From 30c05eb26666237d6e042063fb3b78933353281d Mon Sep 17 00:00:00 2001
From: cathugger <cathugger@cock.li>
Date: Tue, 14 Jan 2020 17:51:56 +0000
Subject: [PATCH] remove some unused stuff, small fixups, use -Wextra

---
 GNUmakefile.in                                | 18 ----
 configure.ac                                  |  8 ++
 ed25519/amd64-51-30k/batch.c                  | 94 -------------------
 ed25519/amd64-51-30k/crypto_sign.h            |  2 +-
 ed25519/amd64-64-24k/batch.c                  | 94 -------------------
 .../ed25519-donna/curve25519-donna-helpers.h  |  2 +-
 6 files changed, 10 insertions(+), 208 deletions(-)
 delete mode 100644 ed25519/amd64-51-30k/batch.c
 delete mode 100644 ed25519/amd64-64-24k/batch.c

diff --git a/GNUmakefile.in b/GNUmakefile.in
index 0a90819..67c9028 100644
--- a/GNUmakefile.in
+++ b/GNUmakefile.in
@@ -135,15 +135,6 @@ base32_to.c.o: types.h base32.h
 base64_from.c.o: types.h base64.h
 base64_to.c.o: types.h base64.h
 cpucount.c.o: cpucount.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/randombytes.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/hram.h
 ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/fe25519.h
 ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h
 ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h
@@ -222,15 +213,6 @@ ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
 ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h
 ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h
 ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/randombytes.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/hram.h
 ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h
 ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h
 ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h
diff --git a/configure.ac b/configure.ac
index f4804fa..9c2ddac 100644
--- a/configure.ac
+++ b/configure.ac
@@ -192,6 +192,14 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
     [AC_MSG_RESULT([no])]
 )
 
