From cdbd5638ff4b48c7a95ab0e6c2fb2c468de9300a Mon Sep 17 00:00:00 2001 From: Tim Ruffing Date: Tue, 21 Apr 2020 16:30:01 +0200 Subject: [PATCH 1/2] Convert large (UL/ULL/LL) integer constants to stdint.h macros This commit is the result of creating a file constants.sed with contents ``` s/(0x([A-F]|[0-9])+)ULL/UINT64_C(\1)/gi s/(0x([A-F]|[0-9])+)UL/UINT32_C(\1)/gi s/(([0-9])+)ULL/UINT64_C(\1)/gi s/(([0-9])+)UL/UINT32_C(\1)/gi s/(([0-9])+)LL/INT64_C(\1)/gi ``` and running `sed -E -i -f constants.sed src/*.[ch]` (and fixing custom indentation in four affected lines). Use `git grep -iE '([A-F]|[0-9])UL'` to verify the result. Moreover, this commit removes `-Wno-long-long` from CFLAGS, which is no longer needed then. It also removes `-Wno-overlength-strings`, which is apparently not needed currently either. The motivation for this change is compliance with C89 (#745) for ULL/LL but also reviewability: Even though it's not relevant in the current code, I think it's confusing to use the portable uint32_t/uint64_t types but then constants of the unsigned long (long) types, which differ across targets. Fixes #745. --- configure.ac | 2 +- src/bench.h | 8 +- src/ecdsa_impl.h | 6 +- src/field_10x26.h | 18 +-- src/field_10x26_impl.h | 268 +++++++++++++++++------------------ src/field_5x52.h | 8 +- src/field_5x52_impl.h | 138 +++++++++--------- src/field_5x52_int128_impl.h | 4 +- src/field_impl.h | 4 +- src/group_impl.h | 12 +- src/hash_impl.h | 16 +-- src/scalar_4x64_impl.h | 50 +++---- src/scalar_8x32_impl.h | 100 ++++++------- src/scalar_impl.h | 20 +-- src/tests.c | 12 +- 15 files changed, 333 insertions(+), 333 deletions(-) diff --git a/configure.ac b/configure.ac index 7f762fa31b..91b4177f64 100644 --- a/configure.ac +++ b/configure.ac @@ -67,7 +67,7 @@ esac CFLAGS="-W $CFLAGS" -warn_CFLAGS="-std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function -Wno-long-long -Wno-overlength-strings" +warn_CFLAGS="-std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function" saved_CFLAGS="$CFLAGS" CFLAGS="$warn_CFLAGS $CFLAGS" AC_MSG_CHECKING([if ${CC} supports ${warn_CFLAGS}]) diff --git a/src/bench.h b/src/bench.h index 9bfed903e0..b71c2c2b01 100644 --- a/src/bench.h +++ b/src/bench.h @@ -15,11 +15,11 @@ static int64_t gettime_i64(void) { struct timeval tv; gettimeofday(&tv, NULL); - return (int64_t)tv.tv_usec + (int64_t)tv.tv_sec * 1000000LL; + return (int64_t)tv.tv_usec + (int64_t)tv.tv_sec * INT64_C(1000000); } #define FP_EXP (6) -#define FP_MULT (1000000LL) +#define FP_MULT (INT64_C(1000000)) /* Format fixed point number. */ void print_number(const int64_t x) { @@ -39,8 +39,8 @@ void print_number(const int64_t x) { * sense). */ y = x_abs; c = 0; - while (y > 0LL && y < 100LL * FP_MULT && c < FP_EXP) { - y *= 10LL; + while (y > INT64_C(0) && y < INT64_C(100) * FP_MULT && c < FP_EXP) { + y *= INT64_C(10); c++; } diff --git a/src/ecdsa_impl.h b/src/ecdsa_impl.h index 359c621b93..b26e38bae1 100644 --- a/src/ecdsa_impl.h +++ b/src/ecdsa_impl.h @@ -29,8 +29,8 @@ * 'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141' */ static const secp256k1_fe secp256k1_ecdsa_const_order_as_fe = SECP256K1_FE_CONST( - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, - 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364141UL + UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFE), + UINT32_C(0xBAAEDCE6), UINT32_C(0xAF48A03B), UINT32_C(0xBFD25E8C), UINT32_C(0xD0364141) ); /** Difference between field and order, values 'p' and 'n' values defined in @@ -43,7 +43,7 @@ static const secp256k1_fe secp256k1_ecdsa_const_order_as_fe = SECP256K1_FE_CONST * '14551231950b75fc4402da1722fc9baee' */ static const secp256k1_fe secp256k1_ecdsa_const_p_minus_order = SECP256K1_FE_CONST( - 0, 0, 0, 1, 0x45512319UL, 0x50B75FC4UL, 0x402DA172UL, 0x2FC9BAEEUL + 0, 0, 0, 1, UINT32_C(0x45512319), UINT32_C(0x50B75FC4), UINT32_C(0x402DA172), UINT32_C(0x2FC9BAEE) ); static int secp256k1_der_read_len(size_t *len, const unsigned char **sigp, const unsigned char *sigend) { diff --git a/src/field_10x26.h b/src/field_10x26.h index 5ff03c8abc..bfa0e2f0b9 100644 --- a/src/field_10x26.h +++ b/src/field_10x26.h @@ -22,15 +22,15 @@ typedef struct { /* Unpacks a constant into a overlapping multi-limbed FE element. */ #define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ - (d0) & 0x3FFFFFFUL, \ - (((uint32_t)d0) >> 26) | (((uint32_t)(d1) & 0xFFFFFUL) << 6), \ - (((uint32_t)d1) >> 20) | (((uint32_t)(d2) & 0x3FFFUL) << 12), \ - (((uint32_t)d2) >> 14) | (((uint32_t)(d3) & 0xFFUL) << 18), \ - (((uint32_t)d3) >> 8) | (((uint32_t)(d4) & 0x3UL) << 24), \ - (((uint32_t)d4) >> 2) & 0x3FFFFFFUL, \ - (((uint32_t)d4) >> 28) | (((uint32_t)(d5) & 0x3FFFFFUL) << 4), \ - (((uint32_t)d5) >> 22) | (((uint32_t)(d6) & 0xFFFFUL) << 10), \ - (((uint32_t)d6) >> 16) | (((uint32_t)(d7) & 0x3FFUL) << 16), \ + (d0) & UINT32_C(0x3FFFFFF), \ + (((uint32_t)d0) >> 26) | (((uint32_t)(d1) & UINT32_C(0xFFFFF)) << 6), \ + (((uint32_t)d1) >> 20) | (((uint32_t)(d2) & UINT32_C(0x3FFF)) << 12), \ + (((uint32_t)d2) >> 14) | (((uint32_t)(d3) & UINT32_C(0xFF)) << 18), \ + (((uint32_t)d3) >> 8) | (((uint32_t)(d4) & UINT32_C(0x3)) << 24), \ + (((uint32_t)d4) >> 2) & UINT32_C(0x3FFFFFF), \ + (((uint32_t)d4) >> 28) | (((uint32_t)(d5) & UINT32_C(0x3FFFFF)) << 4), \ + (((uint32_t)d5) >> 22) | (((uint32_t)(d6) & UINT32_C(0xFFFF)) << 10), \ + (((uint32_t)d6) >> 16) | (((uint32_t)(d7) & UINT32_C(0x3FF)) << 16), \ (((uint32_t)d7) >> 10) \ } diff --git a/src/field_10x26_impl.h b/src/field_10x26_impl.h index 39304245da..5ef62ed54d 100644 --- a/src/field_10x26_impl.h +++ b/src/field_10x26_impl.h @@ -14,24 +14,24 @@ static void secp256k1_fe_verify(const secp256k1_fe *a) { const uint32_t *d = a->n; int m = a->normalized ? 1 : 2 * a->magnitude, r = 1; - r &= (d[0] <= 0x3FFFFFFUL * m); - r &= (d[1] <= 0x3FFFFFFUL * m); - r &= (d[2] <= 0x3FFFFFFUL * m); - r &= (d[3] <= 0x3FFFFFFUL * m); - r &= (d[4] <= 0x3FFFFFFUL * m); - r &= (d[5] <= 0x3FFFFFFUL * m); - r &= (d[6] <= 0x3FFFFFFUL * m); - r &= (d[7] <= 0x3FFFFFFUL * m); - r &= (d[8] <= 0x3FFFFFFUL * m); - r &= (d[9] <= 0x03FFFFFUL * m); + r &= (d[0] <= UINT32_C(0x3FFFFFF) * m); + r &= (d[1] <= UINT32_C(0x3FFFFFF) * m); + r &= (d[2] <= UINT32_C(0x3FFFFFF) * m); + r &= (d[3] <= UINT32_C(0x3FFFFFF) * m); + r &= (d[4] <= UINT32_C(0x3FFFFFF) * m); + r &= (d[5] <= UINT32_C(0x3FFFFFF) * m); + r &= (d[6] <= UINT32_C(0x3FFFFFF) * m); + r &= (d[7] <= UINT32_C(0x3FFFFFF) * m); + r &= (d[8] <= UINT32_C(0x3FFFFFF) * m); + r &= (d[9] <= UINT32_C(0x03FFFFF) * m); r &= (a->magnitude >= 0); r &= (a->magnitude <= 32); if (a->normalized) { r &= (a->magnitude <= 1); - if (r && (d[9] == 0x03FFFFFUL)) { + if (r && (d[9] == UINT32_C(0x03FFFFF))) { uint32_t mid = d[8] & d[7] & d[6] & d[5] & d[4] & d[3] & d[2]; - if (mid == 0x3FFFFFFUL) { - r &= ((d[1] + 0x40UL + ((d[0] + 0x3D1UL) >> 26)) <= 0x3FFFFFFUL); + if (mid == UINT32_C(0x3FFFFFF)) { + r &= ((d[1] + UINT32_C(0x40) + ((d[0] + UINT32_C(0x3D1)) >> 26)) <= UINT32_C(0x3FFFFFF)); } } } @@ -45,44 +45,44 @@ static void secp256k1_fe_normalize(secp256k1_fe *r) { /* Reduce t9 at the start so there will be at most a single carry from the first pass */ uint32_t m; - uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + uint32_t x = t9 >> 22; t9 &= UINT32_C(0x03FFFFF); /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; m = t2; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; m &= t3; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; m &= t4; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; m &= t5; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; m &= t6; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; m &= t7; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; m &= t8; + t0 += x * UINT32_C(0x3D1); t1 += (x << 6); + t1 += (t0 >> 26); t0 &= UINT32_C(0x3FFFFFF); + t2 += (t1 >> 26); t1 &= UINT32_C(0x3FFFFFF); + t3 += (t2 >> 26); t2 &= UINT32_C(0x3FFFFFF); m = t2; + t4 += (t3 >> 26); t3 &= UINT32_C(0x3FFFFFF); m &= t3; + t5 += (t4 >> 26); t4 &= UINT32_C(0x3FFFFFF); m &= t4; + t6 += (t5 >> 26); t5 &= UINT32_C(0x3FFFFFF); m &= t5; + t7 += (t6 >> 26); t6 &= UINT32_C(0x3FFFFFF); m &= t6; + t8 += (t7 >> 26); t7 &= UINT32_C(0x3FFFFFF); m &= t7; + t9 += (t8 >> 26); t8 &= UINT32_C(0x3FFFFFF); m &= t8; /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ VERIFY_CHECK(t9 >> 23 == 0); /* At most a single final reduction is needed; check if the value is >= the field characteristic */ - x = (t9 >> 22) | ((t9 == 0x03FFFFFUL) & (m == 0x3FFFFFFUL) - & ((t1 + 0x40UL + ((t0 + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); + x = (t9 >> 22) | ((t9 == UINT32_C(0x03FFFFF)) & (m == UINT32_C(0x3FFFFFF)) + & ((t1 + UINT32_C(0x40) + ((t0 + UINT32_C(0x3D1)) >> 26)) > UINT32_C(0x3FFFFFF))); /* Apply the final reduction (for constant-time behaviour, we do it always) */ - t0 += x * 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; + t0 += x * UINT32_C(0x3D1); t1 += (x << 6); + t1 += (t0 >> 26); t0 &= UINT32_C(0x3FFFFFF); + t2 += (t1 >> 26); t1 &= UINT32_C(0x3FFFFFF); + t3 += (t2 >> 26); t2 &= UINT32_C(0x3FFFFFF); + t4 += (t3 >> 26); t3 &= UINT32_C(0x3FFFFFF); + t5 += (t4 >> 26); t4 &= UINT32_C(0x3FFFFFF); + t6 += (t5 >> 26); t5 &= UINT32_C(0x3FFFFFF); + t7 += (t6 >> 26); t6 &= UINT32_C(0x3FFFFFF); + t8 += (t7 >> 26); t7 &= UINT32_C(0x3FFFFFF); + t9 += (t8 >> 26); t8 &= UINT32_C(0x3FFFFFF); /* If t9 didn't carry to bit 22 already, then it should have after any final reduction */ VERIFY_CHECK(t9 >> 22 == x); /* Mask off the possible multiple of 2^256 from the final reduction */ - t9 &= 0x03FFFFFUL; + t9 &= UINT32_C(0x03FFFFF); r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; @@ -99,19 +99,19 @@ static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; /* Reduce t9 at the start so there will be at most a single carry from the first pass */ - uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + uint32_t x = t9 >> 22; t9 &= UINT32_C(0x03FFFFF); /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; + t0 += x * UINT32_C(0x3D1); t1 += (x << 6); + t1 += (t0 >> 26); t0 &= UINT32_C(0x3FFFFFF); + t2 += (t1 >> 26); t1 &= UINT32_C(0x3FFFFFF); + t3 += (t2 >> 26); t2 &= UINT32_C(0x3FFFFFF); + t4 += (t3 >> 26); t3 &= UINT32_C(0x3FFFFFF); + t5 += (t4 >> 26); t4 &= UINT32_C(0x3FFFFFF); + t6 += (t5 >> 26); t5 &= UINT32_C(0x3FFFFFF); + t7 += (t6 >> 26); t6 &= UINT32_C(0x3FFFFFF); + t8 += (t7 >> 26); t7 &= UINT32_C(0x3FFFFFF); + t9 += (t8 >> 26); t8 &= UINT32_C(0x3FFFFFF); /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ VERIFY_CHECK(t9 >> 23 == 0); @@ -131,44 +131,44 @@ static void secp256k1_fe_normalize_var(secp256k1_fe *r) { /* Reduce t9 at the start so there will be at most a single carry from the first pass */ uint32_t m; - uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + uint32_t x = t9 >> 22; t9 &= UINT32_C(0x03FFFFF); /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; m = t2; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; m &= t3; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; m &= t4; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; m &= t5; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; m &= t6; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; m &= t7; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; m &= t8; + t0 += x * UINT32_C(0x3D1); t1 += (x << 6); + t1 += (t0 >> 26); t0 &= UINT32_C(0x3FFFFFF); + t2 += (t1 >> 26); t1 &= UINT32_C(0x3FFFFFF); + t3 += (t2 >> 26); t2 &= UINT32_C(0x3FFFFFF); m = t2; + t4 += (t3 >> 26); t3 &= UINT32_C(0x3FFFFFF); m &= t3; + t5 += (t4 >> 26); t4 &= UINT32_C(0x3FFFFFF); m &= t4; + t6 += (t5 >> 26); t5 &= UINT32_C(0x3FFFFFF); m &= t5; + t7 += (t6 >> 26); t6 &= UINT32_C(0x3FFFFFF); m &= t6; + t8 += (t7 >> 26); t7 &= UINT32_C(0x3FFFFFF); m &= t7; + t9 += (t8 >> 26); t8 &= UINT32_C(0x3FFFFFF); m &= t8; /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ VERIFY_CHECK(t9 >> 23 == 0); /* At most a single final reduction is needed; check if the value is >= the field characteristic */ - x = (t9 >> 22) | ((t9 == 0x03FFFFFUL) & (m == 0x3FFFFFFUL) - & ((t1 + 0x40UL + ((t0 + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); + x = (t9 >> 22) | ((t9 == UINT32_C(0x03FFFFF)) & (m == UINT32_C(0x3FFFFFF)) + & ((t1 + UINT32_C(0x40) + ((t0 + UINT32_C(0x3D1)) >> 26)) > UINT32_C(0x3FFFFFF))); if (x) { - t0 += 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; + t0 += UINT32_C(0x3D1); t1 += (x << 6); + t1 += (t0 >> 26); t0 &= UINT32_C(0x3FFFFFF); + t2 += (t1 >> 26); t1 &= UINT32_C(0x3FFFFFF); + t3 += (t2 >> 26); t2 &= UINT32_C(0x3FFFFFF); + t4 += (t3 >> 26); t3 &= UINT32_C(0x3FFFFFF); + t5 += (t4 >> 26); t4 &= UINT32_C(0x3FFFFFF); + t6 += (t5 >> 26); t5 &= UINT32_C(0x3FFFFFF); + t7 += (t6 >> 26); t6 &= UINT32_C(0x3FFFFFF); + t8 += (t7 >> 26); t7 &= UINT32_C(0x3FFFFFF); + t9 += (t8 >> 26); t8 &= UINT32_C(0x3FFFFFF); /* If t9 didn't carry to bit 22 already, then it should have after any final reduction */ VERIFY_CHECK(t9 >> 22 == x); /* Mask off the possible multiple of 2^256 from the final reduction */ - t9 &= 0x03FFFFFUL; + t9 &= UINT32_C(0x03FFFFF); } r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; @@ -189,25 +189,25 @@ static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r) { uint32_t z0, z1; /* Reduce t9 at the start so there will be at most a single carry from the first pass */ - uint32_t x = t9 >> 22; t9 &= 0x03FFFFFUL; + uint32_t x = t9 >> 22; t9 &= UINT32_C(0x03FFFFF); /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x3D1UL; t1 += (x << 6); - t1 += (t0 >> 26); t0 &= 0x3FFFFFFUL; z0 = t0; z1 = t0 ^ 0x3D0UL; - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; z0 |= t1; z1 &= t1 ^ 0x40UL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; z0 |= t2; z1 &= t2; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; z0 |= t3; z1 &= t3; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; z0 |= t4; z1 &= t4; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; z0 |= t5; z1 &= t5; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; z0 |= t6; z1 &= t6; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; z0 |= t7; z1 &= t7; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; z0 |= t8; z1 &= t8; - z0 |= t9; z1 &= t9 ^ 0x3C00000UL; + t0 += x * UINT32_C(0x3D1); t1 += (x << 6); + t1 += (t0 >> 26); t0 &= UINT32_C(0x3FFFFFF); z0 = t0; z1 = t0 ^ UINT32_C(0x3D0); + t2 += (t1 >> 26); t1 &= UINT32_C(0x3FFFFFF); z0 |= t1; z1 &= t1 ^ UINT32_C(0x40); + t3 += (t2 >> 26); t2 &= UINT32_C(0x3FFFFFF); z0 |= t2; z1 &= t2; + t4 += (t3 >> 26); t3 &= UINT32_C(0x3FFFFFF); z0 |= t3; z1 &= t3; + t5 += (t4 >> 26); t4 &= UINT32_C(0x3FFFFFF); z0 |= t4; z1 &= t4; + t6 += (t5 >> 26); t5 &= UINT32_C(0x3FFFFFF); z0 |= t5; z1 &= t5; + t7 += (t6 >> 26); t6 &= UINT32_C(0x3FFFFFF); z0 |= t6; z1 &= t6; + t8 += (t7 >> 26); t7 &= UINT32_C(0x3FFFFFF); z0 |= t7; z1 &= t7; + t9 += (t8 >> 26); t8 &= UINT32_C(0x3FFFFFF); z0 |= t8; z1 &= t8; + z0 |= t9; z1 &= t9 ^ UINT32_C(0x3C00000); /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ VERIFY_CHECK(t9 >> 23 == 0); - return (z0 == 0) | (z1 == 0x3FFFFFFUL); + return (z0 == 0) | (z1 == UINT32_C(0x3FFFFFF)); } static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { @@ -222,14 +222,14 @@ static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { x = t9 >> 22; /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x3D1UL; + t0 += x * UINT32_C(0x3D1); /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ - z0 = t0 & 0x3FFFFFFUL; - z1 = z0 ^ 0x3D0UL; + z0 = t0 & UINT32_C(0x3FFFFFF); + z1 = z0 ^ UINT32_C(0x3D0); /* Fast return path should catch the majority of cases */ - if ((z0 != 0UL) & (z1 != 0x3FFFFFFUL)) { + if ((z0 != UINT32_C(0)) & (z1 != UINT32_C(0x3FFFFFF))) { return 0; } @@ -242,24 +242,24 @@ static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { t7 = r->n[7]; t8 = r->n[8]; - t9 &= 0x03FFFFFUL; + t9 &= UINT32_C(0x03FFFFF); t1 += (x << 6); t1 += (t0 >> 26); - t2 += (t1 >> 26); t1 &= 0x3FFFFFFUL; z0 |= t1; z1 &= t1 ^ 0x40UL; - t3 += (t2 >> 26); t2 &= 0x3FFFFFFUL; z0 |= t2; z1 &= t2; - t4 += (t3 >> 26); t3 &= 0x3FFFFFFUL; z0 |= t3; z1 &= t3; - t5 += (t4 >> 26); t4 &= 0x3FFFFFFUL; z0 |= t4; z1 &= t4; - t6 += (t5 >> 26); t5 &= 0x3FFFFFFUL; z0 |= t5; z1 &= t5; - t7 += (t6 >> 26); t6 &= 0x3FFFFFFUL; z0 |= t6; z1 &= t6; - t8 += (t7 >> 26); t7 &= 0x3FFFFFFUL; z0 |= t7; z1 &= t7; - t9 += (t8 >> 26); t8 &= 0x3FFFFFFUL; z0 |= t8; z1 &= t8; - z0 |= t9; z1 &= t9 ^ 0x3C00000UL; + t2 += (t1 >> 26); t1 &= UINT32_C(0x3FFFFFF); z0 |= t1; z1 &= t1 ^ UINT32_C(0x40); + t3 += (t2 >> 26); t2 &= UINT32_C(0x3FFFFFF); z0 |= t2; z1 &= t2; + t4 += (t3 >> 26); t3 &= UINT32_C(0x3FFFFFF); z0 |= t3; z1 &= t3; + t5 += (t4 >> 26); t4 &= UINT32_C(0x3FFFFFF); z0 |= t4; z1 &= t4; + t6 += (t5 >> 26); t5 &= UINT32_C(0x3FFFFFF); z0 |= t5; z1 &= t5; + t7 += (t6 >> 26); t6 &= UINT32_C(0x3FFFFFF); z0 |= t6; z1 &= t6; + t8 += (t7 >> 26); t7 &= UINT32_C(0x3FFFFFF); z0 |= t7; z1 &= t7; + t9 += (t8 >> 26); t8 &= UINT32_C(0x3FFFFFF); z0 |= t8; z1 &= t8; + z0 |= t9; z1 &= t9 ^ UINT32_C(0x3C00000); /* ... except for a possible carry at bit 22 of t9 (i.e. bit 256 of the field element) */ VERIFY_CHECK(t9 >> 23 == 0); - return (z0 == 0) | (z1 == 0x3FFFFFFUL); + return (z0 == 0) | (z1 == UINT32_C(0x3FFFFFF)); } SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { @@ -332,7 +332,7 @@ static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a) { r->n[8] = (uint32_t)a[5] | ((uint32_t)a[4] << 8) | ((uint32_t)a[3] << 16) | ((uint32_t)(a[2] & 0x3) << 24); r->n[9] = (uint32_t)((a[2] >> 2) & 0x3f) | ((uint32_t)a[1] << 6) | ((uint32_t)a[0] << 14); - ret = !((r->n[9] == 0x3FFFFFUL) & ((r->n[8] & r->n[7] & r->n[6] & r->n[5] & r->n[4] & r->n[3] & r->n[2]) == 0x3FFFFFFUL) & ((r->n[1] + 0x40UL + ((r->n[0] + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); + ret = !((r->n[9] == UINT32_C(0x3FFFFF)) & ((r->n[8] & r->n[7] & r->n[6] & r->n[5] & r->n[4] & r->n[3] & r->n[2]) == UINT32_C(0x3FFFFFF)) & ((r->n[1] + UINT32_C(0x40) + ((r->n[0] + UINT32_C(0x3D1)) >> 26)) > UINT32_C(0x3FFFFFF))); #ifdef VERIFY r->magnitude = 1; if (ret) { @@ -390,16 +390,16 @@ SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k VERIFY_CHECK(a->magnitude <= m); secp256k1_fe_verify(a); #endif - r->n[0] = 0x3FFFC2FUL * 2 * (m + 1) - a->n[0]; - r->n[1] = 0x3FFFFBFUL * 2 * (m + 1) - a->n[1]; - r->n[2] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[2]; - r->n[3] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[3]; - r->n[4] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[4]; - r->n[5] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[5]; - r->n[6] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[6]; - r->n[7] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[7]; - r->n[8] = 0x3FFFFFFUL * 2 * (m + 1) - a->n[8]; - r->n[9] = 0x03FFFFFUL * 2 * (m + 1) - a->n[9]; + r->n[0] = UINT32_C(0x3FFFC2F) * 2 * (m + 1) - a->n[0]; + r->n[1] = UINT32_C(0x3FFFFBF) * 2 * (m + 1) - a->n[1]; + r->n[2] = UINT32_C(0x3FFFFFF) * 2 * (m + 1) - a->n[2]; + r->n[3] = UINT32_C(0x3FFFFFF) * 2 * (m + 1) - a->n[3]; + r->n[4] = UINT32_C(0x3FFFFFF) * 2 * (m + 1) - a->n[4]; + r->n[5] = UINT32_C(0x3FFFFFF) * 2 * (m + 1) - a->n[5]; + r->n[6] = UINT32_C(0x3FFFFFF) * 2 * (m + 1) - a->n[6]; + r->n[7] = UINT32_C(0x3FFFFFF) * 2 * (m + 1) - a->n[7]; + r->n[8] = UINT32_C(0x3FFFFFF) * 2 * (m + 1) - a->n[8]; + r->n[9] = UINT32_C(0x03FFFFF) * 2 * (m + 1) - a->n[9]; #ifdef VERIFY r->magnitude = m + 1; r->normalized = 0; @@ -464,7 +464,7 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t uint64_t c, d; uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; uint32_t t9, t1, t0, t2, t3, t4, t5, t6, t7; - const uint32_t M = 0x3FFFFFFUL, R0 = 0x3D10UL, R1 = 0x400UL; + const uint32_t M = UINT32_C(0x3FFFFFF), R0 = UINT32_C(0x3D10), R1 = UINT32_C(0x400); VERIFY_BITS(a[0], 30); VERIFY_BITS(a[1], 30); @@ -694,7 +694,7 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t + (uint64_t)a[6] * b[1] + (uint64_t)a[7] * b[0]; /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x8000007C00000007ULL); + VERIFY_CHECK(c <= UINT64_C(0x8000007C00000007)); /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ d += (uint64_t)a[8] * b[9] + (uint64_t)a[9] * b[8]; @@ -704,7 +704,7 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t VERIFY_BITS(u7, 26); VERIFY_BITS(d, 32); /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x800001703FFFC2F7ULL); + VERIFY_CHECK(c <= UINT64_C(0x800001703FFFC2F7)); /* [d u7 0 0 0 0 0 0 0 t9 0 c-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ t7 = c & M; c >>= 26; c += u7 * R1; VERIFY_BITS(t7, 26); @@ -722,7 +722,7 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t + (uint64_t)a[7] * b[1] + (uint64_t)a[8] * b[0]; /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x9000007B80000008ULL); + VERIFY_CHECK(c <= UINT64_C(0x9000007B80000008)); /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ d += (uint64_t)a[9] * b[9]; VERIFY_BITS(d, 57); @@ -731,7 +731,7 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t VERIFY_BITS(u8, 26); VERIFY_BITS(d, 31); /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x9000016FBFFFC2F8ULL); + VERIFY_CHECK(c <= UINT64_C(0x9000016FBFFFC2F8)); /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ r[3] = t3; @@ -774,13 +774,13 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1+d r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ d += c * (R1 >> 4) + t1; VERIFY_BITS(d, 53); - VERIFY_CHECK(d <= 0x10000003FFFFBFULL); + VERIFY_CHECK(d <= UINT64_C(0x10000003FFFFBF)); /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 d-c*R1>>4 r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ /* [r9 r8 r7 r6 r5 r4 r3 t2 d r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ r[1] = d & M; d >>= 26; VERIFY_BITS(r[1], 26); VERIFY_BITS(d, 27); - VERIFY_CHECK(d <= 0x4000000ULL); + VERIFY_CHECK(d <= UINT64_C(0x4000000)); /* [r9 r8 r7 r6 r5 r4 r3 t2+d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ d += t2; VERIFY_BITS(d, 27); @@ -794,7 +794,7 @@ SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t uint64_t c, d; uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; uint32_t t9, t0, t1, t2, t3, t4, t5, t6, t7; - const uint32_t M = 0x3FFFFFFUL, R0 = 0x3D10UL, R1 = 0x400UL; + const uint32_t M = UINT32_C(0x3FFFFFF), R0 = UINT32_C(0x3D10), R1 = UINT32_C(0x400); VERIFY_BITS(a[0], 30); VERIFY_BITS(a[1], 30); @@ -973,7 +973,7 @@ SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t + (uint64_t)(a[2]*2) * a[5] + (uint64_t)(a[3]*2) * a[4]; /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x8000007C00000007ULL); + VERIFY_CHECK(c <= UINT64_C(0x8000007C00000007)); /* [d 0 0 0 0 0 0 0 t9 0 c t6 t5 t4 t3 t2 t1 t0] = [p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ d += (uint64_t)(a[8]*2) * a[9]; VERIFY_BITS(d, 