1 files changed, 42 insertions, 42 deletions
diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c
index 3d38c72396..db2060668c 100644
--- a/src/lib/libcrypto/ec/ecp_nistp521.c
+++ b/src/lib/libcrypto/ec/ecp_nistp521.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp521.c,v 1.25 2021/04/20 17:28:18 tb Exp $ */
+/* $OpenBSD: ecp_nistp521.c,v 1.26 2021/04/20 17:38:02 tb Exp $ */
 /*
 * Written by Adam Langley (Google) for the OpenSSL project
 */
@@ -130,7 +130,7 @@ static const limb bottom58bits = 0x3ffffffffffffff;
 /* bin66_to_felem takes a little-endian byte array and converts it into felem
 * form. This assumes that the CPU is little-endian. */
-static void 
+static void
 bin66_to_felem(felem out, const u8 in[66])
 {
        out[0] = (*((limb *) & in[0])) & bottom58bits;
@@ -146,7 +146,7 @@ bin66_to_felem(felem out, const u8 in[66])
 /* felem_to_bin66 takes an felem and serialises into a little endian, 66 byte
 * array. This assumes that the CPU is little-endian. */
-static void 
+static void
 felem_to_bin66(u8 out[66], const felem in)
 {
        memset(out, 0, 66);
@@ -162,7 +162,7 @@ felem_to_bin66(u8 out[66], const felem in)
 }
 /* To preserve endianness when using BN_bn2bin and BN_bin2bn */
-static void 
+static void
 flip_endian(u8 * out, const u8 * in, unsigned len)
 {
        unsigned i;
@@ -171,7 +171,7 @@ flip_endian(u8 * out, const u8 * in, unsigned len)
 }
 /* BN_to_felem converts an OpenSSL BIGNUM into an felem */
-static int 
+static int
 BN_to_felem(felem out, const BIGNUM * bn)
 {
        felem_bytearray b_in;
@@ -209,7 +209,7 @@ felem_to_BN(BIGNUM * out, const felem in)
 /* Field operations
 * ---------------- */
-static void 
+static void
 felem_one(felem out)
 {
        out[0] = 1;
@@ -223,7 +223,7 @@ felem_one(felem out)
        out[8] = 0;
 }
-static void 
+static void
 felem_assign(felem out, const felem in)
 {
        out[0] = in[0];
@@ -238,7 +238,7 @@ felem_assign(felem out, const felem in)
 }
 /* felem_sum64 sets out = out + in. */
-static void 
+static void
 felem_sum64(felem out, const felem in)
 {
        out[0] += in[0];
@@ -253,7 +253,7 @@ felem_sum64(felem out, const felem in)
 }
 /* felem_scalar sets out = in * scalar */
-static void 
+static void
 felem_scalar(felem out, const felem in, limb scalar)
 {
        out[0] = in[0] * scalar;
@@ -268,7 +268,7 @@ felem_scalar(felem out, const felem in, limb scalar)
 }
 /* felem_scalar64 sets out = out * scalar */
-static void 
+static void
 felem_scalar64(felem out, limb scalar)
 {
        out[0] *= scalar;
@@ -283,7 +283,7 @@ felem_scalar64(felem out, limb scalar)
 }
 /* felem_scalar128 sets out = out * scalar */
-static void 
+static void
 felem_scalar128(largefelem out, limb scalar)
 {
        out[0] *= scalar;
@@ -303,7 +303,7 @@ felem_scalar128(largefelem out, limb scalar)
 * On exit:
 *   out[i] < 2^62
 */
-static void 
+static void
 felem_neg(felem out, const felem in)
 {
        /* In order to prevent underflow, we subtract from 0 mod p. */
@@ -327,7 +327,7 @@ felem_neg(felem out, const felem in)
 * On exit:
 *   out[i] < out[i] + 2^62
 */
-static void 
+static void
 felem_diff64(felem out, const felem in)
 {
        /* In order to prevent underflow, we add 0 mod p before subtracting. */
@@ -351,7 +351,7 @@ felem_diff64(felem out, const felem in)
 * On exit:
 *   out[i] < out[i] + 2^63
 */
-static void 
+static void
 felem_diff_128_64(largefelem out, const felem in)
 {
