Prepare for round 3 update with packaging script

crypto_kem/kyber1024-90s/META.yml

@@ -21,14 +21,14 @@ auxiliary-submitters:
   - Damien Stehlé
 implementations:
     - name: clean
-      version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
+      version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
     - name: avx2
-      version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
+      version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
       supported_platforms:
         - architecture: x86_64
           operating_systems:
-            - Linux
-            - Darwin
+              - Linux
+              - Darwin
           required_flags:
               - aes
               - avx2

crypto_kem/kyber1024-90s/avx2/Makefile

@@ -1,44 +1,11 @@
 # This Makefile can be used with GNU Make or BSD Make
 
 LIB=libkyber1024-90s_avx2.a
-HEADERS=		   \
-	aes256ctr.h	   \
-	align.h        \
-	api.h          \
-	cbd.h          \
-	cdecl.inc      \
-	consts.h       \
-	fq.inc         \
-	indcpa.h       \
-	kem.h          \
-	ntt.h          \
-	params.h       \
-	poly.h         \
-	polyvec.h      \
-	reduce.h       \
-	rejsample.h    \
-	shuffle.inc    \
-	symmetric.h    \
-	verify.h
-OBJECTS=		   \
-	aes256ctr.o    \
-	basemul.o      \
-	cbd.o          \
-	consts.o       \
-	fq.o           \
-	indcpa.o       \
-	invntt.o       \
-	kem.o          \
-	ntt.o          \
-	poly.o         \
-	polyvec.o      \
-	rejsample.o    \
-	shuffle.o      \
-	verify.o
-
+HEADERS=aes256ctr.h align.h api.h cbd.h cdecl.h consts.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h rejsample.h symmetric.h verify.h  fq.inc shuffle.inc 
+OBJECTS=aes256ctr.o cbd.o consts.o indcpa.o kem.o poly.o polyvec.o rejsample.o verify.o  basemul.o fq.o invntt.o ntt.o shuffle.o 
 CFLAGS=-mavx2 -maes -mbmi2 -mpopcnt -O3 -Wall -Wextra -Wpedantic -Werror \
-	   -Wmissing-prototypes -Wredundant-decls -std=c99 \
-	   -I../../../common $(EXTRAFLAGS)
+          -Wmissing-prototypes -Wredundant-decls -std=c99 \
+          -I../../../common $(EXTRAFLAGS)
 
 all: $(LIB)
 

crypto_kem/kyber1024-90s/avx2/aes256ctr.c

@@ -1,3 +1,7 @@
+#include "aes256ctr.h"
+#include <immintrin.h>
+#include <stddef.h>
+#include <stdint.h>
 /*
   Based heavily on public-domain code by Romain Dolbeau
   Different handling of nonce+counter than original version
@@ -5,10 +9,6 @@
   Public Domain
 */
 
-#include "aes256ctr.h"
-#include <immintrin.h>
-#include <stddef.h>
-#include <stdint.h>
 
 static inline void aesni_encrypt4(uint8_t out[64],
                                   __m128i *n,
@@ -114,7 +114,7 @@ void PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(aes256ctr_ctx *state, const uint8_
 void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out,
         size_t nblocks,
         aes256ctr_ctx *state) {
-    size_t i = 0;
+    size_t i;
     for (i = 0; i < nblocks; i++) {
         aesni_encrypt4(out, &state->n, state->rkeys);
         out += 64;
@@ -123,13 +123,13 @@ void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out,
 
 void PQCLEAN_KYBER102490S_AVX2_aes256ctr_prf(uint8_t *out,
         size_t outlen,
-        const uint8_t seed[32],
+        const uint8_t key[32],
         uint64_t nonce) {
-    unsigned int i = 0;
+    unsigned int i;
     uint8_t buf[64];
     aes256ctr_ctx state;
 
-    PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(&state, seed, nonce);
+    PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(&state, key, nonce);
 
     while (outlen >= 64) {
         aesni_encrypt4(out, &state.n, state.rkeys);

crypto_kem/kyber1024-90s/avx2/aes256ctr.h

@@ -1,11 +1,10 @@
-#ifndef AES256CTR_H
-#define AES256CTR_H
+#ifndef PQCLEAN_KYBER102490S_AVX2_AES256CTR_H
+#define PQCLEAN_KYBER102490S_AVX2_AES256CTR_H
 
 #include <immintrin.h>
 #include <stddef.h>
 #include <stdint.h>
 
-#define AES256CTR_NAMESPACE(s) pqcrystals_aes256ctr_avx2##s
 
 #define AES256CTR_BLOCKBYTES 64
 
@@ -14,8 +13,17 @@ typedef struct {
     __m128i n;
 } aes256ctr_ctx;
 
-void PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(aes256ctr_ctx *state, const uint8_t key[32], uint64_t nonce);
-void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out, size_t nblocks, aes256ctr_ctx *state);
-void PQCLEAN_KYBER102490S_AVX2_aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t seed[32], uint64_t nonce);
+void PQCLEAN_KYBER102490S_AVX2_aes256ctr_init(aes256ctr_ctx *state,
+        const uint8_t key[32],
+        uint64_t nonce);
+
+void PQCLEAN_KYBER102490S_AVX2_aes256ctr_squeezeblocks(uint8_t *out,
+        size_t nblocks,
+        aes256ctr_ctx *state);
+
+void PQCLEAN_KYBER102490S_AVX2_aes256ctr_prf(uint8_t *out,
+        size_t outlen,
+        const uint8_t key[32],
+        uint64_t nonce);
 
 #endif

crypto_kem/kyber1024-90s/avx2/align.h

@@ -1,5 +1,6 @@
 #ifndef PQCLEAN_KYBER102490S_AVX2_ALIGN_H
 #define PQCLEAN_KYBER102490S_AVX2_ALIGN_H
+
 #include <immintrin.h>
 
 #define ALIGN16_TYPE(t) \

crypto_kem/kyber1024-90s/avx2/api.h

@@ -15,5 +15,4 @@ int PQCLEAN_KYBER102490S_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uin
 
 int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
 
-
 #endif

crypto_kem/kyber1024-90s/avx2/basemul.S

@@ -1,5 +1,5 @@
+#include "cdecl.h"
 #include "params.h"
-#include "cdecl.inc"
 
 .macro schoolbook off,sign
 #load
@@ -165,7 +165,9 @@ vmovdqa		%ymm5,96(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx)
+.global _cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx)
 cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx):
+_cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx):
 #consts
 vmovdqa		_16XQ*2(%rcx),%ymm0
 vmovdqa		_16XQINV*2(%rcx),%ymm1
@@ -215,7 +217,9 @@ vmovdqa		%ymm12,96(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx)
+.global _cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx)
 cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx):
+_cdecl(PQCLEAN_KYBER102490S_AVX2_basemul_avx):
 #consts
 vmovdqa		_16XQ*2(%rcx),%ymm0
 vmovdqa		_16XQINV*2(%rcx),%ymm1

crypto_kem/kyber1024-90s/avx2/cbd.c

@@ -1,5 +1,5 @@
-#include "params.h"
 #include "cbd.h"
+#include "params.h"
 #include <immintrin.h>
 #include <stdint.h>
 
@@ -14,7 +14,7 @@
 *              - const unsigned char *buf: pointer to input byte array
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_cbd(poly *restrict r, const uint8_t *restrict buf) {
-    unsigned int i = 0;
+    unsigned int i;
     __m256i vec0, vec1, vec2, vec3, tmp;
     const __m256i mask55 = _mm256_set1_epi32(0x55555555);
     const __m256i mask33 = _mm256_set1_epi32(0x33333333);

crypto_kem/kyber1024-90s/avx2/cbd.h

@@ -1,11 +1,9 @@
 #ifndef PQCLEAN_KYBER102490S_AVX2_CBD_H
 #define PQCLEAN_KYBER102490S_AVX2_CBD_H
-
 #include "params.h"
 #include "poly.h"
 #include <stdint.h>
 
-
 void PQCLEAN_KYBER102490S_AVX2_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
 
 #endif

crypto_kem/kyber1024-90s/avx2/cdecl.inc → crypto_kem/kyber1024-90s/avx2/cdecl.h

@@ -1,5 +1,5 @@
-#ifndef PQCLEAN_DILITHIUM2_AVX2_CDECL
-#define PQCLEAN_DILITHIUM2_AVX2_CDECL
+#ifndef PQCLEAN_KYBER102490S_AVX2_CDECL_H
+#define PQCLEAN_KYBER102490S_AVX2_CDECL_H
 
 #define _16XQ            0
 #define _16XQINV        16
@@ -21,10 +21,6 @@
  * This define helps us get around this
  */
 
-#if defined(__WIN32__) || defined(__APPLE__)
-#define cdecl(s) _##s
-#else
+#define _cdecl(s) _##s
 #define cdecl(s) s
 #endif
-
-#endif

crypto_kem/kyber1024-90s/avx2/consts.c

@@ -1,5 +1,5 @@
-#include "params.h"
 #include "consts.h"
+#include "params.h"
 #include <stdint.h>
 
 #define Q KYBER_Q

crypto_kem/kyber1024-90s/avx2/consts.h

@@ -1,12 +1,11 @@
 #ifndef PQCLEAN_KYBER102490S_AVX2_CONSTS_H
 #define PQCLEAN_KYBER102490S_AVX2_CONSTS_H
-
-#include "cdecl.inc"
-
+#include "cdecl.h"
 #include "params.h"
 #include <immintrin.h>
 #include <stdint.h>
 
+
 #define ALIGNED_UINT16_T(N) \
     union   {                   \
         __m256i as_vec;         \

crypto_kem/kyber1024-90s/avx2/fq.S

@@ -1,4 +1,4 @@
-#include "cdecl.inc"
+#include "cdecl.h"
 .include "fq.inc"
 
 .text
@@ -35,7 +35,9 @@ vmovdqa		%ymm9,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx)
+.global _cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx)
 cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx):
+_cdecl(PQCLEAN_KYBER102490S_AVX2_reduce_avx):
 #consts
 vmovdqa		_16XQ*2(%rsi),%ymm0
 vmovdqa		_16XV*2(%rsi),%ymm1
@@ -77,7 +79,9 @@ vmovdqa		%ymm8,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx)
+.global _cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx)
 cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx):
+_cdecl(PQCLEAN_KYBER102490S_AVX2_csubq_avx):
 #consts
 vmovdqa		_16XQ*2(%rsi),%ymm0
 call		csubq128_avx
@@ -118,7 +122,9 @@ vmovdqa		%ymm10,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx)
+.global _cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx)
 cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx):
+_cdecl(PQCLEAN_KYBER102490S_AVX2_tomont_avx):
 #consts
 vmovdqa		_16XQ*2(%rsi),%ymm0
 vmovdqa		_16XMONTSQLO*2(%rsi),%ymm1

crypto_kem/kyber1024-90s/avx2/indcpa.c

@@ -25,7 +25,7 @@
 static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
                     polyvec *pk,
                     const uint8_t seed[KYBER_SYMBYTES]) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(r, pk);
     for (i = 0; i < KYBER_SYMBYTES; i++) {
         r[i + KYBER_POLYVECBYTES] = seed[i];
@@ -45,7 +45,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
 static void unpack_pk(polyvec *pk,
                       uint8_t seed[KYBER_SYMBYTES],
                       const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(pk, packedpk);
     for (i = 0; i < KYBER_SYMBYTES; i++) {
         seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@@ -133,8 +133,8 @@ static unsigned int rej_uniform(int16_t *r,
                                 unsigned int len,
                                 const uint8_t *buf,
                                 unsigned int buflen) {
-    unsigned int ctr = 0, pos = 0;
-    uint16_t val = 0;
+    unsigned int ctr, pos;
+    uint16_t val;
 
     ctr = pos = 0;
     while (ctr < len && pos + 2 <= buflen) {
@@ -168,7 +168,7 @@ static unsigned int rej_uniform(int16_t *r,
 #define GEN_MATRIX_NBLOCKS ((2*KYBER_N*(1U << 16)/(19*KYBER_Q) \
                              + XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
 void PQCLEAN_KYBER102490S_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) {
-    unsigned int ctr = 0, i = 0, j = 0;
+    unsigned int ctr, i, j;
     ALIGN16_TYPE(uint64_t) nonce = {.orig = 0};
     ALIGN32_ARRAY(uint8_t, GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES) buf;
     aes256ctr_ctx state;
@@ -211,7 +211,7 @@ void PQCLEAN_KYBER102490S_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_S
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
         uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
     ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
     const uint8_t *publicseed = buf.arr;
     const uint8_t *noiseseed = buf.arr + KYBER_SYMBYTES;
@@ -276,7 +276,7 @@ void PQCLEAN_KYBER102490S_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
         const uint8_t m[KYBER_INDCPA_MSGBYTES],
         const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
         const uint8_t coins[KYBER_SYMBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
     ALIGN32_ARRAY(uint8_t, KYBER_SYMBYTES) seed;
     polyvec sp, pkpv, ep, at[KYBER_K], bp;
     poly v, k, epp;

crypto_kem/kyber1024-90s/avx2/indcpa.h

@@ -1,16 +1,20 @@
 #ifndef PQCLEAN_KYBER102490S_AVX2_INDCPA_H
 #define PQCLEAN_KYBER102490S_AVX2_INDCPA_H
-
 #include "params.h"
 #include "polyvec.h"
 #include <stdint.h>
 
 void PQCLEAN_KYBER102490S_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
+void PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
+        uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
 
