Add in missing curly braces part 1.
Everything before crypto/ec.
Change-Id: Icbfab8e4ffe5cc56bf465eb57d3fdad3959a085c
Reviewed-on: https://boringssl-review.googlesource.com/3401
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
index b3d1965..ac63934 100644
--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
@@ -100,8 +100,9 @@
BN_ULONG w) {
BN_ULONG c1 = 0;
- if (num <= 0)
+ if (num <= 0) {
return (c1);
+ }
while (num & ~3) {
mul_add(rp[0], ap[0], w, c1);
@@ -114,23 +115,26 @@
}
if (num) {
mul_add(rp[0], ap[0], w, c1);
- if (--num == 0)
+ if (--num == 0) {
return c1;
+ }
mul_add(rp[1], ap[1], w, c1);
- if (--num == 0)
+ if (--num == 0) {
return c1;
+ }
mul_add(rp[2], ap[2], w, c1);
return c1;
}
- return (c1);
+ return c1;
}
BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) {
BN_ULONG c1 = 0;
- if (num <= 0)
- return (c1);
+ if (num <= 0) {
+ return c1;
+ }
while (num & ~3) {
mul(rp[0], ap[0], w, c1);
@@ -143,19 +147,22 @@
}
if (num) {
mul(rp[0], ap[0], w, c1);
- if (--num == 0)
+ if (--num == 0) {
return c1;
+ }
mul(rp[1], ap[1], w, c1);
- if (--num == 0)
+ if (--num == 0) {
return c1;
+ }
mul(rp[2], ap[2], w, c1);
}
- return (c1);
+ return c1;
}
void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) {
- if (n <= 0)
+ if (n <= 0) {
return;
+ }
while (n & ~3) {
sqr(r[0], r[1], a[0]);
@@ -168,11 +175,13 @@
}
if (n) {
sqr(r[0], r[1], a[0]);
- if (--n == 0)
+ if (--n == 0) {
return;
+ }
sqr(r[2], r[3], a[1]);
- if (--n == 0)
+ if (--n == 0) {
return;
+ }
sqr(r[4], r[5], a[2]);
}
}
@@ -190,8 +199,9 @@
BN_ULONG ret;
size_t i = 0;
- if (n <= 0)
+ if (n <= 0) {
return 0;
+ }
asm volatile (
" subq %0,%0 \n" /* clear carry */
@@ -216,8 +226,9 @@
BN_ULONG ret;
size_t i = 0;
- if (n <= 0)
+ if (n <= 0) {
return 0;
+ }
asm volatile (
" subq %0,%0 \n" /* clear borrow */
@@ -242,47 +253,56 @@
BN_ULONG t1, t2;
int c = 0;
- if (n <= 0)
- return ((BN_ULONG)0);
+ if (n <= 0) {
+ return (BN_ULONG)0;
+ }
for (;;) {
t1 = a[0];
t2 = b[0];
r[0] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
+ if (t1 != t2) {
c = (t1 < t2);
- if (--n <= 0)
+ }
+ if (--n <= 0) {
break;
+ }
t1 = a[1];
t2 = b[1];
r[1] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
+ if (t1 != t2) {
c = (t1 < t2);
- if (--n <= 0)
+ }
+ if (--n <= 0) {
break;
+ }
t1 = a[2];
t2 = b[2];
r[2] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
+ if (t1 != t2) {
c = (t1 < t2);
- if (--n <= 0)
+ }
+ if (--n <= 0) {
break;
+ }
t1 = a[3];
t2 = b[3];
r[3] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
+ if (t1 != t2) {
c = (t1 < t2);
- if (--n <= 0)
+ }
+ if (--n <= 0) {
break;
+ }
a += 4;
b += 4;
r += 4;
}
- return (c);
+ return c;
}
#endif
diff --git a/crypto/bn/bn.c b/crypto/bn/bn.c
index 368c4f1..f89b6f1 100644
--- a/crypto/bn/bn.c
+++ b/crypto/bn/bn.c
@@ -200,13 +200,15 @@
if (l & 0xffff000000000000L) {
if (l & 0xff00000000000000L) {
return (bits[(int)(l >> 56)] + 56);
- } else
+ } else {
return (bits[(int)(l >> 48)] + 48);
+ }
} else {
if (l & 0x0000ff0000000000L) {
return (bits[(int)(l >> 40)] + 40);
- } else
+ } else {
return (bits[(int)(l >> 32)] + 32);
+ }
}
} else
#endif
diff --git a/crypto/bn/bn_test.c b/crypto/bn/bn_test.c
index e342ed8..46f50ec 100644
--- a/crypto/bn/bn_test.c
