RubyGems - grpc - Versions diffs - 1.24.0 → 1.25.0.pre1 - Mend

grpc 1.24.0 → 1.25.0.pre1

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (504) hide show

checksums.yaml +4 -4
data/Makefile +306 -243
data/etc/roots.pem +0 -100
data/include/grpc/grpc_security.h +44 -18
data/include/grpc/impl/codegen/grpc_types.h +15 -0
data/include/grpc/impl/codegen/port_platform.h +27 -11
data/include/grpc/impl/codegen/sync_generic.h +1 -1
data/src/boringssl/err_data.c +695 -650
data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
data/src/core/ext/filters/client_channel/client_channel.h +24 -0
data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
data/src/core/ext/filters/client_channel/resolver.cc +1 -2
data/src/core/ext/filters/client_channel/resolver.h +8 -16
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
data/src/core/ext/filters/client_channel/service_config.h +8 -8
data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
data/src/core/ext/filters/client_channel/subchannel.h +7 -9
data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
data/src/core/lib/channel/channel_args.cc +16 -0
data/src/core/lib/channel/channel_args.h +22 -0
data/src/core/lib/channel/channelz.cc +5 -6
data/src/core/lib/channel/channelz.h +1 -1
data/src/core/lib/channel/connected_channel.cc +20 -20
data/src/core/lib/channel/handshaker.h +3 -4
data/src/core/lib/channel/handshaker_factory.h +1 -3
data/src/core/lib/debug/trace.h +3 -2
data/src/core/lib/gprpp/arena.cc +3 -3
data/src/core/lib/gprpp/arena.h +2 -3
data/src/core/lib/gprpp/inlined_vector.h +9 -0
data/src/core/lib/gprpp/map.h +3 -501
data/src/core/lib/gprpp/memory.h +45 -41
data/src/core/lib/gprpp/mpscq.cc +108 -0
data/src/core/lib/gprpp/mpscq.h +98 -0
data/src/core/lib/gprpp/orphanable.h +6 -11
data/src/core/lib/gprpp/ref_counted.h +25 -19
data/src/core/lib/gprpp/set.h +33 -0
data/src/core/lib/gprpp/thd.h +2 -4
data/src/core/lib/http/httpcli.cc +1 -1
data/src/core/lib/http/httpcli_security_connector.cc +15 -11
data/src/core/lib/http/parser.cc +1 -1
data/src/core/lib/iomgr/buffer_list.cc +4 -5
data/src/core/lib/iomgr/buffer_list.h +5 -6
data/src/core/lib/iomgr/call_combiner.cc +4 -5
data/src/core/lib/iomgr/call_combiner.h +2 -2
data/src/core/lib/iomgr/cfstream_handle.h +3 -5
data/src/core/lib/iomgr/closure.h +8 -3
data/src/core/lib/iomgr/combiner.cc +45 -82
data/src/core/lib/iomgr/combiner.h +32 -8
data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
data/src/core/lib/iomgr/exec_ctx.h +4 -3
data/src/core/lib/iomgr/executor.cc +4 -2
data/src/core/lib/iomgr/executor.h +3 -0
data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
data/src/core/lib/iomgr/executor/threadpool.h +7 -11
data/src/core/lib/iomgr/resource_quota.cc +55 -51
data/src/core/lib/iomgr/resource_quota.h +13 -9
data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
data/src/core/lib/iomgr/tcp_custom.cc +9 -7
data/src/core/lib/iomgr/tcp_posix.cc +20 -16
data/src/core/lib/iomgr/tcp_server.h +1 -4
data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
data/src/core/lib/iomgr/timer_custom.cc +2 -2
data/src/core/lib/iomgr/udp_server.cc +3 -2
data/src/core/lib/iomgr/udp_server.h +6 -12
data/src/core/lib/json/json.h +1 -1
data/src/core/lib/json/json_string.cc +2 -2
data/src/core/lib/profiling/basic_timers.cc +2 -2
data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
data/src/core/lib/security/credentials/credentials.h +4 -20
data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
data/src/core/lib/security/security_connector/security_connector.cc +1 -0
data/src/core/lib/security/security_connector/security_connector.h +19 -17
data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
data/src/core/lib/security/transport/security_handshaker.cc +29 -13
data/src/core/lib/security/transport/security_handshaker.h +4 -2
data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
data/src/core/lib/slice/slice.cc +2 -10
data/src/core/lib/slice/slice_hash_table.h +4 -6
data/src/core/lib/slice/slice_intern.cc +42 -39
data/src/core/lib/slice/slice_internal.h +3 -3
data/src/core/lib/slice/slice_utils.h +21 -4
data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
data/src/core/lib/surface/call.cc +3 -3
data/src/core/lib/surface/channel.cc +7 -0
data/src/core/lib/surface/completion_queue.cc +12 -11
data/src/core/lib/surface/completion_queue.h +4 -2
data/src/core/lib/surface/init.cc +1 -0
data/src/core/lib/surface/lame_client.cc +33 -18
data/src/core/lib/surface/server.cc +77 -76
data/src/core/lib/surface/version.cc +1 -1
data/src/core/lib/transport/byte_stream.h +3 -7
data/src/core/lib/transport/connectivity_state.cc +112 -98
data/src/core/lib/transport/connectivity_state.h +100 -50
data/src/core/lib/transport/static_metadata.cc +276 -288
data/src/core/lib/transport/static_metadata.h +73 -76
data/src/core/lib/transport/status_conversion.cc +1 -1
data/src/core/lib/transport/status_metadata.cc +1 -1
data/src/core/lib/transport/transport.cc +2 -2
data/src/core/lib/transport/transport.h +12 -4
data/src/core/lib/transport/transport_op_string.cc +14 -11
data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
data/src/core/tsi/fake_transport_security.cc +7 -5
data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
data/src/core/tsi/local_transport_security.cc +8 -6
data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
data/src/core/tsi/ssl_transport_security.cc +12 -12
data/src/core/tsi/ssl_transport_security.h +2 -2
data/src/core/tsi/transport_security_grpc.cc +7 -0
data/src/core/tsi/transport_security_grpc.h +6 -0
data/src/ruby/ext/grpc/extconf.rb +1 -0
data/src/ruby/ext/grpc/rb_call.c +1 -1
data/src/ruby/ext/grpc/rb_channel.c +1 -1
data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
data/src/ruby/lib/grpc/version.rb +1 -1
data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
data/third_party/boringssl/crypto/base64/base64.c +2 -2
data/third_party/boringssl/crypto/bio/bio.c +73 -9
data/third_party/boringssl/crypto/bio/connect.c +4 -0
data/third_party/boringssl/crypto/bio/fd.c +4 -0
data/third_party/boringssl/crypto/bio/file.c +5 -2
data/third_party/boringssl/crypto/bio/socket.c +4 -0
data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
data/third_party/boringssl/crypto/chacha/internal.h +45 -0
data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
data/third_party/boringssl/crypto/conf/conf.c +7 -0
data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
data/third_party/boringssl/crypto/cpu-intel.c +45 -51
data/third_party/boringssl/crypto/crypto.c +39 -22
data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
data/third_party/boringssl/crypto/engine/engine.c +2 -1
data/third_party/boringssl/crypto/err/err.c +2 -0
data/third_party/boringssl/crypto/err/internal.h +2 -2
data/third_party/boringssl/crypto/evp/evp.c +89 -8
data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
data/third_party/boringssl/crypto/evp/internal.h +18 -1
data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
data/third_party/boringssl/crypto/hrss/internal.h +62 -0
data/third_party/boringssl/crypto/internal.h +95 -20
data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
data/third_party/boringssl/crypto/mem.c +39 -2
data/third_party/boringssl/crypto/obj/obj.c +4 -4
data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
data/third_party/boringssl/crypto/pool/internal.h +1 -1
data/third_party/boringssl/crypto/pool/pool.c +21 -0
data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
data/third_party/boringssl/crypto/refcount_lock.c +2 -2
data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
data/third_party/boringssl/crypto/stack/stack.c +83 -32
data/third_party/boringssl/crypto/thread_none.c +2 -2
data/third_party/boringssl/crypto/thread_pthread.c +2 -2
data/third_party/boringssl/crypto/thread_win.c +38 -19
data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
data/third_party/boringssl/crypto/x509/by_file.c +12 -10
data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
data/third_party/boringssl/crypto/x509/t_req.c +1 -3
data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
data/third_party/boringssl/crypto/x509/x509name.c +2 -3
