From 392813b7d9ed86b80127b58bc6e108cc28530eca Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 4 Sep 2016 14:06:46 +0000
Subject: Less IA64.

ok deraadt@
---
 src/lib/libcrypto/aes/asm/aes-ia64.S      | 1123 ---------------------
 src/lib/libcrypto/bn/asm/ia64-mont.pl     |  851 ----------------
 src/lib/libcrypto/bn/asm/ia64.S           | 1555 -----------------------------
 src/lib/libcrypto/ia64cpuid.S             |  121 ---
 src/lib/libcrypto/md5/asm/md5-ia64.S      |  992 ------------------
 src/lib/libcrypto/modes/asm/ghash-ia64.pl |  463 ---------
 src/lib/libcrypto/rc4/asm/rc4-ia64.pl     |  755 --------------
 src/lib/libcrypto/sha/asm/sha1-ia64.pl    |  305 ------
 src/lib/libcrypto/sha/asm/sha512-ia64.pl  |  672 -------------
 src/lib/libcrypto/whrlpool/wp_block.c     |   10 +-
 10 files changed, 1 insertion(+), 6846 deletions(-)
 delete mode 100644 src/lib/libcrypto/aes/asm/aes-ia64.S
 delete mode 100644 src/lib/libcrypto/bn/asm/ia64-mont.pl
 delete mode 100644 src/lib/libcrypto/bn/asm/ia64.S
 delete mode 100644 src/lib/libcrypto/ia64cpuid.S
 delete mode 100644 src/lib/libcrypto/md5/asm/md5-ia64.S
 delete mode 100755 src/lib/libcrypto/modes/asm/ghash-ia64.pl
 delete mode 100644 src/lib/libcrypto/rc4/asm/rc4-ia64.pl
 delete mode 100644 src/lib/libcrypto/sha/asm/sha1-ia64.pl
 delete mode 100755 src/lib/libcrypto/sha/asm/sha512-ia64.pl

(limited to 'src')

diff --git a/src/lib/libcrypto/aes/asm/aes-ia64.S b/src/lib/libcrypto/aes/asm/aes-ia64.S
deleted file mode 100644
index 7f6c4c3662..0000000000
--- a/src/lib/libcrypto/aes/asm/aes-ia64.S
+++ /dev/null
@@ -1,1123 +0,0 @@
-// ====================================================================
-// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-// project. Rights for redistribution and usage in source and binary
-// forms are granted according to the OpenSSL license.
-// ====================================================================
-//
-// What's wrong with compiler generated code? Compiler never uses
-// variable 'shr' which is pairable with 'extr'/'dep' instructions.
-// Then it uses 'zxt' which is an I-type, but can be replaced with
-// 'and' which in turn can be assigned to M-port [there're double as
-// much M-ports as there're I-ports on Itanium 2]. By sacrificing few
-// registers for small constants (255, 24 and 16) to be used with
-// 'shr' and 'and' instructions I can achieve better ILP, Intruction
-// Level Parallelism, and performance. This code outperforms GCC 3.3
-// generated code by over factor of 2 (two), GCC 3.4 - by 70% and
-// HP C - by 40%. Measured best-case scenario, i.e. aligned
-// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds)
-// ticks per block, or 9.25 CPU cycles per byte for 128 bit key.
-
-// Version 1.2 mitigates the hazard of cache-timing attacks by
-// a) compressing S-boxes from 8KB to 2KB+256B, b) scheduling
-// references to S-boxes for L2 cache latency, c) prefetching T[ed]4
-// prior last round. As result performance dropped to (26 + 15*rounds)
-// ticks per block or 11 cycles per byte processed with 128-bit key.
-// This is ~16% deterioration. For reference Itanium 2 L1 cache has
-// 64 bytes line size and L2 - 128 bytes...
-
-.ident	"aes-ia64.S, version 1.2"
-.ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-.explicit
-.text
-
-rk0=r8;     rk1=r9;
-
-pfssave=r2;
-lcsave=r10;
-prsave=r3;
-maskff=r11;
-twenty4=r14;
-sixteen=r15;
-
-te00=r16;   te11=r17;   te22=r18;   te33=r19;
-te01=r20;   te12=r21;   te23=r22;   te30=r23;
-te02=r24;   te13=r25;   te20=r26;   te31=r27;
-te03=r28;   te10=r29;   te21=r30;   te32=r31;
-
-// these are rotating...
-t0=r32;     s0=r33;
-t1=r34;     s1=r35;
-t2=r36;     s2=r37;
-t3=r38;     s3=r39;
-
-te0=r40;    te1=r41;    te2=r42;    te3=r43;
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-# define ADDP	addp4
-#else
-# define ADDP	add
-#endif
-
-// Offsets from Te0
-#define TE0	0
-#define TE2	2
-#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
-#define TE1	3
-#define TE3	1
-#else
-#define TE1	1
-#define TE3	3
-#endif
-
-// This implies that AES_KEY comprises 32-bit key schedule elements
-// even on LP64 platforms.
-#ifndef	KSZ
-# define KSZ	4
-# define LDKEY	ld4
-#endif
-
-.proc	_ia64_AES_encrypt#
-// Input:	rk0-rk1
-//		te0
-//		te3	as AES_KEY->rounds!!!
-//		s0-s3
-//		maskff,twenty4,sixteen
-// Output:	r16,r20,r24,r28 as s0-s3
-// Clobber:	r16-r31,rk0-rk1,r32-r43
-.align	32
-_ia64_AES_encrypt:
-	.prologue
-	.altrp	b6
-	.body
-{ .mmi;	alloc	r16=ar.pfs,12,0,0,8
-	LDKEY	t0=[rk0],2*KSZ
-	mov	pr.rot=1<<16	}
-{ .mmi;	LDKEY	t1=[rk1],2*KSZ
-	add	te1=TE1,te0
-	add	te3=-3,te3	};;
-{ .mib;	LDKEY	t2=[rk0],2*KSZ
-	mov	ar.ec=2		}
-{ .mib;	LDKEY	t3=[rk1],2*KSZ
-	add	te2=TE2,te0
-	brp.loop.imp	.Le_top,.Le_end-16	};;
-
-{ .mmi;	xor	s0=s0,t0
-	xor	s1=s1,t1
-	mov	ar.lc=te3	}
-{ .mmi;	xor	s2=s2,t2
-	xor	s3=s3,t3
-	add	te3=TE3,te0	};;
-
-.align	32
-.Le_top:
-{ .mmi;	(p0)	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
-	(p0)	and	te33=s3,maskff		// 0/0:s3&0xff
-	(p0)	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
-{ .mmi; (p0)	LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
-	(p0)	and	te30=s0,maskff		// 0/1:s0&0xff
-	(p0)	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
-{ .mmi;	(p0)	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
-	(p0)	shladd	te33=te33,3,te3		// 1/0:te0+s0>>24
-	(p0)	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
-{ .mmi;	(p0)	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
-	(p0)	shladd	te30=te30,3,te3		// 1/1:te3+s0
-	(p0)	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
-{ .mmi;	(p0)	ld4	te33=[te33]		// 2/0:te3[s3&0xff]
-	(p0)	shladd	te22=te22,3,te2		// 2/0:te2+s2>>8&0xff
-	(p0)	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
-{ .mmi;	(p0)	ld4	te30=[te30]		// 2/1:te3[s0]
-	(p0)	shladd	te23=te23,3,te2		// 2/1:te2+s3>>8
-	(p0)	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
-{ .mmi;	(p0)	ld4	te22=[te22]		// 3/0:te2[s2>>8]
-	(p0)	shladd	te20=te20,3,te2		// 3/2:te2+s0>>8
-	(p0)	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
-{ .mmi;	(p0)	ld4	te23=[te23]		// 3/1:te2[s3>>8]
-	(p0)	shladd	te00=te00,3,te0		// 3/0:te0+s0>>24
-	(p0)	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
-{ .mmi;	(p0)	ld4	te20=[te20]		// 4/2:te2[s0>>8]
-	(p0)	shladd	te21=te21,3,te2		// 4/3:te3+s2
-	(p0)	extr.u	te11=s1,16,8	}	// 4/0:s1>>16&0xff
-{ .mmi;	(p0)	ld4	te00=[te00]		// 4/0:te0[s0>>24]
-	(p0)	shladd	te01=te01,3,te0		// 4/1:te0+s1>>24
-	(p0)	shr.u	te13=s3,sixteen	};;	// 4/2:s3>>16
-{ .mmi;	(p0)	ld4	te21=[te21]		// 5/3:te2[s1>>8]
-	(p0)	shladd	te11=te11,3,te1		// 5/0:te1+s1>>16
-	(p0)	extr.u	te12=s2,16,8	}	// 5/1:s2>>16&0xff
-{ .mmi;	(p0)	ld4	te01=[te01]		// 5/1:te0[s1>>24]
-	(p0)	shladd	te02=te02,3,te0		// 5/2:te0+s2>>24
-	(p0)	and	te31=s1,maskff	};;	// 5/2:s1&0xff
-{ .mmi;	(p0)	ld4	te11=[te11]		// 6/0:te1[s1>>16]
-	(p0)	shladd	te12=te12,3,te1		// 6/1:te1+s2>>16
-	(p0)	extr.u	te10=s0,16,8	}	// 6/3:s0>>16&0xff
-{ .mmi;	(p0)	ld4	te02=[te02]		// 6/2:te0[s2>>24]
-	(p0)	shladd	te03=te03,3,te0		// 6/3:te1+s0>>16
-	(p0)	and	te32=s2,maskff	};;	// 6/3:s2&0xff
-
-{ .mmi;	(p0)	ld4	te12=[te12]		// 7/1:te1[s2>>16]
-	(p0)	shladd	te31=te31,3,te3		// 7/2:te3+s1&0xff
-	(p0)	and	te13=te13,maskff}	// 7/2:s3>>16&0xff
-{ .mmi;	(p0)	ld4	te03=[te03]		// 7/3:te0[s3>>24]
-	(p0)	shladd	te32=te32,3,te3		// 7/3:te3+s2
-	(p0)	xor	t0=t0,te33	};;	// 7/0:
-{ .mmi;	(p0)	ld4	te31=[te31]		// 8/2:te3[s1]
-	(p0)	shladd	te13=te13,3,te1		// 8/2:te1+s3>>16
-	(p0)	xor	t0=t0,te22	}	// 8/0:
-{ .mmi;	(p0)	ld4	te32=[te32]		// 8/3:te3[s2]
-	(p0)	shladd	te10=te10,3,te1		// 8/3:te1+s0>>16
-	(p0)	xor	t1=t1,te30	};;	// 8/1:
-{ .mmi;	(p0)	ld4	te13=[te13]		// 9/2:te1[s3>>16]
-	(p0)	ld4	te10=[te10]		// 9/3:te1[s0>>16]
-	(p0)	xor	t0=t0,te00	};;	// 9/0:		!L2 scheduling
-{ .mmi;	(p0)	xor	t1=t1,te23		// 10[9]/1:	
-	(p0)	xor	t2=t2,te20		// 10[9]/2:
-	(p0)	xor	t3=t3,te21	};;	// 10[9]/3:
-{ .mmi;	(p0)	xor	t0=t0,te11		// 11[10]/0:done!
-	(p0)	xor	t1=t1,te01		// 11[10]/1:
-	(p0)	xor	t2=t2,te02	};;	// 11[10]/2:	!L2 scheduling
-{ .mmi;	(p0)	xor	t3=t3,te03		// 12[10]/3:
-	(p16)	cmp.eq	p0,p17=r0,r0 	};;	// 12[10]/clear (p17)
-{ .mmi;	(p0)	xor	t1=t1,te12		// 13[11]/1:done!
-	(p0)	xor	t2=t2,te31		// 13[11]/2:
-	(p0)	xor	t3=t3,te32	}	// 13[11]/3:
-{ .mmi;	(p17)	add	te0=2048,te0		// 13[11]/
-	(p17)	add	te1=2048+64-TE1,te1};;	// 13[11]/
-{ .mib;	(p0)	xor	t2=t2,te13		// 14[12]/2:done!
-	(p17)	add	te2=2048+128-TE2,te2}	// 14[12]/
-{ .mib;	(p0)	xor	t3=t3,te10		// 14[12]/3:done!
-	(p17)	add	te3=2048+192-TE3,te3	// 14[12]/
-	br.ctop.sptk	.Le_top		};;
-.Le_end:
-
-
-{ .mmi;	ld8	te12=[te0]		// prefetch Te4
-	ld8	te31=[te1]	}
-{ .mmi;	ld8	te10=[te2]
-	ld8	te32=[te3]	}
-
-{ .mmi;	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
-	and	te33=s3,maskff		// 0/0:s3&0xff
-	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
-{ .mmi; LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
-	and	te30=s0,maskff		// 0/1:s0&0xff
-	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
-{ .mmi;	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
-	add	te33=te33,te0		// 1/0:te0+s0>>24
-	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
-{ .mmi;	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
-	add	te30=te30,te0		// 1/1:te0+s0
-	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
-{ .mmi;	ld1	te33=[te33]		// 2/0:te0[s3&0xff]
-	add	te22=te22,te0		// 2/0:te0+s2>>8&0xff
-	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
-{ .mmi;	ld1	te30=[te30]		// 2/1:te0[s0]
-	add	te23=te23,te0		// 2/1:te0+s3>>8
-	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
-{ .mmi;	ld1	te22=[te22]		// 3/0:te0[s2>>8]
-	add	te20=te20,te0		// 3/2:te0+s0>>8
-	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
-{ .mmi;	ld1	te23=[te23]		// 3/1:te0[s3>>8]
-	add	te00=te00,te0		// 3/0:te0+s0>>24
-	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
-{ .mmi;	ld1	te20=[te20]		// 4/2:te0[s0>>8]
-	add	te21=te21,te0		// 4/3:te0+s2
-	extr.u	te11=s1,16,8	}	// 4/0:s1>>16&0xff
-{ .mmi;	ld1	te00=[te00]		// 4/0:te0[s0>>24]
-	add	te01=te01,te0		// 4/1:te0+s1>>24
-	shr.u	te13=s3,sixteen	};;	// 4/2:s3>>16
-{ .mmi;	ld1	te21=[te21]		// 5/3:te0[s1>>8]
-	add	te11=te11,te0		// 5/0:te0+s1>>16
-	extr.u	te12=s2,16,8	}	// 5/1:s2>>16&0xff
-{ .mmi;	ld1	te01=[te01]		// 5/1:te0[s1>>24]
-	add	te02=te02,te0		// 5/2:te0+s2>>24
-	and	te31=s1,maskff	};;	// 5/2:s1&0xff
-{ .mmi;	ld1	te11=[te11]		// 6/0:te0[s1>>16]
-	add	te12=te12,te0		// 6/1:te0+s2>>16
-	extr.u	te10=s0,16,8	}	// 6/3:s0>>16&0xff
-{ .mmi;	ld1	te02=[te02]		// 6/2:te0[s2>>24]
-	add	te03=te03,te0		// 6/3:te0+s0>>16
-	and	te32=s2,maskff	};;	// 6/3:s2&0xff
-
-{ .mmi;	ld1	te12=[te12]		// 7/1:te0[s2>>16]
-	add	te31=te31,te0		// 7/2:te0+s1&0xff
-	dep	te33=te22,te33,8,8}	// 7/0:
-{ .mmi;	ld1	te03=[te03]		// 7/3:te0[s3>>24]
-	add	te32=te32,te0		// 7/3:te0+s2
-	and	te13=te13,maskff};;	// 7/2:s3>>16&0xff
-{ .mmi;	ld1	te31=[te31]		// 8/2:te0[s1]
-	add	te13=te13,te0		// 8/2:te0+s3>>16
-	dep	te30=te23,te30,8,8}	// 8/1:
-{ .mmi;	ld1	te32=[te32]		// 8/3:te0[s2]
-	add	te10=te10,te0		// 8/3:te0+s0>>16
-	shl	te00=te00,twenty4};;	// 8/0:
-{ .mii;	ld1	te13=[te13]		// 9/2:te0[s3>>16]
-	dep	te33=te11,te33,16,8	// 9/0:
-	shl	te01=te01,twenty4};;	// 9/1:
-{ .mii;	ld1	te10=[te10]		// 10/3:te0[s0>>16]
-	dep	te31=te20,te31,8,8	// 10/2:
-	shl	te02=te02,twenty4};;	// 10/2:
-{ .mii;	xor	t0=t0,te33		// 11/0:
-	dep	te32=te21,te32,8,8	// 11/3:
-	shl	te12=te12,sixteen};;	// 11/1:
-{ .mii;	xor	r16=t0,te00		// 12/0:done!
-	dep	te31=te13,te31,16,8	// 12/2:
-	shl	te03=te03,twenty4};;	// 12/3:
-{ .mmi;	xor	t1=t1,te01		// 13/1:
-	xor	t2=t2,te02		// 13/2:
-	dep	te32=te10,te32,16,8};;	// 13/3:
-{ .mmi;	xor	t1=t1,te30		// 14/1:
-	xor	r24=t2,te31		// 14/2:done!
-	xor	t3=t3,te32	};;	// 14/3:
-{ .mib;	xor	r20=t1,te12		// 15/1:done!
-	xor	r28=t3,te03		// 15/3:done!
-	br.ret.sptk	b6	};;
-.endp	_ia64_AES_encrypt#
-
-// void AES_encrypt (const void *in,void *out,const AES_KEY *key);
-.global	AES_encrypt#
-.proc	AES_encrypt#
-.align	32
-AES_encrypt:
-	.prologue
-	.save	ar.pfs,pfssave
-{ .mmi;	alloc	pfssave=ar.pfs,3,1,12,0
-	and	out0=3,in0
-	mov	r3=ip			}
-{ .mmi;	ADDP	in0=0,in0
-	mov	loc0=psr.um
-	ADDP	out11=KSZ*60,in2	};;	// &AES_KEY->rounds
-
-{ .mmi;	ld4	out11=[out11]			// AES_KEY->rounds
-	add	out8=(AES_Te#-AES_encrypt#),r3	// Te0
-	.save	pr,prsave
-	mov	prsave=pr		}
-{ .mmi;	rum	1<<3				// clear um.ac
-	.save	ar.lc,lcsave
-	mov	lcsave=ar.lc		};;
-
-	.body
-#if defined(_HPUX_SOURCE)	// HPUX is big-endian, cut 15+15 cycles...
-{ .mib; cmp.ne	p6,p0=out0,r0
-	add	out0=4,in0
-(p6)	br.dpnt.many	.Le_i_unaligned	};;
-
-{ .mmi;	ld4	out1=[in0],8		// s0
-	and	out9=3,in1
-	mov	twenty4=24		}
-{ .mmi;	ld4	out3=[out0],8		// s1
-	ADDP	rk0=0,in2
-	mov	sixteen=16		};;
-{ .mmi;	ld4	out5=[in0]		// s2
-	cmp.ne	p6,p0=out9,r0
-	mov	maskff=0xff		}
-{ .mmb;	ld4	out7=[out0]		// s3
-	ADDP	rk1=KSZ,in2
-	br.call.sptk.many	b6=_ia64_AES_encrypt	};;
-
-{ .mib;	ADDP	in0=4,in1
-	ADDP	in1=0,in1
-(p6)	br.spnt	.Le_o_unaligned		};;
-
-{ .mii;	mov	psr.um=loc0
-	mov	ar.pfs=pfssave
-	mov	ar.lc=lcsave		};;
-{ .mmi;	st4	[in1]=r16,8		// s0
-	st4	[in0]=r20,8		// s1
-	mov	pr=prsave,0x1ffff	};;
-{ .mmb;	st4	[in1]=r24		// s2
-	st4	[in0]=r28		// s3
-	br.ret.sptk.many	b0	};;
-#endif
-
-.align	32
-.Le_i_unaligned:
-{ .mmi;	add	out0=1,in0
-	add	out2=2,in0
-	add	out4=3,in0	};;
-{ .mmi;	ld1	r16=[in0],4
-	ld1	r17=[out0],4	}//;;
-{ .mmi;	ld1	r18=[out2],4
-	ld1	out1=[out4],4	};;	// s0
-{ .mmi;	ld1	r20=[in0],4
-	ld1	r21=[out0],4	}//;;
-{ .mmi;	ld1	r22=[out2],4
-	ld1	out3=[out4],4	};;	// s1
-{ .mmi;	ld1	r24=[in0],4
-	ld1	r25=[out0],4	}//;;
-{ .mmi;	ld1	r26=[out2],4
-	ld1	out5=[out4],4	};;	// s2
-{ .mmi;	ld1	r28=[in0]
-	ld1	r29=[out0]	}//;;
-{ .mmi;	ld1	r30=[out2]
-	ld1	out7=[out4]	};;	// s3
-
-{ .mii;
-	dep	out1=r16,out1,24,8	//;;
-	dep	out3=r20,out3,24,8	}//;;
-{ .mii;	ADDP	rk0=0,in2
-	dep	out5=r24,out5,24,8	//;;
-	dep	out7=r28,out7,24,8	};;
-{ .mii;	ADDP	rk1=KSZ,in2
-	dep	out1=r17,out1,16,8	//;;
-	dep	out3=r21,out3,16,8	}//;;
-{ .mii;	mov	twenty4=24
-	dep	out5=r25,out5,16,8	//;;
-	dep	out7=r29,out7,16,8	};;
-{ .mii;	mov	sixteen=16
-	dep	out1=r18,out1,8,8	//;;
-	dep	out3=r22,out3,8,8	}//;;
-{ .mii;	mov	maskff=0xff
-	dep	out5=r26,out5,8,8	//;;
-	dep	out7=r30,out7,8,8	};;
-
-{ .mib;	br.call.sptk.many	b6=_ia64_AES_encrypt	};;
-
-.Le_o_unaligned:
-{ .mii;	ADDP	out0=0,in1
-	extr.u	r17=r16,8,8			// s0
-	shr.u	r19=r16,twenty4		}//;;
-{ .mii;	ADDP	out1=1,in1
-	extr.u	r18=r16,16,8
-	shr.u	r23=r20,twenty4		}//;;	// s1
-{ .mii;	ADDP	out2=2,in1
-	extr.u	r21=r20,8,8
-	shr.u	r22=r20,sixteen		}//;;
-{ .mii;	ADDP	out3=3,in1
-	extr.u	r25=r24,8,8			// s2
-	shr.u	r27=r24,twenty4		};;
-{ .mii;	st1	[out3]=r16,4
-	extr.u	r26=r24,16,8
-	shr.u	r31=r28,twenty4		}//;;	// s3
-{ .mii;	st1	[out2]=r17,4
-	extr.u	r29=r28,8,8
-	shr.u	r30=r28,sixteen		}//;;
-
-{ .mmi;	st1	[out1]=r18,4
-	st1	[out0]=r19,4		};;
-{ .mmi;	st1	[out3]=r20,4
-	st1	[out2]=r21,4		}//;;
-{ .mmi;	st1	[out1]=r22,4
-	st1	[out0]=r23,4		};;
-{ .mmi;	st1	[out3]=r24,4
-	st1	[out2]=r25,4
-	mov	pr=prsave,0x1ffff	}//;;
-{ .mmi;	st1	[out1]=r26,4
-	st1	[out0]=r27,4
-	mov	ar.pfs=pfssave		};;
-{ .mmi;	st1	[out3]=r28
-	st1	[out2]=r29
-	mov	ar.lc=lcsave		}//;;
-{ .mmi;	st1	[out1]=r30
-	st1	[out0]=r31		}
-{ .mfb;	mov	psr.um=loc0			// restore user mask
-	br.ret.sptk.many	b0	};;
-.endp	AES_encrypt#
-
-// *AES_decrypt are autogenerated by the following script:
-#if 0
-#!/usr/bin/env perl
-print "// *AES_decrypt are autogenerated by the following script:\n#if 0\n";
-open(PROG,'<'.$0); while(<PROG>) { print; } close(PROG);
-print "#endif\n";
-while(<>) {
-	$process=1	if (/\.proc\s+_ia64_AES_encrypt/);
-	next		if (!$process);
-
-	#s/te00=s0/td00=s0/;	s/te00/td00/g;
-	s/te11=s1/td13=s3/;	s/te11/td13/g;
-	#s/te22=s2/td22=s2/;	s/te22/td22/g;
-	s/te33=s3/td31=s1/;	s/te33/td31/g;
-
-	#s/te01=s1/td01=s1/;	s/te01/td01/g;
-	s/te12=s2/td10=s0/;	s/te12/td10/g;
-	#s/te23=s3/td23=s3/;	s/te23/td23/g;
-	s/te30=s0/td32=s2/;	s/te30/td32/g;
-
-	#s/te02=s2/td02=s2/;	s/te02/td02/g;
-	s/te13=s3/td11=s1/;	s/te13/td11/g;
-	#s/te20=s0/td20=s0/;	s/te20/td20/g;
-	s/te31=s1/td33=s3/;	s/te31/td33/g;
-
-	#s/te03=s3/td03=s3/;	s/te03/td03/g;
-	s/te10=s0/td12=s2/;	s/te10/td12/g;
-	#s/te21=s1/td21=s1/;	s/te21/td21/g;
-	s/te32=s2/td30=s0/;	s/te32/td30/g;
-
-	s/td/te/g;
-
-	s/AES_encrypt/AES_decrypt/g;
-	s/\.Le_/.Ld_/g;
-	s/AES_Te#/AES_Td#/g;
-
-	print;
-
-	exit		if (/\.endp\s+AES_decrypt/);
-}
-#endif
-.proc	_ia64_AES_decrypt#
-// Input:	rk0-rk1
-//		te0
-//		te3	as AES_KEY->rounds!!!
-//		s0-s3
-//		maskff,twenty4,sixteen
-// Output:	r16,r20,r24,r28 as s0-s3
-// Clobber:	r16-r31,rk0-rk1,r32-r43
-.align	32
-_ia64_AES_decrypt:
-	.prologue
-	.altrp	b6
-	.body
-{ .mmi;	alloc	r16=ar.pfs,12,0,0,8
-	LDKEY	t0=[rk0],2*KSZ
-	mov	pr.rot=1<<16	}
-{ .mmi;	LDKEY	t1=[rk1],2*KSZ
-	add	te1=TE1,te0
-	add	te3=-3,te3	};;
-{ .mib;	LDKEY	t2=[rk0],2*KSZ
-	mov	ar.ec=2		}
-{ .mib;	LDKEY	t3=[rk1],2*KSZ
-	add	te2=TE2,te0
-	brp.loop.imp	.Ld_top,.Ld_end-16	};;
-
-{ .mmi;	xor	s0=s0,t0
-	xor	s1=s1,t1
-	mov	ar.lc=te3	}
-{ .mmi;	xor	s2=s2,t2
-	xor	s3=s3,t3
-	add	te3=TE3,te0	};;
-
-.align	32
-.Ld_top:
-{ .mmi;	(p0)	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
-	(p0)	and	te31=s1,maskff		// 0/0:s3&0xff
-	(p0)	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
-{ .mmi; (p0)	LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
-	(p0)	and	te32=s2,maskff		// 0/1:s0&0xff
-	(p0)	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
-{ .mmi;	(p0)	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
-	(p0)	shladd	te31=te31,3,te3		// 1/0:te0+s0>>24
-	(p0)	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
-{ .mmi;	(p0)	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
-	(p0)	shladd	te32=te32,3,te3		// 1/1:te3+s0
-	(p0)	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
-{ .mmi;	(p0)	ld4	te31=[te31]		// 2/0:te3[s3&0xff]
-	(p0)	shladd	te22=te22,3,te2		// 2/0:te2+s2>>8&0xff
-	(p0)	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
-{ .mmi;	(p0)	ld4	te32=[te32]		// 2/1:te3[s0]
-	(p0)	shladd	te23=te23,3,te2		// 2/1:te2+s3>>8
-	(p0)	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
-{ .mmi;	(p0)	ld4	te22=[te22]		// 3/0:te2[s2>>8]
-	(p0)	shladd	te20=te20,3,te2		// 3/2:te2+s0>>8
-	(p0)	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
-{ .mmi;	(p0)	ld4	te23=[te23]		// 3/1:te2[s3>>8]
-	(p0)	shladd	te00=te00,3,te0		// 3/0:te0+s0>>24
-	(p0)	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
-{ .mmi;	(p0)	ld4	te20=[te20]		// 4/2:te2[s0>>8]
-	(p0)	shladd	te21=te21,3,te2		// 4/3:te3+s2
-	(p0)	extr.u	te13=s3,16,8	}	// 4/0:s1>>16&0xff
-{ .mmi;	(p0)	ld4	te00=[te00]		// 4/0:te0[s0>>24]
-	(p0)	shladd	te01=te01,3,te0		// 4/1:te0+s1>>24
-	(p0)	shr.u	te11=s1,sixteen	};;	// 4/2:s3>>16
-{ .mmi;	(p0)	ld4	te21=[te21]		// 5/3:te2[s1>>8]
-	(p0)	shladd	te13=te13,3,te1		// 5/0:te1+s1>>16
-	(p0)	extr.u	te10=s0,16,8	}	// 5/1:s2>>16&0xff
-{ .mmi;	(p0)	ld4	te01=[te01]		// 5/1:te0[s1>>24]
-	(p0)	shladd	te02=te02,3,te0		// 5/2:te0+s2>>24
-	(p0)	and	te33=s3,maskff	};;	// 5/2:s1&0xff
-{ .mmi;	(p0)	ld4	te13=[te13]		// 6/0:te1[s1>>16]
-	(p0)	shladd	te10=te10,3,te1		// 6/1:te1+s2>>16
-	(p0)	extr.u	te12=s2,16,8	}	// 6/3:s0>>16&0xff
-{ .mmi;	(p0)	ld4	te02=[te02]		// 6/2:te0[s2>>24]
-	(p0)	shladd	te03=te03,3,te0		// 6/3:te1+s0>>16
-	(p0)	and	te30=s0,maskff	};;	// 6/3:s2&0xff
-
-{ .mmi;	(p0)	ld4	te10=[te10]		// 7/1:te1[s2>>16]
-	(p0)	shladd	te33=te33,3,te3		// 7/2:te3+s1&0xff
-	(p0)	and	te11=te11,maskff}	// 7/2:s3>>16&0xff
-{ .mmi;	(p0)	ld4	te03=[te03]		// 7/3:te0[s3>>24]
-	(p0)	shladd	te30=te30,3,te3		// 7/3:te3+s2
-	(p0)	xor	t0=t0,te31	};;	// 7/0:
-{ .mmi;	(p0)	ld4	te33=[te33]		// 8/2:te3[s1]
-	(p0)	shladd	te11=te11,3,te1		// 8/2:te1+s3>>16
-	(p0)	xor	t0=t0,te22	}	// 8/0:
-{ .mmi;	(p0)	ld4	te30=[te30]		// 8/3:te3[s2]
-	(p0)	shladd	te12=te12,3,te1		// 8/3:te1+s0>>16
-	(p0)	xor	t1=t1,te32	};;	// 8/1:
-{ .mmi;	(p0)	ld4	te11=[te11]		// 9/2:te1[s3>>16]
-	(p0)	ld4	te12=[te12]		// 9/3:te1[s0>>16]
-	(p0)	xor	t0=t0,te00	};;	// 9/0:		!L2 scheduling
-{ .mmi;	(p0)	xor	t1=t1,te23		// 10[9]/1:	
-	(p0)	xor	t2=t2,te20		// 10[9]/2:
-	(p0)	xor	t3=t3,te21	};;	// 10[9]/3:
-{ .mmi;	(p0)	xor	t0=t0,te13		// 11[10]/0:done!
-	(p0)	xor	t1=t1,te01		// 11[10]/1:
-	(p0)	xor	t2=t2,te02	};;	// 11[10]/2:	!L2 scheduling
-{ .mmi;	(p0)	xor	t3=t3,te03		// 12[10]/3:
-	(p16)	cmp.eq	p0,p17=r0,r0 	};;	// 12[10]/clear (p17)
-{ .mmi;	(p0)	xor	t1=t1,te10		// 13[11]/1:done!
-	(p0)	xor	t2=t2,te33		// 13[11]/2:
-	(p0)	xor	t3=t3,te30	}	// 13[11]/3:
-{ .mmi;	(p17)	add	te0=2048,te0		// 13[11]/
-	(p17)	add	te1=2048+64-TE1,te1};;	// 13[11]/
-{ .mib;	(p0)	xor	t2=t2,te11		// 14[12]/2:done!
-	(p17)	add	te2=2048+128-TE2,te2}	// 14[12]/
-{ .mib;	(p0)	xor	t3=t3,te12		// 14[12]/3:done!
-	(p17)	add	te3=2048+192-TE3,te3	// 14[12]/
-	br.ctop.sptk	.Ld_top		};;
-.Ld_end:
-
-
-{ .mmi;	ld8	te10=[te0]		// prefetch Td4
-	ld8	te33=[te1]	}
-{ .mmi;	ld8	te12=[te2]
-	ld8	te30=[te3]	}
-
-{ .mmi;	LDKEY	t0=[rk0],2*KSZ		// 0/0:rk[0]
-	and	te31=s1,maskff		// 0/0:s3&0xff
-	extr.u	te22=s2,8,8	}	// 0/0:s2>>8&0xff
-{ .mmi; LDKEY	t1=[rk1],2*KSZ		// 0/1:rk[1]
-	and	te32=s2,maskff		// 0/1:s0&0xff
-	shr.u	te00=s0,twenty4	};;	// 0/0:s0>>24
-{ .mmi;	LDKEY	t2=[rk0],2*KSZ		// 1/2:rk[2]
-	add	te31=te31,te0		// 1/0:te0+s0>>24
-	extr.u	te23=s3,8,8	}	// 1/1:s3>>8&0xff
-{ .mmi;	LDKEY	t3=[rk1],2*KSZ		// 1/3:rk[3]
-	add	te32=te32,te0		// 1/1:te0+s0
-	shr.u	te01=s1,twenty4	};;	// 1/1:s1>>24
-{ .mmi;	ld1	te31=[te31]		// 2/0:te0[s3&0xff]
-	add	te22=te22,te0		// 2/0:te0+s2>>8&0xff
-	extr.u	te20=s0,8,8	}	// 2/2:s0>>8&0xff
-{ .mmi;	ld1	te32=[te32]		// 2/1:te0[s0]
-	add	te23=te23,te0		// 2/1:te0+s3>>8
-	shr.u	te02=s2,twenty4	};;	// 2/2:s2>>24
-{ .mmi;	ld1	te22=[te22]		// 3/0:te0[s2>>8]
-	add	te20=te20,te0		// 3/2:te0+s0>>8
-	extr.u	te21=s1,8,8	}	// 3/3:s1>>8&0xff
-{ .mmi;	ld1	te23=[te23]		// 3/1:te0[s3>>8]
-	add	te00=te00,te0		// 3/0:te0+s0>>24
-	shr.u	te03=s3,twenty4	};;	// 3/3:s3>>24
-{ .mmi;	ld1	te20=[te20]		// 4/2:te0[s0>>8]
-	add	te21=te21,te0		// 4/3:te0+s2
-	extr.u	te13=s3,16,8	}	// 4/0:s1>>16&0xff
-{ .mmi;	ld1	te00=[te00]		// 4/0:te0[s0>>24]
-	add	te01=te01,te0		// 4/1:te0+s1>>24
-	shr.u	te11=s1,sixteen	};;	// 4/2:s3>>16
-{ .mmi;	ld1	te21=[te21]		// 5/3:te0[s1>>8]
-	add	te13=te13,te0		// 5/0:te0+s1>>16
-	extr.u	te10=s0,16,8	}	// 5/1:s2>>16&0xff
-{ .mmi;	ld1	te01=[te01]		// 5/1:te0[s1>>24]
-	add	te02=te02,te0		// 5/2:te0+s2>>24
-	and	te33=s3,maskff	};;	// 5/2:s1&0xff
-{ .mmi;	ld1	te13=[te13]		// 6/0:te0[s1>>16]
-	add	te10=te10,te0		// 6/1:te0+s2>>16
-	extr.u	te12=s2,16,8	}	// 6/3:s0>>16&0xff
-{ .mmi;	ld1	te02=[te02]		// 6/2:te0[s2>>24]
-	add	te03=te03,te0		// 6/3:te0+s0>>16
-	and	te30=s0,maskff	};;	// 6/3:s2&0xff
-
-{ .mmi;	ld1	te10=[te10]		// 7/1:te0[s2>>16]
-	add	te33=te33,te0		// 7/2:te0+s1&0xff
-	dep	te31=te22,te31,8,8}	// 7/0:
-{ .mmi;	ld1	te03=[te03]		// 7/3:te0[s3>>24]
-	add	te30=te30,te0		// 7/3:te0+s2
-	and	te11=te11,maskff};;	// 7/2:s3>>16&0xff
-{ .mmi;	ld1	te33=[te33]		// 8/2:te0[s1]
-	add	te11=te11,te0		// 8/2:te0+s3>>16
-	dep	te32=te23,te32,8,8}	// 8/1:
-{ .mmi;	ld1	te30=[te30]		// 8/3:te0[s2]
-	add	te12=te12,te0		// 8/3:te0+s0>>16
-	shl	te00=te00,twenty4};;	// 8/0:
-{ .mii;	ld1	te11=[te11]		// 9/2:te0[s3>>16]
-	dep	te31=te13,te31,16,8	// 9/0:
-	shl	te01=te01,twenty4};;	// 9/1:
-{ .mii;	ld1	te12=[te12]		// 10/3:te0[s0>>16]
-	dep	te33=te20,te33,8,8	// 10/2:
-	shl	te02=te02,twenty4};;	// 10/2:
-{ .mii;	xor	t0=t0,te31		// 11/0:
-	dep	te30=te21,te30,8,8	// 11/3:
-	shl	te10=te10,sixteen};;	// 11/1:
-{ .mii;	xor	r16=t0,te00		// 12/0:done!
-	dep	te33=te11,te33,16,8	// 12/2:
-	shl	te03=te03,twenty4};;	// 12/3:
-{ .mmi;	xor	t1=t1,te01		// 13/1:
-	xor	t2=t2,te02		// 13/2:
-	dep	te30=te12,te30,16,8};;	// 13/3:
-{ .mmi;	xor	t1=t1,te32		// 14/1:
-	xor	r24=t2,te33		// 14/2:done!
-	xor	t3=t3,te30	};;	// 14/3:
-{ .mib;	xor	r20=t1,te10		// 15/1:done!
-	xor	r28=t3,te03		// 15/3:done!
-	br.ret.sptk	b6	};;
-.endp	_ia64_AES_decrypt#
-
-// void AES_decrypt (const void *in,void *out,const AES_KEY *key);
-.global	AES_decrypt#
-.proc	AES_decrypt#
-.align	32
-AES_decrypt:
-	.prologue
-	.save	ar.pfs,pfssave
-{ .mmi;	alloc	pfssave=ar.pfs,3,1,12,0
-	and	out0=3,in0
-	mov	r3=ip			}
-{ .mmi;	ADDP	in0=0,in0
-	mov	loc0=psr.um
-	ADDP	out11=KSZ*60,in2	};;	// &AES_KEY->rounds
-
-{ .mmi;	ld4	out11=[out11]			// AES_KEY->rounds
-	add	out8=(AES_Td#-AES_decrypt#),r3	// Te0
-	.save	pr,prsave
-	mov	prsave=pr		}
-{ .mmi;	rum	1<<3				// clear um.ac
-	.save	ar.lc,lcsave
-	mov	lcsave=ar.lc		};;
-
-	.body
-#if defined(_HPUX_SOURCE)	// HPUX is big-endian, cut 15+15 cycles...
