* and lower bounds are achievable.
*
* All of the x_i at this point are positive, so we don't need to do
* and lower bounds are achievable.
*
* All of the x_i at this point are positive, so we don't need to do
- b = x9&B24; c = 19&((b >> 19) - (b >> 24)); x9 -= b << 1;
- b = x8&B25; x9 += b >> 25; x8 -= b << 1;
- b = x7&B24; x8 += b >> 24; x7 -= b << 1;
- b = x6&B25; x7 += b >> 25; x6 -= b << 1;
- b = x5&B24; x6 += b >> 24; x5 -= b << 1;
- b = x4&B25; x5 += b >> 25; x4 -= b << 1;
- b = x3&B24; x4 += b >> 24; x3 -= b << 1;
- b = x2&B25; x3 += b >> 25; x2 -= b << 1;
- b = x1&B24; x2 += b >> 24; x1 -= b << 1;
- b = x0&B25; x1 += (b >> 25) + (x0 >> 26); x0 = (x0&M26) - (b << 1);
+ b = x9&B24; c = 19&((b >> 19) - (b >> 24)); x9 -= b << 1;
+ b = x8&B25; x9 += b >> 25; x8 -= b << 1;
+ b = x7&B24; x8 += b >> 24; x7 -= b << 1;
+ b = x6&B25; x7 += b >> 25; x6 -= b << 1;
+ b = x5&B24; x6 += b >> 24; x5 -= b << 1;
+ b = x4&B25; x5 += b >> 25; x4 -= b << 1;
+ b = x3&B24; x4 += b >> 24; x3 -= b << 1;
+ b = x2&B25; x3 += b >> 25; x2 -= b << 1;
+ b = x1&B24; x2 += b >> 24; x1 -= b << 1;
+ b = x0&B25; x1 += (b >> 25) + (x0 >> 26); x0 = (x0&M26) - (b << 1);
- { octet b[32]; f25519_store(b, x); return (memcmp(b, d->buf, 32) == 0); }
+ { octet b[32]; f25519_store(b, x); return (MEMCMP(b, ==, d->buf, 32)); }