-void PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
-
-void PQCLEAN_KYBER102490S_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
+void PQCLEAN_KYBER102490S_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
+        const uint8_t m[KYBER_INDCPA_MSGBYTES],
+        const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
+        const uint8_t coins[KYBER_SYMBYTES]);
 
-void PQCLEAN_KYBER102490S_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
+void PQCLEAN_KYBER102490S_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
+        const uint8_t c[KYBER_INDCPA_BYTES],
+        const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
 
 #endif

crypto_kem/kyber1024-90s/avx2/invntt.S

@@ -1,4 +1,4 @@
-#include "cdecl.inc"
+#include "cdecl.h"
 .include "shuffle.inc"
 .include "fq.inc"
 
@@ -210,7 +210,9 @@ vmovdqa		%ymm7,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx)
+.global _cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx)
 cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx):
+_cdecl(PQCLEAN_KYBER102490S_AVX2_invntt_avx):
 #consts
 vmovdqa         _16XQ*2(%rsi),%ymm0
 mov		%rsi,%rdx

crypto_kem/kyber1024-90s/avx2/kem.c

@@ -8,7 +8,6 @@
 #include <stddef.h>
 #include <stdint.h>
 
-
 /*************************************************
 * Name:        PQCLEAN_KYBER102490S_AVX2_crypto_kem_keypair
 *
@@ -23,7 +22,7 @@
 * Returns 0 (success)
 **************************************************/
 int PQCLEAN_KYBER102490S_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER102490S_AVX2_indcpa_keypair(pk, sk);
     for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
         sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@@ -94,8 +93,8 @@ int PQCLEAN_KYBER102490S_AVX2_crypto_kem_enc(unsigned char *ct,
 int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(unsigned char *ss,
         const unsigned char *ct,
         const unsigned char *sk) {
-    size_t i = 0;
-    int fail = 0;
+    size_t i;
+    int fail;
     ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
     /* Will contain key, coins */
     ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) kr;
@@ -119,7 +118,7 @@ int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(unsigned char *ss,
     hash_h(kr.arr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES);
 
     /* Overwrite pre-k with z on re-encryption failure */
-    PQCLEAN_KYBER102490S_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail);
+    PQCLEAN_KYBER102490S_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail);
 
     /* hash concatenation of pre-k and H(c) to k */
     kdf(ss, kr.arr, 2 * KYBER_SYMBYTES);

crypto_kem/kyber1024-90s/avx2/kem.h

@@ -1,17 +1,14 @@
 #ifndef PQCLEAN_KYBER102490S_AVX2_KEM_H
 #define PQCLEAN_KYBER102490S_AVX2_KEM_H
-
 #include "params.h"
 
 
 int PQCLEAN_KYBER102490S_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
 
-
 int PQCLEAN_KYBER102490S_AVX2_crypto_kem_enc(unsigned char *ct,
         unsigned char *ss,
         const unsigned char *pk);
 
-
 int PQCLEAN_KYBER102490S_AVX2_crypto_kem_dec(unsigned char *ss,
         const unsigned char *ct,
         const unsigned char *sk);

crypto_kem/kyber1024-90s/avx2/ntt.S

@@ -1,4 +1,4 @@
-#include "cdecl.inc"
+#include "cdecl.h"
 .include "shuffle.inc"
 .include "fq.inc"
 
@@ -203,7 +203,9 @@ vmovdqa		%ymm11,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx)
+.global _cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx)
 cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx):
+_cdecl(PQCLEAN_KYBER102490S_AVX2_ntt_avx):
 #consts
 vmovdqa		_16XQ*2(%rsi),%ymm0
 mov		%rsi,%rdx

crypto_kem/kyber1024-90s/avx2/ntt.h

@@ -1,28 +1,24 @@
-#ifndef NTT_H
-#define NTT_H
-
+#ifndef PQCLEAN_KYBER102490S_AVX2_NTT_H
+#define PQCLEAN_KYBER102490S_AVX2_NTT_H
 #include "consts.h"
-#include "params.h"
 #include <stdint.h>
 
-
 void PQCLEAN_KYBER102490S_AVX2_ntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
-
 void PQCLEAN_KYBER102490S_AVX2_invntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
 
-
-void nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
-
+void PQCLEAN_KYBER102490S_AVX2_nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
 void PQCLEAN_KYBER102490S_AVX2_nttunpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
 
-
-void PQCLEAN_KYBER102490S_AVX2_basemul_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
-
-void PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
-
+void PQCLEAN_KYBER102490S_AVX2_basemul_avx(int16_t *r,
+        const int16_t *a,
+        const int16_t *b,
+        const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
+void PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(int16_t *r,
+        const int16_t *a,
+        const int16_t *b,
+        const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
 
 void PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx(uint8_t *r, const int16_t *a, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
-
 void PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx(int16_t *r, const uint8_t *a, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
 
 #endif

crypto_kem/kyber1024-90s/avx2/params.h

@@ -1,6 +1,9 @@
 #ifndef PQCLEAN_KYBER102490S_AVX2_PARAMS_H
 #define PQCLEAN_KYBER102490S_AVX2_PARAMS_H
 
+
+
+
 #define KYBER_N 256
 #define KYBER_Q 3329
 

crypto_kem/kyber1024-90s/avx2/poly.c

@@ -19,7 +19,7 @@
 *              - poly *a:    pointer to input polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *restrict a) {
-    unsigned int i = 0, j = 0;
+    unsigned int i, j;
     uint8_t t[8];
 
     PQCLEAN_KYBER102490S_AVX2_poly_csubq(a);
@@ -50,9 +50,9 @@ void PQCLEAN_KYBER102490S_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_poly_decompress(poly *restrict r,
         const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
 
-    unsigned int j = 0;
+    unsigned int j;
     uint8_t t[8];
     for (i = 0; i < KYBER_N / 8; i++) {
         t[0] = (a[0] >> 0);
@@ -114,7 +114,7 @@ void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *restrict r,
     const __m256i hqs = _mm256_set1_epi16((KYBER_Q + 1) / 2);
 
 #define FROMMSG64(i)                        \
-    g3 = _mm256_shuffle_epi32(f,0x55*(i));              \
+    g3 = _mm256_shuffle_epi32(f,0x55*(i));                \
     g3 = _mm256_sllv_epi32(g3,shift);             \
     g3 = _mm256_shuffle_epi8(g3,idx);             \
     g0 = _mm256_slli_epi16(g3,12);                \
@@ -136,9 +136,9 @@ void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *restrict r,
     g2 = _mm256_permute2x128_si256(h0,h1,0x31);           \
     g1 = _mm256_permute2x128_si256(h2,h3,0x20);           \
     g3 = _mm256_permute2x128_si256(h2,h3,0x31);           \
-    _mm256_store_si256((__m256i *)&r->coeffs[  0+32*(i)+ 0],g0);    \
-    _mm256_store_si256((__m256i *)&r->coeffs[  0+32*(i)+16],g1);    \
-    _mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2);    \
+    _mm256_store_si256((__m256i *)&r->coeffs[  0+32*(i)+ 0],g0);  \
+    _mm256_store_si256((__m256i *)&r->coeffs[  0+32*(i)+16],g1);  \
+    _mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2);  \
     _mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+16],g3)
 
     f = _mm256_load_si256((__m256i *)msg);
@@ -157,8 +157,8 @@ void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *restrict r,
 *              - poly *a:      pointer to input polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *restrict a) {
-    unsigned int i = 0;
-    uint32_t small = 0;
+    unsigned int i;
+    uint32_t small;
     __m256i f0, f1, g0, g1;
     const __m256i hqs = _mm256_set1_epi16((KYBER_Q - 1) / 2);
     const __m256i hhqs = _mm256_set1_epi16((KYBER_Q - 5) / 4);
@@ -293,7 +293,7 @@ void PQCLEAN_KYBER102490S_AVX2_poly_csubq(poly *r) {
 *            - const poly *b: pointer to second input polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
-    unsigned int i = 0;
+    unsigned int i;
     __m256i f0, f1;
 
     for (i = 0; i < KYBER_N; i += 16) {
@@ -314,7 +314,7 @@ void PQCLEAN_KYBER102490S_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
 *            - const poly *b: pointer to second input polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_poly_sub(poly *r, const poly *a, const poly *b) {
-    unsigned int i = 0;
+    unsigned int i;
     __m256i f0, f1;
 
     for (i = 0; i < KYBER_N; i += 16) {

crypto_kem/kyber1024-90s/avx2/poly.h

@@ -1,6 +1,5 @@
 #ifndef PQCLEAN_KYBER102490S_AVX2_POLY_H
 #define PQCLEAN_KYBER102490S_AVX2_POLY_H
-
 #include "params.h"
 #include <immintrin.h>
 #include <stdint.h>
@@ -14,43 +13,27 @@ typedef union {
     int16_t coeffs[KYBER_N];
 } poly;
 
-
 void PQCLEAN_KYBER102490S_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a);
-
 void PQCLEAN_KYBER102490S_AVX2_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]);
 
-
 void PQCLEAN_KYBER102490S_AVX2_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a);
-
 void PQCLEAN_KYBER102490S_AVX2_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]);
 
-
 void PQCLEAN_KYBER102490S_AVX2_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]);
-
 void PQCLEAN_KYBER102490S_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a);
 
-
 void PQCLEAN_KYBER102490S_AVX2_poly_getnoise(poly *r, const uint8_t seed[KYBER_SYMBYTES], uint8_t nonce);
 
-
 void PQCLEAN_KYBER102490S_AVX2_poly_ntt(poly *r);
-
 void PQCLEAN_KYBER102490S_AVX2_poly_invntt_tomont(poly *r);
-
 void PQCLEAN_KYBER102490S_AVX2_poly_nttunpack(poly *r);
-
 void PQCLEAN_KYBER102490S_AVX2_poly_basemul_montgomery(poly *r, const poly *a, const poly *b);
-
 void PQCLEAN_KYBER102490S_AVX2_poly_tomont(poly *r);
 
-
 void PQCLEAN_KYBER102490S_AVX2_poly_reduce(poly *r);
-
 void PQCLEAN_KYBER102490S_AVX2_poly_csubq(poly *r);
 
-
 void PQCLEAN_KYBER102490S_AVX2_poly_add(poly *r, const poly *a, const poly *b);
-
 void PQCLEAN_KYBER102490S_AVX2_poly_sub(poly *r, const poly *a, const poly *b);
 
