1 files changed, 36 insertions, 36 deletions
diff --git a/src/lib/libcrypto/ec/ecp_nistp224.c b/src/lib/libcrypto/ec/ecp_nistp224.c
index 10ade9dbb5..4ed45df896 100644
--- a/src/lib/libcrypto/ec/ecp_nistp224.c
+++ b/src/lib/libcrypto/ec/ecp_nistp224.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp224.c,v 1.25 2021/04/20 17:28:18 tb Exp $ */
+/* $OpenBSD: ecp_nistp224.c,v 1.26 2021/04/20 17:38:02 tb Exp $ */
 /*
 * Written by Emilia Kasper (Google) for the OpenSSL project.
 */
@@ -278,7 +278,7 @@ EC_GFp_nistp224_method(void)
 }
 /* Helper functions to convert field elements to/from internal representation */
-static void 
+static void
 bin28_to_felem(felem out, const u8 in[28])
 {
        out[0] = *((const uint64_t *) (in)) & 0x00ffffffffffffff;
@@ -287,7 +287,7 @@ bin28_to_felem(felem out, const u8 in[28])
        out[3] = (*((const uint64_t *) (in + 21))) & 0x00ffffffffffffff;
 }
-static void 
+static void
 felem_to_bin28(u8 out[28], const felem in)
 {
        unsigned i;
@@ -300,7 +300,7 @@ felem_to_bin28(u8 out[28], const felem in)
 }
 /* To preserve endianness when using BN_bn2bin and BN_bin2bn */
-static void 
+static void
 flip_endian(u8 * out, const u8 * in, unsigned len)
 {
        unsigned i;
@@ -309,7 +309,7 @@ flip_endian(u8 * out, const u8 * in, unsigned len)
 }
 /* From OpenSSL BIGNUM to internal representation */
-static int 
+static int
 BN_to_felem(felem out, const BIGNUM * bn)
 {
        felem_bytearray b_in;
@@ -353,7 +353,7 @@ felem_to_BN(BIGNUM * out, const felem in)
 *
 */
-static void 
+static void
 felem_one(felem out)
 {
        out[0] = 1;
@@ -362,7 +362,7 @@ felem_one(felem out)
        out[3] = 0;
 }
-static void 
+static void
 felem_assign(felem out, const felem in)
 {
        out[0] = in[0];
@@ -372,7 +372,7 @@ felem_assign(felem out, const felem in)
 }
 /* Sum two field elements: out += in */
-static void 
+static void
 felem_sum(felem out, const felem in)
 {
        out[0] += in[0];
@@ -383,7 +383,7 @@ felem_sum(felem out, const felem in)
 /* Get negative value: out = -in */
 /* Assumes in[i] < 2^57 */
-static void 
+static void
 felem_neg(felem out, const felem in)
 {
        static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
@@ -400,7 +400,7 @@ felem_neg(felem out, const felem in)
 /* Subtract field elements: out -= in */
 /* Assumes in[i] < 2^57 */
-static void 
+static void
 felem_diff(felem out, const felem in)
 {
        static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
@@ -422,7 +422,7 @@ felem_diff(felem out, const felem in)
 /* Subtract in unreduced 128-bit mode: out -= in */
 /* Assumes in[i] < 2^119 */
-static void 
+static void
 widefelem_diff(widefelem out, const widefelem in)
 {
        static const widelimb two120 = ((widelimb) 1) << 120;
@@ -451,7 +451,7 @@ widefelem_diff(widefelem out, const widefelem in)
 /* Subtract in mixed mode: out128 -= in64 */
 /* in[i] < 2^63 */
-static void 
+static void
 felem_diff_128_64(widefelem out, const felem in)
 {
        static const widelimb two64p8 = (((widelimb) 1) << 64) +
@@ -475,7 +475,7 @@ felem_diff_128_64(widefelem out, const felem in)
 /* Multiply a field element by a scalar: out = out * scalar
 * The scalars we actually use are small, so results fit without overflow */
-static void 
+static void
 felem_scalar(felem out, const limb scalar)
 {
        out[0] *= scalar;
@@ -486,7 +486,7 @@ felem_scalar(felem out, const limb scalar)
 /* Multiply an unreduced field element by a scalar: out = out * scalar
 * The scalars we actually use are small, so results fit without overflow */
-static void 
+static void
 widefelem_scalar(widefelem out, const widelimb scalar)
 {
        out[0] *= scalar;
@@ -499,7 +499,7 @@ widefelem_scalar(widefelem out, const widelimb scalar)
 }
 /* Square a field element: out = in^2 */
-static void 
+static void
 felem_square(widefelem out, const felem in)
 {
        limb tmp0, tmp1, tmp2;
@@ -517,7 +517,7 @@ felem_square(widefelem out, const felem in)
 }
 /* Multiply two field elements: out = in1 * in2 */
-static void 
+static void
 felem_mul(widefelem out, const felem in1, const felem in2)
 {
        out[0] = ((widelimb) in1[0]) * in2[0];
@@ -535,7 +535,7 @@ felem_mul(widefelem out, const felem in1, const felem in2)
 /* Reduce seven 128-bit coefficients to four 64-bit coefficients.