-{ .mib; cmp.ne	p6,p0=out0,r0
-	add	out0=4,in0
-(p6)	br.dpnt.many	.Ld_i_unaligned	};;
-
-{ .mmi;	ld4	out1=[in0],8		// s0
-	and	out9=3,in1
-	mov	twenty4=24		}
-{ .mmi;	ld4	out3=[out0],8		// s1
-	ADDP	rk0=0,in2
-	mov	sixteen=16		};;
-{ .mmi;	ld4	out5=[in0]		// s2
-	cmp.ne	p6,p0=out9,r0
-	mov	maskff=0xff		}
-{ .mmb;	ld4	out7=[out0]		// s3
-	ADDP	rk1=KSZ,in2
-	br.call.sptk.many	b6=_ia64_AES_decrypt	};;
-
-{ .mib;	ADDP	in0=4,in1
-	ADDP	in1=0,in1
-(p6)	br.spnt	.Ld_o_unaligned		};;
-
-{ .mii;	mov	psr.um=loc0
-	mov	ar.pfs=pfssave
-	mov	ar.lc=lcsave		};;
-{ .mmi;	st4	[in1]=r16,8		// s0
-	st4	[in0]=r20,8		// s1
-	mov	pr=prsave,0x1ffff	};;
-{ .mmb;	st4	[in1]=r24		// s2
-	st4	[in0]=r28		// s3
-	br.ret.sptk.many	b0	};;
-#endif
-
-.align	32
-.Ld_i_unaligned:
-{ .mmi;	add	out0=1,in0
-	add	out2=2,in0
-	add	out4=3,in0	};;
-{ .mmi;	ld1	r16=[in0],4
-	ld1	r17=[out0],4	}//;;
-{ .mmi;	ld1	r18=[out2],4
-	ld1	out1=[out4],4	};;	// s0
-{ .mmi;	ld1	r20=[in0],4
-	ld1	r21=[out0],4	}//;;
-{ .mmi;	ld1	r22=[out2],4
-	ld1	out3=[out4],4	};;	// s1
-{ .mmi;	ld1	r24=[in0],4
-	ld1	r25=[out0],4	}//;;
-{ .mmi;	ld1	r26=[out2],4
-	ld1	out5=[out4],4	};;	// s2
-{ .mmi;	ld1	r28=[in0]
-	ld1	r29=[out0]	}//;;
-{ .mmi;	ld1	r30=[out2]
-	ld1	out7=[out4]	};;	// s3
-
-{ .mii;
-	dep	out1=r16,out1,24,8	//;;
-	dep	out3=r20,out3,24,8	}//;;
-{ .mii;	ADDP	rk0=0,in2
-	dep	out5=r24,out5,24,8	//;;
-	dep	out7=r28,out7,24,8	};;
-{ .mii;	ADDP	rk1=KSZ,in2
-	dep	out1=r17,out1,16,8	//;;
-	dep	out3=r21,out3,16,8	}//;;
-{ .mii;	mov	twenty4=24
-	dep	out5=r25,out5,16,8	//;;
-	dep	out7=r29,out7,16,8	};;
-{ .mii;	mov	sixteen=16
-	dep	out1=r18,out1,8,8	//;;
-	dep	out3=r22,out3,8,8	}//;;
-{ .mii;	mov	maskff=0xff
-	dep	out5=r26,out5,8,8	//;;
-	dep	out7=r30,out7,8,8	};;
-
-{ .mib;	br.call.sptk.many	b6=_ia64_AES_decrypt	};;
-
-.Ld_o_unaligned:
-{ .mii;	ADDP	out0=0,in1
-	extr.u	r17=r16,8,8			// s0
-	shr.u	r19=r16,twenty4		}//;;
-{ .mii;	ADDP	out1=1,in1
-	extr.u	r18=r16,16,8
-	shr.u	r23=r20,twenty4		}//;;	// s1
-{ .mii;	ADDP	out2=2,in1
-	extr.u	r21=r20,8,8
-	shr.u	r22=r20,sixteen		}//;;
-{ .mii;	ADDP	out3=3,in1
-	extr.u	r25=r24,8,8			// s2
-	shr.u	r27=r24,twenty4		};;
-{ .mii;	st1	[out3]=r16,4
-	extr.u	r26=r24,16,8
-	shr.u	r31=r28,twenty4		}//;;	// s3
-{ .mii;	st1	[out2]=r17,4
-	extr.u	r29=r28,8,8
-	shr.u	r30=r28,sixteen		}//;;
-
-{ .mmi;	st1	[out1]=r18,4
-	st1	[out0]=r19,4		};;
-{ .mmi;	st1	[out3]=r20,4
-	st1	[out2]=r21,4		}//;;
-{ .mmi;	st1	[out1]=r22,4
-	st1	[out0]=r23,4		};;
-{ .mmi;	st1	[out3]=r24,4
-	st1	[out2]=r25,4
-	mov	pr=prsave,0x1ffff	}//;;
-{ .mmi;	st1	[out1]=r26,4
-	st1	[out0]=r27,4
-	mov	ar.pfs=pfssave		};;
-{ .mmi;	st1	[out3]=r28
-	st1	[out2]=r29
-	mov	ar.lc=lcsave		}//;;
-{ .mmi;	st1	[out1]=r30
-	st1	[out0]=r31		}
-{ .mfb;	mov	psr.um=loc0			// restore user mask
-	br.ret.sptk.many	b0	};;
-.endp	AES_decrypt#
-
-// leave it in .text segment...
-.align	64
-.global	AES_Te#
-.type	AES_Te#,@object
-AES_Te:	data4	0xc66363a5,0xc66363a5, 0xf87c7c84,0xf87c7c84
-	data4	0xee777799,0xee777799, 0xf67b7b8d,0xf67b7b8d
-	data4	0xfff2f20d,0xfff2f20d, 0xd66b6bbd,0xd66b6bbd
-	data4	0xde6f6fb1,0xde6f6fb1, 0x91c5c554,0x91c5c554
-	data4	0x60303050,0x60303050, 0x02010103,0x02010103
-	data4	0xce6767a9,0xce6767a9, 0x562b2b7d,0x562b2b7d
-	data4	0xe7fefe19,0xe7fefe19, 0xb5d7d762,0xb5d7d762
-	data4	0x4dababe6,0x4dababe6, 0xec76769a,0xec76769a
-	data4	0x8fcaca45,0x8fcaca45, 0x1f82829d,0x1f82829d
-	data4	0x89c9c940,0x89c9c940, 0xfa7d7d87,0xfa7d7d87
-	data4	0xeffafa15,0xeffafa15, 0xb25959eb,0xb25959eb
-	data4	0x8e4747c9,0x8e4747c9, 0xfbf0f00b,0xfbf0f00b
-	data4	0x41adadec,0x41adadec, 0xb3d4d467,0xb3d4d467
-	data4	0x5fa2a2fd,0x5fa2a2fd, 0x45afafea,0x45afafea
-	data4	0x239c9cbf,0x239c9cbf, 0x53a4a4f7,0x53a4a4f7
-	data4	0xe4727296,0xe4727296, 0x9bc0c05b,0x9bc0c05b
-	data4	0x75b7b7c2,0x75b7b7c2, 0xe1fdfd1c,0xe1fdfd1c
-	data4	0x3d9393ae,0x3d9393ae, 0x4c26266a,0x4c26266a
-	data4	0x6c36365a,0x6c36365a, 0x7e3f3f41,0x7e3f3f41
-	data4	0xf5f7f702,0xf5f7f702, 0x83cccc4f,0x83cccc4f
-	data4	0x6834345c,0x6834345c, 0x51a5a5f4,0x51a5a5f4
-	data4	0xd1e5e534,0xd1e5e534, 0xf9f1f108,0xf9f1f108
-	data4	0xe2717193,0xe2717193, 0xabd8d873,0xabd8d873
-	data4	0x62313153,0x62313153, 0x2a15153f,0x2a15153f
-	data4	0x0804040c,0x0804040c, 0x95c7c752,0x95c7c752
-	data4	0x46232365,0x46232365, 0x9dc3c35e,0x9dc3c35e
-	data4	0x30181828,0x30181828, 0x379696a1,0x379696a1
-	data4	0x0a05050f,0x0a05050f, 0x2f9a9ab5,0x2f9a9ab5
-	data4	0x0e070709,0x0e070709, 0x24121236,0x24121236
-	data4	0x1b80809b,0x1b80809b, 0xdfe2e23d,0xdfe2e23d
-	data4	0xcdebeb26,0xcdebeb26, 0x4e272769,0x4e272769
-	data4	0x7fb2b2cd,0x7fb2b2cd, 0xea75759f,0xea75759f
-	data4	0x1209091b,0x1209091b, 0x1d83839e,0x1d83839e
-	data4	0x582c2c74,0x582c2c74, 0x341a1a2e,0x341a1a2e
-	data4	0x361b1b2d,0x361b1b2d, 0xdc6e6eb2,0xdc6e6eb2
-	data4	0xb45a5aee,0xb45a5aee, 0x5ba0a0fb,0x5ba0a0fb
-	data4	0xa45252f6,0xa45252f6, 0x763b3b4d,0x763b3b4d
-	data4	0xb7d6d661,0xb7d6d661, 0x7db3b3ce,0x7db3b3ce
-	data4	0x5229297b,0x5229297b, 0xdde3e33e,0xdde3e33e
-	data4	0x5e2f2f71,0x5e2f2f71, 0x13848497,0x13848497
-	data4	0xa65353f5,0xa65353f5, 0xb9d1d168,0xb9d1d168
-	data4	0x00000000,0x00000000, 0xc1eded2c,0xc1eded2c
-	data4	0x40202060,0x40202060, 0xe3fcfc1f,0xe3fcfc1f
-	data4	0x79b1b1c8,0x79b1b1c8, 0xb65b5bed,0xb65b5bed
-	data4	0xd46a6abe,0xd46a6abe, 0x8dcbcb46,0x8dcbcb46
-	data4	0x67bebed9,0x67bebed9, 0x7239394b,0x7239394b
-	data4	0x944a4ade,0x944a4ade, 0x984c4cd4,0x984c4cd4
-	data4	0xb05858e8,0xb05858e8, 0x85cfcf4a,0x85cfcf4a
-	data4	0xbbd0d06b,0xbbd0d06b, 0xc5efef2a,0xc5efef2a
-	data4	0x4faaaae5,0x4faaaae5, 0xedfbfb16,0xedfbfb16
-	data4	0x864343c5,0x864343c5, 0x9a4d4dd7,0x9a4d4dd7
-	data4	0x66333355,0x66333355, 0x11858594,0x11858594
-	data4	0x8a4545cf,0x8a4545cf, 0xe9f9f910,0xe9f9f910
-	data4	0x04020206,0x04020206, 0xfe7f7f81,0xfe7f7f81
-	data4	0xa05050f0,0xa05050f0, 0x783c3c44,0x783c3c44
-	data4	0x259f9fba,0x259f9fba, 0x4ba8a8e3,0x4ba8a8e3
-	data4	0xa25151f3,0xa25151f3, 0x5da3a3fe,0x5da3a3fe
-	data4	0x804040c0,0x804040c0, 0x058f8f8a,0x058f8f8a
-	data4	0x3f9292ad,0x3f9292ad, 0x219d9dbc,0x219d9dbc
-	data4	0x70383848,0x70383848, 0xf1f5f504,0xf1f5f504
-	data4	0x63bcbcdf,0x63bcbcdf, 0x77b6b6c1,0x77b6b6c1
-	data4	0xafdada75,0xafdada75, 0x42212163,0x42212163
-	data4	0x20101030,0x20101030, 0xe5ffff1a,0xe5ffff1a
-	data4	0xfdf3f30e,0xfdf3f30e, 0xbfd2d26d,0xbfd2d26d
-	data4	0x81cdcd4c,0x81cdcd4c, 0x180c0c14,0x180c0c14
-	data4	0x26131335,0x26131335, 0xc3ecec2f,0xc3ecec2f
-	data4	0xbe5f5fe1,0xbe5f5fe1, 0x359797a2,0x359797a2
-	data4	0x884444cc,0x884444cc, 0x2e171739,0x2e171739
-	data4	0x93c4c457,0x93c4c457, 0x55a7a7f2,0x55a7a7f2
-	data4	0xfc7e7e82,0xfc7e7e82, 0x7a3d3d47,0x7a3d3d47
-	data4	0xc86464ac,0xc86464ac, 0xba5d5de7,0xba5d5de7
-	data4	0x3219192b,0x3219192b, 0xe6737395,0xe6737395
-	data4	0xc06060a0,0xc06060a0, 0x19818198,0x19818198
-	data4	0x9e4f4fd1,0x9e4f4fd1, 0xa3dcdc7f,0xa3dcdc7f
-	data4	0x44222266,0x44222266, 0x542a2a7e,0x542a2a7e
-	data4	0x3b9090ab,0x3b9090ab, 0x0b888883,0x0b888883
-	data4	0x8c4646ca,0x8c4646ca, 0xc7eeee29,0xc7eeee29
-	data4	0x6bb8b8d3,0x6bb8b8d3, 0x2814143c,0x2814143c
-	data4	0xa7dede79,0xa7dede79, 0xbc5e5ee2,0xbc5e5ee2
-	data4	0x160b0b1d,0x160b0b1d, 0xaddbdb76,0xaddbdb76
-	data4	0xdbe0e03b,0xdbe0e03b, 0x64323256,0x64323256
-	data4	0x743a3a4e,0x743a3a4e, 0x140a0a1e,0x140a0a1e
-	data4	0x924949db,0x924949db, 0x0c06060a,0x0c06060a
-	data4	0x4824246c,0x4824246c, 0xb85c5ce4,0xb85c5ce4
-	data4	0x9fc2c25d,0x9fc2c25d, 0xbdd3d36e,0xbdd3d36e
-	data4	0x43acacef,0x43acacef, 0xc46262a6,0xc46262a6
-	data4	0x399191a8,0x399191a8, 0x319595a4,0x319595a4
-	data4	0xd3e4e437,0xd3e4e437, 0xf279798b,0xf279798b
-	data4	0xd5e7e732,0xd5e7e732, 0x8bc8c843,0x8bc8c843
-	data4	0x6e373759,0x6e373759, 0xda6d6db7,0xda6d6db7
-	data4	0x018d8d8c,0x018d8d8c, 0xb1d5d564,0xb1d5d564
-	data4	0x9c4e4ed2,0x9c4e4ed2, 0x49a9a9e0,0x49a9a9e0
-	data4	0xd86c6cb4,0xd86c6cb4, 0xac5656fa,0xac5656fa
-	data4	0xf3f4f407,0xf3f4f407, 0xcfeaea25,0xcfeaea25
-	data4	0xca6565af,0xca6565af, 0xf47a7a8e,0xf47a7a8e
-	data4	0x47aeaee9,0x47aeaee9, 0x10080818,0x10080818
-	data4	0x6fbabad5,0x6fbabad5, 0xf0787888,0xf0787888
-	data4	0x4a25256f,0x4a25256f, 0x5c2e2e72,0x5c2e2e72
-	data4	0x381c1c24,0x381c1c24, 0x57a6a6f1,0x57a6a6f1
-	data4	0x73b4b4c7,0x73b4b4c7, 0x97c6c651,0x97c6c651
-	data4	0xcbe8e823,0xcbe8e823, 0xa1dddd7c,0xa1dddd7c
-	data4	0xe874749c,0xe874749c, 0x3e1f1f21,0x3e1f1f21
-	data4	0x964b4bdd,0x964b4bdd, 0x61bdbddc,0x61bdbddc
-	data4	0x0d8b8b86,0x0d8b8b86, 0x0f8a8a85,0x0f8a8a85
-	data4	0xe0707090,0xe0707090, 0x7c3e3e42,0x7c3e3e42
-	data4	0x71b5b5c4,0x71b5b5c4, 0xcc6666aa,0xcc6666aa
-	data4	0x904848d8,0x904848d8, 0x06030305,0x06030305
-	data4	0xf7f6f601,0xf7f6f601, 0x1c0e0e12,0x1c0e0e12
-	data4	0xc26161a3,0xc26161a3, 0x6a35355f,0x6a35355f
-	data4	0xae5757f9,0xae5757f9, 0x69b9b9d0,0x69b9b9d0
-	data4	0x17868691,0x17868691, 0x99c1c158,0x99c1c158
-	data4	0x3a1d1d27,0x3a1d1d27, 0x279e9eb9,0x279e9eb9
-	data4	0xd9e1e138,0xd9e1e138, 0xebf8f813,0xebf8f813
-	data4	0x2b9898b3,0x2b9898b3, 0x22111133,0x22111133
-	data4	0xd26969bb,0xd26969bb, 0xa9d9d970,0xa9d9d970
-	data4	0x078e8e89,0x078e8e89, 0x339494a7,0x339494a7
-	data4	0x2d9b9bb6,0x2d9b9bb6, 0x3c1e1e22,0x3c1e1e22
-	data4	0x15878792,0x15878792, 0xc9e9e920,0xc9e9e920
-	data4	0x87cece49,0x87cece49, 0xaa5555ff,0xaa5555ff
-	data4	0x50282878,0x50282878, 0xa5dfdf7a,0xa5dfdf7a
-	data4	0x038c8c8f,0x038c8c8f, 0x59a1a1f8,0x59a1a1f8
-	data4	0x09898980,0x09898980, 0x1a0d0d17,0x1a0d0d17
-	data4	0x65bfbfda,0x65bfbfda, 0xd7e6e631,0xd7e6e631
-	data4	0x844242c6,0x844242c6, 0xd06868b8,0xd06868b8
-	data4	0x824141c3,0x824141c3, 0x299999b0,0x299999b0
-	data4	0x5a2d2d77,0x5a2d2d77, 0x1e0f0f11,0x1e0f0f11
-	data4	0x7bb0b0cb,0x7bb0b0cb, 0xa85454fc,0xa85454fc
-	data4	0x6dbbbbd6,0x6dbbbbd6, 0x2c16163a,0x2c16163a
-// Te4:
-	data1	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
-	data1	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-	data1	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-	data1	0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-	data1	0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-	data1	0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-	data1	0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-	data1	0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-	data1	0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-	data1	0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-	data1	0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-	data1	0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-	data1	0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-	data1	0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-	data1	0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-	data1	0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-	data1	0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-	data1	0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-	data1	0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-	data1	0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-	data1	0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-	data1	0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-	data1	0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-	data1	0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-	data1	0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-	data1	0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-	data1	0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-	data1	0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-	data1	0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-	data1	0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-	data1	0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-	data1	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-.size	AES_Te#,2048+256	// HP-UX assembler fails to ".-AES_Te#"
-
-.align	64
-.global	AES_Td#
-.type	AES_Td#,@object
-AES_Td:	data4	0x51f4a750,0x51f4a750, 0x7e416553,0x7e416553
-	data4	0x1a17a4c3,0x1a17a4c3, 0x3a275e96,0x3a275e96
-	data4	0x3bab6bcb,0x3bab6bcb, 0x1f9d45f1,0x1f9d45f1
-	data4	0xacfa58ab,0xacfa58ab, 0x4be30393,0x4be30393
-	data4	0x2030fa55,0x2030fa55, 0xad766df6,0xad766df6
-	data4	0x88cc7691,0x88cc7691, 0xf5024c25,0xf5024c25
-	data4	0x4fe5d7fc,0x4fe5d7fc, 0xc52acbd7,0xc52acbd7
-	data4	0x26354480,0x26354480, 0xb562a38f,0xb562a38f
-	data4	0xdeb15a49,0xdeb15a49, 0x25ba1b67,0x25ba1b67
-	data4	0x45ea0e98,0x45ea0e98, 0x5dfec0e1,0x5dfec0e1
-	data4	0xc32f7502,0xc32f7502, 0x814cf012,0x814cf012
-	data4	0x8d4697a3,0x8d4697a3, 0x6bd3f9c6,0x6bd3f9c6
-	data4	0x038f5fe7,0x038f5fe7, 0x15929c95,0x15929c95
-	data4	0xbf6d7aeb,0xbf6d7aeb, 0x955259da,0x955259da
-	data4	0xd4be832d,0xd4be832d, 0x587421d3,0x587421d3
-	data4	0x49e06929,0x49e06929, 0x8ec9c844,0x8ec9c844
-	data4	0x75c2896a,0x75c2896a, 0xf48e7978,0xf48e7978
-	data4	0x99583e6b,0x99583e6b, 0x27b971dd,0x27b971dd
-	data4	0xbee14fb6,0xbee14fb6, 0xf088ad17,0xf088ad17
-	data4	0xc920ac66,0xc920ac66, 0x7dce3ab4,0x7dce3ab4
-	data4	0x63df4a18,0x63df4a18, 0xe51a3182,0xe51a3182
-	data4	0x97513360,0x97513360, 0x62537f45,0x62537f45
-	data4	0xb16477e0,0xb16477e0, 0xbb6bae84,0xbb6bae84
-	data4	0xfe81a01c,0xfe81a01c, 0xf9082b94,0xf9082b94
-	data4	0x70486858,0x70486858, 0x8f45fd19,0x8f45fd19
-	data4	0x94de6c87,0x94de6c87, 0x527bf8b7,0x527bf8b7
-	data4	0xab73d323,0xab73d323, 0x724b02e2,0x724b02e2
-	data4	0xe31f8f57,0xe31f8f57, 0x6655ab2a,0x6655ab2a
-	data4	0xb2eb2807,0xb2eb2807, 0x2fb5c203,0x2fb5c203
-	data4	0x86c57b9a,0x86c57b9a, 0xd33708a5,0xd33708a5
-	data4	0x302887f2,0x302887f2, 0x23bfa5b2,0x23bfa5b2
-	data4	0x02036aba,0x02036aba, 0xed16825c,0xed16825c
-	data4	0x8acf1c2b,0x8acf1c2b, 0xa779b492,0xa779b492
-	data4	0xf307f2f0,0xf307f2f0, 0x4e69e2a1,0x4e69e2a1
-	data4	0x65daf4cd,0x65daf4cd, 0x0605bed5,0x0605bed5
-	data4	0xd134621f,0xd134621f, 0xc4a6fe8a,0xc4a6fe8a
-	data4	0x342e539d,0x342e539d, 0xa2f355a0,0xa2f355a0
-	data4	0x058ae132,0x058ae132, 0xa4f6eb75,0xa4f6eb75
-	data4	0x0b83ec39,0x0b83ec39, 0x4060efaa,0x4060efaa
-	data4	0x5e719f06,0x5e719f06, 0xbd6e1051,0xbd6e1051
-	data4	0x3e218af9,0x3e218af9, 0x96dd063d,0x96dd063d
-	data4	0xdd3e05ae,0xdd3e05ae, 0x4de6bd46,0x4de6bd46
-	data4	0x91548db5,0x91548db5, 0x71c45d05,0x71c45d05
-	data4	0x0406d46f,0x0406d46f, 0x605015ff,0x605015ff
-	data4	0x1998fb24,0x1998fb24, 0xd6bde997,0xd6bde997
-	data4	0x894043cc,0x894043cc, 0x67d99e77,0x67d99e77
-	data4	0xb0e842bd,0xb0e842bd, 0x07898b88,0x07898b88
-	data4	0xe7195b38,0xe7195b38, 0x79c8eedb,0x79c8eedb
-	data4	0xa17c0a47,0xa17c0a47, 0x7c420fe9,0x7c420fe9
-	data4	0xf8841ec9,0xf8841ec9, 0x00000000,0x00000000
-	data4	0x09808683,0x09808683, 0x322bed48,0x322bed48
-	data4	0x1e1170ac,0x1e1170ac, 0x6c5a724e,0x6c5a724e
-	data4	0xfd0efffb,0xfd0efffb, 0x0f853856,0x0f853856
-	data4	0x3daed51e,0x3daed51e, 0x362d3927,0x362d3927
-	data4	0x0a0fd964,0x0a0fd964, 0x685ca621,0x685ca621
-	data4	0x9b5b54d1,0x9b5b54d1, 0x24362e3a,0x24362e3a
-	data4	0x0c0a67b1,0x0c0a67b1, 0x9357e70f,0x9357e70f
-	data4	0xb4ee96d2,0xb4ee96d2, 0x1b9b919e,0x1b9b919e
-	data4	0x80c0c54f,0x80c0c54f, 0x61dc20a2,0x61dc20a2
-	data4	0x5a774b69,0x5a774b69, 0x1c121a16,0x1c121a16
-	data4	0xe293ba0a,0xe293ba0a, 0xc0a02ae5,0xc0a02ae5
-	data4	0x3c22e043,0x3c22e043, 0x121b171d,0x121b171d
-	data4	0x0e090d0b,0x0e090d0b, 0xf28bc7ad,0xf28bc7ad
-	data4	0x2db6a8b9,0x2db6a8b9, 0x141ea9c8,0x141ea9c8
-	data4	0x57f11985,0x57f11985, 0xaf75074c,0xaf75074c
-	data4	0xee99ddbb,0xee99ddbb, 0xa37f60fd,0xa37f60fd
-	data4	0xf701269f,0xf701269f, 0x5c72f5bc,0x5c72f5bc
-	data4	0x44663bc5,0x44663bc5, 0x5bfb7e34,0x5bfb7e34
-	data4	0x8b432976,0x8b432976, 0xcb23c6dc,0xcb23c6dc
-	data4	0xb6edfc68,0xb6edfc68, 0xb8e4f163,0xb8e4f163
-	data4	0xd731dcca,0xd731dcca, 0x42638510,0x42638510
-	data4	0x13972240,0x13972240, 0x84c61120,0x84c61120
-	data4	0x854a247d,0x854a247d, 0xd2bb3df8,0xd2bb3df8
-	data4	0xaef93211,0xaef93211, 0xc729a16d,0xc729a16d
-	data4	0x1d9e2f4b,0x1d9e2f4b, 0xdcb230f3,0xdcb230f3
-	data4	0x0d8652ec,0x0d8652ec, 0x77c1e3d0,0x77c1e3d0
-	data4	0x2bb3166c,0x2bb3166c, 0xa970b999,0xa970b999
-	data4	0x119448fa,0x119448fa, 0x47e96422,0x47e96422
-	data4	0xa8fc8cc4,0xa8fc8cc4, 0xa0f03f1a,0xa0f03f1a
-	data4	0x567d2cd8,0x567d2cd8, 0x223390ef,0x223390ef
-	data4	0x87494ec7,0x87494ec7, 0xd938d1c1,0xd938d1c1
-	data4	0x8ccaa2fe,0x8ccaa2fe, 0x98d40b36,0x98d40b36
-	data4	0xa6f581cf,0xa6f581cf, 0xa57ade28,0xa57ade28
-	data4	0xdab78e26,0xdab78e26, 0x3fadbfa4,0x3fadbfa4
-	data4	0x2c3a9de4,0x2c3a9de4, 0x5078920d,0x5078920d
-	data4	0x6a5fcc9b,0x6a5fcc9b, 0x547e4662,0x547e4662
-	data4	0xf68d13c2,0xf68d13c2, 0x90d8b8e8,0x90d8b8e8
-	data4	0x2e39f75e,0x2e39f75e, 0x82c3aff5,0x82c3aff5
-	data4	0x9f5d80be,0x9f5d80be, 0x69d0937c,0x69d0937c
-	data4	0x6fd52da9,0x6fd52da9, 0xcf2512b3,0xcf2512b3
-	data4	0xc8ac993b,0xc8ac993b, 0x10187da7,0x10187da7
-	data4	0xe89c636e,0xe89c636e, 0xdb3bbb7b,0xdb3bbb7b
-	data4	0xcd267809,0xcd267809, 0x6e5918f4,0x6e5918f4
-	data4	0xec9ab701,0xec9ab701, 0x834f9aa8,0x834f9aa8
-	data4	0xe6956e65,0xe6956e65, 0xaaffe67e,0xaaffe67e
-	data4	0x21bccf08,0x21bccf08, 0xef15e8e6,0xef15e8e6
-	data4	0xbae79bd9,0xbae79bd9, 0x4a6f36ce,0x4a6f36ce
-	data4	0xea9f09d4,0xea9f09d4, 0x29b07cd6,0x29b07cd6
-	data4	0x31a4b2af,0x31a4b2af, 0x2a3f2331,0x2a3f2331
-	data4	0xc6a59430,0xc6a59430, 0x35a266c0,0x35a266c0
-	data4	0x744ebc37,0x744ebc37, 0xfc82caa6,0xfc82caa6
-	data4	0xe090d0b0,0xe090d0b0, 0x33a7d815,0x33a7d815
-	data4	0xf104984a,0xf104984a, 0x41ecdaf7,0x41ecdaf7
-	data4	0x7fcd500e,0x7fcd500e, 0x1791f62f,0x1791f62f
-	data4	0x764dd68d,0x764dd68d, 0x43efb04d,0x43efb04d
-	data4	0xccaa4d54,0xccaa4d54, 0xe49604df,0xe49604df
-	data4	0x9ed1b5e3,0x9ed1b5e3, 0x4c6a881b,0x4c6a881b
-	data4	0xc12c1fb8,0xc12c1fb8, 0x4665517f,0x4665517f
-	data4	0x9d5eea04,0x9d5eea04, 0x018c355d,0x018c355d
-	data4	0xfa877473,0xfa877473, 0xfb0b412e,0xfb0b412e
-	data4	0xb3671d5a,0xb3671d5a, 0x92dbd252,0x92dbd252
-	data4	0xe9105633,0xe9105633, 0x6dd64713,0x6dd64713
-	data4	0x9ad7618c,0x9ad7618c, 0x37a10c7a,0x37a10c7a
-	data4	0x59f8148e,0x59f8148e, 0xeb133c89,0xeb133c89
-	data4	0xcea927ee,0xcea927ee, 0xb761c935,0xb761c935
-	data4	0xe11ce5ed,0xe11ce5ed, 0x7a47b13c,0x7a47b13c
-	data4	0x9cd2df59,0x9cd2df59, 0x55f2733f,0x55f2733f
-	data4	0x1814ce79,0x1814ce79, 0x73c737bf,0x73c737bf
-	data4	0x53f7cdea,0x53f7cdea, 0x5ffdaa5b,0x5ffdaa5b
-	data4	0xdf3d6f14,0xdf3d6f14, 0x7844db86,0x7844db86
-	data4	0xcaaff381,0xcaaff381, 0xb968c43e,0xb968c43e
-	data4	0x3824342c,0x3824342c, 0xc2a3405f,0xc2a3405f
-	data4	0x161dc372,0x161dc372, 0xbce2250c,0xbce2250c
-	data4	0x283c498b,0x283c498b, 0xff0d9541,0xff0d9541
-	data4	0x39a80171,0x39a80171, 0x080cb3de,0x080cb3de
-	data4	0xd8b4e49c,0xd8b4e49c, 0x6456c190,0x6456c190
-	data4	0x7bcb8461,0x7bcb8461, 0xd532b670,0xd532b670
-	data4	0x486c5c74,0x486c5c74, 0xd0b85742,0xd0b85742
-// Td4:
-	data1	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
-	data1	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-	data1	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-	data1	0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-	data1	0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-	data1	0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-	data1	0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-	data1	0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-	data1	0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-	data1	0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-	data1	0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-	data1	0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-	data1	0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-	data1	0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-	data1	0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-	data1	0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-	data1	0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-	data1	0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-	data1	0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-	data1	0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-	data1	0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-	data1	0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-	data1	0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-	data1	0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-	data1	0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-	data1	0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-	data1	0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-	data1	0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-	data1	0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-	data1	0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-	data1	0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-	data1	0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-.size	AES_Td#,2048+256	// HP-UX assembler fails to ".-AES_Td#"
diff --git a/src/lib/libcrypto/bn/asm/ia64-mont.pl b/src/lib/libcrypto/bn/asm/ia64-mont.pl
deleted file mode 100644
index e258658428..0000000000
--- a/src/lib/libcrypto/bn/asm/ia64-mont.pl
+++ /dev/null
@@ -1,851 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-
-# January 2010
-#
-# "Teaser" Montgomery multiplication module for IA-64. There are
-# several possibilities for improvement:
-#
-# - modulo-scheduling outer loop would eliminate quite a number of
-#   stalls after ldf8, xma and getf.sig outside inner loop and
-#   improve shorter key performance;
-# - shorter vector support [with input vectors being fetched only
-#   once] should be added;
-# - 2x unroll with help of n0[1] would make the code scalable on
-#   "wider" IA-64, "wider" than Itanium 2 that is, which is not of
-#   acute interest, because upcoming Tukwila's individual cores are
-#   reportedly based on Itanium 2 design;
-# - dedicated squaring procedure(?);
-#
-# January 2010
-#
-# Shorter vector support is implemented by zero-padding ap and np
-# vectors up to 8 elements, or 512 bits. This means that 256-bit
-# inputs will be processed only 2 times faster than 512-bit inputs,
-# not 4 [as one would expect, because algorithm complexity is n^2].
-# The reason for padding is that inputs shorter than 512 bits won't
-# be processed faster anyway, because minimal critical path of the
-# core loop happens to match 512-bit timing. Either way, it resulted
-# in >100% improvement of 512-bit RSA sign benchmark and 50% - of
-# 1024-bit one [in comparison to original version of *this* module].
-#
-# So far 'openssl speed rsa dsa' output on 900MHz Itanium 2 *with*
-# this module is:
-#                   sign    verify    sign/s verify/s
-# rsa  512 bits 0.000290s 0.000024s   3452.8  42031.4
-# rsa 1024 bits 0.000793s 0.000058s   1261.7  17172.0
-# rsa 2048 bits 0.005908s 0.000148s    169.3   6754.0
-# rsa 4096 bits 0.033456s 0.000469s     29.9   2133.6
-# dsa  512 bits 0.000253s 0.000198s   3949.9   5057.0
-# dsa 1024 bits 0.000585s 0.000607s   1708.4   1647.4
-# dsa 2048 bits 0.001453s 0.001703s    688.1    587.4
-#
-# ... and *without* (but still with ia64.S):
-#
-# rsa  512 bits 0.000670s 0.000041s   1491.8  24145.5
-# rsa 1024 bits 0.001988s 0.000080s    502.9  12499.3
-# rsa 2048 bits 0.008702s 0.000189s    114.9   5293.9
-# rsa 4096 bits 0.043860s 0.000533s     22.8   1875.9
-# dsa  512 bits 0.000441s 0.000427s   2265.3   2340.6
-# dsa 1024 bits 0.000823s 0.000867s   1215.6   1153.2
-# dsa 2048 bits 0.001894s 0.002179s    528.1    458.9
-#
-# As it can be seen, RSA sign performance improves by 130-30%,
-# hereafter less for longer keys, while verify - by 74-13%.
-# DSA performance improves by 115-30%.
-
-if ($^O eq "hpux") {
-    $ADDP="addp4";
-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
-} else { $ADDP="add"; }
-
-$code=<<___;
-.explicit
-.text
-
-// int bn_mul_mont (BN_ULONG *rp,const BN_ULONG *ap,
-//		    const BN_ULONG *bp,const BN_ULONG *np,
-//		    const BN_ULONG *n0p,int num);			
-.align	64
-.global	bn_mul_mont#
-.proc	bn_mul_mont#
-bn_mul_mont:
-	.prologue
-	.body
-{ .mmi;	cmp4.le		p6,p7=2,r37;;
-(p6)	cmp4.lt.unc	p8,p9=8,r37
-	mov		ret0=r0		};;
-{ .bbb;
-(p9)	br.cond.dptk.many	bn_mul_mont_8
-(p8)	br.cond.dpnt.many	bn_mul_mont_general
-(p7)	br.ret.spnt.many	b0	};;
-.endp	bn_mul_mont#
-
-prevfs=r2;	prevpr=r3;	prevlc=r10;	prevsp=r11;
-
-rptr=r8;	aptr=r9;	bptr=r14;	nptr=r15;
-tptr=r16;	// &tp[0]
-tp_1=r17;	// &tp[-1]
-num=r18;	len=r19;	lc=r20;
-topbit=r21;	// carry bit from tmp[num]
-
-n0=f6;
-m0=f7;
-bi=f8;
-
-.align	64
-.local	bn_mul_mont_general#
-.proc	bn_mul_mont_general#
-bn_mul_mont_general:
-	.prologue
-{ .mmi;	.save	ar.pfs,prevfs
-	alloc	prevfs=ar.pfs,6,2,0,8
-	$ADDP	aptr=0,in1
-	.save	ar.lc,prevlc
-	mov	prevlc=ar.lc		}
-{ .mmi;	.vframe	prevsp
-	mov	prevsp=sp
-	$ADDP	bptr=0,in2
-	.save	pr,prevpr
-	mov	prevpr=pr		};;
-
-	.body
-	.rotf		alo[6],nlo[4],ahi[8],nhi[6]
-	.rotr		a[3],n[3],t[2]
-
-{ .mmi;	ldf8		bi=[bptr],8		// (*bp++)
-	ldf8		alo[4]=[aptr],16	// ap[0]
-	$ADDP		r30=8,in1	};;
-{ .mmi;	ldf8		alo[3]=[r30],16		// ap[1]
-	ldf8		alo[2]=[aptr],16	// ap[2]
-	$ADDP		in4=0,in4	};;
-{ .mmi;	ldf8		alo[1]=[r30]		// ap[3]
-	ldf8		n0=[in4]		// n0
-	$ADDP		rptr=0,in0		}
-{ .mmi;	$ADDP		nptr=0,in3
-	mov		r31=16
-	zxt4		num=in5		};;
-{ .mmi;	ldf8		nlo[2]=[nptr],8		// np[0]
-	shladd		len=num,3,r0
-	shladd		r31=num,3,r31	};;
-{ .mmi;	ldf8		nlo[1]=[nptr],8		// np[1]
-	add		lc=-5,num
-	sub		r31=sp,r31	};;
-{ .mfb;	and		sp=-16,r31		// alloca
-	xmpy.hu		ahi[2]=alo[4],bi	// ap[0]*bp[0]
-	nop.b		0		}
-{ .mfb;	nop.m		0
-	xmpy.lu		alo[4]=alo[4],bi
-	brp.loop.imp	.L1st_ctop,.L1st_cend-16
-					};;
-{ .mfi;	nop.m		0
-	xma.hu		ahi[1]=alo[3],bi,ahi[2]	// ap[1]*bp[0]
-	add		tp_1=8,sp	}
-{ .mfi;	nop.m		0
-	xma.lu		alo[3]=alo[3],bi,ahi[2]
-	mov		pr.rot=0x20001f<<16
-			// ------^----- (p40) at first (p23)
-			// ----------^^ p[16:20]=1
-					};;
-{ .mfi;	nop.m		0
-	xmpy.lu		m0=alo[4],n0		// (ap[0]*bp[0])*n0
-	mov		ar.lc=lc	}
-{ .mfi;	nop.m		0
-	fcvt.fxu.s1	nhi[1]=f0
-	mov		ar.ec=8		};;
-
-.align	32
-.L1st_ctop:
-.pred.rel	"mutex",p40,p42
-{ .mfi;	(p16)	ldf8		alo[0]=[aptr],8		    // *(aptr++)
-	(p18)	xma.hu		ahi[0]=alo[2],bi,ahi[1]
-	(p40)	add		n[2]=n[2],a[2]		}   // (p23)					}
-{ .mfi;	(p18)	ldf8		nlo[0]=[nptr],8		    // *(nptr++)(p16)
-	(p18)	xma.lu		alo[2]=alo[2],bi,ahi[1]
-	(p42)	add		n[2]=n[2],a[2],1	};; // (p23)
-{ .mfi;	(p21)	getf.sig	a[0]=alo[5]
-	(p20)	xma.hu		nhi[0]=nlo[2],m0,nhi[1]
-	(p42)	cmp.leu		p41,p39=n[2],a[2]   	}   // (p23)
-{ .mfi;	(p23)	st8		[tp_1]=n[2],8
-	(p20)	xma.lu		nlo[2]=nlo[2],m0,nhi[1]
-	(p40)	cmp.ltu		p41,p39=n[2],a[2]	}   // (p23)
-{ .mmb;	(p21)	getf.sig	n[0]=nlo[3]
-	(p16)	nop.m		0
-	br.ctop.sptk	.L1st_ctop			};;
-.L1st_cend:
-
-{ .mmi;	getf.sig	a[0]=ahi[6]		// (p24)
-	getf.sig	n[0]=nhi[4]
-	add		num=-1,num	};;	// num--
-{ .mmi;	.pred.rel	"mutex",p40,p42
-(p40)	add		n[0]=n[0],a[0]
-(p42)	add		n[0]=n[0],a[0],1
-	sub		aptr=aptr,len	};;	// rewind
-{ .mmi;	.pred.rel	"mutex",p40,p42
-(p40)	cmp.ltu		p41,p39=n[0],a[0]
-(p42)	cmp.leu		p41,p39=n[0],a[0]
-	sub		nptr=nptr,len	};;
-{ .mmi;	.pred.rel	"mutex",p39,p41
-(p39)	add		topbit=r0,r0
-(p41)	add		topbit=r0,r0,1
-	nop.i		0		}	
-{ .mmi;	st8		[tp_1]=n[0]
-	add		tptr=16,sp
-	add		tp_1=8,sp	};;
-
-.Louter:
-{ .mmi;	ldf8		bi=[bptr],8		// (*bp++)
-	ldf8		ahi[3]=[tptr]		// tp[0]
-	add		r30=8,aptr	};;
-{ .mmi;	ldf8		alo[4]=[aptr],16	// ap[0]
-	ldf8		alo[3]=[r30],16		// ap[1]
-	add		r31=8,nptr	};;
-{ .mfb;	ldf8		alo[2]=[aptr],16	// ap[2]
-	xma.hu		ahi[2]=alo[4],bi,ahi[3]	// ap[0]*bp[i]+tp[0]
-	brp.loop.imp	.Linner_ctop,.Linner_cend-16
-					}
-{ .mfb;	ldf8		alo[1]=[r30]		// ap[3]
-	xma.lu		alo[4]=alo[4],bi,ahi[3]
-	clrrrb.pr			};;
-{ .mfi;	ldf8		nlo[2]=[nptr],16	// np[0]
-	xma.hu		ahi[1]=alo[3],bi,ahi[2]	// ap[1]*bp[i]
-	nop.i		0		}
-{ .mfi;	ldf8		nlo[1]=[r31]		// np[1]
-	xma.lu		alo[3]=alo[3],bi,ahi[2]
-	mov		pr.rot=0x20101f<<16
-			// ------^----- (p40) at first (p23)
-			// --------^--- (p30) at first (p22)
-			// ----------^^ p[16:20]=1
-					};;
-{ .mfi;	st8		[tptr]=r0		// tp[0] is already accounted
-	xmpy.lu		m0=alo[4],n0		// (ap[0]*bp[i]+tp[0])*n0
-	mov		ar.lc=lc	}
-{ .mfi;
-	fcvt.fxu.s1	nhi[1]=f0
-	mov		ar.ec=8		};;
-
-// This loop spins in 4*(n+7) ticks on Itanium 2 and should spin in
-// 7*(n+7) ticks on Itanium (the one codenamed Merced). Factor of 7
-// in latter case accounts for two-tick pipeline stall, which means
-// that its performance would be ~20% lower than optimal one. No
-// attempt was made to address this, because original Itanium is
-// hardly represented out in the wild...