+++ b/crypto/bn/bn_test.c
@@ -145,11 +145,12 @@
argc--;
argv++;
while (argc >= 1) {
- if (strcmp(*argv, "-results") == 0)
+ if (strcmp(*argv, "-results") == 0) {
results = 1;
- else if (strcmp(*argv, "-out") == 0) {
- if (--argc < 1)
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1) {
break;
+ }
outfile = *(++argv);
}
argc--;
@@ -158,8 +159,9 @@
ctx = BN_CTX_new();
- if (ctx == NULL)
+ if (ctx == NULL) {
return 1;
+ }
out = BIO_new(BIO_s_file());
if (out == NULL) {
@@ -175,82 +177,98 @@
}
}
- if (!results)
+ if (!results) {
BIO_puts(out, "obase=16\nibase=16\n");
+ }
message(out, "BN_add");
- if (!test_add(out))
+ if (!test_add(out)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_sub");
- if (!test_sub(out))
+ if (!test_sub(out)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_lshift1");
- if (!test_lshift1(out))
+ if (!test_lshift1(out)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_lshift (fixed)");
- if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL)))
+ if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL))) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_lshift");
- if (!test_lshift(out, ctx, NULL))
+ if (!test_lshift(out, ctx, NULL)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_rshift1");
- if (!test_rshift1(out))
+ if (!test_rshift1(out)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_rshift");
- if (!test_rshift(out, ctx))
+ if (!test_rshift(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_sqr");
- if (!test_sqr(out, ctx))
+ if (!test_sqr(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_mul");
- if (!test_mul(out))
+ if (!test_mul(out)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_div");
- if (!test_div(out, ctx))
+ if (!test_div(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_div_word");
- if (!test_div_word(out))
+ if (!test_div_word(out)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_mod");
- if (!test_mod(out, ctx))
+ if (!test_mod(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_mod_mul");
- if (!test_mod_mul(out, ctx))
+ if (!test_mod_mul(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_mont");
- if (!test_mont(out, ctx))
+ if (!test_mont(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_mod_exp");
- if (!test_mod_exp(out, ctx))
+ if (!test_mod_exp(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_mod_exp_mont_consttime");
@@ -268,23 +286,27 @@
(void)BIO_flush(out);
message(out, "BN_mod_sqrt");
- if (!test_mod_sqrt(out, ctx))
+ if (!test_mod_sqrt(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "Small prime generation");
- if (!test_small_prime(out, ctx))
+ if (!test_small_prime(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_sqrt");
- if (!test_sqrt(out, ctx))
+ if (!test_sqrt(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
message(out, "BN_bn2bin_padded");
- if (!test_bn2bin_padded(out, ctx))
+ if (!test_bn2bin_padded(out, ctx)) {
goto err;
+ }
(void)BIO_flush(out);
BN_CTX_free(ctx);
@@ -352,8 +374,9 @@
if (i < num1) {
BN_rand(&a, 512, 0, 0);
BN_copy(&b, &a);
- if (BN_set_bit(&a, i) == 0)
+ if (BN_set_bit(&a, i) == 0) {
return (0);
+ }
BN_add_word(&b, i);
} else {
BN_rand(&b, 400 + i - num1, 0, 0);
@@ -400,8 +423,9 @@