 * Requires in[i] < 2^126,
 * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */
-static void 
+static void
 felem_reduce(felem out, const widefelem in)
 {
        static const widelimb two127p15 = (((widelimb) 1) << 127) +
@@ -599,7 +599,7 @@ felem_reduce(felem out, const widefelem in)
        out[3] = output[3];
 }
-static void 
+static void
 felem_square_reduce(felem out, const felem in)
 {
        widefelem tmp;
@@ -607,7 +607,7 @@ felem_square_reduce(felem out, const felem in)
        felem_reduce(out, tmp);
 }
-static void 
+static void
 felem_mul_reduce(felem out, const felem in1, const felem in2)
 {
        widefelem tmp;
@@ -617,7 +617,7 @@ felem_mul_reduce(felem out, const felem in1, const felem in2)
 /* Reduce to unique minimal representation.
 * Requires 0 <= in < 2*p (always call felem_reduce first) */
-static void 
+static void
 felem_contract(felem out, const felem in)
 {
        static const int64_t two56 = ((limb) 1) << 56;
@@ -674,7 +674,7 @@ felem_contract(felem out, const felem in)
 * We know that field elements are reduced to in < 2^225,
 * so we only need to check three cases: 0, 2^224 - 2^96 + 1,
 * and 2^225 - 2^97 + 2 */
-static limb 
+static limb
 felem_is_zero(const felem in)
 {
        limb zero, two224m96p1, two225m97p2;
@@ -690,7 +690,7 @@ felem_is_zero(const felem in)
        return (zero | two224m96p1 | two225m97p2);
 }
-static limb 
+static limb
 felem_is_zero_int(const felem in)
 {
        return (int) (felem_is_zero(in) & ((limb) 1));
@@ -698,7 +698,7 @@ felem_is_zero_int(const felem in)
 /* Invert a field element */
 /* Computation chain copied from djb's code */
-static void 
+static void
 felem_inv(felem out, const felem in)
 {
        felem ftmp, ftmp2, ftmp3, ftmp4;
@@ -897,7 +897,7 @@ point_double(felem x_out, felem y_out, felem z_out,
 * (while not equal to the point at infinity).
 * This case never happens during single point multiplication,
 * so there is no timing leak for ECDH or ECDSA signing. */
-static void 
+static void
 point_add(felem x3, felem y3, felem z3,
    const felem x1, const felem y1, const felem z1,
    const int mixed, const felem x2, const felem y2, const felem z2)
@@ -1057,7 +1057,7 @@ point_add(felem x3, felem y3, felem z3,
 /* select_point selects the |idx|th point from a precomputation table and
 * copies it to out. */
-static void 
+static void
 select_point(const u64 idx, unsigned int size, const felem pre_comp[ /* size */ ][3], felem out[3])
 {
        unsigned i, j;
@@ -1078,7 +1078,7 @@ select_point(const u64 idx, unsigned int size, const felem pre_comp[ /* size */
 }
 /* get_bit returns the |i|th bit in |in| */
-static char 
+static char
 get_bit(const felem_bytearray in, unsigned i)
 {
        if (i >= 224)
@@ -1091,7 +1091,7 @@ get_bit(const felem_bytearray in, unsigned i)
 * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple
 * of the generator, using certain (large) precomputed multiples in g_pre_comp.