58); @@ -982,7 +982,7 @@ SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t VERIFY_BITS(u7, 26); VERIFY_BITS(d, 32); /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x800001703FFFC2F7ULL); + VERIFY_CHECK(c <= UINT64_C(0x800001703FFFC2F7)); /* [d u7 0 0 0 0 0 0 0 t9 0 c-u7*R0 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 0 p7 p6 p5 p4 p3 p2 p1 p0] */ t7 = c & M; c >>= 26; c += u7 * R1; VERIFY_BITS(t7, 26); @@ -996,7 +996,7 @@ SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t + (uint64_t)(a[3]*2) * a[5] + (uint64_t)a[4] * a[4]; /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x9000007B80000008ULL); + VERIFY_CHECK(c <= UINT64_C(0x9000007B80000008)); /* [d 0 0 0 0 0 0 0 0 t9 c t7 t6 t5 t4 t3 t2 t1 t0] = [p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ d += (uint64_t)a[9] * a[9]; VERIFY_BITS(d, 57); @@ -1005,7 +1005,7 @@ SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t VERIFY_BITS(u8, 26); VERIFY_BITS(d, 31); /* VERIFY_BITS(c, 64); */ - VERIFY_CHECK(c <= 0x9000016FBFFFC2F8ULL); + VERIFY_CHECK(c <= UINT64_C(0x9000016FBFFFC2F8)); /* [d u8 0 0 0 0 0 0 0 0 t9 c-u8*R0 t7 t6 t5 t4 t3 t2 t1 t0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ r[3] = t3; @@ -1048,13 +1048,13 @@ SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 t1+d r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ d += c * (R1 >> 4) + t1; VERIFY_BITS(d, 53); - VERIFY_CHECK(d <= 0x10000003FFFFBFULL); + VERIFY_CHECK(d <= UINT64_C(0x10000003FFFFBF)); /* [r9+(c<<22) r8 r7 r6 r5 r4 r3 t2 d-c*R1>>4 r0-c*R0>>4] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ /* [r9 r8 r7 r6 r5 r4 r3 t2 d r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ r[1] = d & M; d >>= 26; VERIFY_BITS(r[1], 26); VERIFY_BITS(d, 27); - VERIFY_CHECK(d <= 0x4000000ULL); + VERIFY_CHECK(d <= UINT64_C(0x4000000)); /* [r9 r8 r7 r6 r5 r4 r3 t2+d r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ d += t2; VERIFY_BITS(d, 27); @@ -1146,15 +1146,15 @@ static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe } static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { - r->n[0] = a->n[0] & 0x3FFFFFFUL; - r->n[1] = a->n[0] >> 26 | ((a->n[1] << 6) & 0x3FFFFFFUL); - r->n[2] = a->n[1] >> 20 | ((a->n[2] << 12) & 0x3FFFFFFUL); - r->n[3] = a->n[2] >> 14 | ((a->n[3] << 18) & 0x3FFFFFFUL); - r->n[4] = a->n[3] >> 8 | ((a->n[4] << 24) & 0x3FFFFFFUL); - r->n[5] = (a->n[4] >> 2) & 0x3FFFFFFUL; - r->n[6] = a->n[4] >> 28 | ((a->n[5] << 4) & 0x3FFFFFFUL); - r->n[7] = a->n[5] >> 22 | ((a->n[6] << 10) & 0x3FFFFFFUL); - r->n[8] = a->n[6] >> 16 | ((a->n[7] << 16) & 0x3FFFFFFUL); + r->n[0] = a->n[0] & UINT32_C(0x3FFFFFF); + r->n[1] = a->n[0] >> 26 | ((a->n[1] << 6) & UINT32_C(0x3FFFFFF)); + r->n[2] = a->n[1] >> 20 | ((a->n[2] << 12) & UINT32_C(0x3FFFFFF)); + r->n[3] = a->n[2] >> 14 | ((a->n[3] << 18) & UINT32_C(0x3FFFFFF)); + r->n[4] = a->n[3] >> 8 | ((a->n[4] << 24) & UINT32_C(0x3FFFFFF)); + r->n[5] = (a->n[4] >> 2) & UINT32_C(0x3FFFFFF); + r->n[6] = a->n[4] >> 28 | ((a->n[5] << 4) & UINT32_C(0x3FFFFFF)); + r->n[7] = a->n[5] >> 22 | ((a->n[6] << 10) & UINT32_C(0x3FFFFFF)); + r->n[8] = a->n[6] >> 16 | ((a->n[7] << 16) & UINT32_C(0x3FFFFFF)); r->n[9] = a->n[7] >> 10; #ifdef VERIFY r->magnitude = 1; diff --git a/src/field_5x52.h b/src/field_5x52.h index fc5bfe357e..8dc3068c74 100644 --- a/src/field_5x52.h +++ b/src/field_5x52.h @@ -22,10 +22,10 @@ typedef struct { /* Unpacks a constant into a overlapping multi-limbed FE element. */ #define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ - (d0) | (((uint64_t)(d1) & 0xFFFFFUL) << 32), \ - ((uint64_t)(d1) >> 20) | (((uint64_t)(d2)) << 12) | (((uint64_t)(d3) & 0xFFUL) << 44), \ - ((uint64_t)(d3) >> 8) | (((uint64_t)(d4) & 0xFFFFFFFUL) << 24), \ - ((uint64_t)(d4) >> 28) | (((uint64_t)(d5)) << 4) | (((uint64_t)(d6) & 0xFFFFUL) << 36), \ + (d0) | (((uint64_t)(d1) & UINT32_C(0xFFFFF)) << 32), \ + ((uint64_t)(d1) >> 20) | (((uint64_t)(d2)) << 12) | (((uint64_t)(d3) & UINT32_C(0xFF)) << 44), \ + ((uint64_t)(d3) >> 8) | (((uint64_t)(d4) & UINT32_C(0xFFFFFFF)) << 24), \ + ((uint64_t)(d4) >> 28) | (((uint64_t)(d5)) << 4) | (((uint64_t)(d6) & UINT32_C(0xFFFF)) << 36), \ ((uint64_t)(d6) >> 16) | (((uint64_t)(d7)) << 16) \ } diff --git a/src/field_5x52_impl.h b/src/field_5x52_impl.h index 71aa550e41..023a431cec 100644 --- a/src/field_5x52_impl.h +++ b/src/field_5x52_impl.h @@ -33,17 +33,17 @@ static void secp256k1_fe_verify(const secp256k1_fe *a) { const uint64_t *d = a->n; int m = a->normalized ? 1 : 2 * a->magnitude, r = 1; /* secp256k1 'p' value defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ - r &= (d[0] <= 0xFFFFFFFFFFFFFULL * m); - r &= (d[1] <= 0xFFFFFFFFFFFFFULL * m); - r &= (d[2] <= 0xFFFFFFFFFFFFFULL * m); - r &= (d[3] <= 0xFFFFFFFFFFFFFULL * m); - r &= (d[4] <= 0x0FFFFFFFFFFFFULL * m); + r &= (d[0] <= UINT64_C(0xFFFFFFFFFFFFF) * m); + r &= (d[1] <= UINT64_C(0xFFFFFFFFFFFFF) * m); + r &= (d[2] <= UINT64_C(0xFFFFFFFFFFFFF) * m); + r &= (d[3] <= UINT64_C(0xFFFFFFFFFFFFF) * m); + r &= (d[4] <= UINT64_C(0x0FFFFFFFFFFFF) * m); r &= (a->magnitude >= 0); r &= (a->magnitude <= 2048); if (a->normalized) { r &= (a->magnitude <= 1); - if (r && (d[4] == 0x0FFFFFFFFFFFFULL) && ((d[3] & d[2] & d[1]) == 0xFFFFFFFFFFFFFULL)) { - r &= (d[0] < 0xFFFFEFFFFFC2FULL); + if (r && (d[4] == UINT64_C(0x0FFFFFFFFFFFF)) && ((d[3] & d[2] & d[1]) == UINT64_C(0xFFFFFFFFFFFFF))) { + r &= (d[0] < UINT64_C(0xFFFFEFFFFFC2F)); } } VERIFY_CHECK(r == 1); @@ -55,34 +55,34 @@ static void secp256k1_fe_normalize(secp256k1_fe *r) { /* Reduce t4 at the start so there will be at most a single carry from the first pass */ uint64_t m; - uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + uint64_t x = t4 >> 48; t4 &= UINT64_C(0x0FFFFFFFFFFFF); /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; m = t1; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; m &= t2; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; m &= t3; + t0 += x * UINT64_C(0x1000003D1); + t1 += (t0 >> 52); t0 &= UINT64_C(0xFFFFFFFFFFFFF); + t2 += (t1 >> 52); t1 &= UINT64_C(0xFFFFFFFFFFFFF); m = t1; + t3 += (t2 >> 52); t2 &= UINT64_C(0xFFFFFFFFFFFFF); m &= t2; + t4 += (t3 >> 52); t3 &= UINT64_C(0xFFFFFFFFFFFFF); m &= t3; /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ VERIFY_CHECK(t4 >> 49 == 0); /* At most a single final reduction is needed; check if the value is >= the field characteristic */ - x = (t4 >> 48) | ((t4 == 0x0FFFFFFFFFFFFULL) & (m == 0xFFFFFFFFFFFFFULL) - & (t0 >= 0xFFFFEFFFFFC2FULL)); + x = (t4 >> 48) | ((t4 == UINT64_C(0x0FFFFFFFFFFFF)) & (m == UINT64_C(0xFFFFFFFFFFFFF)) + & (t0 >= UINT64_C(0xFFFFEFFFFFC2F))); /* Apply the final reduction (for constant-time behaviour, we do it always) */ - t0 += x * 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; + t0 += x * UINT64_C(0x1000003D1); + t1 += (t0 >> 52); t0 &= UINT64_C(0xFFFFFFFFFFFFF); + t2 += (t1 >> 52); t1 &= UINT64_C(0xFFFFFFFFFFFFF); + t3 += (t2 >> 52); t2 &= UINT64_C(0xFFFFFFFFFFFFF); + t4 += (t3 >> 52); t3 &= UINT64_C(0xFFFFFFFFFFFFF); /* If t4 didn't carry to bit 48 already, then it should have after any final reduction */ VERIFY_CHECK(t4 >> 48 == x); /* Mask off the possible multiple of 2^256 from the final reduction */ - t4 &= 0x0FFFFFFFFFFFFULL; + t4 &= UINT64_C(0x0FFFFFFFFFFFF); r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; @@ -97,14 +97,14 @@ static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; /* Reduce t4 at the start so there will be at most a single carry from the first pass */ - uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + uint64_t