        /* In order to prevent underflow, we add 0 mod p before subtracting. */
@@ -375,7 +375,7 @@ felem_diff_128_64(largefelem out, const felem in)
 * On exit:
 *   out[i] < out[i] + 2^127 - 2^69
 */
-static void 
+static void
 felem_diff128(largefelem out, const largefelem in)
 {
        /* In order to prevent underflow, we add 0 mod p before subtracting. */
@@ -399,7 +399,7 @@ felem_diff128(largefelem out, const largefelem in)
 * On exit:
 *   out[i] < 17 * max(in[i]) * max(in[i])
 */
-static void 
+static void
 felem_square(largefelem out, const felem in)
 {
        felem inx2, inx4;
@@ -493,7 +493,7 @@ felem_square(largefelem out, const felem in)
 * On exit:
 *   out[i] < 17 * max(in1[i]) * max(in2[i])
 */
-static void 
+static void
 felem_mul(largefelem out, const felem in1, const felem in2)
 {
        felem in2x2;
@@ -608,7 +608,7 @@ static const limb bottom52bits = 0xfffffffffffff;
 * On exit:
 *   out[i] < 2^59 + 2^14
 */
-static void 
+static void
 felem_reduce(felem out, const largefelem in)
 {
        u64 overflow1, overflow2;
@@ -680,7 +680,7 @@ felem_reduce(felem out, const largefelem in)
         */
 }
-static void 
+static void
 felem_square_reduce(felem out, const felem in)
 {
        largefelem tmp;
@@ -688,7 +688,7 @@ felem_square_reduce(felem out, const felem in)
        felem_reduce(out, tmp);
 }
-static void 
+static void
 felem_mul_reduce(felem out, const felem in1, const felem in2)
 {
        largefelem tmp;
@@ -703,7 +703,7 @@ felem_mul_reduce(felem out, const felem in1, const felem in2)
 *   a^{p-1} = 1 (mod p)
 *   a^{p-2} = a^{-1} (mod p)
 */
-static void 
+static void
 felem_inv(felem out, const felem in)
 {
        felem ftmp, ftmp2, ftmp3, ftmp4;
@@ -817,7 +817,7 @@ static const felem kPrime =
 * On entry:
 *   in[i] < 2^59 + 2^14
 */
-static limb 
+static limb
 felem_is_zero(const felem in)
 {
        felem ftmp;
@@ -886,7 +886,7 @@ felem_is_zero(const felem in)
        return is_zero;
 }
-static int 
+static int
 felem_is_zero_int(const felem in)
 {
        return (int) (felem_is_zero(in) & ((limb) 1));
@@ -896,7 +896,7 @@ felem_is_zero_int(const felem in)
 * On entry:
 *   in[i] < 2^59 + 2^14
 */
-static void 
+static void
 felem_contract(felem out, const felem in)
 {
        limb is_p, is_greater, sign;
@@ -1153,7 +1153,7 @@ copy_conditional(felem out, const felem in, limb mask)
 * are equal (while not equal to the point at infinity). This case never
 * happens during single point multiplication, so there is no timing leak for
 * ECDH or ECDSA signing. */
-static void 
+static void
 point_add(felem x3, felem y3, felem z3,
    const felem x1, const felem y1, const felem z1,
    const int mixed, const felem x2, const felem y2, const felem z2)
@@ -1450,7 +1450,7 @@ static const felem gmul[16][3] =
 /* select_point selects the |idx|th point from a precomputation table and
 * copies it to out. */
-static void 
+static void
 select_point(const limb idx, unsigned int size, const felem pre_comp[ /* size */ ][3],
    felem out[3])
 {
@@ -1472,7 +1472,7 @@ select_point(const limb idx, unsigned int size, const felem pre_comp[ /* size */
 }
 /* get_bit returns the |i|th bit in |in| */
-static char 
+static char
 get_bit(const felem_bytearray in, int i)
 {
        if (i < 0)
@@ -1485,7 +1485,7 @@ get_bit(const felem_bytearray in, int i)
 * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple
 * of the generator, using certain (large) precomputed multiples in g_pre_comp.