 * Output point (X, Y, Z) is stored in x_out, y_out, z_out */
-static void 
+static void
 batch_mul(felem x_out, felem y_out, felem z_out,
    const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar,
    const int mixed, const felem pre_comp[][17][3], const felem g_pre_comp[2][16][3])
@@ -1211,7 +1211,7 @@ nistp224_pre_comp_dup(void *src_)
        return src_;
 }
-static void 
+static void
 nistp224_pre_comp_free(void *pre_)
 {
        int i;
@@ -1227,7 +1227,7 @@ nistp224_pre_comp_free(void *pre_)
        free(pre);
 }
-static void 
+static void
 nistp224_pre_comp_clear_free(void *pre_)
 {
        int i;
@@ -1247,7 +1247,7 @@ nistp224_pre_comp_clear_free(void *pre_)
 /*                         OPENSSL EC_METHOD FUNCTIONS
 */
-int 
+int
 ec_GFp_nistp224_group_init(EC_GROUP * group)
 {
        int ret;
@@ -1256,7 +1256,7 @@ ec_GFp_nistp224_group_init(EC_GROUP * group)
        return ret;
 }
-int 
+int
 ec_GFp_nistp224_group_set_curve(EC_GROUP * group, const BIGNUM * p,
    const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
 {
@@ -1290,7 +1290,7 @@ ec_GFp_nistp224_group_set_curve(EC_GROUP * group, const BIGNUM * p,
 /* Takes the Jacobian coordinates (X, Y, Z) of a point and returns
 * (X', Y') = (X/Z^2, Y/Z^3) */
-int 
+int
 ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
    const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
 {
@@ -1330,7 +1330,7 @@ ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
        return 1;
 }
-static void 
+static void
 make_points_affine(size_t num, felem points[ /* num */ ][3], felem tmp_felems[ /* num+1 */ ])
 {
        /*
@@ -1353,7 +1353,7 @@ make_points_affine(size_t num, felem points[ /* num */ ][3], felem tmp_felems[ /
 /* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL values
 * Result is stored in r (r can equal one of the inputs). */
-int 
+int
 ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
    const BIGNUM * scalar, size_t num, const EC_POINT * points[],
    const BIGNUM * scalars[], BN_CTX * ctx)
@@ -1548,7 +1548,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
        return ret;
 }
-int 
+int
 ec_GFp_nistp224_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
 {
        int ret = 0;
@@ -1675,7 +1675,7 @@ ec_GFp_nistp224_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
        return ret;
 }
-int 
+int
 ec_GFp_nistp224_have_precompute_mult(const EC_GROUP * group)
 {
        if (EC_EX_DATA_get_data(group->extra_data, nistp224_pre_comp_dup,

diff --git a/src/lib/libcrypto/ec/ecp_nistp224.c b/src/lib/libcrypto/ec/ecp_nistp224.c index 10ade9dbb5..4ed45df896 100644 --- a/src/lib/libcrypto/ec/ecp_nistp224.c +++ b/src/lib/libcrypto/ec/ecp_nistp224.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecp_nistp224.c,v 1.25 2021/04/20 17:28:18 tb Exp $ */	1	/* $OpenBSD: ecp_nistp224.c,v 1.26 2021/04/20 17:38:02 tb Exp $ */
2	/*	2	/*
3	* Written by Emilia Kasper (Google) for the OpenSSL project.	3	* Written by Emilia Kasper (Google) for the OpenSSL project.
