&_rotl128	("%rax","%rbx",45);	&_saveround	(12,$out,-128,"%rax","%rbx");	# KL<<<45	&_rotl128	("%r14","%r15",30);		# 15+30=45	&_saveround	(14,$out,-128,"%r14","%r15");	# KA<<<45	&_rotl128	("%rax","%rbx",15);		# 45+15=60	&_saveround	(16,$out,-128,"%rax","%rbx");	# KL<<<60	&_rotl128	("%rcx","%rdx",30);		# 30+30=60	&_saveround	(18,$out,-128,"%rcx","%rdx");	# KR<<<60	&_rotl128	("%r8","%r10",30);		# 30+30=60	&_saveround	(20,$out,-128,"%r8","%r10");	# KB<<<60	&_rotl128	("%rax","%rbx",17);		# 60+17=77	&_saveround	(22,$out,-128,"%rax","%rbx");	# KL<<<77	&_rotl128	("%r14","%r15",32);		# 45+32=77	&_saveround	(24,$out,-128,"%r14","%r15");	# KA<<<77	&_rotl128	("%rcx","%rdx",34);		# 60+34=94	&_saveround	(26,$out,-128,"%rcx","%rdx");	# KR<<<94	&_rotl128	("%r14","%r15",17);		# 77+17=94	&_saveround	(28,$out,-128,"%r14","%r15");	# KA<<<77	&_rotl128	("%rax","%rbx",34);		# 77+34=111	&_saveround	(30,$out,-128,"%rax","%rbx");	# KL<<<111	&_rotl128	("%r8","%r10",51);		# 60+51=111	&_saveround	(32,$out,-128,"%r8","%r10");	# KB<<<111$code.=<<___;	mov	\$4,%eax.Ldone:	mov	0(%rsp),%r15	mov	8(%rsp),%r14	mov	16(%rsp),%r13	mov	24(%rsp),%rbp	mov	32(%rsp),%rbx	lea	40(%rsp),%rsp.Lkey_epilogue:	ret.size	Camellia_Ekeygen,.-Camellia_Ekeygen___}@SBOX=(112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189,134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26,166,225, 57,202,213, 71, 93, 61,217,  1, 90,214, 81, 86,108, 77,139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153,223, 76,203,194, 52,126,118,  5,109,183,169, 49,209, 23,  4,215, 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34,254, 68,207,178,195,181,122,145, 36,  8,232,168, 96,252,105, 80,170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, 16,196,  0, 72,163,247,117,219,138,  3,230,218,  9, 63,221,148,135, 92,131,  2,205, 74,144, 51,115,103,246,243,157,127,191,226, 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46,233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89,120,152,  6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250,114,  7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158);sub S1110 { my $i=shift; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i<<8; sprintf("0x%08x",$i); }sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i; sprintf("0x%08x",$i); }sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i; sprintf("0x%08x",$i); }sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); }$code.=<<___;.align	64.LCamellia_SIGMA:.long	0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858.long	0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5.long	0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2.long	0,          0,          0,          0.LCamellia_SBOX:___# tables are interleaved, remember?sub data_word { $code.=".long\t".join(',',@_)."\n"; }for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); }for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); }# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out,#			size_t length, const CAMELLIA_KEY *key,#			unsigned char *ivp,const int enc);{$_key="0(%rsp)";$_end="8(%rsp)";	# inp+len&~15$_res="16(%rsp)";	# len&15$ivec="24(%rsp)";$_ivp="40(%rsp)";$_rsp="48(%rsp)";$code.