/* sp_int.c

 *

 * Copyright (C) 2006-2022 wolfSSL Inc.

 *

 * This file is part of wolfSSL.

 *

 * wolfSSL is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * wolfSSL is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA

 */

/* Implementation by Sean Parkinson. */

/*

DESCRIPTION

This library provides single precision (SP) integer math functions.

*/

#ifdef HAVE_CONFIG_H

    #include <config.h>

#endif

#include <wolfssl/wolfcrypt/settings.h>

#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)

#include <wolfssl/wolfcrypt/error-crypt.h>

#ifdef NO_INLINE

    #include <wolfssl/wolfcrypt/misc.h>

#else

    #define WOLFSSL_MISC_INCLUDED

    #include <wolfcrypt/src/misc.c>

#endif

/* SP Build Options:

 * WOLFSSL_HAVE_SP_RSA:         Enable SP RSA support

 * WOLFSSL_HAVE_SP_DH:          Enable SP DH support

 * WOLFSSL_HAVE_SP_ECC:         Enable SP ECC support

 * WOLFSSL_SP_MATH:             Use only single precision math and algorithms

 *      it supports (no fastmath tfm.c or normal integer.c)

 * WOLFSSL_SP_MATH_ALL          Implementation of all MP functions

 *      (replacement for tfm.c and integer.c)

 * WOLFSSL_SP_SMALL:            Use smaller version of code and avoid large

 *      stack variables

 * WOLFSSL_SP_NO_MALLOC:        Always use stack, no heap XMALLOC/XFREE allowed

 * WOLFSSL_SP_NO_2048:          Disable RSA/DH 2048-bit support

 * WOLFSSL_SP_NO_3072:          Disable RSA/DH 3072-bit support

 * WOLFSSL_SP_4096:             Enable RSA/RH 4096-bit support

 * WOLFSSL_SP_NO_256            Disable ECC 256-bit SECP256R1 support

 * WOLFSSL_SP_384               Enable ECC 384-bit SECP384R1 support

 * WOLFSSL_SP_521               Enable ECC 521-bit SECP521R1 support

 * WOLFSSL_SP_ASM               Enable assembly speedups (detect platform)

 * WOLFSSL_SP_X86_64_ASM        Enable Intel x64 assembly implementation

 * WOLFSSL_SP_ARM32_ASM         Enable Aarch32 assembly implementation

 * WOLFSSL_SP_ARM64_ASM         Enable Aarch64 assembly implementation

 * WOLFSSL_SP_ARM_CORTEX_M_ASM  Enable Cortex-M assembly implementation

 * WOLFSSL_SP_ARM_THUMB_ASM     Enable ARM Thumb assembly implementation

 *      (used with -mthumb)

 * WOLFSSL_SP_X86_64            Enable Intel x86 64-bit assembly speedups

 * WOLFSSL_SP_X86               Enable Intel x86 assembly speedups

 * WOLFSSL_SP_ARM64             Enable Aarch64 assembly speedups

 * WOLFSSL_SP_ARM32             Enable ARM32 assembly speedups

 * WOLFSSL_SP_ARM32_UDIV        Enable word divide asm that uses UDIV instr

 * WOLFSSL_SP_ARM_THUMB         Enable ARM Thumb assembly speedups

 *                              (explicitly uses register 'r7')

 * WOLFSSL_SP_PPC64             Enable PPC64 assembly speedups

 * WOLFSSL_SP_PPC               Enable PPC assembly speedups

 * WOLFSSL_SP_MIPS64            Enable MIPS64 assembly speedups

 * WOLFSSL_SP_MIPS              Enable MIPS assembly speedups

 * WOLFSSL_SP_RISCV64           Enable RISCV64 assembly speedups

 * WOLFSSL_SP_RISCV32           Enable RISCV32 assembly speedups

 * WOLFSSL_SP_S390X             Enable S390X assembly speedups

 * SP_WORD_SIZE                 Force 32 or 64 bit mode

 * WOLFSSL_SP_NONBLOCK          Enables "non blocking" mode for SP math, which

 *      will return FP_WOULDBLOCK for long operations and function must be

 *      called again until complete.

 * WOLFSSL_SP_FAST_NCT_EXPTMOD  Enables the faster non-constant time modular

 *      exponentation implementation.

 * WOLFSSL_SP_INT_NEGATIVE      Enables negative values to be used.

 * WOLFSSL_SP_INT_DIGIT_ALIGN   Enable when unaligned access of sp_int_digit

 *                              pointer is not allowed.

 * WOLFSSL_SP_NO_DYN_STACK      Disable use of dynamic stack items.

 *                              Used with small code size and not small stack.

 * WOLFSSL_SP_FAST_MODEXP       Allow fast mod_exp with small C code

 */

/* TODO: WOLFSSL_SP_SMALL is incompatible with clang-12+ -Os. */

#if defined(__clang__) && defined(__clang_major__) && \

    (__clang_major__ >= 12) && defined(WOLFSSL_SP_SMALL)

    #undef WOLFSSL_SP_SMALL

#endif

#include <wolfssl/wolfcrypt/sp_int.h>

/* DECL_SP_INT: Declare one variable of type 'sp_int'. */

#if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \

    !defined(WOLFSSL_SP_NO_MALLOC)

    /* Declare a variable that will be assigned a value on XMALLOC. */

    #define DECL_SP_INT(n, s)   \

        sp_int* n = NULL

#else

    #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \

        defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)

        /* Declare a variable on the stack with the required data size. */

        #define DECL_SP_INT(n, s)               \

            byte    n##d[MP_INT_SIZEOF(s)];     \

            sp_int* n = (sp_int*)n##d

    #else

        /* Declare a variable on the stack. */

        #define DECL_SP_INT(n, s)               \

            sp_int n[1]