x = t4 >> 48; t4 &= UINT64_C(0x0FFFFFFFFFFFF); /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; + t0 += x * UINT64_C(0x1000003D1); + t1 += (t0 >> 52); t0 &= UINT64_C(0xFFFFFFFFFFFFF); + t2 += (t1 >> 52); t1 &= UINT64_C(0xFFFFFFFFFFFFF); + t3 += (t2 >> 52); t2 &= UINT64_C(0xFFFFFFFFFFFFF); + t4 += (t3 >> 52); t3 &= UINT64_C(0xFFFFFFFFFFFFF); /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ VERIFY_CHECK(t4 >> 49 == 0); @@ -122,34 +122,34 @@ static void secp256k1_fe_normalize_var(secp256k1_fe *r) { /* Reduce t4 at the start so there will be at most a single carry from the first pass */ uint64_t m; - uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + uint64_t x = t4 >> 48; t4 &= UINT64_C(0x0FFFFFFFFFFFF); /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; m = t1; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; m &= t2; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; m &= t3; + t0 += x * UINT64_C(0x1000003D1); + t1 += (t0 >> 52); t0 &= UINT64_C(0xFFFFFFFFFFFFF); + t2 += (t1 >> 52); t1 &= UINT64_C(0xFFFFFFFFFFFFF); m = t1; + t3 += (t2 >> 52); t2 &= UINT64_C(0xFFFFFFFFFFFFF); m &= t2; + t4 += (t3 >> 52); t3 &= UINT64_C(0xFFFFFFFFFFFFF); m &= t3; /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ VERIFY_CHECK(t4 >> 49 == 0); /* At most a single final reduction is needed; check if the value is >= the field characteristic */ - x = (t4 >> 48) | ((t4 == 0x0FFFFFFFFFFFFULL) & (m == 0xFFFFFFFFFFFFFULL) - & (t0 >= 0xFFFFEFFFFFC2FULL)); + x = (t4 >> 48) | ((t4 == UINT64_C(0x0FFFFFFFFFFFF)) & (m == UINT64_C(0xFFFFFFFFFFFFF)) + & (t0 >= UINT64_C(0xFFFFEFFFFFC2F))); if (x) { - t0 += 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; + t0 += UINT64_C(0x1000003D1); + t1 += (t0 >> 52); t0 &= UINT64_C(0xFFFFFFFFFFFFF); + t2 += (t1 >> 52); t1 &= UINT64_C(0xFFFFFFFFFFFFF); + t3 += (t2 >> 52); t2 &= UINT64_C(0xFFFFFFFFFFFFF); + t4 += (t3 >> 52); t3 &= UINT64_C(0xFFFFFFFFFFFFF); /* If t4 didn't carry to bit 48 already, then it should have after any final reduction */ VERIFY_CHECK(t4 >> 48 == x); /* Mask off the possible multiple of 2^256 from the final reduction */ - t4 &= 0x0FFFFFFFFFFFFULL; + t4 &= UINT64_C(0x0FFFFFFFFFFFF); } r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; @@ -168,20 +168,20 @@ static int secp256k1_fe_normalizes_to_zero(secp256k1_fe *r) { uint64_t z0, z1; /* Reduce t4 at the start so there will be at most a single carry from the first pass */ - uint64_t x = t4 >> 48; t4 &= 0x0FFFFFFFFFFFFULL; + uint64_t x = t4 >> 48; t4 &= UINT64_C(0x0FFFFFFFFFFFF); /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x1000003D1ULL; - t1 += (t0 >> 52); t0 &= 0xFFFFFFFFFFFFFULL; z0 = t0; z1 = t0 ^ 0x1000003D0ULL; - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; z0 |= t1; z1 &= t1; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; z0 |= t2; z1 &= t2; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; z0 |= t3; z1 &= t3; - z0 |= t4; z1 &= t4 ^ 0xF000000000000ULL; + t0 += x * UINT64_C(0x1000003D1); + t1 += (t0 >> 52); t0 &= UINT64_C(0xFFFFFFFFFFFFF); z0 = t0; z1 = t0 ^ UINT64_C(0x1000003D0); + t2 += (t1 >> 52); t1 &= UINT64_C(0xFFFFFFFFFFFFF); z0 |= t1; z1 &= t1; + t3 += (t2 >> 52); t2 &= UINT64_C(0xFFFFFFFFFFFFF); z0 |= t2; z1 &= t2; + t4 += (t3 >> 52); t3 &= UINT64_C(0xFFFFFFFFFFFFF); z0 |= t3; z1 &= t3; + z0 |= t4; z1 &= t4 ^ UINT64_C(0xF000000000000); /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ VERIFY_CHECK(t4 >> 49 == 0); - return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); + return (z0 == 0) | (z1 == UINT64_C(0xFFFFFFFFFFFFF)); } static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { @@ -196,14 +196,14 @@ static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { x = t4 >> 48; /* The first pass ensures the magnitude is 1, ... */ - t0 += x * 0x1000003D1ULL; + t0 += x * UINT64_C(0x1000003D1); /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ - z0 = t0 & 0xFFFFFFFFFFFFFULL; - z1 = z0 ^ 0x1000003D0ULL; + z0 = t0 & UINT64_C(0xFFFFFFFFFFFFF); + z1 = z0 ^ UINT64_C(0x1000003D0); /* Fast return path should catch the majority of cases */ - if ((z0 != 0ULL) & (z1 != 0xFFFFFFFFFFFFFULL)) { + if ((z0 != UINT64_C(0)) & (z1 != UINT64_C(0xFFFFFFFFFFFFF))) { return 0; } @@ -211,18 +211,18 @@ static int secp256k1_fe_normalizes_to_zero_var(secp256k1_fe *r) { t2 = r->n[2]; t3 = r->n[3]; - t4 &= 0x0FFFFFFFFFFFFULL; + t4 &= UINT64_C(0x0FFFFFFFFFFFF); t1 += (t0 >> 52); - t2 += (t1 >> 52); t1 &= 0xFFFFFFFFFFFFFULL; z0 |= t1; z1 &= t1; - t3 += (t2 >> 52); t2 &= 0xFFFFFFFFFFFFFULL; z0 |= t2; z1 &= t2; - t4 += (t3 >> 52); t3 &= 0xFFFFFFFFFFFFFULL; z0 |= t3; z1 &= t3; - z0 |= t4; z1 &= t4 ^ 0xF000000000000ULL; + t2 += (t1 >> 52); t1 &= UINT64_C(0xFFFFFFFFFFFFF); z0 |= t1; z1 &= t1; + t3 += (t2 >> 52); t2 &= UINT64_C(0xFFFFFFFFFFFFF); z0 |= t2; z1 &= t2; + t4 += (t3 >> 52); t3 &= UINT64_C(0xFFFFFFFFFFFFF); z0 |= t3; z1 &= t3; + z0 |= t4; z1 &= t4 ^ UINT64_C(0xF000000000000); /* ... except for a possible carry at bit 48 of t4 (i.e. bit 256 of the field element) */ VERIFY_CHECK(t4 >> 49 == 0); - return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); + return (z0 == 0) | (z1 == UINT64_C(0xFFFFFFFFFFFFF)); } SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { @@ -318,7 +318,7 @@ static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a) { | ((uint64_t)a[2] << 24) | ((uint64_t)a[1] << 32) | ((uint64_t)a[0] << 40); - ret = !((r->n[4] == 0x0FFFFFFFFFFFFULL) & ((r->n[3] & r->n[2] & r->n[1]) == 0xFFFFFFFFFFFFFULL) & (r->n[0] >= 0xFFFFEFFFFFC2FULL)); + ret = !((r->n[4] == UINT64_C(0x0FFFFFFFFFFFF)) & ((r->n[3] & r->n[2] & r->n[1]) == UINT64_C(0xFFFFFFFFFFFFF)) & (r->n[0] >= UINT64_C(0xFFFFEFFFFFC2F))); #ifdef VERIFY r->magnitude = 1; if (ret) { @@ -376,11 +376,11 @@ SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k VERIFY_CHECK(a->magnitude <= m); secp256k1_fe_verify(a); #endif - r->n[0] = 0xFFFFEFFFFFC2FULL * 2 * (m + 1) - a->n[0]; - r->n[1] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[1]; - r->n[2] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[2]; - r->n[3] = 0xFFFFFFFFFFFFFULL * 2 * (m + 1) - a->n[3]; - r->n[4] = 0x0FFFFFFFFFFFFULL * 2 * (m + 1) - a->n[4]; + r->n[0] = UINT64_C(0xFFFFEFFFFFC2F) * 2 * (m + 1) - a->n[0]; + r->n[1] = UINT64_C(0xFFFFFFFFFFFFF) * 2 * (m + 1) - a->n[1]; + r->n[2] = UINT64_C(0xFFFFFFFFFFFFF) * 2 * (m + 1) - a->n[2]; + r->n[3] = UINT64_C(0xFFFFFFFFFFFFF) * 2 * (m + 1) - a->n[3]; + r->n[4] = UINT64_C(0x0FFFFFFFFFFFF) * 2 * (m + 1) - a->n[4]; #ifdef VERIFY r->magnitude = m + 1; r->normalized = 0; @@ -485,10 +485,10 @@ static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe } static SECP256K1_INLINE void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { - r->n[0] = a->n[0] & 0xFFFFFFFFFFFFFULL; - r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & 0xFFFFFFFFFFFFFULL); - r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & 0xFFFFFFFFFFFFFULL); - r->n[3] = a->n[2] >> 28 | ((a->n[3] << 36) & 0xFFFFFFFFFFFFFULL); + r->n[0] = a->n[0] & UINT64_C(0xFFFFFFFFFFFFF); + r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & UINT64_C(0xFFFFFFFFFFFFF)); + r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & UINT64_C(0xFFFFFFFFFFFFF)); + r->n[3] = a->n[2] >> 28 | ((a->n[3] << 36) & UINT64_C(0xFFFFFFFFFFFFF)); r->n[4] = a->n[3] >> 16; #ifdef VERIFY r->magnitude = 1; diff --git a/src/field_5x52_int128_impl.h b/src/field_5x52_int128_impl.h index bcbfb92ac2..5e5615a7e1 100644 --- a/src/field_5x52_int128_impl.h +++ b/src/field_5x52_int128_impl.h @@ -19,7 +19,7 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t uint128_t