Fix preprocessor error, to ensure ecc_secp256r1_inv is always defined.

diff --git a/ecc-secp256r1.c b/ecc-secp256r1.c
index e624b020c069530fb33c4dc49c8b7d024c823749..56741c7df5d0a39204431930c9b3d64b75a74afc 100644 (file)
--- a/ecc-secp256r1.c
+++ b/ecc-secp256r1.c
@@ -145,59 +145,6 @@ ecc_secp256r1_modp (const struct ecc_modulo *p, mp_limb_t *rp)
   rp[3] = u1;
 }
 
-#define ECC_SECP256R1_INV_ITCH (7*ECC_LIMB_SIZE)
-
-static void
-ecc_secp256r1_inv (const struct ecc_modulo *p,
-                  mp_limb_t *rp, const mp_limb_t *ap,
-                  mp_limb_t *scratch)
-{
-#define a5m1 scratch
-#define a15m1 (scratch + ECC_LIMB_SIZE)
-  /* Overlaps first half of t0 */
-#define a32m1 (scratch + 2*ECC_LIMB_SIZE)
-#define t0 (scratch + 3*ECC_LIMB_SIZE)
-#define t1 (scratch + 5*ECC_LIMB_SIZE)
-/*
-   Addition chain for p - 2 = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 3
-
-    2^5 - 1 = 1 + 2 (2^4 - 1) = 1 + 2 (2^2+1)(2 + 1)    4 S + 3 M
-    2^{15} - 1 = (2^5 - 1) (1 + 2^5 (1 + 2^5)          10 S + 2 M
-    2^{16} - 1 = 1 + 2 (2^{15} - 1)                       S +   M
-    2^{32} - 1 = (2^{16} + 1) (2^{16} - 1)             16 S +   M
-    2^{64} - 2^{32} + 1 = 2^{32} (2^{32} - 1) + 1      32 S +   M
-    2^{192} - 2^{160} + 2^{128} + 2^{32} - 1
-        = 2^{128} (2^{64} - 2^{32} + 1) + 2^{32} - 1  128 S +   M
-    2^{224} - 2^{192} + 2^{160} + 2^{64} - 1
-        = 2^{32} (...) + 2^{32} - 1                    32 S +   M
-    2^{239} - 2^{207} + 2^{175} + 2^{79} - 1
-        = 2^{15} (...) + 2^{15} - 1                    15 S +   M
-    2^{254} - 2^{222} + 2^{190} + 2^{94} - 1
-        = 2^{15} (...) + 2^{15} - 1                    15 S +   M
-    p - 2 = 2^2 (...) + 1                               2 S     M
-                                                   ---------------
-                                                     255 S + 13 M
- */
-  ecc_mod_sqr (p, rp, ap);             /* a^2 */
-  ecc_mod_mul (p, t1, ap, rp);         /* a^3 */
-  ecc_mod_pow_2kp1 (p, rp, t1, 2, t0); /* a^{2^4 - 1} */
-  ecc_mod_sqr (p, t0, rp);             /* a^{2^5 - 2} */
-  ecc_mod_mul (p, a5m1, ap, t0);       /* a^{2^5 - 1}, a5m1 */
-
-  ecc_mod_pow_2kp1 (p, rp, a5m1, 5, t0); /* a^{2^{10} - 1, a5m1*/
-  ecc_mod_pow_2k_mul (p, a15m1, rp, 5, a5m1, t0); /* a^{2^{15} - 1}, a5m1 a15m1 */
-  ecc_mod_sqr (p, rp, a15m1);          /* a^{2^{16} - 2}, a15m1 */
-  ecc_mod_mul (p, t1, ap, rp);         /* a^{2^{16} - 1}, a15m1 */
-  ecc_mod_pow_2kp1 (p, a32m1, t1, 16, rp); /* a^{2^{32} - 1}, a15m1, a32m1 */
-
-  ecc_mod_pow_2k_mul (p, t0, a32m1, 32, ap, t1); /* a^{2^{64} - 2^{32} + 1 */
-  ecc_mod_pow_2k_mul (p, rp, t0, 128, a32m1, t1); /* a^{2^{192} - 2^{160} + 2^{128} + 2^{32} - 1} */
-  ecc_mod_pow_2k_mul (p, t0, rp, 32, a32m1, t1); /* a^{2^{224} - 2^{192} + 2^{160} + 2^{64} - 1} */
-  ecc_mod_pow_2k_mul (p, rp, t0, 15, a15m1, t1); /* a^{2^{239} - 2^{207} + 2^{175} + 2^{79} - 1} */
-  ecc_mod_pow_2k_mul (p, t0, rp, 15, a15m1, t1); /* a^{2^{254} - 2^{222} + 2^{190} + 2^{94} - 1} */
-  ecc_mod_pow_2k_mul (p, rp, t0, 2, ap, t0); /* a^{2^{256} - 2^{224} + 2^{192} + 2^{96} - 3} */
-}
-
 static void
 ecc_secp256r1_modq (const struct ecc_modulo *q, mp_limb_t *rp)
 {
@@ -292,6 +239,59 @@ ecc_secp256r1_modq (const struct ecc_modulo *q, mp_limb_t *rp)
 #error Unsupported parameters
 #endif
 