4	*/	4	*/
@@ -278,7 +278,7 @@ EC_GFp_nistp224_method(void)
278	}	278	}
279		279
280	/* Helper functions to convert field elements to/from internal representation */	280	/* Helper functions to convert field elements to/from internal representation */
281	static void	281	static void
282	bin28_to_felem(felem out, const u8 in[28])	282	bin28_to_felem(felem out, const u8 in[28])
283	{	283	{
284	out[0] = ((const uint64_t ) (in)) & 0x00ffffffffffffff;	284	out[0] = ((const uint64_t ) (in)) & 0x00ffffffffffffff;
@@ -287,7 +287,7 @@ bin28_to_felem(felem out, const u8 in[28])
287	out[3] = (((const uint64_t ) (in + 21))) & 0x00ffffffffffffff;	287	out[3] = (((const uint64_t ) (in + 21))) & 0x00ffffffffffffff;
288	}	288	}
289		289
290	static void	290	static void
291	felem_to_bin28(u8 out[28], const felem in)	291	felem_to_bin28(u8 out[28], const felem in)
292	{	292	{
293	unsigned i;	293	unsigned i;
@@ -300,7 +300,7 @@ felem_to_bin28(u8 out[28], const felem in)
300	}	300	}
301		301
302	/* To preserve endianness when using BN_bn2bin and BN_bin2bn */	302	/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
303	static void	303	static void
304	flip_endian(u8 * out, const u8 * in, unsigned len)	304	flip_endian(u8 * out, const u8 * in, unsigned len)
305	{	305	{
306	unsigned i;	306	unsigned i;
@@ -309,7 +309,7 @@ flip_endian(u8 * out, const u8 * in, unsigned len)
309	}	309	}
310		310
311	/* From OpenSSL BIGNUM to internal representation */	311	/* From OpenSSL BIGNUM to internal representation */
312	static int	312	static int
313	BN_to_felem(felem out, const BIGNUM * bn)	313	BN_to_felem(felem out, const BIGNUM * bn)
314	{	314	{
315	felem_bytearray b_in;	315	felem_bytearray b_in;
@@ -353,7 +353,7 @@ felem_to_BN(BIGNUM * out, const felem in)
353	*	353	*
354	*/	354	*/
355		355
356	static void	356	static void
357	felem_one(felem out)	357	felem_one(felem out)
358	{	358	{
359	out[0] = 1;	359	out[0] = 1;
@@ -362,7 +362,7 @@ felem_one(felem out)
362	out[3] = 0;	362	out[3] = 0;
363	}	363	}
364		364
365	static void	365	static void
366	felem_assign(felem out, const felem in)	366	felem_assign(felem out, const felem in)
367	{	367	{
368	out[0] = in[0];	368	out[0] = in[0];
@@ -372,7 +372,7 @@ felem_assign(felem out, const felem in)
372	}	372	}
373		373
374	/* Sum two field elements: out += in */	374	/* Sum two field elements: out += in */
375	static void	375	static void
376	felem_sum(felem out, const felem in)	376	felem_sum(felem out, const felem in)
377	{	377	{
378	out[0] += in[0];	378	out[0] += in[0];
@@ -383,7 +383,7 @@ felem_sum(felem out, const felem in)
383		383
384	/* Get negative value: out = -in */	384	/* Get negative value: out = -in */
385	/* Assumes in[i] < 2^57 */	385	/* Assumes in[i] < 2^57 */
386	static void	386	static void
387	felem_neg(felem out, const felem in)	387	felem_neg(felem out, const felem in)
388	{	388	{
389	static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);	389	static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
@@ -400,7 +400,7 @@ felem_neg(felem out, const felem in)
400		400
401	/* Subtract field elements: out -= in */	401	/* Subtract field elements: out -= in */
402	/* Assumes in[i] < 2^57 */	402	/* Assumes in[i] < 2^57 */
403	static void	403	static void
404	felem_diff(felem out, const felem in)	404	felem_diff(felem out, const felem in)
405	{	405	{
406	static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);	406	static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
@@ -422,7 +422,7 @@ felem_diff(felem out, const felem in)
422		422
423	/* Subtract in unreduced 128-bit mode: out -= in */	423	/* Subtract in unreduced 128-bit mode: out -= in */
424	/* Assumes in[i] < 2^119 */	424	/* Assumes in[i] < 2^119 */
425	static void	425	static void
426	widefelem_diff(widefelem out, const widefelem in)	426	widefelem_diff(widefelem out, const widefelem in)
427	{	427	{
428	static const widelimb two120 = ((widelimb) 1) << 120;	428	static const widelimb two120 = ((widelimb) 1) << 120;
