,223,208
127.byte	102,15,56,223,216
128	ret
129.size	_aesni_decrypt2,.-_aesni_decrypt2
130.type	_aesni_encrypt3,@function
131.align	16
132_aesni_encrypt3:
133	%ifdef __CET__
134
135.byte	243,15,30,251
136	%endif
137
138	movups	(%edx),%xmm0
139	shll	$4,%ecx
140	movups	16(%edx),%xmm1
141	xorps	%xmm0,%xmm2
142	pxor	%xmm0,%xmm3
143	pxor	%xmm0,%xmm4
144	movups	32(%edx),%xmm0
145	leal	32(%edx,%ecx,1),%edx
146	negl	%ecx
147	addl	$16,%ecx
148.L004enc3_loop:
149.byte	102,15,56,220,209
150.byte	102,15,56,220,217
151.byte	102,15,56,220,225
152	movups	(%edx,%ecx,1),%xmm1
153	addl	$32,%ecx
154.byte	102,15,56,220,208
155.byte	102,15,56,220,216
156.byte	102,15,56,220,224
157	movups	-16(%edx,%ecx,1),%xmm0
158	jnz	.L004enc3_loop
159.byte	102,15,56,220,209
160.byte	102,15,56,220,217
161.byte	102,15,56,220,225
162.byte	102,15,56,221,208
163.byte	102,15,56,221,216
164.byte	102,15,56,221,224
165	ret
166.size	_aesni_encrypt3,.-_aesni_encrypt3
167.type	_aesni_decrypt3,@function
168.align	16
169_aesni_decrypt3:
170	%ifdef __CET__
171
172.byte	243,15,30,251
173	%endif
174
175	movups	(%edx),%xmm0
176	shll	$4,%ecx
177	movups	16(%edx),%xmm1
178	xorps	%xmm0,%xmm2
179	pxor	%xmm0,%xmm3
180	pxor	%xmm0,%xmm4
181	movups	32(%edx),%xmm0
182	leal	32(%edx,%ecx,1),%edx
183	negl	%ecx
184	addl	$16,%ecx
185.L005dec3_loop:
186.byte	102,15,56,222,209
187.byte	102,15,56,222,217
188.byte	102,15,56,222,225
189	movups	(%edx,%ecx,1),%xmm1
190	addl	$32,%ecx
191.byte	102,15,56,222,208
192.byte	102,15,56,222,216
193.byte	102,15,56,222,224
194	movups	-16(%edx,%ecx,1),%xmm0
195	jnz	.L005dec3_loop
196.byte	102,15,56,222,209
197.byte	102,15,56,222,217
198.byte	102,15,56,222,225
199.byte	102,15,56,223,208
200.byte	102,15,56,223,216
201.byte	102,15,56,223,224
202	ret
203.size	_aesni_decrypt3,.-_aesni_decrypt3
204.type	_aesni_encrypt4,@function
205.align	16
206_aesni_encrypt4:
207	%ifdef __CET__
208
209.byte	243,15,30,251
210	%endif
211
212	movups	(%edx),%xmm0
213	movups	16(%edx),%xmm1
214	shll	$4,%ecx
215	xorps	%xmm0,%xmm2
216	pxor	%xmm0,%xmm3
217	pxor	%xmm0,%xmm4
218	pxor	%xmm0,%xmm5
219	movups	32(%edx),%xmm0
220	leal	32(%edx,%ecx,1),%edx
221	negl	%ecx
222.byte	15,31,64,0
223	addl	$16,%ecx
224.L006enc4_loop:
225.byte	102,15,56,220,209
226.byte	102,15,56,220,217
227.byte	102,15,56,220,225
228.byte	102,15,56,220,233
229	movups	(%edx,%ecx,1),%xmm1
230	addl	$32,%ecx
231.byte	102,15,56,220,208
232.byte	102,15,56,220,216
233.byte	102,15,56,220,224
234.byte	102,15,56,220,232
235	movups	-16(%edx,%ecx,1),%xmm0
236	jnz	.L006enc4_loop
237.byte	102,15,56,220,209
238.byte	102,15,56,220,217
239.byte	102,15,56,220,225
240.byte	102,15,56,220,233
241.byte	102,15,56,221,208
242.byte	102,15,56,221,216
243.byte	102,15,56,221,224
244.byte	102,15,56,221,232
245	ret
246.size	_aesni_encrypt4,.-_aesni_encrypt4
247.type	_aesni_decrypt4,@function
248.align	16
249_aesni_decrypt4:
250	%ifdef __CET__
251
252.byte	243,15,30,251
253	%endif
254
255	movups	(%edx),%xmm0
256	movups	16(%edx),%xmm1
257	shll	$4,%ecx
258	xorps	%xmm0,%xmm2
259	pxor	%xmm0,%xmm3
260	pxor	%xmm0,%xmm4
261	pxor	%xmm0,%xmm5
262	movups	32(%edx),%xmm0
263	leal	32(%edx,%ecx,1),%edx
264	negl	%ecx
265.byte	15,31,64,0
266	addl	$16,%ecx
267.L007dec4_loop:
268.byte	102,15,56,222,209
269.byte	102,15,56,222,217
270.byte	102,15,56,222,225
271.byte	102,15,56,222,233
272	movups	(%edx,%ecx,1),%xmm1
273	addl	$32,%ecx
274.byte	102,15,56,222,208
275.byte	102,15,56,222,216
276.byte	102,15,56,222,224
277.byte	102,15,56,222,232
278	movups	-16(%edx,%ecx,1),%xmm0
279	jnz	.L007dec4_loop
280.byte	102,15,56,222,209
281.byte	102,15,56,222,217
282.byte	102,15,56,222,225
283.byte	102,15,56,222,233
284.byte	102,15,56,223,208
285.byte	102,15,56,223,216
286.byte	102,15,56,223,224
287.byte	102,15,56,223,232
288	ret
289.size	_aesni_decrypt4,.-_aesni_decrypt4
290.type	_aesni_encrypt6,@function
291.align	16
292_aesni_encrypt6:
293	%ifdef __CET__
294
295.byte	243,15,30,251
296	%endif
297
298	movups	(%edx),%xmm0
299	shll	$4,%ecx
300	movups	16(%edx),%xmm1
301	xorps	%xmm0,%xmm2
302	pxor	%xmm0,%xmm3
303	pxor	%xmm0,%xmm4
304.byte	102,15,56,220,209
305	pxor	%xmm0,%xmm5
306	pxor	%xmm0,%xmm6
307.byte	102,15,56,220,217
308	leal	32(%edx,%ecx,1),%edx
309	negl	%ecx
310.byte	102,15,56,220,225
311	pxor	%xmm0,%xmm7
312	movups	(%edx,%ecx,1),%xmm0
313	addl	$16,%ecx
314	jmp	.L008_aesni_encrypt6_inner
315.align	16
316.L009enc6_loop:
317.byte	102,15,56,220,209
318.byte	102,15,56,220,217
319.byte	102,15,56,220,225
320.L008_aesni_encrypt6_inner:
321.byte	102,15,56,220,233
322.byte	102,15,56,220,241
323.byte	102,15,56,220,249
324.L_aesni_encrypt6_enter:
325	movups	(%edx,%ecx,1),%xmm1
326	addl	$32,%ecx
327.byte	102,15,56,220,208
328.byte	102,15,56,220,216
329.byte	102,15,56,220,224
330.byte	102,15,56,220,232
331.byte	102,15,56,220,240
332.byte	102,15,56,220,248
333	movups	-16(%edx,%ecx,1),%xmm0
334	jnz	.L009enc6_loop
335.byte	102,15,56,220,209
336.byte	102,15,56,220,217
337.byte	102,15,56,220,225
338.byte	102,15,56,220,233
339.byte	102,15,56,220,241
340.byte	102,15,56,220,249
341.byte	102,15,56,221,208
342.byte	102,15,56,221,216
343.byte	102,15,56,221,224
344.byte	102,15,56,221,232
345.byte	102,15,56,221,240
346.byte	102,15,56,221,248
347	ret
348.size	_aesni_encrypt6,.-_aesni_encrypt6
349.type	_aesni_decrypt6,@function
350.align	16
351_aesni_decrypt6:
352	%ifdef __CET__
353
354.byte	243,15,30,251
355	%endif
356
357	movups	(%edx),%xmm0
358	shll	$4,%ecx
359	movups	16(%edx),%xmm1
360	xorps	%xmm0,%xmm2
361	pxor	%xmm0,%xmm3
362	pxor	%xmm0,%xmm4
363.byte	102,15,56,222,209
364	pxor	%xmm0,%xmm5
365	pxor	%xmm0,%xmm6
366.byte	102,15,56,222,217
367	leal	32(%edx,%ecx,1),%edx
368	negl	%ecx
369.byte	102,15,56,222,225
370	pxor	%xmm0,%xmm7
371	movups	(%edx,%ecx,1),%xmm0
372	addl	$16,%ecx
373	jmp	.L010_aesni_decrypt6_inner
374.align	16
375.L011dec6_loop:
376.byte	102,15,56,222,209
377.byte	102,15,56,222,217
378.byte	102,15,56,222,225
379.L010_aesni_decrypt6_inner:
380.byte	102,15,56,222,233
381.byte	102,15,56,222,241
382.byte	102,15,56,222,249
383.L_aesni_decrypt6_enter:
384	movups	(%edx,%ecx,1),%xmm1
385	addl	$32,%ecx
386.byte	102,15,56,222,208
387.byte	102,15,56,222,216
388.byte	102,15,56,222,224
389.byte	102,15,56,222,232
390.byte	102,15,56,222,240
391.byte	102,15,56,222,248
392	movups	-16(%edx,%ecx,1),%xmm0
393	jnz	.L011dec6_loop
394.byte	102,15,56,222,209
395.byte	102,15,56,222,217
396.byte	102,15,56,222,225
397.byte	102,15,56,222,233
398.byte	102,15,56,222,241
399.byte	102,15,56,222,249
400.byte	102,15,56,223,208
401.byte	102,15,56,223,216
402.byte	102,15,56,223,224
403.byte	102,15,56,223,232
404.byte	102,15,56,223,240
405.byte	102,15,56,223,248
406	ret
407.size	_aesni_decrypt6,.-_aesni_decrypt6
408.globl	aesni_ecb_encrypt
409.type	aesni_ecb_encrypt,@function
410.align	16
411aesni_ecb_encrypt:
412.L_aesni_ecb_encrypt_begin:
413	%ifdef __CET__
414
415.byte	243,15,30,251
416	%endif
417
418	pushl	%ebp
419	pushl	%ebx
420	pushl	%esi
421	pushl	%edi
422	movl	20(%esp),%esi
423	movl	24(%esp),%edi
424	movl	28(%esp),%eax
425	movl	32(%esp),%edx
426	movl	36(%esp),%ebx
427	andl	$-16,%eax
428	jz	.L012ecb_ret
429	movl	240(%edx),%ecx
430	testl	%ebx,%ebx
431	jz	.L013ecb_decrypt
432	movl	%edx,%ebp
433	movl	%ecx,%ebx
434	cmpl	$96,%eax
435	jb	.L014ecb_enc_tail
436	movdqu	(%esi),%xmm2
437	movdqu	16(%esi),%xmm3
438	movdqu	32(%esi),%xmm4
439	movdqu	48(%esi),%xmm5
440	movdqu	64(%esi),%xmm6
441	movdqu	80(%esi),%xmm7
442	leal	96(%esi),%esi
443	subl	$96,%eax
444	jmp	.L015ecb_enc_loop6_enter
445.align	16
446.L016ecb_enc_loop6:
447	movups	%xmm2,(%edi)
448	movdqu	(%esi),%xmm2
449	movups	%xmm3,16(%edi)
450	movdqu	16(%esi),%xmm3
451	movups	%xmm4,32(%edi)
452	movdqu	32(%esi),%xmm4
453	movups	%xmm5,48(%edi)
454	movdqu	48(%esi),%xmm5
455	movups	%xmm6,64(%edi)
456	movdqu	64(%esi),%xmm6
457	movups	%xmm7,80(%edi)
458	leal	96(%edi),%edi
459	movdqu	80(%esi),%xmm7
460	leal	96(%esi),%esi
461.L015ecb_enc_loop6_enter:
462	call	_aesni_encrypt6
463	movl	%ebp,%edx
464	movl	%ebx,%ecx
465	subl	$96,%eax
466	jnc	.L016ecb_enc_loop6
467	movups	%xmm2,(%edi)
468	movups	%xmm3,16(%edi)
469	movups	%xmm4,32(%edi)
470	movups	%xmm5,48(%edi)
471	movups	%xmm6,64(%edi)
472	movups	%xmm7,80(%edi)
473	leal	96(%edi),%edi
474	addl	$96,%eax
475	jz	.L012ecb_ret
476.L014ecb_enc_tail:
477	movups	(%esi),%xmm2
478	cmpl	$32,%eax
479	jb	.L017ecb_enc_one
480	movups	16(%esi),%xmm3
481	je	.L018ecb_enc_two
482	movups	32(%esi),%xmm4
483	cmpl	$64,%eax
484	jb	.L019ecb_enc_three
485	movups	48(%esi),%xmm5
486	je	.L020ecb_enc_four
487	movups	64(%esi),%xmm6
488	xorps	%xmm7,%xmm7
489	call	_aesni_encrypt6
490	movups	%xmm2,(%edi)
491	movups	%xmm3,16(%edi)
492	movups	%xmm4,32(%edi)
493	movups	%xmm5,48(%edi)
494	movups	%xmm6,64(%edi)
495	jmp	.L012ecb_ret
496.align	16
497.L017ecb_enc_one:
498	movups	(%edx),%xmm0
499	movups	16(%edx),%xmm1
500	leal	32(%edx),%edx
501	xorps	%xmm0,%xmm2
502.L021enc1_loop_3:
503.byte	102,15,56,220,209
504	decl	%ecx
505	movups	(%edx),%xmm1
506	leal	16(%edx),%edx
507	jnz	.L021enc1_loop_3
508.byte	102,15,56,221,209
509	movups	%xmm2,(%edi)
510	jmp	.L012ecb_ret
511.align	16
512.L018ecb_enc_two:
513	call	_aesni_encrypt2
514	movups	%xmm2,(%edi)
515	movups	%xmm3,16(%edi)
516	jmp	.L012ecb_ret
517.align	16
518.L019ecb_enc_three:
519	call	_aesni_encrypt3
520	movups	%xmm2,(%edi)
521	movups	%xmm3,16(%edi)
522	movups	%xmm4,32(%edi)
523	jmp	.L012ecb_ret
524.align	16
525.L020ecb_enc_four:
526	call	_aesni_encrypt4
527	movups	%xmm2,(%edi)
528	movups	%xmm3,16(%edi)
529	movups	%xmm4,32(%edi)
530	movups	%xmm5,48(%edi)
531	jmp	.L012ecb_ret
532.align	16
533.L013ecb_decrypt:
534	movl	%edx,%ebp
535	movl	%ecx,%ebx
536	cmpl	$96,%eax
537	jb	.L022ecb_dec_tail
538	movdqu	(%esi),%xmm2
