diff --git a/fiat-c/src/curve25519_32.c b/fiat-c/src/curve25519_32.c index e48065a832..8a4680bb8e 100644 --- a/fiat-c/src/curve25519_32.c +++ b/fiat-c/src/curve25519_32.c @@ -166,7 +166,7 @@ static FIAT_25519_FIAT_INLINE void fiat_25519_cmovznz_u32(uint32_t* out1, fiat_2 uint32_t x3; x1 = !!arg1; x2 = (fiat_25519_int1)(0x0 - x1) & UINT32_C(0xffffffff); - x3 = fiat_25519_value_barrier_u32(x2) & arg3 | fiat_25519_value_barrier_u32(~x2) & arg2; + x3 = (fiat_25519_value_barrier_u32(x2) & arg3) | (fiat_25519_value_barrier_u32(~x2) & arg2); *out1 = x3; } diff --git a/fiat-c/src/curve25519_64.c b/fiat-c/src/curve25519_64.c index c0d38dcf68..deaddcbbd0 100644 --- a/fiat-c/src/curve25519_64.c +++ b/fiat-c/src/curve25519_64.c @@ -119,7 +119,7 @@ static FIAT_25519_FIAT_INLINE void fiat_25519_cmovznz_u64(uint64_t* out1, fiat_2 uint64_t x3; x1 = !!arg1; x2 = (fiat_25519_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); - x3 = fiat_25519_value_barrier_u64(x2) & arg3 | fiat_25519_value_barrier_u64(~x2) & arg2; + x3 = (fiat_25519_value_barrier_u64(x2) & arg3) | (fiat_25519_value_barrier_u64(~x2) & arg2); *out1 = x3; } diff --git a/fiat-c/src/p224_32.c b/fiat-c/src/p224_32.c index ddfc47da35..f29533aadd 100644 --- a/fiat-c/src/p224_32.c +++ b/fiat-c/src/p224_32.c @@ -144,7 +144,7 @@ static FIAT_P224_FIAT_INLINE void fiat_p224_cmovznz_u32(uint32_t* out1, fiat_p22 uint32_t x3; x1 = !!arg1; x2 = (fiat_p224_int1)(0x0 - x1) & UINT32_C(0xffffffff); - x3 = fiat_p224_value_barrier_u32(x2) & arg3 | fiat_p224_value_barrier_u32(~x2) & arg2; + x3 = (fiat_p224_value_barrier_u32(x2) & arg3) | (fiat_p224_value_barrier_u32(~x2) & arg2); *out1 = x3; } @@ -3899,14 +3899,14 @@ static FIAT_P224_FIAT_INLINE void fiat_p224_divstep(uint32_t* out1, uint32_t out fiat_p224_subborrowx_u32(&x177, &x178, x176, x163, UINT32_C(0xffffffff)); fiat_p224_subborrowx_u32(&x179, &x180, x178, x164, 0x0); fiat_p224_addcarryx_u32(&x181, &x182, 0x0, x6, 0x1); - x183 = x128 >> 1 | x130 << 31 & UINT32_C(0xffffffff); - x184 = x130 >> 1 | x132 << 31 & UINT32_C(0xffffffff); - x185 = x132 >> 1 | x134 << 31 & UINT32_C(0xffffffff); - x186 = x134 >> 1 | x136 << 31 & UINT32_C(0xffffffff); - x187 = x136 >> 1 | x138 << 31 & UINT32_C(0xffffffff); - x188 = x138 >> 1 | x140 << 31 & UINT32_C(0xffffffff); - x189 = x140 >> 1 | x142 << 31 & UINT32_C(0xffffffff); - x190 = x142 & UINT32_C(0x80000000) | x142 >> 1; + x183 = (x128 >> 1) | ((x130 << 31) & UINT32_C(0xffffffff)); + x184 = (x130 >> 1) | ((x132 << 31) & UINT32_C(0xffffffff)); + x185 = (x132 >> 1) | ((x134 << 31) & UINT32_C(0xffffffff)); + x186 = (x134 >> 1) | ((x136 << 31) & UINT32_C(0xffffffff)); + x187 = (x136 >> 1) | ((x138 << 31) & UINT32_C(0xffffffff)); + x188 = (x138 >> 1) | ((x140 << 31) & UINT32_C(0xffffffff)); + x189 = (x140 >> 1) | ((x142 << 31) & UINT32_C(0xffffffff)); + x190 = (x142 & UINT32_C(0x80000000)) | (x142 >> 1); fiat_p224_cmovznz_u32(&x191, x75, x60, x46); fiat_p224_cmovznz_u32(&x192, x75, x62, x48); fiat_p224_cmovznz_u32(&x193, x75, x64, x50); diff --git a/fiat-c/src/p224_64.c b/fiat-c/src/p224_64.c index 1b815d8187..6321fa32af 100644 --- a/fiat-c/src/p224_64.c +++ b/fiat-c/src/p224_64.c @@ -149,7 +149,7 @@ static FIAT_P224_FIAT_INLINE void fiat_p224_cmovznz_u64(uint64_t* out1, fiat_p22 uint64_t x3; x1 = !!arg1; x2 = (fiat_p224_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); - x3 = fiat_p224_value_barrier_u64(x2) & arg3 | fiat_p224_value_barrier_u64(~x2) & arg2; + x3 = (fiat_p224_value_barrier_u64(x2) & arg3) | (fiat_p224_value_barrier_u64(~x2) & arg2); *out1 = x3; } @@ -2021,11 +2021,11 @@ static FIAT_P224_FIAT_INLINE void fiat_p224_divstep(uint64_t* out1, uint64_t out fiat_p224_subborrowx_u64(&x108, &x109, x107, x100, UINT32_C(0xffffffff)); fiat_p224_subborrowx_u64(&x110, &x111, x109, x101, 0x0); fiat_p224_addcarryx_u64(&x112, &x113, 0x0, x6, 0x1); - x114 = x80 >> 1 | x82 << 63 & UINT64_C(0xffffffffffffffff); - x115 = x82 >> 1 | x84 << 63 & UINT64_C(0xffffffffffffffff); - x116 = x84 >> 1 | x86 << 63 & UINT64_C(0xffffffffffffffff); - x117 = x86 >> 1 | x88 << 63 & UINT64_C(0xffffffffffffffff); - x118 = x88 & UINT64_C(0x8000000000000000) | x88 >> 1; + x114 = (x80 >> 1) | ((x82 << 63) & UINT64_C(0xffffffffffffffff)); + x115 = (x82 >> 1) | ((x84 << 63) & UINT64_C(0xffffffffffffffff)); + x116 = (x84 >> 1) | ((x86 << 63) & UINT64_C(0xffffffffffffffff)); + x117 = (x86 >> 1) | ((x88 << 63) & UINT64_C(0xffffffffffffffff)); + x118 = (x88 & UINT64_C(0x8000000000000000)) | (x88 >> 1); fiat_p224_cmovznz_u64(&x119, x48, x39, x31); fiat_p224_cmovznz_u64(&x120, x48, x41, x33); fiat_p224_cmovznz_u64(&x121, x48, x43, x35); diff --git a/fiat-c/src/p256_32.c b/fiat-c/src/p256_32.c index 149511073d..d697121226 100644 --- a/fiat-c/src/p256_32.c +++ b/fiat-c/src/p256_32.c @@ -144,7 +144,7 @@ static FIAT_P256_FIAT_INLINE void fiat_p256_cmovznz_u32(uint32_t* out1, fiat_p25 uint32_t x3; x1 = !!arg1; x2 = (fiat_p256_int1)(0x0 - x1) & UINT32_C(0xffffffff); - x3 = fiat_p256_value_barrier_u32(x2) & arg3 | fiat_p256_value_barrier_u32(~x2) & arg2; + x3 = (fiat_p256_value_barrier_u32(x2) & arg3) | (fiat_p256_value_barrier_u32(~x2) & arg2); *out1 = x3; } @@ -4676,15 +4676,15 @@ static FIAT_P256_FIAT_INLINE void fiat_p256_divstep(uint32_t* out1, uint32_t out fiat_p256_subborrowx_u32(&x200, &x201, x199, x184, UINT32_C(0xffffffff)); fiat_p256_subborrowx_u32(&x202, &x203, x201, x185, 0x0); fiat_p256_addcarryx_u32(&x204, &x205, 0x0, x6, 0x1); - x206 = x144 >> 1 | x146 << 31 & UINT32_C(0xffffffff); - x207 = x146 >> 1 | x148 << 31 & UINT32_C(0xffffffff); - x208 = x148 >> 1 | x150 << 31 & UINT32_C(0xffffffff); - x209 = x150 >> 1 | x152 << 31 & UINT32_C(0xffffffff); - x210 = x152 >> 1 | x154 << 31 & UINT32_C(0xffffffff); - x211 = x154 >> 1 | x156 << 31 & UINT32_C(0xffffffff); - x212 = x156 >> 1 | x158 << 31 & UINT32_C(0xffffffff); - x213 = x158 >> 1 | x160 << 31 & UINT32_C(0xffffffff); - x214 = x160 & UINT32_C(0x80000000) | x160 >> 1; + x206 = (x144 >> 1) | ((x146 << 31) & UINT32_C(0xffffffff)); + x207 = (x146 >> 1) | ((x148 << 31) & UINT32_C(0xffffffff)); + x208 = (x148 >> 1) | ((x150 << 31) & UINT32_C(0xffffffff)); + x209 = (x150 >> 1) | ((x152 << 31) & UINT32_C(0xffffffff)); + x210 = (x152 >> 1) | ((x154 << 31) & UINT32_C(0xffffffff)); + x211 = (x154 >> 1) | ((x156 << 31) & UINT32_C(0xffffffff)); + x212 = (x156 >> 1) | ((x158 << 31) & UINT32_C(0xffffffff)); + x213 = (x158 >> 1) | ((x160 << 31) & UINT32_C(0xffffffff)); + x214 = (x160 & UINT32_C(0x80000000)) | (x160 >> 1); fiat_p256_cmovznz_u32(&x215, x84, x67, x51); fiat_p256_cmovznz_u32(&x216, x84, x69, x53); fiat_p256_cmovznz_u32(&x217, x84, x71, x55); diff --git a/fiat-c/src/p256_64.c b/fiat-c/src/p256_64.c index 2824e153f8..8313b9578a 100644 --- a/fiat-c/src/p256_64.c +++ b/fiat-c/src/p256_64.c @@ -149,7 +149,7 @@ static FIAT_P256_FIAT_INLINE void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p25 uint64_t x3; x1 = !!arg1; x2 = (fiat_p256_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); - x3 = fiat_p256_value_barrier_u64(x2) & arg3 | fiat_p256_value_barrier_u64(~x2) & arg2; + x3 = (fiat_p256_value_barrier_u64(x2) & arg3) | (fiat_p256_value_barrier_u64(~x2) & arg2); *out1 = x3; } @@ -1959,11 +1959,11 @@ static FIAT_P256_FIAT_INLINE void fiat_p256_divstep(uint64_t* out1, uint64_t out fiat_p256_subborrowx_u64(&x108, &x109, x107, x100, UINT64_C(0xffffffff00000001)); fiat_p256_subborrowx_u64(&x110, &x111, x109, x101, 0x0); fiat_p256_addcarryx_u64(&x112, &x113, 0x0, x6, 0x1); - x114 = x80 >> 1 | x82 << 63 & UINT64_C(0xffffffffffffffff); - x115 = x82 >> 1 | x84 << 63 & UINT64_C(0xffffffffffffffff); - x116 = x84 >> 1 | x86 << 63 & UINT64_C(0xffffffffffffffff); - x117 = x86 >> 1 | x88 << 63 & UINT64_C(0xffffffffffffffff); - x118 = x88 & UINT64_C(0x8000000000000000) | x88 >> 1; + x114 = (x80 >> 1) | ((x82 << 63) & UINT64_C(0xffffffffffffffff)); + x115 = (x82 >> 1) | ((x84 << 63) & UINT64_C(0xffffffffffffffff)); + x116 = (x84 >> 1) | ((x86 << 63) & UINT64_C(0xffffffffffffffff)); + x117 = (x86 >> 1) | ((x88 << 63) & UINT64_C(0xffffffffffffffff)); + x118 = (x88 & UINT64_C(0x8000000000000000)) | (x88 >> 1); fiat_p256_cmovznz_u64(&x119, x48, x39, x31); fiat_p256_cmovznz_u64(&x120, x48, x41, x33); fiat_p256_cmovznz_u64(&x121, x48, x43, x35); diff --git a/fiat-c/src/p384_32.c b/fiat-c/src/p384_32.c index a2f36df9b8..e0d0757b51 100644 --- a/fiat-c/src/p384_32.c +++ b/fiat-c/src/p384_32.c @@ -144,7 +144,7 @@ static FIAT_P384_FIAT_INLINE void fiat_p384_cmovznz_u32(uint32_t* out1, fiat_p38 uint32_t x3; x1 = !!arg1; x2 = (fiat_p384_int1)(0x0 - x1) & UINT32_C(0xffffffff); - x3 = fiat_p384_value_barrier_u32(x2) & arg3 | fiat_p384_value_barrier_u32(~x2) & arg2; + x3 = (fiat_p384_value_barrier_u32(x2) & arg3) | (fiat_p384_value_barrier_u32(~x2) & arg2); *out1 = x3; } @@ -10025,19 +10025,19 @@ static FIAT_P384_FIAT_INLINE void fiat_p384_divstep(uint32_t* out1, uint32_t out fiat_p384_subborrowx_u32(&x292, &x293, x291, x268, UINT32_C(0xffffffff)); fiat_p384_subborrowx_u32(&x294, &x295, x293, x269, 0x0); fiat_p384_addcarryx_u32(&x296, &x297, 0x0, x6, 0x1); - x298 = x208 >> 1 | x210 << 31 & UINT32_C(0xffffffff); - x299 = x210 >> 1 | x212 << 31 & UINT32_C(0xffffffff); - x300 = x212 >> 1 | x214 << 31 & UINT32_C(0xffffffff); - x301 = x214 >> 1 | x216 << 31 & UINT32_C(0xffffffff); - x302 = x216 >> 1 | x218 << 31 & UINT32_C(0xffffffff); - x303 = x218 >> 1 | x220 << 31 & UINT32_C(0xffffffff); - x304 = x220 >> 1 | x222 << 31 & UINT32_C(0xffffffff); - x305 = x222 >> 1 | x224 << 31 & UINT32_C(0xffffffff); - x306 = x224 >> 1 | x226 << 31 & UINT32_C(0xffffffff); - x307 = x226 >> 1 | x228 << 31 & UINT32_C(0xffffffff); - x308 = x228 >> 1 | x230 << 31 & UINT32_C(0xffffffff); - x309 = x230 >> 1 | x232 << 31 & UINT32_C(0xffffffff); - x310 = x232 & UINT32_C(0x80000000) | x232 >> 1; + x298 = (x208 >> 1) | ((x210 << 31) & UINT32_C(0xffffffff)); + x299 = (x210 >> 1) | ((x212 << 31) & UINT32_C(0xffffffff)); + x300 = (x212 >> 1) | ((x214 << 31) & UINT32_C(0xffffffff)); + x301 = (x214 >> 1) | ((x216 << 31) & UINT32_C(0xffffffff)); + x302 = (x216 >> 1) | ((x218 << 31) & UINT32_C(0xffffffff)); + x303 = (x218 >> 1) | ((x220 << 31) & UINT32_C(0xffffffff)); + x304 = (x220 >> 1) | ((x222 << 31) & UINT32_C(0xffffffff)); + x305 = (x222 >> 1) | ((x224 << 31) & UINT32_C(0xffffffff)); + x306 = (x224 >> 1) | ((x226 << 31) & UINT32_C(0xffffffff)); + x307 = (x226 >> 1) | ((x228 << 31) & UINT32_C(0xffffffff)); + x308 = (x228 >> 1) | ((x230 << 31) & UINT32_C(0xffffffff)); + x309 = (x230 >> 1) | ((x232 << 31) & UINT32_C(0xffffffff)); + x310 = (x232 & UINT32_C(0x80000000)) | (x232 >> 1); fiat_p384_cmovznz_u32(&x311, x120, x95, x71); fiat_p384_cmovznz_u32(&x312, x120, x97, x73); fiat_p384_cmovznz_u32(&x313, x120, x99, x75); diff --git a/fiat-c/src/p384_64.c b/fiat-c/src/p384_64.c index a425b99f28..28236cc40a 100644 --- a/fiat-c/src/p384_64.c +++ b/fiat-c/src/p384_64.c @@ -149,7 +149,7 @@ static FIAT_P384_FIAT_INLINE void fiat_p384_cmovznz_u64(uint64_t* out1, fiat_p38 uint64_t x3; x1 = !!arg1; x2 = (fiat_p384_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); - x3 = fiat_p384_value_barrier_u64(x2) & arg3 | fiat_p384_value_barrier_u64(~x2) & arg2; + x3 = (fiat_p384_value_barrier_u64(x2) & arg3) | (fiat_p384_value_barrier_u64(~x2) & arg2); *out1 = x3; } @@ -3802,13 +3802,13 @@ static FIAT_P384_FIAT_INLINE void fiat_p384_divstep(uint64_t* out1, uint64_t out fiat_p384_subborrowx_u64(&x154, &x155, x153, x142, UINT64_C(0xffffffffffffffff)); fiat_p384_subborrowx_u64(&x156, &x157, x155, x143, 