RubyGems - ring-native - Versions diffs - 0.0.0 → 0.1.0 - Mend

ring-native 0.0.0 → 0.1.0

Files changed (267) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/CHANGES.md +7 -0
data/Makefile +5 -0
data/README.md +12 -5
data/Rakefile +4 -0
data/ext/ring/extconf.rb +4 -5
data/lib/ring/native.rb +3 -1
data/lib/ring/native/version.rb +5 -1
data/ring-native.gemspec +6 -6
data/vendor/ring-ffi/Cargo.lock +26 -0
data/vendor/ring-ffi/Cargo.toml +45 -0
data/vendor/ring-ffi/LICENSE +16 -0
data/vendor/ring-ffi/README.md +59 -0
data/vendor/ring-ffi/src/lib.rs +79 -0
metadata +10 -255
data/vendor/ring/BUILDING.md +0 -40
data/vendor/ring/Cargo.toml +0 -43
data/vendor/ring/LICENSE +0 -185
data/vendor/ring/Makefile +0 -35
data/vendor/ring/PORTING.md +0 -163
data/vendor/ring/README.md +0 -113
data/vendor/ring/STYLE.md +0 -197
data/vendor/ring/appveyor.yml +0 -27
data/vendor/ring/build.rs +0 -108
data/vendor/ring/crypto/aes/aes.c +0 -1142
data/vendor/ring/crypto/aes/aes_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/aes/aes_test.cc +0 -93
data/vendor/ring/crypto/aes/asm/aes-586.pl +0 -2368
data/vendor/ring/crypto/aes/asm/aes-armv4.pl +0 -1249
data/vendor/ring/crypto/aes/asm/aes-x86_64.pl +0 -2246
data/vendor/ring/crypto/aes/asm/aesni-x86.pl +0 -1318
data/vendor/ring/crypto/aes/asm/aesni-x86_64.pl +0 -2084
data/vendor/ring/crypto/aes/asm/aesv8-armx.pl +0 -675
data/vendor/ring/crypto/aes/asm/bsaes-armv7.pl +0 -1364
data/vendor/ring/crypto/aes/asm/bsaes-x86_64.pl +0 -1565
data/vendor/ring/crypto/aes/asm/vpaes-x86.pl +0 -841
data/vendor/ring/crypto/aes/asm/vpaes-x86_64.pl +0 -1116
data/vendor/ring/crypto/aes/internal.h +0 -87
data/vendor/ring/crypto/aes/mode_wrappers.c +0 -61
data/vendor/ring/crypto/bn/add.c +0 -394
data/vendor/ring/crypto/bn/asm/armv4-mont.pl +0 -694
data/vendor/ring/crypto/bn/asm/armv8-mont.pl +0 -1503
data/vendor/ring/crypto/bn/asm/bn-586.pl +0 -774
data/vendor/ring/crypto/bn/asm/co-586.pl +0 -287
data/vendor/ring/crypto/bn/asm/rsaz-avx2.pl +0 -1882
data/vendor/ring/crypto/bn/asm/x86-mont.pl +0 -592
data/vendor/ring/crypto/bn/asm/x86_64-gcc.c +0 -599
data/vendor/ring/crypto/bn/asm/x86_64-mont.pl +0 -1393
data/vendor/ring/crypto/bn/asm/x86_64-mont5.pl +0 -3507
data/vendor/ring/crypto/bn/bn.c +0 -352
data/vendor/ring/crypto/bn/bn_asn1.c +0 -74
data/vendor/ring/crypto/bn/bn_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/bn/bn_test.cc +0 -1696
data/vendor/ring/crypto/bn/cmp.c +0 -200
data/vendor/ring/crypto/bn/convert.c +0 -433
data/vendor/ring/crypto/bn/ctx.c +0 -311
data/vendor/ring/crypto/bn/div.c +0 -594
data/vendor/ring/crypto/bn/exponentiation.c +0 -1335
data/vendor/ring/crypto/bn/gcd.c +0 -711
data/vendor/ring/crypto/bn/generic.c +0 -1019
data/vendor/ring/crypto/bn/internal.h +0 -316
data/vendor/ring/crypto/bn/montgomery.c +0 -516
data/vendor/ring/crypto/bn/mul.c +0 -888
data/vendor/ring/crypto/bn/prime.c +0 -829
data/vendor/ring/crypto/bn/random.c +0 -334
data/vendor/ring/crypto/bn/rsaz_exp.c +0 -262
data/vendor/ring/crypto/bn/rsaz_exp.h +0 -53
data/vendor/ring/crypto/bn/shift.c +0 -276
data/vendor/ring/crypto/bytestring/bytestring_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/bytestring/bytestring_test.cc +0 -421
data/vendor/ring/crypto/bytestring/cbb.c +0 -399
data/vendor/ring/crypto/bytestring/cbs.c +0 -227
data/vendor/ring/crypto/bytestring/internal.h +0 -46
data/vendor/ring/crypto/chacha/chacha_generic.c +0 -140
data/vendor/ring/crypto/chacha/chacha_vec.c +0 -323
data/vendor/ring/crypto/chacha/chacha_vec_arm.S +0 -1447
data/vendor/ring/crypto/chacha/chacha_vec_arm_generate.go +0 -153
data/vendor/ring/crypto/cipher/cipher_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/cipher/e_aes.c +0 -390
data/vendor/ring/crypto/cipher/e_chacha20poly1305.c +0 -208
data/vendor/ring/crypto/cipher/internal.h +0 -173
data/vendor/ring/crypto/cipher/test/aes_128_gcm_tests.txt +0 -543
data/vendor/ring/crypto/cipher/test/aes_128_key_wrap_tests.txt +0 -9
data/vendor/ring/crypto/cipher/test/aes_256_gcm_tests.txt +0 -475
data/vendor/ring/crypto/cipher/test/aes_256_key_wrap_tests.txt +0 -23
data/vendor/ring/crypto/cipher/test/chacha20_poly1305_old_tests.txt +0 -422
data/vendor/ring/crypto/cipher/test/chacha20_poly1305_tests.txt +0 -484
data/vendor/ring/crypto/cipher/test/cipher_test.txt +0 -100
data/vendor/ring/crypto/constant_time_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/constant_time_test.c +0 -304
data/vendor/ring/crypto/cpu-arm-asm.S +0 -32
data/vendor/ring/crypto/cpu-arm.c +0 -199
data/vendor/ring/crypto/cpu-intel.c +0 -261
data/vendor/ring/crypto/crypto.c +0 -151
data/vendor/ring/crypto/curve25519/asm/x25519-arm.S +0 -2118
data/vendor/ring/crypto/curve25519/curve25519.c +0 -4888
data/vendor/ring/crypto/curve25519/x25519_test.cc +0 -128
data/vendor/ring/crypto/digest/md32_common.h +0 -181
data/vendor/ring/crypto/ec/asm/p256-x86_64-asm.pl +0 -2725
data/vendor/ring/crypto/ec/ec.c +0 -193
data/vendor/ring/crypto/ec/ec_curves.c +0 -61
data/vendor/ring/crypto/ec/ec_key.c +0 -228
