425 			uint128_t product;  in vli_mult()  local
427 			product = mul_64_64(left[i], right[k - i]);  in vli_mult()
429 			r01 = add_128_128(r01, product);  in vli_mult()
430 			r2 += (r01.m_high < product.m_high);  in vli_mult()
450 		uint128_t product;  in vli_umult()  local
452 		product = mul_64_64(left[k], right);  in vli_umult()
453 		r01 = add_128_128(r01, product);  in vli_umult()
479 			uint128_t product;  in vli_square()  local
481 			product = mul_64_64(left[i], left[k - i]);  in vli_square()
484 				r2 += product.m_high >> 63;  in vli_square()
485 				product.m_high = (product.m_high << 1) |  in vli_square()
486 						 (product.m_low >> 63);  in vli_square()
487 				product.m_low <<= 1;  in vli_square()
490 			r01 = add_128_128(r01, product);  in vli_square()
491 			r2 += (r01.m_high < product.m_high);  in vli_square()
545 static void vli_mmod_special(u64 *result, const u64 *product,  in vli_mmod_special()  argument
552 	vli_set(r, product, ndigits * 2);  in vli_mmod_special()
579 static void vli_mmod_special2(u64 *result, const u64 *product,  in vli_mmod_special2()  argument
592 	vli_set(r, product, ndigits);  in vli_mmod_special2()
594 	vli_set(q, product + ndigits, ndigits);  in vli_mmod_special2()
628 static void vli_mmod_slow(u64 *result, u64 *product, const u64 *mod,  in vli_mmod_slow()  argument
633 	u64 *v[2] = { tmp, product };  in vli_mmod_slow()
678 static void vli_mmod_barrett(u64 *result, u64 *product, const u64 *mod,  in vli_mmod_barrett()  argument
685 	vli_mult(q, product + ndigits, mu, ndigits);  in vli_mmod_barrett()
687 		vli_add(q + ndigits, q + ndigits, product + ndigits, ndigits);  in vli_mmod_barrett()
689 	vli_sub(r, product, r, ndigits * 2);  in vli_mmod_barrett()
704 static void vli_mmod_fast_192(u64 *result, const u64 *product,  in vli_mmod_fast_192()  argument
710 	vli_set(result, product, ndigits);  in vli_mmod_fast_192()
712 	vli_set(tmp, &product[3], ndigits);  in vli_mmod_fast_192()
716 	tmp[1] = product[3];  in vli_mmod_fast_192()
717 	tmp[2] = product[4];  in vli_mmod_fast_192()
720 	tmp[0] = tmp[1] = product[5];  in vli_mmod_fast_192()
731 static void vli_mmod_fast_256(u64 *result, const u64 *product,  in vli_mmod_fast_256()  argument
738 	vli_set(result, product, ndigits);  in vli_mmod_fast_256()
742 	tmp[1] = product[5] & 0xffffffff00000000ull;  in vli_mmod_fast_256()
743 	tmp[2] = product[6];  in vli_mmod_fast_256()
744 	tmp[3] = product[7];  in vli_mmod_fast_256()
749 	tmp[1] = product[6] << 32;  in vli_mmod_fast_256()
750 	tmp[2] = (product[6] >> 32) | (product[7] << 32);  in vli_mmod_fast_256()
751 	tmp[3] = product[7] >> 32;  in vli_mmod_fast_256()
756 	tmp[0] = product[4];  in vli_mmod_fast_256()
757 	tmp[1] = product[5] & 0xffffffff;  in vli_mmod_fast_256()
759 	tmp[3] = product[7];  in vli_mmod_fast_256()
763 	tmp[0] = (product[4] >> 32) | (product[5] << 32);  in vli_mmod_fast_256()
764 	tmp[1] = (product[5] >> 32) | (product[6] & 0xffffffff00000000ull);  in vli_mmod_fast_256()