 * Output point (X, Y, Z) is stored in x_out, y_out, z_out */
-static void 
+static void
 batch_mul(felem x_out, felem y_out, felem z_out,
    const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar,
    const int mixed, const felem pre_comp[][17][3], const felem g_pre_comp[16][3])
@@ -1588,20 +1588,20 @@ EC_GFp_nistp521_method(void)
                .group_get_curve = ec_GFp_simple_group_get_curve,
                .group_get_degree = ec_GFp_simple_group_get_degree,
                .group_check_discriminant =
-                ec_GFp_simple_group_check_discriminant,
+                    ec_GFp_simple_group_check_discriminant,
                .point_init = ec_GFp_simple_point_init,
                .point_finish = ec_GFp_simple_point_finish,
                .point_clear_finish = ec_GFp_simple_point_clear_finish,
                .point_copy = ec_GFp_simple_point_copy,
                .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
                .point_set_Jprojective_coordinates =
-                ec_GFp_simple_set_Jprojective_coordinates,
+                    ec_GFp_simple_set_Jprojective_coordinates,
                .point_get_Jprojective_coordinates =
-                ec_GFp_simple_get_Jprojective_coordinates,
+                    ec_GFp_simple_get_Jprojective_coordinates,
                .point_set_affine_coordinates =
-                ec_GFp_simple_point_set_affine_coordinates,
+                    ec_GFp_simple_point_set_affine_coordinates,
                .point_get_affine_coordinates =
-                ec_GFp_nistp521_point_get_affine_coordinates,
+                    ec_GFp_nistp521_point_get_affine_coordinates,
                .add = ec_GFp_simple_add,
                .dbl = ec_GFp_simple_dbl,
                .invert = ec_GFp_simple_invert,
@@ -1651,7 +1651,7 @@ nistp521_pre_comp_dup(void *src_)
        return src_;
 }
-static void 
+static void
 nistp521_pre_comp_free(void *pre_)
 {
        int i;
@@ -1667,7 +1667,7 @@ nistp521_pre_comp_free(void *pre_)
        free(pre);
 }
-static void 
+static void
 nistp521_pre_comp_clear_free(void *pre_)
 {
        int i;
@@ -1687,7 +1687,7 @@ nistp521_pre_comp_clear_free(void *pre_)
 /*                         OPENSSL EC_METHOD FUNCTIONS
 */
-int 
+int
 ec_GFp_nistp521_group_init(EC_GROUP * group)
 {
        int ret;
@@ -1696,7 +1696,7 @@ ec_GFp_nistp521_group_init(EC_GROUP * group)
        return ret;
 }
-int 
+int
 ec_GFp_nistp521_group_set_curve(EC_GROUP * group, const BIGNUM * p,
    const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
 {
@@ -1730,7 +1730,7 @@ ec_GFp_nistp521_group_set_curve(EC_GROUP * group, const BIGNUM * p,
 /* Takes the Jacobian coordinates (X, Y, Z) of a point and returns
 * (X', Y') = (X/Z^2, Y/Z^3) */
-int 
+int
 ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
    const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
 {
@@ -1770,7 +1770,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
        return 1;
 }
-static void 
+static void
 make_points_affine(size_t num, felem points[ /* num */ ][3], felem tmp_felems[ /* num+1 */ ])
 {
        /*
@@ -1793,7 +1793,7 @@ make_points_affine(size_t num, felem points[ /* num */ ][3], felem tmp_felems[ /
 /* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL values
 * Result is stored in r (r can equal one of the inputs). */
-int 
+int
 ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
    const BIGNUM * scalar, size_t num, const EC_POINT * points[],
    const BIGNUM * scalars[], BN_CTX * ctx)
@@ -1990,7 +1990,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
        return ret;
 }
-int 
+int
 ec_GFp_nistp521_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
 {
        int ret = 0;
@@ -2097,7 +2097,7 @@ ec_GFp_nistp521_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
        return ret;
 }
-int 
+int
 ec_GFp_nistp521_have_precompute_mult(const EC_GROUP * group)
 {