    #endif

#endif

/* ALLOC_SP_INT: Allocate an 'sp_int' of reqired size. */

#if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \

    !defined(WOLFSSL_SP_NO_MALLOC)

    /* Dynamically allocate just enough data to support size. */

    #define ALLOC_SP_INT(n, s, err, h)                                         \

    do {                                                                       \

        if ((err) == MP_OKAY) {                                                \

            (n) = (sp_int*)XMALLOC(MP_INT_SIZEOF(s), (h), DYNAMIC_TYPE_BIGINT); \

            if ((n) == NULL) {                                                 \

                (err) = MP_MEM;                                                \

            }                                                                  \

        }                                                                      \

    }                                                                          \

    while (0)

    /* Dynamically allocate just enough data to support size - and set size. */

    #define ALLOC_SP_INT_SIZE(n, s, err, h)                                    \

    do {                                                                       \

        ALLOC_SP_INT(n, s, err, h);                                            \

        if ((err) == MP_OKAY) {                                                \

            (n)->size = (s);                                                   \

        }                                                                      \

    }                                                                          \

    while (0)

#else

    /* Array declared on stack - nothing to do. */

    #define ALLOC_SP_INT(n, s, err, h)

    /* Array declared on stack - set the size field. */

    #define ALLOC_SP_INT_SIZE(n, s, err, h)     \

        n->size = s;

#endif

/* FREE_SP_INT: Free an 'sp_int' variable. */

#if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \

    !defined(WOLFSSL_SP_NO_MALLOC)

    /* Free dynamically allocated data. */

    #define FREE_SP_INT(n, h)                   \

    do {                                        \

        if ((n) != NULL) {                      \

            XFREE(n, h, DYNAMIC_TYPE_BIGINT);   \

        }                                       \

    }                                           \

    while (0)

#else

    /* Nothing to do as declared on stack. */

    #define FREE_SP_INT(n, h)

#endif

/* DECL_SP_INT_ARRAY: Declare array of 'sp_int'. */

#if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \

    !defined(WOLFSSL_SP_NO_MALLOC)

    /* Declare a variable that will be assigned a value on XMALLOC. */

    #define DECL_SP_INT_ARRAY(n, s, c)  \

        sp_int* n##d = NULL;            \

        sp_int* (n)[c] = { NULL, }

#else

    #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \

        defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)

        /* Declare a variable on the stack with the required data size. */

        #define DECL_SP_INT_ARRAY(n, s, c)          \

            byte    n##d[MP_INT_SIZEOF(s) * (c)];   \

            sp_int* (n)[c]

    #else

        /* Declare a variable on the stack. */

        #define DECL_SP_INT_ARRAY(n, s, c)      \

            sp_int n##d[c];                     \

            sp_int* (n)[c]

    #endif

#endif

/* ALLOC_SP_INT_ARRAY: Allocate an array of 'sp_int's of reqired size. */

#if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \

    !defined(WOLFSSL_SP_NO_MALLOC)

    /* Dynamically allocate just enough data to support multiple sp_ints of the

     * required size. Use pointers into data to make up array and set sizes.

     */

    #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                                \

    do {                                                                       \

        if ((err) == MP_OKAY) {                                                \

            n##d = (sp_int*)XMALLOC(MP_INT_SIZEOF(s) * (c), (h),               \

                                                         DYNAMIC_TYPE_BIGINT); \

            if (n##d == NULL) {                                                \

                (err) = MP_MEM;                                                \

            }                                                                  \

            else {                                                             \

                int n##ii;                                                     \

                (n)[0] = n##d;                                                 \

                (n)[0]->size = (s);                                            \

                for (n##ii = 1; n##ii < (c); n##ii++) {                        \

                    (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                 \

                    (n)[n##ii]->size = (s);                                    \

                }                                                              \

            }                                                                  \

        }                                                                      \

    }                                                                          \

    while (0)

#else

    #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \

        defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)

        /* Data declared on stack that supports multiple sp_ints of the

         * required size. Use pointers into data to make up array and set sizes.

         */

        #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                            \

        do {                                                                   \

            if ((err) == MP_OKAY) {                                            \

                int n##ii;                                                     \

                (n)[0] = (sp_int*)n##d;                                        \

                (n)[0]->size = (s);                                            \

                for (n##ii = 1; n##ii < (c); n##ii++) {                        \

                    (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s);                 \

                    (n)[n##ii]->size = (s);                                    \

                }                                                              \

            }                                                                  \

        }                                                                      \

        while (0)

    #else

        /* Data declared on stack that supports multiple sp_ints of the

         * required size. Set into array and set sizes.

         */

        #define ALLOC_SP_INT_ARRAY(n, s, c, err, h)                            \

        do {                                                                   \

            if ((err) == MP_OKAY) {                                            \

                int n##ii;                                                     \

                for (n##ii = 0; n##ii < (c); n##ii++) {                        \

                    (n)[n##ii] = &n##d[n##ii];                                 \

                    (n)[n##ii]->size = (s);                                    \

                }                                                              \

            }                                                                  \

        }                                                                      \

        while (0)

    #endif

#endif

/* FREE_SP_INT_ARRAY: Free an array of 'sp_int'. */

#if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \

    !defined(WOLFSSL_SP_NO_MALLOC)

    /* Free data variable that was dynamically allocated. */

    #define FREE_SP_INT_ARRAY(n, h)                 \

    do {                                            \

        if (n##d != NULL) {                         \

            XFREE(n##d, h, DYNAMIC_TYPE_BIGINT);    \

        }                                           \

    }                                               \

    while (0)

