1 files changed, 9 insertions, 9 deletions
diff --git a/src/lib/libcrypto/mlkem/mlkem768.c b/src/lib/libcrypto/mlkem/mlkem768.c
index 7d99041152..bacde0c0b7 100644
--- a/src/lib/libcrypto/mlkem/mlkem768.c
+++ b/src/lib/libcrypto/mlkem/mlkem768.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mlkem768.c,v 1.6 2024/12/19 23:52:26 tb Exp $ */
+/* $OpenBSD: mlkem768.c,v 1.7 2025/01/03 08:19:24 tb Exp $ */
 /*
 * Copyright (c) 2024, Google Inc.
 * Copyright (c) 2024, Bob Beck <beck@obtuse.com>
@@ -338,14 +338,14 @@ scalar_sub(scalar *lhs, const scalar *rhs)
 }
 /*
- * Multiplying two scalars in the number theoretically transformed state. Since
+ * Multiplying two scalars in the number theoretically transformed state.
- * 3329 does not have a 512th root of unity, this means we have to interpret
+ * Since 3329 does not have a 512th root of unity, this means we have to
- * the 2*ith and (2*i+1)th entries of the scalar as elements of GF(3329)[X]/(X^2
+ * interpret the 2*ith and (2*i+1)th entries of the scalar as elements of
- * - 17^(2*bitreverse(i)+1)) The value of 17^(2*bitreverse(i)+1) mod 3329 is
+ * GF(3329)[X]/(X^2 - 17^(2*bitreverse(i)+1)).
- * stored in the precomputed |kModRoots| table. Note that our Barrett transform
+ * The value of 17^(2*bitreverse(i)+1) mod 3329 is stored in the precomputed
- * only allows us to multipy two reduced numbers together, so we need some
+ * |kModRoots| table. Our Barrett transform only allows us to multiply two
- * intermediate reduction steps, even if an uint64_t could hold 3 multiplied
+ * reduced numbers together, so we need some intermediate reduction steps,
- * numbers.
+ * even if an uint64_t could hold 3 multiplied numbers.
 */
 static void
 scalar_mult(scalar *out, const scalar *lhs, const scalar *rhs)

diff --git a/src/lib/libcrypto/mlkem/mlkem768.c b/src/lib/libcrypto/mlkem/mlkem768.c index 7d99041152..bacde0c0b7 100644 --- a/src/lib/libcrypto/mlkem/mlkem768.c +++ b/src/lib/libcrypto/mlkem/mlkem768.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: mlkem768.c,v 1.6 2024/12/19 23:52:26 tb Exp $ */	1	/* $OpenBSD: mlkem768.c,v 1.7 2025/01/03 08:19:24 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2024, Google Inc.	3	* Copyright (c) 2024, Google Inc.
4	* Copyright (c) 2024, Bob Beck <beck@obtuse.com>	4	* Copyright (c) 2024, Bob Beck <beck@obtuse.com>
@@ -338,14 +338,14 @@ scalar_sub(scalar lhs, const scalar rhs)
338	}	338	}
339		339
340	/*	340	/*
341	* Multiplying two scalars in the number theoretically transformed state. Since	341	* Multiplying two scalars in the number theoretically transformed state.
342	* 3329 does not have a 512th root of unity, this means we have to interpret	342	* Since 3329 does not have a 512th root of unity, this means we have to
343	* the 2ith and (2i+1)th entries of the scalar as elements of GF(3329)[X]/(X^2	343	* interpret the 2ith and (2i+1)th entries of the scalar as elements of
344	* - 17^(2bitreverse(i)+1)) The value of 17^(2bitreverse(i)+1) mod 3329 is	344	* GF(3329)[X]/(X^2 - 17^(2*bitreverse(i)+1)).
345	* stored in the precomputed \|kModRoots\| table. Note that our Barrett transform	345	* The value of 17^(2*bitreverse(i)+1) mod 3329 is stored in the precomputed
346	* only allows us to multipy two reduced numbers together, so we need some	346	* \|kModRoots\| table. Our Barrett transform only allows us to multiply two
347	* intermediate reduction steps, even if an uint64_t could hold 3 multiplied	347	* reduced numbers together, so we need some intermediate reduction steps,
348	* numbers.	348	* even if an uint64_t could hold 3 multiplied numbers.
349	*/	349	*/
350	static void	350	static void
351	scalar_mult(scalar out, const scalar lhs, const scalar *rhs)	351	scalar_mult(scalar out, const scalar lhs, const scalar *rhs)