539	movdqu	16(%esi),%xmm3
540	movdqu	32(%esi),%xmm4
541	movdqu	48(%esi),%xmm5
542	movdqu	64(%esi),%xmm6
543	movdqu	80(%esi),%xmm7
544	leal	96(%esi),%esi
545	subl	$96,%eax
546	jmp	.L023ecb_dec_loop6_enter
547.align	16
548.L024ecb_dec_loop6:
549	movups	%xmm2,(%edi)
550	movdqu	(%esi),%xmm2
551	movups	%xmm3,16(%edi)
552	movdqu	16(%esi),%xmm3
553	movups	%xmm4,32(%edi)
554	movdqu	32(%esi),%xmm4
555	movups	%xmm5,48(%edi)
556	movdqu	48(%esi),%xmm5
557	movups	%xmm6,64(%edi)
558	movdqu	64(%esi),%xmm6
559	movups	%xmm7,80(%edi)
560	leal	96(%edi),%edi
561	movdqu	80(%esi),%xmm7
562	leal	96(%esi),%esi
563.L023ecb_dec_loop6_enter:
564	call	_aesni_decrypt6
565	movl	%ebp,%edx
566	movl	%ebx,%ecx
567	subl	$96,%eax
568	jnc	.L024ecb_dec_loop6
569	movups	%xmm2,(%edi)
570	movups	%xmm3,16(%edi)
571	movups	%xmm4,32(%edi)
572	movups	%xmm5,48(%edi)
573	movups	%xmm6,64(%edi)
574	movups	%xmm7,80(%edi)
575	leal	96(%edi),%edi
576	addl	$96,%eax
577	jz	.L012ecb_ret
578.L022ecb_dec_tail:
579	movups	(%esi),%xmm2
580	cmpl	$32,%eax
581	jb	.L025ecb_dec_one
582	movups	16(%esi),%xmm3
583	je	.L026ecb_dec_two
584	movups	32(%esi),%xmm4
585	cmpl	$64,%eax
586	jb	.L027ecb_dec_three
587	movups	48(%esi),%xmm5
588	je	.L028ecb_dec_four
589	movups	64(%esi),%xmm6
590	xorps	%xmm7,%xmm7
591	call	_aesni_decrypt6
592	movups	%xmm2,(%edi)
593	movups	%xmm3,16(%edi)
594	movups	%xmm4,32(%edi)
595	movups	%xmm5,48(%edi)
596	movups	%xmm6,64(%edi)
597	jmp	.L012ecb_ret
598.align	16
599.L025ecb_dec_one:
600	movups	(%edx),%xmm0
601	movups	16(%edx),%xmm1
602	leal	32(%edx),%edx
603	xorps	%xmm0,%xmm2
604.L029dec1_loop_4:
605.byte	102,15,56,222,209
606	decl	%ecx
607	movups	(%edx),%xmm1
608	leal	16(%edx),%edx
609	jnz	.L029dec1_loop_4
610.byte	102,15,56,223,209
611	movups	%xmm2,(%edi)
612	jmp	.L012ecb_ret
613.align	16
614.L026ecb_dec_two:
615	call	_aesni_decrypt2
616	movups	%xmm2,(%edi)
617	movups	%xmm3,16(%edi)
618	jmp	.L012ecb_ret
619.align	16
620.L027ecb_dec_three:
621	call	_aesni_decrypt3
622	movups	%xmm2,(%edi)
623	movups	%xmm3,16(%edi)
624	movups	%xmm4,32(%edi)
625	jmp	.L012ecb_ret
626.align	16
627.L028ecb_dec_four:
628	call	_aesni_decrypt4
629	movups	%xmm2,(%edi)
630	movups	%xmm3,16(%edi)
631	movups	%xmm4,32(%edi)
632	movups	%xmm5,48(%edi)
633.L012ecb_ret:
634	pxor	%xmm0,%xmm0
635	pxor	%xmm1,%xmm1
636	pxor	%xmm2,%xmm2
637	pxor	%xmm3,%xmm3
638	pxor	%xmm4,%xmm4
639	pxor	%xmm5,%xmm5
640	pxor	%xmm6,%xmm6
641	pxor	%xmm7,%xmm7
642	popl	%edi
643	popl	%esi
644	popl	%ebx
645	popl	%ebp
646	ret
647.size	aesni_ecb_encrypt,.-.L_aesni_ecb_encrypt_begin
648.globl	aesni_ccm64_encrypt_blocks
649.type	aesni_ccm64_encrypt_blocks,@function
650.align	16
651aesni_ccm64_encrypt_blocks:
652.L_aesni_ccm64_encrypt_blocks_begin:
653	%ifdef __CET__
654
655.byte	243,15,30,251
656	%endif
657
658	pushl	%ebp
659	pushl	%ebx
660	pushl	%esi
661	pushl	%edi
662	movl	20(%esp),%esi
663	movl	24(%esp),%edi
664	movl	28(%esp),%eax
665	movl	32(%esp),%edx
666	movl	36(%esp),%ebx
667	movl	40(%esp),%ecx
668	movl	%esp,%ebp
669	subl	$60,%esp
670	andl	$-16,%esp
671	movl	%ebp,48(%esp)
672	movdqu	(%ebx),%xmm7
673	movdqu	(%ecx),%xmm3
674	movl	240(%edx),%ecx
675	movl	$202182159,(%esp)
676	movl	$134810123,4(%esp)
677	movl	$67438087,8(%esp)
678	movl	$66051,12(%esp)
679	movl	$1,%ebx
680	xorl	%ebp,%ebp
681	movl	%ebx,16(%esp)
682	movl	%ebp,20(%esp)
683	movl	%ebp,24(%esp)
684	movl	%ebp,28(%esp)
685	shll	$4,%ecx
686	movl	$16,%ebx
687	leal	(%edx),%ebp
688	movdqa	(%esp),%xmm5
689	movdqa	%xmm7,%xmm2
690	leal	32(%edx,%ecx,1),%edx
691	subl	%ecx,%ebx
692.byte	102,15,56,0,253
693.L030ccm64_enc_outer:
694	movups	(%ebp),%xmm0
695	movl	%ebx,%ecx
696	movups	(%esi),%xmm6
697	xorps	%xmm0,%xmm2
698	movups	16(%ebp),%xmm1
699	xorps	%xmm6,%xmm0
700	xorps	%xmm0,%xmm3
701	movups	32(%ebp),%xmm0
702.L031ccm64_enc2_loop:
703.byte	102,15,56,220,209
704.byte	102,15,56,220,217
705	movups	(%edx,%ecx,1),%xmm1
706	addl	$32,%ecx
707.byte	102,15,56,220,208
708.byte	102,15,56,220,216
709	movups	-16(%edx,%ecx,1),%xmm0
710	jnz	.L031ccm64_enc2_loop
711.byte	102,15,56,220,209
712.byte	102,15,56,220,217
713	paddq	16(%esp),%xmm7
714	decl	%eax
715.byte	102,15,56,221,208
716.byte	102,15,56,221,216
717	leal	16(%esi),%esi
718	xorps	%xmm2,%xmm6
719	movdqa	%xmm7,%xmm2
720	movups	%xmm6,(%edi)
721.byte	102,15,56,0,213
722	leal	16(%edi),%edi
723	jnz	.L030ccm64_enc_outer
724	movl	48(%esp),%esp
725	movl	40(%esp),%edi
726	movups	%xmm3,(%edi)
727	pxor	%xmm0,%xmm0
728	pxor	%xmm1,%xmm1
729	pxor	%xmm2,%xmm2
730	pxor	%xmm3,%xmm3
731	pxor	%xmm4,%xmm4
732	pxor	%xmm5,%xmm5
733	pxor	%xmm6,%xmm6
734	pxor	%xmm7,%xmm7
735	popl	%edi
736	popl	%esi
737	popl	%ebx
738	popl	%ebp
739	ret
740.size	aesni_ccm64_encrypt_blocks,.-.L_aesni_ccm64_encrypt_blocks_begin
741.globl	aesni_ccm64_decrypt_blocks
742.type	aesni_ccm64_decrypt_blocks,@function
743.align	16
744aesni_ccm64_decrypt_blocks:
745.L_aesni_ccm64_decrypt_blocks_begin:
746	%ifdef __CET__
747
748.byte	243,15,30,251
749	%endif
750
751	pushl	%ebp
752	pushl	%ebx
753	pushl	%esi
754	pushl	%edi
755	movl	20(%esp),%esi
756	movl	24(%esp),%edi
757	movl	28(%esp),%eax
758	movl	32(%esp),%edx
759	movl	36(%esp),%ebx
760	movl	40(%esp),%ecx
761	movl	%esp,%ebp
762	subl	$60,%esp
763	andl	$-16,%esp
764	movl	%ebp,48(%esp)
765	movdqu	(%ebx),%xmm7
766	movdqu	(%ecx),%xmm3
767	movl	240(%edx),%ecx
768	movl	$202182159,(%esp)
769	movl	$134810123,4(%esp)
770	movl	$67438087,8(%esp)
771	movl	$66051,12(%esp)
772	movl	$1,%ebx
773	xorl	%ebp,%ebp
774	movl	%ebx,16(%esp)
775	movl	%ebp,20(%esp)
776	movl	%ebp,24(%esp)
777	movl	%ebp,28(%esp)
778	movdqa	(%esp),%xmm5
779	movdqa	%xmm7,%xmm2
780	movl	%edx,%ebp
781	movl	%ecx,%ebx
782.byte	102,15,56,0,253
783	movups	(%edx),%xmm0
784	movups	16(%edx),%xmm1
785	leal	32(%edx),%edx
786	xorps	%xmm0,%xmm2
787.L032enc1_loop_5:
788.byte	102,15,56,220,209
789	decl	%ecx
790	movups	(%edx),%xmm1
791	leal	16(%edx),%edx
792	jnz	.L032enc1_loop_5
793.byte	102,15,56,221,209
794	shll	$4,%ebx
795	movl	$16,%ecx
796	movups	(%esi),%xmm6
797	paddq	16(%esp),%xmm7
798	leal	16(%esi),%esi
799	subl	%ebx,%ecx
800	leal	32(%ebp,%ebx,1),%edx
801	movl	%ecx,%ebx
802	jmp	.L033ccm64_dec_outer
803.align	16
804.L033ccm64_dec_outer:
805	xorps	%xmm2,%xmm6
806	movdqa	%xmm7,%xmm2
807	movups	%xmm6,(%edi)
808	leal	16(%edi),%edi
809.byte	102,15,56,0,213
810	subl	$1,%eax
811	jz	.L034ccm64_dec_break
812	movups	(%ebp),%xmm0
813	movl	%ebx,%ecx
814	movups	16(%ebp),%xmm1
815	xorps	%xmm0,%xmm6
816	xorps	%xmm0,%xmm2
817	xorps	%xmm6,%xmm3
818	movups	32(%ebp),%xmm0
819.L035ccm64_dec2_loop:
820.byte	102,15,56,220,209
821.byte	102,15,56,220,217
822	movups	(%edx,%ecx,1),%xmm1
823	addl	$32,%ecx
824.byte	102,15,56,220,208
825.byte	102,15,56,220,216
826	movups	-16(%edx,%ecx,1),%xmm0
827	jnz	.L035ccm64_dec2_loop
828	movups	(%esi),%xmm6
829	paddq	16(%esp),%xmm7
830.byte	102,15,56,220,209
831.byte	102,15,56,220,217
832.byte	102,15,56,221,208
833.byte	102,15,56,221,216
834	leal	16(%esi),%esi
835	jmp	.L033ccm64_dec_outer
836.align	16
837.L034ccm64_dec_break:
838	movl	240(%ebp),%ecx
839	movl	%ebp,%edx
840	movups	(%edx),%xmm0
841	movups	16(%edx),%xmm1
842	xorps	%xmm0,%xmm6
843	leal	32(%edx),%edx
844	xorps	%xmm6,%xmm3
845.L036enc1_loop_6:
846.byte	102,15,56,220,217
847	decl	%ecx
848	movups	(%edx),%xmm1
849	leal	16(%edx),%edx
850	jnz	.L036enc1_loop_6
851.byte	102,15,56,221,217
852	movl	48(%esp),%esp
853	movl	40(%esp),%edi
854	movups	%xmm3,(%edi)
855	pxor	%xmm0,%xmm0
856	pxor	%xmm1,%xmm1
857	pxor	%xmm2,%xmm2
858	pxor	%xmm3,%xmm3
859	pxor	%xmm4,%xmm4
860	pxor	%xmm5,%xmm5
861	pxor	%xmm6,%xmm6
862	pxor	%xmm7,%xmm7
863	popl	%edi
864	popl	%esi
865	popl	%ebx
866	popl	%ebp
867	ret
868.size	aesni_ccm64_decrypt_blocks,.-.L_aesni_ccm64_decrypt_blocks_begin
869.globl	aesni_ctr32_encrypt_blocks
870.type	aesni_ctr32_encrypt_blocks,@function
871.align	16
872aesni_ctr32_encrypt_blocks:
873.L_aesni_ctr32_encrypt_blocks_begin:
874	%ifdef __CET__
875
876.byte	243,15,30,251
877	%endif
878
879	pushl	%ebp
880	pushl	%ebx
881	pushl	%esi
882	pushl	%edi
883	movl	20(%esp),%esi
884	movl	24(%esp),%edi
885	movl	28(%esp),%eax
886	movl	32(%esp),%edx
887	movl	36(%esp),%ebx
888	movl	%esp,%ebp
889	subl	$88,%esp
890	andl	$-16,%esp
891	movl	%ebp,80(%esp)
892	cmpl	$1,%eax
893	je	.L037ctr32_one_shortcut
894	movdqu	(%ebx),%xmm7
895	movl	$202182159,(%esp)
896	movl	$134810123,4(%esp)
897	movl	$67438087,8(%esp)
898	movl	$66051,12(%esp)
899	movl	$6,%ecx
900	xorl	%ebp,%ebp
901	movl	%ecx,16(%esp)
902	movl	%ecx,20(%esp)
903	movl	%ecx,24(%esp)
904	movl	%ebp,28(%esp)
905.byte	102,15,58,22,251,3
906.byte	102,15,58,34,253,3
907	movl	240(%edx),%ecx
908	bswap	%ebx
909	pxor	%xmm0,%xmm0
910	pxor	%xmm1,%xmm1
911	movdqa	(%esp),%xmm2
912.byte	102,15,58,34,195,0
913	leal	3(%ebx),%ebp
914.byte	102,15,58,34,205,0
915	incl	%ebx
916.byte	102,15,58,34,195,1
917	incl	%ebp
918.byte	102,15,58,34,205,1
919	incl	%ebx
920.byte	102,15,58,34,195,2
921	incl	%ebp
922.byte	102,15,58,34,205,2
923	movdqa	%xmm0,48(%esp)
924.byte	102,15,56,0,194
925	movdqu	(%edx),%xmm6
926	movdqa	%xmm1,64(%esp)
927.byte	102,15,56,0,202
928	pshufd	$192,%xmm0,%xmm2
929	pshufd	$128,%xmm0,%xmm3
930	cmpl	$6,%eax
931	jb	.L038ctr32_tail
932	pxor	%xmm6,%xmm7
933	shll	$4,%ecx
934	movl	$16,%ebx
935	movdqa	%xmm7,32(%esp)
936	movl	%edx,%ebp
937	subl	%ecx,%ebx
938	leal	32(%edx,%ecx,1),%edx
939	subl	$6,%eax
940	jmp	.L039ctr32_loop6
941.align	16
942.L039ctr32_loop6:
943	pshufd	$64,%xmm0,%xmm4
944	movdqa	32(%esp),%xmm0
945	pshufd	$192,%xmm1,%xmm5
946	pxor	%xmm0,%xmm2
947	pshufd	$128,%xmm1,%xmm6
948	pxor	%xmm0,%xmm3
949	pshufd	$64,%xmm1,%xmm7
950	movups	16(%ebp),%xmm1
951	pxor	%xmm0,%xmm4
952	pxor	%xmm0,%xmm5
953.byte	102,15,56,220,209
954	pxor	%xmm0,%xmm6
955	pxor	%xmm0,%xmm7
956.byte	102,15,56,220,217
