Remove a strict aliasing issue with pre-computed curve448 constants

[openssl.git] / crypto / ec / curve448 / eddsa.c

diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index 22b70c3c5aa95155622320e0a94525e9b3a9da09..556edf07b91cbf2b3d29e456ea383fbeb2a36e38 100644 (file)
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -29,8 +29,8 @@ static c448_error_t oneshot_hash(uint8_t *out, size_t outlen,
         return C448_FAILURE;
 
     if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
-        || !EVP_DigestUpdate(hashctx, in, inlen)
-        || !EVP_DigestFinalXOF(hashctx, out, outlen)) {
+            || !EVP_DigestUpdate(hashctx, in, inlen)
+            || !EVP_DigestFinalXOF(hashctx, out, outlen)) {
         EVP_MD_CTX_free(hashctx);
         return C448_FAILURE;
     }
@@ -69,9 +69,9 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
         return C448_FAILURE;
 
     if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
-        || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
-        || !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
-        || !EVP_DigestUpdate(hashctx, context, context_len))
+            || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
+            || !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
+            || !EVP_DigestUpdate(hashctx, context, context_len))
         return C448_FAILURE;
 
     return C448_SUCCESS;
@@ -165,9 +165,10 @@ c448_error_t c448_ed448_sign(
 
         /* Hash to create the nonce */
         if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
-            || !EVP_DigestUpdate(hashctx, expanded + EDDSA_448_PRIVATE_BYTES,
-                                 EDDSA_448_PRIVATE_BYTES)
-            || !EVP_DigestUpdate(hashctx, message, message_len)) {
+                || !EVP_DigestUpdate(hashctx,
+                                     expanded + EDDSA_448_PRIVATE_BYTES,
+                                     EDDSA_448_PRIVATE_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)) {
             OPENSSL_cleanse(expanded, sizeof(expanded));
             goto err;
         }
@@ -190,9 +191,8 @@ c448_error_t c448_ed448_sign(
         curve448_point_t p;
 
         curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
-        for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1) {
+        for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
             curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
-        }
 
         curve448_precomputed_scalarmul(p, curve448_precomputed_base,
                                        nonce_scalar_2);
@@ -206,10 +206,10 @@ c448_error_t c448_ed448_sign(
 
         /* Compute the challenge */
         if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
-            || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
-            || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
-            || !EVP_DigestUpdate(hashctx, message, message_len)
-            || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge)))
+                || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
+                || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)
+                || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge)))
             goto err;
 
         curve448_scalar_decode_long(challenge_scalar, challenge,
@@ -312,12 +312,8 @@ c448_error_t c448_ed448_verify_prehash(
                     const uint8_t hash[64], const uint8_t *context,
                     uint8_t context_len)
 {
-    c448_error_t ret;
-
-    ret = c448_ed448_verify(signature, pubkey, hash, 64, 1, context,
-                            context_len);
-
-    return ret;
+    return c448_ed448_verify(signature, pubkey, hash, 64, 1, context,
+                             context_len);
 }
 
 int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,