        if (EC_EX_DATA_get_data(group->extra_data, nistp521_pre_comp_dup,

diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c index 3d38c72396..db2060668c 100644 --- a/src/lib/libcrypto/ec/ecp_nistp521.c +++ b/src/lib/libcrypto/ec/ecp_nistp521.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecp_nistp521.c,v 1.25 2021/04/20 17:28:18 tb Exp $ */	1	/* $OpenBSD: ecp_nistp521.c,v 1.26 2021/04/20 17:38:02 tb Exp $ */
2	/*	2	/*
3	* Written by Adam Langley (Google) for the OpenSSL project	3	* Written by Adam Langley (Google) for the OpenSSL project
4	*/	4	*/
@@ -130,7 +130,7 @@ static const limb bottom58bits = 0x3ffffffffffffff;
130		130
131	/* bin66_to_felem takes a little-endian byte array and converts it into felem	131	/* bin66_to_felem takes a little-endian byte array and converts it into felem
132	* form. This assumes that the CPU is little-endian. */	132	* form. This assumes that the CPU is little-endian. */
133	static void	133	static void
134	bin66_to_felem(felem out, const u8 in[66])	134	bin66_to_felem(felem out, const u8 in[66])
135	{	135	{
136	out[0] = (((limb ) & in[0])) & bottom58bits;	136	out[0] = (((limb ) & in[0])) & bottom58bits;
@@ -146,7 +146,7 @@ bin66_to_felem(felem out, const u8 in[66])
146		146
147	/* felem_to_bin66 takes an felem and serialises into a little endian, 66 byte	147	/* felem_to_bin66 takes an felem and serialises into a little endian, 66 byte
148	* array. This assumes that the CPU is little-endian. */	148	* array. This assumes that the CPU is little-endian. */
149	static void	149	static void
150	felem_to_bin66(u8 out[66], const felem in)	150	felem_to_bin66(u8 out[66], const felem in)
151	{	151	{
152	memset(out, 0, 66);	152	memset(out, 0, 66);
@@ -162,7 +162,7 @@ felem_to_bin66(u8 out[66], const felem in)
162	}	162	}
163		163
164	/* To preserve endianness when using BN_bn2bin and BN_bin2bn */	164	/* To preserve endianness when using BN_bn2bin and BN_bin2bn */
165	static void	165	static void
166	flip_endian(u8 * out, const u8 * in, unsigned len)	166	flip_endian(u8 * out, const u8 * in, unsigned len)
167	{	167	{
168	unsigned i;	168	unsigned i;
@@ -171,7 +171,7 @@ flip_endian(u8 * out, const u8 * in, unsigned len)
171	}	171	}
172		172
173	/* BN_to_felem converts an OpenSSL BIGNUM into an felem */	173	/* BN_to_felem converts an OpenSSL BIGNUM into an felem */
174	static int	174	static int
175	BN_to_felem(felem out, const BIGNUM * bn)	175	BN_to_felem(felem out, const BIGNUM * bn)
176	{	176	{
177	felem_bytearray b_in;	177	felem_bytearray b_in;
@@ -209,7 +209,7 @@ felem_to_BN(BIGNUM * out, const felem in)
209	/* Field operations	209	/* Field operations
210	* ---------------- */	210	* ---------------- */
211		211
212	static void	212	static void
213	felem_one(felem out)	213	felem_one(felem out)
214	{	214	{
215	out[0] = 1;	215	out[0] = 1;
@@ -223,7 +223,7 @@ felem_one(felem out)
223	out[8] = 0;	223	out[8] = 0;
224	}	224	}
225		225
226	static void	226	static void
227	felem_assign(felem out, const felem in)	227	felem_assign(felem out, const felem in)
228	{	228	{
229	out[0] = in[0];	229	out[0] = in[0];
@@ -238,7 +238,7 @@ felem_assign(felem out, const felem in)
238	}	238	}
239		239
240	/* felem_sum64 sets out = out + in. */	240	/* felem_sum64 sets out = out + in. */
241	static void	241	static void
242	felem_sum64(felem out, const felem in)	242	felem_sum64(felem out, const felem in)
243	{	243	{
244	out[0] += in[0];	244	out[0] += in[0];
@@ -253,7 +253,7 @@ felem_sum64(felem out, const felem in)
253	}	253	}
254		254
255	/* felem_scalar sets out = in * scalar */	255	/* felem_scalar sets out = in * scalar */
256	static void	256	static void
257	felem_scalar(felem out, const felem in, limb scalar)	257	felem_scalar(felem out, const felem in, limb scalar)
258	{	258	{
259	out[0] = in[0] * scalar;	259	out[0] = in[0] * scalar;
@@ -268,7 +268,7 @@ felem_scalar(felem out, const felem in, limb scalar)
268	}	268	}
269		269