data/vendor/ring/crypto/ec/ec_montgomery.c +0 -114
data/vendor/ring/crypto/ec/example_mul.Windows.vcxproj +0 -25
data/vendor/ring/crypto/ec/internal.h +0 -243
data/vendor/ring/crypto/ec/oct.c +0 -253
data/vendor/ring/crypto/ec/p256-64.c +0 -1794
data/vendor/ring/crypto/ec/p256-x86_64-table.h +0 -9548
data/vendor/ring/crypto/ec/p256-x86_64.c +0 -509
data/vendor/ring/crypto/ec/simple.c +0 -1007
data/vendor/ring/crypto/ec/util-64.c +0 -183
data/vendor/ring/crypto/ec/wnaf.c +0 -508
data/vendor/ring/crypto/ecdh/ecdh.c +0 -155
data/vendor/ring/crypto/ecdsa/ecdsa.c +0 -304
data/vendor/ring/crypto/ecdsa/ecdsa_asn1.c +0 -193
data/vendor/ring/crypto/ecdsa/ecdsa_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/ecdsa/ecdsa_test.cc +0 -327
data/vendor/ring/crypto/header_removed.h +0 -17
data/vendor/ring/crypto/internal.h +0 -495
data/vendor/ring/crypto/libring.Windows.vcxproj +0 -101
data/vendor/ring/crypto/mem.c +0 -98
data/vendor/ring/crypto/modes/asm/aesni-gcm-x86_64.pl +0 -1045
data/vendor/ring/crypto/modes/asm/ghash-armv4.pl +0 -517
data/vendor/ring/crypto/modes/asm/ghash-x86.pl +0 -1393
data/vendor/ring/crypto/modes/asm/ghash-x86_64.pl +0 -1741
data/vendor/ring/crypto/modes/asm/ghashv8-armx.pl +0 -422
data/vendor/ring/crypto/modes/ctr.c +0 -226
data/vendor/ring/crypto/modes/gcm.c +0 -1206
data/vendor/ring/crypto/modes/gcm_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/modes/gcm_test.c +0 -348
data/vendor/ring/crypto/modes/internal.h +0 -299
data/vendor/ring/crypto/perlasm/arm-xlate.pl +0 -170
data/vendor/ring/crypto/perlasm/readme +0 -100
data/vendor/ring/crypto/perlasm/x86_64-xlate.pl +0 -1164
data/vendor/ring/crypto/perlasm/x86asm.pl +0 -292
data/vendor/ring/crypto/perlasm/x86gas.pl +0 -263
data/vendor/ring/crypto/perlasm/x86masm.pl +0 -200
data/vendor/ring/crypto/perlasm/x86nasm.pl +0 -187
data/vendor/ring/crypto/poly1305/poly1305.c +0 -331
data/vendor/ring/crypto/poly1305/poly1305_arm.c +0 -301
data/vendor/ring/crypto/poly1305/poly1305_arm_asm.S +0 -2015
data/vendor/ring/crypto/poly1305/poly1305_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/poly1305/poly1305_test.cc +0 -80
data/vendor/ring/crypto/poly1305/poly1305_test.txt +0 -52
data/vendor/ring/crypto/poly1305/poly1305_vec.c +0 -892
data/vendor/ring/crypto/rand/asm/rdrand-x86_64.pl +0 -75
data/vendor/ring/crypto/rand/internal.h +0 -32
data/vendor/ring/crypto/rand/rand.c +0 -189
data/vendor/ring/crypto/rand/urandom.c +0 -219
data/vendor/ring/crypto/rand/windows.c +0 -56
data/vendor/ring/crypto/refcount_c11.c +0 -66
data/vendor/ring/crypto/refcount_lock.c +0 -53
data/vendor/ring/crypto/refcount_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/refcount_test.c +0 -58
data/vendor/ring/crypto/rsa/blinding.c +0 -462
data/vendor/ring/crypto/rsa/internal.h +0 -108
data/vendor/ring/crypto/rsa/padding.c +0 -300
data/vendor/ring/crypto/rsa/rsa.c +0 -450
data/vendor/ring/crypto/rsa/rsa_asn1.c +0 -261
data/vendor/ring/crypto/rsa/rsa_impl.c +0 -944
data/vendor/ring/crypto/rsa/rsa_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/rsa/rsa_test.cc +0 -437
data/vendor/ring/crypto/sha/asm/sha-armv8.pl +0 -436
data/vendor/ring/crypto/sha/asm/sha-x86_64.pl +0 -2390
data/vendor/ring/crypto/sha/asm/sha256-586.pl +0 -1275
data/vendor/ring/crypto/sha/asm/sha256-armv4.pl +0 -735
data/vendor/ring/crypto/sha/asm/sha256-armv8.pl +0 -14
data/vendor/ring/crypto/sha/asm/sha256-x86_64.pl +0 -14
data/vendor/ring/crypto/sha/asm/sha512-586.pl +0 -911
data/vendor/ring/crypto/sha/asm/sha512-armv4.pl +0 -666
data/vendor/ring/crypto/sha/asm/sha512-armv8.pl +0 -14
data/vendor/ring/crypto/sha/asm/sha512-x86_64.pl +0 -14
data/vendor/ring/crypto/sha/sha1.c +0 -271
data/vendor/ring/crypto/sha/sha256.c +0 -204
data/vendor/ring/crypto/sha/sha512.c +0 -355
data/vendor/ring/crypto/test/file_test.cc +0 -326
data/vendor/ring/crypto/test/file_test.h +0 -181
data/vendor/ring/crypto/test/malloc.cc +0 -150
data/vendor/ring/crypto/test/scoped_types.h +0 -95
data/vendor/ring/crypto/test/test.Windows.vcxproj +0 -35
data/vendor/ring/crypto/test/test_util.cc +0 -46
data/vendor/ring/crypto/test/test_util.h +0 -41
data/vendor/ring/crypto/thread_none.c +0 -55
data/vendor/ring/crypto/thread_pthread.c +0 -165
data/vendor/ring/crypto/thread_test.Windows.vcxproj +0 -25
data/vendor/ring/crypto/thread_test.c +0 -200
data/vendor/ring/crypto/thread_win.c +0 -282
data/vendor/ring/examples/checkdigest.rs +0 -103
data/vendor/ring/include/openssl/aes.h +0 -121
data/vendor/ring/include/openssl/arm_arch.h +0 -129
data/vendor/ring/include/openssl/base.h +0 -156
data/vendor/ring/include/openssl/bn.h +0 -794
data/vendor/ring/include/openssl/buffer.h +0 -18
data/vendor/ring/include/openssl/bytestring.h +0 -235
data/vendor/ring/include/openssl/chacha.h +0 -37
data/vendor/ring/include/openssl/cmac.h +0 -76
data/vendor/ring/include/openssl/cpu.h +0 -184
data/vendor/ring/include/openssl/crypto.h +0 -43
data/vendor/ring/include/openssl/curve25519.h +0 -88
data/vendor/ring/include/openssl/ec.h +0 -225
data/vendor/ring/include/openssl/ec_key.h +0 -129