#else

    /* Nothing to do as data declared on stack. */

    #define FREE_SP_INT_ARRAY(n, h)

#endif

#ifndef WOLFSSL_NO_ASM

    #ifdef __IAR_SYSTEMS_ICC__

        #define __asm__        asm

        #define __volatile__   volatile

    #endif /* __IAR_SYSTEMS_ICC__ */

    #ifdef __KEIL__

        #define __asm__        __asm

        #define __volatile__   volatile

    #endif

    #if defined(WOLFSSL_SP_X86_64) && SP_WORD_SIZE == 64

/*

 * CPU: x86_64

 */

/* Multiply va by vb and store double size result in: vh | vl */

#define SP_ASM_MUL(vl, vh, va, vb)                       \

    __asm__ __volatile__ (                               \

        "movq %[b], %%rax \n\t"                    \

        "mulq %[a]    \n\t"                    \

        "movq %%rax, %[l] \n\t"                    \

        "movq %%rdx, %[h] \n\t"                    \

        : [h] "+r" (vh), [l] "+r" (vl)                   \

        : [a] "m" (va), [b] "m" (vb)                     \

        : "memory", "%rax", "%rdx", "cc"                 \

    )

/* Multiply va by vb and store double size result in: vo | vh | vl */

#define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \

    __asm__ __volatile__ (                               \

        "movq %[b], %%rax \n\t"                    \

        "mulq %[a]    \n\t"                    \

        "movq $0   , %[o] \n\t"                    \

        "movq %%rax, %[l] \n\t"                    \

        "movq %%rdx, %[h] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \

        : [a] "m" (va), [b] "m" (vb)                     \

        : "%rax", "%rdx", "cc"                           \

    )

/* Multiply va by vb and add double size result into: vo | vh | vl */

#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \

    __asm__ __volatile__ (                               \

        "movq %[b], %%rax \n\t"                    \

        "mulq %[a]    \n\t"                    \

        "addq %%rax, %[l] \n\t"                    \

        "adcq %%rdx, %[h] \n\t"                    \

        "adcq $0   , %[o] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "m" (va), [b] "m" (vb)                     \

        : "%rax", "%rdx", "cc"                           \

    )

/* Multiply va by vb and add double size result into: vh | vl */

#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb)                \

    __asm__ __volatile__ (                               \

        "movq %[b], %%rax \n\t"                    \

        "mulq %[a]    \n\t"                    \

        "addq %%rax, %[l] \n\t"                    \

        "adcq %%rdx, %[h] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "m" (va), [b] "m" (vb)                     \

        : "%rax", "%rdx", "cc"                           \

    )

/* Multiply va by vb and add double size result twice into: vo | vh | vl */

#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \

    __asm__ __volatile__ (                               \

        "movq %[b], %%rax \n\t"                    \

        "mulq %[a]    \n\t"                    \

        "addq %%rax, %[l] \n\t"                    \

        "adcq %%rdx, %[h] \n\t"                    \

        "adcq $0   , %[o] \n\t"                    \

        "addq %%rax, %[l] \n\t"                    \

        "adcq %%rdx, %[h] \n\t"                    \

        "adcq $0   , %[o] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "m" (va), [b] "m" (vb)                     \

        : "%rax", "%rdx", "cc"                           \

    )

/* Multiply va by vb and add double size result twice into: vo | vh | vl

 * Assumes first add will not overflow vh | vl

 */

#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb)           \

    __asm__ __volatile__ (                               \

        "movq %[b], %%rax \n\t"                    \

        "mulq %[a]    \n\t"                    \

        "addq %%rax, %[l] \n\t"                    \

        "adcq %%rdx, %[h] \n\t"                    \

        "addq %%rax, %[l] \n\t"                    \

        "adcq %%rdx, %[h] \n\t"                    \

        "adcq $0   , %[o] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "m" (va), [b] "m" (vb)                     \

        : "%rax", "%rdx", "cc"                           \

    )

/* Square va and store double size result in: vh | vl */

#define SP_ASM_SQR(vl, vh, va)                           \

    __asm__ __volatile__ (                               \

        "movq %[a], %%rax \n\t"                    \

        "mulq %%rax   \n\t"                    \

        "movq %%rax, %[l] \n\t"                    \

        "movq %%rdx, %[h] \n\t"                    \

        : [h] "+r" (vh), [l] "+r" (vl)                   \

        : [a] "m" (va)                                   \

        : "memory", "%rax", "%rdx", "cc"                 \

    )

/* Square va and add double size result into: vo | vh | vl */

#define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \

    __asm__ __volatile__ (                               \

        "movq %[a], %%rax \n\t"                    \

        "mulq %%rax   \n\t"                    \

        "addq %%rax, %[l] \n\t"                    \

        "adcq %%rdx, %[h] \n\t"                    \

        "adcq $0   , %[o] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "m" (va)                                   \

        : "%rax", "%rdx", "cc"                           \

    )

/* Square va and add double size result into: vh | vl */

#define SP_ASM_SQR_ADD_NO(vl, vh, va)                    \

    __asm__ __volatile__ (                               \

        "movq %[a], %%rax \n\t"                    \

        "mulq %%rax   \n\t"                    \

        "addq %%rax, %[l] \n\t"                    \

        "adcq %%rdx, %[h] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "m" (va)                                   \

        : "%rax", "%rdx", "cc"                           \

    )

/* Add va into: vh | vl */

#define SP_ASM_ADDC(vl, vh, va)                          \

    __asm__ __volatile__ (                               \

        "addq %[a], %[l]  \n\t"                    \

        "adcq $0  , %[h]  \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "m" (va)                                   \