270	/* felem_scalar64 sets out = out * scalar */	270	/* felem_scalar64 sets out = out * scalar */
271	static void	271	static void
272	felem_scalar64(felem out, limb scalar)	272	felem_scalar64(felem out, limb scalar)
273	{	273	{
274	out[0] *= scalar;	274	out[0] *= scalar;
@@ -283,7 +283,7 @@ felem_scalar64(felem out, limb scalar)
283	}	283	}
284		284
285	/* felem_scalar128 sets out = out * scalar */	285	/* felem_scalar128 sets out = out * scalar */
286	static void	286	static void
287	felem_scalar128(largefelem out, limb scalar)	287	felem_scalar128(largefelem out, limb scalar)
288	{	288	{
289	out[0] *= scalar;	289	out[0] *= scalar;
@@ -303,7 +303,7 @@ felem_scalar128(largefelem out, limb scalar)
303	* On exit:	303	* On exit:
304	* out[i] < 2^62	304	* out[i] < 2^62
305	*/	305	*/
306	static void	306	static void
307	felem_neg(felem out, const felem in)	307	felem_neg(felem out, const felem in)
308	{	308	{
309	/* In order to prevent underflow, we subtract from 0 mod p. */	309	/* In order to prevent underflow, we subtract from 0 mod p. */
@@ -327,7 +327,7 @@ felem_neg(felem out, const felem in)
327	* On exit:	327	* On exit:
328	* out[i] < out[i] + 2^62	328	* out[i] < out[i] + 2^62
329	*/	329	*/
330	static void	330	static void
331	felem_diff64(felem out, const felem in)	331	felem_diff64(felem out, const felem in)
332	{	332	{
333	/* In order to prevent underflow, we add 0 mod p before subtracting. */	333	/* In order to prevent underflow, we add 0 mod p before subtracting. */
@@ -351,7 +351,7 @@ felem_diff64(felem out, const felem in)
351	* On exit:	351	* On exit:
352	* out[i] < out[i] + 2^63	352	* out[i] < out[i] + 2^63
353	*/	353	*/
354	static void	354	static void
355	felem_diff_128_64(largefelem out, const felem in)	355	felem_diff_128_64(largefelem out, const felem in)
356	{	356	{
357	/* In order to prevent underflow, we add 0 mod p before subtracting. */	357	/* In order to prevent underflow, we add 0 mod p before subtracting. */
@@ -375,7 +375,7 @@ felem_diff_128_64(largefelem out, const felem in)
375	* On exit:	375	* On exit:
376	* out[i] < out[i] + 2^127 - 2^69	376	* out[i] < out[i] + 2^127 - 2^69
377	*/	377	*/
378	static void	378	static void
379	felem_diff128(largefelem out, const largefelem in)	379	felem_diff128(largefelem out, const largefelem in)
380	{	380	{
381	/* In order to prevent underflow, we add 0 mod p before subtracting. */	381	/* In order to prevent underflow, we add 0 mod p before subtracting. */
@@ -399,7 +399,7 @@ felem_diff128(largefelem out, const largefelem in)
399	* On exit:	399	* On exit:
400	* out[i] < 17 * max(in[i]) * max(in[i])	400	* out[i] < 17 * max(in[i]) * max(in[i])
401	*/	401	*/
402	static void	402	static void
403	felem_square(largefelem out, const felem in)	403	felem_square(largefelem out, const felem in)
404	{	404	{
405	felem inx2, inx4;	405	felem inx2, inx4;
@@ -493,7 +493,7 @@ felem_square(largefelem out, const felem in)
493	* On exit:	493	* On exit:
494	* out[i] < 17 * max(in1[i]) * max(in2[i])	494	* out[i] < 17 * max(in1[i]) * max(in2[i])
495	*/	495	*/
496	static void	496	static void
497	felem_mul(largefelem out, const felem in1, const felem in2)	497	felem_mul(largefelem out, const felem in1, const felem in2)
498	{	498	{
499	felem in2x2;	499	felem in2x2;
@@ -608,7 +608,7 @@ static const limb bottom52bits = 0xfffffffffffff;
608	* On exit:	608	* On exit:
609	* out[i] < 2^59 + 2^14	609	* out[i] < 2^59 + 2^14
610	*/	610	*/
611	static void	611	static void
612	felem_reduce(felem out, const largefelem in)	612	felem_reduce(felem out, const largefelem in)
613	{	613	{
614	u64 overflow1, overflow2;	614	u64 overflow1, overflow2;
@@ -680,7 +680,7 @@ felem_reduce(felem out, const largefelem in)
680	*/	680	*/
681	}	681	}
682		682
683	static void	683	static void
684	felem_square_reduce(felem out, const felem in)	684	felem_square_reduce(felem out, const felem in)
685	{	685	{
686	largefelem tmp;	686	largefelem tmp;