765 	tmp[2] = product[7];  in vli_mmod_fast_256()
766 	tmp[3] = (product[6] >> 32) | (product[4] << 32);  in vli_mmod_fast_256()
770 	tmp[0] = (product[5] >> 32) | (product[6] << 32);  in vli_mmod_fast_256()
771 	tmp[1] = (product[6] >> 32);  in vli_mmod_fast_256()
773 	tmp[3] = (product[4] & 0xffffffff) | (product[5] << 32);  in vli_mmod_fast_256()
777 	tmp[0] = product[6];  in vli_mmod_fast_256()
778 	tmp[1] = product[7];  in vli_mmod_fast_256()
780 	tmp[3] = (product[4] >> 32) | (product[5] & 0xffffffff00000000ull);  in vli_mmod_fast_256()
784 	tmp[0] = (product[6] >> 32) | (product[7] << 32);  in vli_mmod_fast_256()
785 	tmp[1] = (product[7] >> 32) | (product[4] << 32);  in vli_mmod_fast_256()
786 	tmp[2] = (product[4] >> 32) | (product[5] << 32);  in vli_mmod_fast_256()
787 	tmp[3] = (product[6] << 32);  in vli_mmod_fast_256()
791 	tmp[0] = product[7];  in vli_mmod_fast_256()
792 	tmp[1] = product[4] & 0xffffffff00000000ull;  in vli_mmod_fast_256()
793 	tmp[2] = product[5];  in vli_mmod_fast_256()
794 	tmp[3] = product[6] & 0xffffffff00000000ull;  in vli_mmod_fast_256()
814 static void vli_mmod_fast_384(u64 *result, const u64 *product,  in vli_mmod_fast_384()  argument
821 	vli_set(result, product, ndigits);  in vli_mmod_fast_384()
826 	tmp[2] = SL32OR32(product[11], (product[10]>>32));	//a22||a21  in vli_mmod_fast_384()
827 	tmp[3] = product[11]>>32;	// 0 ||a23  in vli_mmod_fast_384()
834 	tmp[0] = product[6];	//a13||a12  in vli_mmod_fast_384()
835 	tmp[1] = product[7];	//a15||a14  in vli_mmod_fast_384()
836 	tmp[2] = product[8];	//a17||a16  in vli_mmod_fast_384()
837 	tmp[3] = product[9];	//a19||a18  in vli_mmod_fast_384()
838 	tmp[4] = product[10];	//a21||a20  in vli_mmod_fast_384()
839 	tmp[5] = product[11];	//a23||a22  in vli_mmod_fast_384()
843 	tmp[0] = SL32OR32(product[11], (product[10]>>32));	//a22||a21  in vli_mmod_fast_384()
844 	tmp[1] = SL32OR32(product[6], (product[11]>>32));	//a12||a23  in vli_mmod_fast_384()
845 	tmp[2] = SL32OR32(product[7], (product[6])>>32);	//a14||a13  in vli_mmod_fast_384()
846 	tmp[3] = SL32OR32(product[8], (product[7]>>32));	//a16||a15  in vli_mmod_fast_384()
847 	tmp[4] = SL32OR32(product[9], (product[8]>>32));	//a18||a17  in vli_mmod_fast_384()
848 	tmp[5] = SL32OR32(product[10], (product[9]>>32));	//a20||a19  in vli_mmod_fast_384()
852 	tmp[0] = AND64H(product[11]);	//a23|| 0  in vli_mmod_fast_384()
853 	tmp[1] = (product[10]<<32);	//a20|| 0  in vli_mmod_fast_384()
854 	tmp[2] = product[6];	//a13||a12  in vli_mmod_fast_384()
855 	tmp[3] = product[7];	//a15||a14  in vli_mmod_fast_384()
856 	tmp[4] = product[8];	//a17||a16  in vli_mmod_fast_384()
857 	tmp[5] = product[9];	//a19||a18  in vli_mmod_fast_384()
863 	tmp[2] = product[10];	//a21||a20  in vli_mmod_fast_384()
864 	tmp[3] = product[11];	//a23||a22  in vli_mmod_fast_384()
870 	tmp[0] = AND64L(product[10]);	// 0 ||a20  in vli_mmod_fast_384()
871 	tmp[1] = AND64H(product[10]);	//a21|| 0  in vli_mmod_fast_384()
872 	tmp[2] = product[11];	//a23||a22  in vli_mmod_fast_384()