957	movups	32(%ebp),%xmm0
958	movl	%ebx,%ecx
959.byte	102,15,56,220,225
960.byte	102,15,56,220,233
961.byte	102,15,56,220,241
962.byte	102,15,56,220,249
963	call	.L_aesni_encrypt6_enter
964	movups	(%esi),%xmm1
965	movups	16(%esi),%xmm0
966	xorps	%xmm1,%xmm2
967	movups	32(%esi),%xmm1
968	xorps	%xmm0,%xmm3
969	movups	%xmm2,(%edi)
970	movdqa	16(%esp),%xmm0
971	xorps	%xmm1,%xmm4
972	movdqa	64(%esp),%xmm1
973	movups	%xmm3,16(%edi)
974	movups	%xmm4,32(%edi)
975	paddd	%xmm0,%xmm1
976	paddd	48(%esp),%xmm0
977	movdqa	(%esp),%xmm2
978	movups	48(%esi),%xmm3
979	movups	64(%esi),%xmm4
980	xorps	%xmm3,%xmm5
981	movups	80(%esi),%xmm3
982	leal	96(%esi),%esi
983	movdqa	%xmm0,48(%esp)
984.byte	102,15,56,0,194
985	xorps	%xmm4,%xmm6
986	movups	%xmm5,48(%edi)
987	xorps	%xmm3,%xmm7
988	movdqa	%xmm1,64(%esp)
989.byte	102,15,56,0,202
990	movups	%xmm6,64(%edi)
991	pshufd	$192,%xmm0,%xmm2
992	movups	%xmm7,80(%edi)
993	leal	96(%edi),%edi
994	pshufd	$128,%xmm0,%xmm3
995	subl	$6,%eax
996	jnc	.L039ctr32_loop6
997	addl	$6,%eax
998	jz	.L040ctr32_ret
999	movdqu	(%ebp),%xmm7
1000	movl	%ebp,%edx
1001	pxor	32(%esp),%xmm7
1002	movl	240(%ebp),%ecx
1003.L038ctr32_tail:
1004	por	%xmm7,%xmm2
1005	cmpl	$2,%eax
1006	jb	.L041ctr32_one
1007	pshufd	$64,%xmm0,%xmm4
1008	por	%xmm7,%xmm3
1009	je	.L042ctr32_two
1010	pshufd	$192,%xmm1,%xmm5
1011	por	%xmm7,%xmm4
1012	cmpl	$4,%eax
1013	jb	.L043ctr32_three
1014	pshufd	$128,%xmm1,%xmm6
1015	por	%xmm7,%xmm5
1016	je	.L044ctr32_four
1017	por	%xmm7,%xmm6
1018	call	_aesni_encrypt6
1019	movups	(%esi),%xmm1
1020	movups	16(%esi),%xmm0
1021	xorps	%xmm1,%xmm2
1022	movups	32(%esi),%xmm1
1023	xorps	%xmm0,%xmm3
1024	movups	48(%esi),%xmm0
1025	xorps	%xmm1,%xmm4
1026	movups	64(%esi),%xmm1
1027	xorps	%xmm0,%xmm5
1028	movups	%xmm2,(%edi)
1029	xorps	%xmm1,%xmm6
1030	movups	%xmm3,16(%edi)
1031	movups	%xmm4,32(%edi)
1032	movups	%xmm5,48(%edi)
1033	movups	%xmm6,64(%edi)
1034	jmp	.L040ctr32_ret
1035.align	16
1036.L037ctr32_one_shortcut:
1037	movups	(%ebx),%xmm2
1038	movl	240(%edx),%ecx
1039.L041ctr32_one:
1040	movups	(%edx),%xmm0
1041	movups	16(%edx),%xmm1
1042	leal	32(%edx),%edx
1043	xorps	%xmm0,%xmm2
1044.L045enc1_loop_7:
1045.byte	102,15,56,220,209
1046	decl	%ecx
1047	movups	(%edx),%xmm1
1048	leal	16(%edx),%edx
1049	jnz	.L045enc1_loop_7
1050.byte	102,15,56,221,209
1051	movups	(%esi),%xmm6
1052	xorps	%xmm2,%xmm6
1053	movups	%xmm6,(%edi)
1054	jmp	.L040ctr32_ret
1055.align	16
1056.L042ctr32_two:
1057	call	_aesni_encrypt2
1058	movups	(%esi),%xmm5
1059	movups	16(%esi),%xmm6
1060	xorps	%xmm5,%xmm2
1061	xorps	%xmm6,%xmm3
1062	movups	%xmm2,(%edi)
1063	movups	%xmm3,16(%edi)
1064	jmp	.L040ctr32_ret
1065.align	16
1066.L043ctr32_three:
1067	call	_aesni_encrypt3
1068	movups	(%esi),%xmm5
1069	movups	16(%esi),%xmm6
1070	xorps	%xmm5,%xmm2
1071	movups	32(%esi),%xmm7
1072	xorps	%xmm6,%xmm3
1073	movups	%xmm2,(%edi)
1074	xorps	%xmm7,%xmm4
1075	movups	%xmm3,16(%edi)
1076	movups	%xmm4,32(%edi)
1077	jmp	.L040ctr32_ret
1078.align	16
1079.L044ctr32_four:
1080	call	_aesni_encrypt4
1081	movups	(%esi),%xmm6
1082	movups	16(%esi),%xmm7
1083	movups	32(%esi),%xmm1
1084	xorps	%xmm6,%xmm2
1085	movups	48(%esi),%xmm0
1086	xorps	%xmm7,%xmm3
1087	movups	%xmm2,(%edi)
1088	xorps	%xmm1,%xmm4
1089	movups	%xmm3,16(%edi)
1090	xorps	%xmm0,%xmm5
1091	movups	%xmm4,32(%edi)
1092	movups	%xmm5,48(%edi)
1093.L040ctr32_ret:
1094	pxor	%xmm0,%xmm0
1095	pxor	%xmm1,%xmm1
1096	pxor	%xmm2,%xmm2
1097	pxor	%xmm3,%xmm3
1098	pxor	%xmm4,%xmm4
1099	movdqa	%xmm0,32(%esp)
1100	pxor	%xmm5,%xmm5
1101	movdqa	%xmm0,48(%esp)
1102	pxor	%xmm6,%xmm6
1103	movdqa	%xmm0,64(%esp)
1104	pxor	%xmm7,%xmm7
1105	movl	80(%esp),%esp
1106	popl	%edi
1107	popl	%esi
1108	popl	%ebx
1109	popl	%ebp
1110	ret
1111.size	aesni_ctr32_encrypt_blocks,.-.L_aesni_ctr32_encrypt_blocks_begin
1112.globl	aesni_xts_encrypt
1113.type	aesni_xts_encrypt,@function
1114.align	16
1115aesni_xts_encrypt:
1116.L_aesni_xts_encrypt_begin:
1117	%ifdef __CET__
1118
1119.byte	243,15,30,251
1120	%endif
1121
1122	pushl	%ebp
1123	pushl	%ebx
1124	pushl	%esi
1125	pushl	%edi
1126	movl	36(%esp),%edx
1127	movl	40(%esp),%esi
1128	movl	240(%edx),%ecx
1129	movups	(%esi),%xmm2
1130	movups	(%edx),%xmm0
1131	movups	16(%edx),%xmm1
1132	leal	32(%edx),%edx
1133	xorps	%xmm0,%xmm2
1134.L046enc1_loop_8:
1135.byte	102,15,56,220,209
1136	decl	%ecx
1137	movups	(%edx),%xmm1
1138	leal	16(%edx),%edx
1139	jnz	.L046enc1_loop_8
1140.byte	102,15,56,221,209
1141	movl	20(%esp),%esi
1142	movl	24(%esp),%edi
1143	movl	28(%esp),%eax
1144	movl	32(%esp),%edx
1145	movl	%esp,%ebp
1146	subl	$120,%esp
1147	movl	240(%edx),%ecx
1148	andl	$-16,%esp
1149	movl	$135,96(%esp)
1150	movl	$0,100(%esp)
1151	movl	$1,104(%esp)
1152	movl	$0,108(%esp)
1153	movl	%eax,112(%esp)
1154	movl	%ebp,116(%esp)
1155	movdqa	%xmm2,%xmm1
1156	pxor	%xmm0,%xmm0
1157	movdqa	96(%esp),%xmm3
1158	pcmpgtd	%xmm1,%xmm0
1159	andl	$-16,%eax
1160	movl	%edx,%ebp
1161	movl	%ecx,%ebx
1162	subl	$96,%eax
1163	jc	.L047xts_enc_short
1164	shll	$4,%ecx
1165	movl	$16,%ebx
1166	subl	%ecx,%ebx
1167	leal	32(%edx,%ecx,1),%edx
1168	jmp	.L048xts_enc_loop6
1169.align	16
1170.L048xts_enc_loop6:
1171	pshufd	$19,%xmm0,%xmm2
1172	pxor	%xmm0,%xmm0
1173	movdqa	%xmm1,(%esp)
1174	paddq	%xmm1,%xmm1
1175	pand	%xmm3,%xmm2
1176	pcmpgtd	%xmm1,%xmm0
1177	pxor	%xmm2,%xmm1
1178	pshufd	$19,%xmm0,%xmm2
1179	pxor	%xmm0,%xmm0
1180	movdqa	%xmm1,16(%esp)
1181	paddq	%xmm1,%xmm1
1182	pand	%xmm3,%xmm2
1183	pcmpgtd	%xmm1,%xmm0
1184	pxor	%xmm2,%xmm1
1185	pshufd	$19,%xmm0,%xmm2
1186	pxor	%xmm0,%xmm0
1187	movdqa	%xmm1,32(%esp)
1188	paddq	%xmm1,%xmm1
1189	pand	%xmm3,%xmm2
1190	pcmpgtd	%xmm1,%xmm0
1191	pxor	%xmm2,%xmm1
1192	pshufd	$19,%xmm0,%xmm2
1193	pxor	%xmm0,%xmm0
1194	movdqa	%xmm1,48(%esp)
1195	paddq	%xmm1,%xmm1
1196	pand	%xmm3,%xmm2
1197	pcmpgtd	%xmm1,%xmm0
1198	pxor	%xmm2,%xmm1
1199	pshufd	$19,%xmm0,%xmm7
1200	movdqa	%xmm1,64(%esp)
1201	paddq	%xmm1,%xmm1
1202	movups	(%ebp),%xmm0
1203	pand	%xmm3,%xmm7
1204	movups	(%esi),%xmm2
1205	pxor	%xmm1,%xmm7
1206	movl	%ebx,%ecx
1207	movdqu	16(%esi),%xmm3
1208	xorps	%xmm0,%xmm2
1209	movdqu	32(%esi),%xmm4
1210	pxor	%xmm0,%xmm3
1211	movdqu	48(%esi),%xmm5
1212	pxor	%xmm0,%xmm4
1213	movdqu	64(%esi),%xmm6
1214	pxor	%xmm0,%xmm5
1215	movdqu	80(%esi),%xmm1
1216	pxor	%xmm0,%xmm6
1217	leal	96(%esi),%esi
1218	pxor	(%esp),%xmm2
1219	movdqa	%xmm7,80(%esp)
1220	pxor	%xmm1,%xmm7
1221	movups	16(%ebp),%xmm1
1222	pxor	16(%esp),%xmm3
1223	pxor	32(%esp),%xmm4
1224.byte	102,15,56,220,209
1225	pxor	48(%esp),%xmm5
1226	pxor	64(%esp),%xmm6
1227.byte	102,15,56,220,217
1228	pxor	%xmm0,%xmm7
1229	movups	32(%ebp),%xmm0
1230.byte	102,15,56,220,225
1231.byte	102,15,56,220,233
1232.byte	102,15,56,220,241
1233.byte	102,15,56,220,249
1234	call	.L_aesni_encrypt6_enter
1235	movdqa	80(%esp),%xmm1
1236	pxor	%xmm0,%xmm0
1237	xorps	(%esp),%xmm2
1238	pcmpgtd	%xmm1,%xmm0
1239	xorps	16(%esp),%xmm3
1240	movups	%xmm2,(%edi)
1241	xorps	32(%esp),%xmm4
1242	movups	%xmm3,16(%edi)
1243	xorps	48(%esp),%xmm5
1244	movups	%xmm4,32(%edi)
1245	xorps	64(%esp),%xmm6
1246	movups	%xmm5,48(%edi)
1247	xorps	%xmm1,%xmm7
1248	movups	%xmm6,64(%edi)
1249	pshufd	$19,%xmm0,%xmm2
1250	movups	%xmm7,80(%edi)
1251	leal	96(%edi),%edi
1252	movdqa	96(%esp),%xmm3
1253	pxor	%xmm0,%xmm0
1254	paddq	%xmm1,%xmm1
1255	pand	%xmm3,%xmm2
1256	pcmpgtd	%xmm1,%xmm0
1257	pxor	%xmm2,%xmm1
1258	subl	$96,%eax
1259	jnc	.L048xts_enc_loop6
1260	movl	240(%ebp),%ecx
1261	movl	%ebp,%edx
1262	movl	%ecx,%ebx
1263.L047xts_enc_short:
1264	addl	$96,%eax
1265	jz	.L049xts_enc_done6x
1266	movdqa	%xmm1,%xmm5
1267	cmpl	$32,%eax
1268	jb	.L050xts_enc_one
1269	pshufd	$19,%xmm0,%xmm2
1270	pxor	%xmm0,%xmm0
1271	paddq	%xmm1,%xmm1
1272	pand	%xmm3,%xmm2
1273	pcmpgtd	%xmm1,%xmm0
1274	pxor	%xmm2,%xmm1
1275	je	.L051xts_enc_two
1276	pshufd	$19,%xmm0,%xmm2
1277	pxor	%xmm0,%xmm0
1278	movdqa	%xmm1,%xmm6
1279	paddq	%xmm1,%xmm1
1280	pand	%xmm3,%xmm2
1281	pcmpgtd	%xmm1,%xmm0
1282	pxor	%xmm2,%xmm1
1283	cmpl	$64,%eax
1284	jb	.L052xts_enc_three
1285	pshufd	$19,%xmm0,%xmm2
1286	pxor	%xmm0,%xmm0
1287	movdqa	%xmm1,%xmm7
1288	paddq	%xmm1,%xmm1
1289	pand	%xmm3,%xmm2
1290	pcmpgtd	%xmm1,%xmm0
1291	pxor	%xmm2,%xmm1
1292	movdqa	%xmm5,(%esp)
1293	movdqa	%xmm6,16(%esp)
1294	je	.L053xts_enc_four
1295	movdqa	%xmm7,32(%esp)
1296	pshufd	$19,%xmm0,%xmm7
1297	movdqa	%xmm1,48(%esp)
1298	paddq	%xmm1,%xmm1
1299	pand	%xmm3,%xmm7
1300	pxor	%xmm1,%xmm7
1301	movdqu	(%esi),%xmm2
1302	movdqu	16(%esi),%xmm3
1303	movdqu	32(%esi),%xmm4
1304	pxor	(%esp),%xmm2
1305	movdqu	48(%esi),%xmm5
1306	pxor	16(%esp),%xmm3
1307	movdqu	64(%esi),%xmm6
1308	pxor	32(%esp),%xmm4
1309	leal	80(%esi),%esi
1310	pxor	48(%esp),%xmm5
1311	movdqa	%xmm7,64(%esp)
1312	pxor	%xmm7,%xmm6
1313	call	_aesni_encrypt6
1314	movaps	64(%esp),%xmm1
1315	xorps	(%esp),%xmm2
1316	xorps	16(%esp),%xmm3
1317	xorps	32(%esp),%xmm4
1318	movups	%xmm2,(%edi)
1319	xorps	48(%esp),%xmm5
1320	movups	%xmm3,16(%edi)
1321	xorps	%xmm1,%xmm6
1322	movups	%xmm4,32(%edi)
1323	movups	%xmm5,48(%edi)
1324	movups	%xmm6,64(%edi)
1325	leal	80(%edi),%edi
1326	jmp	.L054xts_enc_done
1327.align	16
1328.L050xts_enc_one:
1329	movups	(%esi),%xmm2
1330	leal	16(%esi),%esi
1331	xorps	%xmm5,%xmm2
1332	movups	(%edx),%xmm0
1333	movups	16(%edx),%xmm1
1334	leal	32(%edx),%edx
1335	xorps	%xmm0,%xmm2
1336.L055enc1_loop_9:
1337.byte	102,15,56,220,209
1338	decl	%ecx
1339	movups	(%edx),%xmm1
1340	leal	16(%edx),%edx
1341	jnz	.L055enc1_loop_9
1342.byte	102,15,56,221,209
1343	xorps	%xmm5,%xmm2
1344	movups	%xmm2,(%edi)
1345	leal	16(%edi),%edi
1346	movdqa	%xmm5,%xmm1
1347	jmp	.L054xts_enc_done
1348.align	16
1349.L051xts_enc_two:
1350	movaps	%xmm1,%xmm6
1351	movups	(%esi),%xmm2
1352	movups	16(%esi),%xmm3
1353	leal	32(%esi),%esi
1354	xorps	%xmm5,%xmm2
1355	xorps	%xmm6,%xmm3