BN_copy(&b, &a);
BN_lshift(&a, &a, i);
BN_add_word(&a, i);
- } else
+ } else {
BN_rand(&b, 50 + 3 * (i - num1), 0, 0);
+ }
a.neg = rand_neg();
b.neg = rand_neg();
BN_div(&d, &c, &a, &b, ctx);
@@ -561,9 +585,9 @@
d = BN_new();
BN_one(c);
- if (a_)
+ if (a_) {
a = a_;
- else {
+ } else {
a = BN_new();
BN_rand(a, 200, 0, 0); /**/
a->neg = rand_neg();
@@ -610,8 +634,9 @@
BN_CTX *ctx;
ctx = BN_CTX_new();
- if (ctx == NULL)
+ if (ctx == NULL) {
abort();
+ }
BN_init(&a);
BN_init(&b);
@@ -623,8 +648,9 @@
if (i <= num1) {
BN_rand(&a, 100, 0, 0);
BN_rand(&b, 100, 0, 0);
- } else
+ } else {
BN_rand(&b, i - num1, 0, 0);
+ }
a.neg = rand_neg();
b.neg = rand_neg();
BN_mul(&c, &a, &b, ctx);
@@ -826,16 +852,18 @@
BN_init(&n);
mont = BN_MONT_CTX_new();
- if (mont == NULL)
+ if (mont == NULL) {
return 0;
+ }
BN_rand(&a, 100, 0, 0); /**/
BN_rand(&b, 100, 0, 0); /**/
for (i = 0; i < num2; i++) {
int bits = (200 * (i + 1)) / num2;
- if (bits == 0)
+ if (bits == 0) {
continue;
+ }
BN_rand(&n, bits, 0, 1);
BN_MONT_CTX_set(mont, &n, ctx);
@@ -942,8 +970,9 @@
if (!BN_mod_mul(e, a, b, c, ctx)) {
unsigned long l;
- while ((l = ERR_get_error()))
+ while ((l = ERR_get_error())) {
fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL));
+ }
abort();
}
if (bp != NULL) {
@@ -1000,8 +1029,9 @@
BN_rand(a, 20 + i * 5, 0, 0); /**/
BN_rand(b, 2 + i, 0, 0); /**/
- if (!BN_mod_exp(d, a, b, c, ctx))
+ if (!BN_mod_exp(d, a, b, c, ctx)) {
return (0);
+ }
if (bp != NULL) {
if (!results) {
@@ -1046,8 +1076,9 @@
BN_rand(a, 20 + i * 5, 0, 0); /**/
BN_rand(b, 2 + i, 0, 0); /**/
- if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL))
+ if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL)) {
return (00);
+ }
if (bp != NULL) {
if (!results) {
@@ -1096,8 +1127,9 @@
/* Zero exponent */
BN_rand(a, 1024, 0, 0);
BN_zero(p);
- if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))
+ if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) {
return 0;
+ }
if (!BN_is_one(d)) {
fprintf(stderr, "Modular exponentiation test failed!\n");
return 0;
@@ -1105,8 +1137,9 @@
/* Zero input */
BN_rand(p, 1024, 0, 0);
BN_zero(a);
- if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL))
+ if (!BN_mod_exp_mont_consttime(d, a, p, m, ctx, NULL)) {
return 0;
+ }
if (!BN_is_zero(d)) {
fprintf(stderr, "Modular exponentiation test failed!\n");
return 0;
@@ -1128,10 +1161,10 @@
}
/* Finally, some regular test vectors. */
BN_rand(e, 1024, 0, 0);
- if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL))
+ if (!BN_mod_exp_mont_consttime(d, e, p, m, ctx, NULL) ||
+ !BN_mod_exp(a, e, p, m, ctx)) {
return 0;
- if (!BN_mod_exp(a, e, p, m, ctx))
- return 0;
+ }
if (BN_cmp(a, d) != 0) {
fprintf(stderr, "Modular exponentiation test failed!\n");
return 0;
@@ -1143,7 +1176,7 @@
BN_free(m);
BN_free(d);
BN_free(e);
- return (1);
+ return 1;
}
int test_exp(BIO *bp, BN_CTX *ctx) {
@@ -1161,8 +1194,9 @@
BN_rand(a, 20 + i * 5, 0, 0); /**/
BN_rand(b, 2 + i, 0, 0); /**/
- if (BN_exp(d, a, b, ctx) <= 0)
+ if (BN_exp(d, a, b, ctx) <= 0) {
return (0);
+ }
if (bp != NULL) {
if (!results) {
@@ -1175,8 +1209,9 @@
BIO_puts(bp, "\n");
}
BN_one(e);
- for (; !BN_is_zero(b); BN_sub(b, b, one))
+ for (; !BN_is_zero(b); BN_sub(b, b, one)) {