        : "cc"                                           \

    )

/* Add va, variable in a register, into: vh | vl */

#define SP_ASM_ADDC_REG(vl, vh, va)                      \

    __asm__ __volatile__ (                               \

        "addq %[a], %[l]  \n\t"                    \

        "adcq $0  , %[h]  \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "r" (va)                                   \

        : "cc"                                           \

    )

/* Sub va from: vh | vl */

#define SP_ASM_SUBC(vl, vh, va)                          \

    __asm__ __volatile__ (                               \

        "subq %[a], %[l]  \n\t"                    \

        "sbbq $0  , %[h]  \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "m" (va)                                   \

        : "cc"                                           \

    )

/* Add two times vc | vb | va into vo | vh | vl */

#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc)         \

    __asm__ __volatile__ (                               \

        "addq %[a], %[l]  \n\t"                    \

        "adcq %[b], %[h]  \n\t"                    \

        "adcq %[c], %[o]  \n\t"                    \

        "addq %[a], %[l]  \n\t"                    \

        "adcq %[b], %[h]  \n\t"                    \

        "adcq %[c], %[o]  \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va), [b] "r" (vb), [c] "r" (vc)       \

        : "%rax", "%rdx", "cc"                           \

    )

#ifndef WOLFSSL_SP_DIV_WORD_HALF

/* Divide a two digit number by a digit number and return. (hi | lo) / d

 *

 * Using divq instruction on Intel x64.

 *

 * @param  [in]  hi  SP integer digit. High digit of the dividend.

 * @param  [in]  lo  SP integer digit. Lower digit of the dividend.

 * @param  [in]  d   SP integer digit. Number to divide by.

 * @return  The division result.

 */

static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,

                                          sp_int_digit d)

{

    __asm__ __volatile__ (

        "divq %2"

        : "+a" (lo)

        : "d" (hi), "r" (d)

        : "cc"

    );

    return lo;

}

#define SP_ASM_DIV_WORD

#endif

#define SP_INT_ASM_AVAILABLE

    #endif /* WOLFSSL_SP_X86_64 && SP_WORD_SIZE == 64 */

    #if defined(WOLFSSL_SP_X86) && SP_WORD_SIZE == 32

/*

 * CPU: x86

 */

/* Multiply va by vb and store double size result in: vh | vl */

#define SP_ASM_MUL(vl, vh, va, vb)                       \

    __asm__ __volatile__ (                               \

        "movl %[b], %%eax \n\t"                    \

        "mull %[a]    \n\t"                    \

        "movl %%eax, %[l] \n\t"                    \

        "movl %%edx, %[h] \n\t"                    \

        : [h] "+r" (vh), [l] "+r" (vl)                   \

        : [a] "m" (va), [b] "m" (vb)                     \

        : "memory", "eax", "edx", "cc"                   \

    )

/* Multiply va by vb and store double size result in: vo | vh | vl */

#define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \

    __asm__ __volatile__ (                               \

        "movl %[b], %%eax \n\t"                    \

        "mull %[a]    \n\t"                    \

        "movl $0   , %[o] \n\t"                    \

        "movl %%eax, %[l] \n\t"                    \

        "movl %%edx, %[h] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \

        : [a] "m" (va), [b] "m" (vb)                     \

        : "eax", "edx", "cc"                             \

    )

/* Multiply va by vb and add double size result into: vo | vh | vl */

#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \

    __asm__ __volatile__ (                               \

        "movl %[b], %%eax \n\t"                    \

        "mull %[a]    \n\t"                    \

        "addl %%eax, %[l] \n\t"                    \

        "adcl %%edx, %[h] \n\t"                    \

        "adcl $0   , %[o] \n\t"                    \

        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "eax", "edx", "cc"                             \

    )

/* Multiply va by vb and add double size result into: vh | vl */

#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb)                \

    __asm__ __volatile__ (                               \

        "movl %[b], %%eax \n\t"                    \

        "mull %[a]    \n\t"                    \

        "addl %%eax, %[l] \n\t"                    \

        "adcl %%edx, %[h] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "m" (va), [b] "m" (vb)                     \

        : "eax", "edx", "cc"                             \

    )

/* Multiply va by vb and add double size result twice into: vo | vh | vl */

#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \

    __asm__ __volatile__ (                               \

        "movl %[b], %%eax \n\t"                    \

        "mull %[a]    \n\t"                    \

        "addl %%eax, %[l] \n\t"                    \

        "adcl %%edx, %[h] \n\t"                    \

        "adcl $0   , %[o] \n\t"                    \

        "addl %%eax, %[l] \n\t"                    \

        "adcl %%edx, %[h] \n\t"                    \

        "adcl $0   , %[o] \n\t"                    \

        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "eax", "edx", "cc"                             \

    )

/* Multiply va by vb and add double size result twice into: vo | vh | vl

 * Assumes first add will not overflow vh | vl

 */

#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb)           \

    __asm__ __volatile__ (                               \

        "movl %[b], %%eax \n\t"                    \

        "mull %[a]    \n\t"                    \

        "addl %%eax, %[l] \n\t"                    \

        "adcl %%edx, %[h] \n\t"                    \

        "addl %%eax, %[l] \n\t"                    \

        "adcl %%edx, %[h] \n\t"                    \

        "adcl $0   , %[o] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "m" (va), [b] "m" (vb)                     \

        : "eax", "edx", "cc"                             \

    )