data/vendor/ring/include/openssl/ecdh.h +0 -110
data/vendor/ring/include/openssl/ecdsa.h +0 -156
data/vendor/ring/include/openssl/err.h +0 -201
data/vendor/ring/include/openssl/mem.h +0 -101
data/vendor/ring/include/openssl/obj_mac.h +0 -71
data/vendor/ring/include/openssl/opensslfeatures.h +0 -68
data/vendor/ring/include/openssl/opensslv.h +0 -18
data/vendor/ring/include/openssl/ossl_typ.h +0 -18
data/vendor/ring/include/openssl/poly1305.h +0 -51
data/vendor/ring/include/openssl/rand.h +0 -70
data/vendor/ring/include/openssl/rsa.h +0 -399
data/vendor/ring/include/openssl/thread.h +0 -133
data/vendor/ring/include/openssl/type_check.h +0 -71
data/vendor/ring/mk/Common.props +0 -63
data/vendor/ring/mk/Windows.props +0 -42
data/vendor/ring/mk/WindowsTest.props +0 -18
data/vendor/ring/mk/appveyor.bat +0 -62
data/vendor/ring/mk/bottom_of_makefile.mk +0 -54
data/vendor/ring/mk/ring.mk +0 -266
data/vendor/ring/mk/top_of_makefile.mk +0 -214
data/vendor/ring/mk/travis.sh +0 -40
data/vendor/ring/mk/update-travis-yml.py +0 -229
data/vendor/ring/ring.sln +0 -153
data/vendor/ring/src/aead.rs +0 -682
data/vendor/ring/src/agreement.rs +0 -248
data/vendor/ring/src/c.rs +0 -129
data/vendor/ring/src/constant_time.rs +0 -37
data/vendor/ring/src/der.rs +0 -96
data/vendor/ring/src/digest.rs +0 -690
data/vendor/ring/src/digest_tests.txt +0 -57
data/vendor/ring/src/ecc.rs +0 -28
data/vendor/ring/src/ecc_build.rs +0 -279
data/vendor/ring/src/ecc_curves.rs +0 -117
data/vendor/ring/src/ed25519_tests.txt +0 -2579
data/vendor/ring/src/exe_tests.rs +0 -46
data/vendor/ring/src/ffi.rs +0 -29
data/vendor/ring/src/file_test.rs +0 -187
data/vendor/ring/src/hkdf.rs +0 -153
data/vendor/ring/src/hkdf_tests.txt +0 -59
data/vendor/ring/src/hmac.rs +0 -414
data/vendor/ring/src/hmac_tests.txt +0 -97
data/vendor/ring/src/input.rs +0 -312
data/vendor/ring/src/lib.rs +0 -41
data/vendor/ring/src/pbkdf2.rs +0 -265
data/vendor/ring/src/pbkdf2_tests.txt +0 -113
data/vendor/ring/src/polyfill.rs +0 -57
data/vendor/ring/src/rand.rs +0 -28
data/vendor/ring/src/signature.rs +0 -314
data/vendor/ring/third-party/NIST/README.md +0 -9
data/vendor/ring/third-party/NIST/SHAVS/SHA1LongMsg.rsp +0 -263
data/vendor/ring/third-party/NIST/SHAVS/SHA1Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA1ShortMsg.rsp +0 -267
data/vendor/ring/third-party/NIST/SHAVS/SHA224LongMsg.rsp +0 -263
data/vendor/ring/third-party/NIST/SHAVS/SHA224Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA224ShortMsg.rsp +0 -267
data/vendor/ring/third-party/NIST/SHAVS/SHA256LongMsg.rsp +0 -263
data/vendor/ring/third-party/NIST/SHAVS/SHA256Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA256ShortMsg.rsp +0 -267
data/vendor/ring/third-party/NIST/SHAVS/SHA384LongMsg.rsp +0 -519
data/vendor/ring/third-party/NIST/SHAVS/SHA384Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA384ShortMsg.rsp +0 -523
data/vendor/ring/third-party/NIST/SHAVS/SHA512LongMsg.rsp +0 -519
data/vendor/ring/third-party/NIST/SHAVS/SHA512Monte.rsp +0 -309
data/vendor/ring/third-party/NIST/SHAVS/SHA512ShortMsg.rsp +0 -523
data/vendor/ring/third-party/NIST/sha256sums.txt +0 -1

data/vendor/ring/crypto/aes/asm/vpaes-x86.pl DELETED

@@ -1,841 +0,0 @@
-#!/usr/bin/env perl
-######################################################################
-## Constant-time SSSE3 AES core implementation.
-## version 0.1
-##
-## By Mike Hamburg (Stanford University), 2009
-## Public domain.
-##
-## For details see http://shiftleft.org/papers/vector_aes/ and
-## http://crypto.stanford.edu/vpaes/.
-######################################################################
-# September 2011.
-#
-# Port vpaes-x86_64.pl as 32-bit "almost" drop-in replacement for
-# aes-586.pl. "Almost" refers to the fact that AES_cbc_encrypt
-# doesn't handle partial vectors (doesn't have to if called from
-# EVP only). "Drop-in" implies that this module doesn't share key
-# schedule structure with the original nor does it make assumption
-# about its alignment...
-#
-# Performance summary. aes-586.pl column lists large-block CBC
-# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per
-# byte processed with 128-bit key, and vpaes-x86.pl column - [also
-# large-block CBC] encrypt/decrypt.
-#
-#		aes-586.pl		vpaes-x86.pl
-#
-# Core 2(**)	28.1/41.4/18.3		21.9/25.2(***)
-# Nehalem	27.9/40.4/18.1		10.2/11.9
-# Atom		70.7/92.1/60.1		61.1/75.4(***)
-# Silvermont	45.4/62.9/24.1		49.2/61.1(***)
-#
-# (*)	"Hyper-threading" in the context refers rather to cache shared
-#	among multiple cores, than to specifically Intel HTT. As vast
-#	majority of contemporary cores share cache, slower code path
-#	is common place. In other words "with-hyper-threading-off"
-#	results are presented mostly for reference purposes.
-#
-# (**)	"Core 2" refers to initial 65nm design, a.k.a. Conroe.
-#
-# (***)	Less impressive improvement on Core 2 and Atom is due to slow
-#	pshufb,	yet it's respectable +28%/64%  improvement on Core 2
-#	and +15% on Atom (as implied, over "hyper-threading-safe"
-#	code path).
