symm/gcm-*.S (mul256): Label the partial-product terms correctly.

Two problems in three letters:

  * the middle term was written as `d', rather than `b' as introduced in
    the previous paragraph; and

  * the three are listed in the wrong order.

diff --git a/symm/gcm-arm-crypto.S b/symm/gcm-arm-crypto.S
index 166a5b7..8861e60 100644 (file)
--- a/symm/gcm-arm-crypto.S
+++ b/symm/gcm-arm-crypto.S
@@ -415,7 +415,7 @@
        //
        //      q = r s = (u_0 + u_1) (v_0 + v_1)
        //        = (u_0 v_0) + (u1 v_1) + (u_0 v_1 + u_1 v_0)
-       //        = a + d + c
+       //        = a + c + b
        //
        // The first two terms we've already calculated; the last is the
        // remaining one we want.  We'll set B = t^128.  We know how to do

diff --git a/symm/gcm-arm64-pmull.S b/symm/gcm-arm64-pmull.S
index 97bb3bf..dcd8c45 100644 (file)
--- a/symm/gcm-arm64-pmull.S
+++ b/symm/gcm-arm64-pmull.S
@@ -338,7 +338,7 @@
        //
        //      q = r s = (u_0 + u_1) (v_0 + v_1)
        //        = (u_0 v_0) + (u1 v_1) + (u_0 v_1 + u_1 v_0)
-       //        = a + d + c
+       //        = a + c + b
        //
        // The first two terms we've already calculated; the last is the
        // remaining one we want.  We'll set B = t^128.  We know how to do

diff --git a/symm/gcm-x86ish-pclmul.S b/symm/gcm-x86ish-pclmul.S
index 5f0c754..d56cfd1 100644 (file)
--- a/symm/gcm-x86ish-pclmul.S
+++ b/symm/gcm-x86ish-pclmul.S
@@ -559,7 +559,7 @@
        //
        //      q = r s = (u_0 + u_1) (v_0 + v_1)
        //        = (u_0 v_0) + (u1 v_1) + (u_0 v_1 + u_1 v_0)
-       //        = a + d + c
+       //        = a + c + b
        //
        // The first two terms we've already calculated; the last is the
        // remaining one we want.  We'll set B = t^128.  We know how to do