/* Square va and store double size result in: vh | vl */

#define SP_ASM_SQR(vl, vh, va)                           \

    __asm__ __volatile__ (                               \

        "movl %[a], %%eax \n\t"                    \

        "mull %%eax   \n\t"                    \

        "movl %%eax, %[l] \n\t"                    \

        "movl %%edx, %[h] \n\t"                    \

        : [h] "+r" (vh), [l] "+r" (vl)                   \

        : [a] "m" (va)                                   \

        : "memory", "eax", "edx", "cc"                   \

    )

/* Square va and add double size result into: vo | vh | vl */

#define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \

    __asm__ __volatile__ (                               \

        "movl %[a], %%eax \n\t"                    \

        "mull %%eax   \n\t"                    \

        "addl %%eax, %[l] \n\t"                    \

        "adcl %%edx, %[h] \n\t"                    \

        "adcl $0   , %[o] \n\t"                    \

        : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \

        : [a] "m" (va)                                   \

        : "eax", "edx", "cc"                             \

    )

/* Square va and add double size result into: vh | vl */

#define SP_ASM_SQR_ADD_NO(vl, vh, va)                    \

    __asm__ __volatile__ (                               \

        "movl %[a], %%eax \n\t"                    \

        "mull %%eax   \n\t"                    \

        "addl %%eax, %[l] \n\t"                    \

        "adcl %%edx, %[h] \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "m" (va)                                   \

        : "eax", "edx", "cc"                             \

    )

/* Add va into: vh | vl */

#define SP_ASM_ADDC(vl, vh, va)                          \

    __asm__ __volatile__ (                               \

        "addl %[a], %[l]  \n\t"                    \

        "adcl $0  , %[h]  \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "m" (va)                                   \

        : "cc"                                           \

    )

/* Add va, variable in a register, into: vh | vl */

#define SP_ASM_ADDC_REG(vl, vh, va)                      \

    __asm__ __volatile__ (                               \

        "addl %[a], %[l]  \n\t"                    \

        "adcl $0  , %[h]  \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "r" (va)                                   \

        : "cc"                                           \

    )

/* Sub va from: vh | vl */

#define SP_ASM_SUBC(vl, vh, va)                          \

    __asm__ __volatile__ (                               \

        "subl %[a], %[l]  \n\t"                    \

        "sbbl $0  , %[h]  \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "m" (va)                                   \

        : "cc"                                           \

    )

/* Add two times vc | vb | va into vo | vh | vl */

#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc)         \

    __asm__ __volatile__ (                               \

        "addl %[a], %[l]  \n\t"                    \

        "adcl %[b], %[h]  \n\t"                    \

        "adcl %[c], %[o]  \n\t"                    \

        "addl %[a], %[l]  \n\t"                    \

        "adcl %[b], %[h]  \n\t"                    \

        "adcl %[c], %[o]  \n\t"                    \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va), [b] "r" (vb), [c] "r" (vc)       \

        : "cc"                                           \

    )

#ifndef WOLFSSL_SP_DIV_WORD_HALF

/* Divide a two digit number by a digit number and return. (hi | lo) / d

 *

 * Using divl instruction on Intel x64.

 *

 * @param  [in]  hi  SP integer digit. High digit of the dividend.

 * @param  [in]  lo  SP integer digit. Lower digit of the dividend.

 * @param  [in]  d   SP integer digit. Number to divide by.

 * @return  The division result.

 */

static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,

                                          sp_int_digit d)

{

    __asm__ __volatile__ (

        "divl %2"

        : "+a" (lo)

        : "d" (hi), "r" (d)

        : "cc"

    );

    return lo;

}

#define SP_ASM_DIV_WORD

#endif

#define SP_INT_ASM_AVAILABLE

    #endif /* WOLFSSL_SP_X86 && SP_WORD_SIZE == 32 */

    #if defined(WOLFSSL_SP_ARM64) && SP_WORD_SIZE == 64

/*

 * CPU: Aarch64

 */

/* Multiply va by vb and store double size result in: vh | vl */

#define SP_ASM_MUL(vl, vh, va, vb)                       \

    __asm__ __volatile__ (                               \

        "mul  %[l], %[a], %[b]  \n\t"            \

        "umulh  %[h], %[a], %[b]  \n\t"            \

        : [h] "+r" (vh), [l] "+r" (vl)                   \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "memory", "cc"                                 \

    )

/* Multiply va by vb and store double size result in: vo | vh | vl */

#define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \

    __asm__ __volatile__ (                               \

        "mul  x8, %[a], %[b]    \n\t"            \

        "umulh  %[h], %[a], %[b]  \n\t"            \

        "mov  %[l], x8    \n\t"            \

        "mov  %[o], xzr   \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "x8"                                           \

    )

/* Multiply va by vb and add double size result into: vo | vh | vl */

#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \

    __asm__ __volatile__ (                               \

        "mul  x8, %[a], %[b]    \n\t"            \

        "umulh  x9, %[a], %[b]    \n\t"            \

        "adds %[l], %[l], x8    \n\t"            \

        "adcs %[h], %[h], x9    \n\t"            \

        "adc  %[o], %[o], xzr   \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "x8", "x9", "cc"                               \

    )

/* Multiply va by vb and add double size result into: vh | vl */

#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb)                \

    __asm__ __volatile__ (                               \

        "mul  x8, %[a], %[b]    \n\t"            \

        "umulh  x9, %[a], %[b]    \n\t"            \

        "adds %[l], %[l], x8    \n\t"            \

        "adc  %[h], %[h], x9    \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "x8", "x9", "cc"                               \

    )