-#
-#						<appro@openssl.org>
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}","${dir}../../perlasm");
-require "x86asm.pl";
-&asm_init($ARGV[0],"vpaes-x86.pl",$x86only = $ARGV[$#ARGV] eq "386");
-$PREFIX="vpaes";
-my  ($round, $base, $magic, $key, $const, $inp, $out)=
-    ("eax",  "ebx", "ecx",  "edx","ebp",  "esi","edi");
-&static_label("_vpaes_consts");
-&static_label("_vpaes_schedule_low_round");
-&set_label("_vpaes_consts",64);
-$k_inv=-0x30;		# inv, inva
-	&data_word(0x0D080180,0x0E05060F,0x0A0B0C02,0x04070309);
-	&data_word(0x0F0B0780,0x01040A06,0x02050809,0x030D0E0C);
-$k_s0F=-0x10;		# s0F
-	&data_word(0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F);
-$k_ipt=0x00;		# input transform (lo, hi)
-	&data_word(0x5A2A7000,0xC2B2E898,0x52227808,0xCABAE090);
-	&data_word(0x317C4D00,0x4C01307D,0xB0FDCC81,0xCD80B1FC);
-$k_sb1=0x20;		# sb1u, sb1t
-	&data_word(0xCB503E00,0xB19BE18F,0x142AF544,0xA5DF7A6E);
-	&data_word(0xFAE22300,0x3618D415,0x0D2ED9EF,0x3BF7CCC1);
-$k_sb2=0x40;		# sb2u, sb2t
-	&data_word(0x0B712400,0xE27A93C6,0xBC982FCD,0x5EB7E955);
-	&data_word(0x0AE12900,0x69EB8840,0xAB82234A,0xC2A163C8);
-$k_sbo=0x60;		# sbou, sbot
-	&data_word(0x6FBDC700,0xD0D26D17,0xC502A878,0x15AABF7A);
-	&data_word(0x5FBB6A00,0xCFE474A5,0x412B35FA,0x8E1E90D1);
-$k_mc_forward=0x80;	# mc_forward
-	&data_word(0x00030201,0x04070605,0x080B0A09,0x0C0F0E0D);
-	&data_word(0x04070605,0x080B0A09,0x0C0F0E0D,0x00030201);
-	&data_word(0x080B0A09,0x0C0F0E0D,0x00030201,0x04070605);
-	&data_word(0x0C0F0E0D,0x00030201,0x04070605,0x080B0A09);
-$k_mc_backward=0xc0;	# mc_backward
-	&data_word(0x02010003,0x06050407,0x0A09080B,0x0E0D0C0F);
-	&data_word(0x0E0D0C0F,0x02010003,0x06050407,0x0A09080B);
-	&data_word(0x0A09080B,0x0E0D0C0F,0x02010003,0x06050407);
-	&data_word(0x06050407,0x0A09080B,0x0E0D0C0F,0x02010003);
-$k_sr=0x100;		# sr
-	&data_word(0x03020100,0x07060504,0x0B0A0908,0x0F0E0D0C);
-	&data_word(0x0F0A0500,0x030E0904,0x07020D08,0x0B06010C);
-	&data_word(0x0B020900,0x0F060D04,0x030A0108,0x070E050C);
-	&data_word(0x070A0D00,0x0B0E0104,0x0F020508,0x0306090C);
-$k_rcon=0x140;		# rcon
-	&data_word(0xAF9DEEB6,0x1F8391B9,0x4D7C7D81,0x702A9808);
-$k_s63=0x150;		# s63: all equal to 0x63 transformed
-	&data_word(0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B);
-$k_opt=0x160;		# output transform
-	&data_word(0xD6B66000,0xFF9F4929,0xDEBE6808,0xF7974121);
-	&data_word(0x50BCEC00,0x01EDBD51,0xB05C0CE0,0xE10D5DB1);
-$k_deskew=0x180;	# deskew tables: inverts the sbox's "skew"
-	&data_word(0x47A4E300,0x07E4A340,0x5DBEF91A,0x1DFEB95A);
-	&data_word(0x83EA6900,0x5F36B5DC,0xF49D1E77,0x2841C2AB);
-##
-##  Decryption stuff
-##  Key schedule constants
-##
-$k_dksd=0x1a0;		# decryption key schedule: invskew x*D
-	&data_word(0xA3E44700,0xFEB91A5D,0x5A1DBEF9,0x0740E3A4);
-	&data_word(0xB5368300,0x41C277F4,0xAB289D1E,0x5FDC69EA);
-$k_dksb=0x1c0;		# decryption key schedule: invskew x*B
-	&data_word(0x8550D500,0x9A4FCA1F,0x1CC94C99,0x03D65386);
-	&data_word(0xB6FC4A00,0x115BEDA7,0x7E3482C8,0xD993256F);
-$k_dkse=0x1e0;		# decryption key schedule: invskew x*E + 0x63
-	&data_word(0x1FC9D600,0xD5031CCA,0x994F5086,0x53859A4C);
-	&data_word(0x4FDC7BE8,0xA2319605,0x20B31487,0xCD5EF96A);
-$k_dks9=0x200;		# decryption key schedule: invskew x*9
-	&data_word(0x7ED9A700,0xB6116FC8,0x82255BFC,0x4AED9334);
-	&data_word(0x27143300,0x45765162,0xE9DAFDCE,0x8BB89FAC);
-##
-##  Decryption stuff
-##  Round function constants
-##
-$k_dipt=0x220;		# decryption input transform
-	&data_word(0x0B545F00,0x0F505B04,0x114E451A,0x154A411E);
-	&data_word(0x60056500,0x86E383E6,0xF491F194,0x12771772);
-$k_dsb9=0x240;		# decryption sbox output *9*u, *9*t
-	&data_word(0x9A86D600,0x851C0353,0x4F994CC9,0xCAD51F50);
-	&data_word(0xECD74900,0xC03B1789,0xB2FBA565,0x725E2C9E);
-$k_dsbd=0x260;		# decryption sbox output *D*u, *D*t
-	&data_word(0xE6B1A200,0x7D57CCDF,0x882A4439,0xF56E9B13);
-	&data_word(0x24C6CB00,0x3CE2FAF7,0x15DEEFD3,0x2931180D);
-$k_dsbb=0x280;		# decryption sbox output *B*u, *B*t
-	&data_word(0x96B44200,0xD0226492,0xB0F2D404,0x602646F6);
-	&data_word(0xCD596700,0xC19498A6,0x3255AA6B,0xF3FF0C3E);
-$k_dsbe=0x2a0;		# decryption sbox output *E*u, *E*t
-	&data_word(0x26D4D000,0x46F29296,0x64B4F6B0,0x22426004);
-	&data_word(0xFFAAC100,0x0C55A6CD,0x98593E32,0x9467F36B);
-$k_dsbo=0x2c0;		# decryption sbox final output
-	&data_word(0x7EF94000,0x1387EA53,0xD4943E2D,0xC7AA6DB9);
-	&data_word(0x93441D00,0x12D7560F,0xD8C58E9C,0xCA4B8159);
-&asciz	("Vector Permutation AES for x86/SSSE3, Mike Hamburg (Stanford University)");
-&align	(64);
-&function_begin_B("_vpaes_preheat");
-	&add	($const,&DWP(0,"esp"));
-	&movdqa	("xmm7",&QWP($k_inv,$const));
-	&movdqa	("xmm6",&QWP($k_s0F,$const));
-	&ret	();
-&function_end_B("_vpaes_preheat");
-##
-##  _aes_encrypt_core
-##
-##  AES-encrypt %xmm0.
