28 Limb LIMBS_are_zero(const Limb a[], size_t num_limbs) {  in LIMBS_are_zero()
29   Limb is_zero = CONSTTIME_TRUE_W;  in LIMBS_are_zero()
38 Limb LIMBS_equal(const Limb a[], const Limb b[], size_t num_limbs) {  in LIMBS_equal()
39   Limb eq = CONSTTIME_TRUE_W;  in LIMBS_equal()
47 Limb LIMBS_equal_limb(const Limb a[], Limb b, size_t num_limbs) {  in LIMBS_equal_limb()
52   Limb lo_equal = constant_time_eq_w(a[0], b);  in LIMBS_equal_limb()
53   Limb hi_zero = LIMBS_are_zero(&a[1], num_limbs - 1);  in LIMBS_equal_limb()
59 Limb LIMBS_are_even(const Limb a[], size_t num_limbs) {  in LIMBS_are_even()
60   Limb lo;  in LIMBS_are_even()
70 Limb LIMBS_less_than(const Limb a[], const Limb b[], size_t num_limbs) {  in LIMBS_less_than()
75   Limb dummy;  in LIMBS_less_than()
83 Limb LIMBS_less_than_limb(const Limb a[], Limb b, size_t num_limbs) {  in LIMBS_less_than_limb()
86   Limb dummy;  in LIMBS_less_than_limb()
87   Limb lo = constant_time_is_nonzero_w(limb_sub(&dummy, a[0], b));  in LIMBS_less_than_limb()
88   Limb hi = LIMBS_are_zero(&a[1], num_limbs - 1);  in LIMBS_less_than_limb()
93 void LIMBS_reduce_once(Limb r[], const Limb m[], size_t num_limbs) {  in LIMBS_reduce_once()
100   Limb lt = LIMBS_less_than(r, m, num_limbs);  in LIMBS_reduce_once()
113 void LIMBS_add_mod(Limb r[], const Limb a[], const Limb b[], const Limb m[],  in LIMBS_add_mod()
115   Limb overflow1 =  in LIMBS_add_mod()
117   Limb overflow2 = ~LIMBS_less_than(r, m, num_limbs);  in LIMBS_add_mod()
118   Limb overflow = overflow1 | overflow2;  in LIMBS_add_mod()
125 void LIMBS_sub_mod(Limb r[], const Limb a[], const Limb b[], const Limb m[],  in LIMBS_sub_mod()
127   Limb underflow =  in LIMBS_sub_mod()
135 void LIMBS_shl_mod(Limb r[], const Limb a[], const Limb m[], size_t num_limbs) {  in LIMBS_shl_mod()
136   Limb overflow1 =  in LIMBS_shl_mod()
138   Limb carry = 0;  in LIMBS_shl_mod()
140     Limb limb = a[i];  in LIMBS_shl_mod()
141     Limb new_carry = limb >> (LIMB_BITS - 1);  in LIMBS_shl_mod()
145   Limb overflow2 = ~LIMBS_less_than(r, m, num_limbs);  in LIMBS_shl_mod()
146   Limb overflow = overflow1 | overflow2;  in LIMBS_shl_mod()
153 int LIMBS_select_512_32(Limb r[], const Limb table[], size_t num_limbs,  in LIMBS_select_512_32()
162 static const Limb FIVE_BITS_MASK = 0x1f;
164 crypto_word LIMBS_window5_split_window(Limb lower_limb, Limb higher_limb, size_t index_within_word)…  in LIMBS_window5_split_window()
165   Limb high_bits = (higher_limb << (LIMB_BITS - index_within_word))  in LIMBS_window5_split_window()
170   Limb low_bits = lower_limb >> index_within_word;  in LIMBS_window5_split_window()
174 crypto_word LIMBS_window5_unsplit_window(Limb limb, size_t index_within_word) {  in LIMBS_window5_unsplit_window()
178 Limb LIMB_shr(Limb a, size_t shift) {  in LIMB_shr()
182 Limb GFp_limbs_mul_add_limb(Limb r[], const Limb a[], Limb b, size_t num_limbs) {  in GFp_limbs_mul_add_limb()
183   Limb carried = 0;  in GFp_limbs_mul_add_limb()
185     Limb lo;  in GFp_limbs_mul_add_limb()
186     Limb hi;  in GFp_limbs_mul_add_limb()
188     Limb tmp;  in GFp_limbs_mul_add_limb()