data/third_party/boringssl/crypto/x509/x_all.c +109 -210
data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
data/third_party/boringssl/include/openssl/aead.h +45 -19
data/third_party/boringssl/include/openssl/aes.h +32 -7
data/third_party/boringssl/include/openssl/asn1.h +7 -77
data/third_party/boringssl/include/openssl/base.h +120 -6
data/third_party/boringssl/include/openssl/base64.h +4 -1
data/third_party/boringssl/include/openssl/bio.h +112 -81
data/third_party/boringssl/include/openssl/blowfish.h +3 -3
data/third_party/boringssl/include/openssl/bn.h +55 -29
data/third_party/boringssl/include/openssl/buf.h +2 -2
data/third_party/boringssl/include/openssl/bytestring.h +54 -32
data/third_party/boringssl/include/openssl/cast.h +2 -2
data/third_party/boringssl/include/openssl/cipher.h +46 -16
data/third_party/boringssl/include/openssl/cmac.h +6 -2
data/third_party/boringssl/include/openssl/conf.h +3 -6
data/third_party/boringssl/include/openssl/cpu.h +25 -9
data/third_party/boringssl/include/openssl/crypto.h +32 -10
data/third_party/boringssl/include/openssl/curve25519.h +4 -4
data/third_party/boringssl/include/openssl/dh.h +3 -2
data/third_party/boringssl/include/openssl/digest.h +21 -7
data/third_party/boringssl/include/openssl/dsa.h +8 -2
data/third_party/boringssl/include/openssl/e_os2.h +18 -0
data/third_party/boringssl/include/openssl/ec.h +25 -21
data/third_party/boringssl/include/openssl/ec_key.h +36 -8
data/third_party/boringssl/include/openssl/ecdh.h +17 -0
data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
data/third_party/boringssl/include/openssl/engine.h +4 -4
data/third_party/boringssl/include/openssl/err.h +3 -0
data/third_party/boringssl/include/openssl/evp.h +199 -42
data/third_party/boringssl/include/openssl/hmac.h +4 -4
data/third_party/boringssl/include/openssl/hrss.h +100 -0
data/third_party/boringssl/include/openssl/lhash.h +131 -23
data/third_party/boringssl/include/openssl/md4.h +6 -4
data/third_party/boringssl/include/openssl/md5.h +6 -4
data/third_party/boringssl/include/openssl/mem.h +6 -2
data/third_party/boringssl/include/openssl/nid.h +3 -0
data/third_party/boringssl/include/openssl/obj.h +3 -0
data/third_party/boringssl/include/openssl/pem.h +102 -64
data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
data/third_party/boringssl/include/openssl/pool.h +13 -2
data/third_party/boringssl/include/openssl/ripemd.h +5 -4
data/third_party/boringssl/include/openssl/rsa.h +46 -15
data/third_party/boringssl/include/openssl/sha.h +40 -28
data/third_party/boringssl/include/openssl/siphash.h +37 -0
data/third_party/boringssl/include/openssl/span.h +17 -9
data/third_party/boringssl/include/openssl/ssl.h +766 -393
data/third_party/boringssl/include/openssl/ssl3.h +4 -3
data/third_party/boringssl/include/openssl/stack.h +134 -77
data/third_party/boringssl/include/openssl/thread.h +1 -1
data/third_party/boringssl/include/openssl/tls1.h +25 -9
data/third_party/boringssl/include/openssl/type_check.h +14 -15
data/third_party/boringssl/include/openssl/x509.h +28 -3
data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
data/third_party/boringssl/include/openssl/x509v3.h +17 -13
data/third_party/boringssl/ssl/d1_both.cc +9 -18
data/third_party/boringssl/ssl/d1_lib.cc +4 -3
data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
data/third_party/boringssl/ssl/dtls_method.cc +0 -1
data/third_party/boringssl/ssl/dtls_record.cc +28 -28
data/third_party/boringssl/ssl/handoff.cc +295 -91
data/third_party/boringssl/ssl/handshake.cc +133 -72
data/third_party/boringssl/ssl/handshake_client.cc +218 -189
data/third_party/boringssl/ssl/handshake_server.cc +399 -272
data/third_party/boringssl/ssl/internal.h +1413 -928
data/third_party/boringssl/ssl/s3_both.cc +175 -36
data/third_party/boringssl/ssl/s3_lib.cc +9 -13
data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
data/third_party/boringssl/ssl/ssl_file.cc +2 -0
data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
data/third_party/boringssl/ssl/ssl_session.cc +230 -178
data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
data/third_party/boringssl/ssl/t1_enc.cc +5 -96
data/third_party/boringssl/ssl/t1_lib.cc +931 -678
data/third_party/boringssl/ssl/tls13_both.cc +251 -121
data/third_party/boringssl/ssl/tls13_client.cc +129 -73
data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
data/third_party/boringssl/ssl/tls13_server.cc +259 -192
data/third_party/boringssl/ssl/tls_method.cc +26 -21
data/third_party/boringssl/ssl/tls_record.cc +42 -47
data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
data/third_party/boringssl/third_party/fiat/p256.c +238 -999
data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
data/third_party/upb/upb/port_def.inc +1 -1
data/third_party/upb/upb/table.c +2 -1
metadata +71 -43
data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
data/src/core/lib/gpr/mpscq.cc +0 -117
data/src/core/lib/gpr/mpscq.h +0 -88
data/src/core/lib/gprpp/abstract.h +0 -47
data/src/core/lib/gprpp/pair.h +0 -38
data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
data/third_party/boringssl/ssl/custom_extensions.cc +0 -265

data/third_party/boringssl/third_party/fiat/curve25519_32.h ADDED

@@ -0,0 +1,911 @@
+/* Autogenerated */
+/* curve description: 25519 */
+/* requested operations: carry_mul, carry_square, carry_scmul121666, carry, add, sub, opp, selectznz, to_bytes, from_bytes */
+/* n = 10 (from "10") */
+/* s = 0x8000000000000000000000000000000000000000000000000000000000000000 (from "2^255") */
+/* c = [(1, 19)] (from "1,19") */
+/* machine_wordsize = 32 (from "32") */
+#include <stdint.h>
+typedef unsigned char fiat_25519_uint1;
+typedef signed char fiat_25519_int1;
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0x3ffffff]
+ *   arg3: [0x0 ~> 0x3ffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0x3ffffff]
+ *   out2: [0x0 ~> 0x1]
+ */
+static void fiat_25519_addcarryx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
+  uint32_t x1 = ((arg1 + arg2) + arg3);
+  uint32_t x2 = (x1 & UINT32_C(0x3ffffff));
+  fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 26);
+  *out1 = x2;
+  *out2 = x3;
+}
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0x3ffffff]
+ *   arg3: [0x0 ~> 0x3ffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0x3ffffff]
+ *   out2: [0x0 ~> 0x1]
+ */
+static void fiat_25519_subborrowx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
+  int32_t x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3);
+  fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 26);
+  uint32_t x3 = (x1 & UINT32_C(0x3ffffff));
+  *out1 = x3;
+  *out2 = (fiat_25519_uint1)(0x0 - x2);
+}
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0x1ffffff]
+ *   arg3: [0x0 ~> 0x1ffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0x1ffffff]
+ *   out2: [0x0 ~> 0x1]
+ */
+static void fiat_25519_addcarryx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
+  uint32_t x1 = ((arg1 + arg2) + arg3);
+  uint32_t x2 = (x1 & UINT32_C(0x1ffffff));
+  fiat_25519_uint1 x3 = (fiat_25519_uint1)(x1 >> 25);
+  *out1 = x2;
+  *out2 = x3;
+}
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0x1ffffff]
+ *   arg3: [0x0 ~> 0x1ffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0x1ffffff]
+ *   out2: [0x0 ~> 0x1]
+ */
+static void fiat_25519_subborrowx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
+  int32_t x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3);
+  fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 25);
+  uint32_t x3 = (x1 & UINT32_C(0x1ffffff));
+  *out1 = x3;
+  *out2 = (fiat_25519_uint1)(0x0 - x2);
+}
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [0x0 ~> 0xffffffff]
+ *   arg3: [0x0 ~> 0xffffffff]
+ * Output Bounds:
+ *   out1: [0x0 ~> 0xffffffff]
+ */
+static void fiat_25519_cmovznz_u32(uint32_t* out1, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) {
+  fiat_25519_uint1 x1 = (!(!arg1));
+  uint32_t x2 = ((fiat_25519_int1)(0x0 - x1) & UINT32_C(0xffffffff));
+  // Note this line has been patched from the synthesized code to add value
+  // barriers.