=<<___;.globl	Camellia_cbc_encrypt.type	Camellia_cbc_encrypt,\@function,6.align	16Camellia_cbc_encrypt:	cmp	\$0,%rdx	je	.Lcbc_abort	push	%rbx	push	%rbp	push	%r12	push	%r13	push	%r14	push	%r15.Lcbc_prologue:	mov	%rsp,%rbp	sub	\$64,%rsp	and	\$-64,%rsp	# place stack frame just "above mod 1024" the key schedule,	# this ensures that cache associativity suffices	lea	-64-63(%rcx),%r10	sub	%rsp,%r10	neg	%r10	and	\$0x3C0,%r10	sub	%r10,%rsp	#add	\$8,%rsp		# 8 is reserved for callee's ra	mov	%rdi,$inp		# inp argument	mov	%rsi,$out		# out argument	mov	%r8,%rbx		# ivp argument	mov	%rcx,$key		# key argument	mov	272(%rcx),$keyend	# grandRounds	mov	%r8,$_ivp	mov	%rbp,$_rsp.Lcbc_body:	lea	.LCamellia_SBOX(%rip),$Tbl	mov	\$32,%ecx.align	4.Lcbc_prefetch_sbox:	mov	0($Tbl),%rax	mov	32($Tbl),%rsi	mov	64($Tbl),%rdi	mov	96($Tbl),%r11	lea	128($Tbl),$Tbl	loop	.Lcbc_prefetch_sbox	sub	\$4096,$Tbl	shl	\$6,$keyend	mov	%rdx,%rcx		# len argument	lea	($key,$keyend),$keyend	cmp	\$0,%r9d		# enc argument	je	.LCBC_DECRYPT	and	\$-16,%rdx	and	\$15,%rcx		# length residue	lea	($inp,%rdx),%rdx	mov	$key,$_key	mov	%rdx,$_end	mov	%rcx,$_res	cmp	$inp,%rdx	mov	0(%rbx),@S[0]		# load IV	mov	4(%rbx),@S[1]	mov	8(%rbx),@S[2]	mov	12(%rbx),@S[3]	je	.Lcbc_enc_tail	jmp	.Lcbc_eloop.align	16.Lcbc_eloop:	xor	0($inp),@S[0]	xor	4($inp),@S[1]	xor	8($inp),@S[2]	bswap	@S[0]	xor	12($inp),@S[3]	bswap	@S[1]	bswap	@S[2]	bswap	@S[3]	call	_x86_64_Camellia_encrypt	mov	$_key,$key		# "rewind" the key	bswap	@S[0]	mov	$_end,%rdx	bswap	@S[1]	mov	$_res,%rcx	bswap	@S[2]	mov	@S[0],0($out)	bswap	@S[3]	mov	@S[1],4($out)	mov	@S[2],8($out)	lea	16($inp),$inp	mov	@S[3],12($out)	cmp	%rdx,$inp	lea	16($out),$out	jne	.Lcbc_eloop	cmp	\$0,%rcx	jne	.Lcbc_enc_tail	mov	$_ivp,$out	mov	@S[0],0($out)		# write out IV residue	mov	@S[1],4($out)	mov	@S[2],8($out)	mov	@S[3],12($out)	jmp	.Lcbc_done.align	16.Lcbc_enc_tail:	xor	%rax,%rax	mov	%rax,0+$ivec	mov	%rax,8+$ivec	mov	%rax,$_res.Lcbc_enc_pushf:	pushfq	cld	mov	$inp,%rsi	lea	8+$ivec,%rdi	.long	0x9066A4F3		# rep movsb	popfq.Lcbc_enc_popf:	lea	$ivec,$inp	lea	16+$ivec,%rax	mov	%rax,$_end	jmp	.Lcbc_eloop		# one more time.align	16.LCBC_DECRYPT:	xchg	$key,$keyend	add	\$15,%rdx	and	\$15,%rcx		# length residue	and	\$-16,%rdx	mov	$key,$_key	lea	($inp,%rdx),%rdx	mov	%rdx,$_end	mov	%rcx,$_res	mov	(%rbx),%rax		# load IV	mov	8(%rbx),%rbx	jmp	.Lcbc_dloop.align	16.Lcbc_dloop:	mov	0($inp),@S[0]	mov	4($inp),@S[1]	mov	8($inp),@S[2]	bswap	@S[0]	mov	12($inp),@S[3]	bswap	@S[1]	mov	%rax,0+$ivec		# save IV to temporary storage	bswap	@S[2]	mov	%rbx,8+$ivec	bswap	@S[3]	call	_x86_64_Camellia_decrypt	mov	$_key,$key		# "rewind" the key	mov	$_end,%rdx	mov	$_res,%rcx	bswap	@S[0]	mov	($inp),%rax		# load IV for next iteration	bswap	@S[1]	mov	8($inp),%rbx	bswap	@S[2]	xor	0+$ivec,@S[0]	bswap	@S[3]	xor	4+$ivec,@S[1]	xor	8+$ivec,@S[2]	