1 files changed, 59 insertions, 59 deletions
diff --git a/src/crypto/fipsmodule/ec/p256-x86_64.c b/src/crypto/fipsmodule/ec/p256-x86_64.c
index de80dca0..8b516773 100644
--- a/src/crypto/fipsmodule/ec/p256-x86_64.c
+++ b/src/crypto/fipsmodule/ec/p256-x86_64.c
@@ -12,13 +12,13 @@
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
 
-/* Developers and authors:
- * Shay Gueron (1, 2), and Vlad Krasnov (1)
- * (1) Intel Corporation, Israel Development Center
- * (2) University of Haifa
- * Reference:
- * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with
- *                          256 Bit Primes" */
+// Developers and authors:
+// Shay Gueron (1, 2), and Vlad Krasnov (1)
+// (1) Intel Corporation, Israel Development Center
+// (2) University of Haifa
+// Reference:
+// S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with
+//                          256 Bit Primes"
 
 #include <openssl/ec.h>
 
@@ -42,16 +42,16 @@
 
 typedef P256_POINT_AFFINE PRECOMP256_ROW[64];
 
-/* One converted into the Montgomery domain */
+// One converted into the Montgomery domain
 static const BN_ULONG ONE[P256_LIMBS] = {
     TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000),
     TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe),
 };
 
-/* Precomputed tables for the default generator */
+// Precomputed tables for the default generator
 #include "p256-x86_64-table.h"
 
-/* Recode window to a signed digit, see util-64.c for details */
+// Recode window to a signed digit, see util-64.c for details
 static unsigned booth_recode_w5(unsigned in) {
   unsigned s, d;
 
@@ -74,11 +74,11 @@ static unsigned booth_recode_w7(unsigned in) {
   return (d << 1) + (s & 1);
 }
 
-/* copy_conditional copies |src| to |dst| if |move| is one and leaves it as-is
- * if |move| is zero.
- *
- * WARNING: this breaks the usual convention of constant-time functions
- * returning masks. */
+// copy_conditional copies |src| to |dst| if |move| is one and leaves it as-is
+// if |move| is zero.
+//
+// WARNING: this breaks the usual convention of constant-time functions
+// returning masks.
 static void copy_conditional(BN_ULONG dst[P256_LIMBS],
                              const BN_ULONG src[P256_LIMBS], BN_ULONG move) {
   BN_ULONG mask1 = ((BN_ULONG)0) - move;
@@ -96,32 +96,32 @@ static void copy_conditional(BN_ULONG dst[P256_LIMBS],
   }
 }
 
-/* is_not_zero returns one iff in != 0 and zero otherwise.
- *
- * WARNING: this breaks the usual convention of constant-time functions
- * returning masks.
- *
- * (define-fun is_not_zero ((in (_ BitVec 64))) (_ BitVec 64)
- *   (bvlshr (bvor in (bvsub #x0000000000000000 in)) #x000000000000003f)
- * )
- *
- * (declare-fun x () (_ BitVec 64))
- *
- * (assert (and (= x #x0000000000000000) (= (is_not_zero x) #x0000000000000001)))
- * (check-sat)
- *
- * (assert (and (not (= x #x0000000000000000)) (= (is_not_zero x) #x0000000000000000)))
- * (check-sat)
- * */
+// is_not_zero returns one iff in != 0 and zero otherwise.
+//
+// WARNING: this breaks the usual convention of constant-time functions
+// returning masks.
+//
+// (define-fun is_not_zero ((in (_ BitVec 64))) (_ BitVec 64)
+//   (bvlshr (bvor in (bvsub #x0000000000000000 in)) #x000000000000003f)
+// )
+//
+// (declare-fun x () (_ BitVec 64))
+//
+// (assert (and (= x #x0000000000000000) (= (is_not_zero x) #x0000000000000001)))
+// (check-sat)
+//
+// (assert (and (not (= x #x0000000000000000)) (= (is_not_zero x) #x0000000000000000)))
+// (check-sat)
+//
 static BN_ULONG is_not_zero(BN_ULONG in) {
   in |= (0 - in);
   in >>= BN_BITS2 - 1;
   return in;
 }
 
-/* ecp_nistz256_mod_inverse_mont sets |r| to (|in| * 2^-256)^-1 * 2^256 mod p.
- * That is, |r| is the modular inverse of |in| for input and output in the
- * Montgomery domain. */
+// ecp_nistz256_mod_inverse_mont sets |r| to (|in| * 2^-256)^-1 * 2^256 mod p.
+// That is, |r| is the modular inverse of |in| for input and output in the
+// Montgomery domain.
 static void ecp_nistz256_mod_inverse_mont(BN_ULONG r[P256_LIMBS],
                                           const BN_ULONG in[P256_LIMBS]) {
   /* The poly is ffffffff 00000001 00000000 00000000 00000000 ffffffff ffffffff
@@ -136,29 +136,29 @@ static void ecp_nistz256_mod_inverse_mont(BN_ULONG r[P256_LIMBS],
   int i;
 
   ecp_nistz256_sqr_mont(res, in);
-  ecp_nistz256_mul_mont(p2, res, in); /* 3*p */
+  ecp_nistz256_mul_mont(p2, res, in);  // 3*p
 
   ecp_nistz256_sqr_mont(res, p2);
   ecp_nistz256_sqr_mont(res, res);
-  ecp_nistz256_mul_mont(p4, res, p2); /* f*p */
+  ecp_nistz256_mul_mont(p4, res, p2);  // f*p
 
   ecp_nistz256_sqr_mont(res, p4);
   ecp_nistz256_sqr_mont(res, res);
   ecp_nistz256_sqr_mont(res, res);
   ecp_nistz256_sqr_mont(res, res);
-  ecp_nistz256_mul_mont(p8, res, p4); /* ff*p */
+  ecp_nistz256_mul_mont(p8, res, p4);  // ff*p
 
