diff options
| author | Matt Caswell <matt@openssl.org> | 2015-01-05 11:30:03 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:31:48 +0000 |
| commit | 83975c80bbc3e84cc605e0491707a6517f5dd346 (patch) | |
| tree | 3292eadddefc6fd0b0ce848c1fe285a3bbe32cb6 /crypto/ec | |
| parent | 323d39e87f86bc4524881942aafc7539532aefff (diff) | |
Re-align some comments after running the reformat script.OpenSSL_1_0_2-post-reformat
This should be a one off operation (subsequent invokation of the
script should not move them)
This commit is for the 1.0.2 changes
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/ec')
| -rw-r--r-- | crypto/ec/ec.h | 16 | ||||
| -rw-r--r-- | crypto/ec/ec2_smpl.c | 12 | ||||
| -rw-r--r-- | crypto/ec/ec_lcl.h | 16 | ||||
| -rw-r--r-- | crypto/ec/ec_mult.c | 14 | ||||
| -rw-r--r-- | crypto/ec/ecp_nistp224.c | 26 | ||||
| -rw-r--r-- | crypto/ec/ecp_nistp256.c | 77 | ||||
| -rw-r--r-- | crypto/ec/ecp_nistp521.c | 101 | ||||
| -rw-r--r-- | crypto/ec/ecp_oct.c | 10 | ||||
| -rw-r--r-- | crypto/ec/ecp_smpl.c | 60 |
9 files changed, 168 insertions, 164 deletions
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 39f7aa1fe1..98edfdf8bc 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -116,14 +116,14 @@ typedef enum { typedef struct ec_method_st EC_METHOD; typedef struct ec_group_st - /*- - EC_METHOD *meth; - -- field definition - -- curve coefficients - -- optional generator with associated information (order, cofactor) - -- optional extra data (precomputed table for fast computation of multiples of generator) - -- ASN1 stuff - */ + /*- + EC_METHOD *meth; + -- field definition + -- curve coefficients + -- optional generator with associated information (order, cofactor) + -- optional extra data (precomputed table for fast computation of multiples of generator) + -- ASN1 stuff + */ EC_GROUP; typedef struct ec_point_st EC_POINT; diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 9a39477f30..077c7fc8dd 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -632,12 +632,12 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, if (lh == NULL) goto err; - /*- - * We have a curve defined by a Weierstrass equation - * y^2 + x*y = x^3 + a*x^2 + b. - * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 - * <=> ((x + a) * x + y ) * x + b + y^2 = 0 - */ + /*- + * We have a curve defined by a Weierstrass equation + * y^2 + x*y = x^3 + a*x^2 + b. + * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 + * <=> ((x + a) * x + y ) * x + b + y^2 = 0 + */ if (!BN_GF2m_add(lh, &point->X, &group->a)) goto err; if (!field_mul(group, lh, lh, &point->X, ctx)) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index d4c4c716bc..697eeb528c 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -120,14 +120,14 @@ struct ec_method_st { void (*point_finish) (EC_POINT *); void (*point_clear_finish) (EC_POINT *); int (*point_copy) (EC_POINT *, const EC_POINT *); - /*- - * used by EC_POINT_set_to_infinity, - * EC_POINT_set_Jprojective_coordinates_GFp, - * EC_POINT_get_Jprojective_coordinates_GFp, - * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, - * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, - * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: - */ + /*- + * used by EC_POINT_set_to_infinity, + * EC_POINT_set_Jprojective_coordinates_GFp, + * EC_POINT_get_Jprojective_coordinates_GFp, + * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, + * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, + * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: + */ int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *); int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *, EC_POINT *, const BIGNUM *x, diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 807641a0f4..23b8c3089b 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -602,13 +602,13 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!