0x0); fiat_p384_addcarryx_u64(&x158, &x159, 0x0, x6, 0x1); - x160 = x112 >> 1 | x114 << 63 & UINT64_C(0xffffffffffffffff); - x161 = x114 >> 1 | x116 << 63 & UINT64_C(0xffffffffffffffff); - x162 = x116 >> 1 | x118 << 63 & UINT64_C(0xffffffffffffffff); - x163 = x118 >> 1 | x120 << 63 & UINT64_C(0xffffffffffffffff); - x164 = x120 >> 1 | x122 << 63 & UINT64_C(0xffffffffffffffff); - x165 = x122 >> 1 | x124 << 63 & UINT64_C(0xffffffffffffffff); - x166 = x124 & UINT64_C(0x8000000000000000) | x124 >> 1; + x160 = (x112 >> 1) | ((x114 << 63) & UINT64_C(0xffffffffffffffff)); + x161 = (x114 >> 1) | ((x116 << 63) & UINT64_C(0xffffffffffffffff)); + x162 = (x116 >> 1) | ((x118 << 63) & UINT64_C(0xffffffffffffffff)); + x163 = (x118 >> 1) | ((x120 << 63) & UINT64_C(0xffffffffffffffff)); + x164 = (x120 >> 1) | ((x122 << 63) & UINT64_C(0xffffffffffffffff)); + x165 = (x122 >> 1) | ((x124 << 63) & UINT64_C(0xffffffffffffffff)); + x166 = (x124 & UINT64_C(0x8000000000000000)) | (x124 >> 1); fiat_p384_cmovznz_u64(&x167, x66, x53, x41); fiat_p384_cmovznz_u64(&x168, x66, x55, x43); fiat_p384_cmovznz_u64(&x169, x66, x57, x45); diff --git a/fiat-c/src/p434_64.c b/fiat-c/src/p434_64.c index 53df29bd35..366e7b0ced 100644 --- a/fiat-c/src/p434_64.c +++ b/fiat-c/src/p434_64.c @@ -149,7 +149,7 @@ static FIAT_P434_FIAT_INLINE void fiat_p434_cmovznz_u64(uint64_t* out1, fiat_p43 uint64_t x3; x1 = !!arg1; x2 = (fiat_p434_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); - x3 = fiat_p434_value_barrier_u64(x2) & arg3 | fiat_p434_value_barrier_u64(~x2) & arg2; + x3 = (fiat_p434_value_barrier_u64(x2) & arg3) | (fiat_p434_value_barrier_u64(~x2) & arg2); *out1 = x3; } @@ -4742,14 +4742,14 @@ static FIAT_P434_FIAT_INLINE void fiat_p434_divstep(uint64_t* out1, uint64_t out fiat_p434_subborrowx_u64(&x177, &x178, x176, x163, UINT64_C(0x2341f27177344)); fiat_p434_subborrowx_u64(&x179, &x180, x178, x164, 0x0); fiat_p434_addcarryx_u64(&x181, &x182, 0x0, x6, 0x1); - x183 = x128 >> 1 | x130 << 63 & UINT64_C(0xffffffffffffffff); - x184 = x130 >> 1 | x132 << 63 & UINT64_C(0xffffffffffffffff); - x185 = x132 >> 1 | x134 << 63 & UINT64_C(0xffffffffffffffff); - x186 = x134 >> 1 | x136 << 63 & UINT64_C(0xffffffffffffffff); - x187 = x136 >> 1 | x138 << 63 & UINT64_C(0xffffffffffffffff); - x188 = x138 >> 1 | x140 << 63 & UINT64_C(0xffffffffffffffff); - x189 = x140 >> 1 | x142 << 63 & UINT64_C(0xffffffffffffffff); - x190 = x142 & UINT64_C(0x8000000000000000) | x142 >> 1; + x183 = (x128 >> 1) | ((x130 << 63) & UINT64_C(0xffffffffffffffff)); + x184 = (x130 >> 1) | ((x132 << 63) & UINT64_C(0xffffffffffffffff)); + x185 = (x132 >> 1) | ((x134 << 63) & UINT64_C(0xffffffffffffffff)); + x186 = (x134 >> 1) | ((x136 << 63) & UINT64_C(0xffffffffffffffff)); + x187 = (x136 >> 1) | ((x138 << 