/* Multiply va by vb and add double size result twice into: vo | vh | vl */

#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \

    __asm__ __volatile__ (                               \

        "mul  x8, %[a], %[b]    \n\t"            \

        "umulh  x9, %[a], %[b]    \n\t"            \

        "adds %[l], %[l], x8    \n\t"            \

        "adcs %[h], %[h], x9    \n\t"            \

        "adc  %[o], %[o], xzr   \n\t"            \

        "adds %[l], %[l], x8    \n\t"            \

        "adcs %[h], %[h], x9    \n\t"            \

        "adc  %[o], %[o], xzr   \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "x8", "x9", "cc"                               \

    )

/* Multiply va by vb and add double size result twice into: vo | vh | vl

 * Assumes first add will not overflow vh | vl

 */

#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb)           \

    __asm__ __volatile__ (                               \

        "mul  x8, %[a], %[b]    \n\t"            \

        "umulh  x9, %[a], %[b]    \n\t"            \

        "adds %[l], %[l], x8    \n\t"            \

        "adc  %[h], %[h], x9    \n\t"            \

        "adds %[l], %[l], x8    \n\t"            \

        "adcs %[h], %[h], x9    \n\t"            \

        "adc  %[o], %[o], xzr   \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "x8", "x9", "cc"                               \

    )

/* Square va and store double size result in: vh | vl */

#define SP_ASM_SQR(vl, vh, va)                           \

    __asm__ __volatile__ (                               \

        "mul  %[l], %[a], %[a]  \n\t"            \

        "umulh  %[h], %[a], %[a]  \n\t"            \

        : [h] "+r" (vh), [l] "+r" (vl)                   \

        : [a] "r" (va)                                   \

        : "memory"                                       \

    )

/* Square va and add double size result into: vo | vh | vl */

#define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \

    __asm__ __volatile__ (                               \

        "mul  x8, %[a], %[a]    \n\t"            \

        "umulh  x9, %[a], %[a]    \n\t"            \

        "adds %[l], %[l], x8    \n\t"            \

        "adcs %[h], %[h], x9    \n\t"            \

        "adc  %[o], %[o], xzr   \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va)                                   \

        : "x8", "x9", "cc"                               \

    )

/* Square va and add double size result into: vh | vl */

#define SP_ASM_SQR_ADD_NO(vl, vh, va)                    \

    __asm__ __volatile__ (                               \

        "mul  x8, %[a], %[a]    \n\t"            \

        "umulh  x9, %[a], %[a]    \n\t"            \

        "adds %[l], %[l], x8    \n\t"            \

        "adc  %[h], %[h], x9    \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "r" (va)                                   \

        : "x8", "x9", "cc"                               \

    )

/* Add va into: vh | vl */

#define SP_ASM_ADDC(vl, vh, va)                          \

    __asm__ __volatile__ (                               \

        "adds %[l], %[l], %[a]  \n\t"            \

        "adc  %[h], %[h], xzr   \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "r" (va)                                   \

        : "cc"                                           \

    )

/* Sub va from: vh | vl */

#define SP_ASM_SUBC(vl, vh, va)                          \

    __asm__ __volatile__ (                               \

        "subs %[l], %[l], %[a]  \n\t"            \

        "sbc  %[h], %[h], xzr   \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "r" (va)                                   \

        : "cc"                                           \

    )

/* Add two times vc | vb | va into vo | vh | vl */

#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc)         \

    __asm__ __volatile__ (                               \

        "adds %[l], %[l], %[a]  \n\t"            \

        "adcs %[h], %[h], %[b]  \n\t"            \

        "adc  %[o], %[o], %[c]  \n\t"            \

        "adds %[l], %[l], %[a]  \n\t"            \

        "adcs %[h], %[h], %[b]  \n\t"            \

        "adc  %[o], %[o], %[c]  \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va), [b] "r" (vb), [c] "r" (vc)       \

        : "cc"                                           \

    )

#ifndef WOLFSSL_SP_DIV_WORD_HALF

/* Divide a two digit number by a digit number and return. (hi | lo) / d

 *

 * Using udiv instruction on Aarch64.

 * Constant time.

 *

 * @param  [in]  hi  SP integer digit. High digit of the dividend.

 * @param  [in]  lo  SP integer digit. Lower digit of the dividend.

 * @param  [in]  d   SP integer digit. Number to divide by.

 * @return  The division result.

 */

static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,

                                          sp_int_digit d)

{

    __asm__ __volatile__ (

        "lsr  x3, %[d], 48\n\t"

        "mov  x5, 16\n\t"

        "cmp  x3, 0\n\t"

        "mov  x4, 63\n\t"

        "csel x3, x5, xzr, eq\n\t"

        "sub  x4, x4, x3\n\t"

        "lsl  %[d], %[d], x3\n\t"

        "lsl  %[hi], %[hi], x3\n\t"

        "lsr  x5, %[lo], x4\n\t"

        "lsl  %[lo], %[lo], x3\n\t"

        "orr  %[hi], %[hi], x5, lsr 1\n\t"

        "lsr  x5, %[d], 32\n\t"

        "add  x5, x5, 1\n\t"

        "udiv x3, %[hi], x5\n\t"

        "lsl  x6, x3, 32\n\t"

        "mul  x4, %[d], x6\n\t"

        "umulh  x3, %[d], x6\n\t"

        "subs %[lo], %[lo], x4\n\t"

        "sbc  %[hi], %[hi], x3\n\t"

        "udiv x3, %[hi], x5\n\t"

        "lsl  x3, x3, 32\n\t"

        "add  x6, x6, x3\n\t"

        "mul  x4, %[d], x3\n\t"

        "umulh  x3, %[d], x3\n\t"

        "subs %[lo], %[lo], x4\n\t"