@@ -451,7 +451,7 @@ widefelem_diff(widefelem out, const widefelem in)
451		451
452	/* Subtract in mixed mode: out128 -= in64 */	452	/* Subtract in mixed mode: out128 -= in64 */
453	/* in[i] < 2^63 */	453	/* in[i] < 2^63 */
454	static void	454	static void
455	felem_diff_128_64(widefelem out, const felem in)	455	felem_diff_128_64(widefelem out, const felem in)
456	{	456	{
457	static const widelimb two64p8 = (((widelimb) 1) << 64) +	457	static const widelimb two64p8 = (((widelimb) 1) << 64) +
@@ -475,7 +475,7 @@ felem_diff_128_64(widefelem out, const felem in)
475		475
476	/* Multiply a field element by a scalar: out = out * scalar	476	/* Multiply a field element by a scalar: out = out * scalar
477	* The scalars we actually use are small, so results fit without overflow */	477	* The scalars we actually use are small, so results fit without overflow */
478	static void	478	static void
479	felem_scalar(felem out, const limb scalar)	479	felem_scalar(felem out, const limb scalar)
480	{	480	{
481	out[0] *= scalar;	481	out[0] *= scalar;
@@ -486,7 +486,7 @@ felem_scalar(felem out, const limb scalar)
486		486
487	/* Multiply an unreduced field element by a scalar: out = out * scalar	487	/* Multiply an unreduced field element by a scalar: out = out * scalar
488	* The scalars we actually use are small, so results fit without overflow */	488	* The scalars we actually use are small, so results fit without overflow */
489	static void	489	static void
490	widefelem_scalar(widefelem out, const widelimb scalar)	490	widefelem_scalar(widefelem out, const widelimb scalar)
491	{	491	{
492	out[0] *= scalar;	492	out[0] *= scalar;
@@ -499,7 +499,7 @@ widefelem_scalar(widefelem out, const widelimb scalar)
499	}	499	}
500		500
501	/* Square a field element: out = in^2 */	501	/* Square a field element: out = in^2 */
502	static void	502	static void
503	felem_square(widefelem out, const felem in)	503	felem_square(widefelem out, const felem in)
504	{	504	{
505	limb tmp0, tmp1, tmp2;	505	limb tmp0, tmp1, tmp2;
@@ -517,7 +517,7 @@ felem_square(widefelem out, const felem in)
517	}	517	}
518		518
519	/* Multiply two field elements: out = in1 * in2 */	519	/* Multiply two field elements: out = in1 * in2 */
520	static void	520	static void
521	felem_mul(widefelem out, const felem in1, const felem in2)	521	felem_mul(widefelem out, const felem in1, const felem in2)
522	{	522	{
523	out[0] = ((widelimb) in1[0]) * in2[0];	523	out[0] = ((widelimb) in1[0]) * in2[0];
@@ -535,7 +535,7 @@ felem_mul(widefelem out, const felem in1, const felem in2)
535	/* Reduce seven 128-bit coefficients to four 64-bit coefficients.	535	/* Reduce seven 128-bit coefficients to four 64-bit coefficients.
536	* Requires in[i] < 2^126,	536	* Requires in[i] < 2^126,
537	* ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */	537	* ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */
538	static void	538	static void
539	felem_reduce(felem out, const widefelem in)	539	felem_reduce(felem out, const widefelem in)
540	{	540	{
541	static const widelimb two127p15 = (((widelimb) 1) << 127) +	541	static const widelimb two127p15 = (((widelimb) 1) << 127) +
@@ -599,7 +599,7 @@ felem_reduce(felem out, const widefelem in)
599	out[3] = output[3];	599	out[3] = output[3];
600	}	600	}
601		601
602	static void	602	static void
603	felem_square_reduce(felem out, const felem in)	603	felem_square_reduce(felem out, const felem in)
604	{	604	{
605	widefelem tmp;	605	widefelem tmp;
@@ -607,7 +607,7 @@ felem_square_reduce(felem out, const felem in)
607	felem_reduce(out, tmp);	607	felem_reduce(out, tmp);
608	}	608	}
609		609
610	static void	610	static void
611	felem_mul_reduce(felem out, const felem in1, const felem in2)	611	felem_mul_reduce(felem out, const felem in1, const felem in2)
612	{	612	{
613	widefelem tmp;	613	widefelem tmp;
@@ -617,7 +617,7 @@ felem_mul_reduce(felem out, const felem in1, const felem in2)
617		617
618	/* Reduce to unique minimal representation.	618	/* Reduce to unique minimal representation.