c, d; uint64_t t3, t4, tx, u0; uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; - const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL; + const uint64_t M = UINT64_C(0xFFFFFFFFFFFFF), R = UINT64_C(0x1000003D10); VERIFY_BITS(a[0], 56); VERIFY_BITS(a[1], 56); @@ -158,7 +158,7 @@ SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t uint128_t c, d; uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; int64_t t3, t4, tx, u0; - const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL; + const uint64_t M = UINT64_C(0xFFFFFFFFFFFFF), R = UINT64_C(0x1000003D10); VERIFY_BITS(a[0], 56); VERIFY_BITS(a[1], 56); diff --git a/src/field_impl.h b/src/field_impl.h index 485921a60e..67efd6c218 100644 --- a/src/field_impl.h +++ b/src/field_impl.h @@ -232,8 +232,8 @@ static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a) { #elif defined(USE_FIELD_INV_NUM) secp256k1_num n, m; static const secp256k1_fe negone = SECP256K1_FE_CONST( - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0xFFFFFC2EUL + UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), + UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFE), UINT32_C(0xFFFFFC2E) ); /* secp256k1 field prime, value p defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ static const unsigned char prime[32] = { diff --git a/src/group_impl.h b/src/group_impl.h index 43b039becf..2725598b3d 100644 --- a/src/group_impl.h +++ b/src/group_impl.h @@ -62,10 +62,10 @@ static const int CURVE_B = 2; * "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_GE_CONST( - 0x79BE667EUL, 0xF9DCBBACUL, 0x55A06295UL, 0xCE870B07UL, - 0x029BFCDBUL, 0x2DCE28D9UL, 0x59F2815BUL, 0x16F81798UL, - 0x483ADA77UL, 0x26A3C465UL, 0x5DA4FBFCUL, 0x0E1108A8UL, - 0xFD17B448UL, 0xA6855419UL, 0x9C47D08FUL, 0xFB10D4B8UL + UINT32_C(0x79BE667E), UINT32_C(0xF9DCBBAC), UINT32_C(0x55A06295), UINT32_C(0xCE870B07), + UINT32_C(0x029BFCDB), UINT32_C(0x2DCE28D9), UINT32_C(0x59F2815B), UINT32_C(0x16F81798), + UINT32_C(0x483ADA77), UINT32_C(0x26A3C465), UINT32_C(0x5DA4FBFC), UINT32_C(0x0E1108A8), + UINT32_C(0xFD17B448), UINT32_C(0xA6855419), UINT32_C(0x9C47D08F), UINT32_C(0xFB10D4B8) ); static const int CURVE_B = 7; @@ -683,8 +683,8 @@ static SECP256K1_INLINE void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, #ifdef USE_ENDOMORPHISM static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a) { static const secp256k1_fe beta = SECP256K1_FE_CONST( - 0x7ae96a2bul, 0x657c0710ul, 0x6e64479eul, 0xac3434e9ul, - 0x9cf04975ul, 0x12f58995ul, 0xc1396c28ul, 0x719501eeul + UINT32_C(0x7ae96a2b), UINT32_C(0x657c0710), UINT32_C(0x6e64479e), UINT32_C(0xac3434e9), + UINT32_C(0x9cf04975), UINT32_C(0x12f58995), UINT32_C(0xc1396c28), UINT32_C(0x719501ee) ); *r = *a; secp256k1_fe_mul(&r->x, &r->x, &beta); diff --git a/src/hash_impl.h b/src/hash_impl.h index 782f97216c..eea141fbac 100644 --- a/src/hash_impl.h +++ b/src/hash_impl.h @@ -34,14 +34,14 @@ #endif static void secp256k1_sha256_initialize(secp256k1_sha256 *hash) { - hash->s[0] = 0x6a09e667ul; - hash->s[1] = 0xbb67ae85ul; - hash->s[2] = 0x3c6ef372ul; - hash->s[3] = 0xa54ff53aul; - hash->s[4] = 0x510e527ful; - hash->s[5] = 0x9b05688cul; - hash->s[6] = 0x1f83d9abul; - hash->s[7] = 0x5be0cd19ul; + hash->s[0] = UINT32_C(0x6a09e667); + hash->s[1] = UINT32_C(0xbb67ae85); + hash->s[2] = UINT32_C(0x3c6ef372); + hash->s[3] = UINT32_C(0xa54ff53a); + hash->s[4] = UINT32_C(0x510e527f); + hash->s[5] = UINT32_C(0x9b05688c); + hash->s[6] = UINT32_C(0x1f83d9ab); + hash->s[7] = UINT32_C(0x5be0cd19); hash->bytes = 0; } diff --git a/src/scalar_4x64_impl.h b/src/scalar_4x64_impl.h index 2d81006c00..40f3045108 100644 --- a/src/scalar_4x64_impl.h +++ b/src/scalar_4x64_impl.h @@ -8,10 +8,10 @@ #define SECP256K1_SCALAR_REPR_IMPL_H /* Limbs of the secp256k1 order. */ -#define SECP256K1_N_0 ((uint64_t)0xBFD25E8CD0364141ULL) -#define SECP256K1_N_1 ((uint64_t)0xBAAEDCE6AF48A03BULL) -#define SECP256K1_N_2 ((uint64_t)0xFFFFFFFFFFFFFFFEULL) -#define SECP256K1_N_3 ((uint64_t)0xFFFFFFFFFFFFFFFFULL) +#define SECP256K1_N_0 ((uint64_t)UINT64_C(0xBFD25E8CD0364141)) +#define SECP256K1_N_1 ((uint64_t)UINT64_C(0xBAAEDCE6AF48A03B)) +#define SECP256K1_N_2 ((uint64_t)UINT64_C(0xFFFFFFFFFFFFFFFE)) +#define SECP256K1_N_3 ((uint64_t)UINT64_C(0xFFFFFFFFFFFFFFFF)) /* Limbs of 2^256 minus the secp256k1 order. */ #define SECP256K1_N_C_0 (~SECP256K1_N_0 + 1) @@ -19,10 +19,10 @@ #define SECP256K1_N_C_2 (1) /* Limbs of half the secp256k1 order. */ -#define SECP256K1_N_H_0 ((uint64_t)0xDFE92F46681B20A0ULL) -#define SECP256K1_N_H_1 ((uint64_t)0x5D576E7357A4501DULL) -#define SECP256K1_N_H_2 ((uint64_t)0xFFFFFFFFFFFFFFFFULL) -#define SECP256K1_N_H_3 ((uint64_t)0x7FFFFFFFFFFFFFFFULL) +#define SECP256K1_N_H_0 ((uint64_t)UINT64_C(0xDFE92F46681B20A0)) +#define SECP256K1_N_H_1 ((uint64_t)UINT64_C(0x5D576E7357A4501D)) +#define SECP256K1_N_H_2 ((uint64_t)UINT64_C(0xFFFFFFFFFFFFFFFF)) +#define SECP256K1_N_H_3 ((uint64_t)UINT64_C(0x7FFFFFFFFFFFFFFF)) SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { r->d[0] = 0; @@ -70,26 +70,26 @@ SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, unsigne uint128_t t; VERIFY_CHECK(overflow <= 1); t = (uint128_t)r->d[0] + overflow * SECP256K1_N_C_0; - r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + r->d[0] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); t >>= 64; t += (uint128_t)r->d[1] + overflow * SECP256K1_N_C_1; - r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + r->d[1] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); t >>= 64; t += (uint128_t)r->d[2] + overflow * SECP256K1_N_C_2; - r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + r->d[2] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); t >>= 64; t += (uint64_t)r->d[3]; - r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; + r->d[3] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); return overflow; } static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { int overflow; uint128_t t = (uint128_t)a->d[0] + b->d[0]; - r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + r->d[0] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); t >>= 64; t += (uint128_t)a->d[1] + b->d[1]; - r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + r->d[1] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); t >>= 64; t += (uint128_t)a->d[2] + b->d[2]; - r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + r->d[2] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); t >>= 64; t += (uint128_t)a->d[3] + b->d[3]; - r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + r->d[3] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); t >>= 64; overflow = t + secp256k1_scalar_check_overflow(r); VERIFY_CHECK(overflow == 0 || overflow == 1); secp256k1_scalar_reduce(r, overflow); @@ -101,13 +101,13 @@ static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int VERIFY_CHECK(bit < 256); bit += ((uint32_t) flag - 1) & 0x100; /* forcing (bit >> 6) > 3 makes this a noop */ t = (uint128_t)r->d[0] + (((uint64_t)((bit >> 6) == 0)) << (bit & 0x3F)); - r->d[0] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + r->d[0] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); t >>= 64; t += (uint128_t)r->d[1] + (((uint64_t)((bit >> 6) == 1)) << (bit & 0x3F)); - r->d[1] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + r->d[1] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); t >>= 64; t += (uint128_t)r->d[2] + (((uint64_t)((bit >> 6) == 2)) << (bit & 0x3F)); - r->d[2] = t & 0xFFFFFFFFFFFFFFFFULL; t >>= 64; + r->d[2] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); t >>= 64; t += (uint128_t)r->d[3] + (((uint64_t)((bit >> 6) == 3)) << (bit & 0x3F)); - r->d[3] = t & 0xFFFFFFFFFFFFFFFFULL; + r->d[3] = t & UINT64_C(0xFFFFFFFFFFFFFFFF); #ifdef VERIFY VERIFY_CHECK((t >> 64) == 0); VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); @@ -138,7 +138,7 @@ SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) } static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { - uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (secp256k1_scalar_is_zero(a) == 0); + uint64_t nonzero = UINT64_C(0xFFFFFFFFFFFFFFFF) * (secp256k1_scalar_is_zero(a) == 0); uint128_t t = (uint128_t)(~a->d[0]) + SECP256K1_N_0 + 1; r->d[0] = t & nonzero; t >>= 64; t += (uint128_t)(~a->d[1]) + SECP256K1_N_1; @@ -563,13 +563,13 @@ static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint64_t *l) /* Reduce 258 bits into 256. */ /* r[0..3] = p[0..3] + p[4] * SECP256K1_N_C. */ c = p0 + (uint128_t)SECP256K1_N_C_0 * p4; - r->d[0] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; + r->d[0] = c & UINT64_C(0xFFFFFFFFFFFFFFFF); c >>= 64; c += p1 + (uint128_t)SECP256K1_N_C_1 * p4; - r->d[1] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; + r->d[1] = c & UINT64_C(0xFFFFFFFFFFFFFFFF); c >>= 64; c += p2 + (uint128_t)p4; - r->d[2] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; + r->d[2] = c & UINT64_C(0xFFFFFFFFFFFFFFFF); c >>= 64; c += p3; - r->d[3] = c & 0xFFFFFFFFFFFFFFFFULL; c >>= 64; + r->d[3] = c & UINT64_C(0xFFFFFFFFFFFFFFFF); c >>= 64; #endif /* Final reduction of r. */ diff --git a/src/scalar_8x32_impl.h b/src/scalar_8x32_impl.h index f5042891f3..be8ee6a17d 100644 --- a/src/scalar_8x32_impl.h +++ b/src/scalar_8x32_impl.h @@ -8,14 +8,14 @@ #define SECP256K1_SCALAR_REPR_IMPL_H /* Limbs of the secp256k1 order. */ -#define SECP256K1_N_0 ((uint32_t)0xD0364141UL) -#define SECP256K1_N_1 ((uint32_t)0xBFD25E8CUL) -#define SECP256K1_N_2 ((uint32_t)0xAF48A03BUL) -#define SECP256K1_N_3 ((uint32_t)0xBAAEDCE6UL) -#define SECP256K1_N_4 ((uint32_t)0xFFFFFFFEUL) -#define SECP256K1_N_5 ((uint32_t)0xFFFFFFFFUL) -#define SECP256K1_N_6 ((uint32_t)0xFFFFFFFFUL) -#define SECP256K1_N_7 ((uint32_t)0xFFFFFFFFUL) +#define SECP256K1_N_0 ((uint32_t)UINT32_C(0xD0364141)) +#define SECP256K1_N_1 ((uint32_t)UINT32_C(0xBFD25E8C)) +#define SECP256K1_N_2 ((uint32_t)UINT32_C(0xAF48A03B)) +#define SECP256K1_N_3 ((uint32_t)UINT32_C(0xBAAEDCE6)) +#define SECP256K1_N_4 ((uint32_t)UINT32_C(0xFFFFFFFE)) +#define SECP256K1_N_5 ((uint32_t)UINT32_C(0xFFFFFFFF)) +#define SECP256K1_N_6 ((uint32_t)UINT32_C(0xFFFFFFFF)) +#define SECP256K1_N_7 ((uint32_t)UINT32_C(0xFFFFFFFF)) /* Limbs of 2^256 minus the secp256k1 order. */ #define SECP256K1_N_C_0 (~SECP256K1_N_0 + 1) @@ -25,14 +25,14 @@ #define SECP256K1_N_C_4 (1) /* Limbs of half the secp256k1 order. */ -#define SECP256K1_N_H_0 ((uint32_t)0x681B20A0UL) -#define SECP256K1_N_H_1 ((uint32_t)0xDFE92F46UL) -#define SECP256K1_N_H_2 ((uint32_t)0x57A4501DUL) -#define SECP256K1_N_H_3 ((uint32_t)0x5D576E73UL) -#define SECP256K1_N_H_4 ((uint32_t)0xFFFFFFFFUL) -#define SECP256K1_N_H_5 ((uint32_t)0xFFFFFFFFUL) -#define SECP256K1_N_H_6 ((uint32_t)0xFFFFFFFFUL) -#define SECP256K1_N_H_7 ((uint32_t)0x7FFFFFFFUL) +#define SECP256K1_N_H_0 ((uint32_t)UINT32_C(0x681B20A0)) +#define SECP256K1_N_H_1 ((uint32_t)UINT32_C(0xDFE92F46)) +#define SECP256K1_N_H_2 ((uint32_t)UINT32_C(0x57A4501D)) +#define SECP256K1_N_H_3 ((uint32_t)UINT32_C(0x5D576E73)) +#define SECP256K1_N_H_4 ((uint32_t)UINT32_C(0xFFFFFFFF)) +#define SECP256K1_N_H_5 ((uint32_t)UINT32_C(0xFFFFFFFF)) +#define SECP256K1_N_H_6 ((uint32_t)UINT32_C(0xFFFFFFFF)) +#define SECP256K1_N_H_7 ((uint32_t)UINT32_C(0x7FFFFFFF)) SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { r->d[0] = 0; @@ -94,42 +94,42 @@ SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, uint32_ uint64_t t; VERIFY_CHECK(overflow <= 1); t = (uint64_t)r->d[0] + overflow * SECP256K1_N_C_0; - r->d[0] = t & 0xFFFFFFFFUL; t >>= 32; + r->d[0] = t & UINT32_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[1] + overflow * SECP256K1_N_C_1; - r->d[1] = t & 0xFFFFFFFFUL; t >>= 32; + r->d[1] = t & UINT32_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[2] + overflow * SECP256K1_N_C_2; - r->d[2] = t & 0xFFFFFFFFUL; t >>= 32; + r->d[2] = t & UINT32_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[3] + overflow * SECP256K1_N_C_3; - r->d[3] = t & 0xFFFFFFFFUL; t >>= 32; + r->d[3] = t & UINT32_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[4] + overflow * SECP256K1_N_C_4; - r->d[4] = t & 0xFFFFFFFFUL; t >>= 32; + r->d[4] = t & UINT32_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[5]; - r->d[5] = t & 0xFFFFFFFFUL; t >>= 32; + r->d[5] = t & UINT32_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[6]; - r->d[6] = t & 0xFFFFFFFFUL; t >>= 32; + r->d[6] = t & UINT32_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[7]; - r->d[7] = t & 0xFFFFFFFFUL; + r->d[7] = t & UINT32_C(0xFFFFFFFF); return overflow; } static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { int overflow; uint64_t t = (uint64_t)a->d[0] + b->d[0]; - r->d[0] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[0] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)a->d[1] + b->d[1]; - r->d[1] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[1] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)a->d[2] + b->d[2]; - r->d[2] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[2] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)a->d[3] + b->d[3]; - r->d[3] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[3] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)a->d[4] + b->d[4]; - r->d[4] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[4] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)a->d[5] + b->d[5]; - r->d[5] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[5] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)a->d[6] + b->d[6]; - r->d[6] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[6] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)a->d[7] + b->d[7]; - r->d[7] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[7] = t & UINT64_C(0xFFFFFFFF); t >>= 32; overflow = t + secp256k1_scalar_check_overflow(r); VERIFY_CHECK(overflow == 0 || overflow == 1); secp256k1_scalar_reduce(r, overflow); @@ -141,21 +141,21 @@ static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int VERIFY_CHECK(bit < 256); bit += ((uint32_t) flag - 1) & 0x100; /* forcing (bit >> 5) > 7 makes this a noop */ t = (uint64_t)r->d[0] + (((uint32_t)((bit >> 5) == 0)) << (bit & 0x1F)); - r->d[0] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[0] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[1] + (((uint32_t)((bit >> 5) == 1)) << (bit & 0x1F)); - r->d[1] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[1] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[2] + (((uint32_t)((bit >> 5) == 2)) << (bit & 0x1F)); - r->d[2] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[2] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[3] + (((uint32_t)((bit >> 5) == 3)) << (bit & 0x1F)); - r->d[3] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[3] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[4] + (((uint32_t)((bit >> 5) == 4)) << (bit & 0x1F)); - r->d[4] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[4] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[5] + (((uint32_t)((bit >> 5) == 5)) << (bit & 0x1F)); - r->d[5] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[5] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[6] + (((uint32_t)((bit >> 5) == 6)) << (bit & 0x1F)); - r->d[6] = t & 