+  //
+  // Clang recognizes this pattern as a select. While it usually transforms it
+  // to a cmov, it sometimes further transforms it into a branch, which we do
+  // not want.
+  uint32_t x3 = ((value_barrier_u32(x2) & arg3) | (value_barrier_u32(~x2) & arg2));
+  *out1 = x3;
+}
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ *   arg2: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ */
+static void fiat_25519_carry_mul(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) {
+  uint64_t x1 = ((uint64_t)(arg1[9]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x2 = ((uint64_t)(arg1[9]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x3 = ((uint64_t)(arg1[9]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x4 = ((uint64_t)(arg1[9]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x5 = ((uint64_t)(arg1[9]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x6 = ((uint64_t)(arg1[9]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x7 = ((uint64_t)(arg1[9]) * ((arg2[3]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x8 = ((uint64_t)(arg1[9]) * ((arg2[2]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x9 = ((uint64_t)(arg1[9]) * ((arg2[1]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x10 = ((uint64_t)(arg1[8]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x11 = ((uint64_t)(arg1[8]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x12 = ((uint64_t)(arg1[8]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x13 = ((uint64_t)(arg1[8]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x14 = ((uint64_t)(arg1[8]) * ((arg2[5]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x15 = ((uint64_t)(arg1[8]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x16 = ((uint64_t)(arg1[8]) * ((arg2[3]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x17 = ((uint64_t)(arg1[8]) * ((arg2[2]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x18 = ((uint64_t)(arg1[7]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x19 = ((uint64_t)(arg1[7]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x20 = ((uint64_t)(arg1[7]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x21 = ((uint64_t)(arg1[7]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x22 = ((uint64_t)(arg1[7]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x23 = ((uint64_t)(arg1[7]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x24 = ((uint64_t)(arg1[7]) * ((arg2[3]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x25 = ((uint64_t)(arg1[6]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x26 = ((uint64_t)(arg1[6]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x27 = ((uint64_t)(arg1[6]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x28 = ((uint64_t)(arg1[6]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x29 = ((uint64_t)(arg1[6]) * ((arg2[5]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x30 = ((uint64_t)(arg1[6]) * ((arg2[4]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x31 = ((uint64_t)(arg1[5]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x32 = ((uint64_t)(arg1[5]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x33 = ((uint64_t)(arg1[5]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x34 = ((uint64_t)(arg1[5]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x35 = ((uint64_t)(arg1[5]) * ((arg2[5]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x36 = ((uint64_t)(arg1[4]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x37 = ((uint64_t)(arg1[4]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x38 = ((uint64_t)(arg1[4]) * ((arg2[7]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x39 = ((uint64_t)(arg1[4]) * ((arg2[6]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x40 = ((uint64_t)(arg1[3]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x41 = ((uint64_t)(arg1[3]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x42 = ((uint64_t)(arg1[3]) * ((arg2[7]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x43 = ((uint64_t)(arg1[2]) * ((arg2[9]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x44 = ((uint64_t)(arg1[2]) * ((arg2[8]) * (uint32_t)UINT8_C(0x13)));
+  uint64_t x45 = ((uint64_t)(arg1[1]) * ((arg2[9]) * ((uint32_t)0x2 * UINT8_C(0x13))));
+  uint64_t x46 = ((uint64_t)(arg1[9]) * (arg2[0]));
+  uint64_t x47 = ((uint64_t)(arg1[8]) * (arg2[1]));
+  uint64_t x48 = ((uint64_t)(arg1[8]) * (arg2[0]));
+  uint64_t x49 = ((uint64_t)(arg1[7]) * (arg2[2]));
+  uint64_t x50 = ((uint64_t)(arg1[7]) * ((arg2[1]) * (uint32_t)0x2));
+  uint64_t x51 = ((uint64_t)(arg1[7]) * (arg2[0]));
+  uint64_t x52 = ((uint64_t)(arg1[6]) * (arg2[3]));
+  uint64_t x53 = ((uint64_t)(arg1[6]) * (arg2[2]));
+  uint64_t x54 = ((uint64_t)(arg1[6]) * (arg2[1]));
+  uint64_t x55 = ((uint64_t)(arg1[6]) * (arg2[0]));
+  uint64_t x56 = ((uint64_t)(arg1[5]) * (arg2[4]));
+  uint64_t x57 = ((uint64_t)(arg1[5]) * ((arg2[3]) * (uint32_t)0x2));
+  uint64_t x58 = ((uint64_t)(arg1[5]) * (arg2[2]));
+  uint64_t x59 = ((uint64_t)(arg1[5]) * ((arg2[1]) * (uint32_t)0x2));
+  uint64_t x60 = ((uint64_t)(arg1[5]) * (arg2[0]));
+  uint64_t x61 = ((uint64_t)(arg1[4]) * (arg2[5]));
+  uint64_t x62 = ((uint64_t)(arg1[4]) * (arg2[4]));
+  uint64_t x63 = ((uint64_t)(arg1[4]) * (arg2[3]));
+  uint64_t x64 = ((uint64_t)(arg1[4]) * (arg2[2]));
+  uint64_t x65 = ((uint64_t)(arg1[4]) * (arg2[1]));
+  uint64_t x66 = ((uint64_t)(arg1[4]) * (arg2[0]));
+  uint64_t x67 = ((uint64_t)(arg1[3]) * (arg2[6]));
+  uint64_t x68 = ((uint64_t)(arg1[3]) * ((arg2[5]) * (uint32_t)0x2));
+  uint64_t x69 = ((uint64_t)(arg1[3]) * (arg2[4]));
+  uint64_t x70 = ((uint64_t)(arg1[3]) * ((arg2[3]) * (uint32_t)0x2));