lea	16($inp),$inp	xor	12+$ivec,@S[3]	cmp	%rdx,$inp	je	.Lcbc_ddone	mov	@S[0],0($out)	mov	@S[1],4($out)	mov	@S[2],8($out)	mov	@S[3],12($out)	lea	16($out),$out	jmp	.Lcbc_dloop.align	16.Lcbc_ddone:	mov	$_ivp,%rdx	cmp	\$0,%rcx	jne	.Lcbc_dec_tail	mov	@S[0],0($out)	mov	@S[1],4($out)	mov	@S[2],8($out)	mov	@S[3],12($out)	mov	%rax,(%rdx)		# write out IV residue	mov	%rbx,8(%rdx)	jmp	.Lcbc_done.align	16.Lcbc_dec_tail:	mov	@S[0],0+$ivec	mov	@S[1],4+$ivec	mov	@S[2],8+$ivec	mov	@S[3],12+$ivec.Lcbc_dec_pushf:	pushfq	cld	lea	8+$ivec,%rsi	lea	($out),%rdi	.long	0x9066A4F3		# rep movsb	popfq.Lcbc_dec_popf:	mov	%rax,(%rdx)		# write out IV residue	mov	%rbx,8(%rdx)	jmp	.Lcbc_done.align	16.Lcbc_done:	mov	$_rsp,%rcx	mov	0(%rcx),%r15	mov	8(%rcx),%r14	mov	16(%rcx),%r13	mov	24(%rcx),%r12	mov	32(%rcx),%rbp	mov	40(%rcx),%rbx	lea	48(%rcx),%rsp.Lcbc_abort:	ret.size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt.asciz	"Camellia for x86_64 by <appro@openssl.org>"___}# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,#		CONTEXT *context,DISPATCHER_CONTEXT *disp)if ($win64) {$rec="%rcx";$frame="%rdx";$context="%r8";$disp="%r9";$code.=<<___;.extern	__imp_RtlVirtualUnwind.type	common_se_handler,\@abi-omnipotent.align	16common_se_handler:	push	%rsi	push	%rdi	push	%rbx	push	%rbp	push	%r12	push	%r13	push	%r14	push	%r15	pushfq	lea	-64(%rsp),%rsp	mov	120($context),%rax	# pull context->Rax	mov	248($context),%rbx	# pull context->Rip	mov	8($disp),%rsi		# disp->ImageBase	mov	56($disp),%r11		# disp->HandlerData	mov	0(%r11),%r10d		# HandlerData[0]	lea	(%rsi,%r10),%r10	# prologue label	cmp	%r10,%rbx		# context->Rip<prologue label	jb	.Lin_prologue	mov	152($context),%rax	# pull context->Rsp	mov	4(%r11),%r10d		# HandlerData[1]	lea	(%rsi,%r10),%r10	# epilogue label	cmp	%r10,%rbx		# context->Rip>=epilogue label	jae	.Lin_prologue	lea	40(%rax),%rax	mov	-8(%rax),%rbx	mov	-16(%rax),%rbp	mov	-24(%rax),%r13	mov	-32(%rax),%r14	mov	-40(%rax),%r15	mov	%rbx,144($context)	# restore context->Rbx	mov	%rbp,160($context)	# restore context->Rbp	mov	%r13,224($context)	# restore context->R13	mov	%r14,232($context)	# restore context->R14	mov	%r15,240($context)	# restore context->R15.Lin_prologue:	mov	8(%rax),%rdi	mov	16(%rax),%rsi	mov	%rax,152($context)	# restore context->Rsp	mov	%rsi,168($context)	# restore context->Rsi	mov	%rdi,176($context)	# restore context->Rdi	jmp	.Lcommon_seh_exit.size	common_se_handler,.-common_se_handler.type	cbc_se_handler,\@abi-omnipotent.align	16cbc_se_handler:	push	%rsi	push	%rdi	push	%rbx	push	%rbp	push	%r12	push	%r13	push	%r14	push	%r15	pushfq	lea	-64(%rsp),%rsp	mov	120($context),%rax	# pull context->Rax	mov	248($context),%rbx	# pull context->Rip	lea	.Lcbc_prologue(%rip),%r10	cmp	%r10,%rbx		# context->Rip<.Lcbc_prologue	jb	.Lin_cbc_prologue	lea	.Lcbc_body(%rip),%r10	cmp	%r10,%rbx		# context->Rip<.Lcbc_body	jb	.Lin_cbc_frame_setup	mov	152($context),%rax	# pull context->Rsp	lea	.Lcbc_abort(%rip),%r10	cmp	%r10,%rbx		# context->Rip>=.Lcbc_abort	jae	.Lin_cbc_prologue	# handle