BN_mul(e, e, a, ctx);
+ }
BN_sub(e, e, d);
if (!BN_is_zero(e)) {
fprintf(stderr, "Exponentiation test failed!\n");
@@ -1188,7 +1223,7 @@
BN_free(d);
BN_free(e);
BN_free(one);
- return (1);
+ return 1;
}
/* test_exp_mod_zero tests that x**0 mod 1 == 0. */
@@ -1230,14 +1265,15 @@
static int genprime_cb(int p, int n, BN_GENCB *arg) {
char c = '*';
- if (p == 0)
+ if (p == 0) {
c = '.';
- if (p == 1)
+ } else if (p == 1) {
c = '+';
- if (p == 2)
+ } else if (p == 2) {
c = '*';
- if (p == 3)
+ } else if (p == 3) {
c = '\n';
+ }
putc(c, stdout);
fflush(stdout);
return 1;
@@ -1252,8 +1288,9 @@
a = BN_new();
p = BN_new();
r = BN_new();
- if (a == NULL || p == NULL || r == NULL)
+ if (a == NULL || p == NULL || r == NULL) {
goto err;
+ }
BN_GENCB_set(&cb, genprime_cb, NULL);
@@ -1261,16 +1298,18 @@
if (i < 8) {
unsigned primes[8] = {2, 3, 5, 7, 11, 13, 17, 19};
- if (!BN_set_word(p, primes[i]))
+ if (!BN_set_word(p, primes[i])) {
goto err;
+ }
} else {
- if (!BN_set_word(a, 32))
+ if (!BN_set_word(a, 32) ||
+ !BN_set_word(r, 2 * i + 1)) {
goto err;
- if (!BN_set_word(r, 2 * i + 1))
- goto err;
+ }
- if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
+ if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) {
goto err;
+ }
putc('\n', stdout);
}
p->neg = rand_neg();
@@ -1278,31 +1317,24 @@
for (j = 0; j < num2; j++) {
/* construct 'a' such that it is a square modulo p,
* but in general not a proper square and not reduced modulo p */
- if (!BN_rand(r, 256, 0, 3))
+ if (!BN_rand(r, 256, 0, 3) ||
+ !BN_nnmod(r, r, p, ctx) ||
+ !BN_mod_sqr(r, r, p, ctx) ||
+ !BN_rand(a, 256, 0, 3) ||
+ !BN_nnmod(a, a, p, ctx) ||
+ !BN_mod_sqr(a, a, p, ctx) ||
+ !BN_mul(a, a, r, ctx)) {
goto err;
- if (!BN_nnmod(r, r, p, ctx))
- goto err;
- if (!BN_mod_sqr(r, r, p, ctx))
- goto err;
- if (!BN_rand(a, 256, 0, 3))
- goto err;
- if (!BN_nnmod(a, a, p, ctx))
- goto err;
- if (!BN_mod_sqr(a, a, p, ctx))
- goto err;
- if (!BN_mul(a, a, r, ctx))
- goto err;
- if (rand_neg())
- if (!BN_sub(a, a, p))
+ }
+ if (rand_neg() && !BN_sub(a, a, p)) {
goto err;
+ }
- if (!BN_mod_sqrt(r, a, p, ctx))
+ if (!BN_mod_sqrt(r, a, p, ctx) ||
+ !BN_mod_sqr(r, r, p, ctx) ||
+ !BN_nnmod(a, a, p, ctx)) {
goto err;
- if (!BN_mod_sqr(r, r, p, ctx))
- goto err;
-
- if (!BN_nnmod(a, a, p, ctx))
- goto err;
+ }
if (BN_cmp(a, r) != 0) {
fprintf(stderr, "BN_mod_sqrt failed: a = ");
@@ -1324,12 +1356,15 @@
}
ret = 1;
err:
- if (a != NULL)
+ if (a != NULL) {
BN_free(a);
- if (p != NULL)
+ }
+ if (p != NULL) {
BN_free(p);
- if (r != NULL)
+ }
+ if (r != NULL) {
BN_free(r);
+ }
return ret;
}
diff --git a/crypto/bn/ctx.c b/crypto/bn/ctx.c
index e54007b..e3a5c92 100644
--- a/crypto/bn/ctx.c
+++ b/crypto/bn/ctx.c
@@ -205,14 +205,14 @@
}
static void BN_STACK_finish(BN_STACK *st) {
- if (st->size)
+ if (st->size) {
OPENSSL_free(st->indexes);
+ }
}
static int BN_STACK_push(BN_STACK *st, unsigned int idx) {
- if (st->depth == st->size)
- /* Need to expand */
- {
+ if (st->depth == st->size) {
+ /* Need to expand */
unsigned int newsize =
(st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES);
unsigned int *newitems = OPENSSL_malloc(newsize * sizeof(unsigned int));
diff --git a/crypto/bn/div.c b/crypto/bn/div.c
index d65957a..2bf86de 100644