-##
-##  Inputs:
-##     %xmm0 = input
-##     %xmm6-%xmm7 as in _vpaes_preheat
-##    (%edx) = scheduled keys
-##
-##  Output in %xmm0
-##  Clobbers  %xmm1-%xmm5, %eax, %ebx, %ecx, %edx
-##
-##
-&function_begin_B("_vpaes_encrypt_core");
-	&mov	($magic,16);
-	&mov	($round,&DWP(240,$key));
-	&movdqa	("xmm1","xmm6")
-	&movdqa	("xmm2",&QWP($k_ipt,$const));
-	&pandn	("xmm1","xmm0");
-	&pand	("xmm0","xmm6");
-	&movdqu	("xmm5",&QWP(0,$key));
-	&pshufb	("xmm2","xmm0");
-	&movdqa	("xmm0",&QWP($k_ipt+16,$const));
-	&pxor	("xmm2","xmm5");
-	&psrld	("xmm1",4);
-	&add	($key,16);
-	&pshufb	("xmm0","xmm1");
-	&lea	($base,&DWP($k_mc_backward,$const));
-	&pxor	("xmm0","xmm2");
-	&jmp	(&label("enc_entry"));
-&set_label("enc_loop",16);
-	# middle of middle round
-	&movdqa	("xmm4",&QWP($k_sb1,$const));	# 4 : sb1u
-	&movdqa	("xmm0",&QWP($k_sb1+16,$const));# 0 : sb1t
-	&pshufb	("xmm4","xmm2");		# 4 = sb1u
-	&pshufb	("xmm0","xmm3");		# 0 = sb1t
-	&pxor	("xmm4","xmm5");		# 4 = sb1u + k
-	&movdqa	("xmm5",&QWP($k_sb2,$const));	# 4 : sb2u
-	&pxor	("xmm0","xmm4");		# 0 = A
-	&movdqa	("xmm1",&QWP(-0x40,$base,$magic));# .Lk_mc_forward[]
-	&pshufb	("xmm5","xmm2");		# 4 = sb2u
-	&movdqa	("xmm2",&QWP($k_sb2+16,$const));# 2 : sb2t
-	&movdqa	("xmm4",&QWP(0,$base,$magic));	# .Lk_mc_backward[]
-	&pshufb	("xmm2","xmm3");		# 2 = sb2t
-	&movdqa	("xmm3","xmm0");		# 3 = A
-	&pxor	("xmm2","xmm5");		# 2 = 2A
-	&pshufb	("xmm0","xmm1");		# 0 = B
-	&add	($key,16);			# next key
-	&pxor	("xmm0","xmm2");		# 0 = 2A+B
-	&pshufb	("xmm3","xmm4");		# 3 = D
-	&add	($magic,16);			# next mc
-	&pxor	("xmm3","xmm0");		# 3 = 2A+B+D
-	&pshufb	("xmm0","xmm1");		# 0 = 2B+C
-	&and	($magic,0x30);			# ... mod 4
-	&sub	($round,1);			# nr--
-	&pxor	("xmm0","xmm3");		# 0 = 2A+3B+C+D
-&set_label("enc_entry");
-	# top of round
-	&movdqa	("xmm1","xmm6");		# 1 : i
-	&movdqa	("xmm5",&QWP($k_inv+16,$const));# 2 : a/k
-	&pandn	("xmm1","xmm0");		# 1 = i<<4
-	&psrld	("xmm1",4);			# 1 = i
-	&pand	("xmm0","xmm6");		# 0 = k
-	&pshufb	("xmm5","xmm0");		# 2 = a/k
-	&movdqa	("xmm3","xmm7");		# 3 : 1/i
-	&pxor	("xmm0","xmm1");		# 0 = j
-	&pshufb	("xmm3","xmm1");		# 3 = 1/i
-	&movdqa	("xmm4","xmm7");		# 4 : 1/j
-	&pxor	("xmm3","xmm5");		# 3 = iak = 1/i + a/k
-	&pshufb	("xmm4","xmm0");		# 4 = 1/j
-	&movdqa	("xmm2","xmm7");		# 2 : 1/iak
-	&pxor	("xmm4","xmm5");		# 4 = jak = 1/j + a/k
-	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
-	&movdqa	("xmm3","xmm7");		# 3 : 1/jak
-	&pxor	("xmm2","xmm0");		# 2 = io
-	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
-	&movdqu	("xmm5",&QWP(0,$key));
-	&pxor	("xmm3","xmm1");		# 3 = jo
-	&jnz	(&label("enc_loop"));
-	# middle of last round
-	&movdqa	("xmm4",&QWP($k_sbo,$const));	# 3 : sbou      .Lk_sbo
-	&movdqa	("xmm0",&QWP($k_sbo+16,$const));# 3 : sbot      .Lk_sbo+16
-	&pshufb	("xmm4","xmm2");		# 4 = sbou
-	&pxor	("xmm4","xmm5");		# 4 = sb1u + k
-	&pshufb	("xmm0","xmm3");		# 0 = sb1t
-	&movdqa	("xmm1",&QWP(0x40,$base,$magic));# .Lk_sr[]
-	&pxor	("xmm0","xmm4");		# 0 = A
-	&pshufb	("xmm0","xmm1");
-	&ret	();
-&function_end_B("_vpaes_encrypt_core");
-##
-##  Decryption core
-##
-##  Same API as encryption core.
-##
-&function_begin_B("_vpaes_decrypt_core");
-	&lea	($base,&DWP($k_dsbd,$const));
-	&mov	($round,&DWP(240,$key));
-	&movdqa	("xmm1","xmm6");
-	&movdqa	("xmm2",&QWP($k_dipt-$k_dsbd,$base));
-	&pandn	("xmm1","xmm0");
-	&mov	($magic,$round);
-	&psrld	("xmm1",4)
-	&movdqu	("xmm5",&QWP(0,$key));
-	&shl	($magic,4);
-	&pand	("xmm0","xmm6");
-	&pshufb	("xmm2","xmm0");
-	&movdqa	("xmm0",&QWP($k_dipt-$k_dsbd+16,$base));
-	&xor	($magic,0x30);
-	&pshufb	("xmm0","xmm1");
-	&and	($magic,0x30);
-	&pxor	("xmm2","xmm5");
-	&movdqa	("xmm5",&QWP($k_mc_forward+48,$const));
-	&pxor	("xmm0","xmm2");
-	&add	($key,16);
-	&lea	($magic,&DWP($k_sr-$k_dsbd,$base,$magic));
-	&jmp	(&label("dec_entry"));
-&set_label("dec_loop",16);
-##
-##  Inverse mix columns
-##
-	&movdqa	("xmm4",&QWP(-0x20,$base));	# 4 : sb9u
-	&movdqa	("xmm1",&QWP(-0x10,$base));	# 0 : sb9t
-	&pshufb	("xmm4","xmm2");		# 4 = sb9u
-	&pshufb	("xmm1","xmm3");		# 0 = sb9t
-	&pxor	("xmm0","xmm4");
-	&movdqa	("xmm4",&QWP(0,$base));		# 4 : sbdu
-	&pxor	("xmm0","xmm1");		# 0 = ch
-	&movdqa	("xmm1",&QWP(0x10,$base));	# 0 : sbdt
-	&pshufb	("xmm4","xmm2");		# 4 = sbdu
-	&pshufb	("xmm0","xmm5");		# MC ch
-	&pshufb	("xmm1","xmm3");		# 0 = sbdt
-	&pxor	("xmm0","xmm4");		# 4 = ch
-	&movdqa	("xmm4",&QWP(0x20,$base));	# 4 : sbbu
-	&pxor	("xmm0","xmm1");		# 0 = ch
-	&movdqa	("xmm1",&QWP(0x30,$base));	# 0 : sbbt
-	&pshufb	("xmm4","xmm2");		# 4 = sbbu
-	&pshufb	("xmm0","xmm5");		# MC ch
-	&pshufb	("xmm1","xmm3");		# 0 = sbbt
-	&pxor	("xmm0","xmm4");		# 4 = ch
-	&movdqa	("xmm4",&QWP(0x40,$base));	# 4 : sbeu
-	&pxor	("xmm0","xmm1");		# 0 = ch
-	&movdqa	("xmm1",&QWP(0x50,$base));	# 0 : sbet