879 	tmp[0] = SL32OR32(product[6], (product[11]>>32));	//a12||a23  in vli_mmod_fast_384()
880 	tmp[1] = SL32OR32(product[7], (product[6]>>32));	//a14||a13  in vli_mmod_fast_384()
881 	tmp[2] = SL32OR32(product[8], (product[7]>>32));	//a16||a15  in vli_mmod_fast_384()
882 	tmp[3] = SL32OR32(product[9], (product[8]>>32));	//a18||a17  in vli_mmod_fast_384()
883 	tmp[4] = SL32OR32(product[10], (product[9]>>32));	//a20||a19  in vli_mmod_fast_384()
884 	tmp[5] = SL32OR32(product[11], (product[10]>>32));	//a22||a21  in vli_mmod_fast_384()
888 	tmp[0] = (product[10]<<32);	//a20|| 0  in vli_mmod_fast_384()
889 	tmp[1] = SL32OR32(product[11], (product[10]>>32));	//a22||a21  in vli_mmod_fast_384()
890 	tmp[2] = (product[11]>>32);	// 0 ||a23  in vli_mmod_fast_384()
898 	tmp[1] = AND64H(product[11]);	//a23|| 0  in vli_mmod_fast_384()
899 	tmp[2] = product[11]>>32;	// 0 ||a23  in vli_mmod_fast_384()
925 static void vli_mmod_fast_521(u64 *result, const u64 *product,  in vli_mmod_fast_521()  argument
932 	vli_set(result, product, ndigits);  in vli_mmod_fast_521()
936 		tmp[i] = (product[8 + i] >> 9) | (product[9 + i] << 55);  in vli_mmod_fast_521()
947 static bool vli_mmod_fast(u64 *result, u64 *product,  in vli_mmod_fast()  argument
958 			vli_mmod_special(result, product, curve_prime,  in vli_mmod_fast()
963 			vli_mmod_special2(result, product, curve_prime,  in vli_mmod_fast()
967 		vli_mmod_barrett(result, product, curve_prime, ndigits);  in vli_mmod_fast()
973 		vli_mmod_fast_192(result, product, curve_prime, tmp);  in vli_mmod_fast()
976 		vli_mmod_fast_256(result, product, curve_prime, tmp);  in vli_mmod_fast()
979 		vli_mmod_fast_384(result, product, curve_prime, tmp);  in vli_mmod_fast()
982 		vli_mmod_fast_521(result, product, curve_prime, tmp);  in vli_mmod_fast()
998 	u64 product[ECC_MAX_DIGITS * 2];  in vli_mod_mult_slow()  local
1000 	vli_mult(product, left, right, ndigits);  in vli_mod_mult_slow()
1001 	vli_mmod_slow(result, product, mod, ndigits);  in vli_mod_mult_slow()
1009 	u64 product[2 * ECC_MAX_DIGITS];  in vli_mod_mult_fast()  local
1011 	vli_mult(product, left, right, curve->g.ndigits);  in vli_mod_mult_fast()
1012 	vli_mmod_fast(result, product, curve);  in vli_mod_mult_fast()
1019 	u64 product[2 * ECC_MAX_DIGITS];  in vli_mod_square_fast()  local
1021 	vli_square(product, left, curve->g.ndigits);  in vli_mod_square_fast()
1022 	vli_mmod_fast(result, product, curve);  in vli_mod_square_fast()
1658 	struct ecc_point *product, *pk;  in crypto_ecdh_shared_secret()  local
1684 	product = ecc_alloc_point(ndigits);  in crypto_ecdh_shared_secret()
1685 	if (!product) {  in crypto_ecdh_shared_secret()
1690 	ecc_point_mult(product, pk, private_key, rand_z, curve, ndigits);  in crypto_ecdh_shared_secret()
1692 	if (ecc_point_is_zero(product)) {  in crypto_ecdh_shared_secret()
1697 	ecc_swap_digits(product->x, secret, ndigits);  in crypto_ecdh_shared_secret()
1701 	ecc_free_point(product);  in crypto_ecdh_shared_secret()