sub \$0x80,$len()

in crypto/fipsmodule/aes/asm/aesni-x86_64.pl [2940:3176]

• 225 lines of code
• 3 McCabe index (conditional complexity)

	sub	\$0x80,$len
	ja	.Lcbc_dec_loop8

	movaps	$inout7,$inout0
	lea	-0x70($key),$key
	add	\$0x70,$len
	jle	.Lcbc_dec_clear_tail_collected
	movups	$inout7,($out)
	lea	0x10($out),$out
	cmp	\$0x50,$len
	jbe	.Lcbc_dec_tail

	movaps	$in0,$inout0
.Lcbc_dec_six_or_seven:
	cmp	\$0x60,$len
	ja	.Lcbc_dec_seven

	movaps	$inout5,$inout6
	call	_aesni_decrypt6
	pxor	$iv,$inout0		# ^= IV
	movaps	$inout6,$iv
	pxor	$in0,$inout1
	movdqu	$inout0,($out)
	pxor	$in1,$inout2
	movdqu	$inout1,0x10($out)
	 pxor	$inout1,$inout1		# clear register bank
	pxor	$in2,$inout3
	movdqu	$inout2,0x20($out)
	 pxor	$inout2,$inout2
	pxor	$in3,$inout4
	movdqu	$inout3,0x30($out)
	 pxor	$inout3,$inout3
	pxor	$in4,$inout5
	movdqu	$inout4,0x40($out)
	 pxor	$inout4,$inout4
	lea	0x50($out),$out
	movdqa	$inout5,$inout0
	 pxor	$inout5,$inout5
	jmp	.Lcbc_dec_tail_collected

.align	16
.Lcbc_dec_seven:
	movups	0x60($inp),$inout6
	xorps	$inout7,$inout7
	call	_aesni_decrypt8
	movups	0x50($inp),$inout7
	pxor	$iv,$inout0		# ^= IV
	movups	0x60($inp),$iv
	pxor	$in0,$inout1
	movdqu	$inout0,($out)
	pxor	$in1,$inout2
	movdqu	$inout1,0x10($out)
	 pxor	$inout1,$inout1		# clear register bank
	pxor	$in2,$inout3
	movdqu	$inout2,0x20($out)
	 pxor	$inout2,$inout2
	pxor	$in3,$inout4
	movdqu	$inout3,0x30($out)
	 pxor	$inout3,$inout3
	pxor	$in4,$inout5
	movdqu	$inout4,0x40($out)
	 pxor	$inout4,$inout4
	pxor	$inout7,$inout6
	movdqu	$inout5,0x50($out)
	 pxor	$inout5,$inout5
	lea	0x60($out),$out
	movdqa	$inout6,$inout0
	 pxor	$inout6,$inout6
	 pxor	$inout7,$inout7
	jmp	.Lcbc_dec_tail_collected

.Lcbc_dec_tail:
	movups	($inp),$inout0
	sub	\$0x10,$len
	jbe	.Lcbc_dec_one		# $len is 1*16 or less

	movups	0x10($inp),$inout1
	movaps	$inout0,$in0
	sub	\$0x10,$len
	jbe	.Lcbc_dec_two		# $len is 2*16 or less

	movups	0x20($inp),$inout2
	movaps	$inout1,$in1
	sub	\$0x10,$len
	jbe	.Lcbc_dec_three		# $len is 3*16 or less

	movups	0x30($inp),$inout3
	movaps	$inout2,$in2
	sub	\$0x10,$len
	jbe	.Lcbc_dec_four		# $len is 4*16 or less

	movups	0x40($inp),$inout4	# $len is 5*16 or less
	movaps	$inout3,$in3
	movaps	$inout4,$in4
	xorps	$inout5,$inout5
	call	_aesni_decrypt6
	pxor	$iv,$inout0
	movaps	$in4,$iv
	pxor	$in0,$inout1
	movdqu	$inout0,($out)
	pxor	$in1,$inout2
	movdqu	$inout1,0x10($out)
	 pxor	$inout1,$inout1		# clear register bank
	pxor	$in2,$inout3
	movdqu	$inout2,0x20($out)
	 pxor	$inout2,$inout2
	pxor	$in3,$inout4
	movdqu	$inout3,0x30($out)
	 pxor	$inout3,$inout3
	lea	0x40($out),$out
	movdqa	$inout4,$inout0
	 pxor	$inout4,$inout4
	 pxor	$inout5,$inout5
	sub	\$0x10,$len
	jmp	.Lcbc_dec_tail_collected