-	&pshufb	("xmm4","xmm2");		# 4 = sbeu
-	&pshufb	("xmm0","xmm5");		# MC ch
-	&pshufb	("xmm1","xmm3");		# 0 = sbet
-	&pxor	("xmm0","xmm4");		# 4 = ch
-	&add	($key,16);			# next round key
-	&palignr("xmm5","xmm5",12);
-	&pxor	("xmm0","xmm1");		# 0 = ch
-	&sub	($round,1);			# nr--
-&set_label("dec_entry");
-	# top of round
-	&movdqa	("xmm1","xmm6");		# 1 : i
-	&movdqa	("xmm2",&QWP($k_inv+16,$const));# 2 : a/k
-	&pandn	("xmm1","xmm0");		# 1 = i<<4
-	&pand	("xmm0","xmm6");		# 0 = k
-	&psrld	("xmm1",4);			# 1 = i
-	&pshufb	("xmm2","xmm0");		# 2 = a/k
-	&movdqa	("xmm3","xmm7");		# 3 : 1/i
-	&pxor	("xmm0","xmm1");		# 0 = j
-	&pshufb	("xmm3","xmm1");		# 3 = 1/i
-	&movdqa	("xmm4","xmm7");		# 4 : 1/j
-	&pxor	("xmm3","xmm2");		# 3 = iak = 1/i + a/k
-	&pshufb	("xmm4","xmm0");		# 4 = 1/j
-	&pxor	("xmm4","xmm2");		# 4 = jak = 1/j + a/k
-	&movdqa	("xmm2","xmm7");		# 2 : 1/iak
-	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
-	&movdqa	("xmm3","xmm7");		# 3 : 1/jak
-	&pxor	("xmm2","xmm0");		# 2 = io
-	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
-	&movdqu	("xmm0",&QWP(0,$key));
-	&pxor	("xmm3","xmm1");		# 3 = jo
-	&jnz	(&label("dec_loop"));
-	# middle of last round
-	&movdqa	("xmm4",&QWP(0x60,$base));	# 3 : sbou
-	&pshufb	("xmm4","xmm2");		# 4 = sbou
-	&pxor	("xmm4","xmm0");		# 4 = sb1u + k
-	&movdqa	("xmm0",&QWP(0x70,$base));	# 0 : sbot
-	&movdqa	("xmm2",&QWP(0,$magic));
-	&pshufb	("xmm0","xmm3");		# 0 = sb1t
-	&pxor	("xmm0","xmm4");		# 0 = A
-	&pshufb	("xmm0","xmm2");
-	&ret	();
-&function_end_B("_vpaes_decrypt_core");
-########################################################
-##                                                    ##
-##                  AES key schedule                  ##
-##                                                    ##
-########################################################
-&function_begin_B("_vpaes_schedule_core");
-	&add	($const,&DWP(0,"esp"));
-	&movdqu	("xmm0",&QWP(0,$inp));		# load key (unaligned)
-	&movdqa	("xmm2",&QWP($k_rcon,$const));	# load rcon
-	# input transform
-	&movdqa	("xmm3","xmm0");
-	&lea	($base,&DWP($k_ipt,$const));
-	&movdqa	(&QWP(4,"esp"),"xmm2");		# xmm8
-	&call	("_vpaes_schedule_transform");
-	&movdqa	("xmm7","xmm0");
-	&test	($out,$out);
-	&jnz	(&label("schedule_am_decrypting"));
-	# encrypting, output zeroth round key after transform
-	&movdqu	(&QWP(0,$key),"xmm0");
-	&jmp	(&label("schedule_go"));
-&set_label("schedule_am_decrypting");
-	# decrypting, output zeroth round key after shiftrows
-	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
-	&pshufb	("xmm3","xmm1");
-	&movdqu	(&QWP(0,$key),"xmm3");
-	&xor	($magic,0x30);
-&set_label("schedule_go");
-	&cmp	($round,192);
-	&ja	(&label("schedule_256"));
-	&je	(&label("schedule_192"));
-	# 128: fall though
-##
-##  .schedule_128
-##
-##  128-bit specific part of key schedule.
-##
-##  This schedule is really simple, because all its parts
-##  are accomplished by the subroutines.
-##
-&set_label("schedule_128");
-	&mov	($round,10);
-&set_label("loop_schedule_128");
-	&call	("_vpaes_schedule_round");
-	&dec	($round);
-	&jz	(&label("schedule_mangle_last"));
-	&call	("_vpaes_schedule_mangle");	# write output
-	&jmp	(&label("loop_schedule_128"));
-##
-##  .aes_schedule_192
-##
-##  192-bit specific part of key schedule.
-##
-##  The main body of this schedule is the same as the 128-bit
-##  schedule, but with more smearing.  The long, high side is
-##  stored in %xmm7 as before, and the short, low side is in
-##  the high bits of %xmm6.
-##
-##  This schedule is somewhat nastier, however, because each
-##  round produces 192 bits of key material, or 1.5 round keys.
-##  Therefore, on each cycle we do 2 rounds and produce 3 round
-##  keys.
-##
-&set_label("schedule_192",16);
-	&movdqu	("xmm0",&QWP(8,$inp));		# load key part 2 (very unaligned)
-	&call	("_vpaes_schedule_transform");	# input transform
-	&movdqa	("xmm6","xmm0");		# save short part
-	&pxor	("xmm4","xmm4");		# clear 4
-	&movhlps("xmm6","xmm4");		# clobber low side with zeros
-	&mov	($round,4);
-&set_label("loop_schedule_192");
-	&call	("_vpaes_schedule_round");
-	&palignr("xmm0","xmm6",8);
-	&call	("_vpaes_schedule_mangle");	# save key n
-	&call	("_vpaes_schedule_192_smear");
-	&call	("_vpaes_schedule_mangle");	# save key n+1
-	&call	("_vpaes_schedule_round");
-	&dec	($round);
-	&jz	(&label("schedule_mangle_last"));
-	&call	("_vpaes_schedule_mangle");	# save key n+2
-	&call	("_vpaes_schedule_192_smear");
-	&jmp	(&label("loop_schedule_192"));
-##
-##  .aes_schedule_256
-##
-##  256-bit specific part of key schedule.
-##
-##  The structure here is very similar to the 128-bit
-##  schedule, but with an additional "low side" in
-##  %xmm6.  The low side's rounds are the same as the
-##  high side's, except no rcon and no rotation.