 #endif

crypto_kem/kyber1024-90s/avx2/polyvec.c

@@ -1,6 +1,6 @@
-#include "params.h"
 #include "consts.h"
 #include "ntt.h"
+#include "params.h"
 #include "poly.h"
 #include "polyvec.h"
 #include <stdint.h>
@@ -16,7 +16,7 @@
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES],
         polyvec *restrict a) {
-    unsigned int i = 0, j = 0, k = 0;
+    size_t i, j, k;
 
     PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(a);
 
@@ -24,10 +24,8 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSE
     for (i = 0; i < KYBER_K; i++) {
         for (j = 0; j < KYBER_N / 8; j++) {
             for (k = 0; k < 8; k++) {
-                {
-                    t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
-                            / KYBER_Q) & 0x7ff;
-                }
+                t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
+                        / KYBER_Q) & 0x7ff;
             }
 
             r[ 0] = (t[0] >>  0);
@@ -58,7 +56,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSE
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_polyvec_decompress(polyvec *restrict r,
         const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]) {
-    unsigned int i = 0, j = 0, k = 0;
+    size_t i, j, k;
 
     uint16_t t[8];
     for (i = 0; i < KYBER_K; i++) {
@@ -90,7 +88,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_decompress(polyvec *restrict r,
 *              - polyvec *a: pointer to input vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_AVX2_poly_tobytes(r + i * KYBER_POLYBYTES, &a->vec[i]);
     }
@@ -107,7 +105,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], po
 *                                  (of length KYBER_POLYVECBYTES)
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_AVX2_poly_frombytes(&r->vec[i], a + i * KYBER_POLYBYTES);
     }
@@ -121,7 +119,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYB
 * Arguments:   - polyvec *r: pointer to in/output vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_polyvec_ntt(polyvec *r) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_AVX2_poly_ntt(&r->vec[i]);
     }
@@ -136,7 +134,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_ntt(polyvec *r) {
 * Arguments:   - polyvec *r: pointer to in/output vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_polyvec_invntt_tomont(polyvec *r) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_AVX2_poly_invntt_tomont(&r->vec[i]);
     }
@@ -155,7 +153,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_invntt_tomont(polyvec *r) {
 void PQCLEAN_KYBER102490S_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
         const polyvec *a,
         const polyvec *b) {
-    PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, &PQCLEAN_KYBER102490S_AVX2_qdata);
+    PQCLEAN_KYBER102490S_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, & PQCLEAN_KYBER102490S_AVX2_qdata);
 }
 
 /*************************************************
@@ -168,7 +166,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
 * Arguments:   - poly *r: pointer to input/output polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_polyvec_reduce(polyvec *r) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_AVX2_poly_reduce(&r->vec[i]);
     }
@@ -185,7 +183,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_reduce(polyvec *r) {
 * Arguments:   - poly *r: pointer to input/output polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(polyvec *r) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_AVX2_poly_csubq(&r->vec[i]);
     }
@@ -201,7 +199,7 @@ void PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(polyvec *r) {
 *            - const polyvec *b: pointer to second input vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_AVX2_poly_add(&r->vec[i], &a->vec[i], &b->vec[i]);
     }

crypto_kem/kyber1024-90s/avx2/polyvec.h

@@ -1,6 +1,5 @@
 #ifndef PQCLEAN_KYBER102490S_AVX2_POLYVEC_H
 #define PQCLEAN_KYBER102490S_AVX2_POLYVEC_H
-
 #include "params.h"
 #include "poly.h"
 #include <stdint.h>
@@ -9,33 +8,23 @@ typedef struct {
     poly vec[KYBER_K];
 } polyvec;
 
-
 void PQCLEAN_KYBER102490S_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a);
-
 void PQCLEAN_KYBER102490S_AVX2_polyvec_decompress(polyvec *r,
         const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]);
 
-
 void PQCLEAN_KYBER102490S_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a);
-
 void PQCLEAN_KYBER102490S_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]);
 
-
 void PQCLEAN_KYBER102490S_AVX2_polyvec_ntt(polyvec *r);
-
 void PQCLEAN_KYBER102490S_AVX2_polyvec_invntt_tomont(polyvec *r);
 
-
 void PQCLEAN_KYBER102490S_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
         const polyvec *a,
         const polyvec *b);
 
-
 void PQCLEAN_KYBER102490S_AVX2_polyvec_reduce(polyvec *r);
-
 void PQCLEAN_KYBER102490S_AVX2_polyvec_csubq(polyvec *r);
 
-
 void PQCLEAN_KYBER102490S_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b);
 
 #endif

crypto_kem/kyber1024-90s/avx2/reduce.h

@@ -1,16 +1,10 @@
-#ifndef REDUCE_H
-#define REDUCE_H
-
-#include <stdint.h>
-
+#ifndef PQCLEAN_KYBER102490S_AVX2_REDUCE_H
+#define PQCLEAN_KYBER102490S_AVX2_REDUCE_H
 #include "consts.h"
-#include "params.h"
-
+#include <stdint.h>
 
 int16_t PQCLEAN_KYBER102490S_AVX2_reduce_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
-
 int16_t PQCLEAN_KYBER102490S_AVX2_csubq_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
-
 int16_t PQCLEAN_KYBER102490S_AVX2_tomont_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER102490S_AVX2_qdata);
 
 #endif

crypto_kem/kyber1024-90s/avx2/rejsample.c

@@ -2,6 +2,7 @@
 #include "consts.h"
 #include "params.h"
 #include "rejsample.h"
+#include <immintrin.h>
 #include <stdint.h>
 
 static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
@@ -270,9 +271,9 @@ static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
 #define REJ_UNIFORM_BUFLEN 576
 unsigned int PQCLEAN_KYBER102490S_AVX2_rej_uniform_avx(int16_t *restrict r,
         const uint8_t *restrict buf) {
-    unsigned int ctr = 0, pos = 0;
-    uint16_t val = 0;
-    uint32_t good = 0;
+    unsigned int ctr, pos;
+    uint16_t val;
+    uint32_t good;
     const __m256i bound  = _mm256_set1_epi16((int16_t)(19 * KYBER_Q - 1));
     const __m256i ones   = _mm256_set1_epi8(1);
     const __m256i kyberq = _mm256_load_si256((__m256i *)&PQCLEAN_KYBER102490S_AVX2_qdata.as_arr[_16XQ]);
@@ -297,7 +298,7 @@ unsigned int PQCLEAN_KYBER102490S_AVX2_rej_uniform_avx(int16_t *restrict r,
         g1 = _mm256_inserti128_si256(g1, _mm_loadl_epi64((__m128i *)&idx.arr[(good >> 24) & 0xFF]), 1);
 
         //g0 = _mm256_cvtepu8_epi64(_mm_loadl_epi64((__m128i *)&good));
-        //g1 = _mm256_i64gather_epi64((long long *)idx, g0, 8);
+        //g1 = _mm256_i64gather_epi64((long long *)idx.arr, g0, 8);
 
         /* Barrett reduction of (still unsigned) values */
         g2 = _mm256_mulhi_epu16(f0, v);

crypto_kem/kyber1024-90s/avx2/rejsample.h

@@ -1,10 +1,8 @@
-#ifndef REJSAMPLE_H
-#define REJSAMPLE_H
-
+#ifndef PQCLEAN_KYBER102490S_AVX2_REJSAMPLE_H
+#define PQCLEAN_KYBER102490S_AVX2_REJSAMPLE_H
 #include "params.h"
 #include <stdint.h>
 
-
 unsigned int PQCLEAN_KYBER102490S_AVX2_rej_uniform_avx(int16_t *r,
         const unsigned char *buf);
 

crypto_kem/kyber1024-90s/avx2/shuffle.S

@@ -1,4 +1,4 @@
-#include "cdecl.inc"
+#include "cdecl.h"
 .include "fq.inc"
 .include "shuffle.inc"
 
@@ -92,7 +92,9 @@ vmovdqa		%ymm11,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx)
+.global _cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx)
 cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx):
+_cdecl(PQCLEAN_KYBER102490S_AVX2_nttunpack_avx):
 call		nttunpack128_avx
 add		$256,%rdi
 call		nttunpack128_avx
@@ -169,7 +171,9 @@ vmovdqu		%ymm9,160(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx)
+.global _cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx)
 cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx):
+_cdecl(PQCLEAN_KYBER102490S_AVX2_ntttobytes_avx):
 #consts
 vmovdqa		_16XQ*2(%rdx),%ymm0
 call		ntttobytes128_avx
@@ -245,7 +249,9 @@ vmovdqa		%ymm1,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx)
+.global _cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx)
 cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx):
+_cdecl(PQCLEAN_KYBER102490S_AVX2_nttfrombytes_avx):
 #consts
 vmovdqa		_16XMASK*2(%rdx),%ymm0
 call		nttfrombytes128_avx

crypto_kem/kyber1024-90s/avx2/symmetric.h

@@ -1,13 +1,12 @@
-#ifndef SYMMETRIC_H
-#define SYMMETRIC_H
-
+#ifndef PQCLEAN_KYBER102490S_AVX2_SYMMETRIC_H
+#define PQCLEAN_KYBER102490S_AVX2_SYMMETRIC_H
+#include "aes256ctr.h"
 #include "params.h"
+#include "sha2.h"
 #include <stddef.h>
 #include <stdint.h>
 
 
-#include "aes256ctr.h"
-#include "sha2.h"
 
 typedef aes256ctr_ctx xof_state;
 

crypto_kem/kyber1024-90s/avx2/verify.c

@@ -15,8 +15,8 @@
 * Returns 0 if the byte arrays are equal, 1 otherwise
 **************************************************/
 int PQCLEAN_KYBER102490S_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len) {
-    size_t pos = 0;
-    uint64_t r = 0;
+    size_t pos;
+    uint64_t r;
     __m256i avec, bvec, cvec;
 
     cvec = _mm256_setzero_si256();
@@ -53,7 +53,7 @@ int PQCLEAN_KYBER102490S_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t
 *              unsigned char b:        Condition bit; has to be in {0,1}
 **************************************************/
 void PQCLEAN_KYBER102490S_AVX2_cmov(uint8_t *restrict r, const uint8_t *restrict x, size_t len, uint8_t b) {
-    size_t pos = 0;
+    size_t pos;
     __m256i xvec, rvec, bvec;
 
     b = -b;

crypto_kem/kyber1024-90s/avx2/verify.h

@@ -1,14 +1,11 @@
 #ifndef PQCLEAN_KYBER102490S_AVX2_VERIFY_H
 #define PQCLEAN_KYBER102490S_AVX2_VERIFY_H
-
 #include "params.h"
 #include <stddef.h>
 #include <stdint.h>
 
-
 int PQCLEAN_KYBER102490S_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len);
 
-
 void PQCLEAN_KYBER102490S_AVX2_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b);
 
 #endif

crypto_kem/kyber1024-90s/clean/Makefile

@@ -1,29 +1,8 @@
 # This Makefile can be used with GNU Make or BSD Make
 
 LIB=libkyber1024-90s_clean.a
-HEADERS=				\
-	api.h               \
-	cbd.h               \
-	indcpa.h            \
-	kem.h               \
-	ntt.h               \
-	params.h            \
-	poly.h              \
-	polyvec.h           \
-	reduce.h            \
-	symmetric-aes.h     \
-	symmetric.h         \
-	verify.h
-OBJECTS=				\
-	cbd.o               \
-	indcpa.o            \
-	kem.o               \
-	ntt.o               \
-	poly.o              \
-	polyvec.o           \
-	reduce.o            \
-	verify.o            \
-	symmetric-aes.o
+HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h symmetric-aes.h symmetric.h verify.h 
+OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o symmetric-aes.o verify.o 
 
 CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)
 

crypto_kem/kyber1024-90s/clean/Makefile.Microsoft_nmake

@@ -2,7 +2,7 @@
 #    nmake /f Makefile.Microsoft_nmake
 
 LIBRARY=libkyber1024-90s_clean.lib
-OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj verify.obj symmetric-aes.obj
+OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj symmetric-aes.obj verify.obj 
 