1356	call	_aesni_encrypt2
1357	xorps	%xmm5,%xmm2
1358	xorps	%xmm6,%xmm3
1359	movups	%xmm2,(%edi)
1360	movups	%xmm3,16(%edi)
1361	leal	32(%edi),%edi
1362	movdqa	%xmm6,%xmm1
1363	jmp	.L054xts_enc_done
1364.align	16
1365.L052xts_enc_three:
1366	movaps	%xmm1,%xmm7
1367	movups	(%esi),%xmm2
1368	movups	16(%esi),%xmm3
1369	movups	32(%esi),%xmm4
1370	leal	48(%esi),%esi
1371	xorps	%xmm5,%xmm2
1372	xorps	%xmm6,%xmm3
1373	xorps	%xmm7,%xmm4
1374	call	_aesni_encrypt3
1375	xorps	%xmm5,%xmm2
1376	xorps	%xmm6,%xmm3
1377	xorps	%xmm7,%xmm4
1378	movups	%xmm2,(%edi)
1379	movups	%xmm3,16(%edi)
1380	movups	%xmm4,32(%edi)
1381	leal	48(%edi),%edi
1382	movdqa	%xmm7,%xmm1
1383	jmp	.L054xts_enc_done
1384.align	16
1385.L053xts_enc_four:
1386	movaps	%xmm1,%xmm6
1387	movups	(%esi),%xmm2
1388	movups	16(%esi),%xmm3
1389	movups	32(%esi),%xmm4
1390	xorps	(%esp),%xmm2
1391	movups	48(%esi),%xmm5
1392	leal	64(%esi),%esi
1393	xorps	16(%esp),%xmm3
1394	xorps	%xmm7,%xmm4
1395	xorps	%xmm6,%xmm5
1396	call	_aesni_encrypt4
1397	xorps	(%esp),%xmm2
1398	xorps	16(%esp),%xmm3
1399	xorps	%xmm7,%xmm4
1400	movups	%xmm2,(%edi)
1401	xorps	%xmm6,%xmm5
1402	movups	%xmm3,16(%edi)
1403	movups	%xmm4,32(%edi)
1404	movups	%xmm5,48(%edi)
1405	leal	64(%edi),%edi
1406	movdqa	%xmm6,%xmm1
1407	jmp	.L054xts_enc_done
1408.align	16
1409.L049xts_enc_done6x:
1410	movl	112(%esp),%eax
1411	andl	$15,%eax
1412	jz	.L056xts_enc_ret
1413	movdqa	%xmm1,%xmm5
1414	movl	%eax,112(%esp)
1415	jmp	.L057xts_enc_steal
1416.align	16
1417.L054xts_enc_done:
1418	movl	112(%esp),%eax
1419	pxor	%xmm0,%xmm0
1420	andl	$15,%eax
1421	jz	.L056xts_enc_ret
1422	pcmpgtd	%xmm1,%xmm0
1423	movl	%eax,112(%esp)
1424	pshufd	$19,%xmm0,%xmm5
1425	paddq	%xmm1,%xmm1
1426	pand	96(%esp),%xmm5
1427	pxor	%xmm1,%xmm5
1428.L057xts_enc_steal:
1429	movzbl	(%esi),%ecx
1430	movzbl	-16(%edi),%edx
1431	leal	1(%esi),%esi
1432	movb	%cl,-16(%edi)
1433	movb	%dl,(%edi)
1434	leal	1(%edi),%edi
1435	subl	$1,%eax
1436	jnz	.L057xts_enc_steal
1437	subl	112(%esp),%edi
1438	movl	%ebp,%edx
1439	movl	%ebx,%ecx
1440	movups	-16(%edi),%xmm2
1441	xorps	%xmm5,%xmm2
1442	movups	(%edx),%xmm0
1443	movups	16(%edx),%xmm1
1444	leal	32(%edx),%edx
1445	xorps	%xmm0,%xmm2
1446.L058enc1_loop_10:
1447.byte	102,15,56,220,209
1448	decl	%ecx
1449	movups	(%edx),%xmm1
1450	leal	16(%edx),%edx
1451	jnz	.L058enc1_loop_10
1452.byte	102,15,56,221,209
1453	xorps	%xmm5,%xmm2
1454	movups	%xmm2,-16(%edi)
1455.L056xts_enc_ret:
1456	pxor	%xmm0,%xmm0
1457	pxor	%xmm1,%xmm1
1458	pxor	%xmm2,%xmm2
1459	movdqa	%xmm0,(%esp)
1460	pxor	%xmm3,%xmm3
1461	movdqa	%xmm0,16(%esp)
1462	pxor	%xmm4,%xmm4
1463	movdqa	%xmm0,32(%esp)
1464	pxor	%xmm5,%xmm5
1465	movdqa	%xmm0,48(%esp)
1466	pxor	%xmm6,%xmm6
1467	movdqa	%xmm0,64(%esp)
1468	pxor	%xmm7,%xmm7
1469	movdqa	%xmm0,80(%esp)
1470	movl	116(%esp),%esp
1471	popl	%edi
1472	popl	%esi
1473	popl	%ebx
1474	popl	%ebp
1475	ret
1476.size	aesni_xts_encrypt,.-.L_aesni_xts_encrypt_begin
1477.globl	aesni_xts_decrypt
1478.type	aesni_xts_decrypt,@function
1479.align	16
1480aesni_xts_decrypt:
1481.L_aesni_xts_decrypt_begin:
1482	%ifdef __CET__
1483
1484.byte	243,15,30,251
1485	%endif
1486
1487	pushl	%ebp
1488	pushl	%ebx
1489	pushl	%esi
1490	pushl	%edi
1491	movl	36(%esp),%edx
1492	movl	40(%esp),%esi
1493	movl	240(%edx),%ecx
1494	movups	(%esi),%xmm2
1495	movups	(%edx),%xmm0
1496	movups	16(%edx),%xmm1
1497	leal	32(%edx),%edx
1498	xorps	%xmm0,%xmm2
1499.L059enc1_loop_11:
1500.byte	102,15,56,220,209
1501	decl	%ecx
1502	movups	(%edx),%xmm1
1503	leal	16(%edx),%edx
1504	jnz	.L059enc1_loop_11
1505.byte	102,15,56,221,209
1506	movl	20(%esp),%esi
1507	movl	24(%esp),%edi
1508	movl	28(%esp),%eax
1509	movl	32(%esp),%edx
1510	movl	%esp,%ebp
1511	subl	$120,%esp
1512	andl	$-16,%esp
1513	xorl	%ebx,%ebx
1514	testl	$15,%eax
1515	setnz	%bl
1516	shll	$4,%ebx
1517	subl	%ebx,%eax
1518	movl	$135,96(%esp)
1519	movl	$0,100(%esp)
1520	movl	$1,104(%esp)
1521	movl	$0,108(%esp)
1522	movl	%eax,112(%esp)
1523	movl	%ebp,116(%esp)
1524	movl	240(%edx),%ecx
1525	movl	%edx,%ebp
1526	movl	%ecx,%ebx
1527	movdqa	%xmm2,%xmm1
1528	pxor	%xmm0,%xmm0
1529	movdqa	96(%esp),%xmm3
1530	pcmpgtd	%xmm1,%xmm0
1531	andl	$-16,%eax
1532	subl	$96,%eax
1533	jc	.L060xts_dec_short
1534	shll	$4,%ecx
1535	movl	$16,%ebx
1536	subl	%ecx,%ebx
1537	leal	32(%edx,%ecx,1),%edx
1538	jmp	.L061xts_dec_loop6
1539.align	16
1540.L061xts_dec_loop6:
1541	pshufd	$19,%xmm0,%xmm2
1542	pxor	%xmm0,%xmm0
1543	movdqa	%xmm1,(%esp)
1544	paddq	%xmm1,%xmm1
1545	pand	%xmm3,%xmm2
1546	pcmpgtd	%xmm1,%xmm0
1547	pxor	%xmm2,%xmm1
1548	pshufd	$19,%xmm0,%xmm2
1549	pxor	%xmm0,%xmm0
1550	movdqa	%xmm1,16(%esp)
1551	paddq	%xmm1,%xmm1
1552	pand	%xmm3,%xmm2
1553	pcmpgtd	%xmm1,%xmm0
1554	pxor	%xmm2,%xmm1
1555	pshufd	$19,%xmm0,%xmm2
1556	pxor	%xmm0,%xmm0
1557	movdqa	%xmm1,32(%esp)
1558	paddq	%xmm1,%xmm1
1559	pand	%xmm3,%xmm2
1560	pcmpgtd	%xmm1,%xmm0
1561	pxor	%xmm2,%xmm1
1562	pshufd	$19,%xmm0,%xmm2
1563	pxor	%xmm0,%xmm0
1564	movdqa	%xmm1,48(%esp)
1565	paddq	%xmm1,%xmm1
1566	pand	%xmm3,%xmm2
1567	pcmpgtd	%xmm1,%xmm0
1568	pxor	%xmm2,%xmm1
1569	pshufd	$19,%xmm0,%xmm7
1570	movdqa	%xmm1,64(%esp)
1571	paddq	%xmm1,%xmm1
1572	movups	(%ebp),%xmm0
1573	pand	%xmm3,%xmm7
1574	movups	(%esi),%xmm2
1575	pxor	%xmm1,%xmm7
1576	movl	%ebx,%ecx
1577	movdqu	16(%esi),%xmm3
1578	xorps	%xmm0,%xmm2
1579	movdqu	32(%esi),%xmm4
1580	pxor	%xmm0,%xmm3
1581	movdqu	48(%esi),%xmm5
1582	pxor	%xmm0,%xmm4
1583	movdqu	64(%esi),%xmm6
1584	pxor	%xmm0,%xmm5
1585	movdqu	80(%esi),%xmm1
1586	pxor	%xmm0,%xmm6
1587	leal	96(%esi),%esi
1588	pxor	(%esp),%xmm2
1589	movdqa	%xmm7,80(%esp)
1590	pxor	%xmm1,%xmm7
1591	movups	16(%ebp),%xmm1
1592	pxor	16(%esp),%xmm3
1593	pxor	32(%esp),%xmm4
1594.byte	102,15,56,222,209
1595	pxor	48(%esp),%xmm5
1596	pxor	64(%esp),%xmm6
1597.byte	102,15,56,222,217
1598	pxor	%xmm0,%xmm7
1599	movups	32(%ebp),%xmm0
1600.byte	102,15,56,222,225
1601.byte	102,15,56,222,233
1602.byte	102,15,56,222,241
1603.byte	102,15,56,222,249
1604	call	.L_aesni_decrypt6_enter
1605	movdqa	80(%esp),%xmm1
1606	pxor	%xmm0,%xmm0
1607	xorps	(%esp),%xmm2
1608	pcmpgtd	%xmm1,%xmm0
1609	xorps	16(%esp),%xmm3
1610	movups	%xmm2,(%edi)
1611	xorps	32(%esp),%xmm4
1612	movups	%xmm3,16(%edi)
1613	xorps	48(%esp),%xmm5
1614	movups	%xmm4,32(%edi)
1615	xorps	64(%esp),%xmm6
1616	movups	%xmm5,48(%edi)
1617	xorps	%xmm1,%xmm7
1618	movups	%xmm6,64(%edi)
1619	pshufd	$19,%xmm0,%xmm2
1620	movups	%xmm7,80(%edi)
1621	leal	96(%edi),%edi
1622	movdqa	96(%esp),%xmm3
1623	pxor	%xmm0,%xmm0
1624	paddq	%xmm1,%xmm1
1625	pand	%xmm3,%xmm2
1626	pcmpgtd	%xmm1,%xmm0
1627	pxor	%xmm2,%xmm1
1628	subl	$96,%eax
1629	jnc	.L061xts_dec_loop6
1630	movl	240(%ebp),%ecx
1631	movl	%ebp,%edx
1632	movl	%ecx,%ebx
1633.L060xts_dec_short:
1634	addl	$96,%eax
1635	jz	.L062xts_dec_done6x
1636	movdqa	%xmm1,%xmm5
1637	cmpl	$32,%eax
1638	jb	.L063xts_dec_one
1639	pshufd	$19,%xmm0,%xmm2
1640	pxor	%xmm0,%xmm0
1641	paddq	%xmm1,%xmm1
1642	pand	%xmm3,%xmm2
1643	pcmpgtd	%xmm1,%xmm0
1644	pxor	%xmm2,%xmm1
1645	je	.L064xts_dec_two
1646	pshufd	$19,%xmm0,%xmm2
1647	pxor	%xmm0,%xmm0
1648	movdqa	%xmm1,%xmm6
1649	paddq	%xmm1,%xmm1
1650	pand	%xmm3,%xmm2
1651	pcmpgtd	%xmm1,%xmm0
1652	pxor	%xmm2,%xmm1
1653	cmpl	$64,%eax
1654	jb	.L065xts_dec_three
1655	pshufd	$19,%xmm0,%xmm2
1656	pxor	%xmm0,%xmm0
1657	movdqa	%xmm1,%xmm7
1658	paddq	%xmm1,%xmm1
1659	pand	%xmm3,%xmm2
1660	pcmpgtd	%xmm1,%xmm0
1661	pxor	%xmm2,%xmm1
1662	movdqa	%xmm5,(%esp)
1663	movdqa	%xmm6,16(%esp)
1664	je	.L066xts_dec_four
1665	movdqa	%xmm7,32(%esp)
1666	pshufd	$19,%xmm0,%xmm7
1667	movdqa	%xmm1,48(%esp)
1668	paddq	%xmm1,%xmm1
1669	pand	%xmm3,%xmm7
1670	pxor	%xmm1,%xmm7
1671	movdqu	(%esi),%xmm2
1672	movdqu	16(%esi),%xmm3
1673	movdqu	32(%esi),%xmm4
1674	pxor	(%esp),%xmm2
1675	movdqu	48(%esi),%xmm5
1676	pxor	16(%esp),%xmm3
1677	movdqu	64(%esi),%xmm6
1678	pxor	32(%esp),%xmm4
1679	leal	80(%esi),%esi
1680	pxor	48(%esp),%xmm5
1681	movdqa	%xmm7,64(%esp)
1682	pxor	%xmm7,%xmm6
1683	call	_aesni_decrypt6
1684	movaps	64(%esp),%xmm1
1685	xorps	(%esp),%xmm2
1686	xorps	16(%esp),%xmm3
1687	xorps	32(%esp),%xmm4
1688	movups	%xmm2,(%edi)
1689	xorps	48(%esp),%xmm5
1690	movups	%xmm3,16(%edi)
1691	xorps	%xmm1,%xmm6
1692	movups	%xmm4,32(%edi)
1693	movups	%xmm5,48(%edi)
1694	movups	%xmm6,64(%edi)
1695	leal	80(%edi),%edi
1696	jmp	.L067xts_dec_done
1697.align	16
1698.L063xts_dec_one:
1699	movups	(%esi),%xmm2
1700	leal	16(%esi),%esi
1701	xorps	%xmm5,%xmm2
1702	movups	(%edx),%xmm0
1703	movups	16(%edx),%xmm1
1704	leal	32(%edx),%edx
1705	xorps	%xmm0,%xmm2
1706.L068dec1_loop_12:
1707.byte	102,15,56,222,209
1708	decl	%ecx
1709	movups	(%edx),%xmm1
1710	leal	16(%edx),%edx
1711	jnz	.L068dec1_loop_12
1712.byte	102,15,56,223,209
1713	xorps	%xmm5,%xmm2
1714	movups	%xmm2,(%edi)
1715	leal	16(%edi),%edi
1716	movdqa	%xmm5,%xmm1
1717	jmp	.L067xts_dec_done
1718.align	16
1719.L064xts_dec_two:
1720	movaps	%xmm1,%xmm6
1721	movups	(%esi),%xmm2
1722	movups	16(%esi),%xmm3
1723	leal	32(%esi),%esi
1724	xorps	%xmm5,%xmm2
1725	xorps	%xmm6,%xmm3
1726	call	_aesni_decrypt2
1727	xorps	%xmm5,%xmm2
1728	xorps	%xmm6,%xmm3
1729	movups	%xmm2,(%edi)
1730	movups	%xmm3,16(%edi)
1731	leal	32(%edi),%edi
1732	movdqa	%xmm6,%xmm1
1733	jmp	.L067xts_dec_done
1734.align	16
1735.L065xts_dec_three:
1736	movaps	%xmm1,%xmm7
1737	movups	(%esi),%xmm2
1738	movups	16(%esi),%xmm3
1739	movups	32(%esi),%xmm4
1740	leal	48(%esi),%esi
1741	xorps	%xmm5,%xmm2
1742	xorps	%xmm6,%xmm3
1743	xorps	%xmm7,%xmm4
1744	call	_aesni_decrypt3
1745	xorps	%xmm5,%xmm2
1746	xorps	%xmm6,%xmm3
1747	xorps	%xmm7,%xmm4
1748	movups	%xmm2,(%edi)
1749	movups	%xmm3,16(%edi)
1750	movups	%xmm4,32(%edi)
1751	leal	48(%edi),%edi
1752	movdqa	%xmm7,%xmm1
1753	jmp	.L067xts_dec_done
1754.align	16
1755.L066xts_dec_four:
1756	movaps	%xmm1,%xmm6