619	* Requires 0 <= in < 2p (always call felem_reduce first) /	619	* Requires 0 <= in < 2p (always call felem_reduce first) /
620	static void	620	static void
621	felem_contract(felem out, const felem in)	621	felem_contract(felem out, const felem in)
622	{	622	{
623	static const int64_t two56 = ((limb) 1) << 56;	623	static const int64_t two56 = ((limb) 1) << 56;
@@ -674,7 +674,7 @@ felem_contract(felem out, const felem in)
674	* We know that field elements are reduced to in < 2^225,	674	* We know that field elements are reduced to in < 2^225,
675	* so we only need to check three cases: 0, 2^224 - 2^96 + 1,	675	* so we only need to check three cases: 0, 2^224 - 2^96 + 1,
676	* and 2^225 - 2^97 + 2 */	676	* and 2^225 - 2^97 + 2 */
677	static limb	677	static limb
678	felem_is_zero(const felem in)	678	felem_is_zero(const felem in)
679	{	679	{
680	limb zero, two224m96p1, two225m97p2;	680	limb zero, two224m96p1, two225m97p2;
@@ -690,7 +690,7 @@ felem_is_zero(const felem in)
690	return (zero \| two224m96p1 \| two225m97p2);	690	return (zero \| two224m96p1 \| two225m97p2);
691	}	691	}
692		692
693	static limb	693	static limb
694	felem_is_zero_int(const felem in)	694	felem_is_zero_int(const felem in)
695	{	695	{
696	return (int) (felem_is_zero(in) & ((limb) 1));	696	return (int) (felem_is_zero(in) & ((limb) 1));
@@ -698,7 +698,7 @@ felem_is_zero_int(const felem in)
698		698
699	/* Invert a field element */	699	/* Invert a field element */
700	/* Computation chain copied from djb's code */	700	/* Computation chain copied from djb's code */
701	static void	701	static void
702	felem_inv(felem out, const felem in)	702	felem_inv(felem out, const felem in)
703	{	703	{
704	felem ftmp, ftmp2, ftmp3, ftmp4;	704	felem ftmp, ftmp2, ftmp3, ftmp4;
@@ -897,7 +897,7 @@ point_double(felem x_out, felem y_out, felem z_out,
897	* (while not equal to the point at infinity).	897	* (while not equal to the point at infinity).
898	* This case never happens during single point multiplication,	898	* This case never happens during single point multiplication,
899	* so there is no timing leak for ECDH or ECDSA signing. */	899	* so there is no timing leak for ECDH or ECDSA signing. */
900	static void	900	static void
901	point_add(felem x3, felem y3, felem z3,	901	point_add(felem x3, felem y3, felem z3,
902	const felem x1, const felem y1, const felem z1,	902	const felem x1, const felem y1, const felem z1,
903	const int mixed, const felem x2, const felem y2, const felem z2)	903	const int mixed, const felem x2, const felem y2, const felem z2)
@@ -1057,7 +1057,7 @@ point_add(felem x3, felem y3, felem z3,
1057		1057
1058	/* select_point selects the \|idx\|th point from a precomputation table and	1058	/* select_point selects the \|idx\|th point from a precomputation table and
1059	* copies it to out. */	1059	* copies it to out. */
1060	static void	1060	static void
1061	select_point(const u64 idx, unsigned int size, const felem pre_comp[ /* size */ ][3], felem out[3])	1061	select_point(const u64 idx, unsigned int size, const felem pre_comp[ /* size */ ][3], felem out[3])
1062	{	1062	{
1063	unsigned i, j;	1063	unsigned i, j;
@@ -1078,7 +1078,7 @@ select_point(const u64 idx, unsigned int size, const felem pre_comp[ /* size */
1078	}	1078	}
1079		1079
1080	/* get_bit returns the \|i\|th bit in \|in\| */	1080	/* get_bit returns the \|i\|th bit in \|in\| */
1081	static char	1081	static char
1082	get_bit(const felem_bytearray in, unsigned i)	1082	get_bit(const felem_bytearray in, unsigned i)
1083	{	1083	{
1084	if (i >= 224)	1084	if (i >= 224)
@@ -1091,7 +1091,7 @@ get_bit(const felem_bytearray in, unsigned i)
1091	* the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple	1091	* the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple
1092	* of the generator, using certain (large) precomputed multiples in g_pre_comp.	1092	* of the generator, using certain (large) precomputed multiples in g_pre_comp.