-.align	32
-.Linner_ctop:
-.pred.rel	"mutex",p40,p42
-.pred.rel	"mutex",p30,p32
-{ .mfi;	(p16)	ldf8		alo[0]=[aptr],8		    // *(aptr++)
-	(p18)	xma.hu		ahi[0]=alo[2],bi,ahi[1]
-	(p40)	add		n[2]=n[2],a[2]		}   // (p23)
-{ .mfi;	(p16)	nop.m		0
-	(p18)	xma.lu		alo[2]=alo[2],bi,ahi[1]
-	(p42)	add		n[2]=n[2],a[2],1	};; // (p23)
-{ .mfi;	(p21)	getf.sig	a[0]=alo[5]
-	(p16)	nop.f		0
-	(p40)	cmp.ltu		p41,p39=n[2],a[2]	}   // (p23)
-{ .mfi;	(p21)	ld8		t[0]=[tptr],8
-	(p16)	nop.f		0
-	(p42)	cmp.leu		p41,p39=n[2],a[2]	};; // (p23)
-{ .mfi;	(p18)	ldf8		nlo[0]=[nptr],8		    // *(nptr++)
-	(p20)	xma.hu		nhi[0]=nlo[2],m0,nhi[1]
-	(p30)	add		a[1]=a[1],t[1]		}   // (p22)
-{ .mfi;	(p16)	nop.m		0
-	(p20)	xma.lu		nlo[2]=nlo[2],m0,nhi[1]
-	(p32)	add		a[1]=a[1],t[1],1	};; // (p22)
-{ .mmi;	(p21)	getf.sig	n[0]=nlo[3]
-	(p16)	nop.m		0
-	(p30)	cmp.ltu		p31,p29=a[1],t[1]	}   // (p22)
-{ .mmb;	(p23)	st8		[tp_1]=n[2],8
-	(p32)	cmp.leu		p31,p29=a[1],t[1]	    // (p22)
-	br.ctop.sptk	.Linner_ctop			};;
-.Linner_cend:
-
-{ .mmi;	getf.sig	a[0]=ahi[6]		// (p24)
-	getf.sig	n[0]=nhi[4]
-	nop.i		0		};;
-
-{ .mmi;	.pred.rel	"mutex",p31,p33
-(p31)	add		a[0]=a[0],topbit
-(p33)	add		a[0]=a[0],topbit,1
-	mov		topbit=r0	};;
-{ .mfi; .pred.rel	"mutex",p31,p33
-(p31)	cmp.ltu		p32,p30=a[0],topbit
-(p33)	cmp.leu		p32,p30=a[0],topbit
-					}
-{ .mfi;	.pred.rel	"mutex",p40,p42
-(p40)	add		n[0]=n[0],a[0]
-(p42)	add		n[0]=n[0],a[0],1
-					};;
-{ .mmi;	.pred.rel	"mutex",p44,p46
-(p40)	cmp.ltu		p41,p39=n[0],a[0]
-(p42)	cmp.leu		p41,p39=n[0],a[0]
-(p32)	add		topbit=r0,r0,1	}
-
-{ .mmi;	st8		[tp_1]=n[0],8
-	cmp4.ne		p6,p0=1,num
-	sub		aptr=aptr,len	};;	// rewind
-{ .mmi;	sub		nptr=nptr,len
-(p41)	add		topbit=r0,r0,1
-	add		tptr=16,sp	}
-{ .mmb;	add		tp_1=8,sp
-	add		num=-1,num		// num--
-(p6)	br.cond.sptk.many	.Louter	};;
-
-{ .mbb;	add		lc=4,lc
-	brp.loop.imp	.Lsub_ctop,.Lsub_cend-16
-	clrrrb.pr			};;
-{ .mii;	nop.m		0
-	mov		pr.rot=0x10001<<16
-			// ------^---- (p33) at first (p17)
-	mov		ar.lc=lc	}
-{ .mii;	nop.m		0
-	mov		ar.ec=3
-	nop.i		0		};;
-
-.Lsub_ctop:
-.pred.rel	"mutex",p33,p35
-{ .mfi;	(p16)	ld8		t[0]=[tptr],8		    // t=*(tp++)
-	(p16)	nop.f		0
-	(p33)	sub		n[1]=t[1],n[1]		}   // (p17)
-{ .mfi;	(p16)	ld8		n[0]=[nptr],8		    // n=*(np++)
-	(p16)	nop.f		0
-	(p35)	sub		n[1]=t[1],n[1],1	};; // (p17)
-{ .mib;	(p18)	st8		[rptr]=n[2],8		    // *(rp++)=r
-	(p33)	cmp.gtu		p34,p32=n[1],t[1]	    // (p17)
-	(p18)	nop.b		0			}
-{ .mib;	(p18)	nop.m		0
-	(p35)	cmp.geu		p34,p32=n[1],t[1]	    // (p17)
-	br.ctop.sptk	.Lsub_ctop			};;
-.Lsub_cend:
-
-{ .mmb;	.pred.rel	"mutex",p34,p36
-(p34)	sub	topbit=topbit,r0	// (p19)
-(p36)	sub	topbit=topbit,r0,1
-	brp.loop.imp	.Lcopy_ctop,.Lcopy_cend-16
-					}
-{ .mmb;	sub	rptr=rptr,len		// rewind
-	sub	tptr=tptr,len
-	clrrrb.pr			};;
-{ .mmi;	and	aptr=tptr,topbit
-	andcm	bptr=rptr,topbit
-	mov	pr.rot=1<<16		};;
-{ .mii;	or	nptr=aptr,bptr
-	mov	ar.lc=lc
-	mov	ar.ec=3			};;
-
-.Lcopy_ctop:
-{ .mmb;	(p16)	ld8	n[0]=[nptr],8
-	(p18)	st8	[tptr]=r0,8
-	(p16)	nop.b	0		}
-{ .mmb;	(p16)	nop.m	0
-	(p18)	st8	[rptr]=n[2],8
-	br.ctop.sptk	.Lcopy_ctop	};;
-.Lcopy_cend:
-
-{ .mmi;	mov		ret0=1			// signal "handled"
-	rum		1<<5			// clear um.mfh
-	mov		ar.lc=prevlc	}
-{ .mib;	.restore	sp
-	mov		sp=prevsp
-	mov		pr=prevpr,0x1ffff
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_mont_general#
-
-a1=r16;  a2=r17;  a3=r18;  a4=r19;  a5=r20;  a6=r21;  a7=r22;  a8=r23;
-n1=r24;  n2=r25;  n3=r26;  n4=r27;  n5=r28;  n6=r29;  n7=r30;  n8=r31;
-t0=r15;
-
-ai0=f8;  ai1=f9;  ai2=f10; ai3=f11; ai4=f12; ai5=f13; ai6=f14; ai7=f15;
-ni0=f16; ni1=f17; ni2=f18; ni3=f19; ni4=f20; ni5=f21; ni6=f22; ni7=f23;
-
-.align	64
-.skip	48		// aligns loop body
-.local	bn_mul_mont_8#
-.proc	bn_mul_mont_8#
-bn_mul_mont_8:
-	.prologue
-{ .mmi;	.save		ar.pfs,prevfs
-	alloc		prevfs=ar.pfs,6,2,0,8
-	.vframe		prevsp
-	mov		prevsp=sp
-	.save		ar.lc,prevlc
-	mov		prevlc=ar.lc	}
-{ .mmi;	add		r17=-6*16,sp
-	add		sp=-7*16,sp
-	.save		pr,prevpr
-	mov		prevpr=pr	};;
-
-{ .mmi;	.save.gf	0,0x10
-	stf.spill	[sp]=f16,-16
-	.save.gf	0,0x20
-	stf.spill	[r17]=f17,32
-	add		r16=-5*16,prevsp};;
-{ .mmi;	.save.gf	0,0x40
-	stf.spill	[r16]=f18,32
-	.save.gf	0,0x80
-	stf.spill	[r17]=f19,32
-	$ADDP		aptr=0,in1	};;
-{ .mmi;	.save.gf	0,0x100
-	stf.spill	[r16]=f20,32
-	.save.gf	0,0x200
-	stf.spill	[r17]=f21,32
-	$ADDP		r29=8,in1	};;
-{ .mmi;	.save.gf	0,0x400
-	stf.spill	[r16]=f22
-	.save.gf	0,0x800
-	stf.spill	[r17]=f23
-	$ADDP		rptr=0,in0	};;
-
-	.body
-	.rotf		bj[8],mj[2],tf[2],alo[10],ahi[10],nlo[10],nhi[10]
-	.rotr		t[8]
-
-// load input vectors padding them to 8 elements
-{ .mmi;	ldf8		ai0=[aptr],16		// ap[0]
-	ldf8		ai1=[r29],16		// ap[1]
-	$ADDP		bptr=0,in2	}
-{ .mmi;	$ADDP		r30=8,in2
-	$ADDP		nptr=0,in3
-	$ADDP		r31=8,in3	};;
-{ .mmi;	ldf8		bj[7]=[bptr],16		// bp[0]
-	ldf8		bj[6]=[r30],16		// bp[1]
-	cmp4.le		p4,p5=3,in5	}
-{ .mmi;	ldf8		ni0=[nptr],16		// np[0]
-	ldf8		ni1=[r31],16		// np[1]
-	cmp4.le		p6,p7=4,in5	};;
-
-{ .mfi;	(p4)ldf8	ai2=[aptr],16		// ap[2]
-	(p5)fcvt.fxu	ai2=f0
-	cmp4.le		p8,p9=5,in5	}
-{ .mfi;	(p6)ldf8	ai3=[r29],16		// ap[3]
-	(p7)fcvt.fxu	ai3=f0
-	cmp4.le		p10,p11=6,in5	}
-{ .mfi;	(p4)ldf8	bj[5]=[bptr],16		// bp[2]
-	(p5)fcvt.fxu	bj[5]=f0
-	cmp4.le		p12,p13=7,in5	}
-{ .mfi;	(p6)ldf8	bj[4]=[r30],16		// bp[3]
-	(p7)fcvt.fxu	bj[4]=f0
-	cmp4.le		p14,p15=8,in5	}
-{ .mfi;	(p4)ldf8	ni2=[nptr],16		// np[2]
-	(p5)fcvt.fxu	ni2=f0
-	addp4		r28=-1,in5	}
-{ .mfi;	(p6)ldf8	ni3=[r31],16		// np[3]
-	(p7)fcvt.fxu	ni3=f0
-	$ADDP		in4=0,in4	};;
-
-{ .mfi;	ldf8		n0=[in4]
-	fcvt.fxu	tf[1]=f0
-	nop.i		0		}
-
-{ .mfi;	(p8)ldf8	ai4=[aptr],16		// ap[4]
-	(p9)fcvt.fxu	ai4=f0
-	mov		t[0]=r0		}
-{ .mfi;	(p10)ldf8	ai5=[r29],16		// ap[5]
-	(p11)fcvt.fxu	ai5=f0
-	mov		t[1]=r0		}
-{ .mfi;	(p8)ldf8	bj[3]=[bptr],16		// bp[4]
-	(p9)fcvt.fxu	bj[3]=f0
-	mov		t[2]=r0		}
-{ .mfi;	(p10)ldf8	bj[2]=[r30],16		// bp[5]
-	(p11)fcvt.fxu	bj[2]=f0
-	mov		t[3]=r0		}
-{ .mfi;	(p8)ldf8	ni4=[nptr],16		// np[4]
-	(p9)fcvt.fxu	ni4=f0
-	mov		t[4]=r0		}
-{ .mfi;	(p10)ldf8	ni5=[r31],16		// np[5]
-	(p11)fcvt.fxu	ni5=f0
-	mov		t[5]=r0		};;
-
-{ .mfi;	(p12)ldf8	ai6=[aptr],16		// ap[6]
-	(p13)fcvt.fxu	ai6=f0
-	mov		t[6]=r0		}
-{ .mfi;	(p14)ldf8	ai7=[r29],16		// ap[7]
-	(p15)fcvt.fxu	ai7=f0
-	mov		t[7]=r0		}
-{ .mfi;	(p12)ldf8	bj[1]=[bptr],16		// bp[6]
-	(p13)fcvt.fxu	bj[1]=f0
-	mov		ar.lc=r28	}
-{ .mfi;	(p14)ldf8	bj[0]=[r30],16		// bp[7]
-	(p15)fcvt.fxu	bj[0]=f0
-	mov		ar.ec=1		}
-{ .mfi;	(p12)ldf8	ni6=[nptr],16		// np[6]
-	(p13)fcvt.fxu	ni6=f0
-	mov		pr.rot=1<<16	}
-{ .mfb;	(p14)ldf8	ni7=[r31],16		// np[7]
-	(p15)fcvt.fxu	ni7=f0
-	brp.loop.imp	.Louter_8_ctop,.Louter_8_cend-16
-					};;
-
-// The loop is scheduled for 32*n ticks on Itanium 2. Actual attempt
-// to measure with help of Interval Time Counter indicated that the
-// factor is a tad higher: 33 or 34, if not 35. Exact measurement and
-// addressing the issue is problematic, because I don't have access
-// to platform-specific instruction-level profiler. On Itanium it
-// should run in 56*n ticks, because of higher xma latency...
-.Louter_8_ctop:
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mfi;	(p16)	nop.m		0			// 0:
-	(p16)	xma.hu		ahi[0]=ai0,bj[7],tf[1]	//	ap[0]*b[i]+t[0]
-	(p40)	add		a3=a3,n3	}	//	(p17) a3+=n3
-{ .mfi;	(p42)	add		a3=a3,n3,1
-	(p16)	xma.lu		alo[0]=ai0,bj[7],tf[1]
-	(p16)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	a7=alo[8]		// 1:
-	(p48)	add		t[6]=t[6],a3		//	(p17) t[6]+=a3
-	(p50)	add		t[6]=t[6],a3,1	};;
-{ .mfi;	(p17)	getf.sig	a8=ahi[8]		// 2:
-	(p17)	xma.hu		nhi[7]=ni6,mj[1],nhi[6]	//	np[6]*m0
-	(p40)	cmp.ltu		p43,p41=a3,n3	}
-{ .mfi;	(p42)	cmp.leu		p43,p41=a3,n3
-	(p17)	xma.lu		nlo[7]=ni6,mj[1],nhi[6]
-	(p16)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	n5=nlo[6]		// 3:
-	(p48)	cmp.ltu		p51,p49=t[6],a3
-	(p50)	cmp.leu		p51,p49=t[6],a3	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mfi;	(p16)	nop.m		0			// 4:
-	(p16)	xma.hu		ahi[1]=ai1,bj[7],ahi[0]	//	ap[1]*b[i]
-	(p41)	add		a4=a4,n4	}	//	(p17) a4+=n4
-{ .mfi;	(p43)	add		a4=a4,n4,1
-	(p16)	xma.lu		alo[1]=ai1,bj[7],ahi[0]
-	(p16)	nop.i		0		};;
-{ .mfi;	(p49)	add		t[5]=t[5],a4		// 5:	(p17) t[5]+=a4
-	(p16)	xmpy.lu		mj[0]=alo[0],n0		//	(ap[0]*b[i]+t[0])*n0
-	(p51)	add		t[5]=t[5],a4,1	};;
-{ .mfi;	(p16)	nop.m		0			// 6:
-	(p17)	xma.hu		nhi[8]=ni7,mj[1],nhi[7]	//	np[7]*m0
-	(p41)	cmp.ltu		p42,p40=a4,n4	}
-{ .mfi;	(p43)	cmp.leu		p42,p40=a4,n4
-	(p17)	xma.lu		nlo[8]=ni7,mj[1],nhi[7]
-	(p16)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	n6=nlo[7]		// 7:
-	(p49)	cmp.ltu		p50,p48=t[5],a4
-	(p51)	cmp.leu		p50,p48=t[5],a4	};;
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mfi;	(p16)	nop.m		0			// 8:
-	(p16)	xma.hu		ahi[2]=ai2,bj[7],ahi[1]	//	ap[2]*b[i]
-	(p40)	add		a5=a5,n5	}	//	(p17) a5+=n5
-{ .mfi;	(p42)	add		a5=a5,n5,1
-	(p16)	xma.lu		alo[2]=ai2,bj[7],ahi[1]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	a1=alo[1]		// 9:
-	(p48)	add		t[4]=t[4],a5		//	p(17) t[4]+=a5
-	(p50)	add		t[4]=t[4],a5,1	};;
-{ .mfi;	(p16)	nop.m		0			// 10:
-	(p16)	xma.hu		nhi[0]=ni0,mj[0],alo[0]	//	np[0]*m0
-	(p40)	cmp.ltu		p43,p41=a5,n5	}
-{ .mfi;	(p42)	cmp.leu		p43,p41=a5,n5
-	(p16)	xma.lu		nlo[0]=ni0,mj[0],alo[0]
-	(p16)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	n7=nlo[8]		// 11:
-	(p48)	cmp.ltu		p51,p49=t[4],a5
-	(p50)	cmp.leu		p51,p49=t[4],a5	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mfi;	(p17)	getf.sig	n8=nhi[8]		// 12:
-	(p16)	xma.hu		ahi[3]=ai3,bj[7],ahi[2]	//	ap[3]*b[i]
-	(p41)	add		a6=a6,n6	}	//	(p17) a6+=n6
-{ .mfi;	(p43)	add		a6=a6,n6,1
-	(p16)	xma.lu		alo[3]=ai3,bj[7],ahi[2]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	a2=alo[2]		// 13:
-	(p49)	add		t[3]=t[3],a6		//	(p17) t[3]+=a6
-	(p51)	add		t[3]=t[3],a6,1	};;
-{ .mfi;	(p16)	nop.m		0			// 14:
-	(p16)	xma.hu		nhi[1]=ni1,mj[0],nhi[0]	//	np[1]*m0
-	(p41)	cmp.ltu		p42,p40=a6,n6	}
-{ .mfi;	(p43)	cmp.leu		p42,p40=a6,n6
-	(p16)	xma.lu		nlo[1]=ni1,mj[0],nhi[0]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	nop.m		0			// 15:
-	(p49)	cmp.ltu		p50,p48=t[3],a6
-	(p51)	cmp.leu		p50,p48=t[3],a6	};;
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mfi;	(p16)	nop.m		0			// 16:
-	(p16)	xma.hu		ahi[4]=ai4,bj[7],ahi[3]	//	ap[4]*b[i]
-	(p40)	add		a7=a7,n7	}	//	(p17) a7+=n7
-{ .mfi;	(p42)	add		a7=a7,n7,1
-	(p16)	xma.lu		alo[4]=ai4,bj[7],ahi[3]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	a3=alo[3]		// 17:
-	(p48)	add		t[2]=t[2],a7		//	(p17) t[2]+=a7
-	(p50)	add		t[2]=t[2],a7,1	};;
-{ .mfi;	(p16)	nop.m		0			// 18:
-	(p16)	xma.hu		nhi[2]=ni2,mj[0],nhi[1]	//	np[2]*m0
-	(p40)	cmp.ltu		p43,p41=a7,n7	}
-{ .mfi;	(p42)	cmp.leu		p43,p41=a7,n7
-	(p16)	xma.lu		nlo[2]=ni2,mj[0],nhi[1]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	n1=nlo[1]		// 19:
-	(p48)	cmp.ltu		p51,p49=t[2],a7
-	(p50)	cmp.leu		p51,p49=t[2],a7	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mfi;	(p16)	nop.m		0			// 20:
-	(p16)	xma.hu		ahi[5]=ai5,bj[7],ahi[4]	//	ap[5]*b[i]
-	(p41)	add		a8=a8,n8	}	//	(p17) a8+=n8
-{ .mfi;	(p43)	add		a8=a8,n8,1
-	(p16)	xma.lu		alo[5]=ai5,bj[7],ahi[4]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	a4=alo[4]		// 21:
-	(p49)	add		t[1]=t[1],a8		//	(p17) t[1]+=a8
-	(p51)	add		t[1]=t[1],a8,1	};;
-{ .mfi;	(p16)	nop.m		0			// 22:
-	(p16)	xma.hu		nhi[3]=ni3,mj[0],nhi[2]	//	np[3]*m0
-	(p41)	cmp.ltu		p42,p40=a8,n8	}
-{ .mfi;	(p43)	cmp.leu		p42,p40=a8,n8
-	(p16)	xma.lu		nlo[3]=ni3,mj[0],nhi[2]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	n2=nlo[2]		// 23:
-	(p49)	cmp.ltu		p50,p48=t[1],a8
-	(p51)	cmp.leu		p50,p48=t[1],a8	};;
-{ .mfi;	(p16)	nop.m		0			// 24:
-	(p16)	xma.hu		ahi[6]=ai6,bj[7],ahi[5]	//	ap[6]*b[i]
-	(p16)	add		a1=a1,n1	}	//	(p16) a1+=n1
-{ .mfi;	(p16)	nop.m		0
-	(p16)	xma.lu		alo[6]=ai6,bj[7],ahi[5]
-	(p17)	mov		t[0]=r0		};;
-{ .mii;	(p16)	getf.sig	a5=alo[5]		// 25:
-	(p16)	add		t0=t[7],a1		//	(p16) t[7]+=a1
-	(p42)	add		t[0]=t[0],r0,1	};;
-{ .mfi;	(p16)	setf.sig	tf[0]=t0		// 26:
-	(p16)	xma.hu		nhi[4]=ni4,mj[0],nhi[3]	//	np[4]*m0
-	(p50)	add		t[0]=t[0],r0,1	}
-{ .mfi;	(p16)	cmp.ltu.unc	p42,p40=a1,n1
-	(p16)	xma.lu		nlo[4]=ni4,mj[0],nhi[3]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	n3=nlo[3]		// 27:
-	(p16)	cmp.ltu.unc	p50,p48=t0,a1
-	(p16)	nop.i		0		};;
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mfi;	(p16)	nop.m		0			// 28:
-	(p16)	xma.hu		ahi[7]=ai7,bj[7],ahi[6]	//	ap[7]*b[i]
-	(p40)	add		a2=a2,n2	}	//	(p16) a2+=n2
-{ .mfi;	(p42)	add		a2=a2,n2,1
-	(p16)	xma.lu		alo[7]=ai7,bj[7],ahi[6]
-	(p16)	nop.i		0		};;
-{ .mii;	(p16)	getf.sig	a6=alo[6]		// 29:
-	(p48)	add		t[6]=t[6],a2		//	(p16) t[6]+=a2
-	(p50)	add		t[6]=t[6],a2,1	};;
-{ .mfi;	(p16)	nop.m		0			// 30:
-	(p16)	xma.hu		nhi[5]=ni5,mj[0],nhi[4]	//	np[5]*m0
-	(p40)	cmp.ltu		p41,p39=a2,n2	}
-{ .mfi;	(p42)	cmp.leu		p41,p39=a2,n2
-	(p16)	xma.lu		nlo[5]=ni5,mj[0],nhi[4]
-	(p16)	nop.i		0		};;
-{ .mfi;	(p16)	getf.sig	n4=nlo[4]		// 31:
-	(p16)	nop.f		0
-	(p48)	cmp.ltu		p49,p47=t[6],a2	}
-{ .mfb;	(p50)	cmp.leu		p49,p47=t[6],a2
-	(p16)	nop.f		0
-	br.ctop.sptk.many	.Louter_8_ctop	};;
-.Louter_8_cend:
-
-// above loop has to execute one more time, without (p16), which is
-// replaced with merged move of np[8] to GPR bank
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mmi;	(p0)	getf.sig	n1=ni0			// 0:
-	(p40)	add		a3=a3,n3		//	(p17) a3+=n3
-	(p42)	add		a3=a3,n3,1	};;
-{ .mii;	(p17)	getf.sig	a7=alo[8]		// 1:
-	(p48)	add		t[6]=t[6],a3		//	(p17) t[6]+=a3
-	(p50)	add		t[6]=t[6],a3,1	};;
-{ .mfi;	(p17)	getf.sig	a8=ahi[8]		// 2:
-	(p17)	xma.hu		nhi[7]=ni6,mj[1],nhi[6]	//	np[6]*m0
-	(p40)	cmp.ltu		p43,p41=a3,n3	}
-{ .mfi;	(p42)	cmp.leu		p43,p41=a3,n3
-	(p17)	xma.lu		nlo[7]=ni6,mj[1],nhi[6]
-	(p0)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	n5=nlo[6]		// 3:
-	(p48)	cmp.ltu		p51,p49=t[6],a3
-	(p50)	cmp.leu		p51,p49=t[6],a3	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mmi;	(p0)	getf.sig	n2=ni1			// 4:
-	(p41)	add		a4=a4,n4		//	(p17) a4+=n4
-	(p43)	add		a4=a4,n4,1	};;
-{ .mfi;	(p49)	add		t[5]=t[5],a4		// 5:	(p17) t[5]+=a4
-	(p0)	nop.f		0
-	(p51)	add		t[5]=t[5],a4,1	};;
-{ .mfi;	(p0)	getf.sig	n3=ni2			// 6:
-	(p17)	xma.hu		nhi[8]=ni7,mj[1],nhi[7]	//	np[7]*m0
-	(p41)	cmp.ltu		p42,p40=a4,n4	}
-{ .mfi;	(p43)	cmp.leu		p42,p40=a4,n4
-	(p17)	xma.lu		nlo[8]=ni7,mj[1],nhi[7]
-	(p0)	nop.i		0		};;
-{ .mii;	(p17)	getf.sig	n6=nlo[7]		// 7:
-	(p49)	cmp.ltu		p50,p48=t[5],a4
-	(p51)	cmp.leu		p50,p48=t[5],a4	};;
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mii;	(p0)	getf.sig	n4=ni3			// 8:
-	(p40)	add		a5=a5,n5		//	(p17) a5+=n5
-	(p42)	add		a5=a5,n5,1	};;
-{ .mii;	(p0)	nop.m		0			// 9:
-	(p48)	add		t[4]=t[4],a5		//	p(17) t[4]+=a5
-	(p50)	add		t[4]=t[4],a5,1	};;
-{ .mii;	(p0)	nop.m		0			// 10:
-	(p40)	cmp.ltu		p43,p41=a5,n5
-	(p42)	cmp.leu		p43,p41=a5,n5	};;
-{ .mii;	(p17)	getf.sig	n7=nlo[8]		// 11:
-	(p48)	cmp.ltu		p51,p49=t[4],a5
-	(p50)	cmp.leu		p51,p49=t[4],a5	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mii;	(p17)	getf.sig	n8=nhi[8]		// 12:
-	(p41)	add		a6=a6,n6		//	(p17) a6+=n6
-	(p43)	add		a6=a6,n6,1	};;
-{ .mii;	(p0)	getf.sig	n5=ni4			// 13:
-	(p49)	add		t[3]=t[3],a6		//	(p17) t[3]+=a6
-	(p51)	add		t[3]=t[3],a6,1	};;
-{ .mii;	(p0)	nop.m		0			// 14:
-	(p41)	cmp.ltu		p42,p40=a6,n6
-	(p43)	cmp.leu		p42,p40=a6,n6	};;
-{ .mii;	(p0)	getf.sig	n6=ni5			// 15:
-	(p49)	cmp.ltu		p50,p48=t[3],a6
-	(p51)	cmp.leu		p50,p48=t[3],a6	};;
-	.pred.rel		"mutex",p40,p42
-	.pred.rel		"mutex",p48,p50
-{ .mii;	(p0)	nop.m		0			// 16:
-	(p40)	add		a7=a7,n7		//	(p17) a7+=n7
-	(p42)	add		a7=a7,n7,1	};;
-{ .mii;	(p0)	nop.m		0			// 17:
-	(p48)	add		t[2]=t[2],a7		//	(p17) t[2]+=a7
-	(p50)	add		t[2]=t[2],a7,1	};;
-{ .mii;	(p0)	nop.m		0			// 18:
-	(p40)	cmp.ltu		p43,p41=a7,n7
-	(p42)	cmp.leu		p43,p41=a7,n7	};;
-{ .mii;	(p0)	getf.sig	n7=ni6			// 19:
-	(p48)	cmp.ltu		p51,p49=t[2],a7
-	(p50)	cmp.leu		p51,p49=t[2],a7	};;
-	.pred.rel		"mutex",p41,p43
-	.pred.rel		"mutex",p49,p51
-{ .mii;	(p0)	nop.m		0			// 20:
-	(p41)	add		a8=a8,n8		//	(p17) a8+=n8
-	(p43)	add		a8=a8,n8,1	};;
-{ .mmi;	(p0)	nop.m		0			// 21:
-	(p49)	add		t[1]=t[1],a8		//	(p17) t[1]+=a8
-	(p51)	add		t[1]=t[1],a8,1	}
-{ .mmi;	(p17)	mov		t[0]=r0
-	(p41)	cmp.ltu		p42,p40=a8,n8
-	(p43)	cmp.leu		p42,p40=a8,n8	};;
-{ .mmi;	(p0)	getf.sig	n8=ni7			// 22:
-	(p49)	cmp.ltu		p50,p48=t[1],a8
-	(p51)	cmp.leu		p50,p48=t[1],a8	}
-{ .mmi;	(p42)	add		t[0]=t[0],r0,1
-	(p0)	add		r16=-7*16,prevsp
-	(p0)	add		r17=-6*16,prevsp	};;
-
-// subtract np[8] from carrybit|tmp[8]
-// carrybit|tmp[8] layout upon exit from above loop is:
-//	t[0]|t[1]|t[2]|t[3]|t[4]|t[5]|t[6]|t[7]|t0 (least significant)
-{ .mmi;	(p50)add	t[0]=t[0],r0,1
-	add		r18=-5*16,prevsp
-	sub		n1=t0,n1	};;
-{ .mmi;	cmp.gtu		p34,p32=n1,t0;;
-	.pred.rel	"mutex",p32,p34
-	(p32)sub	n2=t[7],n2
-	(p34)sub	n2=t[7],n2,1	};;
-{ .mii;	(p32)cmp.gtu	p35,p33=n2,t[7]
-	(p34)cmp.geu	p35,p33=n2,t[7];;
-	.pred.rel	"mutex",p33,p35
-	(p33)sub	n3=t[6],n3	}
-{ .mmi;	(p35)sub	n3=t[6],n3,1;;
-	(p33)cmp.gtu	p34,p32=n3,t[6]
-	(p35)cmp.geu	p34,p32=n3,t[6]	};;
-	.pred.rel	"mutex",p32,p34
-{ .mii;	(p32)sub	n4=t[5],n4
-	(p34)sub	n4=t[5],n4,1;;
-	(p32)cmp.gtu	p35,p33=n4,t[5]	}
-{ .mmi;	(p34)cmp.geu	p35,p33=n4,t[5];;
-	.pred.rel	"mutex",p33,p35
-	(p33)sub	n5=t[4],n5
-	(p35)sub	n5=t[4],n5,1	};;
-{ .mii;	(p33)cmp.gtu	p34,p32=n5,t[4]
-	(p35)cmp.geu	p34,p32=n5,t[4];;
-	.pred.rel	"mutex",p32,p34
-	(p32)sub	n6=t[3],n6	}
-{ .mmi;	(p34)sub	n6=t[3],n6,1;;
-	(p32)cmp.gtu	p35,p33=n6,t[3]
-	(p34)cmp.geu	p35,p33=n6,t[3]	};;
-	.pred.rel	"mutex",p33,p35
-{ .mii;	(p33)sub	n7=t[2],n7
-	(p35)sub	n7=t[2],n7,1;;
-	(p33)cmp.gtu	p34,p32=n7,t[2]	}
-{ .mmi;	(p35)cmp.geu	p34,p32=n7,t[2];;
-	.pred.rel	"mutex",p32,p34
-	(p32)sub	n8=t[1],n8
-	(p34)sub	n8=t[1],n8,1	};;
-{ .mii;	(p32)cmp.gtu	p35,p33=n8,t[1]
-	(p34)cmp.geu	p35,p33=n8,t[1];;
-	.pred.rel	"mutex",p33,p35
-	(p33)sub	a8=t[0],r0	}
-{ .mmi;	(p35)sub	a8=t[0],r0,1;;
-	(p33)cmp.gtu	p34,p32=a8,t[0]
-	(p35)cmp.geu	p34,p32=a8,t[0]	};;
-
-// save the result, either tmp[num] or tmp[num]-np[num]
-	.pred.rel	"mutex",p32,p34
-{ .mmi;	(p32)st8	[rptr]=n1,8
-	(p34)st8	[rptr]=t0,8
-	add		r19=-4*16,prevsp};;
-{ .mmb;	(p32)st8	[rptr]=n2,8
-	(p34)st8	[rptr]=t[7],8
-	(p5)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n3,8
-	(p34)st8	[rptr]=t[6],8
-	(p7)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n4,8
-	(p34)st8	[rptr]=t[5],8
-	(p9)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n5,8
-	(p34)st8	[rptr]=t[4],8
-	(p11)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n6,8
-	(p34)st8	[rptr]=t[3],8
-	(p13)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n7,8
-	(p34)st8	[rptr]=t[2],8
-	(p15)br.cond.dpnt.few	.Ldone	};;
-{ .mmb;	(p32)st8	[rptr]=n8,8
-	(p34)st8	[rptr]=t[1],8
-	nop.b		0		};;
-.Ldone:						// epilogue
-{ .mmi;	ldf.fill	f16=[r16],64
-	ldf.fill	f17=[r17],64
-	nop.i		0		}
-{ .mmi;	ldf.fill	f18=[r18],64
-	ldf.fill	f19=[r19],64
-	mov		pr=prevpr,0x1ffff	};;
-{ .mmi;	ldf.fill	f20=[r16]
-	ldf.fill	f21=[r17]
-	mov		ar.lc=prevlc	}
-{ .mmi;	ldf.fill	f22=[r18]
-	ldf.fill	f23=[r19]
-	mov		ret0=1		}	// signal "handled"
-{ .mib;	rum		1<<5
-	.restore	sp
-	mov		sp=prevsp
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_mont_8#
-
-.type	copyright#,\@object
-copyright:
-stringz	"Montgomery multiplication for IA-64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$output=shift and open STDOUT,">$output";
-print $code;
-close STDOUT;
diff --git a/src/lib/libcrypto/bn/asm/ia64.S b/src/lib/libcrypto/bn/asm/ia64.S
deleted file mode 100644
index 0cf805ddc4..0000000000
--- a/src/lib/libcrypto/bn/asm/ia64.S
+++ /dev/null
@@ -1,1555 +0,0 @@
-.explicit
-.text
-.ident	"ia64.S, Version 2.1"
-.ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-//
-// ====================================================================
-// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-// project.
-//
-// Rights for redistribution and usage in source and binary forms are
-// granted according to the OpenSSL license. Warranty of any kind is
-// disclaimed.
-// ====================================================================
-//
-// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
-// different from Itanium to this module viewpoint. Most notably, is it
-// "wider" than Itanium? Can you experience loop scalability as
-// discussed in commentary sections? Not really:-( Itanium2 has 6
-// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
-// spin twice as fast, as I need 8 IALU ports. Amount of floating point
-// ports is the same, i.e. 2, while I need 4. In other words, to this
-// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
-// essentially different in respect to this module, and a re-tune was
-// required. Well, because some intruction latencies has changed. Most
-// noticeably those intensively used:
-//
-//			Itanium	Itanium2
-//	ldf8		9	6		L2 hit
-//	ld8		2	1		L1 hit
-//	getf		2	5
-//	xma[->getf]	7[+1]	4[+0]
-//	add[->st8]	1[+1]	1[+0]
-//
-// What does it mean? You might ratiocinate that the original code
-// should run just faster... Because sum of latencies is smaller...
-// Wrong! Note that getf latency increased. This means that if a loop is
-// scheduled for lower latency (as they were), then it will suffer from
-// stall condition and the code will therefore turn anti-scalable, e.g.
-// original bn_mul_words spun at 5*n or 2.5 times slower than expected
-// on Itanium2! What to do? Reschedule loops for Itanium2? But then
-// Itanium would exhibit anti-scalability. So I've chosen to reschedule
-// for worst latency for every instruction aiming for best *all-round*
-// performance.  
-
-// Q.	How much faster does it get?