1757	movups	(%esi),%xmm2
1758	movups	16(%esi),%xmm3
1759	movups	32(%esi),%xmm4
1760	xorps	(%esp),%xmm2
1761	movups	48(%esi),%xmm5
1762	leal	64(%esi),%esi
1763	xorps	16(%esp),%xmm3
1764	xorps	%xmm7,%xmm4
1765	xorps	%xmm6,%xmm5
1766	call	_aesni_decrypt4
1767	xorps	(%esp),%xmm2
1768	xorps	16(%esp),%xmm3
1769	xorps	%xmm7,%xmm4
1770	movups	%xmm2,(%edi)
1771	xorps	%xmm6,%xmm5
1772	movups	%xmm3,16(%edi)
1773	movups	%xmm4,32(%edi)
1774	movups	%xmm5,48(%edi)
1775	leal	64(%edi),%edi
1776	movdqa	%xmm6,%xmm1
1777	jmp	.L067xts_dec_done
1778.align	16
1779.L062xts_dec_done6x:
1780	movl	112(%esp),%eax
1781	andl	$15,%eax
1782	jz	.L069xts_dec_ret
1783	movl	%eax,112(%esp)
1784	jmp	.L070xts_dec_only_one_more
1785.align	16
1786.L067xts_dec_done:
1787	movl	112(%esp),%eax
1788	pxor	%xmm0,%xmm0
1789	andl	$15,%eax
1790	jz	.L069xts_dec_ret
1791	pcmpgtd	%xmm1,%xmm0
1792	movl	%eax,112(%esp)
1793	pshufd	$19,%xmm0,%xmm2
1794	pxor	%xmm0,%xmm0
1795	movdqa	96(%esp),%xmm3
1796	paddq	%xmm1,%xmm1
1797	pand	%xmm3,%xmm2
1798	pcmpgtd	%xmm1,%xmm0
1799	pxor	%xmm2,%xmm1
1800.L070xts_dec_only_one_more:
1801	pshufd	$19,%xmm0,%xmm5
1802	movdqa	%xmm1,%xmm6
1803	paddq	%xmm1,%xmm1
1804	pand	%xmm3,%xmm5
1805	pxor	%xmm1,%xmm5
1806	movl	%ebp,%edx
1807	movl	%ebx,%ecx
1808	movups	(%esi),%xmm2
1809	xorps	%xmm5,%xmm2
1810	movups	(%edx),%xmm0
1811	movups	16(%edx),%xmm1
1812	leal	32(%edx),%edx
1813	xorps	%xmm0,%xmm2
1814.L071dec1_loop_13:
1815.byte	102,15,56,222,209
1816	decl	%ecx
1817	movups	(%edx),%xmm1
1818	leal	16(%edx),%edx
1819	jnz	.L071dec1_loop_13
1820.byte	102,15,56,223,209
1821	xorps	%xmm5,%xmm2
1822	movups	%xmm2,(%edi)
1823.L072xts_dec_steal:
1824	movzbl	16(%esi),%ecx
1825	movzbl	(%edi),%edx
1826	leal	1(%esi),%esi
1827	movb	%cl,(%edi)
1828	movb	%dl,16(%edi)
1829	leal	1(%edi),%edi
1830	subl	$1,%eax
1831	jnz	.L072xts_dec_steal
1832	subl	112(%esp),%edi
1833	movl	%ebp,%edx
1834	movl	%ebx,%ecx
1835	movups	(%edi),%xmm2
1836	xorps	%xmm6,%xmm2
1837	movups	(%edx),%xmm0
1838	movups	16(%edx),%xmm1
1839	leal	32(%edx),%edx
1840	xorps	%xmm0,%xmm2
1841.L073dec1_loop_14:
1842.byte	102,15,56,222,209
1843	decl	%ecx
1844	movups	(%edx),%xmm1
1845	leal	16(%edx),%edx
1846	jnz	.L073dec1_loop_14
1847.byte	102,15,56,223,209
1848	xorps	%xmm6,%xmm2
1849	movups	%xmm2,(%edi)
1850.L069xts_dec_ret:
1851	pxor	%xmm0,%xmm0
1852	pxor	%xmm1,%xmm1
1853	pxor	%xmm2,%xmm2
1854	movdqa	%xmm0,(%esp)
1855	pxor	%xmm3,%xmm3
1856	movdqa	%xmm0,16(%esp)
1857	pxor	%xmm4,%xmm4
1858	movdqa	%xmm0,32(%esp)
1859	pxor	%xmm5,%xmm5
1860	movdqa	%xmm0,48(%esp)
1861	pxor	%xmm6,%xmm6
1862	movdqa	%xmm0,64(%esp)
1863	pxor	%xmm7,%xmm7
1864	movdqa	%xmm0,80(%esp)
1865	movl	116(%esp),%esp
1866	popl	%edi
1867	popl	%esi
1868	popl	%ebx
1869	popl	%ebp
1870	ret
1871.size	aesni_xts_decrypt,.-.L_aesni_xts_decrypt_begin
1872.globl	aesni_ocb_encrypt
1873.type	aesni_ocb_encrypt,@function
1874.align	16
1875aesni_ocb_encrypt:
1876.L_aesni_ocb_encrypt_begin:
1877	%ifdef __CET__
1878
1879.byte	243,15,30,251
1880	%endif
1881
1882	pushl	%ebp
1883	pushl	%ebx
1884	pushl	%esi
1885	pushl	%edi
1886	movl	40(%esp),%ecx
1887	movl	48(%esp),%ebx
1888	movl	20(%esp),%esi
1889	movl	24(%esp),%edi
1890	movl	28(%esp),%eax
1891	movl	32(%esp),%edx
1892	movdqu	(%ecx),%xmm0
1893	movl	36(%esp),%ebp
1894	movdqu	(%ebx),%xmm1
1895	movl	44(%esp),%ebx
1896	movl	%esp,%ecx
1897	subl	$132,%esp
1898	andl	$-16,%esp
1899	subl	%esi,%edi
1900	shll	$4,%eax
1901	leal	-96(%esi,%eax,1),%eax
1902	movl	%edi,120(%esp)
1903	movl	%eax,124(%esp)
1904	movl	%ecx,128(%esp)
1905	movl	240(%edx),%ecx
1906	testl	$1,%ebp
1907	jnz	.L074odd
1908	bsfl	%ebp,%eax
1909	addl	$1,%ebp
1910	shll	$4,%eax
1911	movdqu	(%ebx,%eax,1),%xmm7
1912	movl	%edx,%eax
1913	movdqu	(%esi),%xmm2
1914	leal	16(%esi),%esi
1915	pxor	%xmm0,%xmm7
1916	pxor	%xmm2,%xmm1
1917	pxor	%xmm7,%xmm2
1918	movdqa	%xmm1,%xmm6
1919	movups	(%edx),%xmm0
1920	movups	16(%edx),%xmm1
1921	leal	32(%edx),%edx
1922	xorps	%xmm0,%xmm2
1923.L075enc1_loop_15:
1924.byte	102,15,56,220,209
1925	decl	%ecx
1926	movups	(%edx),%xmm1
1927	leal	16(%edx),%edx
1928	jnz	.L075enc1_loop_15
1929.byte	102,15,56,221,209
1930	xorps	%xmm7,%xmm2
1931	movdqa	%xmm7,%xmm0
1932	movdqa	%xmm6,%xmm1
1933	movups	%xmm2,-16(%edi,%esi,1)
1934	movl	240(%eax),%ecx
1935	movl	%eax,%edx
1936	movl	124(%esp),%eax
1937.L074odd:
1938	shll	$4,%ecx
1939	movl	$16,%edi
1940	subl	%ecx,%edi
1941	movl	%edx,112(%esp)
1942	leal	32(%edx,%ecx,1),%edx
1943	movl	%edi,116(%esp)
1944	cmpl	%eax,%esi
1945	ja	.L076short
1946	jmp	.L077grandloop
1947.align	32
1948.L077grandloop:
1949	leal	1(%ebp),%ecx
1950	leal	3(%ebp),%eax
1951	leal	5(%ebp),%edi
1952	addl	$6,%ebp
1953	bsfl	%ecx,%ecx
1954	bsfl	%eax,%eax
1955	bsfl	%edi,%edi
1956	shll	$4,%ecx
1957	shll	$4,%eax
1958	shll	$4,%edi
1959	movdqu	(%ebx),%xmm2
1960	movdqu	(%ebx,%ecx,1),%xmm3
1961	movl	116(%esp),%ecx
1962	movdqa	%xmm2,%xmm4
1963	movdqu	(%ebx,%eax,1),%xmm5
1964	movdqa	%xmm2,%xmm6
1965	movdqu	(%ebx,%edi,1),%xmm7
1966	pxor	%xmm0,%xmm2
1967	pxor	%xmm2,%xmm3
1968	movdqa	%xmm2,(%esp)
1969	pxor	%xmm3,%xmm4
1970	movdqa	%xmm3,16(%esp)
1971	pxor	%xmm4,%xmm5
1972	movdqa	%xmm4,32(%esp)
1973	pxor	%xmm5,%xmm6
1974	movdqa	%xmm5,48(%esp)
1975	pxor	%xmm6,%xmm7
1976	movdqa	%xmm6,64(%esp)
1977	movdqa	%xmm7,80(%esp)
1978	movups	-48(%edx,%ecx,1),%xmm0
1979	movdqu	(%esi),%xmm2
1980	movdqu	16(%esi),%xmm3
1981	movdqu	32(%esi),%xmm4
1982	movdqu	48(%esi),%xmm5
1983	movdqu	64(%esi),%xmm6
1984	movdqu	80(%esi),%xmm7
1985	leal	96(%esi),%esi
1986	pxor	%xmm2,%xmm1
1987	pxor	%xmm0,%xmm2
1988	pxor	%xmm3,%xmm1
1989	pxor	%xmm0,%xmm3
1990	pxor	%xmm4,%xmm1
1991	pxor	%xmm0,%xmm4
1992	pxor	%xmm5,%xmm1
1993	pxor	%xmm0,%xmm5
1994	pxor	%xmm6,%xmm1
1995	pxor	%xmm0,%xmm6
1996	pxor	%xmm7,%xmm1
1997	pxor	%xmm0,%xmm7
1998	movdqa	%xmm1,96(%esp)
1999	movups	-32(%edx,%ecx,1),%xmm1
2000	pxor	(%esp),%xmm2
2001	pxor	16(%esp),%xmm3
2002	pxor	32(%esp),%xmm4
2003	pxor	48(%esp),%xmm5
2004	pxor	64(%esp),%xmm6
2005	pxor	80(%esp),%xmm7
2006	movups	-16(%edx,%ecx,1),%xmm0
2007.byte	102,15,56,220,209
2008.byte	102,15,56,220,217
2009.byte	102,15,56,220,225
2010.byte	102,15,56,220,233
2011.byte	102,15,56,220,241
2012.byte	102,15,56,220,249
2013	movl	120(%esp),%edi
2014	movl	124(%esp),%eax
2015	call	.L_aesni_encrypt6_enter
2016	movdqa	80(%esp),%xmm0
2017	pxor	(%esp),%xmm2
2018	pxor	16(%esp),%xmm3
2019	pxor	32(%esp),%xmm4
2020	pxor	48(%esp),%xmm5
2021	pxor	64(%esp),%xmm6
2022	pxor	%xmm0,%xmm7
2023	movdqa	96(%esp),%xmm1
2024	movdqu	%xmm2,-96(%edi,%esi,1)
2025	movdqu	%xmm3,-80(%edi,%esi,1)
2026	movdqu	%xmm4,-64(%edi,%esi,1)
2027	movdqu	%xmm5,-48(%edi,%esi,1)
2028	movdqu	%xmm6,-32(%edi,%esi,1)
2029	movdqu	%xmm7,-16(%edi,%esi,1)
2030	cmpl	%eax,%esi
2031	jbe	.L077grandloop
2032.L076short:
2033	addl	$96,%eax
2034	subl	%esi,%eax
2035	jz	.L078done
2036	cmpl	$32,%eax
2037	jb	.L079one
2038	je	.L080two
2039	cmpl	$64,%eax
2040	jb	.L081three
2041	je	.L082four
2042	leal	1(%ebp),%ecx
2043	leal	3(%ebp),%eax
2044	bsfl	%ecx,%ecx
2045	bsfl	%eax,%eax
2046	shll	$4,%ecx
2047	shll	$4,%eax
2048	movdqu	(%ebx),%xmm2
2049	movdqu	(%ebx,%ecx,1),%xmm3
2050	movl	116(%esp),%ecx
2051	movdqa	%xmm2,%xmm4
2052	movdqu	(%ebx,%eax,1),%xmm5
2053	movdqa	%xmm2,%xmm6
2054	pxor	%xmm0,%xmm2
2055	pxor	%xmm2,%xmm3
2056	movdqa	%xmm2,(%esp)
2057	pxor	%xmm3,%xmm4
2058	movdqa	%xmm3,16(%esp)
2059	pxor	%xmm4,%xmm5
2060	movdqa	%xmm4,32(%esp)
2061	pxor	%xmm5,%xmm6
2062	movdqa	%xmm5,48(%esp)
2063	pxor	%xmm6,%xmm7
2064	movdqa	%xmm6,64(%esp)
2065	movups	-48(%edx,%ecx,1),%xmm0
2066	movdqu	(%esi),%xmm2
2067	movdqu	16(%esi),%xmm3
2068	movdqu	32(%esi),%xmm4
2069	movdqu	48(%esi),%xmm5
2070	movdqu	64(%esi),%xmm6
2071	pxor	%xmm7,%xmm7
2072	pxor	%xmm2,%xmm1
2073	pxor	%xmm0,%xmm2
2074	pxor	%xmm3,%xmm1
2075	pxor	%xmm0,%xmm3
2076	pxor	%xmm4,%xmm1
2077	pxor	%xmm0,%xmm4
2078	pxor	%xmm5,%xmm1
2079	pxor	%xmm0,%xmm5
2080	pxor	%xmm6,%xmm1
2081	pxor	%xmm0,%xmm6
2082	movdqa	%xmm1,96(%esp)
2083	movups	-32(%edx,%ecx,1),%xmm1
2084	pxor	(%esp),%xmm2
2085	pxor	16(%esp),%xmm3
2086	pxor	32(%esp),%xmm4
2087	pxor	48(%esp),%xmm5
2088	pxor	64(%esp),%xmm6
2089	movups	-16(%edx,%ecx,1),%xmm0
2090.byte	102,15,56,220,209
2091.byte	102,15,56,220,217
2092.byte	102,15,56,220,225
2093.byte	102,15,56,220,233
2094.byte	102,15,56,220,241
2095.byte	102,15,56,220,249
2096	movl	120(%esp),%edi
2097	call	.L_aesni_encrypt6_enter
2098	movdqa	64(%esp),%xmm0
2099	pxor	(%esp),%xmm2
2100	pxor	16(%esp),%xmm3
2101	pxor	32(%esp),%xmm4
2102	pxor	48(%esp),%xmm5
2103	pxor	%xmm0,%xmm6
2104	movdqa	96(%esp),%xmm1
2105	movdqu	%xmm2,(%edi,%esi,1)
2106	movdqu	%xmm3,16(%edi,%esi,1)
2107	movdqu	%xmm4,32(%edi,%esi,1)
2108	movdqu	%xmm5,48(%edi,%esi,1)
2109	movdqu	%xmm6,64(%edi,%esi,1)
2110	jmp	.L078done
2111.align	16
2112.L079one:
2113	movdqu	(%ebx),%xmm7
2114	movl	112(%esp),%edx
2115	movdqu	(%esi),%xmm2
2116	movl	240(%edx),%ecx
2117	pxor	%xmm0,%xmm7
2118	pxor	%xmm2,%xmm1
2119	pxor	%xmm7,%xmm2
2120	movdqa	%xmm1,%xmm6
2121	movl	120(%esp),%edi
2122	movups	(%edx),%xmm0
2123	movups	16(%edx),%xmm1
2124	leal	32(%edx),%edx
2125	xorps	%xmm0,%xmm2
2126.L083enc1_loop_16:
2127.byte	102,15,56,220,209
2128	decl	%ecx
2129	movups	(%edx),%xmm1
2130	leal	16(%edx),%edx
2131	jnz	.L083enc1_loop_16
2132.byte	102,15,56,221,209
2133	xorps	%xmm7,%xmm2
2134	movdqa	%xmm7,%xmm0
2135	movdqa	%xmm6,%xmm1
2136	movups	%xmm2,(%edi,%esi,1)
2137	jmp	.L078done
2138.align	16
2139.L080two:
2140	leal	1(%ebp),%ecx
2141	movl	112(%esp),%edx
2142	bsfl	%ecx,%ecx
2143	shll	$4,%ecx
2144	movdqu	(%ebx),%xmm6
2145	movdqu	(%ebx,%ecx,1),%xmm7
2146	movdqu	(%esi),%xmm2
2147	movdqu	16(%esi),%xmm3
2148	movl	240(%edx),%ecx
2149	pxor	%xmm0,%xmm6
2150	pxor	%xmm6,%xmm7
2151	pxor	%xmm2,%xmm1
2152	pxor	%xmm6,%xmm2
2153	pxor	%xmm3,%xmm1
2154	pxor	%xmm7,%xmm3
2155	movdqa	%xmm1,%xmm5
2156	movl	120(%esp),%edi