+  uint64_t x71 = ((uint64_t)(arg1[3]) * (arg2[2]));
+  uint64_t x72 = ((uint64_t)(arg1[3]) * ((arg2[1]) * (uint32_t)0x2));
+  uint64_t x73 = ((uint64_t)(arg1[3]) * (arg2[0]));
+  uint64_t x74 = ((uint64_t)(arg1[2]) * (arg2[7]));
+  uint64_t x75 = ((uint64_t)(arg1[2]) * (arg2[6]));
+  uint64_t x76 = ((uint64_t)(arg1[2]) * (arg2[5]));
+  uint64_t x77 = ((uint64_t)(arg1[2]) * (arg2[4]));
+  uint64_t x78 = ((uint64_t)(arg1[2]) * (arg2[3]));
+  uint64_t x79 = ((uint64_t)(arg1[2]) * (arg2[2]));
+  uint64_t x80 = ((uint64_t)(arg1[2]) * (arg2[1]));
+  uint64_t x81 = ((uint64_t)(arg1[2]) * (arg2[0]));
+  uint64_t x82 = ((uint64_t)(arg1[1]) * (arg2[8]));
+  uint64_t x83 = ((uint64_t)(arg1[1]) * ((arg2[7]) * (uint32_t)0x2));
+  uint64_t x84 = ((uint64_t)(arg1[1]) * (arg2[6]));
+  uint64_t x85 = ((uint64_t)(arg1[1]) * ((arg2[5]) * (uint32_t)0x2));
+  uint64_t x86 = ((uint64_t)(arg1[1]) * (arg2[4]));
+  uint64_t x87 = ((uint64_t)(arg1[1]) * ((arg2[3]) * (uint32_t)0x2));
+  uint64_t x88 = ((uint64_t)(arg1[1]) * (arg2[2]));
+  uint64_t x89 = ((uint64_t)(arg1[1]) * ((arg2[1]) * (uint32_t)0x2));
+  uint64_t x90 = ((uint64_t)(arg1[1]) * (arg2[0]));
+  uint64_t x91 = ((uint64_t)(arg1[0]) * (arg2[9]));
+  uint64_t x92 = ((uint64_t)(arg1[0]) * (arg2[8]));
+  uint64_t x93 = ((uint64_t)(arg1[0]) * (arg2[7]));
+  uint64_t x94 = ((uint64_t)(arg1[0]) * (arg2[6]));
+  uint64_t x95 = ((uint64_t)(arg1[0]) * (arg2[5]));
+  uint64_t x96 = ((uint64_t)(arg1[0]) * (arg2[4]));
+  uint64_t x97 = ((uint64_t)(arg1[0]) * (arg2[3]));
+  uint64_t x98 = ((uint64_t)(arg1[0]) * (arg2[2]));
+  uint64_t x99 = ((uint64_t)(arg1[0]) * (arg2[1]));
+  uint64_t x100 = ((uint64_t)(arg1[0]) * (arg2[0]));
+  uint64_t x101 = (x100 + (x45 + (x44 + (x42 + (x39 + (x35 + (x30 + (x24 + (x17 + x9)))))))));
+  uint64_t x102 = (x101 >> 26);
+  uint32_t x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff));
+  uint64_t x104 = (x91 + (x82 + (x74 + (x67 + (x61 + (x56 + (x52 + (x49 + (x47 + x46)))))))));
+  uint64_t x105 = (x92 + (x83 + (x75 + (x68 + (x62 + (x57 + (x53 + (x50 + (x48 + x1)))))))));
+  uint64_t x106 = (x93 + (x84 + (x76 + (x69 + (x63 + (x58 + (x54 + (x51 + (x10 + x2)))))))));
+  uint64_t x107 = (x94 + (x85 + (x77 + (x70 + (x64 + (x59 + (x55 + (x18 + (x11 + x3)))))))));
+  uint64_t x108 = (x95 + (x86 + (x78 + (x71 + (x65 + (x60 + (x25 + (x19 + (x12 + x4)))))))));
+  uint64_t x109 = (x96 + (x87 + (x79 + (x72 + (x66 + (x31 + (x26 + (x20 + (x13 + x5)))))))));
+  uint64_t x110 = (x97 + (x88 + (x80 + (x73 + (x36 + (x32 + (x27 + (x21 + (x14 + x6)))))))));
+  uint64_t x111 = (x98 + (x89 + (x81 + (x40 + (x37 + (x33 + (x28 + (x22 + (x15 + x7)))))))));
+  uint64_t x112 = (x99 + (x90 + (x43 + (x41 + (x38 + (x34 + (x29 + (x23 + (x16 + x8)))))))));
+  uint64_t x113 = (x102 + x112);
+  uint64_t x114 = (x113 >> 25);
+  uint32_t x115 = (uint32_t)(x113 & UINT32_C(0x1ffffff));
+  uint64_t x116 = (x114 + x111);
+  uint64_t x117 = (x116 >> 26);
+  uint32_t x118 = (uint32_t)(x116 & UINT32_C(0x3ffffff));
+  uint64_t x119 = (x117 + x110);
+  uint64_t x120 = (x119 >> 25);
+  uint32_t x121 = (uint32_t)(x119 & UINT32_C(0x1ffffff));
+  uint64_t x122 = (x120 + x109);
+  uint64_t x123 = (x122 >> 26);
+  uint32_t x124 = (uint32_t)(x122 & UINT32_C(0x3ffffff));
+  uint64_t x125 = (x123 + x108);
+  uint64_t x126 = (x125 >> 25);
+  uint32_t x127 = (uint32_t)(x125 & UINT32_C(0x1ffffff));
+  uint64_t x128 = (x126 + x107);
+  uint64_t x129 = (x128 >> 26);
+  uint32_t x130 = (uint32_t)(x128 & UINT32_C(0x3ffffff));
+  uint64_t x131 = (x129 + x106);
+  uint64_t x132 = (x131 >> 25);
+  uint32_t x133 = (uint32_t)(x131 & UINT32_C(0x1ffffff));
+  uint64_t x134 = (x132 + x105);
+  uint64_t x135 = (x134 >> 26);
+  uint32_t x136 = (uint32_t)(x134 & UINT32_C(0x3ffffff));
+  uint64_t x137 = (x135 + x104);
+  uint64_t x138 = (x137 >> 25);
+  uint32_t x139 = (uint32_t)(x137 & UINT32_C(0x1ffffff));
+  uint64_t x140 = (x138 * (uint64_t)UINT8_C(0x13));
+  uint64_t x141 = (x103 + x140);
+  uint32_t x142 = (uint32_t)(x141 >> 26);
+  uint32_t x143 = (uint32_t)(x141 & UINT32_C(0x3ffffff));
+  uint32_t x144 = (x142 + x115);
+  uint32_t x145 = (x144 >> 25);
+  uint32_t x146 = (x144 & UINT32_C(0x1ffffff));
+  uint32_t x147 = (x145 + x118);
+  out1[0] = x143;
+  out1[1] = x146;
+  out1[2] = x147;
+  out1[3] = x121;
+  out1[4] = x124;
+  out1[5] = x127;
+  out1[6] = x130;
+  out1[7] = x133;
+  out1[8] = x136;
+  out1[9] = x139;
+}
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ */
+static void fiat_25519_carry_square(uint32_t out1[10], const uint32_t arg1[10]) {
+  uint32_t x1 = ((arg1[9]) * (uint32_t)UINT8_C(0x13));
+  uint32_t x2 = (x1 * (uint32_t)0x2);
+  uint32_t x3 = ((arg1[9]) * (uint32_t)0x2);
+  uint32_t x4 = ((arg1[8]) * (uint32_t)UINT8_C(0x13));
+  uint64_t x5 = (x4 * (uint64_t)0x2);
+  uint32_t x6 = ((arg1[8]) * (uint32_t)0x2);
+  uint32_t x7 = ((arg1[7]) * (uint32_t)UINT8_C(0x13));
+  uint32_t x8 = (x7 * (uint32_t)0x2);
+  uint32_t x9 = ((arg1[7]) * (uint32_t)0x2);
+  uint32_t x10 = ((arg1[6]) * (uint32_t)UINT8_C(0x13));
+  uint64_t x11 = (x10 * (uint64_t)0x2);
+  uint32_t x12 = ((arg1[6]) * (uint32_t)0x2);
+  uint32_t x13 = ((arg1[5]) * (uint32_t)UINT8_C(0x13));
+  uint32_t x14 = ((arg1[5]) * (uint32_t)0x2);
+  uint32_t x15 = ((arg1[4]) * (uint32_t)0x2);
+  uint32_t x16 = ((arg1[3]) * (uint32_t)0x2);
+  uint32_t x17 = ((arg1[2]) * (uint32_t)0x2);
+  uint32_t x18 = ((arg1[1]) * (uint32_t)0x2);
+  uint64_t x19 = ((uint64_t)(arg1[9]) * (x1 * (uint32_t)0x2));
+  uint64_t x20 = ((uint64_t)(arg1[8]) * x2);
+  uint64_t x21 = ((uint64_t)(arg1[8]) * x4);
+  uint64_t x22 = ((arg1[7]) * (x2 * (uint64_t)0x2));