-// A.	Here is the output from 'openssl speed rsa dsa' for vanilla
-//	0.9.6a compiled with gcc version 2.96 20000731 (Red Hat
-//	Linux 7.1 2.96-81):
-//
-//	                  sign    verify    sign/s verify/s
-//	rsa  512 bits   0.0036s   0.0003s    275.3   2999.2
-//	rsa 1024 bits   0.0203s   0.0011s     49.3    894.1
-//	rsa 2048 bits   0.1331s   0.0040s      7.5    250.9
-//	rsa 4096 bits   0.9270s   0.0147s      1.1     68.1
-//	                  sign    verify    sign/s verify/s
-//	dsa  512 bits   0.0035s   0.0043s    288.3    234.8
-//	dsa 1024 bits   0.0111s   0.0135s     90.0     74.2
-//
-//	And here is similar output but for this assembler
-//	implementation:-)
-//
-//	                  sign    verify    sign/s verify/s
-//	rsa  512 bits   0.0021s   0.0001s    549.4   9638.5
-//	rsa 1024 bits   0.0055s   0.0002s    183.8   4481.1
-//	rsa 2048 bits   0.0244s   0.0006s     41.4   1726.3
-//	rsa 4096 bits   0.1295s   0.0018s      7.7    561.5
-//	                  sign    verify    sign/s verify/s
-//	dsa  512 bits   0.0012s   0.0013s    891.9    756.6
-//	dsa 1024 bits   0.0023s   0.0028s    440.4    376.2
-//	
-//	Yes, you may argue that it's not fair comparison as it's
-//	possible to craft the C implementation with BN_UMULT_HIGH
-//	inline assembler macro. But of course! Here is the output
-//	with the macro:
-//
-//	                  sign    verify    sign/s verify/s
-//	rsa  512 bits   0.0020s   0.0002s    495.0   6561.0
-//	rsa 1024 bits   0.0086s   0.0004s    116.2   2235.7
-//	rsa 2048 bits   0.0519s   0.0015s     19.3    667.3
-//	rsa 4096 bits   0.3464s   0.0053s      2.9    187.7
-//	                  sign    verify    sign/s verify/s
-//	dsa  512 bits   0.0016s   0.0020s    613.1    510.5
-//	dsa 1024 bits   0.0045s   0.0054s    221.0    183.9
-//
-//	My code is still way faster, huh:-) And I believe that even
-//	higher performance can be achieved. Note that as keys get
-//	longer, performance gain is larger. Why? According to the
-//	profiler there is another player in the field, namely
-//	BN_from_montgomery consuming larger and larger portion of CPU
-//	time as keysize decreases. I therefore consider putting effort
-//	to assembler implementation of the following routine:
-//
-//	void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0)
-//	{
-//	int      i,j;
-//	BN_ULONG v;
-//
-//	for (i=0; i<nl; i++)
-//		{
-//		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-//		nrp++;
-//		rp++;
-//		if (((nrp[-1]+=v)&BN_MASK2) < v)
-//			for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ;
-//		}
-//	}
-//
-//	It might as well be beneficial to implement even combaX
-//	variants, as it appears as it can literally unleash the
-//	performance (see comment section to bn_mul_comba8 below).
-//
-//	And finally for your reference the output for 0.9.6a compiled
-//	with SGIcc version 0.01.0-12 (keep in mind that for the moment
-//	of this writing it's not possible to convince SGIcc to use
-//	BN_UMULT_HIGH inline assembler macro, yet the code is fast,
-//	i.e. for a compiler generated one:-):
-//
-//	                  sign    verify    sign/s verify/s
-//	rsa  512 bits   0.0022s   0.0002s    452.7   5894.3
-//	rsa 1024 bits   0.0097s   0.0005s    102.7   2002.9
-//	rsa 2048 bits   0.0578s   0.0017s     17.3    600.2
-//	rsa 4096 bits   0.3838s   0.0061s      2.6    164.5
-//	                  sign    verify    sign/s verify/s
-//	dsa  512 bits   0.0018s   0.0022s    547.3    459.6
-//	dsa 1024 bits   0.0051s   0.0062s    196.6    161.3
-//
-//	Oh! Benchmarks were performed on 733MHz Lion-class Itanium
-//	system running Redhat Linux 7.1 (very special thanks to Ray
-//	McCaffity of Williams Communications for providing an account).
-//
-// Q.	What's the heck with 'rum 1<<5' at the end of every function?
-// A.	Well, by clearing the "upper FP registers written" bit of the
-//	User Mask I want to excuse the kernel from preserving upper
-//	(f32-f128) FP register bank over process context switch, thus
-//	minimizing bus bandwidth consumption during the switch (i.e.
-//	after PKI opration completes and the program is off doing
-//	something else like bulk symmetric encryption). Having said
-//	this, I also want to point out that it might be good idea
-//	to compile the whole toolkit (as well as majority of the
-//	programs for that matter) with -mfixed-range=f32-f127 command
-//	line option. No, it doesn't prevent the compiler from writing
-//	to upper bank, but at least discourages to do so. If you don't
-//	like the idea you have the option to compile the module with
-//	-Drum=nop.m in command line.
-//
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-#define	ADDP	addp4
-#else
-#define	ADDP	add
-#endif
-
-#if 1
-//
-// bn_[add|sub]_words routines.
-//
-// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the
-// data reside in L1 cache, i.e. 2 ticks away). It's possible to
-// compress the epilogue and get down to 2*n+6, but at the cost of
-// scalability (the neat feature of this implementation is that it
-// shall automagically spin in n+5 on "wider" IA-64 implementations:-)
-// I consider that the epilogue is short enough as it is to trade tiny
-// performance loss on Itanium for scalability.
-//
-// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
-//
-.global	bn_add_words#
-.proc	bn_add_words#
-.align	64
-.skip	32	// makes the loop body aligned at 64-byte boundary
-bn_add_words:
-	.prologue
-	.save	ar.pfs,r2
-{ .mii;	alloc		r2=ar.pfs,4,12,0,16
-	cmp4.le		p6,p0=r35,r0	};;
-{ .mfb;	mov		r8=r0			// return value
-(p6)	br.ret.spnt.many	b0	};;
-
-{ .mib;	sub		r10=r35,r0,1
-	.save	ar.lc,r3
-	mov		r3=ar.lc
-	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
-					}
-{ .mib;	ADDP		r14=0,r32		// rp
-	.save	pr,r9
-	mov		r9=pr		};;
-	.body
-{ .mii;	ADDP		r15=0,r33		// ap
-	mov		ar.lc=r10
-	mov		ar.ec=6		}
-{ .mib;	ADDP		r16=0,r34		// bp
-	mov		pr.rot=1<<16	};;
-
-.L_bn_add_words_ctop:
-{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)
-	(p18)	add		r39=r37,r34
-	(p19)	cmp.ltu.unc	p56,p0=r40,r38	}
-{ .mfb;	(p0)	nop.m		0x0
-	(p0)	nop.f		0x0
-	(p0)	nop.b		0x0		}
-{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)
-	(p58)	cmp.eq.or	p57,p0=-1,r41	  // (p20)
-	(p58)	add		r41=1,r41	} // (p20)
-{ .mfb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r
-	(p0)	nop.f		0x0
-	br.ctop.sptk	.L_bn_add_words_ctop	};;
-.L_bn_add_words_cend:
-
-{ .mii;
-(p59)	add		r8=1,r8		// return value
-	mov		pr=r9,0x1ffff
-	mov		ar.lc=r3	}
-{ .mbb;	nop.b		0x0
-	br.ret.sptk.many	b0	};;
-.endp	bn_add_words#
-
-//
-// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
-//
-.global	bn_sub_words#
-.proc	bn_sub_words#
-.align	64
-.skip	32	// makes the loop body aligned at 64-byte boundary
-bn_sub_words:
-	.prologue
-	.save	ar.pfs,r2
-{ .mii;	alloc		r2=ar.pfs,4,12,0,16
-	cmp4.le		p6,p0=r35,r0	};;
-{ .mfb;	mov		r8=r0			// return value
-(p6)	br.ret.spnt.many	b0	};;
-
-{ .mib;	sub		r10=r35,r0,1
-	.save	ar.lc,r3
-	mov		r3=ar.lc
-	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
-					}
-{ .mib;	ADDP		r14=0,r32		// rp
-	.save	pr,r9
-	mov		r9=pr		};;
-	.body
-{ .mii;	ADDP		r15=0,r33		// ap
-	mov		ar.lc=r10
-	mov		ar.ec=6		}
-{ .mib;	ADDP		r16=0,r34		// bp
-	mov		pr.rot=1<<16	};;
-
-.L_bn_sub_words_ctop:
-{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)
-	(p18)	sub		r39=r37,r34
-	(p19)	cmp.gtu.unc	p56,p0=r40,r38	}
-{ .mfb;	(p0)	nop.m		0x0
-	(p0)	nop.f		0x0
-	(p0)	nop.b		0x0		}
-{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)
-	(p58)	cmp.eq.or	p57,p0=0,r41	  // (p20)
-	(p58)	add		r41=-1,r41	} // (p20)
-{ .mbb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r
-	(p0)	nop.b		0x0
-	br.ctop.sptk	.L_bn_sub_words_ctop	};;
-.L_bn_sub_words_cend:
-
-{ .mii;
-(p59)	add		r8=1,r8		// return value
-	mov		pr=r9,0x1ffff
-	mov		ar.lc=r3	}
-{ .mbb;	nop.b		0x0
-	br.ret.sptk.many	b0	};;
-.endp	bn_sub_words#
-#endif
-
-#if 0
-#define XMA_TEMPTATION
-#endif
-
-#if 1
-//
-// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-//
-.global	bn_mul_words#
-.proc	bn_mul_words#
-.align	64
-.skip	32	// makes the loop body aligned at 64-byte boundary
-bn_mul_words:
-	.prologue
-	.save	ar.pfs,r2
-#ifdef XMA_TEMPTATION
-{ .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;
-#else
-{ .mfi;	alloc		r2=ar.pfs,4,12,0,16	};;
-#endif
-{ .mib;	mov		r8=r0			// return value
-	cmp4.le		p6,p0=r34,r0
-(p6)	br.ret.spnt.many	b0		};;
-
-{ .mii;	sub	r10=r34,r0,1
-	.save	ar.lc,r3
-	mov	r3=ar.lc
-	.save	pr,r9
-	mov	r9=pr			};;
-
-	.body
-{ .mib;	setf.sig	f8=r35	// w
-	mov		pr.rot=0x800001<<16
-			// ------^----- serves as (p50) at first (p27)
-	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
-					}
-
-#ifndef XMA_TEMPTATION
-
-{ .mmi;	ADDP		r14=0,r32	// rp
-	ADDP		r15=0,r33	// ap
-	mov		ar.lc=r10	}
-{ .mmi;	mov		r40=0		// serves as r35 at first (p27)
-	mov		ar.ec=13	};;
-
-// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
-// L2 cache (i.e. 9 ticks away) as floating point load/store instructions
-// bypass L1 cache and L2 latency is actually best-case scenario for
-// ldf8. The loop is not scalable and shall run in 2*(n+12) even on
-// "wider" IA-64 implementations. It's a trade-off here. n+24 loop
-// would give us ~5% in *overall* performance improvement on "wider"
-// IA-64, but would hurt Itanium for about same because of longer
-// epilogue. As it's a matter of few percents in either case I've
-// chosen to trade the scalability for development time (you can see
-// this very instruction sequence in bn_mul_add_words loop which in
-// turn is scalable).
-.L_bn_mul_words_ctop:
-{ .mfi;	(p25)	getf.sig	r36=f52			// low
-	(p21)	xmpy.lu		f48=f37,f8
-	(p28)	cmp.ltu		p54,p50=r41,r39	}
-{ .mfi;	(p16)	ldf8		f32=[r15],8
-	(p21)	xmpy.hu		f40=f37,f8
-	(p0)	nop.i		0x0		};;
-{ .mii;	(p25)	getf.sig	r32=f44			// high
-	.pred.rel	"mutex",p50,p54
-	(p50)	add		r40=r38,r35		// (p27)
-	(p54)	add		r40=r38,r35,1	}	// (p27)
-{ .mfb;	(p28)	st8		[r14]=r41,8
-	(p0)	nop.f		0x0
-	br.ctop.sptk	.L_bn_mul_words_ctop	};;
-.L_bn_mul_words_cend:
-
-{ .mii;	nop.m		0x0
-.pred.rel	"mutex",p51,p55
-(p51)	add		r8=r36,r0
-(p55)	add		r8=r36,r0,1	}
-{ .mfb;	nop.m	0x0
-	nop.f	0x0
-	nop.b	0x0			}
-
-#else	// XMA_TEMPTATION
-
-	setf.sig	f37=r0	// serves as carry at (p18) tick
-	mov		ar.lc=r10
-	mov		ar.ec=5;;
-
-// Most of you examining this code very likely wonder why in the name
-// of Intel the following loop is commented out? Indeed, it looks so
-// neat that you find it hard to believe that it's something wrong
-// with it, right? The catch is that every iteration depends on the
-// result from previous one and the latter isn't available instantly.
-// The loop therefore spins at the latency of xma minus 1, or in other
-// words at 6*(n+4) ticks:-( Compare to the "production" loop above
-// that runs in 2*(n+11) where the low latency problem is worked around
-// by moving the dependency to one-tick latent interger ALU. Note that
-// "distance" between ldf8 and xma is not latency of ldf8, but the
-// *difference* between xma and ldf8 latencies.
-.L_bn_mul_words_ctop:
-{ .mfi;	(p16)	ldf8		f32=[r33],8
-	(p18)	xma.hu		f38=f34,f8,f39	}
-{ .mfb;	(p20)	stf8		[r32]=f37,8
-	(p18)	xma.lu		f35=f34,f8,f39
-	br.ctop.sptk	.L_bn_mul_words_ctop	};;
-.L_bn_mul_words_cend:
-
-	getf.sig	r8=f41		// the return value
-
-#endif	// XMA_TEMPTATION
-
-{ .mii;	nop.m		0x0
-	mov		pr=r9,0x1ffff
-	mov		ar.lc=r3	}
-{ .mfb;	rum		1<<5		// clear um.mfh
-	nop.f		0x0
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_words#
-#endif
-
-#if 1
-//
-// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
-//
-.global	bn_mul_add_words#
-.proc	bn_mul_add_words#
-.align	64
-.skip	48	// makes the loop body aligned at 64-byte boundary
-bn_mul_add_words:
-	.prologue
-	.save	ar.pfs,r2
-{ .mmi;	alloc		r2=ar.pfs,4,4,0,8
-	cmp4.le		p6,p0=r34,r0
-	.save	ar.lc,r3
-	mov		r3=ar.lc	};;
-{ .mib;	mov		r8=r0		// return value
-	sub		r10=r34,r0,1
-(p6)	br.ret.spnt.many	b0	};;
-
-{ .mib;	setf.sig	f8=r35		// w
-	.save	pr,r9
-	mov		r9=pr
-	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
-					}
-	.body
-{ .mmi;	ADDP		r14=0,r32	// rp
-	ADDP		r15=0,r33	// ap
-	mov		ar.lc=r10	}
-{ .mii;	ADDP		r16=0,r32	// rp copy
-	mov		pr.rot=0x2001<<16
-			// ------^----- serves as (p40) at first (p27)
-	mov		ar.ec=11	};;
-
-// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on
-// Itanium 2. Yes, unlike previous versions it scales:-) Previous
-// version was performing *all* additions in IALU and was starving
-// for those even on Itanium 2. In this version one addition is
-// moved to FPU and is folded with multiplication. This is at cost
-// of propogating the result from previous call to this subroutine
-// to L2 cache... In other words negligible even for shorter keys.
-// *Overall* performance improvement [over previous version] varies
-// from 11 to 22 percent depending on key length.
-.L_bn_mul_add_words_ctop:
-.pred.rel	"mutex",p40,p42
-{ .mfi;	(p23)	getf.sig	r36=f45			// low
-	(p20)	xma.lu		f42=f36,f8,f50		// low
-	(p40)	add		r39=r39,r35	}	// (p27)
-{ .mfi;	(p16)	ldf8		f32=[r15],8		// *(ap++)
-	(p20)	xma.hu		f36=f36,f8,f50		// high
-	(p42)	add		r39=r39,r35,1	};;	// (p27)
-{ .mmi;	(p24)	getf.sig	r32=f40			// high
-	(p16)	ldf8		f46=[r16],8		// *(rp1++)
-	(p40)	cmp.ltu		p41,p39=r39,r35	}	// (p27)
-{ .mib;	(p26)	st8		[r14]=r39,8		// *(rp2++)
-	(p42)	cmp.leu		p41,p39=r39,r35		// (p27)
-	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
-.L_bn_mul_add_words_cend:
-
-{ .mmi;	.pred.rel	"mutex",p40,p42
-(p40)	add		r8=r35,r0
-(p42)	add		r8=r35,r0,1
-	mov		pr=r9,0x1ffff	}
-{ .mib;	rum		1<<5		// clear um.mfh
-	mov		ar.lc=r3
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_add_words#
-#endif
-
-#if 1
-//
-// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
-//
-.global	bn_sqr_words#
-.proc	bn_sqr_words#
-.align	64
-.skip	32	// makes the loop body aligned at 64-byte boundary 
-bn_sqr_words:
-	.prologue
-	.save	ar.pfs,r2
-{ .mii;	alloc		r2=ar.pfs,3,0,0,0
-	sxt4		r34=r34		};;
-{ .mii;	cmp.le		p6,p0=r34,r0
-	mov		r8=r0		}	// return value
-{ .mfb;	ADDP		r32=0,r32
-	nop.f		0x0
-(p6)	br.ret.spnt.many	b0	};;
-
-{ .mii;	sub	r10=r34,r0,1
-	.save	ar.lc,r3
-	mov	r3=ar.lc
-	.save	pr,r9
-	mov	r9=pr			};;
-
-	.body
-{ .mib;	ADDP		r33=0,r33
-	mov		pr.rot=1<<16
-	brp.loop.imp	.L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
-					}
-{ .mii;	add		r34=8,r32
-	mov		ar.lc=r10
-	mov		ar.ec=18	};;
-
-// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's
-// possible to compress the epilogue (I'm getting tired to write this
-// comment over and over) and get down to 2*n+16 at the cost of
-// scalability. The decision will very likely be reconsidered after the
-// benchmark program is profiled. I.e. if performance gain on Itanium
-// will appear larger than loss on "wider" IA-64, then the loop should
-// be explicitely split and the epilogue compressed.
-.L_bn_sqr_words_ctop:
-{ .mfi;	(p16)	ldf8		f32=[r33],8
-	(p25)	xmpy.lu		f42=f41,f41
-	(p0)	nop.i		0x0		}
-{ .mib;	(p33)	stf8		[r32]=f50,16
-	(p0)	nop.i		0x0
-	(p0)	nop.b		0x0		}
-{ .mfi;	(p0)	nop.m		0x0
-	(p25)	xmpy.hu		f52=f41,f41
-	(p0)	nop.i		0x0		}
-{ .mib;	(p33)	stf8		[r34]=f60,16
-	(p0)	nop.i		0x0
-	br.ctop.sptk	.L_bn_sqr_words_ctop	};;
-.L_bn_sqr_words_cend:
-
-{ .mii;	nop.m		0x0
-	mov		pr=r9,0x1ffff
-	mov		ar.lc=r3	}
-{ .mfb;	rum		1<<5		// clear um.mfh
-	nop.f		0x0
-	br.ret.sptk.many	b0	};;
-.endp	bn_sqr_words#
-#endif
-
-#if 1
-// Apparently we win nothing by implementing special bn_sqr_comba8.
-// Yes, it is possible to reduce the number of multiplications by
-// almost factor of two, but then the amount of additions would
-// increase by factor of two (as we would have to perform those
-// otherwise performed by xma ourselves). Normally we would trade
-// anyway as multiplications are way more expensive, but not this
-// time... Multiplication kernel is fully pipelined and as we drain
-// one 128-bit multiplication result per clock cycle multiplications
-// are effectively as inexpensive as additions. Special implementation
-// might become of interest for "wider" IA-64 implementation as you'll
-// be able to get through the multiplication phase faster (there won't
-// be any stall issues as discussed in the commentary section below and
-// you therefore will be able to employ all 4 FP units)... But these
-// Itanium days it's simply too hard to justify the effort so I just
-// drop down to bn_mul_comba8 code:-)
-//
-// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-//
-.global	bn_sqr_comba8#
-.proc	bn_sqr_comba8#
-.align	64
-bn_sqr_comba8:
-	.prologue
-	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii;	alloc	r2=ar.pfs,2,1,0,0
-	addp4	r33=0,r33
-	addp4	r32=0,r32		};;
-{ .mii;
-#else
-{ .mii;	alloc	r2=ar.pfs,2,1,0,0
-#endif
-	mov	r34=r33
-	add	r14=8,r33		};;
-	.body
-{ .mii;	add	r17=8,r34
-	add	r15=16,r33
-	add	r18=16,r34		}
-{ .mfb;	add	r16=24,r33
-	br	.L_cheat_entry_point8	};;
-.endp	bn_sqr_comba8#
-#endif
-
-#if 1
-// I've estimated this routine to run in ~120 ticks, but in reality
-// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
-// cycles consumed for instructions fetch? Or did I misinterpret some
-// clause in Itanium µ-architecture manual? Comments are welcomed and
-// highly appreciated.
-//
-// On Itanium 2 it takes ~190 ticks. This is because of stalls on
-// result from getf.sig. I do nothing about it at this point for
-// reasons depicted below.
-//
-// However! It should be noted that even 160 ticks is darn good result
-// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the
-// C version (compiled with gcc with inline assembler). I really
-// kicked compiler's butt here, didn't I? Yeah! This brings us to the
-// following statement. It's damn shame that this routine isn't called
-// very often nowadays! According to the profiler most CPU time is
-// consumed by bn_mul_add_words called from BN_from_montgomery. In
-// order to estimate what we're missing, I've compared the performance
-// of this routine against "traditional" implementation, i.e. against
-// following routine:
-//
-// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-// {	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
-//	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
-//	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
-//	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
-//	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
-//	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
-//	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
-//	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
-// }
-//
-// The one below is over 8 times faster than the one above:-( Even
-// more reasons to "combafy" bn_mul_add_mont...
-//
-// And yes, this routine really made me wish there were an optimizing
-// assembler! It also feels like it deserves a dedication.
-//
-//	To my wife for being there and to my kids...
-//
-// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-//
-#define	carry1	r14
-#define	carry2	r15
-#define	carry3	r34
-.global	bn_mul_comba8#
-.proc	bn_mul_comba8#
-.align	64
-bn_mul_comba8:
-	.prologue
-	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii;	alloc	r2=ar.pfs,3,0,0,0
-	addp4	r33=0,r33
-	addp4	r34=0,r34		};;
-{ .mii;	addp4	r32=0,r32
-#else
-{ .mii;	alloc   r2=ar.pfs,3,0,0,0
-#endif
-	add	r14=8,r33
-	add	r17=8,r34		}
-	.body
-{ .mii;	add	r15=16,r33
-	add	r18=16,r34
-	add	r16=24,r33		}
-.L_cheat_entry_point8:
-{ .mmi;	add	r19=24,r34
-
-	ldf8	f32=[r33],32		};;
-
-{ .mmi;	ldf8	f120=[r34],32
-	ldf8	f121=[r17],32		}
-{ .mmi;	ldf8	f122=[r18],32
-	ldf8	f123=[r19],32		};;
-{ .mmi;	ldf8	f124=[r34]
-	ldf8	f125=[r17]		}
-{ .mmi;	ldf8	f126=[r18]
-	ldf8	f127=[r19]		}
-
-{ .mmi;	ldf8	f33=[r14],32
-	ldf8	f34=[r15],32		}
-{ .mmi;	ldf8	f35=[r16],32;;
-	ldf8	f36=[r33]		}
-{ .mmi;	ldf8	f37=[r14]
-	ldf8	f38=[r15]		}
-{ .mfi;	ldf8	f39=[r16]
-// -------\ Entering multiplier's heaven /-------
-// ------------\                    /------------
-// -----------------\          /-----------------
-// ----------------------\/----------------------
-		xma.hu	f41=f32,f120,f0		}
-{ .mfi;		xma.lu	f40=f32,f120,f0		};; // (*)
-{ .mfi;		xma.hu	f51=f32,f121,f0		}
-{ .mfi;		xma.lu	f50=f32,f121,f0		};;
-{ .mfi;		xma.hu	f61=f32,f122,f0		}
-{ .mfi;		xma.lu	f60=f32,f122,f0		};;
-{ .mfi;		xma.hu	f71=f32,f123,f0		}
-{ .mfi;		xma.lu	f70=f32,f123,f0		};;
-{ .mfi;		xma.hu	f81=f32,f124,f0		}
-{ .mfi;		xma.lu	f80=f32,f124,f0		};;
-{ .mfi;		xma.hu	f91=f32,f125,f0		}
-{ .mfi;		xma.lu	f90=f32,f125,f0		};;
-{ .mfi;		xma.hu	f101=f32,f126,f0	}
-{ .mfi;		xma.lu	f100=f32,f126,f0	};;
-{ .mfi;		xma.hu	f111=f32,f127,f0	}
-{ .mfi;		xma.lu	f110=f32,f127,f0	};;//
-// (*)	You can argue that splitting at every second bundle would
-//	prevent "wider" IA-64 implementations from achieving the peak
-//	performance. Well, not really... The catch is that if you
-//	intend to keep 4 FP units busy by splitting at every fourth
-//	bundle and thus perform these 16 multiplications in 4 ticks,
-//	the first bundle *below* would stall because the result from
-//	the first xma bundle *above* won't be available for another 3
-//	ticks (if not more, being an optimist, I assume that "wider"
-//	implementation will have same latency:-). This stall will hold
-//	you back and the performance would be as if every second bundle
-//	were split *anyway*...
-{ .mfi;	getf.sig	r16=f40
-		xma.hu	f42=f33,f120,f41
-	add		r33=8,r32		}
-{ .mfi;		xma.lu	f41=f33,f120,f41	};;
-{ .mfi;	getf.sig	r24=f50
-		xma.hu	f52=f33,f121,f51	}
-{ .mfi;		xma.lu	f51=f33,f121,f51	};;
-{ .mfi;	st8		[r32]=r16,16
-		xma.hu	f62=f33,f122,f61	}
-{ .mfi;		xma.lu	f61=f33,f122,f61	};;
-{ .mfi;		xma.hu	f72=f33,f123,f71	}
-{ .mfi;		xma.lu	f71=f33,f123,f71	};;
-{ .mfi;		xma.hu	f82=f33,f124,f81	}
-{ .mfi;		xma.lu	f81=f33,f124,f81	};;
-{ .mfi;		xma.hu	f92=f33,f125,f91	}
-{ .mfi;		xma.lu	f91=f33,f125,f91	};;
-{ .mfi;		xma.hu	f102=f33,f126,f101	}
-{ .mfi;		xma.lu	f101=f33,f126,f101	};;
-{ .mfi;		xma.hu	f112=f33,f127,f111	}
-{ .mfi;		xma.lu	f111=f33,f127,f111	};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r25=f41
-		xma.hu	f43=f34,f120,f42	}
-{ .mfi;		xma.lu	f42=f34,f120,f42	};;
-{ .mfi;	getf.sig	r16=f60
-		xma.hu	f53=f34,f121,f52	}
-{ .mfi;		xma.lu	f52=f34,f121,f52	};;
-{ .mfi;	getf.sig	r17=f51
-		xma.hu	f63=f34,f122,f62
-	add		r25=r25,r24		}
-{ .mfi;		xma.lu	f62=f34,f122,f62
-	mov		carry1=0		};;
-{ .mfi;	cmp.ltu		p6,p0=r25,r24
-		xma.hu	f73=f34,f123,f72	}
-{ .mfi;		xma.lu	f72=f34,f123,f72	};;
-{ .mfi;	st8		[r33]=r25,16
-		xma.hu	f83=f34,f124,f82
-(p6)	add		carry1=1,carry1		}
-{ .mfi;		xma.lu	f82=f34,f124,f82	};;
-{ .mfi;		xma.hu	f93=f34,f125,f92	}
-{ .mfi;		xma.lu	f92=f34,f125,f92	};;
-{ .mfi;		xma.hu	f103=f34,f126,f102	}
-{ .mfi;		xma.lu	f102=f34,f126,f102	};;
-{ .mfi;		xma.hu	f113=f34,f127,f112	}
-{ .mfi;		xma.lu	f112=f34,f127,f112	};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r18=f42
-		xma.hu	f44=f35,f120,f43
-	add		r17=r17,r16		}
-{ .mfi;		xma.lu	f43=f35,f120,f43	};;
-{ .mfi;	getf.sig	r24=f70
-		xma.hu	f54=f35,f121,f53	}
-{ .mfi;	mov		carry2=0
-		xma.lu	f53=f35,f121,f53	};;
-{ .mfi;	getf.sig	r25=f61
-		xma.hu	f64=f35,f122,f63
-	cmp.ltu		p7,p0=r17,r16		}
-{ .mfi;	add		r18=r18,r17
-		xma.lu	f63=f35,f122,f63	};;
-{ .mfi;	getf.sig	r26=f52
-		xma.hu	f74=f35,f123,f73
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r18,r17
-		xma.lu	f73=f35,f123,f73
-	add		r18=r18,carry1		};;
-{ .mfi;
-		xma.hu	f84=f35,f124,f83
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r18,carry1
-		xma.lu	f83=f35,f124,f83	};;
-{ .mfi;	st8		[r32]=r18,16
-		xma.hu	f94=f35,f125,f93
-(p7)	add		carry2=1,carry2		}
-{ .mfi;		xma.lu	f93=f35,f125,f93	};;
-{ .mfi;		xma.hu	f104=f35,f126,f103	}
-{ .mfi;		xma.lu	f103=f35,f126,f103	};;
-{ .mfi;		xma.hu	f114=f35,f127,f113	}
-{ .mfi;	mov		carry1=0
-		xma.lu	f113=f35,f127,f113
-	add		r25=r25,r24		};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r27=f43
-		xma.hu	f45=f36,f120,f44
-	cmp.ltu		p6,p0=r25,r24		}
-{ .mfi;		xma.lu	f44=f36,f120,f44	
-	add		r26=r26,r25		};;
-{ .mfi;	getf.sig	r16=f80
-		xma.hu	f55=f36,f121,f54
-(p6)	add		carry1=1,carry1		}
-{ .mfi;		xma.lu	f54=f36,f121,f54	};;
-{ .mfi;	getf.sig	r17=f71
-		xma.hu	f65=f36,f122,f64
-	cmp.ltu		p6,p0=r26,r25		}
-{ .mfi;		xma.lu	f64=f36,f122,f64
-	add		r27=r27,r26		};;
-{ .mfi;	getf.sig	r18=f62
-		xma.hu	f75=f36,f123,f74
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	cmp.ltu		p6,p0=r27,r26
-		xma.lu	f74=f36,f123,f74
-	add		r27=r27,carry2		};;
-{ .mfi;	getf.sig	r19=f53
-		xma.hu	f85=f36,f124,f84
-(p6)	add		carry1=1,carry1		}
-{ .mfi;		xma.lu	f84=f36,f124,f84
-	cmp.ltu		p6,p0=r27,carry2	};;
-{ .mfi;	st8		[r33]=r27,16
-		xma.hu	f95=f36,f125,f94
-(p6)	add		carry1=1,carry1		}
-{ .mfi;		xma.lu	f94=f36,f125,f94	};;
-{ .mfi;		xma.hu	f105=f36,f126,f104	}
-{ .mfi;	mov		carry2=0
-		xma.lu	f104=f36,f126,f104
-	add		r17=r17,r16		};;
-{ .mfi;		xma.hu	f115=f36,f127,f114
-	cmp.ltu		p7,p0=r17,r16		}
-{ .mfi;		xma.lu	f114=f36,f127,f114
-	add		r18=r18,r17		};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r20=f44
-		xma.hu	f46=f37,f120,f45
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r18,r17
-		xma.lu	f45=f37,f120,f45
-	add		r19=r19,r18		};;
-{ .mfi;	getf.sig	r24=f90
-		xma.hu	f56=f37,f121,f55	}
-{ .mfi;		xma.lu	f55=f37,f121,f55	};;
-{ .mfi;	getf.sig	r25=f81
-		xma.hu	f66=f37,f122,f65
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r19,r18
-		xma.lu	f65=f37,f122,f65
-	add		r20=r20,r19		};;
-{ .mfi;	getf.sig	r26=f72
-		xma.hu	f76=f37,f123,f75
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r20,r19
-		xma.lu	f75=f37,f123,f75
-	add		r20=r20,carry1		};;
-{ .mfi;	getf.sig	r27=f63
-		xma.hu	f86=f37,f124,f85
-(p7)	add		carry2=1,carry2		}
-{ .mfi;		xma.lu	f85=f37,f124,f85
-	cmp.ltu		p7,p0=r20,carry1	};;
-{ .mfi;	getf.sig	r28=f54
-		xma.hu	f96=f37,f125,f95
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	st8		[r32]=r20,16
-		xma.lu	f95=f37,f125,f95	};;
-{ .mfi;		xma.hu	f106=f37,f126,f105	}
-{ .mfi;	mov		carry1=0
-		xma.lu	f105=f37,f126,f105
-	add		r25=r25,r24		};;
-{ .mfi;		xma.hu	f116=f37,f127,f115
-	cmp.ltu		p6,p0=r25,r24		}
-{ .mfi;		xma.lu	f115=f37,f127,f115
-	add		r26=r26,r25		};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r29=f45
-		xma.hu	f47=f38,f120,f46
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	cmp.ltu		p6,p0=r26,r25
-		xma.lu	f46=f38,f120,f46
-	add		r27=r27,r26		};;
-{ .mfi;	getf.sig	r16=f100
-		xma.hu	f57=f38,f121,f56
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	cmp.ltu		p6,p0=r27,r26
-		xma.lu	f56=f38,f121,f56
-	add		r28=r28,r27		};;
-{ .mfi;	getf.sig	r17=f91
-		xma.hu	f67=f38,f122,f66
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	cmp.ltu		p6,p0=r28,r27
-		xma.lu	f66=f38,f122,f66
-	add		r29=r29,r28		};;
-{ .mfi;	getf.sig	r18=f82
-		xma.hu	f77=f38,f123,f76
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	cmp.ltu		p6,p0=r29,r28
-		xma.lu	f76=f38,f123,f76
-	add		r29=r29,carry2		};;
-{ .mfi;	getf.sig	r19=f73
-		xma.hu	f87=f38,f124,f86
-(p6)	add		carry1=1,carry1		}
-{ .mfi;		xma.lu	f86=f38,f124,f86
-	cmp.ltu		p6,p0=r29,carry2	};;
-{ .mfi;	getf.sig	r20=f64
-		xma.hu	f97=f38,f125,f96
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	st8		[r33]=r29,16
-		xma.lu	f96=f38,f125,f96	};;
-{ .mfi;	getf.sig	r21=f55
-		xma.hu	f107=f38,f126,f106	}
-{ .mfi;	mov		carry2=0
-		xma.lu	f106=f38,f126,f106
-	add		r17=r17,r16		};;
-{ .mfi;		xma.hu	f117=f38,f127,f116
-	cmp.ltu		p7,p0=r17,r16		}
-{ .mfi;		xma.lu	f116=f38,f127,f116
-	add		r18=r18,r17		};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r22=f46
-		xma.hu	f48=f39,f120,f47
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r18,r17
-		xma.lu	f47=f39,f120,f47
-	add		r19=r19,r18		};;
-{ .mfi;	getf.sig	r24=f110
-		xma.hu	f58=f39,f121,f57
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r19,r18
-		xma.lu	f57=f39,f121,f57
-	add		r20=r20,r19		};;
-{ .mfi;	getf.sig	r25=f101
-		xma.hu	f68=f39,f122,f67
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r20,r19
-		xma.lu	f67=f39,f122,f67
-	add		r21=r21,r20		};;
-{ .mfi;	getf.sig	r26=f92
-		xma.hu	f78=f39,f123,f77
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r21,r20
-		xma.lu	f77=f39,f123,f77
-	add		r22=r22,r21		};;
-{ .mfi;	getf.sig	r27=f83
-		xma.hu	f88=f39,f124,f87
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	cmp.ltu		p7,p0=r22,r21
-		xma.lu	f87=f39,f124,f87
-	add		r22=r22,carry1		};;
-{ .mfi;	getf.sig	r28=f74
-		xma.hu	f98=f39,f125,f97
-(p7)	add		carry2=1,carry2		}
-{ .mfi;		xma.lu	f97=f39,f125,f97
-	cmp.ltu		p7,p0=r22,carry1	};;
-{ .mfi;	getf.sig	r29=f65
-		xma.hu	f108=f39,f126,f107
-(p7)	add		carry2=1,carry2		}
-{ .mfi;	st8		[r32]=r22,16
-		xma.lu	f107=f39,f126,f107	};;
-{ .mfi;	getf.sig	r30=f56
-		xma.hu	f118=f39,f127,f117	}
-{ .mfi;		xma.lu	f117=f39,f127,f117	};;//
-//-------------------------------------------------//
-// Leaving muliplier's heaven... Quite a ride, huh?
-
-{ .mii;	getf.sig	r31=f47
-	add		r25=r25,r24
-	mov		carry1=0		};;
-{ .mii;		getf.sig	r16=f111
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mfb;		getf.sig	r17=f102	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r27=r27,r26		};;
-{ .mfb;	nop.m	0x0				}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r27,r26
-	add		r28=r28,r27		};;
-{ .mii;		getf.sig	r18=f93
-		add		r17=r17,r16
-		mov		carry3=0	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r28,r27
-	add		r29=r29,r28		};;
-{ .mii;		getf.sig	r19=f84
-		cmp.ltu		p7,p0=r17,r16	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r29,r28
-	add		r30=r30,r29		};;
-{ .mii;		getf.sig	r20=f75
-		add		r18=r18,r17	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r30,r29
-	add		r31=r31,r30		};;
-{ .mfb;		getf.sig	r21=f66		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r18,r17
-		add		r19=r19,r18	}
-{ .mfb;	nop.m	0x0				}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r31,r30
-	add		r31=r31,carry2		};;
-{ .mfb;		getf.sig	r22=f57		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r19,r18
-		add		r20=r20,r19	}
-{ .mfb;	nop.m	0x0				}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r31,carry2	};;
-{ .mfb;		getf.sig	r23=f48		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r20,r19
-		add		r21=r21,r20	}
-{ .mii;
-(p6)	add		carry1=1,carry1		}
-{ .mfb;	st8		[r33]=r31,16		};;
-
-{ .mfb;	getf.sig	r24=f112		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r21,r20
-		add		r22=r22,r21	};;
-{ .mfb;	getf.sig	r25=f103		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r22,r21
-		add		r23=r23,r22	};;
-{ .mfb;	getf.sig	r26=f94			}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r23,r22
-		add		r23=r23,carry1	};;
-{ .mfb;	getf.sig	r27=f85			}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p8=r23,carry1};;
-{ .mii;	getf.sig	r28=f76
-	add		r25=r25,r24
-	mov		carry1=0		}
-{ .mii;		st8		[r32]=r23,16
-	(p7)	add		carry2=1,carry3
-	(p8)	add		carry2=0,carry3	};;
-
-{ .mfb;	nop.m	0x0				}
-{ .mii;	getf.sig	r29=f67
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mfb;	getf.sig	r30=f58			}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r27=r27,r26		};;
-{ .mfb;		getf.sig	r16=f113	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r27,r26
-	add		r28=r28,r27		};;
-{ .mfb;		getf.sig	r17=f104	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r28,r27
-	add		r29=r29,r28		};;
-{ .mfb;		getf.sig	r18=f95		}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r29,r28
-	add		r30=r30,r29		};;
-{ .mii;		getf.sig	r19=f86
-		add		r17=r17,r16
-		mov		carry3=0	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r30,r29
-	add		r30=r30,carry2		};;
-{ .mii;		getf.sig	r20=f77
-		cmp.ltu		p7,p0=r17,r16
-		add		r18=r18,r17	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r30,carry2	};;
-{ .mfb;		getf.sig	r21=f68		}
-{ .mii;	st8		[r33]=r30,16
-(p6)	add		carry1=1,carry1		};;
-
-{ .mfb;	getf.sig	r24=f114		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r18,r17
-		add		r19=r19,r18	};;
-{ .mfb;	getf.sig	r25=f105		}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r19,r18
-		add		r20=r20,r19	};;
-{ .mfb;	getf.sig	r26=f96			}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r20,r19
-		add		r21=r21,r20	};;
-{ .mfb;	getf.sig	r27=f87			}
-{ .mii;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p0=r21,r20
-		add		r21=r21,carry1	};;
-{ .mib;	getf.sig	r28=f78			
-	add		r25=r25,r24		}
-{ .mib;	(p7)	add		carry3=1,carry3
-		cmp.ltu		p7,p8=r21,carry1};;
-{ .mii;		st8		[r32]=r21,16
-	(p7)	add		carry2=1,carry3
-	(p8)	add		carry2=0,carry3	}
-
-{ .mii;	mov		carry1=0
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mfb;		getf.sig	r16=f115	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r27=r27,r26		};;
-{ .mfb;		getf.sig	r17=f106	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r27,r26
-	add		r28=r28,r27		};;
-{ .mfb;		getf.sig	r18=f97		}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r28,r27
-	add		r28=r28,carry2		};;
-{ .mib;		getf.sig	r19=f88
-		add		r17=r17,r16	}
-{ .mib;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r28,carry2	};;
-{ .mii;	st8		[r33]=r28,16
-(p6)	add		carry1=1,carry1		}
-
-{ .mii;		mov		carry2=0
-		cmp.ltu		p7,p0=r17,r16
-		add		r18=r18,r17	};;
-{ .mfb;	getf.sig	r24=f116		}
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r18,r17
-		add		r19=r19,r18	};;
-{ .mfb;	getf.sig	r25=f107		}
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r19,r18
-		add		r19=r19,carry1	};;
-{ .mfb;	getf.sig	r26=f98			}
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r19,carry1};;
-{ .mii;		st8		[r32]=r19,16
-	(p7)	add		carry2=1,carry2	}
-
-{ .mfb;	add		r25=r25,r24		};;
-
-{ .mfb;		getf.sig	r16=f117	}
-{ .mii;	mov		carry1=0
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mfb;		getf.sig	r17=f108	}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r26=r26,carry2		};;
-{ .mfb;	nop.m	0x0				}
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,carry2	};;
-{ .mii;	st8		[r33]=r26,16
-(p6)	add		carry1=1,carry1		}
-
-{ .mfb;		add		r17=r17,r16	};;
-{ .mfb;	getf.sig	r24=f118		}
-{ .mii;		mov		carry2=0
-		cmp.ltu		p7,p0=r17,r16
-		add		r17=r17,carry1	};;
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r17,carry1};;
-{ .mii;		st8		[r32]=r17
-	(p7)	add		carry2=1,carry2	};;
-{ .mfb;	add		r24=r24,carry2		};;
-{ .mib;	st8		[r33]=r24		}
-
-{ .mib;	rum		1<<5		// clear um.mfh
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_comba8#
-#undef	carry3
-#undef	carry2
-#undef	carry1
-#endif
-
-#if 1
-// It's possible to make it faster (see comment to bn_sqr_comba8), but
-// I reckon it doesn't worth the effort. Basically because the routine
-// (actually both of them) practically never called... So I just play
-// same trick as with bn_sqr_comba8.