63) & UINT64_C(0xffffffffffffffff)); + x188 = (x138 >> 1) | ((x140 << 63) & UINT64_C(0xffffffffffffffff)); + x189 = (x140 >> 1) | ((x142 << 63) & UINT64_C(0xffffffffffffffff)); + x190 = (x142 & UINT64_C(0x8000000000000000)) | (x142 >> 1); fiat_p434_cmovznz_u64(&x191, x75, x60, x46); fiat_p434_cmovznz_u64(&x192, x75, x62, x48); fiat_p434_cmovznz_u64(&x193, x75, x64, x50); diff --git a/fiat-c/src/p448_solinas_32.c b/fiat-c/src/p448_solinas_32.c index fb3b79b182..6a61d3d827 100644 --- a/fiat-c/src/p448_solinas_32.c +++ b/fiat-c/src/p448_solinas_32.c @@ -119,7 +119,7 @@ static FIAT_P448_FIAT_INLINE void fiat_p448_cmovznz_u32(uint32_t* out1, fiat_p44 uint32_t x3; x1 = !!arg1; x2 = (fiat_p448_int1)(0x0 - x1) & UINT32_C(0xffffffff); - x3 = fiat_p448_value_barrier_u32(x2) & arg3 | fiat_p448_value_barrier_u32(~x2) & arg2; + x3 = (fiat_p448_value_barrier_u32(x2) & arg3) | (fiat_p448_value_barrier_u32(~x2) & arg2); *out1 = x3; } diff --git a/fiat-c/src/p448_solinas_64.c b/fiat-c/src/p448_solinas_64.c index 01fe6dc389..58b99a30da 100644 --- a/fiat-c/src/p448_solinas_64.c +++ b/fiat-c/src/p448_solinas_64.c @@ -119,7 +119,7 @@ static FIAT_P448_FIAT_INLINE void fiat_p448_cmovznz_u64(uint64_t* out1, fiat_p44 uint64_t x3; x1 = !!arg1; x2 = (fiat_p448_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); - x3 = fiat_p448_value_barrier_u64(x2) & arg3 | fiat_p448_value_barrier_u64(~x2) & arg2; + x3 = (fiat_p448_value_barrier_u64(x2) & arg3) | (fiat_p448_value_barrier_u64(~x2) & arg2); *out1 = x3; } diff --git a/fiat-c/src/p521_64.c b/fiat-c/src/p521_64.c index 0f3fd3658a..1cc22f8c77 100644 --- a/fiat-c/src/p521_64.c +++ b/fiat-c/src/p521_64.c @@ -171,7 +171,7 @@ static FIAT_P521_FIAT_INLINE void fiat_p521_cmovznz_u64(uint64_t* out1, fiat_p52 uint64_t x3; x1 = !!arg1; x2 = (fiat_p521_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); - x3 = fiat_p521_value_barrier_u64(x2) & arg3 | fiat_p521_value_barrier_u64(~x2) & arg2; + x3 = (fiat_p521_value_barrier_u64(x2) & arg3) | (fiat_p521_value_barrier_u64(~x2) & arg2); *out1 = x3; } diff --git a/fiat-c/src/poly1305_32.c b/fiat-c/src/poly1305_32.c index 00b4374680..f98c84370a 100644 --- a/fiat-c/src/poly1305_32.c +++ b/fiat-c/src/poly1305_32.c @@ -114,7 +114,7 @@ static FIAT_POLY1305_FIAT_INLINE void fiat_poly1305_cmovznz_u32(uint32_t* out1, uint32_t x3; x1 = !!arg1; x2 = (fiat_poly1305_int1)(0x0 - x1) & UINT32_C(0xffffffff); - x3 = fiat_poly1305_value_barrier_u32(x2) & arg3 | fiat_poly1305_value_barrier_u32(~x2) & arg2; + x3 = (fiat_poly1305_value_barrier_u32(x2) & arg3) | (fiat_poly1305_value_barrier_u32(~x2) & arg2); *out1 = x3; } diff --git a/fiat-c/src/poly1305_64.c b/fiat-c/src/poly1305_64.c index b53d195df2..d54f2ef120 100644 --- a/fiat-c/src/poly1305_64.c +++ b/fiat-c/src/poly1305_64.c @@ -171,7 +171,7 @@ static FIAT_POLY1305_FIAT_INLINE void fiat_poly1305_cmovznz_u64(uint64_t* out1, uint64_t