+  uint64_t x23 = ((arg1[7]) * x5);
+  uint64_t x24 = ((uint64_t)(arg1[7]) * (x7 * (uint32_t)0x2));
+  uint64_t x25 = ((uint64_t)(arg1[6]) * x2);
+  uint64_t x26 = ((arg1[6]) * x5);
+  uint64_t x27 = ((uint64_t)(arg1[6]) * x8);
+  uint64_t x28 = ((uint64_t)(arg1[6]) * x10);
+  uint64_t x29 = ((arg1[5]) * (x2 * (uint64_t)0x2));
+  uint64_t x30 = ((arg1[5]) * x5);
+  uint64_t x31 = ((arg1[5]) * (x8 * (uint64_t)0x2));
+  uint64_t x32 = ((arg1[5]) * x11);
+  uint64_t x33 = ((uint64_t)(arg1[5]) * (x13 * (uint32_t)0x2));
+  uint64_t x34 = ((uint64_t)(arg1[4]) * x2);
+  uint64_t x35 = ((arg1[4]) * x5);
+  uint64_t x36 = ((uint64_t)(arg1[4]) * x8);
+  uint64_t x37 = ((arg1[4]) * x11);
+  uint64_t x38 = ((uint64_t)(arg1[4]) * x14);
+  uint64_t x39 = ((uint64_t)(arg1[4]) * (arg1[4]));
+  uint64_t x40 = ((arg1[3]) * (x2 * (uint64_t)0x2));
+  uint64_t x41 = ((arg1[3]) * x5);
+  uint64_t x42 = ((arg1[3]) * (x8 * (uint64_t)0x2));
+  uint64_t x43 = ((uint64_t)(arg1[3]) * x12);
+  uint64_t x44 = ((uint64_t)(arg1[3]) * (x14 * (uint32_t)0x2));
+  uint64_t x45 = ((uint64_t)(arg1[3]) * x15);
+  uint64_t x46 = ((uint64_t)(arg1[3]) * ((arg1[3]) * (uint32_t)0x2));
+  uint64_t x47 = ((uint64_t)(arg1[2]) * x2);
+  uint64_t x48 = ((arg1[2]) * x5);
+  uint64_t x49 = ((uint64_t)(arg1[2]) * x9);
+  uint64_t x50 = ((uint64_t)(arg1[2]) * x12);
+  uint64_t x51 = ((uint64_t)(arg1[2]) * x14);
+  uint64_t x52 = ((uint64_t)(arg1[2]) * x15);
+  uint64_t x53 = ((uint64_t)(arg1[2]) * x16);
+  uint64_t x54 = ((uint64_t)(arg1[2]) * (arg1[2]));
+  uint64_t x55 = ((arg1[1]) * (x2 * (uint64_t)0x2));
+  uint64_t x56 = ((uint64_t)(arg1[1]) * x6);
+  uint64_t x57 = ((uint64_t)(arg1[1]) * (x9 * (uint32_t)0x2));
+  uint64_t x58 = ((uint64_t)(arg1[1]) * x12);
+  uint64_t x59 = ((uint64_t)(arg1[1]) * (x14 * (uint32_t)0x2));
+  uint64_t x60 = ((uint64_t)(arg1[1]) * x15);
+  uint64_t x61 = ((uint64_t)(arg1[1]) * (x16 * (uint32_t)0x2));
+  uint64_t x62 = ((uint64_t)(arg1[1]) * x17);
+  uint64_t x63 = ((uint64_t)(arg1[1]) * ((arg1[1]) * (uint32_t)0x2));
+  uint64_t x64 = ((uint64_t)(arg1[0]) * x3);
+  uint64_t x65 = ((uint64_t)(arg1[0]) * x6);
+  uint64_t x66 = ((uint64_t)(arg1[0]) * x9);
+  uint64_t x67 = ((uint64_t)(arg1[0]) * x12);
+  uint64_t x68 = ((uint64_t)(arg1[0]) * x14);
+  uint64_t x69 = ((uint64_t)(arg1[0]) * x15);
+  uint64_t x70 = ((uint64_t)(arg1[0]) * x16);
+  uint64_t x71 = ((uint64_t)(arg1[0]) * x17);
+  uint64_t x72 = ((uint64_t)(arg1[0]) * x18);
+  uint64_t x73 = ((uint64_t)(arg1[0]) * (arg1[0]));
+  uint64_t x74 = (x73 + (x55 + (x48 + (x42 + (x37 + x33)))));
+  uint64_t x75 = (x74 >> 26);
+  uint32_t x76 = (uint32_t)(x74 & UINT32_C(0x3ffffff));
+  uint64_t x77 = (x64 + (x56 + (x49 + (x43 + x38))));
+  uint64_t x78 = (x65 + (x57 + (x50 + (x44 + (x39 + x19)))));
+  uint64_t x79 = (x66 + (x58 + (x51 + (x45 + x20))));
+  uint64_t x80 = (x67 + (x59 + (x52 + (x46 + (x22 + x21)))));
+  uint64_t x81 = (x68 + (x60 + (x53 + (x25 + x23))));
+  uint64_t x82 = (x69 + (x61 + (x54 + (x29 + (x26 + x24)))));
+  uint64_t x83 = (x70 + (x62 + (x34 + (x30 + x27))));
+  uint64_t x84 = (x71 + (x63 + (x40 + (x35 + (x31 + x28)))));
+  uint64_t x85 = (x72 + (x47 + (x41 + (x36 + x32))));
+  uint64_t x86 = (x75 + x85);
+  uint64_t x87 = (x86 >> 25);
+  uint32_t x88 = (uint32_t)(x86 & UINT32_C(0x1ffffff));
+  uint64_t x89 = (x87 + x84);
+  uint64_t x90 = (x89 >> 26);
+  uint32_t x91 = (uint32_t)(x89 & UINT32_C(0x3ffffff));
+  uint64_t x92 = (x90 + x83);
+  uint64_t x93 = (x92 >> 25);
+  uint32_t x94 = (uint32_t)(x92 & UINT32_C(0x1ffffff));
+  uint64_t x95 = (x93 + x82);
+  uint64_t x96 = (x95 >> 26);
+  uint32_t x97 = (uint32_t)(x95 & UINT32_C(0x3ffffff));
+  uint64_t x98 = (x96 + x81);
+  uint64_t x99 = (x98 >> 25);
+  uint32_t x100 = (uint32_t)(x98 & UINT32_C(0x1ffffff));
+  uint64_t x101 = (x99 + x80);
+  uint64_t x102 = (x101 >> 26);
+  uint32_t x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff));
+  uint64_t x104 = (x102 + x79);
+  uint64_t x105 = (x104 >> 25);
+  uint32_t x106 = (uint32_t)(x104 & UINT32_C(0x1ffffff));
+  uint64_t x107 = (x105 + x78);
+  uint64_t x108 = (x107 >> 26);
+  uint32_t x109 = (uint32_t)(x107 & UINT32_C(0x3ffffff));
+  uint64_t x110 = (x108 + x77);
+  uint64_t x111 = (x110 >> 25);
+  uint32_t x112 = (uint32_t)(x110 & UINT32_C(0x1ffffff));
+  uint64_t x113 = (x111 * (uint64_t)UINT8_C(0x13));
+  uint64_t x114 = (x76 + x113);
+  uint32_t x115 = (uint32_t)(x114 >> 26);
+  uint32_t x116 = (uint32_t)(x114 & UINT32_C(0x3ffffff));
+  uint32_t x117 = (x115 + x88);
+  uint32_t x118 = (x117 >> 25);
+  uint32_t x119 = (x117 & UINT32_C(0x1ffffff));
+  uint32_t x120 = (x118 + x91);
+  out1[0] = x116;
+  out1[1] = x119;
+  out1[2] = x120;
+  out1[3] = x94;
+  out1[4] = x97;
+  out1[5] = x100;
+  out1[6] = x103;
+  out1[7] = x106;
+  out1[8] = x109;
+  out1[9] = x112;
+}
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ */
+static void fiat_25519_carry_scmul_121666(uint32_t out1[10], const uint32_t arg1[10]) {
+  uint64_t x1 = ((uint64_t)UINT32_C(0x1db42) * (arg1[9]));
+  uint64_t x2 = ((uint64_t)UINT32_C(0x1db42) * (arg1[8]));
+  uint64_t x3 = ((uint64_t)UINT32_C(0x1db42) * (arg1[7]));
+  uint64_t x4 = ((uint64_t)UINT32_C(0x1db42) * (arg1[6]));
+  uint64_t x5 = ((uint64_t)UINT32_C(0x1db42) * (arg1[5]));
+  uint64_t x6 = ((uint64_t)UINT32_C(0x1db42) * (arg1[4]));
+  uint64_t x7 = ((uint64_t)UINT32_C(0x1db42) * (arg1[3]));
+  uint64_t x8 = ((uint64_t)UINT32_C(0x1db42) * (arg1[2]));
+  uint64_t x9 = ((uint64_t)UINT32_C(0x1db42) * (arg1[1]));
+  uint64_t x10 = ((uint64_t)UINT32_C(0x1db42) * (arg1[0]));
+  uint32_t x11 = (uint32_t)(x10 >> 26);