        "sbc  %[hi], %[hi], x3\n\t"

        "lsr  x3, %[lo], 32\n\t"

        "orr  x3, x3, %[hi], lsl 32\n\t"

        "udiv x3, x3, x5\n\t"

        "add  x6, x6, x3\n\t"

        "mul  x4, %[d], x3\n\t"

        "umulh  x3, %[d], x3\n\t"

        "subs %[lo], %[lo], x4\n\t"

        "sbc  %[hi], %[hi], x3\n\t"

        "lsr  x3, %[lo], 32\n\t"

        "orr  x3, x3, %[hi], lsl 32\n\t"

        "udiv x3, x3, x5\n\t"

        "add  x6, x6, x3\n\t"

        "mul  x4, %[d], x3\n\t"

        "sub  %[lo], %[lo], x4\n\t"

        "udiv x3, %[lo], %[d]\n\t"

        "add  %[hi], x6, x3\n\t"

        : [hi] "+r" (hi), [lo] "+r" (lo), [d] "+r" (d)

        :

        : "x3", "x4", "x5", "x6"

    );

    return hi;

}

#define SP_ASM_DIV_WORD

#endif

#define SP_INT_ASM_AVAILABLE

    #endif /* WOLFSSL_SP_ARM64 && SP_WORD_SIZE == 64 */

    #if (defined(WOLFSSL_SP_ARM32) || defined(WOLFSSL_SP_ARM_CORTEX_M)) && \

        SP_WORD_SIZE == 32

/*

 * CPU: ARM32 or Cortex-M4 and similar

 */

/* Multiply va by vb and store double size result in: vh | vl */

#define SP_ASM_MUL(vl, vh, va, vb)                       \

    __asm__ __volatile__ (                               \

        "umull  %[l], %[h], %[a], %[b]  \n\t"            \

        : [h] "+r" (vh), [l] "+r" (vl)                   \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "memory"                                       \

    )

/* Multiply va by vb and store double size result in: vo | vh | vl */

#define SP_ASM_MUL_SET(vl, vh, vo, va, vb)               \

    __asm__ __volatile__ (                               \

        "umull  %[l], %[h], %[a], %[b]  \n\t"            \

        "mov  %[o], #0    \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo)    \

        : [a] "r" (va), [b] "r" (vb)                     \

        :                                                \

    )

/* Multiply va by vb and add double size result into: vo | vh | vl */

#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb)               \

    __asm__ __volatile__ (                               \

        "umull  r8, r9, %[a], %[b]  \n\t"            \

        "adds %[l], %[l], r8    \n\t"            \

        "adcs %[h], %[h], r9    \n\t"            \

        "adc  %[o], %[o], #0    \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "r8", "r9", "cc"                               \

    )

/* Multiply va by vb and add double size result into: vh | vl */

#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb)                \

    __asm__ __volatile__ (                               \

        "umlal  %[l], %[h], %[a], %[b]  \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "r" (va), [b] "r" (vb)                     \

        :                                                \

    )

/* Multiply va by vb and add double size result twice into: vo | vh | vl */

#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb)              \

    __asm__ __volatile__ (                               \

        "umull  r8, r9, %[a], %[b]  \n\t"            \

        "adds %[l], %[l], r8    \n\t"            \

        "adcs %[h], %[h], r9    \n\t"            \

        "adc  %[o], %[o], #0    \n\t"            \

        "adds %[l], %[l], r8    \n\t"            \

        "adcs %[h], %[h], r9    \n\t"            \

        "adc  %[o], %[o], #0    \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "r8", "r9", "cc"                               \

    )

/* Multiply va by vb and add double size result twice into: vo | vh | vl

 * Assumes first add will not overflow vh | vl

 */

#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb)           \

    __asm__ __volatile__ (                               \

        "umull  r8, r9, %[a], %[b]  \n\t"            \

        "adds %[l], %[l], r8    \n\t"            \

        "adc  %[h], %[h], r9    \n\t"            \

        "adds %[l], %[l], r8    \n\t"            \

        "adcs %[h], %[h], r9    \n\t"            \

        "adc  %[o], %[o], #0    \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va), [b] "r" (vb)                     \

        : "r8", "r9", "cc"                               \

    )

/* Square va and store double size result in: vh | vl */

#define SP_ASM_SQR(vl, vh, va)                           \

    __asm__ __volatile__ (                               \

        "umull  %[l], %[h], %[a], %[a]  \n\t"            \

        : [h] "+r" (vh), [l] "+r" (vl)                   \

        : [a] "r" (va)                                   \

        : "memory"                                       \

    )

/* Square va and add double size result into: vo | vh | vl */

#define SP_ASM_SQR_ADD(vl, vh, vo, va)                   \

    __asm__ __volatile__ (                               \

        "umull  r8, r9, %[a], %[a]  \n\t"            \

        "adds %[l], %[l], r8    \n\t"            \

        "adcs %[h], %[h], r9    \n\t"            \

        "adc  %[o], %[o], #0    \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va)                                   \

        : "r8", "r9", "cc"                               \

    )

/* Square va and add double size result into: vh | vl */

#define SP_ASM_SQR_ADD_NO(vl, vh, va)                    \

    __asm__ __volatile__ (                               \

        "umlal  %[l], %[h], %[a], %[a]  \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "r" (va)                                   \

        : "cc"                                           \

    )

/* Add va into: vh | vl */

#define SP_ASM_ADDC(vl, vh, va)                          \

    __asm__ __volatile__ (                               \

        "adds %[l], %[l], %[a]  \n\t"            \

        "adc  %[h], %[h], #0    \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "r" (va)                                   \