 # Warning C4146 is raised when a unary minus operator is applied to an
 # unsigned type; this has nonetheless been standard and portable for as

crypto_kem/kyber1024-90s/clean/api.h

@@ -15,5 +15,4 @@ int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const ui
 
 int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
 
-
 #endif

crypto_kem/kyber1024-90s/clean/cbd.c

@@ -1,5 +1,5 @@
-#include "params.h"
 #include "cbd.h"
+#include "params.h"
 #include <stdint.h>
 
 /*************************************************
@@ -13,7 +13,7 @@
 * Returns 32-bit unsigned integer loaded from x
 **************************************************/
 static uint32_t load32_littleendian(const uint8_t x[4]) {
-    uint32_t r = 0;
+    uint32_t r;
     r  = (uint32_t)x[0];
     r |= (uint32_t)x[1] << 8;
     r |= (uint32_t)x[2] << 16;
@@ -32,9 +32,9 @@ static uint32_t load32_littleendian(const uint8_t x[4]) {
 *              - const uint8_t *buf: pointer to input byte array
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]) {
-    unsigned int i = 0, j = 0;
-    uint32_t t = 0, d = 0;
-    int16_t a = 0, b = 0;
+    unsigned int i, j;
+    uint32_t t, d;
+    int16_t a, b;
 
     for (i = 0; i < KYBER_N / 8; i++) {
         t  = load32_littleendian(buf + 4 * i);

crypto_kem/kyber1024-90s/clean/cbd.h

@@ -1,11 +1,9 @@
 #ifndef PQCLEAN_KYBER102490S_CLEAN_CBD_H
 #define PQCLEAN_KYBER102490S_CLEAN_CBD_H
-
 #include "params.h"
 #include "poly.h"
 #include <stdint.h>
 
-
 void PQCLEAN_KYBER102490S_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
 
 #endif

crypto_kem/kyber1024-90s/clean/indcpa.c

@@ -22,7 +22,7 @@
 static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
                     polyvec *pk,
                     const uint8_t seed[KYBER_SYMBYTES]) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(r, pk);
     for (i = 0; i < KYBER_SYMBYTES; i++) {
         r[i + KYBER_POLYVECBYTES] = seed[i];
@@ -44,7 +44,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
 static void unpack_pk(polyvec *pk,
                       uint8_t seed[KYBER_SYMBYTES],
                       const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(pk, packedpk);
     for (i = 0; i < KYBER_SYMBYTES; i++) {
         seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@@ -132,8 +132,8 @@ static unsigned int rej_uniform(int16_t *r,
                                 unsigned int len,
                                 const uint8_t *buf,
                                 unsigned int buflen) {
-    unsigned int ctr = 0, pos = 0;
-    uint16_t val = 0;
+    unsigned int ctr, pos;
+    uint16_t val;
 
     ctr = pos = 0;
     while (ctr < len && pos + 2 <= buflen) {
@@ -169,8 +169,7 @@ static unsigned int rej_uniform(int16_t *r,
                              + XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
 // Not static for benchmarking
 void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) {
-    unsigned int ctr = 0;
-    uint8_t i = 0, j = 0;
+    unsigned int ctr, i, j;
     uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES];
     xof_state state;
 
@@ -208,7 +207,7 @@ void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
         uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
     uint8_t buf[2 * KYBER_SYMBYTES];
     const uint8_t *publicseed = buf;
     const uint8_t *noiseseed = buf + KYBER_SYMBYTES;
@@ -264,7 +263,7 @@ void PQCLEAN_KYBER102490S_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
         const uint8_t m[KYBER_INDCPA_MSGBYTES],
         const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
         const uint8_t coins[KYBER_SYMBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
     uint8_t seed[KYBER_SYMBYTES];
     uint8_t nonce = 0;
     polyvec sp, pkpv, ep, at[KYBER_K], bp;

crypto_kem/kyber1024-90s/clean/indcpa.h

@@ -1,16 +1,20 @@
 #ifndef PQCLEAN_KYBER102490S_CLEAN_INDCPA_H
 #define PQCLEAN_KYBER102490S_CLEAN_INDCPA_H
-
 #include "params.h"
 #include "polyvec.h"
 #include <stdint.h>
 
 void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
+void PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
+        uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
 
-void PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
-
-void PQCLEAN_KYBER102490S_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
+void PQCLEAN_KYBER102490S_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
+        const uint8_t m[KYBER_INDCPA_MSGBYTES],
+        const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
+        const uint8_t coins[KYBER_SYMBYTES]);
 
-void PQCLEAN_KYBER102490S_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
+void PQCLEAN_KYBER102490S_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
+        const uint8_t c[KYBER_INDCPA_BYTES],
+        const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
 
 #endif

crypto_kem/kyber1024-90s/clean/kem.c

@@ -21,7 +21,7 @@
 * Returns 0 (success)
 **************************************************/
 int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER102490S_CLEAN_indcpa_keypair(pk, sk);
     for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
         sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@@ -92,8 +92,8 @@ int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_enc(unsigned char *ct,
 int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(unsigned char *ss,
         const unsigned char *ct,
         const unsigned char *sk) {
-    size_t i = 0;
-    int fail = 0;
+    size_t i;
+    int fail;
     uint8_t buf[2 * KYBER_SYMBYTES];
     /* Will contain key, coins */
     uint8_t kr[2 * KYBER_SYMBYTES];

crypto_kem/kyber1024-90s/clean/kem.h

@@ -1,17 +1,14 @@
 #ifndef PQCLEAN_KYBER102490S_CLEAN_KEM_H
 #define PQCLEAN_KYBER102490S_CLEAN_KEM_H
-
 #include "params.h"
 
 
 int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
 
-
 int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_enc(unsigned char *ct,
         unsigned char *ss,
         const unsigned char *pk);
 
-
 int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(unsigned char *ss,
         const unsigned char *ct,
         const unsigned char *sk);

crypto_kem/kyber1024-90s/clean/ntt.c

@@ -1,5 +1,5 @@
-#include "params.h"
 #include "ntt.h"
+#include "params.h"
 #include "reduce.h"
 #include <stdint.h>
 
@@ -89,8 +89,8 @@ static int16_t fqmul(int16_t a, int16_t b) {
 *                                of Zq
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_ntt(int16_t r[256]) {
-    unsigned int len = 0, start = 0, j = 0, k = 0;
-    int16_t t = 0, zeta = 0;
+    unsigned int len, start, j, k;
+    int16_t t, zeta;
 
     k = 1;
     for (len = 128; len >= 2; len >>= 1) {
@@ -116,8 +116,8 @@ void PQCLEAN_KYBER102490S_CLEAN_ntt(int16_t r[256]) {
 *                                of Zq
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_invntt(int16_t r[256]) {
-    unsigned int start = 0, len = 0, j = 0, k = 0;
-    int16_t t = 0, zeta = 0;
+    unsigned int start, len, j, k;
+    int16_t t, zeta;
 
     k = 0;
     for (len = 2; len <= 128; len <<= 1) {
@@ -148,7 +148,10 @@ void PQCLEAN_KYBER102490S_CLEAN_invntt(int16_t r[256]) {
 *              - const int16_t b[2]: pointer to the second factor
 *              - int16_t zeta:       integer defining the reduction polynomial
 **************************************************/
-void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta) {
+void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2],
+                                        const int16_t a[2],
+                                        const int16_t b[2],
+                                        int16_t zeta) {
     r[0]  = fqmul(a[1], b[1]);
     r[0]  = fqmul(r[0], zeta);
     r[0] += fqmul(a[0], b[0]);

crypto_kem/kyber1024-90s/clean/ntt.h

@@ -1,22 +1,19 @@
 #ifndef PQCLEAN_KYBER102490S_CLEAN_NTT_H
 #define PQCLEAN_KYBER102490S_CLEAN_NTT_H
-
 #include "params.h"
 #include <stdint.h>
 
-
 extern const int16_t PQCLEAN_KYBER102490S_CLEAN_zetas[128];
 
-
 extern const int16_t PQCLEAN_KYBER102490S_CLEAN_zetas_inv[128];
 
-
 void PQCLEAN_KYBER102490S_CLEAN_ntt(int16_t r[256]);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_invntt(int16_t r[256]);
 
-
-void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta);
+void PQCLEAN_KYBER102490S_CLEAN_basemul(int16_t r[2],
+                                        const int16_t a[2],
+                                        const int16_t b[2],
+                                        int16_t zeta);
 
 #endif

crypto_kem/kyber1024-90s/clean/params.h

@@ -1,6 +1,9 @@
 #ifndef PQCLEAN_KYBER102490S_CLEAN_PARAMS_H
 #define PQCLEAN_KYBER102490S_CLEAN_PARAMS_H
 
+
+
+
 #define KYBER_N 256
 #define KYBER_Q 3329
 

crypto_kem/kyber1024-90s/clean/poly.c

@@ -1,6 +1,6 @@
-#include "params.h"
 #include "cbd.h"
 #include "ntt.h"
+#include "params.h"
 #include "poly.h"
 #include "reduce.h"
 #include "symmetric.h"
@@ -16,7 +16,7 @@
 *              - poly *a:    pointer to input polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a) {
-    unsigned int i = 0, j = 0;
+    size_t i, j;
     uint8_t t[8];
 
     PQCLEAN_KYBER102490S_CLEAN_poly_csubq(a);
@@ -46,9 +46,9 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTE
 *                                  (of length KYBER_POLYCOMPRESSEDBYTES bytes)
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]) {
-    unsigned int i = 0;
+    size_t i;
 
-    unsigned int j = 0;
+    size_t j;
     uint8_t t[8];
     for (i = 0; i < KYBER_N / 8; i++) {
         t[0] = (a[0] >> 0);
@@ -77,8 +77,8 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_decompress(poly *r, const uint8_t a[KYBER_P
 *              - poly *a:    pointer to input polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) {
-    unsigned int i = 0;
-    uint16_t t0 = 0, t1 = 0;
+    size_t i;
+    uint16_t t0, t1;
 
     PQCLEAN_KYBER102490S_CLEAN_poly_csubq(a);
 
@@ -102,7 +102,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a
 *                                  (of KYBER_POLYBYTES bytes)
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_N / 2; i++) {
         r->coeffs[2 * i]   = ((a[3 * i + 0] >> 0) | ((uint16_t)a[3 * i + 1] << 8)) & 0xFFF;
         r->coeffs[2 * i + 1] = ((a[3 * i + 1] >> 4) | ((uint16_t)a[3 * i + 2] << 4)) & 0xFFF;
@@ -118,8 +118,8 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(poly *r, const uint8_t a[KYBER_PO
 *              - const uint8_t *msg: pointer to input message
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]) {
-    unsigned int i = 0, j = 0;
-    int16_t mask = 0;
+    size_t i, j;
+    int16_t mask;
 
     for (i = 0; i < KYBER_N / 8; i++) {
         for (j = 0; j < 8; j++) {
@@ -138,8 +138,8 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_frommsg(poly *r, const uint8_t msg[KYBER_IN
 *              - poly *a:      pointer to input polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a) {
-    unsigned int i = 0, j = 0;
-    uint16_t t = 0;
+    size_t i, j;
+    uint16_t t;
 
     PQCLEAN_KYBER102490S_CLEAN_poly_csubq(a);
 