-##
-&set_label("schedule_256",16);
-	&movdqu	("xmm0",&QWP(16,$inp));		# load key part 2 (unaligned)
-	&call	("_vpaes_schedule_transform");	# input transform
-	&mov	($round,7);
-&set_label("loop_schedule_256");
-	&call	("_vpaes_schedule_mangle");	# output low result
-	&movdqa	("xmm6","xmm0");		# save cur_lo in xmm6
-	# high round
-	&call	("_vpaes_schedule_round");
-	&dec	($round);
-	&jz	(&label("schedule_mangle_last"));
-	&call	("_vpaes_schedule_mangle");
-	# low round. swap xmm7 and xmm6
-	&pshufd	("xmm0","xmm0",0xFF);
-	&movdqa	(&QWP(20,"esp"),"xmm7");
-	&movdqa	("xmm7","xmm6");
-	&call	("_vpaes_schedule_low_round");
-	&movdqa	("xmm7",&QWP(20,"esp"));
-	&jmp	(&label("loop_schedule_256"));
-##
-##  .aes_schedule_mangle_last
-##
-##  Mangler for last round of key schedule
-##  Mangles %xmm0
-##    when encrypting, outputs out(%xmm0) ^ 63
-##    when decrypting, outputs unskew(%xmm0)
-##
-##  Always called right before return... jumps to cleanup and exits
-##
-&set_label("schedule_mangle_last",16);
-	# schedule last round key from xmm0
-	&lea	($base,&DWP($k_deskew,$const));
-	&test	($out,$out);
-	&jnz	(&label("schedule_mangle_last_dec"));
-	# encrypting
-	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
-	&pshufb	("xmm0","xmm1");		# output permute
-	&lea	($base,&DWP($k_opt,$const));	# prepare to output transform
-	&add	($key,32);
-&set_label("schedule_mangle_last_dec");
-	&add	($key,-16);
-	&pxor	("xmm0",&QWP($k_s63,$const));
-	&call	("_vpaes_schedule_transform");	# output transform
-	&movdqu	(&QWP(0,$key),"xmm0");		# save last key
-	# cleanup
-	&pxor	("xmm0","xmm0");
-	&pxor	("xmm1","xmm1");
-	&pxor	("xmm2","xmm2");
-	&pxor	("xmm3","xmm3");
-	&pxor	("xmm4","xmm4");
-	&pxor	("xmm5","xmm5");
-	&pxor	("xmm6","xmm6");
-	&pxor	("xmm7","xmm7");
-	&ret	();
-&function_end_B("_vpaes_schedule_core");
-##
-##  .aes_schedule_192_smear
-##
-##  Smear the short, low side in the 192-bit key schedule.
-##
-##  Inputs:
-##    %xmm7: high side, b  a  x  y
-##    %xmm6:  low side, d  c  0  0
-##    %xmm13: 0
-##
-##  Outputs:
-##    %xmm6: b+c+d  b+c  0  0
-##    %xmm0: b+c+d  b+c  b  a
-##
-&function_begin_B("_vpaes_schedule_192_smear");
-	&pshufd	("xmm1","xmm6",0x80);		# d c 0 0 -> c 0 0 0
-	&pshufd	("xmm0","xmm7",0xFE);		# b a _ _ -> b b b a
-	&pxor	("xmm6","xmm1");		# -> c+d c 0 0
-	&pxor	("xmm1","xmm1");
-	&pxor	("xmm6","xmm0");		# -> b+c+d b+c b a
-	&movdqa	("xmm0","xmm6");
-	&movhlps("xmm6","xmm1");		# clobber low side with zeros
-	&ret	();
-&function_end_B("_vpaes_schedule_192_smear");
-##
-##  .aes_schedule_round
-##
-##  Runs one main round of the key schedule on %xmm0, %xmm7
-##
-##  Specifically, runs subbytes on the high dword of %xmm0
-##  then rotates it by one byte and xors into the low dword of
-##  %xmm7.
-##
-##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
-##  next rcon.
-##
-##  Smears the dwords of %xmm7 by xoring the low into the
-##  second low, result into third, result into highest.
-##
-##  Returns results in %xmm7 = %xmm0.
-##  Clobbers %xmm1-%xmm5.
-##
-&function_begin_B("_vpaes_schedule_round");
-	# extract rcon from xmm8
-	&movdqa	("xmm2",&QWP(8,"esp"));		# xmm8
-	&pxor	("xmm1","xmm1");
-	&palignr("xmm1","xmm2",15);
-	&palignr("xmm2","xmm2",15);
-	&pxor	("xmm7","xmm1");
-	# rotate
-	&pshufd	("xmm0","xmm0",0xFF);
-	&palignr("xmm0","xmm0",1);
-	# fall through...
-	&movdqa	(&QWP(8,"esp"),"xmm2");		# xmm8
-	# low round: same as high round, but no rotation and no rcon.
-&set_label("_vpaes_schedule_low_round");
-	# smear xmm7
-	&movdqa	("xmm1","xmm7");
-	&pslldq	("xmm7",4);
-	&pxor	("xmm7","xmm1");
-	&movdqa	("xmm1","xmm7");
-	&pslldq	("xmm7",8);
-	&pxor	("xmm7","xmm1");
-	&pxor	("xmm7",&QWP($k_s63,$const));
-	# subbyte
-	&movdqa	("xmm4",&QWP($k_s0F,$const));
-	&movdqa	("xmm5",&QWP($k_inv,$const));	# 4 : 1/j
-	&movdqa	("xmm1","xmm4");
-	&pandn	("xmm1","xmm0");
-	&psrld	("xmm1",4);			# 1 = i
-	&pand	("xmm0","xmm4");		# 0 = k
-	&movdqa	("xmm2",&QWP($k_inv+16,$const));# 2 : a/k
-	&pshufb	("xmm2","xmm0");		# 2 = a/k
-	&pxor	("xmm0","xmm1");		# 0 = j
-	&movdqa	("xmm3","xmm5");		# 3 : 1/i
-	&pshufb	("xmm3","xmm1");		# 3 = 1/i
-	&pxor	("xmm3","xmm2");		# 3 = iak = 1/i + a/k
-	&movdqa	("xmm4","xmm5");		# 4 : 1/j
-	&pshufb	("xmm4","xmm0");		# 4 = 1/j
-	&pxor	("xmm4","xmm2");		# 4 = jak = 1/j + a/k
-	&movdqa	("xmm2","xmm5");		# 2 : 1/iak
-	&pshufb	("xmm2","xmm3");		# 2 = 1/iak
-	&pxor	("xmm2","xmm0");		# 2 = io
-	&movdqa	("xmm3","xmm5");		# 3 : 1/jak
-	&pshufb	("xmm3","xmm4");		# 3 = 1/jak
-	&pxor	("xmm3","xmm1");		# 3 = jo
-	&movdqa	("xmm4",&QWP($k_sb1,$const));	# 4 : sbou
-	&pshufb	("xmm4","xmm2");		# 4 = sbou
-	&movdqa	("xmm0",&QWP($k_sb1+16,$const));# 0 : sbot
-	&pshufb	("xmm0","xmm3");		# 0 = sb1t
-	&pxor	("xmm0","xmm4");		# 0 = sbox output
-	# add in smeared stuff
-	&pxor	("xmm0","xmm7");
-	&movdqa	("xmm7","xmm0");
-	&ret	();
-&function_end_B("_vpaes_schedule_round");
-##
-##  .aes_schedule_transform
-##
-##  Linear-transform %xmm0 according to tables at (%ebx)
-##
-##  Output in %xmm0
-##  Clobbers %xmm1, %xmm2
-##
-&function_begin_B("_vpaes_schedule_transform");
-	&movdqa	("xmm2",&QWP($k_s0F,$const));
-	&movdqa	("xmm1","xmm2");
-	&pandn	("xmm1","xmm0");
-	&psrld	("xmm1",4);
-	&pand	("xmm0","xmm2");
-	&movdqa	("xmm2",&QWP(0,$base));
-	&pshufb	("xmm2","xmm0");
-	&movdqa	("xmm0",&QWP(16,$base));
-	&pshufb	("xmm0","xmm1");
-	&pxor	("xmm0","xmm2");
-	&ret	();
-&function_end_B("_vpaes_schedule_transform");
-##
-##  .aes_schedule_mangle
-##
-##  Mangle xmm0 from (basis-transformed) standard version
-##  to our version.