--- a/crypto/bn/div.c
+++ b/crypto/bn/div.c
@@ -278,12 +278,14 @@
t2 = (BN_ULLONG)d1 * q;
for (;;) {
- if (t2 <= ((((BN_ULLONG)rem) << BN_BITS2) | wnump[-2]))
+ if (t2 <= ((((BN_ULLONG)rem) << BN_BITS2) | wnump[-2])) {
break;
+ }
q--;
rem += d0;
- if (rem < d0)
+ if (rem < d0) {
break; /* don't let rem overflow */
+ }
t2 -= d1;
}
#else /* !BN_LLONG */
@@ -316,14 +318,17 @@
#endif
for (;;) {
- if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2])))
+ if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) {
break;
+ }
q--;
rem += d0;
- if (rem < d0)
+ if (rem < d0) {
break; /* don't let rem overflow */
- if (t2l < d1)
+ }
+ if (t2l < d1) {
t2h--;
+ }
t2l -= d1;
}
#endif /* !BN_LLONG */
diff --git a/crypto/bn/exponentiation.c b/crypto/bn/exponentiation.c
index 53f3e9c..3a07704 100644
--- a/crypto/bn/exponentiation.c
+++ b/crypto/bn/exponentiation.c
@@ -685,12 +685,14 @@
j = m->top; /* borrow j */
if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
- if (bn_wexpand(r, j) == NULL)
+ if (bn_wexpand(r, j) == NULL) {
goto err;
+ }
/* 2^(top*BN_BITS2) - m */
r->d[0] = (0 - m->d[0]) & BN_MASK2;
- for (i = 1; i < j; i++)
+ for (i = 1; i < j; i++) {
r->d[i] = (~m->d[i]) & BN_MASK2;
+ }
r->top = j;
/* Upper words will be zero if the corresponding words of 'm'
* were 0xfff[...], so decrement r->top accordingly. */
@@ -704,9 +706,8 @@
int wend; /* The bottom bit of the window */
if (BN_is_bit_set(p, wstart) == 0) {
- if (!start) {
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
- goto err;
+ if (!start && !BN_mod_mul_montgomery(r, r, r, mont, ctx)) {
+ goto err;
}
if (wstart == 0) {
break;
@@ -878,13 +879,13 @@
/* Allocate a montgomery context if it was not supplied by the caller.
* If this is not done, things will break in the montgomery part.
*/
- if (in_mont != NULL)
+ if (in_mont != NULL) {
mont = in_mont;
- else {
- if ((mont = BN_MONT_CTX_new()) == NULL)
+ } else {
+ mont = BN_MONT_CTX_new();
+ if (mont == NULL || !BN_MONT_CTX_set(mont, m, ctx)) {
goto err;
- if (!BN_MONT_CTX_set(mont, m, ctx))
- goto err;
+ }
}
#ifdef RSAZ_ENABLED
@@ -893,8 +894,9 @@
* crypto/bn/rsaz_exp.c and accompanying assembly modules. */
if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024) &&
rsaz_avx2_eligible()) {
- if (NULL == bn_wexpand(rr, 16))
+ if (NULL == bn_wexpand(rr, 16)) {
goto err;
+ }
RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, mont->n0[0]);
rr->top = 16;
rr->neg = 0;
@@ -902,8 +904,9 @@
ret = 1;
goto err;
} else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
- if (NULL == bn_wexpand(rr, 8))
+ if (NULL == bn_wexpand(rr, 8)) {
goto err;
+ }
RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
rr->top = 8;
rr->neg = 0;
@@ -918,8 +921,9 @@
#if defined(OPENSSL_BN_ASM_MONT5)
if (window >= 5) {
window = 5; /* ~5% improvement for RSA2048 sign, and even for RSA4096 */
- if ((top & 7) == 0)
+ if ((top & 7) == 0) {
powerbufLen += 2 * top * sizeof(m->d[0]);
+ }
}
#endif
(void)0;
@@ -932,20 +936,24 @@
sizeof(m->d[0]) *
(top * numPowers + ((2 * top) > numPowers ? (2 * top) : numPowers));
#ifdef alloca
- if (powerbufLen < 3072)
+ if (powerbufLen < 3072) {
powerbufFree = alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
- else