+  uint32_t x12 = (uint32_t)(x10 & UINT32_C(0x3ffffff));
+  uint64_t x13 = (x11 + x9);
+  uint32_t x14 = (uint32_t)(x13 >> 25);
+  uint32_t x15 = (uint32_t)(x13 & UINT32_C(0x1ffffff));
+  uint64_t x16 = (x14 + x8);
+  uint32_t x17 = (uint32_t)(x16 >> 26);
+  uint32_t x18 = (uint32_t)(x16 & UINT32_C(0x3ffffff));
+  uint64_t x19 = (x17 + x7);
+  uint32_t x20 = (uint32_t)(x19 >> 25);
+  uint32_t x21 = (uint32_t)(x19 & UINT32_C(0x1ffffff));
+  uint64_t x22 = (x20 + x6);
+  uint32_t x23 = (uint32_t)(x22 >> 26);
+  uint32_t x24 = (uint32_t)(x22 & UINT32_C(0x3ffffff));
+  uint64_t x25 = (x23 + x5);
+  uint32_t x26 = (uint32_t)(x25 >> 25);
+  uint32_t x27 = (uint32_t)(x25 & UINT32_C(0x1ffffff));
+  uint64_t x28 = (x26 + x4);
+  uint32_t x29 = (uint32_t)(x28 >> 26);
+  uint32_t x30 = (uint32_t)(x28 & UINT32_C(0x3ffffff));
+  uint64_t x31 = (x29 + x3);
+  uint32_t x32 = (uint32_t)(x31 >> 25);
+  uint32_t x33 = (uint32_t)(x31 & UINT32_C(0x1ffffff));
+  uint64_t x34 = (x32 + x2);
+  uint32_t x35 = (uint32_t)(x34 >> 26);
+  uint32_t x36 = (uint32_t)(x34 & UINT32_C(0x3ffffff));
+  uint64_t x37 = (x35 + x1);
+  uint32_t x38 = (uint32_t)(x37 >> 25);
+  uint32_t x39 = (uint32_t)(x37 & UINT32_C(0x1ffffff));
+  uint32_t x40 = (x38 * (uint32_t)UINT8_C(0x13));
+  uint32_t x41 = (x12 + x40);
+  uint32_t x42 = (x41 >> 26);
+  uint32_t x43 = (x41 & UINT32_C(0x3ffffff));
+  uint32_t x44 = (x42 + x15);
+  uint32_t x45 = (x44 >> 25);
+  uint32_t x46 = (x44 & UINT32_C(0x1ffffff));
+  uint32_t x47 = (x45 + x18);
+  out1[0] = x43;
+  out1[1] = x46;
+  out1[2] = x47;
+  out1[3] = x21;
+  out1[4] = x24;
+  out1[5] = x27;
+  out1[6] = x30;
+  out1[7] = x33;
+  out1[8] = x36;
+  out1[9] = x39;
+}
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ */
+static void fiat_25519_carry(uint32_t out1[10], const uint32_t arg1[10]) {
+  uint32_t x1 = (arg1[0]);
+  uint32_t x2 = ((x1 >> 26) + (arg1[1]));
+  uint32_t x3 = ((x2 >> 25) + (arg1[2]));
+  uint32_t x4 = ((x3 >> 26) + (arg1[3]));
+  uint32_t x5 = ((x4 >> 25) + (arg1[4]));
+  uint32_t x6 = ((x5 >> 26) + (arg1[5]));
+  uint32_t x7 = ((x6 >> 25) + (arg1[6]));
+  uint32_t x8 = ((x7 >> 26) + (arg1[7]));
+  uint32_t x9 = ((x8 >> 25) + (arg1[8]));
+  uint32_t x10 = ((x9 >> 26) + (arg1[9]));
+  uint32_t x11 = ((x1 & UINT32_C(0x3ffffff)) + ((x10 >> 25) * (uint32_t)UINT8_C(0x13)));
+  uint32_t x12 = ((x11 >> 26) + (x2 & UINT32_C(0x1ffffff)));
+  uint32_t x13 = (x11 & UINT32_C(0x3ffffff));
+  uint32_t x14 = (x12 & UINT32_C(0x1ffffff));
+  uint32_t x15 = ((x12 >> 25) + (x3 & UINT32_C(0x3ffffff)));
+  uint32_t x16 = (x4 & UINT32_C(0x1ffffff));
+  uint32_t x17 = (x5 & UINT32_C(0x3ffffff));
+  uint32_t x18 = (x6 & UINT32_C(0x1ffffff));
+  uint32_t x19 = (x7 & UINT32_C(0x3ffffff));
+  uint32_t x20 = (x8 & UINT32_C(0x1ffffff));
+  uint32_t x21 = (x9 & UINT32_C(0x3ffffff));
+  uint32_t x22 = (x10 & UINT32_C(0x1ffffff));
+  out1[0] = x13;
+  out1[1] = x14;
+  out1[2] = x15;
+  out1[3] = x16;
+  out1[4] = x17;
+  out1[5] = x18;
+  out1[6] = x19;
+  out1[7] = x20;
+  out1[8] = x21;
+  out1[9] = x22;
+}
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ *   arg2: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ */
+static void fiat_25519_add(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) {
+  uint32_t x1 = ((arg1[0]) + (arg2[0]));
+  uint32_t x2 = ((arg1[1]) + (arg2[1]));
+  uint32_t x3 = ((arg1[2]) + (arg2[2]));
+  uint32_t x4 = ((arg1[3]) + (arg2[3]));
+  uint32_t x5 = ((arg1[4]) + (arg2[4]));
+  uint32_t x6 = ((arg1[5]) + (arg2[5]));
+  uint32_t x7 = ((arg1[6]) + (arg2[6]));
+  uint32_t x8 = ((arg1[7]) + (arg2[7]));
+  uint32_t x9 = ((arg1[8]) + (arg2[8]));
+  uint32_t x10 = ((arg1[9]) + (arg2[9]));
+  out1[0] = x1;
+  out1[1] = x2;
+  out1[2] = x3;
+  out1[3] = x4;
+  out1[4] = x5;
+  out1[5] = x6;
+  out1[6] = x7;
+  out1[7] = x8;
+  out1[8] = x9;
+  out1[9] = x10;
+}
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ *   arg2: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ */
+static void fiat_25519_sub(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) {
+  uint32_t x1 = ((UINT32_C(0x7ffffda) + (arg1[0])) - (arg2[0]));
+  uint32_t x2 = ((UINT32_C(0x3fffffe) + (arg1[1])) - (arg2[1]));
+  uint32_t x3 = ((UINT32_C(0x7fffffe) + (arg1[2])) - (arg2[2]));
+  uint32_t x4 = ((UINT32_C(0x3fffffe) + (arg1[3])) - (arg2[3]));
+  uint32_t x5 = ((UINT32_C(0x7fffffe) + (arg1[4])) - (arg2[4]));
+  uint32_t x6 = ((UINT32_C(0x3fffffe) + (arg1[5])) - (arg2[5]));
+  uint32_t x7 = ((UINT32_C(0x7fffffe) + (arg1[6])) - (arg2[6]));
+  uint32_t x8 = ((UINT32_C(0x3fffffe) + (arg1[7])) - (arg2[7]));
+  uint32_t x9 = ((UINT32_C(0x7fffffe) + (arg1[8])) - (arg2[8]));
+  uint32_t x10 = ((UINT32_C(0x3fffffe) + (arg1[9])) - (arg2[9]));
+  out1[0] = x1;
+  out1[1] = x2;
+  out1[2] = x3;
+  out1[3] = x4;
+  out1[4] = x5;
+  out1[5] = x6;
+  out1[6] = x7;
+  out1[7] = x8;
+  out1[8] = x9;
+  out1[9] = x10;
+}
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]]
+ */
+static void fiat_25519_opp(uint32_t out1[10], const uint32_t arg1[10]) {
+  uint32_t x1 = (UINT32_C(0x7ffffda) - (arg1[0]));
+  uint32_t x2 = (UINT32_C(0x3fffffe) - (arg1[1]));
+  uint32_t x3 = (UINT32_C(0x7fffffe) - (arg1[2]));
+  uint32_t x4 = (UINT32_C(0x3fffffe) - (arg1[3]));
+  uint32_t x5 = (UINT32_C(0x7fffffe) - (arg1[4]));
+  uint32_t x6 = (UINT32_C(0x3fffffe) - (arg1[5]));
+  uint32_t x7 = (UINT32_C(0x7fffffe) - (arg1[6]));
+  uint32_t x8 = (UINT32_C(0x3fffffe) - (arg1[7]));
+  uint32_t x9 = (UINT32_C(0x7fffffe) - (arg1[8]));
+  uint32_t x10 = (UINT32_C(0x3fffffe) - (arg1[9]));
+  out1[0] = x1;
+  out1[1] = x2;
