1 files changed, 31 insertions, 26 deletions

diff --git a/src/ecmult_gen_impl.h b/src/ecmult_gen_impl.h
index 48436316e1..849452c7a1 100644
--- a/src/ecmult_gen_impl.h
+++ b/src/ecmult_gen_impl.h
@@ -24,49 +24,53 @@ typedef struct {
      * None of the resulting prec group elements have a known scalar, and neither do any of
      * the intermediate sums while computing a*G.
      */
-    secp256k1_fe_t prec[64][16][2]; /* prec[j][i] = (16^j * i * G + U_i).{x,y} */
+    secp256k1_ge_storage_t prec[64][16]; /* prec[j][i] = 16^j * i * G + U_i */
 } secp256k1_ecmult_gen_consts_t;
 
 static const secp256k1_ecmult_gen_consts_t *secp256k1_ecmult_gen_consts = NULL;
 
 static void secp256k1_ecmult_gen_start(void) {
+    secp256k1_ge_t prec[1024];
+    secp256k1_gej_t gj;
+    secp256k1_gej_t nums_gej;
+    secp256k1_ecmult_gen_consts_t *ret;
+    int i, j;
     if (secp256k1_ecmult_gen_consts != NULL)
         return;
 
     /* Allocate the precomputation table. */
-    secp256k1_ecmult_gen_consts_t *ret = (secp256k1_ecmult_gen_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_gen_consts_t));
+    ret = (secp256k1_ecmult_gen_consts_t*)checked_malloc(sizeof(secp256k1_ecmult_gen_consts_t));
 
     /* get the generator */
-    const secp256k1_ge_t *g = &secp256k1_ge_consts->g;
-    secp256k1_gej_t gj; secp256k1_gej_set_ge(&gj, g);
+    secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g);
 
     /* Construct a group element with no known corresponding scalar (nothing up my sleeve). */
-    secp256k1_gej_t nums_gej;
     {
-        static const unsigned char nums_b32[32] = "The scalar for this x is unknown";
+        static const unsigned char nums_b32[33] = "The scalar for this x is unknown";
         secp256k1_fe_t nums_x;
-        VERIFY_CHECK(secp256k1_fe_set_b32(&nums_x, nums_b32));
         secp256k1_ge_t nums_ge;
+        VERIFY_CHECK(secp256k1_fe_set_b32(&nums_x, nums_b32));
         VERIFY_CHECK(secp256k1_ge_set_xo_var(&nums_ge, &nums_x, 0));
         secp256k1_gej_set_ge(&nums_gej, &nums_ge);
         /* Add G to make the bits in x uniformly distributed. */
-        secp256k1_gej_add_ge_var(&nums_gej, &nums_gej, g);
+        secp256k1_gej_add_ge_var(&nums_gej, &nums_gej, &secp256k1_ge_const_g);
     }
 
     /* compute prec. */
-    secp256k1_ge_t prec[1024];
     {
         secp256k1_gej_t precj[1024]; /* Jacobian versions of prec. */
-        secp256k1_gej_t gbase; gbase = gj; /* 16^j * G */
-        secp256k1_gej_t numsbase; numsbase = nums_gej; /* 2^j * nums. */
-        for (int j=0; j<64; j++) {
+        secp256k1_gej_t gbase;
+        secp256k1_gej_t numsbase;
+        gbase = gj; /* 16^j * G */
+        numsbase = nums_gej; /* 2^j * nums. */
+        for (j = 0; j < 64; j++) {
             /* Set precj[j*16 .. j*16+15] to (numsbase, numsbase + gbase, ..., numsbase + 15*gbase). */
             precj[j*16] = numsbase;
-            for (int i=1; i<16; i++) {
+            for (i = 1; i < 16; i++) {
                 secp256k1_gej_add_var(&precj[j*16 + i], &precj[j*16 + i - 1], &gbase);
             }
             /* Multiply gbase by 16. */
-            for (int i=0; i<4; i++) {
+            for (i = 0; i < 4; i++) {
                 secp256k1_gej_double_var(&gbase, &gbase);
             }
             /* Multiply numbase by 2. */
@@ -79,11 +83,9 @@ static void secp256k1_ecmult_gen_start(void) {
         }
         secp256k1_ge_set_all_gej_var(1024, prec, precj);
     }
-    for (int j=0; j<64; j++) {
-        for (int i=0; i<16; i++) {
-            VERIFY_CHECK(!secp256k1_ge_is_infinity(&prec[j*16 + i]));
-            ret->prec[j][i][0] = prec[j*16 + i].x;
-            ret->prec[j][i][1] = prec[j*16 + i].y;
+    for (j = 0; j < 64; j++) {
+        for (i = 0; i < 16; i++) {
+            secp256k1_ge_to_storage(&ret->prec[j][i], &prec[j*16 + i]);
         }
     }
 
@@ -92,26 +94,29 @@ static void secp256k1_ecmult_gen_start(void) {
 }
 
 static void secp256k1_ecmult_gen_stop(void) {
+    secp256k1_ecmult_gen_consts_t *c;
     if (secp256k1_ecmult_gen_consts == NULL)
         return;
 
-    secp256k1_ecmult_gen_consts_t *c = (secp256k1_ecmult_gen_consts_t*)secp256k1_ecmult_gen_consts;
+    c = (secp256k1_ecmult_gen_consts_t*)secp256k1_ecmult_gen_consts;
     secp256k1_ecmult_gen_consts = NULL;
     free(c);
 }
 
 static void secp256k1_ecmult_gen(secp256k1_gej_t *r, const secp256k1_scalar_t *gn) {
     const secp256k1_ecmult_gen_consts_t *c = secp256k1_ecmult_gen_consts;
-    secp256k1_gej_set_infinity(r);
     secp256k1_ge_t add;
-    add.infinity = 0;
+    secp256k1_ge_storage_t adds;
     int bits;
-    for (int j=0; j<64; j++) {
+    int i, j;
+    secp256k1_gej_set_infinity(r);
+    add.infinity = 0;
+    for (j = 0; j < 64; j++) {
         bits = secp256k1_scalar_get_bits(gn, j * 4, 4);
-        for (int i=0; i<16; i++) {
-            secp256k1_fe_cmov(&add.x, &c->prec[j][i][0], i == bits);
-            secp256k1_fe_cmov(&add.y, &c->prec[j][i][1], i == bits);
+        for (i = 0; i < 16; i++) {
+            secp256k1_ge_storage_cmov(&adds, &c->prec[j][i], i == bits);
         }
+        secp256k1_ge_from_storage(&add, &adds);
         secp256k1_gej_add_ge(r, r, &add);
     }
     bits = 0;