2157	call	_aesni_encrypt2
2158	xorps	%xmm6,%xmm2
2159	xorps	%xmm7,%xmm3
2160	movdqa	%xmm7,%xmm0
2161	movdqa	%xmm5,%xmm1
2162	movups	%xmm2,(%edi,%esi,1)
2163	movups	%xmm3,16(%edi,%esi,1)
2164	jmp	.L078done
2165.align	16
2166.L081three:
2167	leal	1(%ebp),%ecx
2168	movl	112(%esp),%edx
2169	bsfl	%ecx,%ecx
2170	shll	$4,%ecx
2171	movdqu	(%ebx),%xmm5
2172	movdqu	(%ebx,%ecx,1),%xmm6
2173	movdqa	%xmm5,%xmm7
2174	movdqu	(%esi),%xmm2
2175	movdqu	16(%esi),%xmm3
2176	movdqu	32(%esi),%xmm4
2177	movl	240(%edx),%ecx
2178	pxor	%xmm0,%xmm5
2179	pxor	%xmm5,%xmm6
2180	pxor	%xmm6,%xmm7
2181	pxor	%xmm2,%xmm1
2182	pxor	%xmm5,%xmm2
2183	pxor	%xmm3,%xmm1
2184	pxor	%xmm6,%xmm3
2185	pxor	%xmm4,%xmm1
2186	pxor	%xmm7,%xmm4
2187	movdqa	%xmm1,96(%esp)
2188	movl	120(%esp),%edi
2189	call	_aesni_encrypt3
2190	xorps	%xmm5,%xmm2
2191	xorps	%xmm6,%xmm3
2192	xorps	%xmm7,%xmm4
2193	movdqa	%xmm7,%xmm0
2194	movdqa	96(%esp),%xmm1
2195	movups	%xmm2,(%edi,%esi,1)
2196	movups	%xmm3,16(%edi,%esi,1)
2197	movups	%xmm4,32(%edi,%esi,1)
2198	jmp	.L078done
2199.align	16
2200.L082four:
2201	leal	1(%ebp),%ecx
2202	leal	3(%ebp),%eax
2203	bsfl	%ecx,%ecx
2204	bsfl	%eax,%eax
2205	movl	112(%esp),%edx
2206	shll	$4,%ecx
2207	shll	$4,%eax
2208	movdqu	(%ebx),%xmm4
2209	movdqu	(%ebx,%ecx,1),%xmm5
2210	movdqa	%xmm4,%xmm6
2211	movdqu	(%ebx,%eax,1),%xmm7
2212	pxor	%xmm0,%xmm4
2213	movdqu	(%esi),%xmm2
2214	pxor	%xmm4,%xmm5
2215	movdqu	16(%esi),%xmm3
2216	pxor	%xmm5,%xmm6
2217	movdqa	%xmm4,(%esp)
2218	pxor	%xmm6,%xmm7
2219	movdqa	%xmm5,16(%esp)
2220	movdqu	32(%esi),%xmm4
2221	movdqu	48(%esi),%xmm5
2222	movl	240(%edx),%ecx
2223	pxor	%xmm2,%xmm1
2224	pxor	(%esp),%xmm2
2225	pxor	%xmm3,%xmm1
2226	pxor	16(%esp),%xmm3
2227	pxor	%xmm4,%xmm1
2228	pxor	%xmm6,%xmm4
2229	pxor	%xmm5,%xmm1
2230	pxor	%xmm7,%xmm5
2231	movdqa	%xmm1,96(%esp)
2232	movl	120(%esp),%edi
2233	call	_aesni_encrypt4
2234	xorps	(%esp),%xmm2
2235	xorps	16(%esp),%xmm3
2236	xorps	%xmm6,%xmm4
2237	movups	%xmm2,(%edi,%esi,1)
2238	xorps	%xmm7,%xmm5
2239	movups	%xmm3,16(%edi,%esi,1)
2240	movdqa	%xmm7,%xmm0
2241	movups	%xmm4,32(%edi,%esi,1)
2242	movdqa	96(%esp),%xmm1
2243	movups	%xmm5,48(%edi,%esi,1)
2244.L078done:
2245	movl	128(%esp),%edx
2246	pxor	%xmm2,%xmm2
2247	pxor	%xmm3,%xmm3
2248	movdqa	%xmm2,(%esp)
2249	pxor	%xmm4,%xmm4
2250	movdqa	%xmm2,16(%esp)
2251	pxor	%xmm5,%xmm5
2252	movdqa	%xmm2,32(%esp)
2253	pxor	%xmm6,%xmm6
2254	movdqa	%xmm2,48(%esp)
2255	pxor	%xmm7,%xmm7
2256	movdqa	%xmm2,64(%esp)
2257	movdqa	%xmm2,80(%esp)
2258	movdqa	%xmm2,96(%esp)
2259	leal	(%edx),%esp
2260	movl	40(%esp),%ecx
2261	movl	48(%esp),%ebx
2262	movdqu	%xmm0,(%ecx)
2263	pxor	%xmm0,%xmm0
2264	movdqu	%xmm1,(%ebx)
2265	pxor	%xmm1,%xmm1
2266	popl	%edi
2267	popl	%esi
2268	popl	%ebx
2269	popl	%ebp
2270	ret
2271.size	aesni_ocb_encrypt,.-.L_aesni_ocb_encrypt_begin
2272.globl	aesni_ocb_decrypt
2273.type	aesni_ocb_decrypt,@function
2274.align	16
2275aesni_ocb_decrypt:
2276.L_aesni_ocb_decrypt_begin:
2277	%ifdef __CET__
2278
2279.byte	243,15,30,251
2280	%endif
2281
2282	pushl	%ebp
2283	pushl	%ebx
2284	pushl	%esi
2285	pushl	%edi
2286	movl	40(%esp),%ecx
2287	movl	48(%esp),%ebx
2288	movl	20(%esp),%esi
2289	movl	24(%esp),%edi
2290	movl	28(%esp),%eax
2291	movl	32(%esp),%edx
2292	movdqu	(%ecx),%xmm0
2293	movl	36(%esp),%ebp
2294	movdqu	(%ebx),%xmm1
2295	movl	44(%esp),%ebx
2296	movl	%esp,%ecx
2297	subl	$132,%esp
2298	andl	$-16,%esp
2299	subl	%esi,%edi
2300	shll	$4,%eax
2301	leal	-96(%esi,%eax,1),%eax
2302	movl	%edi,120(%esp)
2303	movl	%eax,124(%esp)
2304	movl	%ecx,128(%esp)
2305	movl	240(%edx),%ecx
2306	testl	$1,%ebp
2307	jnz	.L084odd
2308	bsfl	%ebp,%eax
2309	addl	$1,%ebp
2310	shll	$4,%eax
2311	movdqu	(%ebx,%eax,1),%xmm7
2312	movl	%edx,%eax
2313	movdqu	(%esi),%xmm2
2314	leal	16(%esi),%esi
2315	pxor	%xmm0,%xmm7
2316	pxor	%xmm7,%xmm2
2317	movdqa	%xmm1,%xmm6
2318	movups	(%edx),%xmm0
2319	movups	16(%edx),%xmm1
2320	leal	32(%edx),%edx
2321	xorps	%xmm0,%xmm2
2322.L085dec1_loop_17:
2323.byte	102,15,56,222,209
2324	decl	%ecx
2325	movups	(%edx),%xmm1
2326	leal	16(%edx),%edx
2327	jnz	.L085dec1_loop_17
2328.byte	102,15,56,223,209
2329	xorps	%xmm7,%xmm2
2330	movaps	%xmm6,%xmm1
2331	movdqa	%xmm7,%xmm0
2332	xorps	%xmm2,%xmm1
2333	movups	%xmm2,-16(%edi,%esi,1)
2334	movl	240(%eax),%ecx
2335	movl	%eax,%edx
2336	movl	124(%esp),%eax
2337.L084odd:
2338	shll	$4,%ecx
2339	movl	$16,%edi
2340	subl	%ecx,%edi
2341	movl	%edx,112(%esp)
2342	leal	32(%edx,%ecx,1),%edx
2343	movl	%edi,116(%esp)
2344	cmpl	%eax,%esi
2345	ja	.L086short
2346	jmp	.L087grandloop
2347.align	32
2348.L087grandloop:
2349	leal	1(%ebp),%ecx
2350	leal	3(%ebp),%eax
2351	leal	5(%ebp),%edi
2352	addl	$6,%ebp
2353	bsfl	%ecx,%ecx
2354	bsfl	%eax,%eax
2355	bsfl	%edi,%edi
2356	shll	$4,%ecx
2357	shll	$4,%eax
2358	shll	$4,%edi
2359	movdqu	(%ebx),%xmm2
2360	movdqu	(%ebx,%ecx,1),%xmm3
2361	movl	116(%esp),%ecx
2362	movdqa	%xmm2,%xmm4
2363	movdqu	(%ebx,%eax,1),%xmm5
2364	movdqa	%xmm2,%xmm6
2365	movdqu	(%ebx,%edi,1),%xmm7
2366	pxor	%xmm0,%xmm2
2367	pxor	%xmm2,%xmm3
2368	movdqa	%xmm2,(%esp)
2369	pxor	%xmm3,%xmm4
2370	movdqa	%xmm3,16(%esp)
2371	pxor	%xmm4,%xmm5
2372	movdqa	%xmm4,32(%esp)
2373	pxor	%xmm5,%xmm6
2374	movdqa	%xmm5,48(%esp)
2375	pxor	%xmm6,%xmm7
2376	movdqa	%xmm6,64(%esp)
2377	movdqa	%xmm7,80(%esp)
2378	movups	-48(%edx,%ecx,1),%xmm0
2379	movdqu	(%esi),%xmm2
2380	movdqu	16(%esi),%xmm3
2381	movdqu	32(%esi),%xmm4
2382	movdqu	48(%esi),%xmm5
2383	movdqu	64(%esi),%xmm6
2384	movdqu	80(%esi),%xmm7
2385	leal	96(%esi),%esi
2386	movdqa	%xmm1,96(%esp)
2387	pxor	%xmm0,%xmm2
2388	pxor	%xmm0,%xmm3
2389	pxor	%xmm0,%xmm4
2390	pxor	%xmm0,%xmm5
2391	pxor	%xmm0,%xmm6
2392	pxor	%xmm0,%xmm7
2393	movups	-32(%edx,%ecx,1),%xmm1
2394	pxor	(%esp),%xmm2
2395	pxor	16(%esp),%xmm3
2396	pxor	32(%esp),%xmm4
2397	pxor	48(%esp),%xmm5
2398	pxor	64(%esp),%xmm6
2399	pxor	80(%esp),%xmm7
2400	movups	-16(%edx,%ecx,1),%xmm0
2401.byte	102,15,56,222,209
2402.byte	102,15,56,222,217
2403.byte	102,15,56,222,225
2404.byte	102,15,56,222,233
2405.byte	102,15,56,222,241
2406.byte	102,15,56,222,249
2407	movl	120(%esp),%edi
2408	movl	124(%esp),%eax
2409	call	.L_aesni_decrypt6_enter
2410	movdqa	80(%esp),%xmm0
2411	pxor	(%esp),%xmm2
2412	movdqa	96(%esp),%xmm1
2413	pxor	16(%esp),%xmm3
2414	pxor	32(%esp),%xmm4
2415	pxor	48(%esp),%xmm5
2416	pxor	64(%esp),%xmm6
2417	pxor	%xmm0,%xmm7
2418	pxor	%xmm2,%xmm1
2419	movdqu	%xmm2,-96(%edi,%esi,1)
2420	pxor	%xmm3,%xmm1
2421	movdqu	%xmm3,-80(%edi,%esi,1)
2422	pxor	%xmm4,%xmm1
2423	movdqu	%xmm4,-64(%edi,%esi,1)
2424	pxor	%xmm5,%xmm1
2425	movdqu	%xmm5,-48(%edi,%esi,1)
2426	pxor	%xmm6,%xmm1
2427	movdqu	%xmm6,-32(%edi,%esi,1)
2428	pxor	%xmm7,%xmm1
2429	movdqu	%xmm7,-16(%edi,%esi,1)
2430	cmpl	%eax,%esi
2431	jbe	.L087grandloop
2432.L086short:
2433	addl	$96,%eax
2434	subl	%esi,%eax
2435	jz	.L088done
2436	cmpl	$32,%eax
2437	jb	.L089one
2438	je	.L090two
2439	cmpl	$64,%eax
2440	jb	.L091three
2441	je	.L092four
2442	leal	1(%ebp),%ecx
2443	leal	3(%ebp),%eax
2444	bsfl	%ecx,%ecx
2445	bsfl	%eax,%eax
2446	shll	$4,%ecx
2447	shll	$4,%eax
2448	movdqu	(%ebx),%xmm2
2449	movdqu	(%ebx,%ecx,1),%xmm3
2450	movl	116(%esp),%ecx
2451	movdqa	%xmm2,%xmm4
2452	movdqu	(%ebx,%eax,1),%xmm5
2453	movdqa	%xmm2,%xmm6
2454	pxor	%xmm0,%xmm2
2455	pxor	%xmm2,%xmm3
2456	movdqa	%xmm2,(%esp)
2457	pxor	%xmm3,%xmm4
2458	movdqa	%xmm3,16(%esp)
2459	pxor	%xmm4,%xmm5
2460	movdqa	%xmm4,32(%esp)
2461	pxor	%xmm5,%xmm6
2462	movdqa	%xmm5,48(%esp)
2463	pxor	%xmm6,%xmm7
2464	movdqa	%xmm6,64(%esp)
2465	movups	-48(%edx,%ecx,1),%xmm0
2466	movdqu	(%esi),%xmm2
2467	movdqu	16(%esi),%xmm3
2468	movdqu	32(%esi),%xmm4
2469	movdqu	48(%esi),%xmm5
2470	movdqu	64(%esi),%xmm6
2471	pxor	%xmm7,%xmm7
2472	movdqa	%xmm1,96(%esp)
2473	pxor	%xmm0,%xmm2
2474	pxor	%xmm0,%xmm3
2475	pxor	%xmm0,%xmm4
2476	pxor	%xmm0,%xmm5
2477	pxor	%xmm0,%xmm6
2478	movups	-32(%edx,%ecx,1),%xmm1
2479	pxor	(%esp),%xmm2
2480	pxor	16(%esp),%xmm3
2481	pxor	32(%esp),%xmm4
2482	pxor	48(%esp),%xmm5
2483	pxor	64(%esp),%xmm6
2484	movups	-16(%edx,%ecx,1),%xmm0
2485.byte	102,15,56,222,209
2486.byte	102,15,56,222,217
2487.byte	102,15,56,222,225
2488.byte	102,15,56,222,233
2489.byte	102,15,56,222,241
2490.byte	102,15,56,222,249
2491	movl	120(%esp),%edi
2492	call	.L_aesni_decrypt6_enter
2493	movdqa	64(%esp),%xmm0
2494	pxor	(%esp),%xmm2
2495	movdqa	96(%esp),%xmm1
2496	pxor	16(%esp),%xmm3
2497	pxor	32(%esp),%xmm4
2498	pxor	48(%esp),%xmm5
2499	pxor	%xmm0,%xmm6
2500	pxor	%xmm2,%xmm1
2501	movdqu	%xmm2,(%edi,%esi,1)
2502	pxor	%xmm3,%xmm1
2503	movdqu	%xmm3,16(%edi,%esi,1)
2504	pxor	%xmm4,%xmm1
2505	movdqu	%xmm4,32(%edi,%esi,1)
2506	pxor	%xmm5,%xmm1
2507	movdqu	%xmm5,48(%edi,%esi,1)
2508	pxor	%xmm6,%xmm1
2509	movdqu	%xmm6,64(%edi,%esi,1)
2510	jmp	.L088done
2511.align	16
2512.L089one:
2513	movdqu	(%ebx),%xmm7
2514	movl	112(%esp),%edx
2515	movdqu	(%esi),%xmm2
2516	movl	240(%edx),%ecx
2517	pxor	%xmm0,%xmm7
2518	pxor	%xmm7,%xmm2
2519	movdqa	%xmm1,%xmm6
2520	movl	120(%esp),%edi
2521	movups	(%edx),%xmm0
2522	movups	16(%edx),%xmm1
2523	leal	32(%edx),%edx
2524	xorps	%xmm0,%xmm2
2525.L093dec1_loop_18:
2526.byte	102,15,56,222,209
2527	decl	%ecx
2528	movups	(%edx),%xmm1
2529	leal	16(%edx),%edx
2530	jnz	.L093dec1_loop_18
2531.byte	102,15,56,223,209
2532	xorps	%xmm7,%xmm2
2533	movaps	%xmm6,%xmm1
2534	movdqa	%xmm7,%xmm0
2535	xorps	%xmm2,%xmm1
2536	movups	%xmm2,(%edi,%esi,1)
2537	jmp	.L088done
2538.align	16
2539.L090two:
2540	leal	1(%ebp),%ecx
2541	movl	112(%esp),%edx
2542	bsfl	%ecx,%ecx
2543	shll	$4,%ecx
2544	movdqu	(%ebx),%xmm6
2545	movdqu	(%ebx,%ecx,1),%xmm7
2546	movdqu	(%esi),%xmm2
2547	movdqu	16(%esi),%xmm3
2548	movl	240(%edx),%ecx
2549	movdqa	%xmm1,%xmm5
2550	pxor	%xmm0,%xmm6
2551	pxor	%xmm6,%xmm7
2552	pxor	%xmm6,%xmm2
2553	pxor	%xmm7,%xmm3
2554	movl	120(%esp),%edi