pushf/popf in Camellia_cbc_encrypt	lea	.Lcbc_enc_pushf(%rip),%r10	cmp	%r10,%rbx		# context->Rip<=.Lcbc_enc_pushf	jbe	.Lin_cbc_no_flag	lea	8(%rax),%rax	lea	.Lcbc_enc_popf(%rip),%r10	cmp	%r10,%rbx		# context->Rip<.Lcbc_enc_popf	jb	.Lin_cbc_no_flag	lea	-8(%rax),%rax	lea	.Lcbc_dec_pushf(%rip),%r10	cmp	%r10,%rbx		# context->Rip<=.Lcbc_dec_pushf	jbe	.Lin_cbc_no_flag	lea	8(%rax),%rax	lea	.Lcbc_dec_popf(%rip),%r10	cmp	%r10,%rbx		# context->Rip<.Lcbc_dec_popf	jb	.Lin_cbc_no_flag	lea	-8(%rax),%rax.Lin_cbc_no_flag:	mov	48(%rax),%rax		# $_rsp	lea	48(%rax),%rax.Lin_cbc_frame_setup:	mov	-8(%rax),%rbx	mov	-16(%rax),%rbp	mov	-24(%rax),%r12	mov	-32(%rax),%r13	mov	-40(%rax),%r14	mov	-48(%rax),%r15	mov	%rbx,144($context)	# restore context->Rbx	mov	%rbp,160($context)	# restore context->Rbp	mov	%r12,216($context)	# restore context->R12	mov	%r13,224($context)	# restore context->R13	mov	%r14,232($context)	# restore context->R14	mov	%r15,240($context)	# restore context->R15.Lin_cbc_prologue:	mov	8(%rax),%rdi	mov	16(%rax),%rsi	mov	%rax,152($context)	# restore context->Rsp	mov	%rsi,168($context)	# restore context->Rsi	mov	%rdi,176($context)	# restore context->Rdi.align	4.Lcommon_seh_exit:	mov	40($disp),%rdi		# disp->ContextRecord	mov	$context,%rsi		# context	mov	\$`1232/8`,%ecx		# sizeof(CONTEXT)	.long	0xa548f3fc		# cld; rep movsq	mov	$disp,%rsi	xor	%rcx,%rcx		# arg1, UNW_FLAG_NHANDLER	mov	8(%rsi),%rdx		# arg2, disp->ImageBase	mov	0(%rsi),%r8		# arg3, disp->ControlPc	mov	16(%rsi),%r9		# arg4, disp->FunctionEntry	mov	40(%rsi),%r10		# disp->ContextRecord	lea	56(%rsi),%r11		# &disp->HandlerData	lea	24(%rsi),%r12		# &disp->EstablisherFrame	mov	%r10,32(%rsp)		# arg5	mov	%r11,40(%rsp)		# arg6	mov	%r12,48(%rsp)		# arg7	mov	%rcx,56(%rsp)		# arg8, (NULL)	call	*__imp_RtlVirtualUnwind(%rip)	mov	\$1,%eax		# ExceptionContinueSearch	lea	64(%rsp),%rsp	popfq	pop	%r15	pop	%r14	pop	%r13	pop	%r12	pop	%rbp	pop	%rbx	pop	%rdi	pop	%rsi	ret.size	cbc_se_handler,.-cbc_se_handler.section	.pdata.align	4	.rva	.LSEH_begin_Camellia_EncryptBlock_Rounds	.rva	.LSEH_end_Camellia_EncryptBlock_Rounds	.rva	.LSEH_info_Camellia_EncryptBlock_Rounds	.rva	.LSEH_begin_Camellia_DecryptBlock_Rounds	.rva	.LSEH_end_Camellia_DecryptBlock_Rounds	.rva	.LSEH_info_Camellia_DecryptBlock_Rounds	.rva	.LSEH_begin_Camellia_Ekeygen	.rva	.LSEH_end_Camellia_Ekeygen	.rva	.LSEH_info_Camellia_Ekeygen	.rva	.LSEH_begin_Camellia_cbc_encrypt	.rva	.LSEH_end_Camellia_cbc_encrypt	.rva	.LSEH_info_Camellia_cbc_encrypt.section	.xdata.align	8.LSEH_info_Camellia_EncryptBlock_Rounds:	.byte	9,0,0,0	.rva	common_se_handler	.rva	.Lenc_prologue,.Lenc_epilogue	# HandlerData[].LSEH_info_Camellia_DecryptBlock_Rounds:	.byte	9,0,0,0	.rva	common_se_handler	.rva	.Ldec_prologue,.Ldec_epilogue	# HandlerData[].LSEH_info_Camellia_Ekeygen:	.byte	9,0,0,0	.rva	common_se_handler	.rva	.Lkey_prologue,.Lkey_epilogue	# HandlerData[].LSEH_info_Camellia_cbc_encrypt:	.byte	9,0,0,0	.rva	cbc_se_handler___}$code =~ s/\`([^\`]*)\`/eval $1/gem;print $code;close STDOUT;