(tmp = EC_POINT_new(group))) goto err; - /*- - * prepare precomputed values: - * val_sub[i][0] := points[i] - * val_sub[i][1] := 3 * points[i] - * val_sub[i][2] := 5 * points[i] - * ... - */ + /*- + * prepare precomputed values: + * val_sub[i][0] := points[i] + * val_sub[i][1] := 3 * points[i] + * val_sub[i][2] := 5 * points[i] + * ... + */ for (i = 0; i < num + num_scalar; i++) { if (i < num) { if (!EC_POINT_copy(val_sub[i][0], points[i])) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index ece7b75400..9a59ef0c19 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -618,11 +618,11 @@ static void felem_reduce(felem out, const widefelem in) /* output[3] <= 2^56 + 2^16 */ out[2] = output[2] & 0x00ffffffffffffff; - /*- - * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, - * out[3] <= 2^56 + 2^16 (due to final carry), - * so out < 2*p - */ + /*- + * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, + * out[3] <= 2^56 + 2^16 (due to final carry), + * so out < 2*p + */ out[3] = output[3]; } @@ -1048,10 +1048,10 @@ static void point_add(felem x3, felem y3, felem z3, felem_scalar(ftmp5, 2); /* ftmp5[i] < 2 * 2^57 = 2^58 */ - /*- - * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 - - * 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - */ + /*- + * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 - + * 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 + */ felem_diff_128_64(tmp2, ftmp5); /* tmp2[i] < 2^117 + 2^64 + 8 < 2^118 */ felem_reduce(x_out, tmp2); @@ -1066,10 +1066,10 @@ static void point_add(felem x3, felem y3, felem z3, felem_mul(tmp2, ftmp3, ftmp2); /* tmp2[i] < 4 * 2^57 * 2^59 = 2^118 */ - /*- - * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) - - * z2^3*y1*(z1^2*x2 - z2^2*x1)^3 - */ + /*- + * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) - + * z2^3*y1*(z1^2*x2 - z2^2*x1)^3 + */ widefelem_diff(tmp2, tmp); /* tmp2[i] < 2^118 + 2^120 < 2^121 */ felem_reduce(y_out, tmp2); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index ea63c10f49..a5887086c6 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -437,25 +437,25 @@ static void felem_shrink(smallfelem out, const felem in) /* As tmp[3] < 2^65, high is either 1 or 0 */ high <<= 63; high >>= 63; - /*- - * high is: - * all ones if the high word of tmp[3] is 1 - * all zeros if the high word of tmp[3] if 0 */ + /*- + * high is: + * all ones if the high word of tmp[3] is 1 + * all zeros if the high word of tmp[3] if 0 */ low = tmp[3]; mask = low >> 63; - /*- - * mask is: - * all ones if the MSB of low is 1 - * all zeros if the MSB of low if 0 */ + /*- + * mask is: + * all ones if the MSB of low is 1 + * all zeros if the MSB of low if 0 */ low &= bottom63bits; low -= kPrime3Test; /* if low was greater than kPrime3Test then the MSB is zero */ low = ~low; low >>= 63; - /*- - * low is: - * all ones if low was > kPrime3Test - * all zeros if low was <= kPrime3Test */ + /*- + * low is: + * all ones if low was > kPrime3Test + * all zeros if low was <= kPrime3Test */ mask = (mask & low) | high; tmp[0] -= mask & kPrime[0]; tmp[1] -= mask & kPrime[1]; @@ -795,17 +795,17 @@ static void felem_reduce(felem out, const longfelem in) felem_reduce_(out, in); - /*- - * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 - * out[1] > 2^100 - 2^64 - 7*2^96 > 0 - * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 - * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 - * - * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 - * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101 - * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101 - * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101 - */ + /*- + * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 + * out[1] > 2^100 - 2^64 - 7*2^96 > 0 + * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 + * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 + * + * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 + * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101 + * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101 + * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101 + */ } /*- @@ -824,17 +824,17 @@ static void felem_reduce_zero105(felem out, const longfelem in) felem_reduce_(out, in); - /*- - * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 - * out[1] > 2^105 - 2^71 - 2^103 > 0 - * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 - * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 - * - * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 - * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 - * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106 - * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 - */ + /*- + * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 + * out[1] > 2^105 - 2^71 - 2^103 > 0 + * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 + * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 + * + * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 + * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 + * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106 + * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 + */ } /* @@ -1099,7 +1099,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in) * * Building on top of the field operations we have the operations on the * elliptic curve group itself. Points on the curve are represented in Jacobian - * coordinates */ + * coordinates + */ /*- * point_double calculates 2*(x_in, y_in, z_in) @@ -1108,7 +1109,8 @@ static void smallfelem_inv_contract(smallfelem out, const smallfelem in) * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b * * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed. - * while x_out == y_in is not (maybe this works, but it's not tested). */ + * while x_out == y_in is not (maybe this works, but it's not tested). + */ static void point_double(felem x_out, felem y_out, felem z_out, const felem x_in, const felem y_in, const felem z_in) @@ -1239,7 +1241,8 @@ static void copy_small_conditional(felem out, const smallfelem in, limb mask) * This function includes a branch for checking whether the two input points * are equal, (while not equal to the point at infinity). This case never * happens during single point multiplication, so there is no timing leak for - * ECDH or ECDSA signing. */ + * ECDH or ECDSA signing. + */ static void point_add(felem x3, felem y3, felem z3, const felem x1, const felem y1, const felem z1, const int mixed, const smallfelem x2, diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index c1ef3fedac..360b9a3516 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -414,15 +414,16 @@ static void felem_square(largefelem out, const felem in) felem_scalar(inx2, in, 2); felem_scalar(inx4, in, 4); - /*- - * We have many cases were we want to do - * in[x] * in[y] + - * in[y] * in[x] - * This is obviously just - * 2 * in[x] * in[y] - * However, rather than do the doubling on the 128 bit result, we - * double one of the inputs to the multiplication by reading from - * |inx2| */ + /*- + * We have many cases were we want to do + * in[x] * in[y] + + * in[y] * in[x] + * This is obviously just + * 2 * in[x] * in[y] + * However, rather than do the doubling on the 128 bit result, we + * double one of the inputs to the multiplication by reading from + * |inx2| + */ out[0] = ((uint128_t) in[0]) * in[0]; out[1] = ((uint128_t) in[0]) * inx2[1]; @@ -610,10 +611,10 @@ static void felem_reduce(felem out, const largefelem in) out[1] += ((limb) in[0]) >> 58; out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6; - /*- - * out[1] < 2^58 + 2^6 + 2^58 - * = 2^59 + 2^6 - */ + /*- + * out[1] < 2^58 + 2^6 + 2^58 + * = 2^59 + 2^6 + */ out[2] += ((limb) (in[0] >> 64)) >> 52; out[2] += ((limb) in[1]) >> 58; @@ -642,10 +643,10 @@ static void felem_reduce(felem out, const largefelem in) out[8] += ((limb) in[7]) >> 58; out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6; - /*- - * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 - * < 2^59 + 2^13 - */ + /*- + * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 + * < 2^59 + 2^13 + */ overflow1 = ((limb) (in[7] >> 64)) >> 52; overflow1 += ((limb) in[8]) >> 58; @@ -660,11 +661,11 @@ static void felem_reduce(felem out, const largefelem in) out[1] += out[0] >> 58; out[0] &= bottom58bits; - /*- - * out[0] < 2^58 - * out[1] < 2^59 + 2^6 + 2^13 + 2^2 - * < 2^59 + 2^14 - */ + /*- + * out[0] < 2^58 + * out[1] < 2^59 + 2^6 + 2^13 + 2^2 + * < 2^59 + 2^14 + */ } static void felem_square_reduce(felem out, const felem in) @@ -1055,13 +1056,13 @@ point_double(felem x_out, felem y_out, felem z_out, felem_scalar64(ftmp2, 3); /* ftmp2[i] < 3*2^60 + 3*2^15 */ felem_mul(tmp, ftmp, ftmp2); - /*- - * tmp[i] < 17(3*2^121 + 3*2^76) - * = 61*2^121 + 61*2^76 - * < 64*2^121 + 64*2^76 - * = 2^127 + 2^82 - * < 2^128 - */ + /*- + * tmp[i] < 17(3*2^121 + 3*2^76) + * = 61*2^121 + 61*2^76 + * < 64*2^121 + 64*2^76 + * = 2^127 + 2^82 + * < 2^128 + */ felem_reduce(alpha, tmp); /* x' = alpha^2 - 8*beta */ @@ -1096,30 +1097,30 @@ point_double(felem x_out, felem y_out, felem z_out, felem_diff64(beta, x_out); /* beta[i] < 2^61 + 2^60 + 2^16 */ felem_mul(tmp, alpha, beta); - /*- - * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16)) - * = 17*(2^120 + 2^75 + 2^119 + 