-//
-// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-//
-.global	bn_sqr_comba4#
-.proc	bn_sqr_comba4#
-.align	64
-bn_sqr_comba4:
-	.prologue
-	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii;	alloc   r2=ar.pfs,2,1,0,0
-	addp4	r32=0,r32
-	addp4	r33=0,r33		};;
-{ .mii;
-#else
-{ .mii;	alloc	r2=ar.pfs,2,1,0,0
-#endif
-	mov	r34=r33
-	add	r14=8,r33		};;
-	.body
-{ .mii;	add	r17=8,r34
-	add	r15=16,r33
-	add	r18=16,r34		}
-{ .mfb;	add	r16=24,r33
-	br	.L_cheat_entry_point4	};;
-.endp	bn_sqr_comba4#
-#endif
-
-#if 1
-// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever...
-//
-// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-//
-#define	carry1	r14
-#define	carry2	r15
-.global	bn_mul_comba4#
-.proc	bn_mul_comba4#
-.align	64
-bn_mul_comba4:
-	.prologue
-	.save	ar.pfs,r2
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-{ .mii;	alloc   r2=ar.pfs,3,0,0,0
-	addp4	r33=0,r33
-	addp4	r34=0,r34		};;
-{ .mii;	addp4	r32=0,r32
-#else
-{ .mii;	alloc	r2=ar.pfs,3,0,0,0
-#endif
-	add	r14=8,r33
-	add	r17=8,r34		}
-	.body
-{ .mii;	add	r15=16,r33
-	add	r18=16,r34
-	add	r16=24,r33		};;
-.L_cheat_entry_point4:
-{ .mmi;	add	r19=24,r34
-
-	ldf8	f32=[r33]		}
-
-{ .mmi;	ldf8	f120=[r34]
-	ldf8	f121=[r17]		};;
-{ .mmi;	ldf8	f122=[r18]
-	ldf8	f123=[r19]		}
-
-{ .mmi;	ldf8	f33=[r14]
-	ldf8	f34=[r15]		}
-{ .mfi;	ldf8	f35=[r16]
-
-		xma.hu	f41=f32,f120,f0		}
-{ .mfi;		xma.lu	f40=f32,f120,f0		};;
-{ .mfi;		xma.hu	f51=f32,f121,f0		}
-{ .mfi;		xma.lu	f50=f32,f121,f0		};;
-{ .mfi;		xma.hu	f61=f32,f122,f0		}
-{ .mfi;		xma.lu	f60=f32,f122,f0		};;
-{ .mfi;		xma.hu	f71=f32,f123,f0		}
-{ .mfi;		xma.lu	f70=f32,f123,f0		};;//
-// Major stall takes place here, and 3 more places below. Result from
-// first xma is not available for another 3 ticks.
-{ .mfi;	getf.sig	r16=f40
-		xma.hu	f42=f33,f120,f41
-	add		r33=8,r32		}
-{ .mfi;		xma.lu	f41=f33,f120,f41	};;
-{ .mfi;	getf.sig	r24=f50
-		xma.hu	f52=f33,f121,f51	}
-{ .mfi;		xma.lu	f51=f33,f121,f51	};;
-{ .mfi;	st8		[r32]=r16,16
-		xma.hu	f62=f33,f122,f61	}
-{ .mfi;		xma.lu	f61=f33,f122,f61	};;
-{ .mfi;		xma.hu	f72=f33,f123,f71	}
-{ .mfi;		xma.lu	f71=f33,f123,f71	};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r25=f41
-		xma.hu	f43=f34,f120,f42	}
-{ .mfi;		xma.lu	f42=f34,f120,f42	};;
-{ .mfi;	getf.sig	r16=f60
-		xma.hu	f53=f34,f121,f52	}
-{ .mfi;		xma.lu	f52=f34,f121,f52	};;
-{ .mfi;	getf.sig	r17=f51
-		xma.hu	f63=f34,f122,f62
-	add		r25=r25,r24		}
-{ .mfi;	mov		carry1=0
-		xma.lu	f62=f34,f122,f62	};;
-{ .mfi;	st8		[r33]=r25,16
-		xma.hu	f73=f34,f123,f72
-	cmp.ltu		p6,p0=r25,r24		}
-{ .mfi;		xma.lu	f72=f34,f123,f72	};;//
-//-------------------------------------------------//
-{ .mfi;	getf.sig	r18=f42
-		xma.hu	f44=f35,f120,f43
-(p6)	add		carry1=1,carry1		}
-{ .mfi;	add		r17=r17,r16
-		xma.lu	f43=f35,f120,f43
-	mov		carry2=0		};;
-{ .mfi;	getf.sig	r24=f70
-		xma.hu	f54=f35,f121,f53
-	cmp.ltu		p7,p0=r17,r16		}
-{ .mfi;		xma.lu	f53=f35,f121,f53	};;
-{ .mfi;	getf.sig	r25=f61
-		xma.hu	f64=f35,f122,f63
-	add		r18=r18,r17		}
-{ .mfi;		xma.lu	f63=f35,f122,f63
-(p7)	add		carry2=1,carry2		};;
-{ .mfi;	getf.sig	r26=f52
-		xma.hu	f74=f35,f123,f73
-	cmp.ltu		p7,p0=r18,r17		}
-{ .mfi;		xma.lu	f73=f35,f123,f73
-	add		r18=r18,carry1		};;
-//-------------------------------------------------//
-{ .mii;	st8		[r32]=r18,16
-(p7)	add		carry2=1,carry2
-	cmp.ltu		p7,p0=r18,carry1	};;
-
-{ .mfi;	getf.sig	r27=f43	// last major stall
-(p7)	add		carry2=1,carry2		};;
-{ .mii;		getf.sig	r16=f71
-	add		r25=r25,r24
-	mov		carry1=0		};;
-{ .mii;		getf.sig	r17=f62	
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r27=r27,r26		};;
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r27,r26
-	add		r27=r27,carry2		};;
-{ .mii;		getf.sig	r18=f53
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r27,carry2	};;
-{ .mfi;	st8		[r33]=r27,16
-(p6)	add		carry1=1,carry1		}
-
-{ .mii;		getf.sig	r19=f44
-		add		r17=r17,r16
-		mov		carry2=0	};;
-{ .mii;	getf.sig	r24=f72
-		cmp.ltu		p7,p0=r17,r16
-		add		r18=r18,r17	};;
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r18,r17
-		add		r19=r19,r18	};;
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r19,r18
-		add		r19=r19,carry1	};;
-{ .mii;	getf.sig	r25=f63
-	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r19,carry1};;
-{ .mii;		st8		[r32]=r19,16
-	(p7)	add		carry2=1,carry2	}
-
-{ .mii;	getf.sig	r26=f54
-	add		r25=r25,r24
-	mov		carry1=0		};;
-{ .mii;		getf.sig	r16=f73
-	cmp.ltu		p6,p0=r25,r24
-	add		r26=r26,r25		};;
-{ .mii;
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,r25
-	add		r26=r26,carry2		};;
-{ .mii;		getf.sig	r17=f64
-(p6)	add		carry1=1,carry1
-	cmp.ltu		p6,p0=r26,carry2	};;
-{ .mii;	st8		[r33]=r26,16
-(p6)	add		carry1=1,carry1		}
-
-{ .mii;	getf.sig	r24=f74
-		add		r17=r17,r16	
-		mov		carry2=0	};;
-{ .mii;		cmp.ltu		p7,p0=r17,r16
-		add		r17=r17,carry1	};;
-
-{ .mii;	(p7)	add		carry2=1,carry2
-		cmp.ltu		p7,p0=r17,carry1};;
-{ .mii;		st8		[r32]=r17,16
-	(p7)	add		carry2=1,carry2	};;
-
-{ .mii;	add		r24=r24,carry2		};;
-{ .mii;	st8		[r33]=r24		}
-
-{ .mib;	rum		1<<5		// clear um.mfh
-	br.ret.sptk.many	b0	};;
-.endp	bn_mul_comba4#
-#undef	carry2
-#undef	carry1
-#endif
-
-#if 1
-//
-// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-//
-// In the nutshell it's a port of my MIPS III/IV implementation.
-//
-#define	AT	r14
-#define	H	r16
-#define	HH	r20
-#define	L	r17
-#define	D	r18
-#define	DH	r22
-#define	I	r21
-
-#if 0
-// Some preprocessors (most notably HP-UX) appear to be allergic to
-// macros enclosed to parenthesis [as these three were].
-#define	cont	p16
-#define	break	p0	// p20
-#define	equ	p24
-#else
-cont=p16
-break=p0
-equ=p24
-#endif
-
-.global	abort#
-.global	bn_div_words#
-.proc	bn_div_words#
-.align	64
-bn_div_words:
-	.prologue
-	.save	ar.pfs,r2
-{ .mii;	alloc		r2=ar.pfs,3,5,0,8
-	.save	b0,r3
-	mov		r3=b0
-	.save	pr,r10
-	mov		r10=pr		};;
-{ .mmb;	cmp.eq		p6,p0=r34,r0
-	mov		r8=-1
-(p6)	br.ret.spnt.many	b0	};;
-
-	.body
-{ .mii;	mov		H=r32		// save h
-	mov		ar.ec=0		// don't rotate at exit
-	mov		pr.rot=0	}
-{ .mii;	mov		L=r33		// save l
-	mov		r36=r0		};;
-
-.L_divw_shift:	// -vv- note signed comparison
-{ .mfi;	(p0)	cmp.lt		p16,p0=r0,r34	// d
-	(p0)	shladd		r33=r34,1,r0	}
-{ .mfb;	(p0)	add		r35=1,r36
-	(p0)	nop.f		0x0
-(p16)	br.wtop.dpnt		.L_divw_shift	};;
-
-{ .mii;	mov		D=r34
-	shr.u		DH=r34,32
-	sub		r35=64,r36		};;
-{ .mii;	setf.sig	f7=DH
-	shr.u		AT=H,r35
-	mov		I=r36			};;
-{ .mib;	cmp.ne		p6,p0=r0,AT
-	shl		H=H,r36
-(p6)	br.call.spnt.clr	b0=abort	};;	// overflow, die...
-
-{ .mfi;	fcvt.xuf.s1	f7=f7
-	shr.u		AT=L,r35		};;
-{ .mii;	shl		L=L,r36
-	or		H=H,AT			};;
-
-{ .mii;	nop.m		0x0
-	cmp.leu		p6,p0=D,H;;
-(p6)	sub		H=H,D			}
-
-{ .mlx;	setf.sig	f14=D
-	movl		AT=0xffffffff		};;
-///////////////////////////////////////////////////////////
-{ .mii;	setf.sig	f6=H
-	shr.u		HH=H,32;;
-	cmp.eq		p6,p7=HH,DH		};;
-{ .mfb;
-(p6)	setf.sig	f8=AT
-(p7)	fcvt.xuf.s1	f6=f6
-(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;
-
-{ .mfi;	getf.sig	r33=f8				// q
-	xmpy.lu		f9=f8,f14		}
-{ .mfi;	xmpy.hu		f10=f8,f14
-	shrp		H=H,L,32		};;
-
-{ .mmi;	getf.sig	r35=f9				// tl
-	getf.sig	r31=f10			};;	// th
-
-.L_divw_1st_iter:
-{ .mii;	(p0)	add		r32=-1,r33
-	(p0)	cmp.eq		equ,cont=HH,r31		};;
-{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D
-	(p0)	sub		r34=r35,D
-	(equ)	cmp.leu		break,cont=r35,H	};;
-{ .mib;	(cont)	cmp.leu		cont,break=HH,r31
-	(p8)	add		r31=-1,r31
-(cont)	br.wtop.spnt		.L_divw_1st_iter	};;
-///////////////////////////////////////////////////////////
-{ .mii;	sub		H=H,r35
-	shl		r8=r33,32
-	shl		L=L,32			};;
-///////////////////////////////////////////////////////////
-{ .mii;	setf.sig	f6=H
-	shr.u		HH=H,32;;
-	cmp.eq		p6,p7=HH,DH		};;
-{ .mfb;
-(p6)	setf.sig	f8=AT
-(p7)	fcvt.xuf.s1	f6=f6
-(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;
-
-{ .mfi;	getf.sig	r33=f8				// q
-	xmpy.lu		f9=f8,f14		}
-{ .mfi;	xmpy.hu		f10=f8,f14
-	shrp		H=H,L,32		};;
-
-{ .mmi;	getf.sig	r35=f9				// tl
-	getf.sig	r31=f10			};;	// th
-
-.L_divw_2nd_iter:
-{ .mii;	(p0)	add		r32=-1,r33
-	(p0)	cmp.eq		equ,cont=HH,r31		};;
-{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D
-	(p0)	sub		r34=r35,D
-	(equ)	cmp.leu		break,cont=r35,H	};;
-{ .mib;	(cont)	cmp.leu		cont,break=HH,r31
-	(p8)	add		r31=-1,r31
-(cont)	br.wtop.spnt		.L_divw_2nd_iter	};;
-///////////////////////////////////////////////////////////
-{ .mii;	sub	H=H,r35
-	or	r8=r8,r33
-	mov	ar.pfs=r2		};;
-{ .mii;	shr.u	r9=H,I			// remainder if anybody wants it
-	mov	pr=r10,0x1ffff		}
-{ .mfb;	br.ret.sptk.many	b0	};;
-
-// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
-// procedure.
-//
-// inputs:	f6 = (double)a, f7 = (double)b
-// output:	f8 = (int)(a/b)
-// clobbered:	f8,f9,f10,f11,pred
-pred=p15
-// One can argue that this snippet is copyrighted to Intel
-// Corporation, as it's essentially identical to one of those
-// found in "Divide, Square Root and Remainder" section at
-// http://www.intel.com/software/products/opensource/libraries/num.htm.
-// Yes, I admit that the referred code was used as template,
-// but after I realized that there hardly is any other instruction
-// sequence which would perform this operation. I mean I figure that
-// any independent attempt to implement high-performance division
-// will result in code virtually identical to the Intel code. It
-// should be noted though that below division kernel is 1 cycle
-// faster than Intel one (note commented splits:-), not to mention
-// original prologue (rather lack of one) and epilogue.
-.align	32
-.skip	16
-.L_udiv64_32_b6:
-	frcpa.s1	f8,pred=f6,f7;;		// [0]  y0 = 1 / b
-
-(pred)	fnma.s1		f9=f7,f8,f1		// [5]  e0 = 1 - b * y0
-(pred)	fmpy.s1		f10=f6,f8;;		// [5]  q0 = a * y0
-(pred)	fmpy.s1		f11=f9,f9		// [10] e1 = e0 * e0
-(pred)	fma.s1		f10=f9,f10,f10;;	// [10] q1 = q0 + e0 * q0
-(pred)	fma.s1		f8=f9,f8,f8	//;;	// [15] y1 = y0 + e0 * y0
-(pred)	fma.s1		f9=f11,f10,f10;;	// [15] q2 = q1 + e1 * q1
-(pred)	fma.s1		f8=f11,f8,f8	//;;	// [20] y2 = y1 + e1 * y1
-(pred)	fnma.s1		f10=f7,f9,f6;;		// [20] r2 = a - b * q2
-(pred)	fma.s1		f8=f10,f8,f9;;		// [25] q3 = q2 + r2 * y2
-
-	fcvt.fxu.trunc.s1	f8=f8		// [30] q = trunc(q3)
-	br.ret.sptk.many	b6;;
-.endp	bn_div_words#
-#endif
diff --git a/src/lib/libcrypto/ia64cpuid.S b/src/lib/libcrypto/ia64cpuid.S
deleted file mode 100644
index 39e8093c6c..0000000000
--- a/src/lib/libcrypto/ia64cpuid.S
+++ /dev/null
@@ -1,121 +0,0 @@
-// Works on all IA-64 platforms: Linux, HP-UX, Win64i...
-// On Win64i compile with ias.exe.
-.text
-
-.global	OPENSSL_cpuid_setup#
-.proc	OPENSSL_cpuid_setup#
-OPENSSL_cpuid_setup:
-{ .mib;	br.ret.sptk.many	b0		};;
-.endp	OPENSSL_cpuid_setup#
-
-.global	OPENSSL_atomic_add#
-.proc	OPENSSL_atomic_add#
-.align	32
-OPENSSL_atomic_add:
-{ .mii;	ld4		r2=[r32]
-	nop.i		0
-	nop.i		0		};;
-.Lspin:
-{ .mii;	mov		ar.ccv=r2
-	add		r8=r2,r33
-	mov		r3=r2		};;
-{ .mmi;	mf;;
-	cmpxchg4.acq	r2=[r32],r8,ar.ccv
-	nop.i		0		};;
-{ .mib;	cmp.ne		p6,p0=r2,r3
-	nop.i		0
-(p6)	br.dpnt		.Lspin		};;
-{ .mib;	nop.m		0
-	sxt4		r8=r8
-	br.ret.sptk.many	b0	};;
-.endp	OPENSSL_atomic_add#
-
-// Returns a structure comprising pointer to the top of stack of
-// the caller and pointer beyond backing storage for the current
-// register frame. The latter is required, because it might be
-// insufficient to wipe backing storage for the current frame
-// (as this procedure does), one might have to go further, toward
-// higher addresses to reach for whole "retroactively" saved
-// context...
-.global	OPENSSL_wipe_cpu#
-.proc	OPENSSL_wipe_cpu#
-.align	32
-OPENSSL_wipe_cpu:
-	.prologue
-	.fframe	0
-	.save	ar.pfs,r2
-	.save	ar.lc,r3
-{ .mib;	alloc		r2=ar.pfs,0,96,0,96
-	mov		r3=ar.lc
-	brp.loop.imp	.L_wipe_top,.L_wipe_end-16
-					};;
-{ .mii;	mov		r9=ar.bsp
-	mov		r8=pr
-	mov		ar.lc=96	};;
-	.body
-{ .mii;	add		r9=96*8-8,r9
-	mov		ar.ec=1		};;
-
-// One can sweep double as fast, but then we can't quarantee
-// that backing storage is wiped...
-.L_wipe_top:
-{ .mfi;	st8		[r9]=r0,-8
-	mov		f127=f0
-	mov		r127=r0		}
-{ .mfb;	nop.m		0
-	nop.f		0
-	br.ctop.sptk	.L_wipe_top	};;
-.L_wipe_end:
-
-{ .mfi;	mov		r11=r0
-	mov		f6=f0
-	mov		r14=r0		}
-{ .mfi;	mov		r15=r0
-	mov		f7=f0
-	mov		r16=r0		}
-{ .mfi;	mov		r17=r0
-	mov		f8=f0
-	mov		r18=r0		}
-{ .mfi;	mov		r19=r0
-	mov		f9=f0
-	mov		r20=r0		}
-{ .mfi;	mov		r21=r0
-	mov		f10=f0
-	mov		r22=r0		}
-{ .mfi;	mov		r23=r0
-	mov		f11=f0
-	mov		r24=r0		}
-{ .mfi;	mov		r25=r0
-	mov		f12=f0
-	mov		r26=r0		}
-{ .mfi;	mov		r27=r0
-	mov		f13=f0
-	mov		r28=r0		}
-{ .mfi;	mov		r29=r0
-	mov		f14=f0
-	mov		r30=r0		}
-{ .mfi;	mov		r31=r0
-	mov		f15=f0
-	nop.i		0		}
-{ .mfi;	mov		f16=f0		}
-{ .mfi;	mov		f17=f0		}
-{ .mfi;	mov		f18=f0		}
-{ .mfi;	mov		f19=f0		}
-{ .mfi;	mov		f20=f0		}
-{ .mfi;	mov		f21=f0		}
-{ .mfi;	mov		f22=f0		}
-{ .mfi;	mov		f23=f0		}
-{ .mfi;	mov		f24=f0		}
-{ .mfi;	mov		f25=f0		}
-{ .mfi;	mov		f26=f0		}
-{ .mfi;	mov		f27=f0		}
-{ .mfi;	mov		f28=f0		}
-{ .mfi;	mov		f29=f0		}
-{ .mfi;	mov		f30=f0		}
-{ .mfi;	add		r9=96*8+8,r9
-	mov		f31=f0
-	mov		pr=r8,0x1ffff	}
-{ .mib;	mov		r8=sp
-	mov		ar.lc=r3
-	br.ret.sptk	b0		};;
-.endp	OPENSSL_wipe_cpu#
diff --git a/src/lib/libcrypto/md5/asm/md5-ia64.S b/src/lib/libcrypto/md5/asm/md5-ia64.S
deleted file mode 100644
index e7de08d46a..0000000000
--- a/src/lib/libcrypto/md5/asm/md5-ia64.S
+++ /dev/null
@@ -1,992 +0,0 @@
-/* Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
-
-//	Common registers are assigned as follows:
-//
-//	COMMON
-//
-//	t0		Const Tbl Ptr	TPtr
-//	t1		Round Constant	TRound
-//	t4		Block residual	LenResid
-//	t5		Residual Data	DTmp
-//
-//	{in,out}0	Block 0 Cycle	RotateM0
-//	{in,out}1	Block Value 12	M12
-//	{in,out}2	Block Value 8	M8
-//	{in,out}3	Block Value 4	M4
-//	{in,out}4	Block Value 0	M0
-//	{in,out}5	Block 1 Cycle	RotateM1
-//	{in,out}6	Block Value 13	M13
-//	{in,out}7	Block Value 9	M9
-//	{in,out}8	Block Value 5	M5
-//	{in,out}9	Block Value 1	M1
-//	{in,out}10	Block 2 Cycle	RotateM2
-//	{in,out}11	Block Value 14	M14
-//	{in,out}12	Block Value 10	M10
-//	{in,out}13	Block Value 6	M6
-//	{in,out}14	Block Value 2	M2
-//	{in,out}15	Block 3 Cycle	RotateM3
-//	{in,out}16	Block Value 15	M15
-//	{in,out}17	Block Value 11	M11
-//	{in,out}18	Block Value 7	M7
-//	{in,out}19	Block Value 3	M3
-//	{in,out}20	Scratch			Z
-//	{in,out}21	Scratch			Y
-//	{in,out}22	Scratch			X
-//	{in,out}23	Scratch			W
-//	{in,out}24	Digest A		A
-//	{in,out}25	Digest B		B
-//	{in,out}26	Digest C		C
-//	{in,out}27	Digest D		D
-//	{in,out}28	Active Data Ptr	DPtr
-//	in28		Dummy Value		-
-//	out28		Dummy Value		-
-//	bt0			Coroutine Link	QUICK_RTN
-//
-///	These predicates are used for computing the padding block(s) and
-///	are shared between the driver and digest co-routines
-//
-//	pt0			Extra Pad Block	pExtra
-//	pt1			Load next word	pLoad
-//	pt2			Skip next word	pSkip
-//	pt3			Search for Pad	pNoPad
-//	pt4			Pad Word 0		pPad0
-//	pt5			Pad Word 1		pPad1
-//	pt6			Pad Word 2		pPad2
-//	pt7			Pad Word 3		pPad3
-
-#define	DTmp		r19
-#define	LenResid	r18
-#define	QUICK_RTN	b6
-#define	TPtr		r14
-#define	TRound		r15
-#define	pExtra		p6
-#define	pLoad		p7
-#define	pNoPad		p9
-#define	pPad0		p10
-#define	pPad1		p11
-#define	pPad2		p12
-#define	pPad3		p13
-#define	pSkip		p8
-
-#define	A_		out24
-#define	B_		out25
-#define	C_		out26
-#define	D_		out27
-#define	DPtr_		out28
-#define	M0_		out4
-#define	M1_		out9
-#define	M10_		out12
-#define	M11_		out17
-#define	M12_		out1
-#define	M13_		out6
-#define	M14_		out11
-#define	M15_		out16
-#define	M2_		out14
-#define	M3_		out19
-#define	M4_		out3
-#define	M5_		out8
-#define	M6_		out13
-#define	M7_		out18
-#define	M8_		out2
-#define	M9_		out7
-#define	RotateM0_	out0
-#define	RotateM1_	out5
-#define	RotateM2_	out10
-#define	RotateM3_	out15
-#define	W_		out23
-#define	X_		out22
-#define	Y_		out21
-#define	Z_		out20
-
-#define	A		in24
-#define	B		in25
-#define	C		in26
-#define	D		in27
-#define	DPtr		in28
-#define	M0		in4
-#define	M1		in9
-#define	M10		in12
-#define	M11		in17
-#define	M12		in1
-#define	M13		in6
-#define	M14		in11
-#define	M15		in16
-#define	M2		in14
-#define	M3		in19
-#define	M4		in3
-#define	M5		in8
-#define	M6		in13
-#define	M7		in18
-#define	M8		in2
-#define	M9		in7
-#define	RotateM0	in0
-#define	RotateM1	in5
-#define	RotateM2	in10
-#define	RotateM3	in15
-#define	W		in23
-#define	X		in22
-#define	Y		in21
-#define	Z		in20
-
-/* register stack configuration for md5_block_asm_data_order(): */
-#define	MD5_NINP	3
-#define	MD5_NLOC	0
-#define MD5_NOUT	29
-#define MD5_NROT	0
-
-/* register stack configuration for helpers: */
-#define	_NINPUTS	MD5_NOUT
-#define	_NLOCALS	0
-#define _NOUTPUT	0
-#define	_NROTATE	24	/* this must be <= _NINPUTS */
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-#define	ADDP	addp4
-#else
-#define	ADDP	add
-#endif
-
-#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
-#define HOST_IS_BIG_ENDIAN
-#endif
-
-//	Macros for getting the left and right portions of little-endian words
-
-#define	GETLW(dst, src, align)	dep.z dst = src, 32 - 8 * align, 8 * align
-#define	GETRW(dst, src, align)	extr.u dst = src, 8 * align, 32 - 8 * align
-
-//	MD5 driver
-//
-//		Reads an input block, then calls the digest block
-//		subroutine and adds the results to the accumulated
-//		digest.  It allocates 32 outs which the subroutine
-//		uses as it's inputs and rotating
-//		registers. Initializes the round constant pointer and
-//		takes care of saving/restoring ar.lc
-//
-///	INPUT
-//
-//	in0		Context Ptr		CtxPtr0
-//	in1		Input Data Ptr		DPtrIn
-//	in2		Integral Blocks		BlockCount
-//	rp		Return Address		-
-//
-///	CODE
-//
-//	v2		Input Align		InAlign
-//	t0		Shared w/digest		-
-//	t1		Shared w/digest		-
-//	t2		Shared w/digest		-
-//	t3		Shared w/digest		-
-//	t4		Shared w/digest		-
-//	t5		Shared w/digest		-
-//	t6		PFS Save		PFSSave
-//	t7		ar.lc Save		LCSave
-//	t8		Saved PR		PRSave
-//	t9		2nd CtxPtr		CtxPtr1
-//	t10		Table Base		CTable
-//	t11		Table[0]		CTable0
-//	t13		Accumulator A		AccumA
-//	t14		Accumulator B		AccumB
-//	t15		Accumulator C		AccumC
-//	t16		Accumulator D		AccumD
-//	pt0		Shared w/digest		-
-//	pt1		Shared w/digest		-
-//	pt2		Shared w/digest		-
-//	pt3		Shared w/digest		-
-//	pt4		Shared w/digest		-
-//	pt5		Shared w/digest		-
-//	pt6		Shared w/digest		-
-//	pt7		Shared w/digest		-
-//	pt8		Not Aligned		pOff
-//	pt8		Blocks Left		pAgain
-
-#define	AccumA		r27
-#define	AccumB		r28
-#define	AccumC		r29
-#define	AccumD		r30
-#define	CTable		r24
-#define	CTable0		r25
-#define	CtxPtr0		in0
-#define	CtxPtr1		r23
-#define	DPtrIn		in1
-#define	BlockCount	in2
-#define	InAlign		r10
-#define	LCSave		r21
-#define	PFSSave		r20
-#define	PRSave		r22
-#define	pAgain		p63
-#define	pOff		p63
-
-	.text
-
-/* md5_block_asm_data_order(MD5_CTX *c, const void *data, size_t num)
-
-     where:
-      c: a pointer to a structure of this type:
-
-	   typedef struct MD5state_st
-	     {
-	       MD5_LONG A,B,C,D;
-	       MD5_LONG Nl,Nh;
-	       MD5_LONG data[MD5_LBLOCK];
-	       unsigned int num;
-	     }
-	   MD5_CTX;
-
-      data: a pointer to the input data (may be misaligned)
-      num:  the number of 16-byte blocks to hash (i.e., the length
-            of DATA is 16*NUM.
-
-   */
-
-	.type	md5_block_asm_data_order, @function
-	.global	md5_block_asm_data_order
-	.align	32
-	.proc	md5_block_asm_data_order
-md5_block_asm_data_order:
-.md5_block:
-	.prologue
-{	.mmi
-	.save	ar.pfs, PFSSave
-	alloc	PFSSave = ar.pfs, MD5_NINP, MD5_NLOC, MD5_NOUT, MD5_NROT
-	ADDP	CtxPtr1 = 8, CtxPtr0
-	mov	CTable = ip
-}
-{	.mmi
-	ADDP	DPtrIn = 0, DPtrIn
-	ADDP	CtxPtr0 = 0, CtxPtr0
-	.save	ar.lc, LCSave
-	mov	LCSave = ar.lc
-}
-;;
-{	.mmi
-	add	CTable = .md5_tbl_data_order#-.md5_block#, CTable
-	and	InAlign = 0x3, DPtrIn
-}
-
-{	.mmi
-	ld4	AccumA = [CtxPtr0], 4
-	ld4	AccumC = [CtxPtr1], 4
-	.save pr, PRSave
-	mov	PRSave = pr
-	.body
-}
-;;
-{	.mmi
-	ld4	AccumB = [CtxPtr0]
-	ld4	AccumD = [CtxPtr1]
-	dep	DPtr_ = 0, DPtrIn, 0, 2
-} ;;
-#ifdef HOST_IS_BIG_ENDIAN
-	rum	psr.be;;	// switch to little-endian
-#endif
-{	.mmb
-	ld4	CTable0 = [CTable], 4
-	cmp.ne	pOff, p0 = 0, InAlign
-(pOff)	br.cond.spnt.many .md5_unaligned
-} ;;
-
-//	The FF load/compute loop rotates values three times, so that
-//	loading into M12 here produces the M0 value, M13 -> M1, etc.
-
-.md5_block_loop0:
-{	.mmi
-	ld4	M12_ = [DPtr_], 4
-	mov	TPtr = CTable
-	mov	TRound = CTable0
-} ;;
-{	.mmi
-	ld4	M13_ = [DPtr_], 4
-	mov	A_ = AccumA
-	mov	B_ = AccumB
-} ;;
-{	.mmi
-	ld4	M14_ = [DPtr_], 4
-	mov	C_ = AccumC
-	mov	D_ = AccumD
-} ;;
-{	.mmb
-	ld4	M15_ = [DPtr_], 4
-	add	BlockCount = -1, BlockCount
-	br.call.sptk.many QUICK_RTN = md5_digest_block0
-} ;;
-
-//	Now, we add the new digest values and do some clean-up
-//	before checking if there's another full block to process
-
-{	.mmi
-	add	AccumA = AccumA, A_
-	add	AccumB = AccumB, B_
-	cmp.ne	pAgain, p0 = 0, BlockCount
-}
-{	.mib
-	add	AccumC = AccumC, C_
-	add	AccumD = AccumD, D_
-(pAgain) br.cond.dptk.many .md5_block_loop0
-} ;;
-
-.md5_exit:
-#ifdef HOST_IS_BIG_ENDIAN
-	sum	psr.be;;	// switch back to big-endian mode
-#endif
-{	.mmi
-	st4	[CtxPtr0] = AccumB, -4
-	st4	[CtxPtr1] = AccumD, -4
-	mov	pr = PRSave, 0x1ffff ;;
-}
-{	.mmi
-	st4	[CtxPtr0] = AccumA
-	st4	[CtxPtr1] = AccumC
-	mov	ar.lc = LCSave
-} ;;
-{	.mib
-	mov	ar.pfs = PFSSave
-	br.ret.sptk.few	rp
-} ;;
-
-#define	MD5UNALIGNED(offset)						\
-.md5_process##offset:							\
-{	.mib ;								\
-	nop	0x0	;						\
-	GETRW(DTmp, DTmp, offset) ;					\
-} ;;									\
-.md5_block_loop##offset:						\
-{	.mmi ;								\
-	ld4	Y_ = [DPtr_], 4 ;					\
-	mov	TPtr = CTable ;						\
-	mov	TRound = CTable0 ;					\
-} ;;									\
-{	.mmi ;								\
-	ld4	M13_ = [DPtr_], 4 ;					\
-	mov	A_ = AccumA ;						\
-	mov	B_ = AccumB ;						\
-} ;;									\
-{	.mii ;								\
-	ld4	M14_ = [DPtr_], 4 ;					\
-	GETLW(W_, Y_, offset) ;						\
-	mov	C_ = AccumC ;						\
-}									\
-{	.mmi ;								\
-	mov	D_ = AccumD ;;						\
-	or	M12_ = W_, DTmp ;					\
-	GETRW(DTmp, Y_, offset) ;					\
-}									\
-{	.mib ;								\
-	ld4	M15_ = [DPtr_], 4 ;					\
-	add	BlockCount = -1, BlockCount ;				\
-	br.call.sptk.many QUICK_RTN = md5_digest_block##offset;		\
-} ;;									\
-{	.mmi ;								\
-	add	AccumA = AccumA, A_ ;					\
-	add	AccumB = AccumB, B_ ;					\
-	cmp.ne	pAgain, p0 = 0, BlockCount ;				\
-}									\
-{	.mib ;								\
-	add	AccumC = AccumC, C_ ;					\
-	add	AccumD = AccumD, D_ ;					\
-(pAgain) br.cond.dptk.many .md5_block_loop##offset ;			\
-} ;;									\
-{	.mib ;								\
-	nop	0x0 ;							\
-	nop	0x0 ;							\
-	br.cond.sptk.many .md5_exit ;					\
-} ;;
-
-	.align	32
-.md5_unaligned:
-//
-//	Because variable shifts are expensive, we special case each of
-//	the four alignements. In practice, this won't hurt too much
-//	since only one working set of code will be loaded.
-//
-{	.mib
-	ld4	DTmp = [DPtr_], 4
-	cmp.eq	pOff, p0 = 1, InAlign
-(pOff)	br.cond.dpnt.many .md5_process1
-} ;;
-{	.mib
-	cmp.eq	pOff, p0 = 2, InAlign
-	nop	0x0
-(pOff)	br.cond.dpnt.many .md5_process2
-} ;;
-	MD5UNALIGNED(3)
-	MD5UNALIGNED(1)
-	MD5UNALIGNED(2)
-
-	.endp md5_block_asm_data_order
-
-
-// MD5 Perform the F function and load
-//
-// Passed the first 4 words (M0 - M3) and initial (A, B, C, D) values,
-// computes the FF() round of functions, then branches to the common
-// digest code to finish up with GG(), HH, and II().