+#define ECC_SECP256R1_INV_ITCH (7*ECC_LIMB_SIZE)
+
+static void
+ecc_secp256r1_inv (const struct ecc_modulo *p,
+                  mp_limb_t *rp, const mp_limb_t *ap,
+                  mp_limb_t *scratch)
+{
+#define a5m1 scratch
+#define a15m1 (scratch + ECC_LIMB_SIZE)
+  /* Overlaps first half of t0 */
+#define a32m1 (scratch + 2*ECC_LIMB_SIZE)
+#define t0 (scratch + 3*ECC_LIMB_SIZE)
+#define t1 (scratch + 5*ECC_LIMB_SIZE)
+/*
+   Addition chain for p - 2 = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 3
+
+    2^5 - 1 = 1 + 2 (2^4 - 1) = 1 + 2 (2^2+1)(2 + 1)    4 S + 3 M
+    2^{15} - 1 = (2^5 - 1) (1 + 2^5 (1 + 2^5)          10 S + 2 M
+    2^{16} - 1 = 1 + 2 (2^{15} - 1)                       S +   M
+    2^{32} - 1 = (2^{16} + 1) (2^{16} - 1)             16 S +   M
+    2^{64} - 2^{32} + 1 = 2^{32} (2^{32} - 1) + 1      32 S +   M
+    2^{192} - 2^{160} + 2^{128} + 2^{32} - 1
+        = 2^{128} (2^{64} - 2^{32} + 1) + 2^{32} - 1  128 S +   M
+    2^{224} - 2^{192} + 2^{160} + 2^{64} - 1
+        = 2^{32} (...) + 2^{32} - 1                    32 S +   M
+    2^{239} - 2^{207} + 2^{175} + 2^{79} - 1
+        = 2^{15} (...) + 2^{15} - 1                    15 S +   M
+    2^{254} - 2^{222} + 2^{190} + 2^{94} - 1
+        = 2^{15} (...) + 2^{15} - 1                    15 S +   M
+    p - 2 = 2^2 (...) + 1                               2 S     M
+                                                   ---------------
+                                                     255 S + 13 M
+ */
+  ecc_mod_sqr (p, rp, ap);             /* a^2 */
+  ecc_mod_mul (p, t1, ap, rp);         /* a^3 */
+  ecc_mod_pow_2kp1 (p, rp, t1, 2, t0); /* a^{2^4 - 1} */
+  ecc_mod_sqr (p, t0, rp);             /* a^{2^5 - 2} */
+  ecc_mod_mul (p, a5m1, ap, t0);       /* a^{2^5 - 1}, a5m1 */
+
+  ecc_mod_pow_2kp1 (p, rp, a5m1, 5, t0); /* a^{2^{10} - 1, a5m1*/
+  ecc_mod_pow_2k_mul (p, a15m1, rp, 5, a5m1, t0); /* a^{2^{15} - 1}, a5m1 a15m1 */
+  ecc_mod_sqr (p, rp, a15m1);          /* a^{2^{16} - 2}, a15m1 */
+  ecc_mod_mul (p, t1, ap, rp);         /* a^{2^{16} - 1}, a15m1 */
+  ecc_mod_pow_2kp1 (p, a32m1, t1, 16, rp); /* a^{2^{32} - 1}, a15m1, a32m1 */
+
+  ecc_mod_pow_2k_mul (p, t0, a32m1, 32, ap, t1); /* a^{2^{64} - 2^{32} + 1 */
+  ecc_mod_pow_2k_mul (p, rp, t0, 128, a32m1, t1); /* a^{2^{192} - 2^{160} + 2^{128} + 2^{32} - 1} */
+  ecc_mod_pow_2k_mul (p, t0, rp, 32, a32m1, t1); /* a^{2^{224} - 2^{192} + 2^{160} + 2^{64} - 1} */
+  ecc_mod_pow_2k_mul (p, rp, t0, 15, a15m1, t1); /* a^{2^{239} - 2^{207} + 2^{175} + 2^{79} - 1} */
+  ecc_mod_pow_2k_mul (p, t0, rp, 15, a15m1, t1); /* a^{2^{254} - 2^{222} + 2^{190} + 2^{94} - 1} */
+  ecc_mod_pow_2k_mul (p, rp, t0, 2, ap, t0); /* a^{2^{256} - 2^{224} + 2^{192} + 2^{96} - 3} */
+}
+
 const struct ecc_curve _nettle_secp_256r1 =
 {
   {