   ecp_nistz256_sqr_mont(res, p8);
   for (i = 0; i < 7; i++) {
     ecp_nistz256_sqr_mont(res, res);
   }
-  ecp_nistz256_mul_mont(p16, res, p8); /* ffff*p */
+  ecp_nistz256_mul_mont(p16, res, p8);  // ffff*p
 
   ecp_nistz256_sqr_mont(res, p16);
   for (i = 0; i < 15; i++) {
     ecp_nistz256_sqr_mont(res, res);
   }
-  ecp_nistz256_mul_mont(p32, res, p16); /* ffffffff*p */
+  ecp_nistz256_mul_mont(p32, res, p16);  // ffffffff*p
 
   ecp_nistz256_sqr_mont(res, p32);
   for (i = 0; i < 31; i++) {
@@ -201,8 +201,8 @@ static void ecp_nistz256_mod_inverse_mont(BN_ULONG r[P256_LIMBS],
   ecp_nistz256_mul_mont(r, res, in);
 }
 
-/* ecp_nistz256_bignum_to_field_elem copies the contents of |in| to |out| and
- * returns one if it fits. Otherwise it returns zero. */
+// ecp_nistz256_bignum_to_field_elem copies the contents of |in| to |out| and
+// returns one if it fits. Otherwise it returns zero.
 static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
                                              const BIGNUM *in) {
   if (in->top > P256_LIMBS) {
@@ -214,7 +214,7 @@ static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
   return 1;
 }
 
-/* r = p * p_scalar */
+// r = p * p_scalar
 static int ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
                                      const EC_POINT *p, const BIGNUM *p_scalar,
                                      BN_CTX *ctx) {
@@ -224,9 +224,9 @@ static int ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
   static const unsigned kWindowSize = 5;
   static const unsigned kMask = (1 << (5 /* kWindowSize */ + 1)) - 1;
 
-  /* A |P256_POINT| is (3 * 32) = 96 bytes, and the 64-byte alignment should
-   * add no more than 63 bytes of overhead. Thus, |table| should require
-   * ~1599 ((96 * 16) + 63) bytes of stack space. */
+  // A |P256_POINT| is (3 * 32) = 96 bytes, and the 64-byte alignment should
+  // add no more than 63 bytes of overhead. Thus, |table| should require
+  // ~1599 ((96 * 16) + 63) bytes of stack space.
   alignas(64) P256_POINT table[16];
   uint8_t p_str[33];
 
@@ -279,9 +279,9 @@ static int ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
     p_str[j] = 0;
   }
 
-  /* table[0] is implicitly (0,0,0) (the point at infinity), therefore it is
-   * not stored. All other values are actually stored with an offset of -1 in
-   * table. */
+  // table[0] is implicitly (0,0,0) (the point at infinity), therefore it is
+  // not stored. All other values are actually stored with an offset of -1 in
+  // table.
   P256_POINT *row = table;
 
   if (!ecp_nistz256_bignum_to_field_elem(row[1 - 1].X, &p->X) ||
@@ -341,7 +341,7 @@ static int ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
     ecp_nistz256_point_double(r, r);
   }
 
-  /* Final window */
+  // Final window
   wvalue = p_str[0];
   wvalue = (wvalue << 1) & kMask;
 
@@ -426,7 +426,7 @@ static int ecp_nistz256_points_mul(
       p_str[i] = 0;
     }
 
-    /* First window */
+    // First window
     unsigned wvalue = (p_str[0] << 1) & kMask;
     unsigned index = kWindowSize;
 
@@ -439,9 +439,9 @@ static int ecp_nistz256_points_mul(
     ecp_nistz256_neg(p.p.Z, p.p.Y);
     copy_conditional(p.p.Y, p.p.Z, wvalue & 1);
 
-    /* Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p|
-     * is infinity and |ONE| otherwise. |p| was computed from the table, so it
-     * is infinity iff |wvalue >> 1| is zero.  */
+    // Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p|
+    // is infinity and |ONE| otherwise. |p| was computed from the table, so it
+    // is infinity iff |wvalue >> 1| is zero.
     OPENSSL_memset(p.p.Z, 0, sizeof(p.p.Z));
     copy_conditional(p.p.Z, ONE, is_not_zero(wvalue >> 1));
 
@@ -478,7 +478,7 @@ static int ecp_nistz256_points_mul(
     }
   }
 
-  /* Not constant-time, but we're only operating on the public output. */
+  // Not constant-time, but we're only operating on the public output.
   if (!bn_set_words(&r->X, p.p.X, P256_LIMBS) ||
       !bn_set_words(&r->Y, p.p.Y, P256_LIMBS) ||
       !bn_set_words(&r->Z, p.p.Z, P256_LIMBS)) {
@@ -516,10 +516,10 @@ static int ecp_nistz256_get_affine(const EC_GROUP *group, const EC_POINT *point,
   ecp_nistz256_mod_inverse_mont(z_inv3, point_z);
   ecp_nistz256_sqr_mont(z_inv2, z_inv3);
 
-  /* Instead of using |ecp_nistz256_from_mont| to convert the |x| coordinate
-   * and then calling |ecp_nistz256_from_mont| again to convert the |y|
-   * coordinate below, convert the common factor |z_inv2| once now, saving one
-   * reduction. */
+  // Instead of using |ecp_nistz256_from_mont| to convert the |x| coordinate
+  // and then calling |ecp_nistz256_from_mont| again to convert the |y|
+  // coordinate below, convert the common factor |z_inv2| once now, saving one
+  // reduction.
   ecp_nistz256_from_mont(z_inv2, z_inv2);
 
   if (x != NULL) {