2555	call	_aesni_decrypt2
2556	xorps	%xmm6,%xmm2
2557	xorps	%xmm7,%xmm3
2558	movdqa	%xmm7,%xmm0
2559	xorps	%xmm2,%xmm5
2560	movups	%xmm2,(%edi,%esi,1)
2561	xorps	%xmm3,%xmm5
2562	movups	%xmm3,16(%edi,%esi,1)
2563	movaps	%xmm5,%xmm1
2564	jmp	.L088done
2565.align	16
2566.L091three:
2567	leal	1(%ebp),%ecx
2568	movl	112(%esp),%edx
2569	bsfl	%ecx,%ecx
2570	shll	$4,%ecx
2571	movdqu	(%ebx),%xmm5
2572	movdqu	(%ebx,%ecx,1),%xmm6
2573	movdqa	%xmm5,%xmm7
2574	movdqu	(%esi),%xmm2
2575	movdqu	16(%esi),%xmm3
2576	movdqu	32(%esi),%xmm4
2577	movl	240(%edx),%ecx
2578	movdqa	%xmm1,96(%esp)
2579	pxor	%xmm0,%xmm5
2580	pxor	%xmm5,%xmm6
2581	pxor	%xmm6,%xmm7
2582	pxor	%xmm5,%xmm2
2583	pxor	%xmm6,%xmm3
2584	pxor	%xmm7,%xmm4
2585	movl	120(%esp),%edi
2586	call	_aesni_decrypt3
2587	movdqa	96(%esp),%xmm1
2588	xorps	%xmm5,%xmm2
2589	xorps	%xmm6,%xmm3
2590	xorps	%xmm7,%xmm4
2591	movups	%xmm2,(%edi,%esi,1)
2592	pxor	%xmm2,%xmm1
2593	movdqa	%xmm7,%xmm0
2594	movups	%xmm3,16(%edi,%esi,1)
2595	pxor	%xmm3,%xmm1
2596	movups	%xmm4,32(%edi,%esi,1)
2597	pxor	%xmm4,%xmm1
2598	jmp	.L088done
2599.align	16
2600.L092four:
2601	leal	1(%ebp),%ecx
2602	leal	3(%ebp),%eax
2603	bsfl	%ecx,%ecx
2604	bsfl	%eax,%eax
2605	movl	112(%esp),%edx
2606	shll	$4,%ecx
2607	shll	$4,%eax
2608	movdqu	(%ebx),%xmm4
2609	movdqu	(%ebx,%ecx,1),%xmm5
2610	movdqa	%xmm4,%xmm6
2611	movdqu	(%ebx,%eax,1),%xmm7
2612	pxor	%xmm0,%xmm4
2613	movdqu	(%esi),%xmm2
2614	pxor	%xmm4,%xmm5
2615	movdqu	16(%esi),%xmm3
2616	pxor	%xmm5,%xmm6
2617	movdqa	%xmm4,(%esp)
2618	pxor	%xmm6,%xmm7
2619	movdqa	%xmm5,16(%esp)
2620	movdqu	32(%esi),%xmm4
2621	movdqu	48(%esi),%xmm5
2622	movl	240(%edx),%ecx
2623	movdqa	%xmm1,96(%esp)
2624	pxor	(%esp),%xmm2
2625	pxor	16(%esp),%xmm3
2626	pxor	%xmm6,%xmm4
2627	pxor	%xmm7,%xmm5
2628	movl	120(%esp),%edi
2629	call	_aesni_decrypt4
2630	movdqa	96(%esp),%xmm1
2631	xorps	(%esp),%xmm2
2632	xorps	16(%esp),%xmm3
2633	xorps	%xmm6,%xmm4
2634	movups	%xmm2,(%edi,%esi,1)
2635	pxor	%xmm2,%xmm1
2636	xorps	%xmm7,%xmm5
2637	movups	%xmm3,16(%edi,%esi,1)
2638	pxor	%xmm3,%xmm1
2639	movdqa	%xmm7,%xmm0
2640	movups	%xmm4,32(%edi,%esi,1)
2641	pxor	%xmm4,%xmm1
2642	movups	%xmm5,48(%edi,%esi,1)
2643	pxor	%xmm5,%xmm1
2644.L088done:
2645	movl	128(%esp),%edx
2646	pxor	%xmm2,%xmm2
2647	pxor	%xmm3,%xmm3
2648	movdqa	%xmm2,(%esp)
2649	pxor	%xmm4,%xmm4
2650	movdqa	%xmm2,16(%esp)
2651	pxor	%xmm5,%xmm5
2652	movdqa	%xmm2,32(%esp)
2653	pxor	%xmm6,%xmm6
2654	movdqa	%xmm2,48(%esp)
2655	pxor	%xmm7,%xmm7
2656	movdqa	%xmm2,64(%esp)
2657	movdqa	%xmm2,80(%esp)
2658	movdqa	%xmm2,96(%esp)
2659	leal	(%edx),%esp
2660	movl	40(%esp),%ecx
2661	movl	48(%esp),%ebx
2662	movdqu	%xmm0,(%ecx)
2663	pxor	%xmm0,%xmm0
2664	movdqu	%xmm1,(%ebx)
2665	pxor	%xmm1,%xmm1
2666	popl	%edi
2667	popl	%esi
2668	popl	%ebx
2669	popl	%ebp
2670	ret
2671.size	aesni_ocb_decrypt,.-.L_aesni_ocb_decrypt_begin
2672.globl	aesni_cbc_encrypt
2673.type	aesni_cbc_encrypt,@function
2674.align	16
2675aesni_cbc_encrypt:
2676.L_aesni_cbc_encrypt_begin:
2677	%ifdef __CET__
2678
2679.byte	243,15,30,251
2680	%endif
2681
2682	pushl	%ebp
2683	pushl	%ebx
2684	pushl	%esi
2685	pushl	%edi
2686	movl	20(%esp),%esi
2687	movl	%esp,%ebx
2688	movl	24(%esp),%edi
2689	subl	$24,%ebx
2690	movl	28(%esp),%eax
2691	andl	$-16,%ebx
2692	movl	32(%esp),%edx
2693	movl	36(%esp),%ebp
2694	testl	%eax,%eax
2695	jz	.L094cbc_abort
2696	cmpl	$0,40(%esp)
2697	xchgl	%esp,%ebx
2698	movups	(%ebp),%xmm7
2699	movl	240(%edx),%ecx
2700	movl	%edx,%ebp
2701	movl	%ebx,16(%esp)
2702	movl	%ecx,%ebx
2703	je	.L095cbc_decrypt
2704	movaps	%xmm7,%xmm2
2705	cmpl	$16,%eax
2706	jb	.L096cbc_enc_tail
2707	subl	$16,%eax
2708	jmp	.L097cbc_enc_loop
2709.align	16
2710.L097cbc_enc_loop:
2711	movups	(%esi),%xmm7
2712	leal	16(%esi),%esi
2713	movups	(%edx),%xmm0
2714	movups	16(%edx),%xmm1
2715	xorps	%xmm0,%xmm7
2716	leal	32(%edx),%edx
2717	xorps	%xmm7,%xmm2
2718.L098enc1_loop_19:
2719.byte	102,15,56,220,209
2720	decl	%ecx
2721	movups	(%edx),%xmm1
2722	leal	16(%edx),%edx
2723	jnz	.L098enc1_loop_19
2724.byte	102,15,56,221,209
2725	movl	%ebx,%ecx
2726	movl	%ebp,%edx
2727	movups	%xmm2,(%edi)
2728	leal	16(%edi),%edi
2729	subl	$16,%eax
2730	jnc	.L097cbc_enc_loop
2731	addl	$16,%eax
2732	jnz	.L096cbc_enc_tail
2733	movaps	%xmm2,%xmm7
2734	pxor	%xmm2,%xmm2
2735	jmp	.L099cbc_ret
2736.L096cbc_enc_tail:
2737	movl	%eax,%ecx
2738.long	2767451785
2739	movl	$16,%ecx
2740	subl	%eax,%ecx
2741	xorl	%eax,%eax
2742.long	2868115081
2743	leal	-16(%edi),%edi
2744	movl	%ebx,%ecx
2745	movl	%edi,%esi
2746	movl	%ebp,%edx
2747	jmp	.L097cbc_enc_loop
2748.align	16
2749.L095cbc_decrypt:
2750	cmpl	$80,%eax
2751	jbe	.L100cbc_dec_tail
2752	movaps	%xmm7,(%esp)
2753	subl	$80,%eax
2754	jmp	.L101cbc_dec_loop6_enter
2755.align	16
2756.L102cbc_dec_loop6:
2757	movaps	%xmm0,(%esp)
2758	movups	%xmm7,(%edi)
2759	leal	16(%edi),%edi
2760.L101cbc_dec_loop6_enter:
2761	movdqu	(%esi),%xmm2
2762	movdqu	16(%esi),%xmm3
2763	movdqu	32(%esi),%xmm4
2764	movdqu	48(%esi),%xmm5
2765	movdqu	64(%esi),%xmm6
2766	movdqu	80(%esi),%xmm7
2767	call	_aesni_decrypt6
2768	movups	(%esi),%xmm1
2769	movups	16(%esi),%xmm0
2770	xorps	(%esp),%xmm2
2771	xorps	%xmm1,%xmm3
2772	movups	32(%esi),%xmm1
2773	xorps	%xmm0,%xmm4
2774	movups	48(%esi),%xmm0
2775	xorps	%xmm1,%xmm5
2776	movups	64(%esi),%xmm1
2777	xorps	%xmm0,%xmm6
2778	movups	80(%esi),%xmm0
2779	xorps	%xmm1,%xmm7
2780	movups	%xmm2,(%edi)
2781	movups	%xmm3,16(%edi)
2782	leal	96(%esi),%esi
2783	movups	%xmm4,32(%edi)
2784	movl	%ebx,%ecx
2785	movups	%xmm5,48(%edi)
2786	movl	%ebp,%edx
2787	movups	%xmm6,64(%edi)
2788	leal	80(%edi),%edi
2789	subl	$96,%eax
2790	ja	.L102cbc_dec_loop6
2791	movaps	%xmm7,%xmm2
2792	movaps	%xmm0,%xmm7
2793	addl	$80,%eax
2794	jle	.L103cbc_dec_clear_tail_collected
2795	movups	%xmm2,(%edi)
2796	leal	16(%edi),%edi
2797.L100cbc_dec_tail:
2798	movups	(%esi),%xmm2
2799	movaps	%xmm2,%xmm6
2800	cmpl	$16,%eax
2801	jbe	.L104cbc_dec_one
2802	movups	16(%esi),%xmm3
2803	movaps	%xmm3,%xmm5
2804	cmpl	$32,%eax
2805	jbe	.L105cbc_dec_two
2806	movups	32(%esi),%xmm4
2807	cmpl	$48,%eax
2808	jbe	.L106cbc_dec_three
2809	movups	48(%esi),%xmm5
2810	cmpl	$64,%eax
2811	jbe	.L107cbc_dec_four
2812	movups	64(%esi),%xmm6
2813	movaps	%xmm7,(%esp)
2814	movups	(%esi),%xmm2
2815	xorps	%xmm7,%xmm7
2816	call	_aesni_decrypt6
2817	movups	(%esi),%xmm1
2818	movups	16(%esi),%xmm0
2819	xorps	(%esp),%xmm2
2820	xorps	%xmm1,%xmm3
2821	movups	32(%esi),%xmm1
2822	xorps	%xmm0,%xmm4
2823	movups	48(%esi),%xmm0
2824	xorps	%xmm1,%xmm5
2825	movups	64(%esi),%xmm7
2826	xorps	%xmm0,%xmm6
2827	movups	%xmm2,(%edi)
2828	movups	%xmm3,16(%edi)
2829	pxor	%xmm3,%xmm3
2830	movups	%xmm4,32(%edi)
2831	pxor	%xmm4,%xmm4
2832	movups	%xmm5,48(%edi)
2833	pxor	%xmm5,%xmm5
2834	leal	64(%edi),%edi
2835	movaps	%xmm6,%xmm2
2836	pxor	%xmm6,%xmm6
2837	subl	$80,%eax
2838	jmp	.L108cbc_dec_tail_collected
2839.align	16
2840.L104cbc_dec_one:
2841	movups	(%edx),%xmm0
2842	movups	16(%edx),%xmm1
2843	leal	32(%edx),%edx
2844	xorps	%xmm0,%xmm2
2845.L109dec1_loop_20:
2846.byte	102,15,56,222,209
2847	decl	%ecx
2848	movups	(%edx),%xmm1
2849	leal	16(%edx),%edx
2850	jnz	.L109dec1_loop_20
2851.byte	102,15,56,223,209
2852	xorps	%xmm7,%xmm2
2853	movaps	%xmm6,%xmm7
2854	subl	$16,%eax
2855	jmp	.L108cbc_dec_tail_collected
2856.align	16
2857.L105cbc_dec_two:
2858	call	_aesni_decrypt2
2859	xorps	%xmm7,%xmm2
2860	xorps	%xmm6,%xmm3
2861	movups	%xmm2,(%edi)
2862	movaps	%xmm3,%xmm2
2863	pxor	%xmm3,%xmm3
2864	leal	16(%edi),%edi
2865	movaps	%xmm5,%xmm7
2866	subl	$32,%eax
2867	jmp	.L108cbc_dec_tail_collected
2868.align	16
2869.L106cbc_dec_three:
2870	call	_aesni_decrypt3
2871	xorps	%xmm7,%xmm2
2872	xorps	%xmm6,%xmm3
2873	xorps	%xmm5,%xmm4
2874	movups	%xmm2,(%edi)
2875	movaps	%xmm4,%xmm2
2876	pxor	%xmm4,%xmm4
2877	movups	%xmm3,16(%edi)
2878	pxor	%xmm3,%xmm3
2879	leal	32(%edi),%edi
2880	movups	32(%esi),%xmm7
2881	subl	$48,%eax
2882	jmp	.L108cbc_dec_tail_collected
2883.align	16
2884.L107cbc_dec_four:
2885	call	_aesni_decrypt4
2886	movups	16(%esi),%xmm1
2887	movups	32(%esi),%xmm0
2888	xorps	%xmm7,%xmm2
2889	movups	48(%esi),%xmm7
2890	xorps	%xmm6,%xmm3
2891	movups	%xmm2,(%edi)
2892	xorps	%xmm1,%xmm4
2893	movups	%xmm3,16(%edi)
2894	pxor	%xmm3,%xmm3
2895	xorps	%xmm0,%xmm5
2896	movups	%xmm4,32(%edi)
2897	pxor	%xmm4,%xmm4
2898	leal	48(%edi),%edi
2899	movaps	%xmm5,%xmm2
2900	pxor	%xmm5,%xmm5
2901	subl	$64,%eax
2902	jmp	.L108cbc_dec_tail_collected
2903.align	16
2904.L103cbc_dec_clear_tail_collected:
2905	pxor	%xmm3,%xmm3
2906	pxor	%xmm4,%xmm4
2907	pxor	%xmm5,%xmm5
2908	pxor	%xmm6,%xmm6
2909.L108cbc_dec_tail_collected:
2910	andl	$15,%eax
2911	jnz	.L110cbc_dec_tail_partial
2912	movups	%xmm2,(%edi)
2913	pxor	%xmm0,%xmm0
2914	jmp	.L099cbc_ret
2915.align	16
2916.L110cbc_dec_tail_partial:
2917	movaps	%xmm2,(%esp)
2918	pxor	%xmm0,%xmm0
2919	movl	$16,%ecx
2920	movl	%esp,%esi
2921	subl	%eax,%ecx
2922.long	2767451785
2923	movdqa	%xmm2,(%esp)
2924.L099cbc_ret:
2925	movl	16(%esp),%esp
2926	movl	36(%esp),%ebp
2927	pxor	%xmm2,%xmm2
2928	pxor	%xmm1,%xmm1
2929	movups	%xmm7,(%ebp)
2930	pxor	%xmm7,%xmm7
2931.L094cbc_abort:
2932	popl	%edi
2933	popl	%esi
2934	popl	%ebx
2935	popl	%ebp
2936	ret
2937.size	aesni_cbc_encrypt,.-.L_aesni_cbc_encrypt_begin
2938.type	_aesni_set_encrypt_key,@function
2939.align	16
2940_aesni_set_encrypt_key:
2941	%ifdef __CET__
2942
2943.byte	243,15,30,251
2944	%endif
2945
2946	pushl	%ebp
2947	pushl	%ebx
2948	testl	%eax,%eax
2949	jz	.L111bad_pointer
2950	testl	%edx,%edx
2951	jz	.L111bad_pointer
2952	call	.L112pic
2953.L112pic:
2954	popl	%ebx
2955	leal	.Lkey_const-.L112pic(%ebx),%ebx
2956	leal	OPENSSL_ia32cap_P-.Lkey_const(%ebx),%ebp
2957	movups	(%eax),%xmm0
2958	xorps	%xmm4,%xmm4
2959	movl	4(%ebp),%ebp
2960	leal	16(%edx),%edx
