curve448: Modernise reference 64-bit code

Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14784)
author: Amitay Isaacs <amitay@ozlabs.org> 2021-01-19 14:04:48 +1100
committer: Matt Caswell <matt@openssl.org> 2021-04-08 12:18:10 +0100
commit: 70fd5110261e9c663b2f6a6009514f72c303d85d (patch)
tree: b241bcf785236db2b1d2b277646c7399982013b8 /crypto/ec/curve448
parent: 136f96a5d7abb0879ecbeaf3883e0d20a249a2f6 (diff)
3 files changed, 37 insertions, 30 deletions
diff --git a/crypto/ec/curve448/arch_64/arch_intrinsics.h b/crypto/ec/curve448/arch_64/arch_intrinsics.h
index 650b63897d..ef611b903f 100644
--- a/crypto/ec/curve448/arch_64/arch_intrinsics.h
+++ b/crypto/ec/curve448/arch_64/arch_intrinsics.h
@@ -10,22 +10,20 @@
  * Originally written by Mike Hamburg
  */
 
-#ifndef __ARCH_REF64_ARCH_INTRINSICS_H__
-# define __ARCH_REF64_ARCH_INTRINSICS_H__
+#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H
+# define OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H
 
 # define ARCH_WORD_BITS 64
 
-static __inline__ __attribute((always_inline, unused))
-uint64_t word_is_zero(uint64_t a)
+static ossl_inline uint64_t word_is_zero(uint64_t a)
 {
     /* let's hope the compiler isn't clever enough to optimize this. */
     return (((__uint128_t) a) - 1) >> 64;
 }
 
-static __inline__ __attribute((always_inline, unused))
-__uint128_t widemul(uint64_t a, uint64_t b)
+static ossl_inline uint128_t widemul(uint64_t a, uint64_t b)
 {
-    return ((__uint128_t) a) * b;
+    return ((uint128_t) a) * b;
 }
 
-#endif                          /* ARCH_REF64_ARCH_INTRINSICS_H__ */
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H */
diff --git a/crypto/ec/curve448/arch_64/f_impl.c b/crypto/ec/curve448/arch_64/f_impl.c
index 7cb5749cda..b615bab206 100644
--- a/crypto/ec/curve448/arch_64/f_impl.c
+++ b/crypto/ec/curve448/arch_64/f_impl.c
@@ -9,14 +9,15 @@
  *
  * Originally written by Mike Hamburg
  */
+
 #include "field.h"
 
-void gf_mul(gf_s * __restrict__ cs, const gf as, const gf bs)
+void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
 {
     const uint64_t *a = as->limb, *b = bs->limb;
     uint64_t *c = cs->limb;
-    __uint128_t accum0 = 0, accum1 = 0, accum2;
-    uint64_t mask = (1ull << 56) - 1;
+    uint128_t accum0 = 0, accum1 = 0, accum2;
+    uint64_t mask = (1ULL << 56) - 1;
     uint64_t aa[4], bb[4], bbb[4];
     unsigned int i;
 
@@ -171,12 +172,12 @@ void gf_mul(gf_s * __restrict__ cs, const gf as, const gf bs)
     c[1] += ((uint64_t)(accum1));
 }
 
-void gf_mulw_unsigned(gf_s * __restrict__ cs, const gf as, uint32_t b)
+void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b)
 {
     const uint64_t *a = as->limb;
     uint64_t *c = cs->limb;
-    __uint128_t accum0 = 0, accum4 = 0;
-    uint64_t mask = (1ull << 56) - 1;
+    uint128_t accum0 = 0, accum4 = 0;
+    uint64_t mask = (1ULL << 56) - 1;
     int i;
 
     for (i = 0; i < 4; i++) {
@@ -197,19 +198,18 @@ void gf_mulw_unsigned(gf_s * __restrict__ cs, const gf as, uint32_t b)
     c[1] += accum4 >> 56;
 }
 