@@ -207,7 +207,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_invntt_tomont(poly *r) {
 *              - const poly *b: pointer to second input polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(poly *r, const poly *a, const poly *b) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_N / 4; i++) {
         PQCLEAN_KYBER102490S_CLEAN_basemul(&r->coeffs[4 * i], &a->coeffs[4 * i], &b->coeffs[4 * i], PQCLEAN_KYBER102490S_CLEAN_zetas[64 + i]);
         PQCLEAN_KYBER102490S_CLEAN_basemul(&r->coeffs[4 * i + 2], &a->coeffs[4 * i + 2], &b->coeffs[4 * i + 2],
@@ -224,7 +224,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(poly *r, const poly *a,
 * Arguments:   - poly *r: pointer to input/output polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_tomont(poly *r) {
-    unsigned int i = 0;
+    size_t i;
     const int16_t f = (1ULL << 32) % KYBER_Q;
     for (i = 0; i < KYBER_N; i++) {
         r->coeffs[i] = PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce((int32_t)r->coeffs[i] * f);
@@ -240,7 +240,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_tomont(poly *r) {
 * Arguments:   - poly *r: pointer to input/output polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_reduce(poly *r) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_N; i++) {
         r->coeffs[i] = PQCLEAN_KYBER102490S_CLEAN_barrett_reduce(r->coeffs[i]);
     }
@@ -256,7 +256,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_reduce(poly *r) {
 * Arguments:   - poly *r: pointer to input/output polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_csubq(poly *r) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_N; i++) {
         r->coeffs[i] = PQCLEAN_KYBER102490S_CLEAN_csubq(r->coeffs[i]);
     }
@@ -272,7 +272,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_csubq(poly *r) {
 *            - const poly *b: pointer to second input polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_add(poly *r, const poly *a, const poly *b) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_N; i++) {
         r->coeffs[i] = a->coeffs[i] + b->coeffs[i];
     }
@@ -288,7 +288,7 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_add(poly *r, const poly *a, const poly *b)
 *            - const poly *b: pointer to second input polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_poly_sub(poly *r, const poly *a, const poly *b) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_N; i++) {
         r->coeffs[i] = a->coeffs[i] - b->coeffs[i];
     }

crypto_kem/kyber1024-90s/clean/poly.h

@@ -1,6 +1,5 @@
 #ifndef PQCLEAN_KYBER102490S_CLEAN_POLY_H
 #define PQCLEAN_KYBER102490S_CLEAN_POLY_H
-
 #include "params.h"
 #include <stdint.h>
 
@@ -12,41 +11,26 @@ typedef struct {
     int16_t coeffs[KYBER_N];
 } poly;
 
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a);
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a);
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]);
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_getnoise(poly *r, const uint8_t seed[KYBER_SYMBYTES], uint8_t nonce);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_ntt(poly *r);
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_invntt_tomont(poly *r);
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(poly *r, const poly *a, const poly *b);
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_tomont(poly *r);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_reduce(poly *r);
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_csubq(poly *r);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_add(poly *r, const poly *a, const poly *b);
-
 void PQCLEAN_KYBER102490S_CLEAN_poly_sub(poly *r, const poly *a, const poly *b);
 
 #endif

crypto_kem/kyber1024-90s/clean/polyvec.c

@@ -13,7 +13,7 @@
 *              - polyvec *a: pointer to input vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a) {
-    unsigned int i = 0, j = 0, k = 0;
+    unsigned int i, j, k;
 
     PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(a);
 
@@ -21,10 +21,8 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESS
     for (i = 0; i < KYBER_K; i++) {
         for (j = 0; j < KYBER_N / 8; j++) {
             for (k = 0; k < 8; k++) {
-                {
-                    t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
-                            / KYBER_Q) & 0x7ff;
-                }
+                t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
+                        / KYBER_Q) & 0x7ff;
             }
 
             r[ 0] = (uint8_t)(t[0] >>  0);
@@ -55,7 +53,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESS
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_decompress(polyvec *r,
         const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]) {
-    unsigned int i = 0, j = 0, k = 0;
+    unsigned int i, j, k;
 
     uint16_t t[8];
     for (i = 0; i < KYBER_K; i++) {
@@ -87,7 +85,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_decompress(polyvec *r,
 *              - polyvec *a: pointer to input vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a) {
-    unsigned int i = 0;
+    unsigned int i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(r + i * KYBER_POLYBYTES, &a->vec[i]);
     }
@@ -104,7 +102,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], p
 *                                  (of length KYBER_POLYVECBYTES)
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_CLEAN_poly_frombytes(&r->vec[i], a + i * KYBER_POLYBYTES);
     }
@@ -118,7 +116,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(polyvec *r, const uint8_t a[KY
 * Arguments:   - polyvec *r: pointer to in/output vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_ntt(polyvec *r) {
-    unsigned int i = 0;
+    unsigned int i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_CLEAN_poly_ntt(&r->vec[i]);
     }
@@ -133,7 +131,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_ntt(polyvec *r) {
 * Arguments:   - polyvec *r: pointer to in/output vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_invntt_tomont(polyvec *r) {
-    unsigned int i = 0;
+    unsigned int i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_CLEAN_poly_invntt_tomont(&r->vec[i]);
     }
@@ -152,7 +150,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_invntt_tomont(polyvec *r) {
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_pointwise_acc_montgomery(poly *r,
         const polyvec *a,
         const polyvec *b) {
-    unsigned int i = 0;
+    unsigned int i;
     poly t;
 
     PQCLEAN_KYBER102490S_CLEAN_poly_basemul_montgomery(r, &a->vec[0], &b->vec[0]);
@@ -174,7 +172,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_pointwise_acc_montgomery(poly *r,
 * Arguments:   - poly *r: pointer to input/output polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_reduce(polyvec *r) {
-    unsigned int i = 0;
+    unsigned int i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_CLEAN_poly_reduce(&r->vec[i]);
     }
@@ -191,7 +189,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_reduce(polyvec *r) {
 * Arguments:   - poly *r: pointer to input/output polynomial
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(polyvec *r) {
-    unsigned int i = 0;
+    unsigned int i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_CLEAN_poly_csubq(&r->vec[i]);
     }
@@ -207,7 +205,7 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(polyvec *r) {
 *            - const polyvec *b: pointer to second input vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b) {
-    unsigned int i = 0;
+    unsigned int i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER102490S_CLEAN_poly_add(&r->vec[i], &a->vec[i], &b->vec[i]);
     }

crypto_kem/kyber1024-90s/clean/polyvec.h

@@ -1,6 +1,5 @@
 #ifndef PQCLEAN_KYBER102490S_CLEAN_POLYVEC_H
 #define PQCLEAN_KYBER102490S_CLEAN_POLYVEC_H
-
 #include "params.h"
 #include "poly.h"
 #include <stdint.h>
@@ -9,33 +8,23 @@ typedef struct {
     poly vec[KYBER_K];
 } polyvec;
 
-
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a);
-
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_decompress(polyvec *r,
         const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a);
-
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_ntt(polyvec *r);
-
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_invntt_tomont(polyvec *r);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_pointwise_acc_montgomery(poly *r,
         const polyvec *a,
         const polyvec *b);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_reduce(polyvec *r);
-
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_csubq(polyvec *r);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b);
 
 #endif

crypto_kem/kyber1024-90s/clean/reduce.c

@@ -15,8 +15,8 @@
 * Returns:     integer in {-q+1,...,q-1} congruent to a * R^-1 modulo q.
 **************************************************/
 int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a) {
-    int32_t t = 0;
-    int16_t u = 0;
+    int32_t t;
+    int16_t u;
 
     u = (int16_t)(a * (int64_t)QINV);
     t = (int32_t)u * KYBER_Q;
@@ -36,7 +36,7 @@ int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a) {
 * Returns:     integer in {0,...,q} congruent to a modulo q.
 **************************************************/
 int16_t PQCLEAN_KYBER102490S_CLEAN_barrett_reduce(int16_t a) {
-    int16_t t = 0;
+    int16_t t;
     const int16_t v = ((1U << 26) + KYBER_Q / 2) / KYBER_Q;
 
     t  = (int32_t)v * a >> 26;

crypto_kem/kyber1024-90s/clean/reduce.h

@@ -1,19 +1,15 @@
 #ifndef PQCLEAN_KYBER102490S_CLEAN_REDUCE_H
 #define PQCLEAN_KYBER102490S_CLEAN_REDUCE_H
-
 #include "params.h"
 #include <stdint.h>
 
 #define MONT 2285 // 2^16 mod q
 #define QINV 62209 // q^-1 mod 2^16
 
-
 int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a);
 
-
 int16_t PQCLEAN_KYBER102490S_CLEAN_barrett_reduce(int16_t a);
 
-
 int16_t PQCLEAN_KYBER102490S_CLEAN_csubq(int16_t a);
 
 #endif

crypto_kem/kyber1024-90s/clean/symmetric-aes.c

@@ -1,5 +1,6 @@
-#include "symmetric-aes.h"
 #include "aes.h"
+#include "params.h"
+#include "symmetric.h"
 #include <stddef.h>
 #include <stdint.h>
 #include <string.h>
@@ -34,7 +35,7 @@ static void aes256_ctr_xof(unsigned char *out, size_t outlen, const unsigned cha
 }
 
 /*************************************************
-* Name:        aes256_prf
+* Name:        PQCLEAN_KYBER102490S_CLEAN_aes256_prf
 *
 * Description: AES256 stream generation in CTR mode using 32-bit counter,
 *              nonce is zero-padded to 12 bytes, counter starts at zero
@@ -58,7 +59,7 @@ void PQCLEAN_KYBER102490S_CLEAN_aes256_prf(uint8_t *output, size_t outlen, const
 }
 
 /*************************************************
-* Name:        aes256xof_absorb
+* Name:        PQCLEAN_KYBER102490S_CLEAN_aes256xof_absorb
 *
 * Description: AES256 CTR used as a replacement for a XOF; this function
 *              "absorbs" a 32-byte key and two additional bytes that are zero-padded
@@ -80,7 +81,7 @@ void PQCLEAN_KYBER102490S_CLEAN_aes256xof_absorb(aes256xof_ctx *s, const uint8_t
 }
 
 /*************************************************
-* Name:        aes256xof_squeezeblocks
+* Name:        PQCLEAN_KYBER102490S_CLEAN_aes256xof_squeezeblocks
 *
 * Description: AES256 CTR used as a replacement for a XOF; this function
 *              generates 4 blocks out AES256-CTR output

crypto_kem/kyber1024-90s/clean/symmetric-aes.h

@@ -1,11 +1,10 @@
-#ifndef AES256CTR_H
-#define AES256CTR_H
-
+#ifndef PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_AES_H
+#define PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_AES_H
 #include "aes.h"
-
 #include <stddef.h>
 #include <stdint.h>
 
+
 typedef struct {
     aes256ctx sk_exp;
     uint8_t iv[12];

crypto_kem/kyber1024-90s/clean/symmetric.h

@@ -1,13 +1,12 @@
-#ifndef SYMMETRIC_H
-#define SYMMETRIC_H
-
+#ifndef PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_H
+#define PQCLEAN_KYBER102490S_CLEAN_SYMMETRIC_H
 #include "params.h"
+#include "sha2.h"
+#include "symmetric-aes.h"
 #include <stddef.h>
 #include <stdint.h>
 
 
-#include "sha2.h"
-#include "symmetric-aes.h"
 
 typedef aes256xof_ctx xof_state;
 

crypto_kem/kyber1024-90s/clean/verify.c

@@ -14,7 +14,7 @@
 * Returns 0 if the byte arrays are equal, 1 otherwise
 **************************************************/
 int PQCLEAN_KYBER102490S_CLEAN_verify(const uint8_t *a, const uint8_t *b, size_t len) {
-    size_t i = 0;
+    size_t i;
     uint8_t r = 0;
 
     for (i = 0; i < len; i++) {
@@ -38,7 +38,7 @@ int PQCLEAN_KYBER102490S_CLEAN_verify(const uint8_t *a, const uint8_t *b, size_t
 *              uint8_t b:        Condition bit; has to be in {0,1}
 **************************************************/
 void PQCLEAN_KYBER102490S_CLEAN_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b) {
-    size_t i = 0;
+    size_t i;
 
     b = -b;
     for (i = 0; i < len; i++) {

crypto_kem/kyber1024-90s/clean/verify.h

@@ -1,14 +1,11 @@
 #ifndef PQCLEAN_KYBER102490S_CLEAN_VERIFY_H
 #define PQCLEAN_KYBER102490S_CLEAN_VERIFY_H
-
 #include "params.h"
 #include <stddef.h>
 #include <stdint.h>
 
-
 int PQCLEAN_KYBER102490S_CLEAN_verify(const uint8_t *a, const uint8_t *b, size_t len);
 
-
 void PQCLEAN_KYBER102490S_CLEAN_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b);
 