0xFFFFFFFFULL; t >>= 32; + r->d[6] = t & UINT64_C(0xFFFFFFFF); t >>= 32; t += (uint64_t)r->d[7] + (((uint32_t)((bit >> 5) == 7)) << (bit & 0x1F)); - r->d[7] = t & 0xFFFFFFFFULL; + r->d[7] = t & UINT64_C(0xFFFFFFFF); #ifdef VERIFY VERIFY_CHECK((t >> 32) == 0); VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); @@ -194,7 +194,7 @@ SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) } static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { - uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(a) == 0); + uint32_t nonzero = UINT32_C(0xFFFFFFFF) * (secp256k1_scalar_is_zero(a) == 0); uint64_t t = (uint64_t)(~a->d[0]) + SECP256K1_N_0 + 1; r->d[0] = t & nonzero; t >>= 32; t += (uint64_t)(~a->d[1]) + SECP256K1_N_1; @@ -239,7 +239,7 @@ static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { /* If we are flag = 0, mask = 00...00 and this is a no-op; * if we are flag = 1, mask = 11...11 and this is identical to secp256k1_scalar_negate */ uint32_t mask = !flag - 1; - uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(r) == 0); + uint32_t nonzero = UINT32_C(0xFFFFFFFF) * (secp256k1_scalar_is_zero(r) == 0); uint64_t t = (uint64_t)(r->d[0] ^ mask) + ((SECP256K1_N_0 + 1) & mask); r->d[0] = t & nonzero; t >>= 32; t += (uint64_t)(r->d[1] ^ mask) + (SECP256K1_N_1 & mask); @@ -468,21 +468,21 @@ static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint32_t *l) /* Reduce 258 bits into 256. */ /* r[0..7] = p[0..7] + p[8] * SECP256K1_N_C. */ c = p0 + (uint64_t)SECP256K1_N_C_0 * p8; - r->d[0] = c & 0xFFFFFFFFUL; c >>= 32; + r->d[0] = c & UINT32_C(0xFFFFFFFF); c >>= 32; c += p1 + (uint64_t)SECP256K1_N_C_1 * p8; - r->d[1] = c & 0xFFFFFFFFUL; c >>= 32; + r->d[1] = c & UINT32_C(0xFFFFFFFF); c >>= 32; c += p2 + (uint64_t)SECP256K1_N_C_2 * p8; - r->d[2] = c & 0xFFFFFFFFUL; c >>= 32; + r->d[2] = c & UINT32_C(0xFFFFFFFF); c >>= 32; c += p3 + (uint64_t)SECP256K1_N_C_3 * p8; - r->d[3] = c & 0xFFFFFFFFUL; c >>= 32; + r->d[3] = c & UINT32_C(0xFFFFFFFF); c >>= 32; c += p4 + (uint64_t)p8; - r->d[4] = c & 0xFFFFFFFFUL; c >>= 32; + r->d[4] = c & UINT32_C(0xFFFFFFFF); c >>= 32; c += p5; - r->d[5] = c & 0xFFFFFFFFUL; c >>= 32; + r->d[5] = c & UINT32_C(0xFFFFFFFF); c >>= 32; c += p6; - r->d[6] = c & 0xFFFFFFFFUL; c >>= 32; + r->d[6] = c & UINT32_C(0xFFFFFFFF); c >>= 32; c += p7; - r->d[7] = c & 0xFFFFFFFFUL; c >>= 32; + r->d[7] = c & UINT32_C(0xFFFFFFFF); c >>= 32; /* Final reduction of r. */ secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r)); diff --git a/src/scalar_impl.h b/src/scalar_impl.h index c9b38f3c7c..d73e0ed7e9 100644 --- a/src/scalar_impl.h +++ b/src/scalar_impl.h @@ -300,24 +300,24 @@ static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { secp256k1_scalar c1, c2; static const secp256k1_scalar minus_lambda = SECP256K1_SCALAR_CONST( - 0xAC9C52B3UL, 0x3FA3CF1FUL, 0x5AD9E3FDUL, 0x77ED9BA4UL, - 0xA880B9FCUL, 0x8EC739C2UL, 0xE0CFC810UL, 0xB51283CFUL + UINT32_C(0xAC9C52B3), UINT32_C(0x3FA3CF1F), UINT32_C(0x5AD9E3FD), UINT32_C(0x77ED9BA4), + UINT32_C(0xA880B9FC), UINT32_C(0x8EC739C2), UINT32_C(0xE0CFC810), UINT32_C(0xB51283CF) ); static const secp256k1_scalar minus_b1 = SECP256K1_SCALAR_CONST( - 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000000UL, - 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C3UL + UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000), + UINT32_C(0xE4437ED6), UINT32_C(0x010E8828), UINT32_C(0x6F547FA9), UINT32_C(0x0ABFE4C3) ); static const secp256k1_scalar minus_b2 = SECP256K1_SCALAR_CONST( - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, - 0x8A280AC5UL, 0x0774346DUL, 0xD765CDA8UL, 0x3DB1562CUL + UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFE), + UINT32_C(0x8A280AC5), UINT32_C(0x0774346D), UINT32_C(0xD765CDA8), UINT32_C(0x3DB1562C) ); static const secp256k1_scalar g1 = SECP256K1_SCALAR_CONST( - 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00003086UL, - 0xD221A7D4UL, 0x6BCDE86CUL, 0x90E49284UL, 0xEB153DABUL + UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00003086), + UINT32_C(0xD221A7D4), UINT32_C(0x6BCDE86C), UINT32_C(0x90E49284), UINT32_C(0xEB153DAB) ); static const secp256k1_scalar g2 = SECP256K1_SCALAR_CONST( - 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x0000E443UL, - 0x7ED6010EUL, 0x88286F54UL, 0x7FA90ABFUL, 0xE4C42212UL + UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x00000000), UINT32_C(0x0000E443), + UINT32_C(0x7ED6010E), UINT32_C(0x88286F54), UINT32_C(0x7FA90ABF), UINT32_C(0xE4C42212) ); VERIFY_CHECK(r1 != a); VERIFY_CHECK(r2 != a); diff --git a/src/tests.c b/src/tests.c index 2f2cb71539..679f36bcb3 100644 --- a/src/tests.c +++ b/src/tests.c @@ -1113,8 +1113,8 @@ void run_scalar_tests(void) { { /* Does check_overflow check catch all ones? */ static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST( - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, - 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL + UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), + UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF), UINT32_C(0xFFFFFFFF) ); CHECK(secp256k1_scalar_check_overflow(&overflowed)); } @@ -1771,12 +1771,12 @@ void run_field_convert(void) { 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40 }; static const secp256k1_fe_storage fes = SECP256K1_FE_STORAGE_CONST( - 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, - 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL + UINT32_C(0x00010203), UINT32_C(0x04050607), UINT32_C(0x11121314), UINT32_C(0x15161718), + UINT32_C(0x22232425), UINT32_C(0x26272829), UINT32_C(0x33343536), UINT32_C(0x37383940) ); static const secp256k1_fe fe = SECP256K1_FE_CONST( - 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, - 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL + UINT32_C(0x00010203), UINT32_C(0x04050607), UINT32_C(0x11121314), UINT32_C(0x15161718), + UINT32_C(0x22232425), UINT32_C(0x26272829), UINT32_C(0x33343536), UINT32_C(0x37383940) ); secp256k1_fe fe2; unsigned char b322[32]; From f2266e321de7f4b45926b072b135917dd435f556 Mon Sep 17 00:00:00 2001 From: Tim Ruffing Date: Tue, 21 Apr 2020 16:54:15 +0200 Subject: [PATCH 2/2] Make gen_context C89 compliant, change CFLAGS_FOR_BUILD accordingly --- configure.ac | 2 +- src/gen_context.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 91b4177f64..1e5b2bb49f 100644 --- a/configure.ac +++ b/configure.ac @@ -196,7 +196,7 @@ if test x"$use_ecmult_static_precomputation" != x"no"; then SAVE_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS_FOR_BUILD" - warn_CFLAGS_FOR_BUILD="-Wall -Wextra -Wno-unused-function" + warn_CFLAGS_FOR_BUILD="-std=c89 -pedantic -Wall -Wextra -Wcast-align -Wnested-externs -Wshadow -Wstrict-prototypes -Wno-unused-function" saved_CFLAGS="$CFLAGS" CFLAGS="$warn_CFLAGS_FOR_BUILD $CFLAGS" AC_MSG_CHECKING([if native ${CC_FOR_BUILD} supports ${warn_CFLAGS_FOR_BUILD}]) diff --git a/src/gen_context.c b/src/gen_context.c index 539f574bfd..63af0e683b 100644 --- a/src/gen_context.c +++ b/src/gen_context.c @@ -4,8 +4,8 @@ * file COPYING or http://www.opensource.org/licenses/mit-license.php.* **********************************************************************/ -// Autotools creates libsecp256k1-config.h, of which ECMULT_GEN_PREC_BITS is needed. -// ifndef guard so downstream users can define their own if they do not use autotools. +/* Autotools creates libsecp256k1-config.h, of which ECMULT_GEN_PREC_BITS is needed. + ifndef guard so downstream users can define their own if they do not use autotools. */ #if !defined(ECMULT_GEN_PREC_BITS) #include "libsecp256k1-config.h" #endif