curve448: Use NLIMBS where appropriate to simplify the code

Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)

diff --git a/crypto/ec/curve448/arch_64/f_impl.h b/crypto/ec/curve448/arch_64/f_impl.h
index 725dfa85abac067aea1ac4c4875b9270b282b7bc..648082c2f389cade65d6e7f1035d65c82bbc1560 100644 (file)
--- a/crypto/ec/curve448/arch_64/f_impl.h
+++ b/crypto/ec/curve448/arch_64/f_impl.h
@@ -22,7 +22,7 @@ void gf_add_RAW(gf out, const gf a, const gf b)
 {
     unsigned int i;
 
-    for (i = 0; i < 8; i++)
+    for (i = 0; i < NLIMBS; i++)
         out->limb[i] = a->limb[i] + b->limb[i];
 
     gf_weak_reduce(out);
@@ -33,8 +33,8 @@ void gf_sub_RAW(gf out, const gf a, const gf b)
     uint64_t co1 = ((1ULL << 56) - 1) * 2, co2 = co1 - 2;
     unsigned int i;
 
-    for (i = 0; i < 8; i++)
-        out->limb[i] = a->limb[i] - b->limb[i] + ((i == 4) ? co2 : co1);
+    for (i = 0; i < NLIMBS; i++)
+        out->limb[i] = a->limb[i] - b->limb[i] + ((i == NLIMBS / 2) ? co2 : co1);
 
     gf_weak_reduce(out);
 }
@@ -46,11 +46,11 @@ void gf_bias(gf a, int amt)
 void gf_weak_reduce(gf a)
 {
     uint64_t mask = (1ULL << 56) - 1;
-    uint64_t tmp = a->limb[7] >> 56;
+    uint64_t tmp = a->limb[NLIMBS - 1] >> 56;
     unsigned int i;
 
-    a->limb[4] += tmp;
-    for (i = 7; i > 0; i--)
+    a->limb[NLIMBS / 2] += tmp;
+    for (i = NLIMBS - 1; i > 0; i--)
         a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 56);
     a->limb[0] = (a->limb[0] & mask) + tmp;
 }