 #endif

crypto_kem/kyber1024/META.yml

@@ -21,15 +21,16 @@ auxiliary-submitters:
   - Damien Stehlé
 implementations:
     - name: clean
-      version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
+      version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
     - name: avx2
-      version: https://github.com/pq-crystals/kyber/commit/46e283ab575ec92dfe82fb12229ae2d9d6246682
+      version: https://github.com/pq-crystals/kyber/commit/844057468e69527bd15b17fbe03f4b61f9a22065 via https://github.com/jschanck/package-pqclean/tree/b45068b8/kyber
       supported_platforms:
         - architecture: x86_64
           operating_systems:
-            - Linux
-            - Darwin
+              - Linux
+              - Darwin
           required_flags:
+              - aes
               - avx2
               - bmi2
               - popcnt

crypto_kem/kyber1024/avx2/Makefile

@@ -1,50 +1,16 @@
 # This Makefile can be used with GNU Make or BSD Make
 
 LIB=libkyber1024_avx2.a
-HEADERS=	 	\
-	align.h     \
-	api.h       \
-	cbd.h       \
-	cdecl.inc   \
-	consts.h    \
-	fips202x4.h \
-	fq.inc      \
-	indcpa.h    \
-	kem.h       \
-	ntt.h       \
-	params.h    \
-	poly.h      \
-	polyvec.h   \
-	reduce.h    \
-	rejsample.h \
-	shuffle.inc \
-	symmetric.h \
-	verify.h
-OBJECTS=				\
-	basemul.o           \
-	cbd.o               \
-	consts.o            \
-	fips202x4.o         \
-	fq.o                \
-	indcpa.o            \
-	invntt.o            \
-	kem.o               \
-	ntt.o               \
-	poly.o              \
-	polyvec.o           \
-	rejsample.o         \
-	shuffle.o           \
-	symmetric-shake.o   \
-	verify.o
-
+HEADERS=align.h api.h cbd.h cdecl.h consts.h fips202x4.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h rejsample.h symmetric.h verify.h  fq.inc shuffle.inc 
+OBJECTS=cbd.o consts.o fips202x4.o indcpa.o kem.o poly.o polyvec.o rejsample.o symmetric-shake.o verify.o  basemul.o fq.o invntt.o ntt.o shuffle.o 
 KECCAK4XDIR=../../../common/keccak4x
 KECCAK4XOBJ=KeccakP-1600-times4-SIMD256.o
 KECCAK4X=$(KECCAK4XDIR)/$(KECCAK4XOBJ)
 
 CFLAGS=-mavx2 -mbmi2 -mpopcnt -O3 -Wall -Wextra -Wpedantic -Werror \
-	   -Wmissing-prototypes -Wredundant-decls \
-	   -Wpointer-arith -Wshadow \
-	   -std=c99 -I../../../common $(EXTRAFLAGS)
+          -Wmissing-prototypes -Wredundant-decls \
+          -Wpointer-arith -Wshadow \
+          -std=c99 -I../../../common $(EXTRAFLAGS)
 
 all: $(LIB)
 

crypto_kem/kyber1024/avx2/align.h

@@ -1,5 +1,6 @@
 #ifndef PQCLEAN_KYBER1024_AVX2_ALIGN_H
 #define PQCLEAN_KYBER1024_AVX2_ALIGN_H
+
 #include <immintrin.h>
 
 #define ALIGN16_TYPE(t) \

crypto_kem/kyber1024/avx2/api.h

@@ -15,5 +15,4 @@ int PQCLEAN_KYBER1024_AVX2_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8_
 
 int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
 
-
 #endif

crypto_kem/kyber1024/avx2/basemul.S

@@ -1,5 +1,5 @@
+#include "cdecl.h"
 #include "params.h"
-#include "cdecl.inc"
 
 .macro schoolbook off,sign
 #load
@@ -165,7 +165,9 @@ vmovdqa		%ymm5,96(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx)
+.global _cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx)
 cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx):
+_cdecl(PQCLEAN_KYBER1024_AVX2_basemul_acc_avx):
 #consts
 vmovdqa		_16XQ*2(%rcx),%ymm0
 vmovdqa		_16XQINV*2(%rcx),%ymm1
@@ -215,7 +217,9 @@ vmovdqa		%ymm12,96(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx)
+.global _cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx)
 cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx):
+_cdecl(PQCLEAN_KYBER1024_AVX2_basemul_avx):
 #consts
 vmovdqa		_16XQ*2(%rcx),%ymm0
 vmovdqa		_16XQINV*2(%rcx),%ymm1

crypto_kem/kyber1024/avx2/cbd.c

@@ -1,5 +1,5 @@
-#include "params.h"
 #include "cbd.h"
+#include "params.h"
 #include <immintrin.h>
 #include <stdint.h>
 
@@ -14,7 +14,7 @@
 *              - const unsigned char *buf: pointer to input byte array
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_cbd(poly *restrict r, const uint8_t *restrict buf) {
-    unsigned int i = 0;
+    unsigned int i;
     __m256i vec0, vec1, vec2, vec3, tmp;
     const __m256i mask55 = _mm256_set1_epi32(0x55555555);
     const __m256i mask33 = _mm256_set1_epi32(0x33333333);

crypto_kem/kyber1024/avx2/cbd.h

@@ -1,11 +1,9 @@
 #ifndef PQCLEAN_KYBER1024_AVX2_CBD_H
 #define PQCLEAN_KYBER1024_AVX2_CBD_H
-
 #include "params.h"
 #include "poly.h"
 #include <stdint.h>
 
-
 void PQCLEAN_KYBER1024_AVX2_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
 
 #endif

crypto_kem/kyber1024/avx2/cdecl.inc → crypto_kem/kyber1024/avx2/cdecl.h

@@ -1,5 +1,5 @@
-#ifndef PQCLEAN_DILITHIUM2_AVX2_CDECL
-#define PQCLEAN_DILITHIUM2_AVX2_CDECL
+#ifndef PQCLEAN_KYBER1024_AVX2_CDECL_H
+#define PQCLEAN_KYBER1024_AVX2_CDECL_H
 
 #define _16XQ            0
 #define _16XQINV        16
@@ -21,10 +21,6 @@
  * This define helps us get around this
  */
 
-#if defined(__WIN32__) || defined(__APPLE__)
-#define cdecl(s) _##s
-#else
+#define _cdecl(s) _##s
 #define cdecl(s) s
 #endif
-
-#endif

crypto_kem/kyber1024/avx2/consts.c

@@ -1,5 +1,5 @@
-#include "params.h"
 #include "consts.h"
+#include "params.h"
 #include <stdint.h>
 
 #define Q KYBER_Q

crypto_kem/kyber1024/avx2/consts.h

@@ -1,12 +1,11 @@
 #ifndef PQCLEAN_KYBER1024_AVX2_CONSTS_H
 #define PQCLEAN_KYBER1024_AVX2_CONSTS_H
-
-#include "cdecl.inc"
-
+#include "cdecl.h"
 #include "params.h"
 #include <immintrin.h>
 #include <stdint.h>
 
+
 #define ALIGNED_UINT16_T(N) \
     union   {                   \
         __m256i as_vec;         \

crypto_kem/kyber1024/avx2/fips202x4.c

@@ -10,7 +10,7 @@
 extern void KeccakF1600_StatePermute4x(__m256i *s);
 
 static inline void store64(uint8_t x[8], uint64_t u) {
-    unsigned int i = 0;
+    unsigned int i;
 
     for (i = 0; i < 8; i++) {
         x[i] = u >> 8 * i;
@@ -25,7 +25,7 @@ static void keccakx4_absorb(__m256i s[25],
                             const uint8_t *in3,
                             size_t inlen,
                             uint8_t p) {
-    size_t i = 0, pos = 0;
+    size_t i, pos = 0;
     __m256i t, idx;
 
     for (i = 0; i < 25; ++i) {
@@ -74,8 +74,8 @@ static void keccakx4_squeezeblocks(uint8_t *out0,
                                    size_t nblocks,
                                    unsigned int r,
                                    __m256i s[25]) {
-    unsigned int i = 0;
-    uint64_t f0 = 0, f1 = 0, f2 = 0, f3 = 0;
+    unsigned int i;
+    uint64_t f0, f1, f2, f3;
 
     while (nblocks > 0) {
         KeccakF1600_StatePermute4x(s);
@@ -137,8 +137,17 @@ void PQCLEAN_KYBER1024_AVX2_shake256x4_squeezeblocks(uint8_t *out0,
                            state->s);
 }
 
-void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) {
-    unsigned int i = 0;
+void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0,
+                                       uint8_t *out1,
+                                       uint8_t *out2,
+                                       uint8_t *out3,
+                                       size_t outlen,
+                                       const uint8_t *in0,
+                                       const uint8_t *in1,
+                                       const uint8_t *in2,
+                                       const uint8_t *in3,
+                                       size_t inlen) {
+    unsigned int i;
     size_t nblocks = outlen / SHAKE128_RATE;
     uint8_t t[4][SHAKE128_RATE];
     keccakx4_state state;
@@ -163,8 +172,17 @@ void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0, uint8_t *out1, uint8_t *ou
     }
 }
 
-void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen) {
-    unsigned int i = 0;
+void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0,
+                                       uint8_t *out1,
+                                       uint8_t *out2,
+                                       uint8_t *out3,
+                                       size_t outlen,
+                                       const uint8_t *in0,
+                                       const uint8_t *in1,
+                                       const uint8_t *in2,
+                                       const uint8_t *in3,
+                                       size_t inlen) {
+    unsigned int i;
     size_t nblocks = outlen / SHAKE256_RATE;
     uint8_t t[4][SHAKE256_RATE];
     keccakx4_state state;

crypto_kem/kyber1024/avx2/fips202x4.h

@@ -1,5 +1,5 @@
-#ifndef FIPS202X4_H
-#define FIPS202X4_H
+#ifndef PQCLEAN_KYBER1024_AVX2_FIPS202X4_H
+#define PQCLEAN_KYBER1024_AVX2_FIPS202X4_H
 
 #include <immintrin.h>
 #include <stddef.h>
@@ -9,17 +9,54 @@ typedef struct {
     __m256i s[25];
 } keccakx4_state;
 
-void PQCLEAN_KYBER1024_AVX2_shake128x4_absorb(keccakx4_state *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
-
-void PQCLEAN_KYBER1024_AVX2_shake128x4_squeezeblocks(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t nblocks, keccakx4_state *state);
-
-void PQCLEAN_KYBER1024_AVX2_shake256x4_absorb(keccakx4_state *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
-
-void PQCLEAN_KYBER1024_AVX2_shake256x4_squeezeblocks(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t nblocks,
+void PQCLEAN_KYBER1024_AVX2_shake128x4_absorb(keccakx4_state *state,
+        const uint8_t *in0,
+        const uint8_t *in1,
+        const uint8_t *in2,
+        const uint8_t *in3,
+        size_t inlen);
+
+void PQCLEAN_KYBER1024_AVX2_shake128x4_squeezeblocks(uint8_t *out0,
+        uint8_t *out1,
+        uint8_t *out2,
+        uint8_t *out3,
+        size_t nblocks,
         keccakx4_state *state);
 
-void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
+void PQCLEAN_KYBER1024_AVX2_shake256x4_absorb(keccakx4_state *state,
+        const uint8_t *in0,
+        const uint8_t *in1,
+        const uint8_t *in2,
+        const uint8_t *in3,
+        size_t inlen);
+
+void PQCLEAN_KYBER1024_AVX2_shake256x4_squeezeblocks(uint8_t *out0,
+        uint8_t *out1,
+        uint8_t *out2,
+        uint8_t *out3,
+        size_t nblocks,
+        keccakx4_state *state);
 
-void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0, uint8_t *out1, uint8_t *out2, uint8_t *out3, size_t outlen, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inlen);
+void PQCLEAN_KYBER1024_AVX2_shake128x4(uint8_t *out0,
+                                       uint8_t *out1,
+                                       uint8_t *out2,
+                                       uint8_t *out3,
+                                       size_t outlen,
+                                       const uint8_t *in0,
+                                       const uint8_t *in1,
+                                       const uint8_t *in2,
+                                       const uint8_t *in3,
+                                       size_t inlen);
+
+void PQCLEAN_KYBER1024_AVX2_shake256x4(uint8_t *out0,
+                                       uint8_t *out1,
+                                       uint8_t *out2,
+                                       uint8_t *out3,
+                                       size_t outlen,
+                                       const uint8_t *in0,
+                                       const uint8_t *in1,
+                                       const uint8_t *in2,
+                                       const uint8_t *in3,
+                                       size_t inlen);
 
 #endif

crypto_kem/kyber1024/avx2/fq.S

@@ -1,4 +1,4 @@
-#include "cdecl.inc"
+#include "cdecl.h"
 .include "fq.inc"
 
 .text
@@ -35,7 +35,9 @@ vmovdqa		%ymm9,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx)
+.global _cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx)
 cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx):
+_cdecl(PQCLEAN_KYBER1024_AVX2_reduce_avx):
 #consts
 vmovdqa		_16XQ*2(%rsi),%ymm0
 vmovdqa		_16XV*2(%rsi),%ymm1
@@ -77,7 +79,9 @@ vmovdqa		%ymm8,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx)
+.global _cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx)
 cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx):
+_cdecl(PQCLEAN_KYBER1024_AVX2_csubq_avx):
 #consts
 vmovdqa		_16XQ*2(%rsi),%ymm0
 call		csubq128_avx
@@ -118,7 +122,9 @@ vmovdqa		%ymm10,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx)
+.global _cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx)
 cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx):
+_cdecl(PQCLEAN_KYBER1024_AVX2_tomont_avx):
 #consts
 vmovdqa		_16XQ*2(%rsi),%ymm0
 vmovdqa		_16XMONTSQLO*2(%rsi),%ymm1

crypto_kem/kyber1024/avx2/indcpa.c

@@ -25,7 +25,7 @@
 static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
                     polyvec *pk,
                     const uint8_t seed[KYBER_SYMBYTES]) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(r, pk);
     for (i = 0; i < KYBER_SYMBYTES; i++) {
         r[i + KYBER_POLYVECBYTES] = seed[i];
@@ -45,7 +45,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
 static void unpack_pk(polyvec *pk,
                       uint8_t seed[KYBER_SYMBYTES],
                       const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(pk, packedpk);
     for (i = 0; i < KYBER_SYMBYTES; i++) {
         seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@@ -133,8 +133,8 @@ static unsigned int rej_uniform(int16_t *r,
                                 unsigned int len,
                                 const uint8_t *buf,
                                 unsigned int buflen) {
-    unsigned int ctr = 0, pos = 0;
-    uint16_t val = 0;
+    unsigned int ctr, pos;
+    uint16_t val;
 
     ctr = pos = 0;
     while (ctr < len && pos + 2 <= buflen) {
@@ -168,7 +168,7 @@ static unsigned int rej_uniform(int16_t *r,
 #define GEN_MATRIX_NBLOCKS ((2*KYBER_N*(1U << 16)/(19*KYBER_Q) \
                              + XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
 void PQCLEAN_KYBER1024_AVX2_gen_matrix(polyvec *a, const uint8_t seed[32], int transposed) {
-    unsigned int i = 0, ctr0 = 0, ctr1 = 0, ctr2 = 0, ctr3 = 0;
+    unsigned int i, ctr0, ctr1, ctr2, ctr3;
     ALIGN32_ARRAY_2D(uint8_t, 4, (GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES + 31) / 32 * 32) buf;
     __m256i f;
     keccakx4_state state;
@@ -242,7 +242,7 @@ void PQCLEAN_KYBER1024_AVX2_gen_matrix(polyvec *a, const uint8_t seed[32], int t
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
         uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
     ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
     const uint8_t *publicseed = buf.arr;
     const uint8_t *noiseseed = buf.arr + KYBER_SYMBYTES;
@@ -295,7 +295,7 @@ void PQCLEAN_KYBER1024_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
                                        const uint8_t m[KYBER_INDCPA_MSGBYTES],
                                        const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
                                        const uint8_t coins[KYBER_SYMBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
     ALIGN32_ARRAY(uint8_t, KYBER_SYMBYTES) seed;
     polyvec sp, pkpv, ep, at[KYBER_K], bp;
     poly v, k, epp;

crypto_kem/kyber1024/avx2/indcpa.h

@@ -1,16 +1,20 @@
 #ifndef PQCLEAN_KYBER1024_AVX2_INDCPA_H
 #define PQCLEAN_KYBER1024_AVX2_INDCPA_H
-
 #include "params.h"
 #include "polyvec.h"
 #include <stdint.h>
 
 void PQCLEAN_KYBER1024_AVX2_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
+void PQCLEAN_KYBER1024_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
+        uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
 
-void PQCLEAN_KYBER1024_AVX2_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
-
-void PQCLEAN_KYBER1024_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
+void PQCLEAN_KYBER1024_AVX2_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
+                                       const uint8_t m[KYBER_INDCPA_MSGBYTES],
+                                       const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
+                                       const uint8_t coins[KYBER_SYMBYTES]);
 
-void PQCLEAN_KYBER1024_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
+void PQCLEAN_KYBER1024_AVX2_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
+                                       const uint8_t c[KYBER_INDCPA_BYTES],
+                                       const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
 
 #endif

crypto_kem/kyber1024/avx2/invntt.S

@@ -1,4 +1,4 @@
-#include "cdecl.inc"
+#include "cdecl.h"
 .include "shuffle.inc"
 .include "fq.inc"
 
@@ -210,7 +210,9 @@ vmovdqa		%ymm7,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx)
+.global _cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx)
 cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx):
+_cdecl(PQCLEAN_KYBER1024_AVX2_invntt_avx):
 #consts
 vmovdqa         _16XQ*2(%rsi),%ymm0
 mov		%rsi,%rdx

crypto_kem/kyber1024/avx2/kem.c

@@ -8,7 +8,6 @@
 #include <stddef.h>
 #include <stdint.h>
 
-
 /*************************************************
 * Name:        PQCLEAN_KYBER1024_AVX2_crypto_kem_keypair
 *
@@ -23,7 +22,7 @@
 * Returns 0 (success)
 **************************************************/
 int PQCLEAN_KYBER1024_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER1024_AVX2_indcpa_keypair(pk, sk);
     for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
         sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@@ -94,8 +93,8 @@ int PQCLEAN_KYBER1024_AVX2_crypto_kem_enc(unsigned char *ct,
 int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(unsigned char *ss,
         const unsigned char *ct,
         const unsigned char *sk) {
-    size_t i = 0;
-    int fail = 0;
+    size_t i;
+    int fail;
     ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) buf;
     /* Will contain key, coins */
     ALIGN32_ARRAY(uint8_t, 2 * KYBER_SYMBYTES) kr;
@@ -119,7 +118,7 @@ int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(unsigned char *ss,
     hash_h(kr.arr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES);
 
     /* Overwrite pre-k with z on re-encryption failure */
-    PQCLEAN_KYBER1024_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail);
+    PQCLEAN_KYBER1024_AVX2_cmov(kr.arr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail);
 
     /* hash concatenation of pre-k and H(c) to k */
     kdf(ss, kr.arr, 2 * KYBER_SYMBYTES);

crypto_kem/kyber1024/avx2/kem.h

@@ -1,17 +1,14 @@
 #ifndef PQCLEAN_KYBER1024_AVX2_KEM_H
 #define PQCLEAN_KYBER1024_AVX2_KEM_H
-
 #include "params.h"
 
 
 int PQCLEAN_KYBER1024_AVX2_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
 
-
 int PQCLEAN_KYBER1024_AVX2_crypto_kem_enc(unsigned char *ct,
         unsigned char *ss,
         const unsigned char *pk);
 
-
 int PQCLEAN_KYBER1024_AVX2_crypto_kem_dec(unsigned char *ss,
         const unsigned char *ct,
         const unsigned char *sk);

crypto_kem/kyber1024/avx2/ntt.S

@@ -1,4 +1,4 @@
-#include "cdecl.inc"
+#include "cdecl.h"
 .include "shuffle.inc"
 .include "fq.inc"
 
@@ -203,7 +203,9 @@ vmovdqa		%ymm11,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx)
+.global _cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx)
 cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx):
+_cdecl(PQCLEAN_KYBER1024_AVX2_ntt_avx):
 #consts
 vmovdqa		_16XQ*2(%rsi),%ymm0
 mov		%rsi,%rdx

crypto_kem/kyber1024/avx2/ntt.h

@@ -1,28 +1,24 @@
-#ifndef NTT_H
-#define NTT_H
-
+#ifndef PQCLEAN_KYBER1024_AVX2_NTT_H
+#define PQCLEAN_KYBER1024_AVX2_NTT_H
 #include "consts.h"
-#include "params.h"
 #include <stdint.h>
 
-
 void PQCLEAN_KYBER1024_AVX2_ntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
-
 void PQCLEAN_KYBER1024_AVX2_invntt_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
 
-
-void nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
-
+void PQCLEAN_KYBER1024_AVX2_nttpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
 void PQCLEAN_KYBER1024_AVX2_nttunpack_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
 
-
-void PQCLEAN_KYBER1024_AVX2_basemul_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
-
-void PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(int16_t *r, const int16_t *a, const int16_t *b, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
-
+void PQCLEAN_KYBER1024_AVX2_basemul_avx(int16_t *r,
+                                        const int16_t *a,
+                                        const int16_t *b,
+                                        const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
+void PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(int16_t *r,
+        const int16_t *a,
+        const int16_t *b,
+        const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
 
 void PQCLEAN_KYBER1024_AVX2_ntttobytes_avx(uint8_t *r, const int16_t *a, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
-
 void PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx(int16_t *r, const uint8_t *a, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
 
 #endif

crypto_kem/kyber1024/avx2/params.h

@@ -1,6 +1,9 @@
 #ifndef PQCLEAN_KYBER1024_AVX2_PARAMS_H
 #define PQCLEAN_KYBER1024_AVX2_PARAMS_H
 
+
+
+
 #define KYBER_N 256
 #define KYBER_Q 3329
 

crypto_kem/kyber1024/avx2/poly.c

@@ -19,7 +19,7 @@
 *              - poly *a:    pointer to input polynomial
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *restrict a) {
-    unsigned int i = 0, j = 0;
+    unsigned int i, j;
     uint8_t t[8];
 
     PQCLEAN_KYBER1024_AVX2_poly_csubq(a);
@@ -50,9 +50,9 @@ void PQCLEAN_KYBER1024_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES],
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_poly_decompress(poly *restrict r,
         const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
 
-    unsigned int j = 0;
+    unsigned int j;
     uint8_t t[8];
     for (i = 0; i < KYBER_N / 8; i++) {
         t[0] = (a[0] >> 0);
@@ -114,7 +114,7 @@ void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *restrict r,
     const __m256i hqs = _mm256_set1_epi16((KYBER_Q + 1) / 2);
 
