Commit 8d55f844 authored by Matt Caswell's avatar Matt Caswell
Browse files

Manual formatting tweaks to Curve448 code 



Following running openssl-format-source there were a lot of manual tweaks
that were requried.

Reviewed-by: default avatarBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
parent 205fd638

crypto/ec/curve448/arch_32/f_impl.c

+1 −3
Original line number Diff line number Diff line
@@ -24,13 +24,11 @@ void gf_mul(gf_s * __restrict__ cs, const gf as, const gf bs) 
{

    const uint32_t *a = as->limb, *b = bs->limb;

    uint32_t *c = cs->limb;



    uint64_t accum0 = 0, accum1 = 0, accum2 = 0;

    uint32_t mask = (1 << 28) - 1;



    uint32_t aa[8], bb[8];



    int i, j;



    for (i = 0; i < 8; i++) {

        aa[i] = a[i] + a[i + 8];

        bb[i] = b[i] + b[i + 8];

crypto/ec/curve448/arch_32/f_impl.h

+2 −4
Original line number Diff line number Diff line
@@ -39,10 +39,9 @@ void gf_bias(gf a, int amt) 
    unsigned int i;

    uint32_t co1 = ((1 << 28) - 1) * amt, co2 = co1 - amt;



    for (i = 0; i < sizeof(*a) / sizeof(a->limb[0]); i++) {

    for (i = 0; i < sizeof(*a) / sizeof(a->limb[0]); i++)

        a->limb[i] += (i == sizeof(*a) / sizeof(a->limb[0]) / 2) ? co2 : co1;

}

}



void gf_weak_reduce(gf a)

{
@@ -51,8 +50,7 @@ void gf_weak_reduce(gf a) 
    unsigned int i;



    a->limb[8] += tmp;

    for (i = 15; i > 0; i--) {

    for (i = 15; i > 0; i--)

        a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 28);

    }

    a->limb[0] = (a->limb[0] & mask) + tmp;

}

crypto/ec/curve448/arch_arm_32/arch_intrinsics.h

+2 −1
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ static __inline__ __attribute((always_inline, unused)) 
uint32_t word_is_zero(uint32_t a)

{

    uint32_t ret;



    asm("subs %0, %1, #1;\n\tsbc %0, %0, %0": "=r"(ret): "r"(a):"cc");

    return ret;

}

crypto/ec/curve448/arch_arm_32/f_impl.c

+17 −16
Original line number Diff line number Diff line
@@ -19,10 +19,11 @@ static inline void __attribute__ ((gnu_inline, always_inline)) 
#ifdef  __ARMEL__

    uint32_t lo = *acc, hi = (*acc) >> 32;



    __asm__ __volatile__("smlal %[lo], %[hi], %[a], %[b]":[lo] "+&r"(lo),

                         [hi] "+&r"(hi)

    __asm__ __volatile__ ("smlal %[lo], %[hi], %[a], %[b]"

                          : [lo]"+&r"(lo), [hi]"+&r"(hi)

                          : [a]"r"(a), [b]"r"(b));





    *acc = lo + (((uint64_t)hi) << 32);

#else

    *acc += (int64_t)(int32_t)a *(int64_t)(int32_t)b;
@@ -35,10 +36,12 @@ static inline void __attribute__ ((gnu_inline, always_inline)) 
#ifdef __ARMEL__

    uint32_t lo = *acc, hi = (*acc) >> 32;



    __asm__ __volatile__("smlal %[lo], %[hi], %[a], %[b]":[lo] "+&r"(lo),

                         [hi] "+&r"(hi)

    __asm__ __volatile__ ("smlal %[lo], %[hi], %[a], %[b]"

                          : [lo]"+&r"(lo), [hi]"+&r"(hi)

                          : [a]"r"(a), [b]"r"(2 * b));







    *acc = lo + (((uint64_t)hi) << 32);

#else

    *acc += (int64_t)(int32_t)a *(int64_t)(int32_t)(b * 2);
@@ -51,8 +54,8 @@ static inline void __attribute__ ((gnu_inline, always_inline)) 
#ifdef __ARMEL__

    uint32_t lo, hi;



    __asm__ __volatile__("smull %[lo], %[hi], %[a], %[b]":[lo] "=&r"(lo),

                         [hi] "=&r"(hi)

    __asm__ __volatile__ ("smull %[lo], %[hi], %[a], %[b]"

                          : [lo]"=&r"(lo), [hi]"=&r"(hi)

                          : [a]"r"(a), [b]"r"(b));



    *acc = lo + (((uint64_t)hi) << 32);
@@ -729,16 +732,14 @@ void gf_sqr(gf_s * __restrict__ cs, const gf as) 
void gf_mulw_unsigned(gf_s * __restrict__ cs, const gf as, uint32_t b)

{

    uint32_t mask = (1ull << 28) - 1;

    assert(b <= mask);



    const uint32_t *a = as->limb;

    uint32_t *c = cs->limb;



    uint64_t accum0, accum8;



    int i;



    uint32_t c0, c8, n0, n8;



    assert(b <= mask);



    c0 = a[0];

    c8 = a[8];

    accum0 = widemul(b, c0);

crypto/ec/curve448/arch_arm_32/f_impl.h

+2 −8
Original line number Diff line number Diff line
@@ -23,10 +23,6 @@ void gf_add_RAW(gf out, const gf a, const gf b) 
        ((uint32xn_t *) out)[i] =

            ((const uint32xn_t *)a)[i] + ((const uint32xn_t *)b)[i];

    }

    /*

     * for (unsigned int i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {

     * out->limb[i] = a->limb[i] + b->limb[i]; }

     */

}



void gf_sub_RAW(gf out, const gf a, const gf b)
@@ -35,10 +31,6 @@ void gf_sub_RAW(gf out, const gf a, const gf b) 
        ((uint32xn_t *) out)[i] =

            ((const uint32xn_t *)a)[i] - ((const uint32xn_t *)b)[i];

    }

    /*

     * for (unsigned int i=0; i<sizeof(*out)/sizeof(out->limb[0]); i++) {

     * out->limb[i] = a->limb[i] - b->limb[i]; }

     */

}



void gf_bias(gf a, int amt)
@@ -47,6 +39,7 @@ void gf_bias(gf a, int amt) 
    uint32x4_t lo = { co1, co1, co1, co1 }, hi = {

    co2, co1, co1, co1};

    uint32x4_t *aa = (uint32x4_t *) a;



    aa[0] += lo;

    aa[1] += lo;

    aa[2] += hi;
@@ -57,6 +50,7 @@ void gf_weak_reduce(gf a) 
{

    uint64_t mask = (1ull << 28) - 1;

    uint64_t tmp = a->limb[15] >> 28;



    a->limb[8] += tmp;

    for (unsigned int i = 15; i > 0; i--) {

        a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 28);