.align	16
.Lcbc_dec_one:
	movaps	$inout0,$in0
___
	&aesni_generate1("dec",$key,$rounds);
$code.=<<___;
	xorps	$iv,$inout0
	movaps	$in0,$iv
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_two:
	movaps	$inout1,$in1
	call	_aesni_decrypt2
	pxor	$iv,$inout0
	movaps	$in1,$iv
	pxor	$in0,$inout1
	movdqu	$inout0,($out)
	movdqa	$inout1,$inout0
	 pxor	$inout1,$inout1		# clear register bank
	lea	0x10($out),$out
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_three:
	movaps	$inout2,$in2
	call	_aesni_decrypt3
	pxor	$iv,$inout0
	movaps	$in2,$iv
	pxor	$in0,$inout1
	movdqu	$inout0,($out)
	pxor	$in1,$inout2
	movdqu	$inout1,0x10($out)
	 pxor	$inout1,$inout1		# clear register bank
	movdqa	$inout2,$inout0
	 pxor	$inout2,$inout2
	lea	0x20($out),$out
	jmp	.Lcbc_dec_tail_collected
.align	16
.Lcbc_dec_four:
	movaps	$inout3,$in3
	call	_aesni_decrypt4
	pxor	$iv,$inout0
	movaps	$in3,$iv
	pxor	$in0,$inout1
	movdqu	$inout0,($out)
	pxor	$in1,$inout2
	movdqu	$inout1,0x10($out)
	 pxor	$inout1,$inout1		# clear register bank
	pxor	$in2,$inout3
	movdqu	$inout2,0x20($out)
	 pxor	$inout2,$inout2
	movdqa	$inout3,$inout0
	 pxor	$inout3,$inout3
	lea	0x30($out),$out
	jmp	.Lcbc_dec_tail_collected

.align	16
.Lcbc_dec_clear_tail_collected:
	pxor	$inout1,$inout1		# clear register bank
	pxor	$inout2,$inout2
	pxor	$inout3,$inout3
___
$code.=<<___ if (!$win64);
	pxor	$inout4,$inout4		# %xmm6..9
	pxor	$inout5,$inout5
	pxor	$inout6,$inout6
	pxor	$inout7,$inout7
___
$code.=<<___;
.Lcbc_dec_tail_collected:
	movups	$iv,($ivp)
	and	\$15,$len
	jnz	.Lcbc_dec_tail_partial
	movups	$inout0,($out)
	pxor	$inout0,$inout0
	jmp	.Lcbc_dec_ret
.align	16
.Lcbc_dec_tail_partial:
	movaps	$inout0,(%rsp)
	pxor	$inout0,$inout0
	mov	\$16,%rcx
	mov	$out,%rdi
	sub	$len,%rcx
	lea	(%rsp),%rsi
	.long	0x9066A4F3		# rep movsb
	movdqa	$inout0,(%rsp)

.Lcbc_dec_ret:
	xorps	$rndkey0,$rndkey0	# %xmm0
	pxor	$rndkey1,$rndkey1
___
$code.=<<___ if ($win64);
	movaps	0x10(%rsp),%xmm6
	movaps	%xmm0,0x10(%rsp)	# clear stack
	movaps	0x20(%rsp),%xmm7
	movaps	%xmm0,0x20(%rsp)
	movaps	0x30(%rsp),%xmm8
	movaps	%xmm0,0x30(%rsp)
	movaps	0x40(%rsp),%xmm9
	movaps	%xmm0,0x40(%rsp)
	movaps	0x50(%rsp),%xmm10
	movaps	%xmm0,0x50(%rsp)
	movaps	0x60(%rsp),%xmm11
	movaps	%xmm0,0x60(%rsp)
	movaps	0x70(%rsp),%xmm12
	movaps	%xmm0,0x70(%rsp)
	movaps	0x80(%rsp),%xmm13
	movaps	%xmm0,0x80(%rsp)
	movaps	0x90(%rsp),%xmm14
	movaps	%xmm0,0x90(%rsp)
	movaps	0xa0(%rsp),%xmm15
	movaps	%xmm0,0xa0(%rsp)
___
$code.=<<___;
	mov	-8(%r11),%rbp
.cfi_restore	%rbp
	lea	(%r11),%rsp
.cfi_def_cfa_register	%rsp
.Lcbc_ret:
	ret
.cfi_endproc
.size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt