From 909c68ae7253a718993cf9d89412e4c9b403eb9b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 7 Feb 2018 17:03:14 +0000 Subject: [PATCH] Yet more style updates to the curve448 code Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/5105) --- crypto/ec/curve448/curve448.c | 25 +++++++++++++++---------- crypto/ec/curve448/point_448.h | 5 ++--- crypto/ec/curve448/scalar.c | 4 ++-- crypto/ec/curve448/word.h | 5 ----- 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c index 1459976981..7c43a758f9 100644 --- a/crypto/ec/curve448/curve448.c +++ b/crypto/ec/curve448/curve448.c @@ -33,7 +33,7 @@ static const curve448_scalar_t precomputed_scalarmul_adjustment = { } }; -#define TWISTED_D ((EDWARDS_D)-1) +#define TWISTED_D (EDWARDS_D - 1) #define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ @@ -385,7 +385,7 @@ c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES], mask_t swap = 0; mask_t nz; - ignore_result(gf_deserialize(x1, base, 1, 0)); + (void)gf_deserialize(x1, base, 1, 0); gf_copy(x2, ONE); gf_copy(z2, ZERO); gf_copy(x3, x1); @@ -409,25 +409,30 @@ c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES], gf_cond_swap(z2, z3, swap); swap = k_t; - gf_add_nr(t1, x2, z2); /* A = x2 + z2 *//* 2+e */ - gf_sub_nr(t2, x2, z2); /* B = x2 - z2 *//* 3+e */ - gf_sub_nr(z2, x3, z3); /* D = x3 - z3 *//* 3+e */ + /* + * The "_nr" below skips coefficient reduction. In the following + * comments, "2+e" is saying that the coefficients are at most 2+epsilon + * times the reduction limit. + */ + gf_add_nr(t1, x2, z2); /* A = x2 + z2 */ /* 2+e */ + gf_sub_nr(t2, x2, z2); /* B = x2 - z2 */ /* 3+e */ + gf_sub_nr(z2, x3, z3); /* D = x3 - z3 */ /* 3+e */ gf_mul(x2, t1, z2); /* DA */ - gf_add_nr(z2, z3, x3); /* C = x3 + z3 *//* 2+e */ + gf_add_nr(z2, z3, x3); /* C = x3 + z3 */ /* 2+e */ gf_mul(x3, t2, z2); /* CB */ - gf_sub_nr(z3, x2, x3); /* DA-CB *//* 3+e */ + gf_sub_nr(z3, x2, x3); /* DA-CB */ /* 3+e */ gf_sqr(z2, z3); /* (DA-CB)^2 */ gf_mul(z3, x1, z2); /* z3 = x1(DA-CB)^2 */ - gf_add_nr(z2, x2, x3); /* (DA+CB) *//* 2+e */ + gf_add_nr(z2, x2, x3); /* (DA+CB) */ /* 2+e */ gf_sqr(x3, z2); /* x3 = (DA+CB)^2 */ gf_sqr(z2, t1); /* AA = A^2 */ gf_sqr(t1, t2); /* BB = B^2 */ gf_mul(x2, z2, t1); /* x2 = AA*BB */ - gf_sub_nr(t2, z2, t1); /* E = AA-BB *//* 3+e */ + gf_sub_nr(t2, z2, t1); /* E = AA-BB */ /* 3+e */ gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */ - gf_add_nr(t1, t1, z2); /* AA + a24*E *//* 2+e */ + gf_add_nr(t1, t1, z2); /* AA + a24*E */ /* 2+e */ gf_mul(z2, t2, t1); /* z2 = E(AA+a24*E) */ } diff --git a/crypto/ec/curve448/point_448.h b/crypto/ec/curve448/point_448.h index 326718b305..219d9f7641 100644 --- a/crypto/ec/curve448/point_448.h +++ b/crypto/ec/curve448/point_448.h @@ -92,9 +92,8 @@ extern const niels_t *curve448_wnaf_base; * C448_FAILURE: The scalar was greater than the modulus, and has been reduced * modulo that modulus. */ -__owur c448_error_t curve448_scalar_decode( - curve448_scalar_t out, - const unsigned char ser[C448_SCALAR_BYTES]); +c448_error_t curve448_scalar_decode(curve448_scalar_t out, + const unsigned char ser[C448_SCALAR_BYTES]); /* * Read a scalar from wire format or from bytes. Reduces mod scalar prime. diff --git a/crypto/ec/curve448/scalar.c b/crypto/ec/curve448/scalar.c index f899ce2ae6..0f14bc4b98 100644 --- a/crypto/ec/curve448/scalar.c +++ b/crypto/ec/curve448/scalar.c @@ -39,7 +39,7 @@ static const curve448_scalar_t sc_p = { #define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ const curve448_scalar_t curve448_scalar_one = {{{1}}}; -const curve448_scalar_t curve448_scalar_zero = {{{0}}}; +const curve448_scalar_t curve448_scalar_zero = {{{0}}}; /* * {extra,accum} - sub +? p @@ -198,7 +198,7 @@ void curve448_scalar_decode_long(curve448_scalar_t s, while (i) { i -= C448_SCALAR_BYTES; sc_montmul(t1, t1, sc_r2); - ignore_result(curve448_scalar_decode(t2, ser + i)); + (void)curve448_scalar_decode(t2, ser + i); curve448_scalar_add(t1, t1, t2); } diff --git a/crypto/ec/curve448/word.h b/crypto/ec/curve448/word.h index 179d70b853..6067404e65 100644 --- a/crypto/ec/curve448/word.h +++ b/crypto/ec/curve448/word.h @@ -101,9 +101,4 @@ static ossl_inline mask_t bool_to_mask(c448_bool_t m) return ret; } -static ossl_inline void ignore_result(c448_bool_t boo) -{ - (void)boo; -} - #endif /* HEADER_WORD_H */ -- 2.25.1