1093	* Output point (X, Y, Z) is stored in x_out, y_out, z_out */	1093	* Output point (X, Y, Z) is stored in x_out, y_out, z_out */
1094	static void	1094	static void
1095	batch_mul(felem x_out, felem y_out, felem z_out,	1095	batch_mul(felem x_out, felem y_out, felem z_out,
1096	const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar,	1096	const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar,
1097	const int mixed, const felem pre_comp[][17][3], const felem g_pre_comp[2][16][3])	1097	const int mixed, const felem pre_comp[][17][3], const felem g_pre_comp[2][16][3])
@@ -1211,7 +1211,7 @@ nistp224_pre_comp_dup(void *src_)
1211	return src_;	1211	return src_;
1212	}	1212	}
1213		1213
1214	static void	1214	static void
1215	nistp224_pre_comp_free(void *pre_)	1215	nistp224_pre_comp_free(void *pre_)
1216	{	1216	{
1217	int i;	1217	int i;
@@ -1227,7 +1227,7 @@ nistp224_pre_comp_free(void *pre_)
1227	free(pre);	1227	free(pre);
1228	}	1228	}
1229		1229
1230	static void	1230	static void
1231	nistp224_pre_comp_clear_free(void *pre_)	1231	nistp224_pre_comp_clear_free(void *pre_)
1232	{	1232	{
1233	int i;	1233	int i;
@@ -1247,7 +1247,7 @@ nistp224_pre_comp_clear_free(void *pre_)
1247	/* OPENSSL EC_METHOD FUNCTIONS	1247	/* OPENSSL EC_METHOD FUNCTIONS
1248	*/	1248	*/
1249		1249
1250	int	1250	int
1251	ec_GFp_nistp224_group_init(EC_GROUP * group)	1251	ec_GFp_nistp224_group_init(EC_GROUP * group)
1252	{	1252	{
1253	int ret;	1253	int ret;
@@ -1256,7 +1256,7 @@ ec_GFp_nistp224_group_init(EC_GROUP * group)
1256	return ret;	1256	return ret;
1257	}	1257	}
1258		1258
1259	int	1259	int
1260	ec_GFp_nistp224_group_set_curve(EC_GROUP * group, const BIGNUM * p,	1260	ec_GFp_nistp224_group_set_curve(EC_GROUP * group, const BIGNUM * p,
1261	const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)	1261	const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
1262	{	1262	{
@@ -1290,7 +1290,7 @@ ec_GFp_nistp224_group_set_curve(EC_GROUP * group, const BIGNUM * p,
1290		1290
1291	/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns	1291	/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns
1292	* (X', Y') = (X/Z^2, Y/Z^3) */	1292	* (X', Y') = (X/Z^2, Y/Z^3) */
1293	int	1293	int
1294	ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,	1294	ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
1295	const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx)	1295	const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
1296	{	1296	{
@@ -1330,7 +1330,7 @@ ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group,
1330	return 1;	1330	return 1;
1331	}	1331	}
1332		1332
1333	static void	1333	static void
1334	make_points_affine(size_t num, felem points[ /* num / ][3], felem tmp_felems[ / num+1 */ ])	1334	make_points_affine(size_t num, felem points[ /* num / ][3], felem tmp_felems[ / num+1 */ ])
1335	{	1335	{
1336	/*	1336	/*
@@ -1353,7 +1353,7 @@ make_points_affine(size_t num, felem points[ /* num */ ][3], felem tmp_felems[ /
1353		1353
1354	/* Computes scalargenerator + \sum scalars[i]points[i], ignoring NULL values	1354	/* Computes scalargenerator + \sum scalars[i]points[i], ignoring NULL values
1355	* Result is stored in r (r can equal one of the inputs). */	1355	* Result is stored in r (r can equal one of the inputs). */
1356	int	1356	int
1357	ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,	1357	ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
1358	const BIGNUM * scalar, size_t num, const EC_POINT * points[],	1358	const BIGNUM * scalar, size_t num, const EC_POINT * points[],
1359	const BIGNUM * scalars[], BN_CTX * ctx)	1359	const BIGNUM * scalars[], BN_CTX * ctx)
@@ -1548,7 +1548,7 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
1548	return ret;	1548	return ret;
1549	}	1549	}
1550		1550
1551	int	1551	int
1552	ec_GFp_nistp224_precompute_mult(EC_GROUP * group, BN_CTX * ctx)	1552	ec_GFp_nistp224_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
1553	{	1553	{
1554	int ret = 0;	1554	int ret = 0;
@@ -1675,7 +1675,7 @@ ec_GFp_nistp224_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
1675	return ret;	1675	return ret;
1676	}	1676	}
1677		1677
1678	int	1678	int
1679	ec_GFp_nistp224_have_precompute_mult(const EC_GROUP * group)	1679	ec_GFp_nistp224_have_precompute_mult(const EC_GROUP * group)
1680	{	1680	{
1681	if (EC_EX_DATA_get_data(group->extra_data, nistp224_pre_comp_dup,	1681	if (EC_EX_DATA_get_data(group->extra_data, nistp224_pre_comp_dup,