-void gf_sqr(gf_s * __restrict__ cs, const gf as)
+void gf_sqr(gf_s * RESTRICT cs, const gf as)
 {
     const uint64_t *a = as->limb;
     uint64_t *c = cs->limb;
-    __uint128_t accum0 = 0, accum1 = 0, accum2;
-    uint64_t mask = (1ull << 56) - 1;
+    uint128_t accum0 = 0, accum1 = 0, accum2;
+    uint64_t mask = (1ULL << 56) - 1;
     uint64_t aa[4];
+    unsigned int i;
 
     /* For some reason clang doesn't vectorize this without prompting? */
-    unsigned int i;
-    for (i = 0; i < 4; i++) {
+    for (i = 0; i < 4; i++)
         aa[i] = a[i] + a[i + 4];
-    }
 
     accum2 = widemul(a[0], a[3]);
     accum0 = widemul(aa[0], aa[3]);
diff --git a/crypto/ec/curve448/arch_64/f_impl.h b/crypto/ec/curve448/arch_64/f_impl.h
index 8751ceecd9..725dfa85ab 100644
--- a/crypto/ec/curve448/arch_64/f_impl.h
+++ b/crypto/ec/curve448/arch_64/f_impl.h
@@ -10,40 +10,49 @@
  * Originally written by Mike Hamburg
  */
 
-#define GF_HEADROOM 9999        /* Everything is reduced anyway */
-#define FIELD_LITERAL(a,b,c,d,e,f,g,h) {{a,b,c,d,e,f,g,h}}
+#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H
+# define OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H
 
-#define LIMB_PLACE_VALUE(i) 56
+# define GF_HEADROOM 9999        /* Everything is reduced anyway */
+# define FIELD_LITERAL(a,b,c,d,e,f,g,h) {{a,b,c,d,e,f,g,h}}
+
+# define LIMB_PLACE_VALUE(i) 56
 
 void gf_add_RAW(gf out, const gf a, const gf b)
 {
-    for (unsigned int i = 0; i < 8; i++)
+    unsigned int i;
+
+    for (i = 0; i < 8; i++)
         out->limb[i] = a->limb[i] + b->limb[i];
+
     gf_weak_reduce(out);
 }
 
 void gf_sub_RAW(gf out, const gf a, const gf b)
 {
-    uint64_t co1 = ((1ull << 56) - 1) * 2, co2 = co1 - 2;
+    uint64_t co1 = ((1ULL << 56) - 1) * 2, co2 = co1 - 2;
+    unsigned int i;
 
-    for (unsigned int i = 0; i < 8; i++)
+    for (i = 0; i < 8; i++)
         out->limb[i] = a->limb[i] - b->limb[i] + ((i == 4) ? co2 : co1);
+
     gf_weak_reduce(out);
 }
 
 void gf_bias(gf a, int amt)
 {
-    (void)a;
-    (void)amt;
 }
 
 void gf_weak_reduce(gf a)
 {
-    uint64_t mask = (1ull << 56) - 1;
+    uint64_t mask = (1ULL << 56) - 1;
     uint64_t tmp = a->limb[7] >> 56;
+    unsigned int i;
 
     a->limb[4] += tmp;
-    for (unsigned int i = 7; i > 0; i--)
+    for (i = 7; i > 0; i--)
         a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 56);
     a->limb[0] = (a->limb[0] & mask) + tmp;
 }
+
+#endif                  /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H */
author	Amitay Isaacs <amitay@ozlabs.org>	2021-01-19 14:04:48 +1100
committer	Matt Caswell <matt@openssl.org>	2021-04-08 12:18:10 +0100
commit	70fd5110261e9c663b2f6a6009514f72c303d85d (patch)
tree	b241bcf785236db2b1d2b277646c7399982013b8 /crypto/ec/curve448
parent	136f96a5d7abb0879ecbeaf3883e0d20a249a2f6 (diff)