2^74 + 2^75 + 2^30) - * = 17*(2^120 + 2^119 + 2^76 + 2^74 + 2^30) - * < 2^128 - */ + /*- + * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16)) + * = 17*(2^120 + 2^75 + 2^119 + 2^74 + 2^75 + 2^30) + * = 17*(2^120 + 2^119 + 2^76 + 2^74 + 2^30) + * < 2^128 + */ felem_square(tmp2, gamma); - /*- - * tmp2[i] < 17*(2^59 + 2^14)^2 - * = 17*(2^118 + 2^74 + 2^28) - */ + /*- + * tmp2[i] < 17*(2^59 + 2^14)^2 + * = 17*(2^118 + 2^74 + 2^28) + */ felem_scalar128(tmp2, 8); - /*- - * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28) - * = 2^125 + 2^121 + 2^81 + 2^77 + 2^35 + 2^31 - * < 2^126 - */ + /*- + * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28) + * = 2^125 + 2^121 + 2^81 + 2^77 + 2^35 + 2^31 + * < 2^126 + */ felem_diff128(tmp, tmp2); - /*- - * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30) - * = 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 + - * 2^74 + 2^69 + 2^34 + 2^30 - * < 2^128 - */ + /*- + * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30) + * = 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 + + * 2^74 + 2^69 + 2^34 + 2^30 + * < 2^128 + */ felem_reduce(y_out, tmp); } diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index 77627bb5c4..e5cec8be82 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -96,11 +96,11 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, if (y == NULL) goto err; - /*- - * Recover y. We have a Weierstrass equation - * y^2 = x^3 + a*x + b, - * so y is one of the square roots of x^3 + a*x + b. - */ + /*- + * Recover y. We have a Weierstrass equation + * y^2 = x^3 + a*x + b, + * so y is one of the square roots of x^3 + a*x + b. + */ /* tmp1 := x^3 */ if (!BN_nnmod(x, x_, &group->field, ctx)) diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index d196dedfb3..2b848216d7 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -320,11 +320,11 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) goto err; } - /*- - * check the discriminant: - * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) - * 0 =< a, b < p - */ + /*- + * check the discriminant: + * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) + * 0 =< a, b < p + */ if (BN_is_zero(a)) { if (BN_is_zero(b)) goto err; @@ -900,10 +900,10 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, goto err; if (!BN_mod_add_quick(n1, n0, n1, p)) goto err; - /*- - * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) - * = 3 * X_a^2 - 3 * Z_a^4 - */ + /*- + * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) + * = 3 * X_a^2 - 3 * Z_a^4 + */ } else { if (!field_sqr(group, n0, &a->X, ctx)) goto err; @@ -1024,15 +1024,15 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, if (Z6 == NULL) goto err; - /*- - * We have a curve defined by a Weierstrass equation - * y^2 = x^3 + a*x + b. - * The point to consider is given in Jacobian projective coordinates - * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). - * Substituting this and multiplying by Z^6 transforms the above equation into - * Y^2 = X^3 + a*X*Z^4 + b*Z^6. - * To test this, we add up the right-hand side in 'rh'. - */ + /*- + * We have a curve defined by a Weierstrass equation + * y^2 = x^3 + a*x + b. + * The point to consider is given in Jacobian projective coordinates + * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). + * Substituting this and multiplying by Z^6 transforms the above equation into + * Y^2 = X^3 + a*X*Z^4 + b*Z^6. + * To test this, we add up the right-hand side in 'rh'. + */ /* rh := X^2 */ if (!field_sqr(group, rh, &point->X, ctx)) @@ -1099,12 +1099,12 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { - /*- - * return values: - * -1 error - * 0 equal (in affine coordinates) - * 1 not equal - */ + /*- + * return values: + * -1 error + * 0 equal (in affine coordinates) + * 1 not equal + */ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); @@ -1143,12 +1143,12 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, if (Zb23 == NULL) goto end; - /*- - * We have to decide whether - * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), - * or equivalently, whether - * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). - */ + /*- + * We have to decide whether + * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), + * or equivalently, whether + * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). + */ if (!b->Z_is_one) { if (!field_sqr(group, Zb23, &b->Z, ctx)) |