+CFLAGS="$cstd -Wextra"
+AC_MSG_CHECKING([whether CC supports -Wextra])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+    [AC_MSG_RESULT([yes])]
+    [cstd="$cstd -Wextra"],
+    [AC_MSG_RESULT([no])]
+)
+
 # (negative) detection on clang fails without -Werror
 CFLAGS="$cstd -Wno-maybe-uninitialized -Werror"
 AC_MSG_CHECKING([whether CC supports -Wno-maybe-uninitialized])
diff --git a/ed25519/amd64-51-30k/batch.c b/ed25519/amd64-51-30k/batch.c
deleted file mode 100644
index 955392e..0000000
--- a/ed25519/amd64-51-30k/batch.c
+++ /dev/null
@@ -1,94 +0,0 @@
-#include "crypto_sign.h"
-
-#include "crypto_verify_32.h"
-#include "crypto_hash_sha512.h"
-#include "randombytes.h"
-
-#include "ge25519.h"
-#include "hram.h"
-
-#define MAXBATCH 64
-
-int crypto_sign_open_batch(
-    unsigned char* const m[],unsigned long long mlen[],
-    unsigned char* const sm[],const unsigned long long smlen[],
-    unsigned char* const pk[], 
-    unsigned long long num
-    )
-{
-  int ret = 0;
-  unsigned long long i, j;
-  shortsc25519 r[MAXBATCH];
-  sc25519 scalars[2*MAXBATCH+1];
-  ge25519 points[2*MAXBATCH+1];
-  unsigned char hram[crypto_hash_sha512_BYTES];
-  unsigned long long batchsize;
-
-  for (i = 0;i < num;++i) mlen[i] = -1;
-
-  while (num >= 3) {
-    batchsize = num;
-    if (batchsize > MAXBATCH) batchsize = MAXBATCH;
-
-    for (i = 0;i < batchsize;++i)
-      if (smlen[i] < 64) goto fallback;
-
-    randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize);
-
-    /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */
-    for(i=0;i<batchsize;i++)
-    {
-      sc25519_from32bytes(&scalars[i], sm[i]+32); 
-      sc25519_mul_shortsc(&scalars[i], &scalars[i], &r[i]);
-    }
-    for(i=1;i<batchsize;i++)
-      sc25519_add(&scalars[0], &scalars[0], &scalars[i]);
-    
-    /* Computing scalars[1] ... scalars[batchsize] as r[i]*H(R[i],A[i],m[i]) */
-    for(i=0;i<batchsize;i++)
-    {
-      get_hram(hram, sm[i], pk[i], m[i], smlen[i]);
-      sc25519_from64bytes(&scalars[i+1],hram);
-      sc25519_mul_shortsc(&scalars[i+1],&scalars[i+1],&r[i]);
-    }
-    /* Setting scalars[batchsize+1] ... scalars[2*batchsize] to r[i] */
-    for(i=0;i<batchsize;i++)
-      sc25519_from_shortsc(&scalars[batchsize+i+1],&r[i]);
-  
-    /* Computing points */
-    points[0] = ge25519_base;
-  
-    for(i=0;i<batchsize;i++)
-      if (ge25519_unpackneg_vartime(&points[i+1], pk[i])) goto fallback;
-    for(i=0;i<batchsize;i++)
-      if (ge25519_unpackneg_vartime(&points[batchsize+i+1], sm[i])) goto fallback;
-  
-    ge25519_multi_scalarmult_vartime(points, points, scalars, 2*batchsize+1);
-  
-    if (ge25519_isneutral_vartime(points)) {
-      for(i=0;i<batchsize;i++)
-      {
-        for(j=0;j<smlen[i]-64;j++)
-          m[i][j] = sm[i][j + 64];
-        mlen[i] = smlen[i]-64;
-      }
-    } else {
-      fallback:
-
-      for (i = 0;i < batchsize;++i)
-        ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
-    }
-
-    m += batchsize;
-    mlen += batchsize;
-    sm += batchsize;
-    smlen += batchsize;
-    pk += batchsize;
-    num -= batchsize;
-  }
-
-  for (i = 0;i < num;++i)
-    ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
-
-  return ret;
-}
diff --git a/ed25519/amd64-51-30k/crypto_sign.h b/ed25519/amd64-51-30k/crypto_sign.h
index ad34a9e..716e048 100644
--- a/ed25519/amd64-51-30k/crypto_sign.h
+++ b/ed25519/amd64-51-30k/crypto_sign.h
@@ -1,6 +1,6 @@
 #define crypto_sign ed25519_amd64_51_30k_sign
 #define crypto_sign_keypair ed25519_amd64_51_30k_keygen
-#define crypto_sign_seckey ed25519_ramd64_51_30k_seckey
+#define crypto_sign_seckey ed25519_amd64_51_30k_seckey
 #define crypto_sign_seckey_expand ed25519_amd64_51_30k_seckey_expand
 #define crypto_sign_pubkey ed25519_amd64_51_30k_pubkey
 #define crypto_sign_open ed25519_amd64_51_30k_open
diff --git a/ed25519/amd64-64-24k/batch.c b/ed25519/amd64-64-24k/batch.c
deleted file mode 100644
index 955392e..0000000
--- a/ed25519/amd64-64-24k/batch.c
+++ /dev/null
@@ -1,94 +0,0 @@
-#include "crypto_sign.h"
-
-#include "crypto_verify_32.h"
-#include "crypto_hash_sha512.h"
-#include "randombytes.h"
-
-#include "ge25519.h"
-#include "hram.h"
-
-#define MAXBATCH 64
-
-int crypto_sign_open_batch(
-    unsigned char* const m[],unsigned long long mlen[],
-    unsigned char* const sm[],const unsigned long long smlen[],
-    unsigned char* const pk[], 
-    unsigned long long num
-    )
-{
-  int ret = 0;
-  unsigned long long i, j;
-  shortsc25519 r[MAXBATCH];
-  sc25519 scalars[2*MAXBATCH+1];
-  ge25519 points[2*MAXBATCH+1];
-  unsigned char hram[crypto_hash_sha512_BYTES];
-  unsigned long long batchsize;
-
-  for (i = 0;i < num;++i) mlen[i] = -1;
-
-  while (num >= 3) {
-    batchsize = num;
-    if (batchsize > MAXBATCH) batchsize = MAXBATCH;
-
-    for (i = 0;i < batchsize;++i)
-      if (smlen[i] < 64) goto fallback;
-
-    randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize);
-
-    /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */
-    for(i=0;i<batchsize;i++)
-    {
-      sc25519_from32bytes(&scalars[i], sm[i]+32); 
-      sc25519_mul_shortsc(&scalars[i], &scalars[i], &r[i]);
-    }
-    for(i=1;i<batchsize;i++)
-      sc25519_add(&scalars[0], &scalars[0], &scalars[i]);
-    
-    /* Computing scalars[1] ... scalars[batchsize] as r[i]*H(R[i],A[i],m[i]) */
-    for(i=0;i<batchsize;i++)
-    {
-      get_hram(hram, sm[i], pk[i], m[i], smlen[i]);
-      sc25519_from64bytes(&scalars[i+1],hram);
-      sc25519_mul_shortsc(&scalars[i+1],&scalars[i+1],&r[i]);
-    }
-    /* Setting scalars[batchsize+1] ... scalars[2*batchsize] to r[i] */
-    for(i=0;i<batchsize;i++)
-      sc25519_from_shortsc(&scalars[batchsize+i+1],&r[i]);
-  
-    /* Computing points */
-    points[0] = ge25519_base;
-  
-    for(i=0;i<batchsize;i++)
-      if (ge25519_unpackneg_vartime(&points[i+1], pk[i])) goto fallback;
-    for(i=0;i<batchsize;i++)
-      if (ge25519_unpackneg_vartime(&points[batchsize+i+1], sm[i])) goto fallback;
-  
-    ge25519_multi_scalarmult_vartime(points, points, scalars, 2*batchsize+1);
-  
-    if (ge25519_isneutral_vartime(points)) {
-      for(i=0;i<batchsize;i++)
-      {
-        for(j=0;j<smlen[i]-64;j++)
-          m[i][j] = sm[i][j + 64];
-        mlen[i] = smlen[i]-64;
-      }
-    } else {
-      fallback:
-
-      for (i = 0;i < batchsize;++i)
-        ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
-    }
-
-    m += batchsize;
-    mlen += batchsize;
-    sm += batchsize;
-    smlen += batchsize;
-    pk += batchsize;
-    num -= batchsize;
-  }
-
-  for (i = 0;i < num;++i)
-    ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
-
-  return ret;
-}
diff --git a/ed25519/ed25519-donna/curve25519-donna-helpers.h b/ed25519/ed25519-donna/curve25519-donna-helpers.h
index eff03d0..1f76aef 100644
--- a/ed25519/ed25519-donna/curve25519-donna-helpers.h
+++ b/ed25519/ed25519-donna/curve25519-donna-helpers.h
@@ -48,7 +48,7 @@ curve25519_recip(bignum25519 out, const bignum25519 z) {
 	/* 2^255 - 21 */ curve25519_mul_noinline(out, b, a);
 }
 
-const static unsigned char curve25519_packedone[32] = {
+static const unsigned char curve25519_packedone[32] = {
 	1, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0,
 	0, 0, 0, 0, 0, 0, 0, 0,