2961	andl	$268437504,%ebp
2962	cmpl	$256,%ecx
2963	je	.L11314rounds
2964	cmpl	$192,%ecx
2965	je	.L11412rounds
2966	cmpl	$128,%ecx
2967	jne	.L115bad_keybits
2968.align	16
2969.L11610rounds:
2970	cmpl	$268435456,%ebp
2971	je	.L11710rounds_alt
2972	movl	$9,%ecx
2973	movups	%xmm0,-16(%edx)
2974.byte	102,15,58,223,200,1
2975	call	.L118key_128_cold
2976.byte	102,15,58,223,200,2
2977	call	.L119key_128
2978.byte	102,15,58,223,200,4
2979	call	.L119key_128
2980.byte	102,15,58,223,200,8
2981	call	.L119key_128
2982.byte	102,15,58,223,200,16
2983	call	.L119key_128
2984.byte	102,15,58,223,200,32
2985	call	.L119key_128
2986.byte	102,15,58,223,200,64
2987	call	.L119key_128
2988.byte	102,15,58,223,200,128
2989	call	.L119key_128
2990.byte	102,15,58,223,200,27
2991	call	.L119key_128
2992.byte	102,15,58,223,200,54
2993	call	.L119key_128
2994	movups	%xmm0,(%edx)
2995	movl	%ecx,80(%edx)
2996	jmp	.L120good_key
2997.align	16
2998.L119key_128:
2999	movups	%xmm0,(%edx)
3000	leal	16(%edx),%edx
3001.L118key_128_cold:
3002	shufps	$16,%xmm0,%xmm4
3003	xorps	%xmm4,%xmm0
3004	shufps	$140,%xmm0,%xmm4
3005	xorps	%xmm4,%xmm0
3006	shufps	$255,%xmm1,%xmm1
3007	xorps	%xmm1,%xmm0
3008	ret
3009.align	16
3010.L11710rounds_alt:
3011	movdqa	(%ebx),%xmm5
3012	movl	$8,%ecx
3013	movdqa	32(%ebx),%xmm4
3014	movdqa	%xmm0,%xmm2
3015	movdqu	%xmm0,-16(%edx)
3016.L121loop_key128:
3017.byte	102,15,56,0,197
3018.byte	102,15,56,221,196
3019	pslld	$1,%xmm4
3020	leal	16(%edx),%edx
3021	movdqa	%xmm2,%xmm3
3022	pslldq	$4,%xmm2
3023	pxor	%xmm2,%xmm3
3024	pslldq	$4,%xmm2
3025	pxor	%xmm2,%xmm3
3026	pslldq	$4,%xmm2
3027	pxor	%xmm3,%xmm2
3028	pxor	%xmm2,%xmm0
3029	movdqu	%xmm0,-16(%edx)
3030	movdqa	%xmm0,%xmm2
3031	decl	%ecx
3032	jnz	.L121loop_key128
3033	movdqa	48(%ebx),%xmm4
3034.byte	102,15,56,0,197
3035.byte	102,15,56,221,196
3036	pslld	$1,%xmm4
3037	movdqa	%xmm2,%xmm3
3038	pslldq	$4,%xmm2
3039	pxor	%xmm2,%xmm3
3040	pslldq	$4,%xmm2
3041	pxor	%xmm2,%xmm3
3042	pslldq	$4,%xmm2
3043	pxor	%xmm3,%xmm2
3044	pxor	%xmm2,%xmm0
3045	movdqu	%xmm0,(%edx)
3046	movdqa	%xmm0,%xmm2
3047.byte	102,15,56,0,197
3048.byte	102,15,56,221,196
3049	movdqa	%xmm2,%xmm3
3050	pslldq	$4,%xmm2
3051	pxor	%xmm2,%xmm3
3052	pslldq	$4,%xmm2
3053	pxor	%xmm2,%xmm3
3054	pslldq	$4,%xmm2
3055	pxor	%xmm3,%xmm2
3056	pxor	%xmm2,%xmm0
3057	movdqu	%xmm0,16(%edx)
3058	movl	$9,%ecx
3059	movl	%ecx,96(%edx)
3060	jmp	.L120good_key
3061.align	16
3062.L11412rounds:
3063	movq	16(%eax),%xmm2
3064	cmpl	$268435456,%ebp
3065	je	.L12212rounds_alt
3066	movl	$11,%ecx
3067	movups	%xmm0,-16(%edx)
3068.byte	102,15,58,223,202,1
3069	call	.L123key_192a_cold
3070.byte	102,15,58,223,202,2
3071	call	.L124key_192b
3072.byte	102,15,58,223,202,4
3073	call	.L125key_192a
3074.byte	102,15,58,223,202,8
3075	call	.L124key_192b
3076.byte	102,15,58,223,202,16
3077	call	.L125key_192a
3078.byte	102,15,58,223,202,32
3079	call	.L124key_192b
3080.byte	102,15,58,223,202,64
3081	call	.L125key_192a
3082.byte	102,15,58,223,202,128
3083	call	.L124key_192b
3084	movups	%xmm0,(%edx)
3085	movl	%ecx,48(%edx)
3086	jmp	.L120good_key
3087.align	16
3088.L125key_192a:
3089	movups	%xmm0,(%edx)
3090	leal	16(%edx),%edx
3091.align	16
3092.L123key_192a_cold:
3093	movaps	%xmm2,%xmm5
3094.L126key_192b_warm:
3095	shufps	$16,%xmm0,%xmm4
3096	movdqa	%xmm2,%xmm3
3097	xorps	%xmm4,%xmm0
3098	shufps	$140,%xmm0,%xmm4
3099	pslldq	$4,%xmm3
3100	xorps	%xmm4,%xmm0
3101	pshufd	$85,%xmm1,%xmm1
3102	pxor	%xmm3,%xmm2
3103	pxor	%xmm1,%xmm0
3104	pshufd	$255,%xmm0,%xmm3
3105	pxor	%xmm3,%xmm2
3106	ret
3107.align	16
3108.L124key_192b:
3109	movaps	%xmm0,%xmm3
3110	shufps	$68,%xmm0,%xmm5
3111	movups	%xmm5,(%edx)
3112	shufps	$78,%xmm2,%xmm3
3113	movups	%xmm3,16(%edx)
3114	leal	32(%edx),%edx
3115	jmp	.L126key_192b_warm
3116.align	16
3117.L12212rounds_alt:
3118	movdqa	16(%ebx),%xmm5
3119	movdqa	32(%ebx),%xmm4
3120	movl	$8,%ecx
3121	movdqu	%xmm0,-16(%edx)
3122.L127loop_key192:
3123	movq	%xmm2,(%edx)
3124	movdqa	%xmm2,%xmm1
3125.byte	102,15,56,0,213
3126.byte	102,15,56,221,212
3127	pslld	$1,%xmm4
3128	leal	24(%edx),%edx
3129	movdqa	%xmm0,%xmm3
3130	pslldq	$4,%xmm0
3131	pxor	%xmm0,%xmm3
3132	pslldq	$4,%xmm0
3133	pxor	%xmm0,%xmm3
3134	pslldq	$4,%xmm0
3135	pxor	%xmm3,%xmm0
3136	pshufd	$255,%xmm0,%xmm3
3137	pxor	%xmm1,%xmm3
3138	pslldq	$4,%xmm1
3139	pxor	%xmm1,%xmm3
3140	pxor	%xmm2,%xmm0
3141	pxor	%xmm3,%xmm2
3142	movdqu	%xmm0,-16(%edx)
3143	decl	%ecx
3144	jnz	.L127loop_key192
3145	movl	$11,%ecx
3146	movl	%ecx,32(%edx)
3147	jmp	.L120good_key
3148.align	16
3149.L11314rounds:
3150	movups	16(%eax),%xmm2
3151	leal	16(%edx),%edx
3152	cmpl	$268435456,%ebp
3153	je	.L12814rounds_alt
3154	movl	$13,%ecx
3155	movups	%xmm0,-32(%edx)
3156	movups	%xmm2,-16(%edx)
3157.byte	102,15,58,223,202,1
3158	call	.L129key_256a_cold
3159.byte	102,15,58,223,200,1
3160	call	.L130key_256b
3161.byte	102,15,58,223,202,2
3162	call	.L131key_256a
3163.byte	102,15,58,223,200,2
3164	call	.L130key_256b
3165.byte	102,15,58,223,202,4
3166	call	.L131key_256a
3167.byte	102,15,58,223,200,4
3168	call	.L130key_256b
3169.byte	102,15,58,223,202,8
3170	call	.L131key_256a
3171.byte	102,15,58,223,200,8
3172	call	.L130key_256b
3173.byte	102,15,58,223,202,16
3174	call	.L131key_256a
3175.byte	102,15,58,223,200,16
3176	call	.L130key_256b
3177.byte	102,15,58,223,202,32
3178	call	.L131key_256a
3179.byte	102,15,58,223,200,32
3180	call	.L130key_256b
3181.byte	102,15,58,223,202,64
3182	call	.L131key_256a
3183	movups	%xmm0,(%edx)
3184	movl	%ecx,16(%edx)
3185	xorl	%eax,%eax
3186	jmp	.L120good_key
3187.align	16
3188.L131key_256a:
3189	movups	%xmm2,(%edx)
3190	leal	16(%edx),%edx
3191.L129key_256a_cold:
3192	shufps	$16,%xmm0,%xmm4
3193	xorps	%xmm4,%xmm0
3194	shufps	$140,%xmm0,%xmm4
3195	xorps	%xmm4,%xmm0
3196	shufps	$255,%xmm1,%xmm1
3197	xorps	%xmm1,%xmm0
3198	ret
3199.align	16
3200.L130key_256b:
3201	movups	%xmm0,(%edx)
3202	leal	16(%edx),%edx
3203	shufps	$16,%xmm2,%xmm4
3204	xorps	%xmm4,%xmm2
3205	shufps	$140,%xmm2,%xmm4
3206	xorps	%xmm4,%xmm2
3207	shufps	$170,%xmm1,%xmm1
3208	xorps	%xmm1,%xmm2
3209	ret
3210.align	16
3211.L12814rounds_alt:
3212	movdqa	(%ebx),%xmm5
3213	movdqa	32(%ebx),%xmm4
3214	movl	$7,%ecx
3215	movdqu	%xmm0,-32(%edx)
3216	movdqa	%xmm2,%xmm1
3217	movdqu	%xmm2,-16(%edx)
3218.L132loop_key256:
3219.byte	102,15,56,0,213
3220.byte	102,15,56,221,212
3221	movdqa	%xmm0,%xmm3
3222	pslldq	$4,%xmm0
3223	pxor	%xmm0,%xmm3
3224	pslldq	$4,%xmm0
3225	pxor	%xmm0,%xmm3
3226	pslldq	$4,%xmm0
3227	pxor	%xmm3,%xmm0
3228	pslld	$1,%xmm4
3229	pxor	%xmm2,%xmm0
3230	movdqu	%xmm0,(%edx)
3231	decl	%ecx
3232	jz	.L133done_key256
3233	pshufd	$255,%xmm0,%xmm2
3234	pxor	%xmm3,%xmm3
3235.byte	102,15,56,221,211
3236	movdqa	%xmm1,%xmm3
3237	pslldq	$4,%xmm1
3238	pxor	%xmm1,%xmm3
3239	pslldq	$4,%xmm1
3240	pxor	%xmm1,%xmm3
3241	pslldq	$4,%xmm1
3242	pxor	%xmm3,%xmm1
3243	pxor	%xmm1,%xmm2
3244	movdqu	%xmm2,16(%edx)
3245	leal	32(%edx),%edx
3246	movdqa	%xmm2,%xmm1
3247	jmp	.L132loop_key256
3248.L133done_key256:
3249	movl	$13,%ecx
3250	movl	%ecx,16(%edx)
3251.L120good_key:
3252	pxor	%xmm0,%xmm0
3253	pxor	%xmm1,%xmm1
3254	pxor	%xmm2,%xmm2
3255	pxor	%xmm3,%xmm3
3256	pxor	%xmm4,%xmm4
3257	pxor	%xmm5,%xmm5
3258	xorl	%eax,%eax
3259	popl	%ebx
3260	popl	%ebp
3261	ret
3262.align	4
3263.L111bad_pointer:
3264	movl	$-1,%eax
3265	popl	%ebx
3266	popl	%ebp
3267	ret
3268.align	4
3269.L115bad_keybits:
3270	pxor	%xmm0,%xmm0
3271	movl	$-2,%eax
3272	popl	%ebx
3273	popl	%ebp
3274	ret
3275.size	_aesni_set_encrypt_key,.-_aesni_set_encrypt_key
3276.globl	aesni_set_encrypt_key
3277.type	aesni_set_encrypt_key,@function
3278.align	16
3279aesni_set_encrypt_key:
3280.L_aesni_set_encrypt_key_begin:
3281	%ifdef __CET__
3282
3283.byte	243,15,30,251
3284	%endif
3285
3286	movl	4(%esp),%eax
3287	movl	8(%esp),%ecx
3288	movl	12(%esp),%edx
3289	call	_aesni_set_encrypt_key
3290	ret
3291.size	aesni_set_encrypt_key,.-.L_aesni_set_encrypt_key_begin
3292.globl	aesni_set_decrypt_key
3293.type	aesni_set_decrypt_key,@function
3294.align	16
3295aesni_set_decrypt_key:
3296.L_aesni_set_decrypt_key_begin:
3297	%ifdef __CET__
3298
3299.byte	243,15,30,251
3300	%endif
3301
3302	movl	4(%esp),%eax
3303	movl	8(%esp),%ecx
3304	movl	12(%esp),%edx
3305	call	_aesni_set_encrypt_key
3306	movl	12(%esp),%edx
3307	shll	$4,%ecx
3308	testl	%eax,%eax
3309	jnz	.L134dec_key_ret
3310	leal	16(%edx,%ecx,1),%eax
3311	movups	(%edx),%xmm0
3312	movups	(%eax),%xmm1
3313	movups	%xmm0,(%eax)
3314	movups	%xmm1,(%edx)
3315	leal	16(%edx),%edx
3316	leal	-16(%eax),%eax
3317.L135dec_key_inverse:
3318	movups	(%edx),%xmm0
3319	movups	(%eax),%xmm1
3320.byte	102,15,56,219,192
3321.byte	102,15,56,219,201
3322	leal	16(%edx),%edx
3323	leal	-16(%eax),%eax
3324	movups	%xmm0,16(%eax)
3325	movups	%xmm1,-16(%edx)
3326	cmpl	%edx,%eax
3327	ja	.L135dec_key_inverse
3328	movups	(%edx),%xmm0
3329.byte	102,15,56,219,192
3330	movups	%xmm0,(%edx)
3331	pxor	%xmm0,%xmm0
3332	pxor	%xmm1,%xmm1
3333	xorl	%eax,%eax
3334.L134dec_key_ret:
3335	ret
3336.size	aesni_set_decrypt_key,.-.L_aesni_set_decrypt_key_begin
3337.align	64
3338.Lkey_const:
3339.long	202313229,202313229,202313229,202313229
3340.long	67569157,67569157,67569157,67569157
3341.long	1,1,1,1
3342.long	27,27,27,27
3343.byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69
3344.byte	83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83
3345.byte	32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115
3346.byte	115,108,46,111,114,103,62,0
3347.comm	OPENSSL_ia32cap_P,16,4
3348
3349	.section ".note.gnu.property", "a"
3350	.p2align 2
3351	.long 1f - 0f
3352	.long 4f - 1f
3353	.long 5
33540:
3355	.asciz "GNU"
33561:
3357	.p2align 2
3358	.long 0xc0000002
3359	.long 3f - 2f
33602:
3361	.long 3
33623:
3363	.p2align 2
33644:
3365