-//
-// INPUT
-//
-// rp Return Address -
-//
-// CODE
-//
-// v0 PFS bit bucket PFS
-// v1 Loop Trip Count LTrip
-// pt0 Load next word pMore
-
-/* For F round: */
-#define LTrip	r9
-#define PFS	r8
-#define pMore	p6
-
-/* For GHI rounds: */
-#define T	r9
-#define U	r10
-#define V	r11
-
-#define COMPUTE(a, b, s, M, R)			\
-{						\
-	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	dep.z Y = Z, 32, 32 ;;			\
-	shrp Z = Z, Y, 64 - s ;			\
-} ;;						\
-{						\
-	.mmi ;					\
-	add a = Z, b ;				\
-	mov R = M ;				\
-	nop 0x0 ;				\
-} ;;
-
-#define LOOP(a, b, s, M, R, label)		\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	dep.z Y = Z, 32, 32 ;;			\
-	shrp Z = Z, Y, 64 - s ;			\
-} ;;						\
-{	.mib ;					\
-	add a = Z, b ;				\
-	mov R = M ;				\
-	br.ctop.sptk.many label ;		\
-} ;;
-
-// G(B, C, D) = (B & D) | (C & ~D)
-
-#define G(a, b, c, d, M)			\
-{	.mmi ;					\
-	add Z = M, TRound ;			\
-	and Y = b, d ;				\
-	andcm X = c, d ;			\
-} ;;						\
-{	.mii ;					\
-	add Z = Z, a ;				\
-	or Y = Y, X ;;				\
-	add Z = Z, Y ;				\
-} ;;
-
-// H(B, C, D) = B ^ C ^ D
-
-#define H(a, b, c, d, M)			\
-{	.mmi ;					\
-	add Z = M, TRound ;			\
-	xor Y = b, c ;				\
-	nop 0x0 ;				\
-} ;;						\
-{	.mii ;					\
-	add Z = Z, a ;				\
-	xor Y = Y, d ;;				\
-	add Z = Z, Y ;				\
-} ;;
-
-// I(B, C, D) = C ^ (B | ~D)
-//
-// However, since we have an andcm operator, we use the fact that
-//
-// Y ^ Z == ~Y ^ ~Z
-//
-// to rewrite the expression as
-//
-// I(B, C, D) = ~C ^ (~B & D)
-
-#define I(a, b, c, d, M)			\
-{	.mmi ;					\
-	add Z = M, TRound ;			\
-	andcm Y = d, b ;			\
-	andcm X = -1, c ;			\
-} ;;						\
-{	.mii ;					\
-	add Z = Z, a ;				\
-	xor Y = Y, X ;;				\
-	add Z = Z, Y ;				\
-} ;;
-
-#define GG4(label)				\
-	G(A, B, C, D, M0)			\
-	COMPUTE(A, B, 5, M0, RotateM0)		\
-	G(D, A, B, C, M1)			\
-	COMPUTE(D, A, 9, M1, RotateM1)		\
-	G(C, D, A, B, M2)			\
-	COMPUTE(C, D, 14, M2, RotateM2)		\
-	G(B, C, D, A, M3)			\
-	LOOP(B, C, 20, M3, RotateM3, label)
-
-#define HH4(label)				\
-	H(A, B, C, D, M0)			\
-	COMPUTE(A, B, 4, M0, RotateM0)		\
-	H(D, A, B, C, M1)			\
-	COMPUTE(D, A, 11, M1, RotateM1)		\
-	H(C, D, A, B, M2)			\
-	COMPUTE(C, D, 16, M2, RotateM2)		\
-	H(B, C, D, A, M3)			\
-	LOOP(B, C, 23, M3, RotateM3, label)
-
-#define II4(label)				\
-	I(A, B, C, D, M0)			\
-	COMPUTE(A, B, 6, M0, RotateM0)		\
-	I(D, A, B, C, M1)			\
-	COMPUTE(D, A, 10, M1, RotateM1)		\
-	I(C, D, A, B, M2)			\
-	COMPUTE(C, D, 15, M2, RotateM2)		\
-	I(B, C, D, A, M3)			\
-	LOOP(B, C, 21, M3, RotateM3, label)
-
-#define FFLOAD(a, b, c, d, M, N, s)		\
-{	.mii ;					\
-(pMore) ld4 N = [DPtr], 4 ;			\
-	add Z = M, TRound ;			\
-	and Y = c, b ;				\
-}						\
-{	.mmi ;					\
-	andcm X = d, b ;;			\
-	add Z = Z, a ;				\
-	or Y = Y, X ;				\
-} ;;						\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	add Z = Z, Y ;;				\
-	dep.z Y = Z, 32, 32 ;			\
-} ;;						\
-{	.mii ;					\
-	nop 0x0 ;				\
-	shrp Z = Z, Y, 64 - s ;;		\
-	add a = Z, b ;				\
-} ;;
-
-#define FFLOOP(a, b, c, d, M, N, s, dest)	\
-{	.mii ;					\
-(pMore)	ld4 N = [DPtr], 4 ;			\
-	add Z = M, TRound ;			\
-	and Y = c, b ;				\
-}						\
-{	.mmi ;					\
-	andcm X = d, b ;;			\
-	add Z = Z, a ;				\
-	or Y = Y, X ;				\
-} ;;						\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	add Z = Z, Y ;;				\
-	dep.z Y = Z, 32, 32 ;			\
-} ;;						\
-{	.mii ;					\
-	nop 0x0 ;				\
-	shrp Z = Z, Y, 64 - s ;;		\
-	add a = Z, b ;				\
-}						\
-{	.mib ;					\
-	cmp.ne pMore, p0 = 0, LTrip ;		\
-	add LTrip = -1, LTrip ;			\
-	br.ctop.dptk.many dest ;		\
-} ;;
-
-	.type md5_digest_block0, @function
-	.align 32
-
-	.proc md5_digest_block0
-	.prologue
-md5_digest_block0:
-	.altrp QUICK_RTN
-	.body
-{	.mmi
-	alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
-	mov LTrip = 2
-	mov ar.lc = 3
-} ;;
-{	.mii
-	cmp.eq pMore, p0 = r0, r0
-	mov ar.ec = 0
-	nop 0x0
-} ;;
-
-.md5_FF_round0:
-	FFLOAD(A, B, C, D, M12, RotateM0, 7)
-	FFLOAD(D, A, B, C, M13, RotateM1, 12)
-	FFLOAD(C, D, A, B, M14, RotateM2, 17)
-	FFLOOP(B, C, D, A, M15, RotateM3, 22, .md5_FF_round0)
-	//
-	// !!! Fall through to md5_digest_GHI
-	//
-	.endp md5_digest_block0
-
-	.type md5_digest_GHI, @function
-	.align 32
-
-	.proc md5_digest_GHI
-	.prologue
-	.regstk _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
-md5_digest_GHI:
-	.altrp QUICK_RTN
-	.body
-//
-// The following sequence shuffles the block counstants round for the
-// next round:
-//
-// 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
-// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
-//
-{	.mmi
-	mov Z = M0
-	mov Y = M15
-	mov ar.lc = 3
-}
-{	.mmi
-	mov X = M2
-	mov W = M9
-	mov V = M4
-} ;;
-
-{	.mmi
-	mov M0 = M1
-	mov M15 = M12
-	mov ar.ec = 1
-}
-{	.mmi
-	mov M2 = M11
-	mov M9 = M14
-	mov M4 = M5
-} ;;
-
-{	.mmi
-	mov M1 = M6
-	mov M12 = M13
-	mov U = M3
-}
-{	.mmi
-	mov M11 = M8
-	mov M14 = M7
-	mov M5 = M10
-} ;;
-
-{	.mmi
-	mov M6 = Y
-	mov M13 = X
-	mov M3 = Z
-}
-{	.mmi
-	mov M8 = W
-	mov M7 = V
-	mov M10 = U
-} ;;
-
-.md5_GG_round:
-	GG4(.md5_GG_round)
-
-// The following sequence shuffles the block constants round for the
-// next round:
-//
-// 1 6 11 0 5 10 14 4 9 14 3 8 13 2 7 12
-// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
-
-{	.mmi
-	mov Z = M0
-	mov Y = M1
-	mov ar.lc = 3
-}
-{	.mmi
-	mov X = M3
-	mov W = M5
-	mov V = M6
-} ;;
-
-{	.mmi
-	mov M0 = M4
-	mov M1 = M11
-	mov ar.ec = 1
-}
-{	.mmi
-	mov M3 = M9
-	mov U = M8
-	mov T = M13
-} ;;
-
-{	.mmi
-	mov M4 = Z
-	mov M11 = Y
-	mov M5 = M7
-}
-{	.mmi
-	mov M6 = M14
-	mov M8 = M12
-	mov M13 = M15
-} ;;
-
-{	.mmi
-	mov M7 = W
-	mov M14 = V
-	nop 0x0
-}
-{	.mmi
-	mov M9 = X
-	mov M12 = U
-	mov M15 = T
-} ;;
-
-.md5_HH_round:
-	HH4(.md5_HH_round)
-
-// The following sequence shuffles the block constants round for the
-// next round:
-//
-// 5 8 11 14 1 4 7 10 13 0 3 6 9 12 15 2
-// 0 7 14 5 12 3 10 1 8 15 6 13 4 11 2 9
-
-{	.mmi
-	mov Z = M0
-	mov Y = M15
-	mov ar.lc = 3
-}
-{	.mmi
-	mov X = M10
-	mov W = M1
-	mov V = M4
-} ;;
-
-{	.mmi
-	mov M0 = M9
-	mov M15 = M12
-	mov ar.ec = 1
-}
-{	.mmi
-	mov M10 = M11
-	mov M1 = M6
-	mov M4 = M13
-} ;;
-
-{	.mmi
-	mov M9 = M14
-	mov M12 = M5
-	mov U = M3
-}
-{	.mmi
-	mov M11 = M8
-	mov M6 = M7
-	mov M13 = M2
-} ;;
-
-{	.mmi
-	mov M14 = Y
-	mov M5 = X
-	mov M3 = Z
-}
-{	.mmi
-	mov M8 = W
-	mov M7 = V
-	mov M2 = U
-} ;;
-
-.md5_II_round:
-	II4(.md5_II_round)
-
-{	.mib
-	nop 0x0
-	nop 0x0
-	br.ret.sptk.many QUICK_RTN
-} ;;
-
-	.endp md5_digest_GHI
-
-#define FFLOADU(a, b, c, d, M, P, N, s, offset)	\
-{	.mii ;					\
-(pMore) ld4 N = [DPtr], 4 ;			\
-	add Z = M, TRound ;			\
-	and Y = c, b ;				\
-}						\
-{	.mmi ;					\
-	andcm X = d, b ;;			\
-	add Z = Z, a ;				\
-	or Y = Y, X ;				\
-} ;;						\
-{	.mii ;					\
-	ld4 TRound = [TPtr], 4 ;		\
-	GETLW(W, P, offset) ;			\
-	add Z = Z, Y ;				\
-} ;;						\
-{	.mii ;					\
-	or W = W, DTmp ;			\
-	dep.z Y = Z, 32, 32 ;;			\
-	shrp Z = Z, Y, 64 - s ;			\
-} ;;						\
-{	.mii ;					\
-	add a = Z, b ;				\
-	GETRW(DTmp, P, offset) ;		\
-	mov P = W ;				\
-} ;;
-
-#define FFLOOPU(a, b, c, d, M, P, N, s, offset)		\
-{	.mii ;						\
-(pMore) ld4 N = [DPtr], 4 ;				\
-	add Z = M, TRound ;				\
-	and Y = c, b ;					\
-}							\
-{	.mmi ;						\
-	andcm X = d, b ;;				\
-	add Z = Z, a ;					\
-	or Y = Y, X ;					\
-} ;;							\
-{	.mii ;						\
-	ld4 TRound = [TPtr], 4 ;			\
-(pMore) GETLW(W, P, offset) 	;			\
-	add Z = Z, Y ;					\
-} ;;							\
-{	.mii ;						\
-(pMore) or W = W, DTmp ;				\
-	dep.z Y = Z, 32, 32 ;;				\
-	shrp Z = Z, Y, 64 - s ;				\
-} ;;							\
-{	.mii ;						\
-	add a = Z, b ;					\
-(pMore) GETRW(DTmp, P, offset) 	;			\
-(pMore) mov P = W ;					\
-}							\
-{	.mib ;						\
-	cmp.ne pMore, p0 = 0, LTrip ;			\
-	add LTrip = -1, LTrip ;				\
-	br.ctop.sptk.many .md5_FF_round##offset ;	\
-} ;;
-
-#define MD5FBLOCK(offset)						\
-	.type md5_digest_block##offset, @function ;			\
-									\
-	.align 32 ;							\
-	.proc md5_digest_block##offset ;				\
-	.prologue ;							\
-	.altrp QUICK_RTN ;						\
-	.body ;								\
-md5_digest_block##offset:						\
-{	.mmi ;								\
-	alloc PFS = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE ;	\
-	mov LTrip = 2 ;							\
-	mov ar.lc = 3 ;							\
-} ;;									\
-{	.mii ;								\
-	cmp.eq pMore, p0 = r0, r0 ;					\
-	mov ar.ec = 0 ;							\
-	nop 0x0 ;							\
-} ;;									\
-									\
-	.pred.rel "mutex", pLoad, pSkip ;				\
-.md5_FF_round##offset:							\
-	FFLOADU(A, B, C, D, M12, M13, RotateM0, 7, offset)		\
-	FFLOADU(D, A, B, C, M13, M14, RotateM1, 12, offset)		\
-	FFLOADU(C, D, A, B, M14, M15, RotateM2, 17, offset)		\
-	FFLOOPU(B, C, D, A, M15, RotateM0, RotateM3, 22, offset)	\
-									\
-{	.mib ;								\
-	nop 0x0 ;							\
-	nop 0x0 ;							\
-	br.cond.sptk.many md5_digest_GHI ;				\
-} ;;									\
-	.endp md5_digest_block##offset
-
-MD5FBLOCK(1)
-MD5FBLOCK(2)
-MD5FBLOCK(3)
-
-	.align 64
-	.type md5_constants, @object
-md5_constants:
-.md5_tbl_data_order:			// To ensure little-endian data
-					// order, code as bytes.
-	data1 0x78, 0xa4, 0x6a, 0xd7	//     0
-	data1 0x56, 0xb7, 0xc7, 0xe8	//     1
-	data1 0xdb, 0x70, 0x20, 0x24	//     2
-	data1 0xee, 0xce, 0xbd, 0xc1	//     3
-	data1 0xaf, 0x0f, 0x7c, 0xf5	//     4
-	data1 0x2a, 0xc6, 0x87, 0x47	//     5
-	data1 0x13, 0x46, 0x30, 0xa8	//     6
-	data1 0x01, 0x95, 0x46, 0xfd	//     7
-	data1 0xd8, 0x98, 0x80, 0x69	//     8
-	data1 0xaf, 0xf7, 0x44, 0x8b	//     9
-	data1 0xb1, 0x5b, 0xff, 0xff	//    10
-	data1 0xbe, 0xd7, 0x5c, 0x89	//    11
-	data1 0x22, 0x11, 0x90, 0x6b	//    12
-	data1 0x93, 0x71, 0x98, 0xfd	//    13
-	data1 0x8e, 0x43, 0x79, 0xa6	//    14
-	data1 0x21, 0x08, 0xb4, 0x49	//    15
-	data1 0x62, 0x25, 0x1e, 0xf6	//    16
-	data1 0x40, 0xb3, 0x40, 0xc0	//    17
-	data1 0x51, 0x5a, 0x5e, 0x26	//    18
-	data1 0xaa, 0xc7, 0xb6, 0xe9	//    19
-	data1 0x5d, 0x10, 0x2f, 0xd6	//    20
-	data1 0x53, 0x14, 0x44, 0x02	//    21
-	data1 0x81, 0xe6, 0xa1, 0xd8	//    22
-	data1 0xc8, 0xfb, 0xd3, 0xe7	//    23
-	data1 0xe6, 0xcd, 0xe1, 0x21	//    24
-	data1 0xd6, 0x07, 0x37, 0xc3	//    25
-	data1 0x87, 0x0d, 0xd5, 0xf4	//    26
-	data1 0xed, 0x14, 0x5a, 0x45	//    27
-	data1 0x05, 0xe9, 0xe3, 0xa9	//    28
-	data1 0xf8, 0xa3, 0xef, 0xfc	//    29
-	data1 0xd9, 0x02, 0x6f, 0x67	//    30
-	data1 0x8a, 0x4c, 0x2a, 0x8d	//    31
-	data1 0x42, 0x39, 0xfa, 0xff	//    32
-	data1 0x81, 0xf6, 0x71, 0x87	//    33
-	data1 0x22, 0x61, 0x9d, 0x6d	//    34
-	data1 0x0c, 0x38, 0xe5, 0xfd	//    35
-	data1 0x44, 0xea, 0xbe, 0xa4	//    36
-	data1 0xa9, 0xcf, 0xde, 0x4b	//    37
-	data1 0x60, 0x4b, 0xbb, 0xf6	//    38
-	data1 0x70, 0xbc, 0xbf, 0xbe	//    39
-	data1 0xc6, 0x7e, 0x9b, 0x28	//    40
-	data1 0xfa, 0x27, 0xa1, 0xea	//    41
-	data1 0x85, 0x30, 0xef, 0xd4	//    42
-	data1 0x05, 0x1d, 0x88, 0x04	//    43
-	data1 0x39, 0xd0, 0xd4, 0xd9	//    44
-	data1 0xe5, 0x99, 0xdb, 0xe6	//    45
-	data1 0xf8, 0x7c, 0xa2, 0x1f	//    46
-	data1 0x65, 0x56, 0xac, 0xc4	//    47
-	data1 0x44, 0x22, 0x29, 0xf4	//    48
-	data1 0x97, 0xff, 0x2a, 0x43	//    49
-	data1 0xa7, 0x23, 0x94, 0xab	//    50
-	data1 0x39, 0xa0, 0x93, 0xfc	//    51
-	data1 0xc3, 0x59, 0x5b, 0x65	//    52
-	data1 0x92, 0xcc, 0x0c, 0x8f	//    53
-	data1 0x7d, 0xf4, 0xef, 0xff	//    54
-	data1 0xd1, 0x5d, 0x84, 0x85	//    55
-	data1 0x4f, 0x7e, 0xa8, 0x6f	//    56
-	data1 0xe0, 0xe6, 0x2c, 0xfe	//    57
-	data1 0x14, 0x43, 0x01, 0xa3	//    58
-	data1 0xa1, 0x11, 0x08, 0x4e	//    59
-	data1 0x82, 0x7e, 0x53, 0xf7	//    60
-	data1 0x35, 0xf2, 0x3a, 0xbd	//    61
-	data1 0xbb, 0xd2, 0xd7, 0x2a	//    62
-	data1 0x91, 0xd3, 0x86, 0xeb	//    63
-.size	md5_constants#,64*4
diff --git a/src/lib/libcrypto/modes/asm/ghash-ia64.pl b/src/lib/libcrypto/modes/asm/ghash-ia64.pl
deleted file mode 100755
index 0354c95444..0000000000
--- a/src/lib/libcrypto/modes/asm/ghash-ia64.pl
+++ /dev/null
@@ -1,463 +0,0 @@
-#!/usr/bin/env perl
-
-# ====================================================================
-# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# March 2010
-#
-# The module implements "4-bit" GCM GHASH function and underlying
-# single multiplication operation in GF(2^128). "4-bit" means that it
-# uses 256 bytes per-key table [+128 bytes shared table]. Streamed
-# GHASH performance was measured to be 6.67 cycles per processed byte
-# on Itanium 2, which is >90% better than Microsoft compiler generated
-# code. To anchor to something else sha1-ia64.pl module processes one
-# byte in 5.7 cycles. On Itanium GHASH should run at ~8.5 cycles per
-# byte.
-
-# September 2010
-#
-# It was originally thought that it makes lesser sense to implement
-# "528B" variant on Itanium 2 for following reason. Because number of
-# functional units is naturally limited, it appeared impossible to
-# implement "528B" loop in 4 cycles, only in 5. This would mean that
-# theoretically performance improvement couldn't be more than 20%.
-# But occasionally you prove yourself wrong:-) I figured out a way to
-# fold couple of instructions and having freed yet another instruction
-# slot by unrolling the loop... Resulting performance is 4.45 cycles
-# per processed byte and 50% better than "256B" version. On original
-# Itanium performance should remain the same as the "256B" version,
-# i.e. ~8.5 cycles.
-
-$output=shift and (open STDOUT,">$output" or die "can't open $output: $!");
-
-if ($^O eq "hpux") {
-    $ADDP="addp4";
-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
-} else { $ADDP="add"; }
-for (@ARGV)  {  $big_endian=1 if (/\-DB_ENDIAN/);
-                $big_endian=0 if (/\-DL_ENDIAN/);  }
-if (!defined($big_endian))
-             {  $big_endian=(unpack('L',pack('N',1))==1);  }
-
-sub loop() {
-my $label=shift;
-my ($p16,$p17)=(shift)?("p63","p63"):("p16","p17"); # mask references to inp
-
-# Loop is scheduled for 6 ticks on Itanium 2 and 8 on Itanium, i.e.
-# in scalable manner;-) Naturally assuming data in L1 cache...
-# Special note about 'dep' instruction, which is used to construct
-# &rem_4bit[Zlo&0xf]. It works, because rem_4bit is aligned at 128
-# bytes boundary and lower 7 bits of its address are guaranteed to
-# be zero.
-$code.=<<___;
-$label:
-{ .mfi;	(p18)	ld8	Hlo=[Hi[1]],-8
-	(p19)	dep	rem=Zlo,rem_4bitp,3,4	}
-{ .mfi;	(p19)	xor	Zhi=Zhi,Hhi
-	($p17)	xor	xi[1]=xi[1],in[1]	};;
-{ .mfi;	(p18)	ld8	Hhi=[Hi[1]]
-	(p19)	shrp	Zlo=Zhi,Zlo,4		}
-{ .mfi;	(p19)	ld8	rem=[rem]
-	(p18)	and	Hi[1]=mask0xf0,xi[2]	};;
-{ .mmi;	($p16)	ld1	in[0]=[inp],-1
-	(p18)	xor	Zlo=Zlo,Hlo
-	(p19)	shr.u	Zhi=Zhi,4		}
-{ .mib;	(p19)	xor	Hhi=Hhi,rem
-	(p18)	add	Hi[1]=Htbl,Hi[1]	};;
-
-{ .mfi;	(p18)	ld8	Hlo=[Hi[1]],-8
-	(p18)	dep	rem=Zlo,rem_4bitp,3,4	}
-{ .mfi;	(p17)	shladd	Hi[0]=xi[1],4,r0
-	(p18)	xor	Zhi=Zhi,Hhi		};;
-{ .mfi;	(p18)	ld8	Hhi=[Hi[1]]
-	(p18)	shrp	Zlo=Zhi,Zlo,4		}
-{ .mfi;	(p18)	ld8	rem=[rem]
-	(p17)	and	Hi[0]=mask0xf0,Hi[0]	};;
-{ .mmi;	(p16)	ld1	xi[0]=[Xi],-1
-	(p18)	xor	Zlo=Zlo,Hlo
-	(p18)	shr.u	Zhi=Zhi,4		}
-{ .mib;	(p18)	xor	Hhi=Hhi,rem
-	(p17)	add	Hi[0]=Htbl,Hi[0]
-	br.ctop.sptk	$label			};;
-___
-}
-
-$code=<<___;
-.explicit
-.text
-
-prevfs=r2;	prevlc=r3;	prevpr=r8;
-mask0xf0=r21;
-rem=r22;	rem_4bitp=r23;
-Xi=r24;		Htbl=r25;
-inp=r26;	end=r27;
-Hhi=r28;	Hlo=r29;
-Zhi=r30;	Zlo=r31;
-
-.align	128
-.skip	16					// aligns loop body
-.global	gcm_gmult_4bit#
-.proc	gcm_gmult_4bit#
-gcm_gmult_4bit:
-	.prologue
-{ .mmi;	.save	ar.pfs,prevfs
-	alloc	prevfs=ar.pfs,2,6,0,8
-	$ADDP	Xi=15,in0			// &Xi[15]
-	mov	rem_4bitp=ip		}
-{ .mii;	$ADDP	Htbl=8,in1			// &Htbl[0].lo
-	.save	ar.lc,prevlc
-	mov	prevlc=ar.lc
-	.save	pr,prevpr
-	mov	prevpr=pr		};;
-
-	.body
-	.rotr	in[3],xi[3],Hi[2]
-
-{ .mib;	ld1	xi[2]=[Xi],-1			// Xi[15]
-	mov	mask0xf0=0xf0
-	brp.loop.imp	.Loop1,.Lend1-16};;
-{ .mmi;	ld1	xi[1]=[Xi],-1			// Xi[14]
-					};;
-{ .mii;	shladd	Hi[1]=xi[2],4,r0
-	mov	pr.rot=0x7<<16
-	mov	ar.lc=13		};;
-{ .mii;	and	Hi[1]=mask0xf0,Hi[1]
-	mov	ar.ec=3
-	xor	Zlo=Zlo,Zlo		};;
-{ .mii;	add	Hi[1]=Htbl,Hi[1]		// &Htbl[nlo].lo
-	add	rem_4bitp=rem_4bit#-gcm_gmult_4bit#,rem_4bitp
-	xor	Zhi=Zhi,Zhi		};;
-___
-	&loop	(".Loop1",1);
-$code.=<<___;
-.Lend1:
-{ .mib;	xor	Zhi=Zhi,Hhi		};;	// modulo-scheduling artefact
-{ .mib;	mux1	Zlo=Zlo,\@rev		};;
-{ .mib;	mux1	Zhi=Zhi,\@rev		};;
-{ .mmi;	add	Hlo=9,Xi;;			// ;; is here to prevent
-	add	Hhi=1,Xi		};;	// pipeline flush on Itanium
-{ .mib;	st8	[Hlo]=Zlo
-	mov	pr=prevpr,0x1ffff	};;
-{ .mib;	st8	[Hhi]=Zhi
-	mov	ar.lc=prevlc
-	br.ret.sptk.many	b0	};;
-.endp	gcm_gmult_4bit#
-___
-
-######################################################################
-# "528B" (well, "512B" actualy) streamed GHASH
-#
-$Xip="in0";
-$Htbl="in1";
-$inp="in2";
-$len="in3";
-$rem_8bit="loc0";
-$mask0xff="loc1";
-($sum,$rum) = $big_endian ? ("nop.m","nop.m") : ("sum","rum");
-
-sub load_htable() {
-    for (my $i=0;$i<8;$i++) {
-	$code.=<<___;
-{ .mmi;	ld8	r`16+2*$i+1`=[r8],16		// Htable[$i].hi
-	ld8	r`16+2*$i`=[r9],16	}	// Htable[$i].lo
-{ .mmi;	ldf8	f`32+2*$i+1`=[r10],16		// Htable[`8+$i`].hi
-	ldf8	f`32+2*$i`=[r11],16		// Htable[`8+$i`].lo
-___
-	$code.=shift	if (($i+$#_)==7);
-	$code.="\t};;\n"
-    }
-}
-
-$code.=<<___;
-prevsp=r3;
-
-.align	32
-.skip	16					// aligns loop body
-.global	gcm_ghash_4bit#
-.proc	gcm_ghash_4bit#
-gcm_ghash_4bit:
-	.prologue
-{ .mmi;	.save	ar.pfs,prevfs
-	alloc	prevfs=ar.pfs,4,2,0,0
-	.vframe	prevsp
-	mov	prevsp=sp
-	mov	$rem_8bit=ip		};;
-	.body
-{ .mfi;	$ADDP	r8=0+0,$Htbl
-	$ADDP	r9=0+8,$Htbl		}
-{ .mfi;	$ADDP	r10=128+0,$Htbl
-	$ADDP	r11=128+8,$Htbl		};;
-___
-	&load_htable(
-	"	$ADDP	$Xip=15,$Xip",		# &Xi[15]
-	"	$ADDP	$len=$len,$inp",	# &inp[len]
-	"	$ADDP	$inp=15,$inp",		# &inp[15]
-	"	mov	$mask0xff=0xff",
-	"	add	sp=-512,sp",
-	"	andcm	sp=sp,$mask0xff",	# align stack frame
-	"	add	r14=0,sp",
-	"	add	r15=8,sp");
-$code.=<<___;
-{ .mmi;	$sum	1<<1				// go big-endian
-	add	r8=256+0,sp
-	add	r9=256+8,sp		}
-{ .mmi;	add	r10=256+128+0,sp
-	add	r11=256+128+8,sp
-	add	$len=-17,$len		};;
-___
-for($i=0;$i<8;$i++) {	# generate first half of Hshr4[]
-my ($rlo,$rhi)=("r".eval(16+2*$i),"r".eval(16+2*$i+1));
-$code.=<<___;
-{ .mmi;	st8	[r8]=$rlo,16			// Htable[$i].lo
-	st8	[r9]=$rhi,16			// Htable[$i].hi
-	shrp	$rlo=$rhi,$rlo,4	}//;;
-{ .mmi;	stf8	[r10]=f`32+2*$i`,16		// Htable[`8+$i`].lo
-	stf8	[r11]=f`32+2*$i+1`,16		// Htable[`8+$i`].hi
-	shr.u	$rhi=$rhi,4		};;
-{ .mmi;	st8	[r14]=$rlo,16			// Htable[$i].lo>>4
-	st8	[r15]=$rhi,16		}//;;	// Htable[$i].hi>>4
-___
-}
-$code.=<<___;
-{ .mmi;	ld8	r16=[r8],16			// Htable[8].lo
-	ld8	r17=[r9],16		};;	// Htable[8].hi
-{ .mmi;	ld8	r18=[r8],16			// Htable[9].lo
-	ld8	r19=[r9],16		}	// Htable[9].hi
-{ .mmi;	rum	1<<5				// clear um.mfh
-	shrp	r16=r17,r16,4		};;
-___
-for($i=0;$i<6;$i++) {	# generate second half of Hshr4[]
-$code.=<<___;
-{ .mmi;	ld8	r`20+2*$i`=[r8],16		// Htable[`10+$i`].lo
-	ld8	r`20+2*$i+1`=[r9],16		// Htable[`10+$i`].hi
-	shr.u	r`16+2*$i+1`=r`16+2*$i+1`,4	};;
-{ .mmi;	st8	[r14]=r`16+2*$i`,16		// Htable[`8+$i`].lo>>4
-	st8	[r15]=r`16+2*$i+1`,16		// Htable[`8+$i`].hi>>4
-	shrp	r`18+2*$i`=r`18+2*$i+1`,r`18+2*$i`,4	}
-___
-}
-$code.=<<___;
-{ .mmi;	shr.u	r`16+2*$i+1`=r`16+2*$i+1`,4	};;
-{ .mmi;	st8	[r14]=r`16+2*$i`,16		// Htable[`8+$i`].lo>>4
-	st8	[r15]=r`16+2*$i+1`,16		// Htable[`8+$i`].hi>>4
-	shrp	r`18+2*$i`=r`18+2*$i+1`,r`18+2*$i`,4	}
-{ .mmi;	add	$Htbl=256,sp			// &Htable[0]
-	add	$rem_8bit=rem_8bit#-gcm_ghash_4bit#,$rem_8bit
-	shr.u	r`18+2*$i+1`=r`18+2*$i+1`,4	};;
-{ .mmi;	st8	[r14]=r`18+2*$i`		// Htable[`8+$i`].lo>>4
-	st8	[r15]=r`18+2*$i+1`	}	// Htable[`8+$i`].hi>>4
-___
-
-$in="r15";
-@xi=("r16","r17");
-@rem=("r18","r19");
-($Alo,$Ahi,$Blo,$Bhi,$Zlo,$Zhi)=("r20","r21","r22","r23","r24","r25");
-($Atbl,$Btbl)=("r26","r27");
-
-$code.=<<___;	# (p16)
-{ .mmi;	ld1	$in=[$inp],-1			//(p16) *inp--
-	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
-	cmp.eq	p0,p6=r0,r0		};;	//	clear p6
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-
-$code.=<<___;	# (p16),(p17)
-{ .mmi;	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
-	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
-{ .mii;	ld1	$in=[$inp],-1			//(p16) *inp--
-	dep	$Atbl=$xi[1],$Htbl,4,4		//(p17) &Htable[nlo].lo
-	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
-.align	32
-.LOOP:
-{ .mmi;
-(p6)	st8	[$Xip]=$Zhi,13
-	xor	$Zlo=$Zlo,$Zlo
-	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi].lo
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-
-$code.=<<___;	# (p16),(p17),(p18)
-{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
-	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
-	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
-{ .mfi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
-	dep	$Atbl=$xi[1],$Htbl,4,4	}	//(p17) &Htable[nlo].lo
-{ .mfi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
-	xor	$Zlo=$Zlo,$Alo		};;	//(p18) Z.lo^=Htable[nlo].lo
-{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
-	ld1	$in=[$inp],-1		}	//(p16) *inp--
-{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
-	mov	$Zhi=$Ahi			//(p18) Z.hi^=Htable[nlo].hi
-	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
-{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
-	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
-	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
-{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
-	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-
-for ($i=1;$i<14;$i++) {
-# Above and below fragments are derived from this one by removing
-# unsuitable (p??) instructions.
-$code.=<<___;	# (p16),(p17),(p18),(p19)
-{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
-	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
-	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
-{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
-	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
-	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
-{ .mmi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
-	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
-	dep	$Atbl=$xi[1],$Htbl,4,4	}	//(p17) &Htable[nlo].lo
-{ .mmi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
-	xor	$Zlo=$Zlo,$Alo			//(p18) Z.lo^=Htable[nlo].lo
-	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
-{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
-	ld1	$in=[$inp],-1			//(p16) *inp--
-	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
-{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
-	xor	$Zhi=$Zhi,$Ahi			//(p18) Z.hi^=Htable[nlo].hi
-	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
-{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
-	ld1	$xi[0]=[$Xip],-1		//(p16) *Xi--
-	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
-{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
-	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
-	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-}
-
-$code.=<<___;	# (p17),(p18),(p19)
-{ .mmi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
-	ld8	$rem[0]=[$Btbl],-256		//(p18) Htable[nhi].lo,&Hshr4[nhi].lo
-	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
-{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
-	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
-	xor	$xi[1]=$xi[1],$in	};;	//(p17) xi=$xi[i]^inp[i]
-{ .mmi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
-	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
-	dep	$Atbl=$xi[1],$Htbl,4,4	};;	//(p17) &Htable[nlo].lo
-{ .mmi;	shladd	$rem[0]=$rem[0],4,r0		//(p18) Htable[nhi].lo<<4
-	xor	$Zlo=$Zlo,$Alo			//(p18) Z.lo^=Htable[nlo].lo
-	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
-{ .mmi;	ld8	$Blo=[$Btbl],8			//(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi
-	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
-{ .mmi;	xor	$rem[0]=$rem[0],$Zlo		//(p18) Z.lo^(Htable[nhi].lo<<4)
-	xor	$Zhi=$Zhi,$Ahi			//(p18) Z.hi^=Htable[nlo].hi
-	and	$xi[1]=-16,$xi[1]	};;	//(p17) nhi=xi&0xf0
-{ .mmi;	ld8	$Bhi=[$Btbl]			//(p18) Hshr4[nhi].hi
-	shrp	$Zlo=$Zhi,$Zlo,8	}	//(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8)
-{ .mmi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
-	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
-	add	$Btbl=$xi[1],$Htbl	};;	//(p17) &Htable[nhi]
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-
-$code.=<<___;	# (p18),(p19)
-{ .mfi;	ld8	$Alo=[$Atbl],8			//(p18) Htable[nlo].lo,&Htable[nlo].hi
-	shr.u	$Zhi=$Zhi,8		}	//(p19) Z.hi>>=8
-{ .mfi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
-	xor	$Zlo=$Zlo,$Blo		};;	//(p19) Z.lo^=Hshr4[nhi].lo
-{ .mfi;	ld8	$Ahi=[$Atbl]			//(p18) Htable[nlo].hi
-	xor	$Zlo=$Zlo,$Alo		}	//(p18) Z.lo^=Htable[nlo].lo
-{ .mfi;	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
-	xor	$Zhi=$Zhi,$Bhi		};;	//(p19) Z.hi^=Hshr4[nhi].hi
-{ .mfi;	ld8	$Blo=[$Btbl],8			//(p18) Htable[nhi].lo,&Htable[nhi].hi
-	shl	$rem[1]=$rem[1],48	}	//(p19) rem_8bit[rem]<<48
-{ .mfi;	shladd	$rem[0]=$Zlo,4,r0		//(p18) Z.lo<<4
-	xor	$Zhi=$Zhi,$Ahi		};;	//(p18) Z.hi^=Htable[nlo].hi
-{ .mfi;	ld8	$Bhi=[$Btbl]			//(p18) Htable[nhi].hi
-	shrp	$Zlo=$Zhi,$Zlo,4	}	//(p18) Z.lo=(Z.hi<<60)|(Z.lo>>4)
-{ .mfi;	and	$rem[0]=$rem[0],$mask0xff	//(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff
-	xor	$Zhi=$Zhi,$rem[1]	};;	//(p19) Z.hi^=rem_8bit[rem]<<48
-___
-push (@xi,shift(@xi)); push (@rem,shift(@rem));	# "rotate" registers
-
-$code.=<<___;	# (p19)
-{ .mmi;	cmp.ltu	p6,p0=$inp,$len
-	add	$inp=32,$inp
-	shr.u	$Zhi=$Zhi,4		}	//(p19) Z.hi>>=4
-{ .mmi;	shladd	$rem[1]=$rem[1],1,$rem_8bit	//(p19) &rem_8bit[rem]
-	xor	$Zlo=$Zlo,$Blo			//(p19) Z.lo^=Hshr4[nhi].lo
-	add	$Xip=9,$Xip		};;	//	&Xi.lo
-{ .mmi;	ld2	$rem[1]=[$rem[1]]		//(p19) rem_8bit[rem]
-(p6)	ld1	$in=[$inp],-1			//[p16] *inp--
-(p6)	extr.u	$xi[1]=$Zlo,8,8		}	//[p17] Xi[14]
-{ .mmi;	xor	$Zhi=$Zhi,$Bhi			//(p19) Z.hi^=Hshr4[nhi].hi
-(p6)	and	$xi[0]=$Zlo,$mask0xff	};;	//[p16] Xi[15]
-{ .mmi;	st8	[$Xip]=$Zlo,-8
-(p6)	xor	$xi[0]=$xi[0],$in		//[p17] xi=$xi[i]^inp[i]
-	shl	$rem[1]=$rem[1],48	};;	//(p19) rem_8bit[rem]<<48
-{ .mmi;
-(p6)	ld1	$in=[$inp],-1			//[p16] *inp--
-	xor	$Zhi=$Zhi,$rem[1]		//(p19) Z.hi^=rem_8bit[rem]<<48
-(p6)	dep	$Atbl=$xi[0],$Htbl,4,4	}	//[p17] &Htable[nlo].lo
-{ .mib;
-(p6)	and	$xi[0]=-16,$xi[0]		//[p17] nhi=xi&0xf0
-(p6)	br.cond.dptk.many	.LOOP	};;
-
-{ .mib;	st8	[$Xip]=$Zhi		};;
-{ .mib;	$rum	1<<1				// return to little-endian
-	.restore	sp
-	mov	sp=prevsp
-	br.ret.sptk.many	b0	};;
-.endp	gcm_ghash_4bit#
-___
-$code.=<<___;
-.align	128
-.type	rem_4bit#,\@object
-rem_4bit:
-        data8	0x0000<<48, 0x1C20<<48, 0x3840<<48, 0x2460<<48
-        data8	0x7080<<48, 0x6CA0<<48, 0x48C0<<48, 0x54E0<<48
-        data8	0xE100<<48, 0xFD20<<48, 0xD940<<48, 0xC560<<48
-        data8	0x9180<<48, 0x8DA0<<48, 0xA9C0<<48, 0xB5E0<<48
-.size	rem_4bit#,128
-.type	rem_8bit#,\@object
-rem_8bit:
-	data1	0x00,0x00, 0x01,0xC2, 0x03,0x84, 0x02,0x46, 0x07,0x08, 0x06,0xCA, 0x04,0x8C, 0x05,0x4E
-	data1	0x0E,0x10, 0x0F,0xD2, 0x0D,0x94, 0x0C,0x56, 0x09,0x18, 0x08,0xDA, 0x0A,0x9C, 0x0B,0x5E
-	data1	0x1C,0x20, 0x1D,0xE2, 0x1F,0xA4, 0x1E,0x66, 0x1B,0x28, 0x1A,0xEA, 0x18,0xAC, 0x19,0x6E
-	data1	0x12,0x30, 0x13,0xF2, 0x11,0xB4, 0x10,0x76, 0x15,0x38, 0x14,0xFA, 0x16,0xBC, 0x17,0x7E
-	data1	0x38,0x40, 0x39,0x82, 0x3B,0xC4, 0x3A,0x06, 0x3F,0x48, 0x3E,0x8A, 0x3C,0xCC, 0x3D,0x0E
-	data1	0x36,0x50, 0x37,0x92, 0x35,0xD4, 0x34,0x16, 0x31,0x58, 0x30,0x9A, 0x32,0xDC, 0x33,0x1E
-	data1	0x24,0x60, 0x25,0xA2, 0x27,0xE4, 0x26,0x26, 0x23,0x68, 0x22,0xAA, 0x20,0xEC, 0x21,0x2E
-	data1	0x2A,0x70, 0x2B,0xB2, 0x29,0xF4, 0x28,0x36, 0x2D,0x78, 0x2C,0xBA, 0x2E,0xFC, 0x2F,0x3E
-	data1	0x70,0x80, 0x71,0x42, 0x73,0x04, 0x72,0xC6, 0x77,0x88, 0x76,0x4A, 0x74,0x0C, 0x75,0xCE
-	data1	0x7E,0x90, 0x7F,0x52, 0x7D,0x14, 0x7C,0xD6, 0x79,0x98, 0x78,0x5A, 0x7A,0x1C, 0x7B,0xDE
-	data1	0x6C,0xA0, 0x6D,0x62, 0x6F,0x24, 0x6E,0xE6, 0x6B,0xA8, 0x6A,0x6A, 0x68,0x2C, 0x69,0xEE
-	data1	0x62,0xB0, 0x63,0x72, 0x61,0x34, 0x60,0xF6, 0x65,0xB8, 0x64,0x7A, 0x66,0x3C, 0x67,0xFE
-	data1	0x48,0xC0, 0x49,0x02, 0x4B,0x44, 0x4A,0x86, 0x4F,0xC8, 0x4E,0x0A, 0x4C,0x4C, 0x4D,0x8E
-	data1	0x46,0xD0, 0x47,0x12, 0x45,0x54, 0x44,0x96, 0x41,0xD8, 0x40,0x1A, 0x42,0x5C, 0x43,0x9E
-	data1	0x54,0xE0, 0x55,0x22, 0x57,0x64, 0x56,0xA6, 0x53,0xE8, 0x52,0x2A, 0x50,0x6C, 0x51,0xAE
-	data1	0x5A,0xF0, 0x5B,0x32, 0x59,0x74, 0x58,0xB6, 0x5D,0xF8, 0x5C,0x3A, 0x5E,0x7C, 0x5F,0xBE
-	data1	0xE1,0x00, 0xE0,0xC2, 0xE2,0x84, 0xE3,0x46, 0xE6,0x08, 0xE7,0xCA, 0xE5,0x8C, 0xE4,0x4E
-	data1	0xEF,0x10, 0xEE,0xD2, 0xEC,0x94, 0xED,0x56, 0xE8,0x18, 0xE9,0xDA, 0xEB,0x9C, 0xEA,0x5E
-	data1	0xFD,0x20, 0xFC,0xE2, 0xFE,0xA4, 0xFF,0x66, 0xFA,0x28, 0xFB,0xEA, 0xF9,0xAC, 0xF8,0x6E
-	data1	0xF3,0x30, 0xF2,0xF2, 0xF0,0xB4, 0xF1,0x76, 0xF4,0x38, 0xF5,0xFA, 0xF7,0xBC, 0xF6,0x7E
-	data1	0xD9,0x40, 0xD8,0x82, 0xDA,0xC4, 0xDB,0x06, 0xDE,0x48, 0xDF,0x8A, 0xDD,0xCC, 0xDC,0x0E
-	data1	0xD7,0x50, 0xD6,0x92, 0xD4,0xD4, 0xD5,0x16, 0xD0,0x58, 0xD1,0x9A, 0xD3,0xDC, 0xD2,0x1E
-	data1	0xC5,0x60, 0xC4,0xA2, 0xC6,0xE4, 0xC7,0x26, 0xC2,0x68, 0xC3,0xAA, 0xC1,0xEC, 0xC0,0x2E
-	data1	0xCB,0x70, 0xCA,0xB2, 0xC8,0xF4, 0xC9,0x36, 0xCC,0x78, 0xCD,0xBA, 0xCF,0xFC, 0xCE,0x3E
-	data1	0x91,0x80, 0x90,0x42, 0x92,0x04, 0x93,0xC6, 0x96,0x88, 0x97,0x4A, 0x95,0x0C, 0x94,0xCE
-	data1	0x9F,0x90, 0x9E,0x52, 0x9C,0x14, 0x9D,0xD6, 0x98,0x98, 0x99,0x5A, 0x9B,0x1C, 0x9A,0xDE
-	data1	0x8D,0xA0, 0x8C,0x62, 0x8E,0x24, 0x8F,0xE6, 0x8A,0xA8, 0x8B,0x6A, 0x89,0x2C, 0x88,0xEE
-	data1	0x83,0xB0, 0x82,0x72, 0x80,0x34, 0x81,0xF6, 0x84,0xB8, 0x85,0x7A, 0x87,0x3C, 0x86,0xFE
-	data1	0xA9,0xC0, 0xA8,0x02, 0xAA,0x44, 0xAB,0x86, 0xAE,0xC8, 0xAF,0x0A, 0xAD,0x4C, 0xAC,0x8E
-	data1	0xA7,0xD0, 0xA6,0x12, 0xA4,0x54, 0xA5,0x96, 0xA0,0xD8, 0xA1,0x1A, 0xA3,0x5C, 0xA2,0x9E
-	data1	0xB5,0xE0, 0xB4,0x22, 0xB6,0x64, 0xB7,0xA6, 0xB2,0xE8, 0xB3,0x2A, 0xB1,0x6C, 0xB0,0xAE
-	data1	0xBB,0xF0, 0xBA,0x32, 0xB8,0x74, 0xB9,0xB6, 0xBC,0xF8, 0xBD,0x3A, 0xBF,0x7C, 0xBE,0xBE
-.size	rem_8bit#,512
-stringz	"GHASH for IA64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$code =~ s/mux1(\s+)\S+\@rev/nop.i$1 0x0/gm      if ($big_endian);
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-
-print $code;
-close STDOUT;
diff --git a/src/lib/libcrypto/rc4/asm/rc4-ia64.pl b/src/lib/libcrypto/rc4/asm/rc4-ia64.pl
deleted file mode 100644
index 49cd5b5e69..0000000000
--- a/src/lib/libcrypto/rc4/asm/rc4-ia64.pl
+++ /dev/null
@@ -1,755 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by David Mosberger <David.Mosberger@acm.org> based on the
-# Itanium optimized Crypto code which was released by HP Labs at
-# http://www.hpl.hp.com/research/linux/crypto/.