-##
-##  On encrypt,
-##    xor with 0x63
-##    multiply by circulant 0,1,1,1
-##    apply shiftrows transform
-##
-##  On decrypt,
-##    xor with 0x63
-##    multiply by "inverse mixcolumns" circulant E,B,D,9
-##    deskew
-##    apply shiftrows transform
-##
-##
-##  Writes out to (%edx), and increments or decrements it
-##  Keeps track of round number mod 4 in %ecx
-##  Preserves xmm0
-##  Clobbers xmm1-xmm5
-##
-&function_begin_B("_vpaes_schedule_mangle");
-	&movdqa	("xmm4","xmm0");	# save xmm0 for later
-	&movdqa	("xmm5",&QWP($k_mc_forward,$const));
-	&test	($out,$out);
-	&jnz	(&label("schedule_mangle_dec"));
-	# encrypting
-	&add	($key,16);
-	&pxor	("xmm4",&QWP($k_s63,$const));
-	&pshufb	("xmm4","xmm5");
-	&movdqa	("xmm3","xmm4");
-	&pshufb	("xmm4","xmm5");
-	&pxor	("xmm3","xmm4");
-	&pshufb	("xmm4","xmm5");
-	&pxor	("xmm3","xmm4");
-	&jmp	(&label("schedule_mangle_both"));
-&set_label("schedule_mangle_dec",16);
-	# inverse mix columns
-	&movdqa	("xmm2",&QWP($k_s0F,$const));
-	&lea	($inp,&DWP($k_dksd,$const));
-	&movdqa	("xmm1","xmm2");
-	&pandn	("xmm1","xmm4");
-	&psrld	("xmm1",4);			# 1 = hi
-	&pand	("xmm4","xmm2");		# 4 = lo
-	&movdqa	("xmm2",&QWP(0,$inp));
-	&pshufb	("xmm2","xmm4");
-	&movdqa	("xmm3",&QWP(0x10,$inp));
-	&pshufb	("xmm3","xmm1");
-	&pxor	("xmm3","xmm2");
-	&pshufb	("xmm3","xmm5");
-	&movdqa	("xmm2",&QWP(0x20,$inp));
-	&pshufb	("xmm2","xmm4");
-	&pxor	("xmm2","xmm3");
-	&movdqa	("xmm3",&QWP(0x30,$inp));
-	&pshufb	("xmm3","xmm1");
-	&pxor	("xmm3","xmm2");
-	&pshufb	("xmm3","xmm5");
-	&movdqa	("xmm2",&QWP(0x40,$inp));
-	&pshufb	("xmm2","xmm4");
-	&pxor	("xmm2","xmm3");
-	&movdqa	("xmm3",&QWP(0x50,$inp));
-	&pshufb	("xmm3","xmm1");
-	&pxor	("xmm3","xmm2");
-	&pshufb	("xmm3","xmm5");
-	&movdqa	("xmm2",&QWP(0x60,$inp));
-	&pshufb	("xmm2","xmm4");
-	&pxor	("xmm2","xmm3");
-	&movdqa	("xmm3",&QWP(0x70,$inp));
-	&pshufb	("xmm3","xmm1");
-	&pxor	("xmm3","xmm2");
-	&add	($key,-16);
-&set_label("schedule_mangle_both");
-	&movdqa	("xmm1",&QWP($k_sr,$const,$magic));
-	&pshufb	("xmm3","xmm1");
-	&add	($magic,-16);
-	&and	($magic,0x30);
-	&movdqu	(&QWP(0,$key),"xmm3");
-	&ret	();
-&function_end_B("_vpaes_schedule_mangle");
-#
-# Interface to OpenSSL
-#
-&function_begin("${PREFIX}_set_encrypt_key");
-	&mov	($inp,&wparam(0));		# inp
-	&lea	($base,&DWP(-56,"esp"));
-	&mov	($round,&wparam(1));		# bits
-	&and	($base,-16);
-	&mov	($key,&wparam(2));		# key
-	&xchg	($base,"esp");			# alloca
-	&mov	(&DWP(48,"esp"),$base);
-	&mov	($base,$round);
-	&shr	($base,5);
-	&add	($base,5);
-	&mov	(&DWP(240,$key),$base);		# AES_KEY->rounds = nbits/32+5;
-	&mov	($magic,0x30);
-	&mov	($out,0);
-	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
-	&call	("_vpaes_schedule_core");
-&set_label("pic_point");
-	&mov	("esp",&DWP(48,"esp"));
-	&xor	("eax","eax");
-&function_end("${PREFIX}_set_encrypt_key");
-&function_begin("${PREFIX}_set_decrypt_key");
-	&mov	($inp,&wparam(0));		# inp
-	&lea	($base,&DWP(-56,"esp"));
-	&mov	($round,&wparam(1));		# bits
-	&and	($base,-16);
-	&mov	($key,&wparam(2));		# key
-	&xchg	($base,"esp");			# alloca
-	&mov	(&DWP(48,"esp"),$base);
-	&mov	($base,$round);
-	&shr	($base,5);
-	&add	($base,5);
-	&mov	(&DWP(240,$key),$base);	# AES_KEY->rounds = nbits/32+5;
-	&shl	($base,4);
-	&lea	($key,&DWP(16,$key,$base));
-	&mov	($out,1);
-	&mov	($magic,$round);
-	&shr	($magic,1);
-	&and	($magic,32);
-	&xor	($magic,32);			# nbist==192?0:32;
-	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
-	&call	("_vpaes_schedule_core");
-&set_label("pic_point");
-	&mov	("esp",&DWP(48,"esp"));
-	&xor	("eax","eax");
-&function_end("${PREFIX}_set_decrypt_key");
-&function_begin("${PREFIX}_encrypt");
-	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
-	&call	("_vpaes_preheat");
-&set_label("pic_point");
-	&mov	($inp,&wparam(0));		# inp
-	&lea	($base,&DWP(-56,"esp"));
-	&mov	($out,&wparam(1));		# out
-	&and	($base,-16);
-	&mov	($key,&wparam(2));		# key
-	&xchg	($base,"esp");			# alloca
-	&mov	(&DWP(48,"esp"),$base);
-	&movdqu	("xmm0",&QWP(0,$inp));
-	&call	("_vpaes_encrypt_core");
-	&movdqu	(&QWP(0,$out),"xmm0");
-	&mov	("esp",&DWP(48,"esp"));
-&function_end("${PREFIX}_encrypt");
-&function_begin("${PREFIX}_decrypt");
-	&lea	($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point")));
-	&call	("_vpaes_preheat");
-&set_label("pic_point");
-	&mov	($inp,&wparam(0));		# inp
-	&lea	($base,&DWP(-56,"esp"));
-	&mov	($out,&wparam(1));		# out
-	&and	($base,-16);
-	&mov	($key,&wparam(2));		# key
-	&xchg	($base,"esp");			# alloca
-	&mov	(&DWP(48,"esp"),$base);
-	&movdqu	("xmm0",&QWP(0,$inp));
-	&call	("_vpaes_decrypt_core");
-	&movdqu	(&QWP(0,$out),"xmm0");
-	&mov	("esp",&DWP(48,"esp"));
-&function_end("${PREFIX}_decrypt");
-&asm_finish();