@@ -688,7 +688,7 @@ felem_square_reduce(felem out, const felem in)
688	felem_reduce(out, tmp);	688	felem_reduce(out, tmp);
689	}	689	}
690		690
691	static void	691	static void
692	felem_mul_reduce(felem out, const felem in1, const felem in2)	692	felem_mul_reduce(felem out, const felem in1, const felem in2)
693	{	693	{
694	largefelem tmp;	694	largefelem tmp;
@@ -703,7 +703,7 @@ felem_mul_reduce(felem out, const felem in1, const felem in2)
703	* a^{p-1} = 1 (mod p)	703	* a^{p-1} = 1 (mod p)
704	* a^{p-2} = a^{-1} (mod p)	704	* a^{p-2} = a^{-1} (mod p)
705	*/	705	*/
706	static void	706	static void
707	felem_inv(felem out, const felem in)	707	felem_inv(felem out, const felem in)
708	{	708	{
709	felem ftmp, ftmp2, ftmp3, ftmp4;	709	felem ftmp, ftmp2, ftmp3, ftmp4;
@@ -817,7 +817,7 @@ static const felem kPrime =
817	* On entry:	817	* On entry:
818	* in[i] < 2^59 + 2^14	818	* in[i] < 2^59 + 2^14
819	*/	819	*/
820	static limb	820	static limb
821	felem_is_zero(const felem in)	821	felem_is_zero(const felem in)
822	{	822	{
823	felem ftmp;	823	felem ftmp;
@@ -886,7 +886,7 @@ felem_is_zero(const felem in)
886	return is_zero;	886	return is_zero;
887	}	887	}
888		888
889	static int	889	static int
890	felem_is_zero_int(const felem in)	890	felem_is_zero_int(const felem in)
891	{	891	{
892	return (int) (felem_is_zero(in) & ((limb) 1));	892	return (int) (felem_is_zero(in) & ((limb) 1));
@@ -896,7 +896,7 @@ felem_is_zero_int(const felem in)
896	* On entry:	896	* On entry:
897	* in[i] < 2^59 + 2^14	897	* in[i] < 2^59 + 2^14
898	*/	898	*/
899	static void	899	static void
900	felem_contract(felem out, const felem in)	900	felem_contract(felem out, const felem in)
901	{	901	{
902	limb is_p, is_greater, sign;	902	limb is_p, is_greater, sign;
@@ -1153,7 +1153,7 @@ copy_conditional(felem out, const felem in, limb mask)
1153	* are equal (while not equal to the point at infinity). This case never	1153	* are equal (while not equal to the point at infinity). This case never
1154	* happens during single point multiplication, so there is no timing leak for	1154	* happens during single point multiplication, so there is no timing leak for
1155	* ECDH or ECDSA signing. */	1155	* ECDH or ECDSA signing. */
1156	static void	1156	static void
1157	point_add(felem x3, felem y3, felem z3,	1157	point_add(felem x3, felem y3, felem z3,
1158	const felem x1, const felem y1, const felem z1,	1158	const felem x1, const felem y1, const felem z1,
1159	const int mixed, const felem x2, const felem y2, const felem z2)	1159	const int mixed, const felem x2, const felem y2, const felem z2)
@@ -1450,7 +1450,7 @@ static const felem gmul[16][3] =
1450		1450
1451	/* select_point selects the \|idx\|th point from a precomputation table and	1451	/* select_point selects the \|idx\|th point from a precomputation table and
1452	* copies it to out. */	1452	* copies it to out. */
1453	static void	1453	static void
1454	select_point(const limb idx, unsigned int size, const felem pre_comp[ /* size */ ][3],	1454	select_point(const limb idx, unsigned int size, const felem pre_comp[ /* size */ ][3],
1455	felem out[3])	1455	felem out[3])
1456	{	1456	{
@@ -1472,7 +1472,7 @@ select_point(const limb idx, unsigned int size, const felem pre_comp[ /* size */
1472	}	1472	}
1473		1473
1474	/* get_bit returns the \|i\|th bit in \|in\| */	1474	/* get_bit returns the \|i\|th bit in \|in\| */
1475	static char	1475	static char
1476	get_bit(const felem_bytearray in, int i)	1476	get_bit(const felem_bytearray in, int i)
1477	{	1477	{
1478	if (i < 0)	1478	if (i < 0)
@@ -1485,7 +1485,7 @@ get_bit(const felem_bytearray in, int i)
1485	* the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple	1485	* the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple
1486	* of the generator, using certain (large) precomputed multiples in g_pre_comp.	1486	* of the generator, using certain (large) precomputed multiples in g_pre_comp.