x3; x1 = !!arg1; x2 = (fiat_poly1305_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); - x3 = fiat_poly1305_value_barrier_u64(x2) & arg3 | fiat_poly1305_value_barrier_u64(~x2) & arg2; + x3 = (fiat_poly1305_value_barrier_u64(x2) & arg3) | (fiat_poly1305_value_barrier_u64(~x2) & arg2); *out1 = x3; } diff --git a/fiat-c/src/secp256k1_32.c b/fiat-c/src/secp256k1_32.c index c475e00bda..80c8089f7c 100644 --- a/fiat-c/src/secp256k1_32.c +++ b/fiat-c/src/secp256k1_32.c @@ -144,7 +144,7 @@ static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_cmovznz_u32(uint32_t* out1 uint32_t x3; x1 = !!arg1; x2 = (fiat_secp256k1_int1)(0x0 - x1) & UINT32_C(0xffffffff); - x3 = fiat_secp256k1_value_barrier_u32(x2) & arg3 | fiat_secp256k1_value_barrier_u32(~x2) & arg2; + x3 = (fiat_secp256k1_value_barrier_u32(x2) & arg3) | (fiat_secp256k1_value_barrier_u32(~x2) & arg2); *out1 = x3; } @@ -5501,15 +5501,15 @@ static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_divstep(uint32_t* out1, ui fiat_secp256k1_subborrowx_u32(&x200, &x201, x199, x184, UINT32_C(0xffffffff)); fiat_secp256k1_subborrowx_u32(&x202, &x203, x201, x185, 0x0); fiat_secp256k1_addcarryx_u32(&x204, &x205, 0x0, x6, 0x1); - x206 = x144 >> 1 | x146 << 31 & UINT32_C(0xffffffff); - x207 = x146 >> 1 | x148 << 31 & UINT32_C(0xffffffff); - x208 = x148 >> 1 | x150 << 31 & UINT32_C(0xffffffff); - x209 = x150 >> 1 | x152 << 31 & UINT32_C(0xffffffff); - x210 = x152 >> 1 | x154 << 31 & UINT32_C(0xffffffff); - x211 = x154 >> 1 | x156 << 31 & UINT32_C(0xffffffff); - x212 = x156 >> 1 | x158 << 31 & UINT32_C(0xffffffff); - x213 = x158 >> 1 | x160 << 31 & UINT32_C(0xffffffff); - x214 = x160 & UINT32_C(0x80000000) | x160 >> 1; + x206 = (x144 >> 1) | ((x146 << 31) & UINT32_C(0xffffffff)); + x207 = (x146 >> 1) | ((x148 << 31) & UINT32_C(0xffffffff)); + x208 = (x148 >> 1) | ((x150 << 31) & UINT32_C(0xffffffff)); + x209 = (x150 >> 1) | ((x152 << 31) & UINT32_C(0xffffffff)); + x210 = (x152 >> 1) | ((x154 << 31) & UINT32_C(0xffffffff)); + x211 = (x154 >> 1) | ((x156 << 31) & UINT32_C(0xffffffff)); + x212 = (x156 >> 1) | ((x158 << 31) & UINT32_C(0xffffffff)); + x213 = (x158 >> 1) | ((x160 << 31) & UINT32_C(0xffffffff)); + x214 = (x160 & UINT32_C(0x80000000)) | (x160 >> 1); fiat_secp256k1_cmovznz_u32(&x215, x84, x67, x51); fiat_secp256k1_cmovznz_u32(&x216, x84, x69, x53); fiat_secp256k1_cmovznz_u32(&x217, x84, x71, x55); diff --git a/fiat-c/src/secp256k1_64.c b/fiat-c/src/secp256k1_64.c index 7b0f81501d..4e11b59bce 100644 --- a/fiat-c/src/secp256k1_64.c +++ b/fiat-c/src/secp256k1_64.c @@ -149,7 +149,7 @@ static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_cmovznz_u64(uint64_t* out1 uint64_t x3; x1 = !!arg1; x2 = (fiat_secp256k1_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff); - x3 = fiat_secp256k1_value_barrier_u64(x2) & arg3 | fiat_secp256k1_value_barrier_u64(~x2) & arg2; + x3 = (fiat_secp256k1_value_barrier_u64(x2) & arg3) | (fiat_secp256k1_value_barrier_u64(~x2) & arg2); *out1 = x3; } @@ -2122,11 +2122,11 @@ static FIAT_SECP256K1_FIAT_INLINE void fiat_secp256k1_divstep(uint64_t* out1, ui fiat_secp256k1_subborrowx_u64(&x108, &x109, x107, x100, UINT64_C(0xffffffffffffffff)); fiat_secp256k1_subborrowx_u64(&x110, &x111, x109, x101, 0x0); fiat_secp256k1_addcarryx_u64(&x112, &x113, 0x0, x6, 0x1); - x114 = x80 >> 1 | x82 << 63 & UINT64_C(0xffffffffffffffff); - x115 = x82 >> 1 | x84 << 63 & UINT64_C(0xffffffffffffffff); - x116 = x84 >> 1 | x86 << 63 & UINT64_C(0xffffffffffffffff); - x117 = x86 >> 1 | x88 << 63 & UINT64_C(0xffffffffffffffff); - x118 = x88 & UINT64_C(0x8000000000000000) | x88 >> 1; + x114 = (x80 >> 1) | ((x82 << 63) & UINT64_C(0xffffffffffffffff)); + x115 = (x82 >> 1) | ((x84 << 63) & UINT64_C(0xffffffffffffffff)); + x116 = (x84 >> 1) | ((x86 << 63) & UINT64_C(0xffffffffffffffff)); + x117 = (x86 >> 1) | ((x88 << 63) & UINT64_C(0xffffffffffffffff)); + x118 = (x88 & UINT64_C(0x8000000000000000)) | (x88 >> 1); fiat_secp256k1_cmovznz_u64(&x119, x48, x39, x31); fiat_secp256k1_cmovznz_u64(&x120, x48, x41, x33); fiat_secp256k1_cmovznz_u64(&x121, x48, x43, x35); diff --git a/src/Stringification/C.v b/src/Stringification/C.v index 4ba9be1669..2de584c30e 100644 --- a/src/Stringification/C.v +++ b/src/Stringification/C.v @@ -298,11 +298,11 @@ Precedence | Operator | Description | Associativ ; ("<", (LeftAssoc, Level.level 6)); ("<=", (LeftAssoc, Level.level 6)) (* For relational operators < and ≤ respectively *) ; (">", (LeftAssoc, Level.level 6)); (">=", (LeftAssoc, Level.level 6)) (* For relational operators > and ≥ respectively *) ; ("==", (LeftAssoc, Level.level 7)); ("!=", (LeftAssoc, Level.level 7)) (* For relational = and ≠ respectively *) - ; ("&", (LeftAssoc, Level.level 8)) (* Bitwise AND *) - ; ("^", (LeftAssoc, Level.level 9)) (* Bitwise XOR (exclusive or) *) - ; ("|", (LeftAssoc, Level.level 10)) (* Bitwise OR (inclusive or) *) - ; ("&&", (LeftAssoc, Level.level 10)) (* Logical AND *) - ; ("||", (LeftAssoc, Level.level 10)) (* Logical OR *) + ; ("&", (ExplicitAssoc 2 2, Level.level 8)) (* Bitwise AND *) + ; ("^", (ExplicitAssoc 2 2, Level.level 9)) (* Bitwise XOR (exclusive or) *) + ; ("|", (ExplicitAssoc 2 2, Level.level 10)) (* Bitwise OR (inclusive or) *) + ; ("&&", (ExplicitAssoc 2 2, Level.level 10)) (* Logical AND *) + ; ("||", (ExplicitAssoc 2 2, Level.level 10)) (* Logical OR *) ; ("?:", (RightAssoc, Level.level 10)) (* Ternary conditional[note 3] *) ; ("=", (ExplicitAssoc 2 14, Level.level 10)) (* Simple assignment; Assignment operators' left operands must be unary (level-2 non-cast) expressions. *) ; ("+=", (ExplicitAssoc 2 14, Level.level 11)); ("-=", (ExplicitAssoc 2 14, Level.level 11)) (* Assignment by sum and difference *)