+ } else
#endif
- if ((powerbufFree = (unsigned char *)OPENSSL_malloc(
- powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
- goto err;
+ {
+ if ((powerbufFree = (unsigned char *)OPENSSL_malloc(
+ powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL) {
+ goto err;
+ }
+ }
powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
memset(powerbuf, 0, powerbufLen);
#ifdef alloca
- if (powerbufLen < 3072)
+ if (powerbufLen < 3072) {
powerbufFree = NULL;
+ }
#endif
/* lay down tmp and am right after powers table */
@@ -961,20 +969,23 @@
if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
/* 2^(top*BN_BITS2) - m */
tmp.d[0] = (0 - m->d[0]) & BN_MASK2;
- for (i = 1; i < top; i++)
+ for (i = 1; i < top; i++) {
tmp.d[i] = (~m->d[i]) & BN_MASK2;
+ }
tmp.top = top;
- } else if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
+ } else if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) {
goto err;
+ }
/* prepare a^1 in Montgomery domain */
if (a->neg || BN_ucmp(a, m) >= 0) {
- if (!BN_mod(&am, a, m, ctx))
+ if (!BN_mod(&am, a, m, ctx) ||
+ !BN_to_montgomery(&am, &am, mont, ctx)) {
goto err;
- if (!BN_to_montgomery(&am, &am, mont, ctx))
- goto err;
- } else if (!BN_to_montgomery(&am, a, mont, ctx))
+ }
+ } else if (!BN_to_montgomery(&am, a, mont, ctx)) {
goto err;
+ }
#if defined(OPENSSL_BN_ASM_MONT5)
/* This optimization uses ideas from http://eprint.iacr.org/2011/239,
@@ -1001,16 +1012,20 @@
/* BN_to_montgomery can contaminate words above .top
* [in BN_DEBUG[_DEBUG] build]... */
- for (i = am.top; i < top; i++)
+ for (i = am.top; i < top; i++) {
am.d[i] = 0;
- for (i = tmp.top; i < top; i++)
+ }
+ for (i = tmp.top; i < top; i++) {
tmp.d[i] = 0;
+ }
- if (top & 7)
+ if (top & 7) {
np2 = np;
- else
- for (np2 = am.d + top, i = 0; i < top; i++)
+ } else {
+ for (np2 = am.d + top, i = 0; i < top; i++) {
np2[2 * i] = np[i];
+ }
+ }
bn_scatter5(tmp.d, top, powerbuf, 0);
bn_scatter5(am.d, am.top, powerbuf, 1);
@@ -1043,8 +1058,9 @@
}
bits--;
- for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--)
+ for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) {
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+ }
bn_gather5(tmp.d, top, powerbuf, wvalue);
/* At this point |bits| is 4 mod 5 and at least -1. (|bits| is the first bit
@@ -1056,8 +1072,9 @@
*/
if (top & 7) {
while (bits >= 0) {
- for (wvalue = 0, i = 0; i < 5; i++, bits--)
+ for (wvalue = 0, i = 0; i < 5; i++, bits--) {
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
+ }
bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
@@ -1101,17 +1118,18 @@
tmp.top = top;
bn_correct_top(&tmp);
if (ret) {
- if (!BN_copy(rr, &tmp))
+ if (!BN_copy(rr, &tmp)) {
ret = 0;
+ }
goto err; /* non-zero ret means it's not error */
}
} else
#endif
{
- if (!copy_to_prebuf(&tmp, top, powerbuf, 0, numPowers))
+ if (!copy_to_prebuf(&tmp, top, powerbuf, 0, numPowers) ||
+ !copy_to_prebuf(&am, top, powerbuf, 1, numPowers)) {
goto err;
- if (!copy_to_prebuf(&am, top, powerbuf, 1, numPowers))
- goto err;
+ }
/* If the window size is greater than 1, then calculate
* val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
@@ -1119,24 +1137,26 @@
* to use the slight performance advantage of sqr over mul).