        : "cc"                                           \

    )

/* Sub va from: vh | vl */

#define SP_ASM_SUBC(vl, vh, va)                          \

    __asm__ __volatile__ (                               \

        "subs %[l], %[l], %[a]  \n\t"            \

        "sbc  %[h], %[h], #0    \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh)                   \

        : [a] "r" (va)                                   \

        : "cc"                                           \

    )

/* Add two times vc | vb | va into vo | vh | vl */

#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc)         \

    __asm__ __volatile__ (                               \

        "adds %[l], %[l], %[a]  \n\t"            \

        "adcs %[h], %[h], %[b]  \n\t"            \

        "adc  %[o], %[o], %[c]  \n\t"            \

        "adds %[l], %[l], %[a]  \n\t"            \

        "adcs %[h], %[h], %[b]  \n\t"            \

        "adc  %[o], %[o], %[c]  \n\t"            \

        : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo)    \

        : [a] "r" (va), [b] "r" (vb), [c] "r" (vc)       \

        : "cc"                                           \

    )

#ifndef WOLFSSL_SP_DIV_WORD_HALF

#ifndef WOLFSSL_SP_ARM32_UDIV

/* Divide a two digit number by a digit number and return. (hi | lo) / d

 *

 * No division instruction used - does operation bit by bit.

 * Constant time.

 *

 * @param  [in]  hi  SP integer digit. High digit of the dividend.

 * @param  [in]  lo  SP integer digit. Lower digit of the dividend.

 * @param  [in]  d   SP integer digit. Number to divide by.

 * @return  The division result.

 */

static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,

                                          sp_int_digit d)

{

    sp_int_digit r = 0;

#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)

    static const char debruijn32[32] = {

        0, 31, 9, 30, 3, 8, 13, 29, 2, 5, 7, 21, 12, 24, 28, 19,

        1, 10, 4, 14, 6, 22, 25, 20, 11, 15, 23, 26, 16, 27, 17, 18

    };

    static const sp_uint32 debruijn32_mul = 0x076be629;

#endif

    __asm__ __volatile__ (

        /* Shift d so that top bit is set. */

#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)

        "ldr  r4, %[m]\n\t"

        "mov  r5, %[d]\n\t"

        "orr  r5, r5, r5, lsr #1\n\t"

        "orr  r5, r5, r5, lsr #2\n\t"

        "orr  r5, r5, r5, lsr #4\n\t"

        "orr  r5, r5, r5, lsr #8\n\t"

        "orr  r5, r5, r5, lsr #16\n\t"

        "add  r5, r5, #1\n\t"

        "mul  r5, r5, r4\n\t"

        "lsr  r5, r5, #27\n\t"

        "ldrb r5, [%[t], r5]\n\t"

#else

        "clz  r5, %[d]\n\t"

#endif

        "rsb  r6, r5, #31\n\t"

        "lsl  %[d], %[d], r5\n\t"

        "lsl  %[hi], %[hi], r5\n\t"

        "lsr  r9, %[lo], r6\n\t"

        "lsl  %[lo], %[lo], r5\n\t"

        "orr  %[hi], %[hi], r9, lsr #1\n\t"

        "lsr  r5, %[d], #1\n\t"

        "add  r5, r5, #1\n\t"

        "mov  r6, %[lo]\n\t"

        "mov  r9, %[hi]\n\t"

        /* Do top 32 */

        "subs r8, r5, r9\n\t"

        "sbc  r8, r8, r8\n\t"

        "add  %[r], %[r], %[r]\n\t"

        "sub  %[r], %[r], r8\n\t"

        "and  r8, r8, r5\n\t"

        "subs r9, r9, r8\n\t"

        /* Next 30 bits */

        "mov  r4, #29\n\t"

        "\n1:\n\t"

        "movs r6, r6, lsl #1\n\t"

        "adc  r9, r9, r9\n\t"

        "subs r8, r5, r9\n\t"

        "sbc  r8, r8, r8\n\t"

        "add  %[r], %[r], %[r]\n\t"

        "sub  %[r], %[r], r8\n\t"

        "and  r8, r8, r5\n\t"

        "subs r9, r9, r8\n\t"

        "subs r4, r4, #1\n\t"

        "bpl  1b\n\t"

        "add  %[r], %[r], %[r]\n\t"

        "add  %[r], %[r], #1\n\t"

        /* Handle difference has hi word > 0. */

        "umull  r4, r5, %[r], %[d]\n\t"

        "subs r4, %[lo], r4\n\t"

        "sbc  r5, %[hi], r5\n\t"

        "add  %[r], %[r], r5\n\t"

        "umull  r4, r5, %[r], %[d]\n\t"

        "subs r4, %[lo], r4\n\t"

        "sbc  r5, %[hi], r5\n\t"

        "add  %[r], %[r], r5\n\t"

        /* Add 1 to result if bottom half of difference is >= d. */

        "mul  r4, %[r], %[d]\n\t"

        "subs r4, %[lo], r4\n\t"

        "subs r9, %[d], r4\n\t"

        "sbc  r8, r8, r8\n\t"

        "sub  %[r], %[r], r8\n\t"

        "subs r9, r9, #1\n\t"

        "sbc  r8, r8, r8\n\t"

        "sub  %[r], %[r], r8\n\t"

        : [r] "+r" (r), [hi] "+r" (hi), [lo] "+r" (lo), [d] "+r" (d)

#if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)

        : [t] "r" (debruijn32), [m] "m" (debruijn32_mul)

#else

        :

#endif

        : "r4", "r5", "r6", "r8", "r9"

    );

    return r;

}