-#
-# Copyright (c) 2005 Hewlett-Packard Development Company, L.P.
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
-
-
-
-# This is a little helper program which generates a software-pipelined
-# for RC4 encryption.  The basic algorithm looks like this:
-#
-#   for (counter = 0; counter < len; ++counter)
-#     {
-#       in = inp[counter];
-#       SI = S[I];
-#       J = (SI + J) & 0xff;
-#       SJ = S[J];
-#       T = (SI + SJ) & 0xff;
-#       S[I] = SJ, S[J] = SI;
-#       ST = S[T];
-#       outp[counter] = in ^ ST;
-#       I = (I + 1) & 0xff;
-#     }
-#
-# Pipelining this loop isn't easy, because the stores to the S[] array
-# need to be observed in the right order.  The loop generated by the
-# code below has the following pipeline diagram:
-#
-#      cycle
-#     | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |10 |11 |12 |13 |14 |15 |16 |17 |
-# iter
-#   1: xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
-#   2:             xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
-#   3:                         xxx LDI xxx xxx xxx LDJ xxx SWP xxx LDT xxx xxx
-#
-#   where:
-# 	LDI = load of S[I]
-# 	LDJ = load of S[J]
-# 	SWP = swap of S[I] and S[J]
-# 	LDT = load of S[T]
-#
-# Note that in the above diagram, the major trouble-spot is that LDI
-# of the 2nd iteration is performed BEFORE the SWP of the first
-# iteration.  Fortunately, this is easy to detect (I of the 1st
-# iteration will be equal to J of the 2nd iteration) and when this
-# happens, we simply forward the proper value from the 1st iteration
-# to the 2nd one.  The proper value in this case is simply the value
-# of S[I] from the first iteration (thanks to the fact that SWP
-# simply swaps the contents of S[I] and S[J]).
-#
-# Another potential trouble-spot is in cycle 7, where SWP of the 1st
-# iteration issues at the same time as the LDI of the 3rd iteration.
-# However, thanks to IA-64 execution semantics, this can be taken
-# care of simply by placing LDI later in the instruction-group than
-# SWP.  IA-64 CPUs will automatically forward the value if they
-# detect that the SWP and LDI are accessing the same memory-location.
-
-# The core-loop that can be pipelined then looks like this (annotated
-# with McKinley/Madison issue port & latency numbers, assuming L1
-# cache hits for the most part):
-
-# operation:	    instruction:		    issue-ports:  latency
-# ------------------  -----------------------------   ------------- -------
-
-# Data = *inp++       ld1 data = [inp], 1             M0-M1         1 cyc     c0
-#                     shladd Iptr = I, KeyTable, 3    M0-M3, I0, I1 1 cyc
-# I = (I + 1) & 0xff  padd1 nextI = I, one            M0-M3, I0, I1 3 cyc
-#                     ;;
-# SI = S[I]           ld8 SI = [Iptr]                 M0-M1         1 cyc     c1 * after SWAP!
-#                     ;;
-#                     cmp.eq.unc pBypass = I, J                                  * after J is valid!
-# J = SI + J          add J = J, SI                   M0-M3, I0, I1 1 cyc     c2
-#                     (pBypass) br.cond.spnt Bypass
-#                     ;;
-# ---------------------------------------------------------------------------------------
-# J = J & 0xff        zxt1 J = J                      I0, I1, 1 cyc           c3
-#                     ;;
-#                     shladd Jptr = J, KeyTable, 3    M0-M3, I0, I1 1 cyc     c4
-#                     ;;
-# SJ = S[J]           ld8 SJ = [Jptr]                 M0-M1         1 cyc     c5
-#                     ;;
-# ---------------------------------------------------------------------------------------
-# T = (SI + SJ)       add T = SI, SJ                  M0-M3, I0, I1 1 cyc     c6
-#                     ;;
-# T = T & 0xff        zxt1 T = T                      I0, I1        1 cyc
-# S[I] = SJ           st8 [Iptr] = SJ                 M2-M3                   c7
-# S[J] = SI           st8 [Jptr] = SI                 M2-M3
-#                     ;;
-#                     shladd Tptr = T, KeyTable, 3    M0-M3, I0, I1 1 cyc     c8
-#                     ;;
-# ---------------------------------------------------------------------------------------
-# T = S[T]            ld8 T = [Tptr]                  M0-M1         1 cyc     c9
-#                     ;;
-# data ^= T           xor data = data, T              M0-M3, I0, I1 1 cyc     c10
-#                     ;;
-# *out++ = Data ^ T   dep word = word, data, 8, POS   I0, I1        1 cyc     c11
-#                     ;;
-# ---------------------------------------------------------------------------------------
-
-# There are several points worth making here:
-
-#   - Note that due to the bypass/forwarding-path, the first two
-#     phases of the loop are strangly mingled together.  In
-#     particular, note that the first stage of the pipeline is
-#     using the value of "J", as calculated by the second stage.
-#   - Each bundle-pair will have exactly 6 instructions.
-#   - Pipelined, the loop can execute in 3 cycles/iteration and
-#     4 stages.  However, McKinley/Madison can issue "st1" to
-#     the same bank at a rate of at most one per 4 cycles.  Thus,
-#     instead of storing each byte, we accumulate them in a word
-#     and then write them back at once with a single "st8" (this
-#     implies that the setup code needs to ensure that the output
-#     buffer is properly aligned, if need be, by encoding the
-#     first few bytes separately).
-#   - There is no space for a "br.ctop" instruction.  For this
-#     reason we can't use module-loop support in IA-64 and have
-#     to do a traditional, purely software-pipelined loop.
-#   - We can't replace any of the remaining "add/zxt1" pairs with
-#     "padd1" because the latency for that instruction is too high
-#     and would push the loop to the point where more bypasses
-#     would be needed, which we don't have space for.
-#   - The above loop runs at around 3.26 cycles/byte, or roughly
-#     440 MByte/sec on a 1.5GHz Madison.  This is well below the
-#     system bus bandwidth and hence with judicious use of
-#     "lfetch" this loop can run at (almost) peak speed even when
-#     the input and output data reside in memory.  The
-#     max. latency that can be tolerated is (PREFETCH_DISTANCE *
-#     L2_LINE_SIZE * 3 cyc), or about 384 cycles assuming (at
-#     least) 1-ahead prefetching of 128 byte cache-lines.  Note
-#     that we do NOT prefetch into L1, since that would only
-#     interfere with the S[] table values stored there.  This is
-#     acceptable because there is a 10 cycle latency between
-#     load and first use of the input data.
-#   - We use a branch to out-of-line bypass-code of cycle-pressure:
-#     we calculate the next J, check for the need to activate the
-#     bypass path, and activate the bypass path ALL IN THE SAME
-#     CYCLE.  If we didn't have these constraints, we could do
-#     the bypass with a simple conditional move instruction.
-#     Fortunately, the bypass paths get activated relatively
-#     infrequently, so the extra branches don't cost all that much
-#     (about 0.04 cycles/byte, measured on a 16396 byte file with
-#     random input data).
-#
-
-$phases = 4;		# number of stages/phases in the pipelined-loop
-$unroll_count = 6;	# number of times we unrolled it
-$pComI = (1 << 0);
-$pComJ = (1 << 1);
-$pComT = (1 << 2);
-$pOut  = (1 << 3);
-
-$NData = 4;
-$NIP = 3;
-$NJP = 2;
-$NI = 2;
-$NSI = 3;
-$NSJ = 2;
-$NT = 2;
-$NOutWord = 2;
-
-#
-# $threshold is the minimum length before we attempt to use the
-# big software-pipelined loop.  It MUST be greater-or-equal
-# to:
-#  		PHASES * (UNROLL_COUNT + 1) + 7
-#
-# The "+ 7" comes from the fact we may have to encode up to
-#   7 bytes separately before the output pointer is aligned.
-#
-$threshold = (3 * ($phases * ($unroll_count + 1)) + 7);
-
-sub I {
-    local *code = shift;
-    local $format = shift;
-    $code .= sprintf ("\t\t".$format."\n", @_);
-}
-
-sub P {
-    local *code = shift;
-    local $format = shift;
-    $code .= sprintf ($format."\n", @_);
-}
-
-sub STOP {
-    local *code = shift;
-    $code .=<<___;
-		;;
-___
-}
-
-sub emit_body {
-    local *c = shift;
-    local *bypass = shift;
-    local ($iteration, $p) = @_;
-
-    local $i0 = $iteration;
-    local $i1 = $iteration - 1;
-    local $i2 = $iteration - 2;
-    local $i3 = $iteration - 3;
-    local $iw0 = ($iteration - 3) / 8;
-    local $iw1 = ($iteration > 3) ? ($iteration - 4) / 8 : 1;
-    local $byte_num = ($iteration - 3) % 8;
-    local $label = $iteration + 1;
-    local $pAny = ($p & 0xf) == 0xf;
-    local $pByp = (($p & $pComI) && ($iteration > 0));
-
-    $c.=<<___;
-//////////////////////////////////////////////////
-___
-
-    if (($p & 0xf) == 0) {
-	$c.="#ifdef HOST_IS_BIG_ENDIAN\n";
-	&I(\$c,"shr.u	OutWord[%u] = OutWord[%u], 32;;",
-				$iw1 % $NOutWord, $iw1 % $NOutWord);
-	$c.="#endif\n";
-	&I(\$c, "st4 [OutPtr] = OutWord[%u], 4", $iw1 % $NOutWord);
-	return;
-    }
-
-    # Cycle 0
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "ld1    Data[%u] = [InPtr], 1", $i0 % $NData)     if ($p & $pComI);
-    &I(\$c, "padd1  I[%u] = One, I[%u]", $i0 % $NI, $i1 % $NI)if ($p & $pComI);
-    &I(\$c, "zxt1   J = J")				      if ($p & $pComJ);
-    &I(\$c, "}")					      if ($pAny);
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "LKEY   T[%u] = [T[%u]]", $i1 % $NT, $i1 % $NT)   if ($p & $pOut);
-    &I(\$c, "add    T[%u] = SI[%u], SJ[%u]",
-       $i0 % $NT, $i2 % $NSI, $i1 % $NSJ)		      if ($p & $pComT);
-    &I(\$c, "KEYADDR(IPr[%u], I[%u])", $i0 % $NIP, $i1 % $NI) if ($p & $pComI);
-    &I(\$c, "}")					      if ($pAny);
-    &STOP(\$c);
-
-    # Cycle 1
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "SKEY   [IPr[%u]] = SJ[%u]", $i2 % $NIP, $i1%$NSJ)if ($p & $pComT);
-    &I(\$c, "SKEY   [JP[%u]] = SI[%u]", $i1 % $NJP, $i2%$NSI) if ($p & $pComT);
-    &I(\$c, "zxt1   T[%u] = T[%u]", $i0 % $NT, $i0 % $NT)     if ($p & $pComT);
-    &I(\$c, "}")					      if ($pAny);
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "LKEY   SI[%u] = [IPr[%u]]", $i0 % $NSI, $i0%$NIP)if ($p & $pComI);
-    &I(\$c, "KEYADDR(JP[%u], J)", $i0 % $NJP)		      if ($p & $pComJ);
-    &I(\$c, "xor    Data[%u] = Data[%u], T[%u]",
-       $i3 % $NData, $i3 % $NData, $i1 % $NT)		      if ($p & $pOut);
-    &I(\$c, "}")					      if ($pAny);
-    &STOP(\$c);
-
-    # Cycle 2
-    &I(\$c, "{ .mmi")					      if ($pAny);
-    &I(\$c, "LKEY   SJ[%u] = [JP[%u]]", $i0 % $NSJ, $i0%$NJP) if ($p & $pComJ);
-    &I(\$c, "cmp.eq pBypass, p0 = I[%u], J", $i1 % $NI)	      if ($pByp);
-    &I(\$c, "dep OutWord[%u] = Data[%u], OutWord[%u], BYTE_POS(%u), 8",
-       $iw0%$NOutWord, $i3%$NData, $iw1%$NOutWord, $byte_num) if ($p & $pOut);
-    &I(\$c, "}")					      if ($pAny);
-    &I(\$c, "{ .mmb")					      if ($pAny);
-    &I(\$c, "add    J = J, SI[%u]", $i0 % $NSI)		      if ($p & $pComI);
-    &I(\$c, "KEYADDR(T[%u], T[%u])", $i0 % $NT, $i0 % $NT)    if ($p & $pComT);
-    &P(\$c, "(pBypass)\tbr.cond.spnt.many .rc4Bypass%u",$label)if ($pByp);
-    &I(\$c, "}") if ($pAny);
-    &STOP(\$c);
-
-    &P(\$c, ".rc4Resume%u:", $label)			      if ($pByp);
-    if ($byte_num == 0 && $iteration >= $phases) {
-	&I(\$c, "st8 [OutPtr] = OutWord[%u], 8",
-	   $iw1 % $NOutWord)				      if ($p & $pOut);
-	if ($iteration == (1 + $unroll_count) * $phases - 1) {
-	    if ($unroll_count == 6) {
-		&I(\$c, "mov OutWord[%u] = OutWord[%u]",
-		   $iw1 % $NOutWord, $iw0 % $NOutWord);
-	    }
-	    &I(\$c, "lfetch.nt1 [InPrefetch], %u",
-	       $unroll_count * $phases);
-	    &I(\$c, "lfetch.excl.nt1 [OutPrefetch], %u",
-	       $unroll_count * $phases);
-	    &I(\$c, "br.cloop.sptk.few .rc4Loop");
-	}
-    }
-
-    if ($pByp) {
-	&P(\$bypass, ".rc4Bypass%u:", $label);
-	&I(\$bypass, "sub J = J, SI[%u]", $i0 % $NSI);
-	&I(\$bypass, "nop 0");
-	&I(\$bypass, "nop 0");
-	&I(\$bypass, ";;");
-	&I(\$bypass, "add J = J, SI[%u]", $i1 % $NSI);
-	&I(\$bypass, "mov SI[%u] = SI[%u]", $i0 % $NSI, $i1 % $NSI);
-	&I(\$bypass, "br.sptk.many .rc4Resume%u\n", $label);
-	&I(\$bypass, ";;");
-    }
-}
-
-$code=<<___;
-.ident \"rc4-ia64.s, version 3.0\"
-.ident \"Copyright (c) 2005 Hewlett-Packard Development Company, L.P.\"
-
-#define LCSave		r8
-#define PRSave		r9
-
-/* Inputs become invalid once rotation begins!  */
-
-#define StateTable	in0
-#define DataLen		in1
-#define InputBuffer	in2
-#define OutputBuffer	in3
-
-#define KTable		r14
-#define J		r15
-#define InPtr		r16
-#define OutPtr		r17
-#define InPrefetch	r18
-#define OutPrefetch	r19
-#define One		r20
-#define LoopCount	r21
-#define Remainder	r22
-#define IFinal		r23
-#define EndPtr		r24
-
-#define tmp0		r25
-#define tmp1		r26
-
-#define pBypass		p6
-#define pDone		p7
-#define pSmall		p8
-#define pAligned	p9
-#define pUnaligned	p10
-
-#define pComputeI	pPhase[0]
-#define pComputeJ	pPhase[1]
-#define pComputeT	pPhase[2]
-#define pOutput		pPhase[3]
-
-#define RetVal		r8
-#define L_OK		p7
-#define L_NOK		p8
-
-#define	_NINPUTS	4
-#define	_NOUTPUT	0
-
-#define	_NROTATE	24
-#define	_NLOCALS	(_NROTATE - _NINPUTS - _NOUTPUT)
-
-#ifndef SZ
-# define SZ	4	// this must be set to sizeof(RC4_INT)
-#endif
-
-#if SZ == 1
-# define LKEY			ld1
-# define SKEY			st1
-# define KEYADDR(dst, i)	add dst = i, KTable
-#elif SZ == 2
-# define LKEY			ld2
-# define SKEY			st2
-# define KEYADDR(dst, i)	shladd dst = i, 1, KTable
-#elif SZ == 4
-# define LKEY			ld4
-# define SKEY			st4
-# define KEYADDR(dst, i)	shladd dst = i, 2, KTable
-#else
-# define LKEY			ld8
-# define SKEY			st8
-# define KEYADDR(dst, i)	shladd dst = i, 3, KTable
-#endif
-
-#if defined(_HPUX_SOURCE) && !defined(_LP64)
-# define ADDP	addp4
-#else
-# define ADDP	add
-#endif
-
-/* Define a macro for the bit number of the n-th byte: */
-
-#if defined(_HPUX_SOURCE) || defined(B_ENDIAN)
-# define HOST_IS_BIG_ENDIAN
-# define BYTE_POS(n)	(56 - (8 * (n)))
-#else
-# define BYTE_POS(n)	(8 * (n))
-#endif
-
-/*
-   We must perform the first phase of the pipeline explicitly since
-   we will always load from the stable the first time. The br.cexit
-   will never be taken since regardless of the number of bytes because
-   the epilogue count is 4.
-*/
-/* MODSCHED_RC4 macro was split to _PROLOGUE and _LOOP, because HP-UX
-   assembler failed on original macro with syntax error. <appro> */
-#define MODSCHED_RC4_PROLOGUE						   \\
-	{								   \\
-				ld1		Data[0] = [InPtr], 1;	   \\
-				add		IFinal = 1, I[1];	   \\
-				KEYADDR(IPr[0], I[1]);			   \\
-	} ;;								   \\
-	{								   \\
-				LKEY		SI[0] = [IPr[0]];	   \\
-				mov		pr.rot = 0x10000;	   \\
-				mov		ar.ec = 4;		   \\
-	} ;;								   \\
-	{								   \\
-				add		J = J, SI[0];		   \\
-				zxt1		I[0] = IFinal;		   \\
-				br.cexit.spnt.few .+16; /* never taken */  \\
-	} ;;
-#define MODSCHED_RC4_LOOP(label)					   \\
-label:									   \\
-	{	.mmi;							   \\
-		(pComputeI)	ld1		Data[0] = [InPtr], 1;	   \\
-		(pComputeI)	add		IFinal = 1, I[1];	   \\
-		(pComputeJ)	zxt1		J = J;			   \\
-	}{	.mmi;							   \\
-		(pOutput)	LKEY		T[1] = [T[1]];		   \\
-		(pComputeT)	add		T[0] = SI[2], SJ[1];	   \\
-		(pComputeI)	KEYADDR(IPr[0], I[1]);			   \\
-	} ;;								   \\
-	{	.mmi;							   \\
-		(pComputeT)	SKEY		[IPr[2]] = SJ[1];	   \\
-		(pComputeT)	SKEY		[JP[1]] = SI[2];	   \\
-		(pComputeT)	zxt1		T[0] = T[0];		   \\
-	}{	.mmi;							   \\
-		(pComputeI)	LKEY		SI[0] = [IPr[0]];	   \\
-		(pComputeJ)	KEYADDR(JP[0], J);			   \\
-		(pComputeI)	cmp.eq.unc	pBypass, p0 = I[1], J;	   \\
-	} ;;								   \\
-	{	.mmi;							   \\
-		(pComputeJ)	LKEY		SJ[0] = [JP[0]];	   \\
-		(pOutput)	xor		Data[3] = Data[3], T[1];   \\
-				nop		0x0;			   \\
-	}{	.mmi;							   \\
-		(pComputeT)	KEYADDR(T[0], T[0]);			   \\
-		(pBypass)	mov		SI[0] = SI[1];		   \\
-		(pComputeI)	zxt1		I[0] = IFinal;		   \\
-	} ;;								   \\
-	{	.mmb;							   \\
-		(pOutput)	st1		[OutPtr] = Data[3], 1;	   \\
-		(pComputeI)	add		J = J, SI[0];		   \\
-				br.ctop.sptk.few label;			   \\
-	} ;;
-
-	.text
-
-	.align	32
-
-	.type	RC4, \@function
-	.global	RC4
-
-	.proc	RC4
-	.prologue
-
-RC4:
-	{
-	  	.mmi
-		alloc	r2 = ar.pfs, _NINPUTS, _NLOCALS, _NOUTPUT, _NROTATE
-
-		.rotr Data[4], I[2], IPr[3], SI[3], JP[2], SJ[2], T[2], \\
-		      OutWord[2]
-		.rotp pPhase[4]
-
-		ADDP		InPrefetch = 0, InputBuffer
-		ADDP		KTable = 0, StateTable
-	}
-	{
-		.mmi
-		ADDP		InPtr = 0, InputBuffer
-		ADDP		OutPtr = 0, OutputBuffer
-		mov		RetVal = r0
-	}
-	;;
-	{
-		.mmi
-		lfetch.nt1	[InPrefetch], 0x80
-		ADDP		OutPrefetch = 0, OutputBuffer
-	}
-	{               // Return 0 if the input length is nonsensical
-        	.mib
-		ADDP		StateTable = 0, StateTable
-        	cmp.ge.unc  	L_NOK, L_OK = r0, DataLen
-	(L_NOK) br.ret.sptk.few rp
-	}
-	;;
-	{
-        	.mib
-        	cmp.eq.or  	L_NOK, L_OK = r0, InPtr
-        	cmp.eq.or  	L_NOK, L_OK = r0, OutPtr
-		nop		0x0
-	}
-	{
-		.mib
-        	cmp.eq.or  	L_NOK, L_OK = r0, StateTable
-		nop		0x0
-	(L_NOK) br.ret.sptk.few rp
-	}
-	;;
-		LKEY		I[1] = [KTable], SZ
-/* Prefetch the state-table. It contains 256 elements of size SZ */
-
-#if SZ == 1
-		ADDP		tmp0 = 1*128, StateTable
-#elif SZ == 2
-		ADDP		tmp0 = 3*128, StateTable
-		ADDP		tmp1 = 2*128, StateTable
-#elif SZ == 4
-		ADDP		tmp0 = 7*128, StateTable
-		ADDP		tmp1 = 6*128, StateTable
-#elif SZ == 8
-		ADDP		tmp0 = 15*128, StateTable
-		ADDP		tmp1 = 14*128, StateTable
-#endif
-		;;
-#if SZ >= 8
-		lfetch.fault.nt1		[tmp0], -256	// 15
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	// 13
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	// 11
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	//  9
-		lfetch.fault.nt1		[tmp1], -256;;
-#endif
-#if SZ >= 4
-		lfetch.fault.nt1		[tmp0], -256	//  7
-		lfetch.fault.nt1		[tmp1], -256;;
-		lfetch.fault.nt1		[tmp0], -256	//  5
-		lfetch.fault.nt1		[tmp1], -256;;
-#endif
-#if SZ >= 2
-		lfetch.fault.nt1		[tmp0], -256	//  3
-		lfetch.fault.nt1		[tmp1], -256;;
-#endif
-	{
-		.mii
-		lfetch.fault.nt1		[tmp0]		//  1
-		add		I[1]=1,I[1];;
-		zxt1		I[1]=I[1]
-	}
-	{
-		.mmi
-		lfetch.nt1	[InPrefetch], 0x80
-		lfetch.excl.nt1	[OutPrefetch], 0x80
-		.save		pr, PRSave
-		mov		PRSave = pr
-	} ;;
-	{
-		.mmi
-		lfetch.excl.nt1	[OutPrefetch], 0x80
-		LKEY		J = [KTable], SZ
-		ADDP		EndPtr = DataLen, InPtr
-	}  ;;
-	{
-		.mmi
-		ADDP		EndPtr = -1, EndPtr	// Make it point to
-							// last data byte.
-		mov		One = 1
-		.save		ar.lc, LCSave
-		mov		LCSave = ar.lc
-		.body
-	} ;;
-	{
-		.mmb
-		sub		Remainder = 0, OutPtr
-		cmp.gtu		pSmall, p0 = $threshold, DataLen
-(pSmall)	br.cond.dpnt	.rc4Remainder		// Data too small for
-							// big loop.
-	} ;;
-	{
-		.mmi
-		and		Remainder = 0x7, Remainder
-		;;
-		cmp.eq		pAligned, pUnaligned = Remainder, r0
-		nop		0x0
-	} ;;
-	{
-		.mmb
-.pred.rel	"mutex",pUnaligned,pAligned
-(pUnaligned)	add		Remainder = -1, Remainder
-(pAligned)	sub		Remainder = EndPtr, InPtr
-(pAligned)	br.cond.dptk.many .rc4Aligned
-	} ;;
-	{
-		.mmi
-		nop		0x0
-		nop		0x0
-		mov.i		ar.lc = Remainder
-	}
-
-/* Do the initial few bytes via the compact, modulo-scheduled loop
-   until the output pointer is 8-byte-aligned.  */
-
-		MODSCHED_RC4_PROLOGUE
-		MODSCHED_RC4_LOOP(.RC4AlignLoop)
-
-	{
-		.mib
-		sub		Remainder = EndPtr, InPtr
-		zxt1		IFinal = IFinal
-		clrrrb				// Clear CFM.rrb.pr so
-		;;				// next "mov pr.rot = N"
-						// does the right thing.
-	}
-	{
-		.mmi
-		mov		I[1] = IFinal
-		nop		0x0
-		nop		0x0
-	} ;;
-
-
-.rc4Aligned:
-
-/*
-   Unrolled loop count = (Remainder - ($unroll_count+1)*$phases)/($unroll_count*$phases)
- */
-
-	{
-		.mlx
-		add	LoopCount = 1 - ($unroll_count + 1)*$phases, Remainder
-		movl		Remainder = 0xaaaaaaaaaaaaaaab
-	} ;;
-	{
-		.mmi
-		setf.sig	f6 = LoopCount		// M2, M3	6 cyc
-		setf.sig	f7 = Remainder		// M2, M3	6 cyc
-		nop		0x0
-	} ;;
-	{
-		.mfb
-		nop		0x0
-		xmpy.hu		f6 = f6, f7
-		nop		0x0
-	} ;;
-	{
-		.mmi
-		getf.sig	LoopCount = f6;;	// M2		5 cyc
-		nop		0x0
-		shr.u		LoopCount = LoopCount, 4
-	} ;;
-	{
-		.mmi
-		nop		0x0
-		nop		0x0
-		mov.i		ar.lc = LoopCount
-	} ;;
-
-/* Now comes the unrolled loop: */
-
-.rc4Prologue:
-___
-
-$iteration = 0;
-
-# Generate the prologue:
-$predicates = 1;
-for ($i = 0; $i < $phases; ++$i) {
-    &emit_body (\$code, \$bypass, $iteration++, $predicates);
-    $predicates = ($predicates << 1) | 1;
-}
-
-$code.=<<___;
-.rc4Loop:
-___
-
-# Generate the body:
-for ($i = 0; $i < $unroll_count*$phases; ++$i) {
-    &emit_body (\$code, \$bypass, $iteration++, $predicates);
-}
-
-$code.=<<___;
-.rc4Epilogue:
-___
-
-# Generate the epilogue:
-for ($i = 0; $i < $phases; ++$i) {
-    $predicates <<= 1;
-    &emit_body (\$code, \$bypass, $iteration++, $predicates);
-}
-
-$code.=<<___;
-	{
-		.mmi
-		lfetch.nt1	[EndPtr]	// fetch line with last byte
-		mov		IFinal = I[1]
-		nop		0x0
-	}
-
-.rc4Remainder:
-	{
-		.mmi
-		sub		Remainder = EndPtr, InPtr	// Calculate
-								// # of bytes
-								// left - 1
-		nop		0x0
-		nop		0x0
-	} ;;
-	{
-		.mib
-		cmp.eq		pDone, p0 = -1, Remainder // done already?
-		mov.i		ar.lc = Remainder
-(pDone)		br.cond.dptk.few .rc4Complete
-	}
-
-/* Do the remaining bytes via the compact, modulo-scheduled loop */
-
-		MODSCHED_RC4_PROLOGUE
-		MODSCHED_RC4_LOOP(.RC4RestLoop)
-
-.rc4Complete:
-	{
-		.mmi
-		add		KTable = -SZ, KTable
-		add		IFinal = -1, IFinal
-		mov		ar.lc = LCSave
-	} ;;
-	{
-		.mii
-		SKEY		[KTable] = J,-SZ
-		zxt1		IFinal = IFinal
-		mov		pr = PRSave, 0x1FFFF
-	} ;;
-	{
-		.mib
-		SKEY		[KTable] = IFinal
-		add		RetVal = 1, r0
-		br.ret.sptk.few	rp
-	} ;;
-___
-
-# Last but not least, emit the code for the bypass-code of the unrolled loop:
-
-$code.=$bypass;
-
-$code.=<<___;
-	.endp RC4
-___
-
-print $code;
diff --git a/src/lib/libcrypto/sha/asm/sha1-ia64.pl b/src/lib/libcrypto/sha/asm/sha1-ia64.pl
deleted file mode 100644
index 02d35d1614..0000000000
--- a/src/lib/libcrypto/sha/asm/sha1-ia64.pl
+++ /dev/null
@@ -1,305 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# Eternal question is what's wrong with compiler generated code? The
-# trick is that it's possible to reduce the number of shifts required
-# to perform rotations by maintaining copy of 32-bit value in upper
-# bits of 64-bit register. Just follow mux2 and shrp instructions...
-# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which
-# is >50% better than HP C and >2x better than gcc.
-
-$code=<<___;
-.ident  \"sha1-ia64.s, version 1.3\"
-.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
-.explicit
-
-___
-
-
-if ($^O eq "hpux") {
-    $ADDP="addp4";
-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
-} else { $ADDP="add"; }
-
-#$human=1;
-if ($human) {	# useful for visual code auditing...
-	($A,$B,$C,$D,$E)   = ("A","B","C","D","E");
-	($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4");
-	($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
-	    (	"K_00_19","K_20_39","K_40_59","K_60_79"	);
-	@X= (	"X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7",
-		"X8", "X9","X10","X11","X12","X13","X14","X15"	);
-}
-else {
-	($A,$B,$C,$D,$E)   =    ("loc0","loc1","loc2","loc3","loc4");
-	($h0,$h1,$h2,$h3,$h4) = ("loc5","loc6","loc7","loc8","loc9");
-	($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
-	    (	"r14", "r15", "loc10", "loc11"	);
-	@X= (	"r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
-		"r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31"	);
-}
-
-sub BODY_00_15 {
-local	*code=shift;
-my	($i,$a,$b,$c,$d,$e)=@_;
-my	$j=$i+1;
-my	$Xn=@X[$j%16];
-
-$code.=<<___ if ($i==0);
-{ .mmi;	ld1	$X[$i]=[inp],2		    // MSB
-	ld1	tmp2=[tmp3],2		};;
-{ .mmi;	ld1	tmp0=[inp],2
-	ld1	tmp4=[tmp3],2		    // LSB
-	dep	$X[$i]=$X[$i],tmp2,8,8	};;
-___
-if ($i<15) {
-	$code.=<<___;
-{ .mmi;	ld1	$Xn=[inp],2		    // forward Xload
-	nop.m	0x0
-	dep	tmp1=tmp0,tmp4,8,8	};;
-{ .mmi;	ld1	tmp2=[tmp3],2		    // forward Xload
-	and	tmp4=$c,$b
-	dep	$X[$i]=$X[$i],tmp1,16,16} //;;
-{ .mmi;	add	$e=$e,$K_00_19		    // e+=K_00_19
-	andcm	tmp1=$d,$b
-	dep.z	tmp5=$a,5,27		};; // a<<5
-{ .mmi;	add	$e=$e,$X[$i]		    // e+=Xload
-	or	tmp4=tmp4,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
-	extr.u	tmp1=$a,27,5		};; // a>>27
-{ .mmi;	ld1	tmp0=[inp],2		    // forward Xload
-	add	$e=$e,tmp4		    // e+=F_00_19(b,c,d)
-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mmi;	ld1	tmp4=[tmp3],2		    // forward Xload
-	or	tmp5=tmp1,tmp5		    // ROTATE(a,5)
-	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$e=$e,tmp5		    // e+=ROTATE(a,5)
-	dep	$Xn=$Xn,tmp2,8,8	    // forward Xload
-	mux2	$X[$i]=$X[$i],0x44	} //;;
-
-___
-	}
-else	{
-	$code.=<<___;
-{ .mii;	and	tmp3=$c,$b
-	dep	tmp1=tmp0,tmp4,8,8;;
-	dep	$X[$i]=$X[$i],tmp1,16,16} //;;
-{ .mmi;	add	$e=$e,$K_00_19		    // e+=K_00_19
-	andcm	tmp1=$d,$b
-	dep.z	tmp5=$a,5,27		};; // a<<5
-{ .mmi;	add	$e=$e,$X[$i]		    // e+=Xupdate
-	or	tmp4=tmp3,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
-	extr.u	tmp1=$a,27,5		}   // a>>27
-{ .mmi;	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
-	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16] // forward Xupdate
-	nop.i	0			};;
-{ .mmi;	add	$e=$e,tmp4		    // e+=F_00_19(b,c,d)
-	xor	$Xn=$Xn,tmp3		    // forward Xupdate
-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mmi; or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
-	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
-	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
-	mux2	$X[$i]=$X[$i],0x44	};;
-
-___
-	}
-}
-
-sub BODY_16_19 {
-local	*code=shift;
-my	($i,$a,$b,$c,$d,$e)=@_;
-my	$j=$i+1;
-my	$Xn=@X[$j%16];
-
-$code.=<<___;
-{ .mib;	add	$e=$e,$K_00_19		    // e+=K_00_19
-	dep.z	tmp5=$a,5,27		}   // a<<5
-{ .mib;	andcm	tmp1=$d,$b
-	and	tmp0=$c,$b		};;
-{ .mmi;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
-	or	tmp0=tmp0,tmp1		    // F_00_19(b,c,d)=(b&c)|(~b&d)
-	extr.u	tmp1=$a,27,5		}   // a>>27
-{ .mmi;	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
-	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16]	// forward Xupdate
-	nop.i	0			};;
-{ .mmi;	add	$e=$e,tmp0		    // f+=F_00_19(b,c,d)
-	xor	$Xn=$Xn,tmp3		    // forward Xupdate
-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
-	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
-	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
-	nop.i	0			};;
-
-___
-}
-
-sub BODY_20_39 {
-local	*code=shift;
-my	($i,$a,$b,$c,$d,$e,$Konst)=@_;
-	$Konst = $K_20_39 if (!defined($Konst));
-my	$j=$i+1;
-my	$Xn=@X[$j%16];
-
-if ($i<79) {
-$code.=<<___;
-{ .mib;	add	$e=$e,$Konst		    // e+=K_XX_XX
-	dep.z	tmp5=$a,5,27		}   // a<<5
-{ .mib;	xor	tmp0=$c,$b
-	xor	$Xn=$Xn,$X[($j+2)%16]	};; // forward Xupdate
-{ .mib;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
-	extr.u	tmp1=$a,27,5		}   // a>>27
-{ .mib;	xor	tmp0=tmp0,$d		    // F_20_39(b,c,d)=b^c^d
-	xor	$Xn=$Xn,$X[($j+8)%16]	};; // forward Xupdate
-{ .mmi;	add	$e=$e,tmp0		    // e+=F_20_39(b,c,d)
-	xor	$Xn=$Xn,$X[($j+13)%16]	    // forward Xupdate
-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mmi;	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
-	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
-	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
-	nop.i	0			};;
-
-___
-}
-else {
-$code.=<<___;
-{ .mib;	add	$e=$e,$Konst		    // e+=K_60_79
-	dep.z	tmp5=$a,5,27		}   // a<<5
-{ .mib;	xor	tmp0=$c,$b
-	add	$h1=$h1,$a		};; // wrap up
-{ .mib;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
-	extr.u	tmp1=$a,27,5		}   // a>>27
-{ .mib;	xor	tmp0=tmp0,$d		    // F_20_39(b,c,d)=b^c^d
-	add	$h3=$h3,$c		};; // wrap up
-{ .mmi;	add	$e=$e,tmp0		    // e+=F_20_39(b,c,d)
-	or	tmp1=tmp1,tmp5		    // ROTATE(a,5)
-	shrp	$b=tmp6,tmp6,2		};; // b=ROTATE(b,30) ;;?