+  out1[2] = x3;
+  out1[3] = x4;
+  out1[4] = x5;
+  out1[5] = x6;
+  out1[6] = x7;
+  out1[7] = x8;
+  out1[8] = x9;
+  out1[9] = x10;
+}
+/*
+ * Input Bounds:
+ *   arg1: [0x0 ~> 0x1]
+ *   arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
+ *   arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]]
+ */
+static void fiat_25519_selectznz(uint32_t out1[10], fiat_25519_uint1 arg1, const uint32_t arg2[10], const uint32_t arg3[10]) {
+  uint32_t x1;
+  fiat_25519_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0]));
+  uint32_t x2;
+  fiat_25519_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1]));
+  uint32_t x3;
+  fiat_25519_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2]));
+  uint32_t x4;
+  fiat_25519_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3]));
+  uint32_t x5;
+  fiat_25519_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4]));
+  uint32_t x6;
+  fiat_25519_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5]));
+  uint32_t x7;
+  fiat_25519_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6]));
+  uint32_t x8;
+  fiat_25519_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7]));
+  uint32_t x9;
+  fiat_25519_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8]));
+  uint32_t x10;
+  fiat_25519_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9]));
+  out1[0] = x1;
+  out1[1] = x2;
+  out1[2] = x3;
+  out1[3] = x4;
+  out1[4] = x5;
+  out1[5] = x6;
+  out1[6] = x7;
+  out1[7] = x8;
+  out1[8] = x9;
+  out1[9] = x10;
+}
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
+ */
+static void fiat_25519_to_bytes(uint8_t out1[32], const uint32_t arg1[10]) {
+  uint32_t x1;
+  fiat_25519_uint1 x2;
+  fiat_25519_subborrowx_u26(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0x3ffffed));
+  uint32_t x3;
+  fiat_25519_uint1 x4;
+  fiat_25519_subborrowx_u25(&x3, &x4, x2, (arg1[1]), UINT32_C(0x1ffffff));
+  uint32_t x5;
+  fiat_25519_uint1 x6;
+  fiat_25519_subborrowx_u26(&x5, &x6, x4, (arg1[2]), UINT32_C(0x3ffffff));
+  uint32_t x7;
+  fiat_25519_uint1 x8;
+  fiat_25519_subborrowx_u25(&x7, &x8, x6, (arg1[3]), UINT32_C(0x1ffffff));
+  uint32_t x9;
+  fiat_25519_uint1 x10;
+  fiat_25519_subborrowx_u26(&x9, &x10, x8, (arg1[4]), UINT32_C(0x3ffffff));
+  uint32_t x11;
+  fiat_25519_uint1 x12;
+  fiat_25519_subborrowx_u25(&x11, &x12, x10, (arg1[5]), UINT32_C(0x1ffffff));
+  uint32_t x13;
+  fiat_25519_uint1 x14;
+  fiat_25519_subborrowx_u26(&x13, &x14, x12, (arg1[6]), UINT32_C(0x3ffffff));
+  uint32_t x15;
+  fiat_25519_uint1 x16;
+  fiat_25519_subborrowx_u25(&x15, &x16, x14, (arg1[7]), UINT32_C(0x1ffffff));
+  uint32_t x17;
+  fiat_25519_uint1 x18;
+  fiat_25519_subborrowx_u26(&x17, &x18, x16, (arg1[8]), UINT32_C(0x3ffffff));
+  uint32_t x19;
+  fiat_25519_uint1 x20;
+  fiat_25519_subborrowx_u25(&x19, &x20, x18, (arg1[9]), UINT32_C(0x1ffffff));
+  uint32_t x21;
+  fiat_25519_cmovznz_u32(&x21, x20, 0x0, UINT32_C(0xffffffff));
+  uint32_t x22;
+  fiat_25519_uint1 x23;
+  fiat_25519_addcarryx_u26(&x22, &x23, 0x0, (x21 & UINT32_C(0x3ffffed)), x1);
+  uint32_t x24;
+  fiat_25519_uint1 x25;
+  fiat_25519_addcarryx_u25(&x24, &x25, x23, (x21 & UINT32_C(0x1ffffff)), x3);
+  uint32_t x26;
+  fiat_25519_uint1 x27;
+  fiat_25519_addcarryx_u26(&x26, &x27, x25, (x21 & UINT32_C(0x3ffffff)), x5);
+  uint32_t x28;
+  fiat_25519_uint1 x29;
+  fiat_25519_addcarryx_u25(&x28, &x29, x27, (x21 & UINT32_C(0x1ffffff)), x7);
+  uint32_t x30;
+  fiat_25519_uint1 x31;
+  fiat_25519_addcarryx_u26(&x30, &x31, x29, (x21 & UINT32_C(0x3ffffff)), x9);
+  uint32_t x32;
+  fiat_25519_uint1 x33;
+  fiat_25519_addcarryx_u25(&x32, &x33, x31, (x21 & UINT32_C(0x1ffffff)), x11);
+  uint32_t x34;
+  fiat_25519_uint1 x35;
+  fiat_25519_addcarryx_u26(&x34, &x35, x33, (x21 & UINT32_C(0x3ffffff)), x13);
+  uint32_t x36;
+  fiat_25519_uint1 x37;
+  fiat_25519_addcarryx_u25(&x36, &x37, x35, (x21 & UINT32_C(0x1ffffff)), x15);
+  uint32_t x38;
+  fiat_25519_uint1 x39;
+  fiat_25519_addcarryx_u26(&x38, &x39, x37, (x21 & UINT32_C(0x3ffffff)), x17);
+  uint32_t x40;
+  fiat_25519_uint1 x41;
+  fiat_25519_addcarryx_u25(&x40, &x41, x39, (x21 & UINT32_C(0x1ffffff)), x19);
+  uint32_t x42 = (x40 << 6);
+  uint32_t x43 = (x38 << 4);
+  uint32_t x44 = (x36 << 3);
+  uint32_t x45 = (x34 * (uint32_t)0x2);
+  uint32_t x46 = (x30 << 6);
+  uint32_t x47 = (x28 << 5);
+  uint32_t x48 = (x26 << 3);
+  uint32_t x49 = (x24 << 2);
+  uint32_t x50 = (x22 >> 8);
+  uint8_t x51 = (uint8_t)(x22 & UINT8_C(0xff));
+  uint32_t x52 = (x50 >> 8);
+  uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff));
+  uint8_t x54 = (uint8_t)(x52 >> 8);
+  uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff));
+  uint32_t x56 = (x54 + x49);
+  uint32_t x57 = (x56 >> 8);
+  uint8_t x58 = (uint8_t)(x56 & UINT8_C(0xff));
+  uint32_t x59 = (x57 >> 8);
+  uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff));
+  uint8_t x61 = (uint8_t)(x59 >> 8);
+  uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff));
+  uint32_t x63 = (x61 + x48);
+  uint32_t x64 = (x63 >> 8);
+  uint8_t x65 = (uint8_t)(x63 & UINT8_C(0xff));
+  uint32_t x66 = (x64 >> 8);
+  uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff));
+  uint8_t x68 = (uint8_t)(x66 >> 8);
+  uint8_t x69 = (uint8_t)(x66 & UINT8_C(0xff));
+  uint32_t x70 = (x68 + x47);
+  uint32_t x71 = (x70 >> 8);
+  uint8_t x72 = (uint8_t)(x70 & UINT8_C(0xff));
+  uint32_t x73 = (x71 >> 8);
+  uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff));
+  uint8_t x75 = (uint8_t)(x73 >> 8);
+  uint8_t x76 = (uint8_t)(x73 & UINT8_C(0xff));
+  uint32_t x77 = (x75 + x46);
+  uint32_t x78 = (x77 >> 8);