1487	* Output point (X, Y, Z) is stored in x_out, y_out, z_out */	1487	* Output point (X, Y, Z) is stored in x_out, y_out, z_out */
1488	static void	1488	static void
1489	batch_mul(felem x_out, felem y_out, felem z_out,	1489	batch_mul(felem x_out, felem y_out, felem z_out,
1490	const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar,	1490	const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar,
1491	const int mixed, const felem pre_comp[][17][3], const felem g_pre_comp[16][3])	1491	const int mixed, const felem pre_comp[][17][3], const felem g_pre_comp[16][3])
@@ -1588,20 +1588,20 @@ EC_GFp_nistp521_method(void)
1588	.group_get_curve = ec_GFp_simple_group_get_curve,	1588	.group_get_curve = ec_GFp_simple_group_get_curve,
1589	.group_get_degree = ec_GFp_simple_group_get_degree,	1589	.group_get_degree = ec_GFp_simple_group_get_degree,
1590	.group_check_discriminant =	1590	.group_check_discriminant =
1591	ec_GFp_simple_group_check_discriminant,	1591	ec_GFp_simple_group_check_discriminant,
1592	.point_init = ec_GFp_simple_point_init,	1592	.point_init = ec_GFp_simple_point_init,
1593	.point_finish = ec_GFp_simple_point_finish,	1593	.point_finish = ec_GFp_simple_point_finish,
1594	.point_clear_finish = ec_GFp_simple_point_clear_finish,	1594	.point_clear_finish = ec_GFp_simple_point_clear_finish,
1595	.point_copy = ec_GFp_simple_point_copy,	1595	.point_copy = ec_GFp_simple_point_copy,
1596	.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,	1596	.point_set_to_infinity = ec_GFp_simple_point_set_to_infinity,
1597	.point_set_Jprojective_coordinates =	1597	.point_set_Jprojective_coordinates =
1598	ec_GFp_simple_set_Jprojective_coordinates,	1598	ec_GFp_simple_set_Jprojective_coordinates,
1599	.point_get_Jprojective_coordinates =	1599	.point_get_Jprojective_coordinates =
1600	ec_GFp_simple_get_Jprojective_coordinates,	1600	ec_GFp_simple_get_Jprojective_coordinates,
1601	.point_set_affine_coordinates =	1601	.point_set_affine_coordinates =
1602	ec_GFp_simple_point_set_affine_coordinates,	1602	ec_GFp_simple_point_set_affine_coordinates,
1603	.point_get_affine_coordinates =	1603	.point_get_affine_coordinates =
1604	ec_GFp_nistp521_point_get_affine_coordinates,	1604	ec_GFp_nistp521_point_get_affine_coordinates,
1605	.add = ec_GFp_simple_add,	1605	.add = ec_GFp_simple_add,
1606	.dbl = ec_GFp_simple_dbl,	1606	.dbl = ec_GFp_simple_dbl,
1607	.invert = ec_GFp_simple_invert,	1607	.invert = ec_GFp_simple_invert,
@@ -1651,7 +1651,7 @@ nistp521_pre_comp_dup(void *src_)
1651	return src_;	1651	return src_;
1652	}	1652	}
1653		1653
1654	static void	1654	static void
1655	nistp521_pre_comp_free(void *pre_)	1655	nistp521_pre_comp_free(void *pre_)
1656	{	1656	{
1657	int i;	1657	int i;
@@ -1667,7 +1667,7 @@ nistp521_pre_comp_free(void *pre_)
1667	free(pre);	1667	free(pre);
1668	}	1668	}
1669		1669
1670	static void	1670	static void
1671	nistp521_pre_comp_clear_free(void *pre_)	1671	nistp521_pre_comp_clear_free(void *pre_)
1672	{	1672	{
1673	int i;	1673	int i;
@@ -1687,7 +1687,7 @@ nistp521_pre_comp_clear_free(void *pre_)
1687	/* OPENSSL EC_METHOD FUNCTIONS	1687	/* OPENSSL EC_METHOD FUNCTIONS
1688	*/	1688	*/