*/
if (window > 1) {
- if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
+ if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx) ||
+ !copy_to_prebuf(&tmp, top, powerbuf, 2, numPowers)) {
goto err;
- if (!copy_to_prebuf(&tmp, top, powerbuf, 2, numPowers))
- goto err;
+ }
for (i = 3; i < numPowers; i++) {
/* Calculate a^i = a^(i-1) * a */
- if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
+ if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx) ||
+ !copy_to_prebuf(&tmp, top, powerbuf, i, numPowers)) {
goto err;
- if (!copy_to_prebuf(&tmp, top, powerbuf, i, numPowers))
- goto err;
+ }
}
}
bits--;
- for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
+ for (wvalue = 0, i = bits % window; i >= 0; i--, bits--) {
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
- if (!copy_from_prebuf(&tmp, top, powerbuf, wvalue, numPowers))
+ }
+ if (!copy_from_prebuf(&tmp, top, powerbuf, wvalue, numPowers)) {
goto err;
+ }
/* Scan the exponent one window at a time starting from the most
* significant bits.
@@ -1146,32 +1166,38 @@
/* Scan the window, squaring the result as we go */
for (i = 0; i < window; i++, bits--) {
- if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx))
+ if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) {
goto err;
+ }
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
}
/* Fetch the appropriate pre-computed value from the pre-buf */
- if (!copy_from_prebuf(&am, top, powerbuf, wvalue, numPowers))
+ if (!copy_from_prebuf(&am, top, powerbuf, wvalue, numPowers)) {
goto err;
+ }
/* Multiply the result into the intermediate result */
- if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
+ if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) {
goto err;
+ }
}
}
/* Convert the final result from montgomery to standard format */
- if (!BN_from_montgomery(rr, &tmp, mont, ctx))
+ if (!BN_from_montgomery(rr, &tmp, mont, ctx)) {
goto err;
+ }
ret = 1;
err:
- if ((in_mont == NULL) && (mont != NULL))
+ if ((in_mont == NULL) && (mont != NULL)) {
BN_MONT_CTX_free(mont);
+ }
if (powerbuf != NULL) {
OPENSSL_cleanse(powerbuf, powerbufLen);
- if (powerbufFree)
+ if (powerbufFree) {
OPENSSL_free(powerbufFree);
+ }
}
BN_CTX_end(ctx);
return (ret);
@@ -1238,13 +1264,11 @@
goto err;
}
- if (in_mont != NULL)
+ if (in_mont != NULL) {
mont = in_mont;
- else {
- if ((mont = BN_MONT_CTX_new()) == NULL) {
- goto err;
- }
- if (!BN_MONT_CTX_set(mont, m, ctx)) {
+ } else {
+ mont = BN_MONT_CTX_new();
+ if (mont == NULL || !BN_MONT_CTX_set(mont, m, ctx)) {
goto err;
}
}
@@ -1477,28 +1501,33 @@
if (!wvalue1 && BN_is_bit_set(p1, b)) {
/* consider bits b-window1+1 .. b for this window */
i = b - window1 + 1;
- while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+ /* works for i<0 */
+ while (!BN_is_bit_set(p1, i)) {
i++;
+ }
wpos1 = i;
wvalue1 = 1;
for (i = b - 1; i >= wpos1; i--) {
wvalue1 <<= 1;
- if (BN_is_bit_set(p1, i))
+ if (BN_is_bit_set(p1, i)) {
wvalue1++;
+ }
}
}
if (!wvalue2 && BN_is_bit_set(p2, b)) {
/* consider bits b-window2+1 .. b for this window */
i = b - window2 + 1;
- while (!BN_is_bit_set(p2, i))
+ while (!BN_is_bit_set(p2, i)) {
i++;
+ }
wpos2 = i;
wvalue2 = 1;
for (i = b - 1; i >= wpos2; i--) {
wvalue2 <<= 1;
- if (BN_is_bit_set(p2, i))
+ if (BN_is_bit_set(p2, i)) {
wvalue2++;
+ }
}
}
diff --git a/crypto/bn/gcd.c b/crypto/bn/gcd.c
index 2dce296..789a094 100644