+  uint8_t x79 = (uint8_t)(x77 & UINT8_C(0xff));
+  uint32_t x80 = (x78 >> 8);
+  uint8_t x81 = (uint8_t)(x78 & UINT8_C(0xff));
+  uint8_t x82 = (uint8_t)(x80 >> 8);
+  uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff));
+  uint8_t x84 = (uint8_t)(x82 & UINT8_C(0xff));
+  uint32_t x85 = (x32 >> 8);
+  uint8_t x86 = (uint8_t)(x32 & UINT8_C(0xff));
+  uint32_t x87 = (x85 >> 8);
+  uint8_t x88 = (uint8_t)(x85 & UINT8_C(0xff));
+  fiat_25519_uint1 x89 = (fiat_25519_uint1)(x87 >> 8);
+  uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff));
+  uint32_t x91 = (x89 + x45);
+  uint32_t x92 = (x91 >> 8);
+  uint8_t x93 = (uint8_t)(x91 & UINT8_C(0xff));
+  uint32_t x94 = (x92 >> 8);
+  uint8_t x95 = (uint8_t)(x92 & UINT8_C(0xff));
+  uint8_t x96 = (uint8_t)(x94 >> 8);
+  uint8_t x97 = (uint8_t)(x94 & UINT8_C(0xff));
+  uint32_t x98 = (x96 + x44);
+  uint32_t x99 = (x98 >> 8);
+  uint8_t x100 = (uint8_t)(x98 & UINT8_C(0xff));
+  uint32_t x101 = (x99 >> 8);
+  uint8_t x102 = (uint8_t)(x99 & UINT8_C(0xff));
+  uint8_t x103 = (uint8_t)(x101 >> 8);
+  uint8_t x104 = (uint8_t)(x101 & UINT8_C(0xff));
+  uint32_t x105 = (x103 + x43);
+  uint32_t x106 = (x105 >> 8);
+  uint8_t x107 = (uint8_t)(x105 & UINT8_C(0xff));
+  uint32_t x108 = (x106 >> 8);
+  uint8_t x109 = (uint8_t)(x106 & UINT8_C(0xff));
+  uint8_t x110 = (uint8_t)(x108 >> 8);
+  uint8_t x111 = (uint8_t)(x108 & UINT8_C(0xff));
+  uint32_t x112 = (x110 + x42);
+  uint32_t x113 = (x112 >> 8);
+  uint8_t x114 = (uint8_t)(x112 & UINT8_C(0xff));
+  uint32_t x115 = (x113 >> 8);
+  uint8_t x116 = (uint8_t)(x113 & UINT8_C(0xff));
+  uint8_t x117 = (uint8_t)(x115 >> 8);
+  uint8_t x118 = (uint8_t)(x115 & UINT8_C(0xff));
+  out1[0] = x51;
+  out1[1] = x53;
+  out1[2] = x55;
+  out1[3] = x58;
+  out1[4] = x60;
+  out1[5] = x62;
+  out1[6] = x65;
+  out1[7] = x67;
+  out1[8] = x69;
+  out1[9] = x72;
+  out1[10] = x74;
+  out1[11] = x76;
+  out1[12] = x79;
+  out1[13] = x81;
+  out1[14] = x83;
+  out1[15] = x84;
+  out1[16] = x86;
+  out1[17] = x88;
+  out1[18] = x90;
+  out1[19] = x93;
+  out1[20] = x95;
+  out1[21] = x97;
+  out1[22] = x100;
+  out1[23] = x102;
+  out1[24] = x104;
+  out1[25] = x107;
+  out1[26] = x109;
+  out1[27] = x111;
+  out1[28] = x114;
+  out1[29] = x116;
+  out1[30] = x118;
+  out1[31] = x117;
+}
+/*
+ * Input Bounds:
+ *   arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]]
+ * Output Bounds:
+ *   out1: [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]]
+ */
+static void fiat_25519_from_bytes(uint32_t out1[10], const uint8_t arg1[32]) {
+  uint32_t x1 = ((uint32_t)(arg1[31]) << 18);
+  uint32_t x2 = ((uint32_t)(arg1[30]) << 10);
+  uint32_t x3 = ((uint32_t)(arg1[29]) << 2);
+  uint32_t x4 = ((uint32_t)(arg1[28]) << 20);
+  uint32_t x5 = ((uint32_t)(arg1[27]) << 12);
+  uint32_t x6 = ((uint32_t)(arg1[26]) << 4);
+  uint32_t x7 = ((uint32_t)(arg1[25]) << 21);
+  uint32_t x8 = ((uint32_t)(arg1[24]) << 13);
+  uint32_t x9 = ((uint32_t)(arg1[23]) << 5);
+  uint32_t x10 = ((uint32_t)(arg1[22]) << 23);
+  uint32_t x11 = ((uint32_t)(arg1[21]) << 15);
+  uint32_t x12 = ((uint32_t)(arg1[20]) << 7);
+  uint32_t x13 = ((uint32_t)(arg1[19]) << 24);
+  uint32_t x14 = ((uint32_t)(arg1[18]) << 16);
+  uint32_t x15 = ((uint32_t)(arg1[17]) << 8);
+  uint8_t x16 = (arg1[16]);
+  uint32_t x17 = ((uint32_t)(arg1[15]) << 18);
+  uint32_t x18 = ((uint32_t)(arg1[14]) << 10);
+  uint32_t x19 = ((uint32_t)(arg1[13]) << 2);
+  uint32_t x20 = ((uint32_t)(arg1[12]) << 19);
+  uint32_t x21 = ((uint32_t)(arg1[11]) << 11);
+  uint32_t x22 = ((uint32_t)(arg1[10]) << 3);
+  uint32_t x23 = ((uint32_t)(arg1[9]) << 21);
+  uint32_t x24 = ((uint32_t)(arg1[8]) << 13);
+  uint32_t x25 = ((uint32_t)(arg1[7]) << 5);
+  uint32_t x26 = ((uint32_t)(arg1[6]) << 22);
+  uint32_t x27 = ((uint32_t)(arg1[5]) << 14);
+  uint32_t x28 = ((uint32_t)(arg1[4]) << 6);
+  uint32_t x29 = ((uint32_t)(arg1[3]) << 24);
+  uint32_t x30 = ((uint32_t)(arg1[2]) << 16);
+  uint32_t x31 = ((uint32_t)(arg1[1]) << 8);
+  uint8_t x32 = (arg1[0]);
+  uint32_t x33 = (x32 + (x31 + (x30 + x29)));
+  uint8_t x34 = (uint8_t)(x33 >> 26);
+  uint32_t x35 = (x33 & UINT32_C(0x3ffffff));
+  uint32_t x36 = (x3 + (x2 + x1));
+  uint32_t x37 = (x6 + (x5 + x4));
+  uint32_t x38 = (x9 + (x8 + x7));
+  uint32_t x39 = (x12 + (x11 + x10));
+  uint32_t x40 = (x16 + (x15 + (x14 + x13)));
+  uint32_t x41 = (x19 + (x18 + x17));
+  uint32_t x42 = (x22 + (x21 + x20));
+  uint32_t x43 = (x25 + (x24 + x23));
+  uint32_t x44 = (x28 + (x27 + x26));
+  uint32_t x45 = (x34 + x44);
+  uint8_t x46 = (uint8_t)(x45 >> 25);
+  uint32_t x47 = (x45 & UINT32_C(0x1ffffff));
+  uint32_t x48 = (x46 + x43);
+  uint8_t x49 = (uint8_t)(x48 >> 26);
+  uint32_t x50 = (x48 & UINT32_C(0x3ffffff));
+  uint32_t x51 = (x49 + x42);
+  uint8_t x52 = (uint8_t)(x51 >> 25);
+  uint32_t x53 = (x51 & UINT32_C(0x1ffffff));
+  uint32_t x54 = (x52 + x41);
+  uint32_t x55 = (x54 & UINT32_C(0x3ffffff));
+  uint8_t x56 = (uint8_t)(x40 >> 25);
+  uint32_t x57 = (x40 & UINT32_C(0x1ffffff));
+  uint32_t x58 = (x56 + x39);
+  uint8_t x59 = (uint8_t)(x58 >> 26);
+  uint32_t x60 = (x58 & UINT32_C(0x3ffffff));
+  uint32_t x61 = (x59 + x38);
+  uint8_t x62 = (uint8_t)(x61 >> 25);
+  uint32_t x63 = (x61 & UINT32_C(0x1ffffff));
+  uint32_t x64 = (x62 + x37);
+  uint8_t x65 = (uint8_t)(x64 >> 26);
+  uint32_t x66 = (x64 & UINT32_C(0x3ffffff));
+  uint32_t x67 = (x65 + x36);
+  out1[0] = x35;
+  out1[1] = x47;
+  out1[2] = x50;
+  out1[3] = x53;
+  out1[4] = x55;
+  out1[5] = x57;
+  out1[6] = x60;
+  out1[7] = x63;
+  out1[8] = x66;
+  out1[9] = x67;
+}