-{ .mmi;	add	$e=$e,tmp1		    // e+=ROTATE(a,5)
-	add	tmp3=1,inp		    // used in unaligned codepath
-	add	$h4=$h4,$d		};; // wrap up
-
-___
-}
-}
-
-sub BODY_40_59 {
-local	*code=shift;
-my	($i,$a,$b,$c,$d,$e)=@_;
-my	$j=$i+1;
-my	$Xn=@X[$j%16];
-
-$code.=<<___;
-{ .mib;	add	$e=$e,$K_40_59		    // e+=K_40_59
-	dep.z	tmp5=$a,5,27		}   // a<<5
-{ .mib;	and	tmp1=$c,$d
-	xor	tmp0=$c,$d		};;
-{ .mmi;	add	$e=$e,$X[$i%16]		    // e+=Xupdate
-	add	tmp5=tmp5,tmp1		    // a<<5+(c&d)
-	extr.u	tmp1=$a,27,5		}   // a>>27
-{ .mmi;	and	tmp0=tmp0,$b
-	xor	$Xn=$Xn,$X[($j+2)%16]	    // forward Xupdate
-	xor	tmp3=$X[($j+8)%16],$X[($j+13)%16] };;	// forward Xupdate
-{ .mmi;	add	$e=$e,tmp0		    // e+=b&(c^d)
-	add	tmp5=tmp5,tmp1		    // ROTATE(a,5)+(c&d)
-	shrp	$b=tmp6,tmp6,2		}   // b=ROTATE(b,30)
-{ .mmi;	xor	$Xn=$Xn,tmp3
-	mux2	tmp6=$a,0x44		};; // see b in next iteration
-{ .mii;	add	$e=$e,tmp5		    // e+=ROTATE(a,5)+(c&d)
-	shrp	$Xn=$Xn,$Xn,31		    // ROTATE(x[0]^x[2]^x[8]^x[13],1)
-	nop.i	0x0			};;
-
-___
-}
-sub BODY_60_79	{ &BODY_20_39(@_,$K_60_79); }
-
-$code.=<<___;
-.text
-
-tmp0=r8;
-tmp1=r9;
-tmp2=r10;
-tmp3=r11;
-ctx=r32;	// in0
-inp=r33;	// in1
-
-// void sha1_block_data_order(SHA_CTX *c,const void *p,size_t num);
-.global	sha1_block_data_order#
-.proc	sha1_block_data_order#
-.align	32
-sha1_block_data_order:
-	.prologue
-{ .mmi;	alloc	tmp1=ar.pfs,3,14,0,0
-	$ADDP	tmp0=4,ctx
-	.save	ar.lc,r3
-	mov	r3=ar.lc		}
-{ .mmi;	$ADDP	ctx=0,ctx
-	$ADDP	inp=0,inp
-	mov	r2=pr			};;
-tmp4=in2;
-tmp5=loc12;
-tmp6=loc13;
-	.body
-{ .mlx;	ld4	$h0=[ctx],8
-	movl	$K_00_19=0x5a827999	}
-{ .mlx;	ld4	$h1=[tmp0],8
-	movl	$K_20_39=0x6ed9eba1	};;
-{ .mlx;	ld4	$h2=[ctx],8
-	movl	$K_40_59=0x8f1bbcdc	}
-{ .mlx;	ld4	$h3=[tmp0]
-	movl	$K_60_79=0xca62c1d6	};;
-{ .mmi;	ld4	$h4=[ctx],-16
-	add	in2=-1,in2		    // adjust num for ar.lc
-	mov	ar.ec=1			};;
-{ .mmi;	nop.m	0
-	add	tmp3=1,inp
-	mov	ar.lc=in2		};; // brp.loop.imp: too far
-
-.Ldtop:
-{ .mmi;	mov	$A=$h0
-	mov	$B=$h1
-	mux2	tmp6=$h1,0x44		}
-{ .mmi;	mov	$C=$h2
-	mov	$D=$h3
-	mov	$E=$h4			};;
-
-___
-
-{ my $i;
-  my @V=($A,$B,$C,$D,$E);
-
-	for($i=0;$i<16;$i++)	{ &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
-	for(;$i<20;$i++)	{ &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
-	for(;$i<40;$i++)	{ &BODY_20_39(\$code,$i,@V); unshift(@V,pop(@V)); }
-	for(;$i<60;$i++)	{ &BODY_40_59(\$code,$i,@V); unshift(@V,pop(@V)); }
-	for(;$i<80;$i++)	{ &BODY_60_79(\$code,$i,@V); unshift(@V,pop(@V)); }
-
-	(($V[0] eq $A) and ($V[4] eq $E)) or die;	# double-check
-}
-
-$code.=<<___;
-{ .mmb;	add	$h0=$h0,$A
-	add	$h2=$h2,$C
-	br.ctop.dptk.many	.Ldtop	};;
-.Ldend:
-{ .mmi;	add	tmp0=4,ctx
-	mov	ar.lc=r3		};;
-{ .mmi;	st4	[ctx]=$h0,8
-	st4	[tmp0]=$h1,8		};;
-{ .mmi;	st4	[ctx]=$h2,8
-	st4	[tmp0]=$h3		};;
-{ .mib;	st4	[ctx]=$h4,-16
-	mov	pr=r2,0x1ffff
-	br.ret.sptk.many	b0	};;
-.endp	sha1_block_data_order#
-stringz	"SHA1 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-
-$output=shift and open STDOUT,">$output";
-print $code;
diff --git a/src/lib/libcrypto/sha/asm/sha512-ia64.pl b/src/lib/libcrypto/sha/asm/sha512-ia64.pl
deleted file mode 100755
index 1c6ce56522..0000000000
--- a/src/lib/libcrypto/sha/asm/sha512-ia64.pl
+++ /dev/null
@@ -1,672 +0,0 @@
-#!/usr/bin/env perl
-#
-# ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-#
-# SHA256/512_Transform for Itanium.
-#
-# sha512_block runs in 1003 cycles on Itanium 2, which is almost 50%
-# faster than gcc and >60%(!) faster than code generated by HP-UX
-# compiler (yes, HP-UX is generating slower code, because unlike gcc,
-# it failed to deploy "shift right pair," 'shrp' instruction, which
-# substitutes for 64-bit rotate).
-#
-# 924 cycles long sha256_block outperforms gcc by over factor of 2(!)
-# and HP-UX compiler - by >40% (yes, gcc won sha512_block, but lost
-# this one big time). Note that "formally" 924 is about 100 cycles
-# too much. I mean it's 64 32-bit rounds vs. 80 virtually identical
-# 64-bit ones and 1003*64/80 gives 802. Extra cycles, 2 per round,
-# are spent on extra work to provide for 32-bit rotations. 32-bit
-# rotations are still handled by 'shrp' instruction and for this
-# reason lower 32 bits are deposited to upper half of 64-bit register
-# prior 'shrp' issue. And in order to minimize the amount of such
-# operations, X[16] values are *maintained* with copies of lower
-# halves in upper halves, which is why you'll spot such instructions
-# as custom 'mux2', "parallel 32-bit add," 'padd4' and "parallel
-# 32-bit unsigned right shift," 'pshr4.u' instructions here.
-#
-# Rules of engagement.
-#
-# There is only one integer shifter meaning that if I have two rotate,
-# deposit or extract instructions in adjacent bundles, they shall
-# split [at run-time if they have to]. But note that variable and
-# parallel shifts are performed by multi-media ALU and *are* pairable
-# with rotates [and alike]. On the backside MMALU is rather slow: it
-# takes 2 extra cycles before the result of integer operation is
-# available *to* MMALU and 2(*) extra cycles before the result of MM
-# operation is available "back" *to* integer ALU, not to mention that
-# MMALU itself has 2 cycles latency. However! I explicitly scheduled
-# these MM instructions to avoid MM stalls, so that all these extra
-# latencies get "hidden" in instruction-level parallelism.
-#
-# (*) 2 cycles on Itanium 1 and 1 cycle on Itanium 2. But I schedule
-#     for 2 in order to provide for best *overall* performance,
-#     because on Itanium 1 stall on MM result is accompanied by
-#     pipeline flush, which takes 6 cycles:-(
-#
-# Resulting performance numbers for 900MHz Itanium 2 system:
-#
-# The 'numbers' are in 1000s of bytes per second processed.
-# type     16 bytes    64 bytes   256 bytes  1024 bytes  8192 bytes
-# sha1(*)   6210.14k   20376.30k   52447.83k   85870.05k  105478.12k
-# sha256    7476.45k   20572.05k   41538.34k   56062.29k   62093.18k
-# sha512    4996.56k   20026.28k   47597.20k   85278.79k  111501.31k
-#
-# (*) SHA1 numbers are for HP-UX compiler and are presented purely
-#     for reference purposes. I bet it can improved too...
-#
-# To generate code, pass the file name with either 256 or 512 in its
-# name and compiler flags.
-
-$output=shift;
-
-if ($output =~ /512.*\.[s|asm]/) {
-	$SZ=8;
-	$BITS=8*$SZ;
-	$LDW="ld8";
-	$STW="st8";
-	$ADD="add";
-	$SHRU="shr.u";
-	$TABLE="K512";
-	$func="sha512_block_data_order";
-	@Sigma0=(28,34,39);
-	@Sigma1=(14,18,41);
-	@sigma0=(1,  8, 7);
-	@sigma1=(19,61, 6);
-	$rounds=80;
-} elsif ($output =~ /256.*\.[s|asm]/) {
-	$SZ=4;
-	$BITS=8*$SZ;
-	$LDW="ld4";
-	$STW="st4";
-	$ADD="padd4";
-	$SHRU="pshr4.u";
-	$TABLE="K256";
-	$func="sha256_block_data_order";
-	@Sigma0=( 2,13,22);
-	@Sigma1=( 6,11,25);
-	@sigma0=( 7,18, 3);
-	@sigma1=(17,19,10);
-	$rounds=64;
-} else { die "nonsense $output"; }
-
-open STDOUT,">$output" || die "can't open $output: $!";
-
-if ($^O eq "hpux") {
-    $ADDP="addp4";
-    for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
-} else { $ADDP="add"; }
-for (@ARGV)  {	$big_endian=1 if (/\-DB_ENDIAN/);
-		$big_endian=0 if (/\-DL_ENDIAN/);  }
-if (!defined($big_endian))
-             {	$big_endian=(unpack('L',pack('N',1))==1);  }
-
-$code=<<___;
-.ident  \"$output, version 1.1\"
-.ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
-.explicit
-.text
-
-pfssave=r2;
-lcsave=r3;
-prsave=r14;
-K=r15;
-A=r16;	B=r17;	C=r18;	D=r19;
-E=r20;	F=r21;	G=r22;	H=r23;
-T1=r24;	T2=r25;
-s0=r26;	s1=r27;	t0=r28;	t1=r29;
-Ktbl=r30;
-ctx=r31;	// 1st arg
-input=r48;	// 2nd arg
-num=r49;	// 3rd arg
-sgm0=r50;	sgm1=r51;	// small constants
-A_=r54;	B_=r55;	C_=r56;	D_=r57;
-E_=r58;	F_=r59;	G_=r60;	H_=r61;
-
-// void $func (SHA_CTX *ctx, const void *in,size_t num[,int host])
-.global	$func#
-.proc	$func#
-.align	32
-$func:
-	.prologue
-	.save	ar.pfs,pfssave
-{ .mmi;	alloc	pfssave=ar.pfs,3,27,0,16
-	$ADDP	ctx=0,r32		// 1st arg
-	.save	ar.lc,lcsave
-	mov	lcsave=ar.lc	}
-{ .mmi;	$ADDP	input=0,r33		// 2nd arg
-	mov	num=r34			// 3rd arg
-	.save	pr,prsave
-	mov	prsave=pr	};;
-
-	.body
-{ .mib;	add	r8=0*$SZ,ctx
-	add	r9=1*$SZ,ctx
-	brp.loop.imp	.L_first16,.L_first16_end-16	}
-{ .mib;	add	r10=2*$SZ,ctx
-	add	r11=3*$SZ,ctx
-	brp.loop.imp	.L_rest,.L_rest_end-16		};;
-
-// load A-H
-.Lpic_point:
-{ .mmi;	$LDW	A_=[r8],4*$SZ
-	$LDW	B_=[r9],4*$SZ
-	mov	Ktbl=ip		}
-{ .mmi;	$LDW	C_=[r10],4*$SZ
-	$LDW	D_=[r11],4*$SZ
-	mov	sgm0=$sigma0[2]	};;
-{ .mmi;	$LDW	E_=[r8]
-	$LDW	F_=[r9]
-	add	Ktbl=($TABLE#-.Lpic_point),Ktbl		}
-{ .mmi;	$LDW	G_=[r10]
-	$LDW	H_=[r11]
-	cmp.ne	p0,p16=0,r0	};;	// used in sha256_block
-___
-$code.=<<___ if ($BITS==64);
-{ .mii;	and	r8=7,input
-	and	input=~7,input;;
-	cmp.eq	p9,p0=1,r8	}
-{ .mmi;	cmp.eq	p10,p0=2,r8
-	cmp.eq	p11,p0=3,r8
-	cmp.eq	p12,p0=4,r8	}
-{ .mmi;	cmp.eq	p13,p0=5,r8
-	cmp.eq	p14,p0=6,r8
-	cmp.eq	p15,p0=7,r8	};;
-___
-$code.=<<___;
-.L_outer:
-.rotr	X[16]
-{ .mmi;	mov	A=A_
-	mov	B=B_
-	mov	ar.lc=14	}
-{ .mmi;	mov	C=C_
-	mov	D=D_
-	mov	E=E_		}
-{ .mmi;	mov	F=F_
-	mov	G=G_
-	mov	ar.ec=2		}
-{ .mmi;	ld1	X[15]=[input],$SZ		// eliminated in 64-bit
-	mov	H=H_
-	mov	sgm1=$sigma1[2]	};;
-
-___
-$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
-.align	32
-.L_first16:
-{ .mmi;		add	r9=1-$SZ,input
-		add	r10=2-$SZ,input
-		add	r11=3-$SZ,input	};;
-{ .mmi;		ld1	r9=[r9]
-		ld1	r10=[r10]
-		dep.z	$t1=E,32,32	}
-{ .mmi;		$LDW	K=[Ktbl],$SZ
-		ld1	r11=[r11]
-		zxt4	E=E		};;
-{ .mii;		or	$t1=$t1,E
-		dep	X[15]=X[15],r9,8,8
-		dep	r11=r10,r11,8,8	};;
-{ .mmi;		and	T1=F,E
-		and	T2=A,B
-		dep	X[15]=X[15],r11,16,16	}
-{ .mmi;		andcm	r8=G,E
-		and	r9=A,C
-		mux2	$t0=A,0x44	};;	// copy lower half to upper
-{ .mmi;	(p16)	ld1	X[15-1]=[input],$SZ	// prefetch
-		xor	T1=T1,r8		// T1=((e & f) ^ (~e & g))
-		_rotr	r11=$t1,$Sigma1[0] }	// ROTR(e,14)
-{ .mib;		and	r10=B,C
-		xor	T2=T2,r9	};;
-___
-$t0="A", $t1="E", $code.=<<___ if ($BITS==64);
-// in 64-bit mode I load whole X[16] at once and take care of alignment...
-{ .mmi;	add	r8=1*$SZ,input
-	add	r9=2*$SZ,input
-	add	r10=3*$SZ,input		};;
-{ .mmb;	$LDW	X[15]=[input],4*$SZ
-	$LDW	X[14]=[r8],4*$SZ
-(p9)	br.cond.dpnt.many	.L1byte	};;
-{ .mmb;	$LDW	X[13]=[r9],4*$SZ
-	$LDW	X[12]=[r10],4*$SZ
-(p10)	br.cond.dpnt.many	.L2byte	};;
-{ .mmb;	$LDW	X[11]=[input],4*$SZ
-	$LDW	X[10]=[r8],4*$SZ
-(p11)	br.cond.dpnt.many	.L3byte	};;
-{ .mmb;	$LDW	X[ 9]=[r9],4*$SZ
-	$LDW	X[ 8]=[r10],4*$SZ
-(p12)	br.cond.dpnt.many	.L4byte	};;
-{ .mmb;	$LDW	X[ 7]=[input],4*$SZ
-	$LDW	X[ 6]=[r8],4*$SZ
-(p13)	br.cond.dpnt.many	.L5byte	};;
-{ .mmb;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-(p14)	br.cond.dpnt.many	.L6byte	};;
-{ .mmb;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-(p15)	br.cond.dpnt.many	.L7byte	};;
-{ .mmb;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	br.many	.L_first16		};;
-.L1byte:
-{ .mmi;	$LDW	X[13]=[r9],4*$SZ
-	$LDW	X[12]=[r10],4*$SZ
-	shrp	X[15]=X[15],X[14],56	};;
-{ .mmi;	$LDW	X[11]=[input],4*$SZ
-	$LDW	X[10]=[r8],4*$SZ
-	shrp	X[14]=X[14],X[13],56	}
-{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
-	$LDW	X[ 8]=[r10],4*$SZ
-	shrp	X[13]=X[13],X[12],56	};;
-{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
-	$LDW	X[ 6]=[r8],4*$SZ
-	shrp	X[12]=X[12],X[11],56	}
-{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-	shrp	X[11]=X[11],X[10],56	};;
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[10]=X[10],X[ 9],56	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[ 9]=X[ 9],X[ 8],56	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[ 8]=X[ 8],X[ 7],56
-	shrp	X[ 7]=X[ 7],X[ 6],56	}
-{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],56
-	shrp	X[ 5]=X[ 5],X[ 4],56	};;
-{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],56
-	shrp	X[ 3]=X[ 3],X[ 2],56	}
-{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],56
-	shrp	X[ 1]=X[ 1],X[ 0],56	}
-{ .mib;	shrp	X[ 0]=X[ 0],T1,56
-	br.many	.L_first16		};;
-.L2byte:
-{ .mmi;	$LDW	X[11]=[input],4*$SZ
-	$LDW	X[10]=[r8],4*$SZ
-	shrp	X[15]=X[15],X[14],48	}
-{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
-	$LDW	X[ 8]=[r10],4*$SZ
-	shrp	X[14]=X[14],X[13],48	};;
-{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
-	$LDW	X[ 6]=[r8],4*$SZ
-	shrp	X[13]=X[13],X[12],48	}
-{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-	shrp	X[12]=X[12],X[11],48	};;
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[11]=X[11],X[10],48	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[10]=X[10],X[ 9],48	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[ 9]=X[ 9],X[ 8],48
-	shrp	X[ 8]=X[ 8],X[ 7],48	}
-{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],48
-	shrp	X[ 6]=X[ 6],X[ 5],48	};;
-{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],48
-	shrp	X[ 4]=X[ 4],X[ 3],48	}
-{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],48
-	shrp	X[ 2]=X[ 2],X[ 1],48	}
-{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],48
-	shrp	X[ 0]=X[ 0],T1,48	}
-{ .mfb;	br.many	.L_first16		};;
-.L3byte:
-{ .mmi;	$LDW	X[ 9]=[r9],4*$SZ
-	$LDW	X[ 8]=[r10],4*$SZ
-	shrp	X[15]=X[15],X[14],40	};;
-{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
-	$LDW	X[ 6]=[r8],4*$SZ
-	shrp	X[14]=X[14],X[13],40	}
-{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-	shrp	X[13]=X[13],X[12],40	};;
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[12]=X[12],X[11],40	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[11]=X[11],X[10],40	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[10]=X[10],X[ 9],40
-	shrp	X[ 9]=X[ 9],X[ 8],40	}
-{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],40
-	shrp	X[ 7]=X[ 7],X[ 6],40	};;
-{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],40
-	shrp	X[ 5]=X[ 5],X[ 4],40	}
-{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],40
-	shrp	X[ 3]=X[ 3],X[ 2],40	}
-{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],40
-	shrp	X[ 1]=X[ 1],X[ 0],40	}
-{ .mib;	shrp	X[ 0]=X[ 0],T1,40
-	br.many	.L_first16		};;
-.L4byte:
-{ .mmi;	$LDW	X[ 7]=[input],4*$SZ
-	$LDW	X[ 6]=[r8],4*$SZ
-	shrp	X[15]=X[15],X[14],32	}
-{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-	shrp	X[14]=X[14],X[13],32	};;
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[13]=X[13],X[12],32	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[12]=X[12],X[11],32	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[11]=X[11],X[10],32
-	shrp	X[10]=X[10],X[ 9],32	}
-{ .mii;	shrp	X[ 9]=X[ 9],X[ 8],32
-	shrp	X[ 8]=X[ 8],X[ 7],32	};;
-{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],32
-	shrp	X[ 6]=X[ 6],X[ 5],32	}
-{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],32
-	shrp	X[ 4]=X[ 4],X[ 3],32	}
-{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],32
-	shrp	X[ 2]=X[ 2],X[ 1],32	}
-{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],32
-	shrp	X[ 0]=X[ 0],T1,32	}
-{ .mfb;	br.many	.L_first16		};;
-.L5byte:
-{ .mmi;	$LDW	X[ 5]=[r9],4*$SZ
-	$LDW	X[ 4]=[r10],4*$SZ
-	shrp	X[15]=X[15],X[14],24	};;
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[14]=X[14],X[13],24	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[13]=X[13],X[12],24	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[12]=X[12],X[11],24
-	shrp	X[11]=X[11],X[10],24	}
-{ .mii;	shrp	X[10]=X[10],X[ 9],24
-	shrp	X[ 9]=X[ 9],X[ 8],24	};;
-{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],24
-	shrp	X[ 7]=X[ 7],X[ 6],24	}
-{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],24
-	shrp	X[ 5]=X[ 5],X[ 4],24	}
-{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],24
-	shrp	X[ 3]=X[ 3],X[ 2],24	}
-{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],24
-	shrp	X[ 1]=X[ 1],X[ 0],24	}
-{ .mib;	shrp	X[ 0]=X[ 0],T1,24
-	br.many	.L_first16		};;
-.L6byte:
-{ .mmi;	$LDW	X[ 3]=[input],4*$SZ
-	$LDW	X[ 2]=[r8],4*$SZ
-	shrp	X[15]=X[15],X[14],16	}
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[14]=X[14],X[13],16	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[13]=X[13],X[12],16
-	shrp	X[12]=X[12],X[11],16	}
-{ .mii;	shrp	X[11]=X[11],X[10],16
-	shrp	X[10]=X[10],X[ 9],16	};;
-{ .mii;	shrp	X[ 9]=X[ 9],X[ 8],16
-	shrp	X[ 8]=X[ 8],X[ 7],16	}
-{ .mii;	shrp	X[ 7]=X[ 7],X[ 6],16
-	shrp	X[ 6]=X[ 6],X[ 5],16	}
-{ .mii;	shrp	X[ 5]=X[ 5],X[ 4],16
-	shrp	X[ 4]=X[ 4],X[ 3],16	}
-{ .mii;	shrp	X[ 3]=X[ 3],X[ 2],16
-	shrp	X[ 2]=X[ 2],X[ 1],16	}
-{ .mii;	shrp	X[ 1]=X[ 1],X[ 0],16
-	shrp	X[ 0]=X[ 0],T1,16	}
-{ .mfb;	br.many	.L_first16		};;
-.L7byte:
-{ .mmi;	$LDW	X[ 1]=[r9],4*$SZ
-	$LDW	X[ 0]=[r10],4*$SZ
-	shrp	X[15]=X[15],X[14],8	};;
-{ .mii;	$LDW	T1=[input]
-	shrp	X[14]=X[14],X[13],8
-	shrp	X[13]=X[13],X[12],8	}
-{ .mii;	shrp	X[12]=X[12],X[11],8
-	shrp	X[11]=X[11],X[10],8	};;
-{ .mii;	shrp	X[10]=X[10],X[ 9],8
-	shrp	X[ 9]=X[ 9],X[ 8],8	}
-{ .mii;	shrp	X[ 8]=X[ 8],X[ 7],8
-	shrp	X[ 7]=X[ 7],X[ 6],8	}
-{ .mii;	shrp	X[ 6]=X[ 6],X[ 5],8
-	shrp	X[ 5]=X[ 5],X[ 4],8	}
-{ .mii;	shrp	X[ 4]=X[ 4],X[ 3],8
-	shrp	X[ 3]=X[ 3],X[ 2],8	}
-{ .mii;	shrp	X[ 2]=X[ 2],X[ 1],8
-	shrp	X[ 1]=X[ 1],X[ 0],8	}
-{ .mib;	shrp	X[ 0]=X[ 0],T1,8
-	br.many	.L_first16		};;
-
-.align	32
-.L_first16:
-{ .mmi;		$LDW	K=[Ktbl],$SZ
-		and	T1=F,E
-		and	T2=A,B		}
-{ .mmi;		//$LDW	X[15]=[input],$SZ	// X[i]=*input++
-		andcm	r8=G,E
-		and	r9=A,C		};;
-{ .mmi;		xor	T1=T1,r8		//T1=((e & f) ^ (~e & g))
-		and	r10=B,C
-		_rotr	r11=$t1,$Sigma1[0] }	// ROTR(e,14)
-{ .mmi;		xor	T2=T2,r9
-		mux1	X[15]=X[15],\@rev };;	// eliminated in big-endian
-___
-$code.=<<___;
-{ .mib;		add	T1=T1,H			// T1=Ch(e,f,g)+h
-		_rotr	r8=$t1,$Sigma1[1] }	// ROTR(e,18)
-{ .mib;		xor	T2=T2,r10		// T2=((a & b) ^ (a & c) ^ (b & c))
-		mov	H=G		};;
-{ .mib;		xor	r11=r8,r11
-		_rotr	r9=$t1,$Sigma1[2] }	// ROTR(e,41)
-{ .mib;		mov	G=F
-		mov	F=E		};;
-{ .mib;		xor	r9=r9,r11		// r9=Sigma1(e)
-		_rotr	r10=$t0,$Sigma0[0] }	// ROTR(a,28)
-{ .mib;		add	T1=T1,K			// T1=Ch(e,f,g)+h+K512[i]
-		mov	E=D		};;
-{ .mib;		add	T1=T1,r9		// T1+=Sigma1(e)
-		_rotr	r11=$t0,$Sigma0[1] }	// ROTR(a,34)
-{ .mib;		mov	D=C
-		mov	C=B		};;
-{ .mib;		add	T1=T1,X[15]		// T1+=X[i]
-		_rotr	r8=$t0,$Sigma0[2] }	// ROTR(a,39)
-{ .mib;		xor	r10=r10,r11
-		mux2	X[15]=X[15],0x44 };;	// eliminated in 64-bit
-{ .mmi;		xor	r10=r8,r10		// r10=Sigma0(a)
-		mov	B=A
-		add	A=T1,T2		};;
-{ .mib;		add	E=E,T1
-		add	A=A,r10			// T2=Maj(a,b,c)+Sigma0(a)
-	br.ctop.sptk	.L_first16	};;
-.L_first16_end:
-
-{ .mii;	mov	ar.lc=$rounds-17
-	mov	ar.ec=1			};;
-
-.align	32
-.L_rest:
-.rotr	X[16]
-{ .mib;		$LDW	K=[Ktbl],$SZ
-		_rotr	r8=X[15-1],$sigma0[0] }	// ROTR(s0,1)
-{ .mib; 	$ADD	X[15]=X[15],X[15-9]	// X[i&0xF]+=X[(i+9)&0xF]
-		$SHRU	s0=X[15-1],sgm0	};;	// s0=X[(i+1)&0xF]>>7
-{ .mib;		and	T1=F,E
-		_rotr	r9=X[15-1],$sigma0[1] }	// ROTR(s0,8)
-{ .mib;		andcm	r10=G,E
-		$SHRU	s1=X[15-14],sgm1 };;	// s1=X[(i+14)&0xF]>>6
-{ .mmi;		xor	T1=T1,r10		// T1=((e & f) ^ (~e & g))
-		xor	r9=r8,r9
-		_rotr	r10=X[15-14],$sigma1[0] };;// ROTR(s1,19)
-{ .mib;		and	T2=A,B		
-		_rotr	r11=X[15-14],$sigma1[1] }// ROTR(s1,61)
-{ .mib;		and	r8=A,C		};;
-___
-$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32);
-// I adhere to mmi; in order to hold Itanium 1 back and avoid 6 cycle
-// pipeline flush in last bundle. Note that even on Itanium2 the
-// latter stalls for one clock cycle...
-{ .mmi;		xor	s0=s0,r9		// s0=sigma0(X[(i+1)&0xF])
-		dep.z	$t1=E,32,32	}
-{ .mmi;		xor	r10=r11,r10
-		zxt4	E=E		};;
-{ .mmi;		or	$t1=$t1,E
-		xor	s1=s1,r10		// s1=sigma1(X[(i+14)&0xF])
-		mux2	$t0=A,0x44	};;	// copy lower half to upper
-{ .mmi;		xor	T2=T2,r8
-		_rotr	r9=$t1,$Sigma1[0] }	// ROTR(e,14)
-{ .mmi;		and	r10=B,C
-		add	T1=T1,H			// T1=Ch(e,f,g)+h
-		$ADD	X[15]=X[15],s0	};;	// X[i&0xF]+=sigma0(X[(i+1)&0xF])
-___
-$t0="A", $t1="E", $code.=<<___ if ($BITS==64);
-{ .mib;		xor	s0=s0,r9		// s0=sigma0(X[(i+1)&0xF])
-		_rotr	r9=$t1,$Sigma1[0] }	// ROTR(e,14)
-{ .mib;		xor	r10=r11,r10
-		xor	T2=T2,r8	};;
-{ .mib;		xor	s1=s1,r10		// s1=sigma1(X[(i+14)&0xF])
-		add	T1=T1,H		}
-{ .mib;		and	r10=B,C
-		$ADD	X[15]=X[15],s0	};;	// X[i&0xF]+=sigma0(X[(i+1)&0xF])
-___
-$code.=<<___;
-{ .mmi;		xor	T2=T2,r10		// T2=((a & b) ^ (a & c) ^ (b & c))
-		mov	H=G
-		_rotr	r8=$t1,$Sigma1[1] };;	// ROTR(e,18)
-{ .mmi;		xor	r11=r8,r9
-		$ADD	X[15]=X[15],s1		// X[i&0xF]+=sigma1(X[(i+14)&0xF])
-		_rotr	r9=$t1,$Sigma1[2] }	// ROTR(e,41)
-{ .mmi;		mov	G=F
-		mov	F=E		};;
-{ .mib;		xor	r9=r9,r11		// r9=Sigma1(e)
-		_rotr	r10=$t0,$Sigma0[0] }	// ROTR(a,28)
-{ .mib;		add	T1=T1,K			// T1=Ch(e,f,g)+h+K512[i]
-		mov	E=D		};;
-{ .mib;		add	T1=T1,r9		// T1+=Sigma1(e)
-		_rotr	r11=$t0,$Sigma0[1] }	// ROTR(a,34)
-{ .mib;		mov	D=C
-		mov	C=B		};;
-{ .mmi;		add	T1=T1,X[15]		// T1+=X[i]
-		xor	r10=r10,r11
-		_rotr	r8=$t0,$Sigma0[2] };;	// ROTR(a,39)
-{ .mmi;		xor	r10=r8,r10		// r10=Sigma0(a)
-		mov	B=A
-		add	A=T1,T2		};;
-{ .mib;		add	E=E,T1
-		add	A=A,r10			// T2=Maj(a,b,c)+Sigma0(a)
-	br.ctop.sptk	.L_rest	};;
-.L_rest_end:
-
-{ .mmi;	add	A_=A_,A
-	add	B_=B_,B
-	add	C_=C_,C			}
-{ .mmi;	add	D_=D_,D
-	add	E_=E_,E
-	cmp.ltu	p16,p0=1,num		};;
-{ .mmi;	add	F_=F_,F
-	add	G_=G_,G
-	add	H_=H_,H			}
-{ .mmb;	add	Ktbl=-$SZ*$rounds,Ktbl
-(p16)	add	num=-1,num
-(p16)	br.dptk.many	.L_outer	};;
-
-{ .mib;	add	r8=0*$SZ,ctx
-	add	r9=1*$SZ,ctx		}
-{ .mib;	add	r10=2*$SZ,ctx
-	add	r11=3*$SZ,ctx		};;
-{ .mmi;	$STW	[r8]=A_,4*$SZ
-	$STW	[r9]=B_,4*$SZ
-	mov	ar.lc=lcsave		}
-{ .mmi;	$STW	[r10]=C_,4*$SZ
-	$STW	[r11]=D_,4*$SZ
-	mov	pr=prsave,0x1ffff	};;
-{ .mmb;	$STW	[r8]=E_
-	$STW	[r9]=F_			}
-{ .mmb;	$STW	[r10]=G_
-	$STW	[r11]=H_
-	br.ret.sptk.many	b0	};;
-.endp	$func#
-___
-
-$code =~ s/\`([^\`]*)\`/eval $1/gem;
-$code =~ s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm;
-if ($BITS==64) {
-    $code =~ s/mux2(\s+)\S+/nop.i$1 0x0/gm;
-    $code =~ s/mux1(\s+)\S+/nop.i$1 0x0/gm	if ($big_endian);
-    $code =~ s/(shrp\s+X\[[^=]+)=([^,]+),([^,]+),([1-9]+)/$1=$3,$2,64-$4/gm
-    						if (!$big_endian);
-    $code =~ s/ld1(\s+)X\[\S+/nop.m$1 0x0/gm;
-}
-
-print $code;
-
-print<<___ if ($BITS==32);
-.align	64
-.type	K256#,\@object
-K256:	data4	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
-	data4	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
-	data4	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
-	data4	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-	data4	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
-	data4	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
-	data4	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-	data4	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
-	data4	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
-	data4	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
-	data4	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
-	data4	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
-	data4	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
-	data4	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
-	data4	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
-	data4	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-.size	K256#,$SZ*$rounds
-stringz	"SHA256 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
-___
-print<<___ if ($BITS==64);
-.align	64
-.type	K512#,\@object
-K512:	data8	0x428a2f98d728ae22,0x7137449123ef65cd
-	data8	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
-	data8	0x3956c25bf348b538,0x59f111f1b605d019
-	data8	0x923f82a4af194f9b,0xab1c5ed5da6d8118
-	data8	0xd807aa98a3030242,0x12835b0145706fbe
-	data8	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
-	data8	0x72be5d74f27b896f,0x80deb1fe3b1696b1
-	data8	0x9bdc06a725c71235,0xc19bf174cf692694
-	data8	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-	data8	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
-	data8	0x2de92c6f592b0275,0x4a7484aa6ea6e483
-	data8	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
-	data8	0x983e5152ee66dfab,0xa831c66d2db43210
-	data8	0xb00327c898fb213f,0xbf597fc7beef0ee4
-	data8	0xc6e00bf33da88fc2,0xd5a79147930aa725
-	data8	0x06ca6351e003826f,0x142929670a0e6e70
-	data8	0x27b70a8546d22ffc,0x2e1b21385c26c926
-	data8	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
-	data8	0x650a73548baf63de,0x766a0abb3c77b2a8
-	data8	0x81c2c92e47edaee6,0x92722c851482353b
-	data8	0xa2bfe8a14cf10364,0xa81a664bbc423001
-	data8	0xc24b8b70d0f89791,0xc76c51a30654be30
-	data8	0xd192e819d6ef5218,0xd69906245565a910
-	data8	0xf40e35855771202a,0x106aa07032bbd1b8
-	data8	0x19a4c116b8d2d0c8,0x1e376c085141ab53
-	data8	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
-	data8	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
-	data8	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
-	data8	0x748f82ee5defb2fc,0x78a5636f43172f60
-	data8	0x84c87814a1f0ab72,0x8cc702081a6439ec
-	data8	0x90befffa23631e28,0xa4506cebde82bde9
-	data8	0xbef9a3f7b2c67915,0xc67178f2e372532b
-	data8	0xca273eceea26619c,0xd186b8c721c0c207
-	data8	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-	data8	0x06f067aa72176fba,0x0a637dc5a2c898a6
-	data8	0x113f9804bef90dae,0x1b710b35131c471b
-	data8	0x28db77f523047d84,0x32caab7b40c72493
-	data8	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
-	data8	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
-	data8	0x5fcb6fab3ad6faec,0x6c44198c4a475817
-.size	K512#,$SZ*$rounds
-stringz	"SHA512 block transform for IA64, CRYPTOGAMS by <appro\@openssl.org>"
-___
diff --git a/src/lib/libcrypto/whrlpool/wp_block.c b/src/lib/libcrypto/whrlpool/wp_block.c
index 57f5b5df7a..d8c1b89ba3 100644
--- a/src/lib/libcrypto/whrlpool/wp_block.c
+++ b/src/lib/libcrypto/whrlpool/wp_block.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: wp_block.c,v 1.11 2016/09/04 13:39:48 jsing Exp $ */
+/* $OpenBSD: wp_block.c,v 1.12 2016/09/04 14:06:46 jsing Exp $ */
 /**
  * The Whirlpool hashing function.
  *
@@ -73,14 +73,6 @@ typedef unsigned long long	u64;
 #  if defined(__x86_64) || defined(__x86_64__)
 #      define ROTATE(a,n)	({ u64 ret; asm ("rolq %1,%0"	\
 				   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
-#  elif defined(__ia64) || defined(__ia64__)
-#    if BYTE_ORDER == LITTLE_ENDIAN
-#      define ROTATE(a,n)	({ u64 ret; asm ("shrp %0=%1,%1,%2"	\
-				   : "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
-#    else
-#      define ROTATE(a,n)	({ u64 ret; asm ("shrp %0=%1,%1,%2"	\
-				   : "=r"(ret) : "r"(a),"M"(n)); ret; })
-#    endif
 #  endif
 #endif
 
-- 
cgit v1.2.3-55-g6feb