--- a/crypto/bn/gcd.c
+++ b/crypto/bn/gcd.c
@@ -586,8 +586,9 @@
*/
pB = &local_B;
BN_with_flags(pB, B, BN_FLG_CONSTTIME);
- if (!BN_nnmod(B, pB, A, ctx))
+ if (!BN_nnmod(B, pB, A, ctx)) {
goto err;
+ }
}
sign = -1;
/* From B = a mod |n|, A = |n| it follows that
diff --git a/crypto/bn/generic.c b/crypto/bn/generic.c
index 224a47c..0e7d867 100644
--- a/crypto/bn/generic.c
+++ b/crypto/bn/generic.c
@@ -585,23 +585,27 @@
t1 = a[0];
t2 = b[0];
r[0] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
+ if (t1 != t2) {
c = (t1 < t2);
+ }
t1 = a[1];
t2 = b[1];
r[1] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
+ if (t1 != t2) {
c = (t1 < t2);
+ }
t1 = a[2];
t2 = b[2];
r[2] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
+ if (t1 != t2) {
c = (t1 < t2);
+ }
t1 = a[3];
t2 = b[3];
r[3] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
+ if (t1 != t2) {
c = (t1 < t2);
+ }
a += 4;
b += 4;
r += 4;
@@ -611,8 +615,9 @@
t1 = a[0];
t2 = b[0];
r[0] = (t1 - t2 - c) & BN_MASK2;
- if (t1 != t2)
+ if (t1 != t2) {
c = (t1 < t2);
+ }
a++;
b++;
r++;
@@ -1050,11 +1055,13 @@
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
- for (j = 0; j < num; ++j)
+ for (j = 0; j < num; ++j) {
mul(tp[j], ap[j], ml, mh, c0);
+ }
#else
- for (j = 0; j < num; ++j)
+ for (j = 0; j < num; ++j) {
mul(tp[j], ap[j], ml, c0);
+ }
#endif
tp[num] = c0;
@@ -1067,11 +1074,13 @@
#ifdef mul64
mh = HBITS(ml);
ml = LBITS(ml);
- for (j = 0; j < num; ++j)
+ for (j = 0; j < num; ++j) {
mul_add(tp[j], ap[j], ml, mh, c0);
+ }
#else
- for (j = 0; j < num; ++j)
+ for (j = 0; j < num; ++j) {
mul_add(tp[j], ap[j], ml, c0);
+ }
#endif
c1 = (tp[num] + c0) & BN_MASK2;
tp[num] = c1;
@@ -1104,13 +1113,15 @@
if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
c0 = bn_sub_words(rp, tp, np, num);
if (tp[num] != 0 || c0 == 0) {
- for (i = 0; i < num + 2; i++)
+ for (i = 0; i < num + 2; i++) {
vp[i] = 0;
+ }
return 1;
}
}
- for (i = 0; i < num; i++)
+ for (i = 0; i < num; i++) {
rp[i] = tp[i], vp[i] = 0;
+ }
vp[num] = 0;
vp[num + 1] = 0;
return 1;
diff --git a/crypto/bn/montgomery.c b/crypto/bn/montgomery.c
index 65e177c..5a9d686 100644
--- a/crypto/bn/montgomery.c
+++ b/crypto/bn/montgomery.c
@@ -514,8 +514,9 @@
return 0;
}
- if (BN_copy(t, a))
+ if (BN_copy(t, a)) {
retn = BN_from_montgomery_word(ret, t, mont);
+ }
BN_CTX_end(ctx);
return retn;
diff --git a/crypto/bn/mul.c b/crypto/bn/mul.c
index 80c6288..a17d766 100644
--- a/crypto/bn/mul.c
+++ b/crypto/bn/mul.c
@@ -150,8 +150,9 @@
assert(cl >= 0);
c = bn_sub_words(r, a, b, cl);
- if (dl == 0)
+ if (dl == 0) {
return c;
+ }
r += cl;
a += cl;
@@ -330,8 +331,9 @@
/* Else do normal multiply */
if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
- if ((dna + dnb) < 0)
+ if ((dna + dnb) < 0) {
memset(&r[2 * n2 + dna + dnb], 0, sizeof(BN_ULONG) * -(dna + dnb));
+ }
return;
}
diff --git a/crypto/bn/prime.c b/crypto/bn/prime.c
index fc9a3d5..6bdc921 100644
--- a/crypto/bn/prime.c
+++ b/crypto/bn/prime.c
@@ -682,8 +682,9 @@
for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) {
if ((mods[i] + delta) % primes[i] == 0) {
delta += 2;
- if (delta > maxdelta)
+ if (delta > maxdelta) {
goto again;
+ }
goto loop;
}
}
@@ -693,8 +694,9 @@
* that gcd(rnd-1,primes) == 1 (except for 2) */
if (((mods[i] + delta) % primes[i]) <= 1) {
delta += 2;
- if (delta > maxdelta)
+ if (delta > maxdelta) {
goto again;
+ }
goto loop;
}
}