1689		1689
1690	int	1690	int
1691	ec_GFp_nistp521_group_init(EC_GROUP * group)	1691	ec_GFp_nistp521_group_init(EC_GROUP * group)
1692	{	1692	{
1693	int ret;	1693	int ret;
@@ -1696,7 +1696,7 @@ ec_GFp_nistp521_group_init(EC_GROUP * group)
1696	return ret;	1696	return ret;
1697	}	1697	}
1698		1698
1699	int	1699	int
1700	ec_GFp_nistp521_group_set_curve(EC_GROUP * group, const BIGNUM * p,	1700	ec_GFp_nistp521_group_set_curve(EC_GROUP * group, const BIGNUM * p,
1701	const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)	1701	const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx)
1702	{	1702	{
@@ -1730,7 +1730,7 @@ ec_GFp_nistp521_group_set_curve(EC_GROUP * group, const BIGNUM * p,
1730		1730
1731	/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns	1731	/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns
1732	* (X', Y') = (X/Z^2, Y/Z^3) */	1732	* (X', Y') = (X/Z^2, Y/Z^3) */
1733	int	1733	int
1734	ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,	1734	ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
1735	const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx)	1735	const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx)
1736	{	1736	{
@@ -1770,7 +1770,7 @@ ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group,
1770	return 1;	1770	return 1;
1771	}	1771	}
1772		1772
1773	static void	1773	static void
1774	make_points_affine(size_t num, felem points[ /* num / ][3], felem tmp_felems[ / num+1 */ ])	1774	make_points_affine(size_t num, felem points[ /* num / ][3], felem tmp_felems[ / num+1 */ ])
1775	{	1775	{
1776	/*	1776	/*
@@ -1793,7 +1793,7 @@ make_points_affine(size_t num, felem points[ /* num */ ][3], felem tmp_felems[ /
1793		1793
1794	/* Computes scalargenerator + \sum scalars[i]points[i], ignoring NULL values	1794	/* Computes scalargenerator + \sum scalars[i]points[i], ignoring NULL values
1795	* Result is stored in r (r can equal one of the inputs). */	1795	* Result is stored in r (r can equal one of the inputs). */
1796	int	1796	int
1797	ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,	1797	ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
1798	const BIGNUM * scalar, size_t num, const EC_POINT * points[],	1798	const BIGNUM * scalar, size_t num, const EC_POINT * points[],
1799	const BIGNUM * scalars[], BN_CTX * ctx)	1799	const BIGNUM * scalars[], BN_CTX * ctx)
@@ -1990,7 +1990,7 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
1990	return ret;	1990	return ret;
1991	}	1991	}
1992		1992
1993	int	1993	int
1994	ec_GFp_nistp521_precompute_mult(EC_GROUP * group, BN_CTX * ctx)	1994	ec_GFp_nistp521_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
1995	{	1995	{
1996	int ret = 0;	1996	int ret = 0;
@@ -2097,7 +2097,7 @@ ec_GFp_nistp521_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
2097	return ret;	2097	return ret;
2098	}	2098	}
2099		2099
2100	int	2100	int
2101	ec_GFp_nistp521_have_precompute_mult(const EC_GROUP * group)	2101	ec_GFp_nistp521_have_precompute_mult(const EC_GROUP * group)
2102	{	2102	{
2103	if (EC_EX_DATA_get_data(group->extra_data, nistp521_pre_comp_dup,	2103	if (EC_EX_DATA_get_data(group->extra_data, nistp521_pre_comp_dup,