 #define FROMMSG64(i)                        \
-    g3 = _mm256_shuffle_epi32(f,0x55*(i));              \
+    g3 = _mm256_shuffle_epi32(f,0x55*(i));                \
     g3 = _mm256_sllv_epi32(g3,shift);             \
     g3 = _mm256_shuffle_epi8(g3,idx);             \
     g0 = _mm256_slli_epi16(g3,12);                \
@@ -136,9 +136,9 @@ void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *restrict r,
     g2 = _mm256_permute2x128_si256(h0,h1,0x31);           \
     g1 = _mm256_permute2x128_si256(h2,h3,0x20);           \
     g3 = _mm256_permute2x128_si256(h2,h3,0x31);           \
-    _mm256_store_si256((__m256i *)&r->coeffs[  0+32*(i)+ 0],g0);    \
-    _mm256_store_si256((__m256i *)&r->coeffs[  0+32*(i)+16],g1);    \
-    _mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2);    \
+    _mm256_store_si256((__m256i *)&r->coeffs[  0+32*(i)+ 0],g0);  \
+    _mm256_store_si256((__m256i *)&r->coeffs[  0+32*(i)+16],g1);  \
+    _mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+ 0],g2);  \
     _mm256_store_si256((__m256i *)&r->coeffs[128+32*(i)+16],g3)
 
     f = _mm256_load_si256((__m256i *)msg);
@@ -157,8 +157,8 @@ void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *restrict r,
 *              - poly *a:      pointer to input polynomial
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *restrict a) {
-    unsigned int i = 0;
-    uint32_t small = 0;
+    unsigned int i;
+    uint32_t small;
     __m256i f0, f1, g0, g1;
     const __m256i hqs = _mm256_set1_epi16((KYBER_Q - 1) / 2);
     const __m256i hhqs = _mm256_set1_epi16((KYBER_Q - 5) / 4);
@@ -325,7 +325,7 @@ void PQCLEAN_KYBER1024_AVX2_poly_csubq(poly *r) {
 *            - const poly *b: pointer to second input polynomial
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
-    unsigned int i = 0;
+    unsigned int i;
     __m256i f0, f1;
 
     for (i = 0; i < KYBER_N; i += 16) {
@@ -346,7 +346,7 @@ void PQCLEAN_KYBER1024_AVX2_poly_add(poly *r, const poly *a, const poly *b) {
 *            - const poly *b: pointer to second input polynomial
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_poly_sub(poly *r, const poly *a, const poly *b) {
-    unsigned int i = 0;
+    unsigned int i;
     __m256i f0, f1;
 
     for (i = 0; i < KYBER_N; i += 16) {

crypto_kem/kyber1024/avx2/poly.h

@@ -1,6 +1,5 @@
 #ifndef PQCLEAN_KYBER1024_AVX2_POLY_H
 #define PQCLEAN_KYBER1024_AVX2_POLY_H
-
 #include "params.h"
 #include <immintrin.h>
 #include <stdint.h>
@@ -14,24 +13,16 @@ typedef union {
     int16_t coeffs[KYBER_N];
 } poly;
 
-
 void PQCLEAN_KYBER1024_AVX2_poly_compress(uint8_t r[KYBER_POLYCOMPRESSEDBYTES], poly *a);
-
 void PQCLEAN_KYBER1024_AVX2_poly_decompress(poly *r, const uint8_t a[KYBER_POLYCOMPRESSEDBYTES]);
 
-
 void PQCLEAN_KYBER1024_AVX2_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a);
-
 void PQCLEAN_KYBER1024_AVX2_poly_frombytes(poly *r, const uint8_t a[KYBER_POLYBYTES]);
 
-
 void PQCLEAN_KYBER1024_AVX2_poly_frommsg(poly *r, const uint8_t msg[KYBER_INDCPA_MSGBYTES]);
-
 void PQCLEAN_KYBER1024_AVX2_poly_tomsg(uint8_t msg[KYBER_INDCPA_MSGBYTES], poly *a);
 
-
 void PQCLEAN_KYBER1024_AVX2_poly_getnoise(poly *r, const uint8_t seed[KYBER_SYMBYTES], uint8_t nonce);
-
 void PQCLEAN_KYBER1024_AVX2_poly_getnoise4x(poly *r0,
         poly *r1,
         poly *r2,
@@ -42,25 +33,16 @@ void PQCLEAN_KYBER1024_AVX2_poly_getnoise4x(poly *r0,
         uint8_t nonce2,
         uint8_t nonce3);
 
-
 void PQCLEAN_KYBER1024_AVX2_poly_ntt(poly *r);
-
 void PQCLEAN_KYBER1024_AVX2_poly_invntt_tomont(poly *r);
-
 void PQCLEAN_KYBER1024_AVX2_poly_nttunpack(poly *r);
-
 void PQCLEAN_KYBER1024_AVX2_poly_basemul_montgomery(poly *r, const poly *a, const poly *b);
-
 void PQCLEAN_KYBER1024_AVX2_poly_tomont(poly *r);
 
-
 void PQCLEAN_KYBER1024_AVX2_poly_reduce(poly *r);
-
 void PQCLEAN_KYBER1024_AVX2_poly_csubq(poly *r);
 
-
 void PQCLEAN_KYBER1024_AVX2_poly_add(poly *r, const poly *a, const poly *b);
-
 void PQCLEAN_KYBER1024_AVX2_poly_sub(poly *r, const poly *a, const poly *b);
 
 #endif

crypto_kem/kyber1024/avx2/polyvec.c

@@ -1,6 +1,6 @@
-#include "params.h"
 #include "consts.h"
 #include "ntt.h"
+#include "params.h"
 #include "poly.h"
 #include "polyvec.h"
 #include <stdint.h>
@@ -16,7 +16,7 @@
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES],
         polyvec *restrict a) {
-    unsigned int i = 0, j = 0, k = 0;
+    size_t i, j, k;
 
     PQCLEAN_KYBER1024_AVX2_polyvec_csubq(a);
 
@@ -24,10 +24,8 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBY
     for (i = 0; i < KYBER_K; i++) {
         for (j = 0; j < KYBER_N / 8; j++) {
             for (k = 0; k < 8; k++) {
-                {
-                    t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
-                            / KYBER_Q) & 0x7ff;
-                }
+                t[k] = ((((uint32_t)a->vec[i].coeffs[8 * j + k] << 11) + KYBER_Q / 2)
+                        / KYBER_Q) & 0x7ff;
             }
 
             r[ 0] = (t[0] >>  0);
@@ -58,7 +56,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBY
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_polyvec_decompress(polyvec *restrict r,
         const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]) {
-    unsigned int i = 0, j = 0, k = 0;
+    size_t i, j, k;
 
     uint16_t t[8];
     for (i = 0; i < KYBER_K; i++) {
@@ -90,7 +88,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_decompress(polyvec *restrict r,
 *              - polyvec *a: pointer to input vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER1024_AVX2_poly_tobytes(r + i * KYBER_POLYBYTES, &a->vec[i]);
     }
@@ -107,7 +105,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyv
 *                                  (of length KYBER_POLYVECBYTES)
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER1024_AVX2_poly_frombytes(&r->vec[i], a + i * KYBER_POLYBYTES);
     }
@@ -121,7 +119,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_
 * Arguments:   - polyvec *r: pointer to in/output vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_polyvec_ntt(polyvec *r) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER1024_AVX2_poly_ntt(&r->vec[i]);
     }
@@ -136,7 +134,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_ntt(polyvec *r) {
 * Arguments:   - polyvec *r: pointer to in/output vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_polyvec_invntt_tomont(polyvec *r) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER1024_AVX2_poly_invntt_tomont(&r->vec[i]);
     }
@@ -155,7 +153,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_invntt_tomont(polyvec *r) {
 void PQCLEAN_KYBER1024_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
         const polyvec *a,
         const polyvec *b) {
-    PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, &PQCLEAN_KYBER1024_AVX2_qdata);
+    PQCLEAN_KYBER1024_AVX2_basemul_acc_avx(r->coeffs, a->vec->coeffs, b->vec->coeffs, & PQCLEAN_KYBER1024_AVX2_qdata);
 }
 
 /*************************************************
@@ -168,7 +166,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
 * Arguments:   - poly *r: pointer to input/output polynomial
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_polyvec_reduce(polyvec *r) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER1024_AVX2_poly_reduce(&r->vec[i]);
     }
@@ -185,7 +183,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_reduce(polyvec *r) {
 * Arguments:   - poly *r: pointer to input/output polynomial
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_polyvec_csubq(polyvec *r) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER1024_AVX2_poly_csubq(&r->vec[i]);
     }
@@ -201,7 +199,7 @@ void PQCLEAN_KYBER1024_AVX2_polyvec_csubq(polyvec *r) {
 *            - const polyvec *b: pointer to second input vector of polynomials
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b) {
-    unsigned int i = 0;
+    size_t i;
     for (i = 0; i < KYBER_K; i++) {
         PQCLEAN_KYBER1024_AVX2_poly_add(&r->vec[i], &a->vec[i], &b->vec[i]);
     }

crypto_kem/kyber1024/avx2/polyvec.h

@@ -1,6 +1,5 @@
 #ifndef PQCLEAN_KYBER1024_AVX2_POLYVEC_H
 #define PQCLEAN_KYBER1024_AVX2_POLYVEC_H
-
 #include "params.h"
 #include "poly.h"
 #include <stdint.h>
@@ -9,33 +8,23 @@ typedef struct {
     poly vec[KYBER_K];
 } polyvec;
 
-
 void PQCLEAN_KYBER1024_AVX2_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBYTES], polyvec *a);
-
 void PQCLEAN_KYBER1024_AVX2_polyvec_decompress(polyvec *r,
         const uint8_t a[KYBER_POLYVECCOMPRESSEDBYTES]);
 
-
 void PQCLEAN_KYBER1024_AVX2_polyvec_tobytes(uint8_t r[KYBER_POLYVECBYTES], polyvec *a);
-
 void PQCLEAN_KYBER1024_AVX2_polyvec_frombytes(polyvec *r, const uint8_t a[KYBER_POLYVECBYTES]);
 
-
 void PQCLEAN_KYBER1024_AVX2_polyvec_ntt(polyvec *r);
-
 void PQCLEAN_KYBER1024_AVX2_polyvec_invntt_tomont(polyvec *r);
 
-
 void PQCLEAN_KYBER1024_AVX2_polyvec_pointwise_acc_montgomery(poly *r,
         const polyvec *a,
         const polyvec *b);
 
-
 void PQCLEAN_KYBER1024_AVX2_polyvec_reduce(polyvec *r);
-
 void PQCLEAN_KYBER1024_AVX2_polyvec_csubq(polyvec *r);
 
-
 void PQCLEAN_KYBER1024_AVX2_polyvec_add(polyvec *r, const polyvec *a, const polyvec *b);
 
 #endif

crypto_kem/kyber1024/avx2/reduce.h

@@ -1,16 +1,10 @@
-#ifndef REDUCE_H
-#define REDUCE_H
-
-#include <stdint.h>
-
+#ifndef PQCLEAN_KYBER1024_AVX2_REDUCE_H
+#define PQCLEAN_KYBER1024_AVX2_REDUCE_H
 #include "consts.h"
-#include "params.h"
-
+#include <stdint.h>
 
 int16_t PQCLEAN_KYBER1024_AVX2_reduce_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
-
 int16_t PQCLEAN_KYBER1024_AVX2_csubq_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
-
 int16_t PQCLEAN_KYBER1024_AVX2_tomont_avx(int16_t *r, const qdata_t *PQCLEAN_KYBER1024_AVX2_qdata);
 
 #endif

crypto_kem/kyber1024/avx2/rejsample.c

@@ -2,6 +2,7 @@
 #include "consts.h"
 #include "params.h"
 #include "rejsample.h"
+#include <immintrin.h>
 #include <stdint.h>
 
 static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
@@ -270,9 +271,9 @@ static const ALIGN32_ARRAY_2D(uint8_t, 256, 8) idx = {.arr = {
 #define REJ_UNIFORM_BUFLEN 672
 unsigned int PQCLEAN_KYBER1024_AVX2_rej_uniform_avx(int16_t *restrict r,
         const uint8_t *restrict buf) {
-    unsigned int ctr = 0, pos = 0;
-    uint16_t val = 0;
-    uint32_t good = 0;
+    unsigned int ctr, pos;
+    uint16_t val;
+    uint32_t good;
     const __m256i bound  = _mm256_set1_epi16((int16_t)(19 * KYBER_Q - 1));
     const __m256i ones   = _mm256_set1_epi8(1);
     const __m256i kyberq = _mm256_load_si256((__m256i *)&PQCLEAN_KYBER1024_AVX2_qdata.as_arr[_16XQ]);
@@ -297,7 +298,7 @@ unsigned int PQCLEAN_KYBER1024_AVX2_rej_uniform_avx(int16_t *restrict r,
         g1 = _mm256_inserti128_si256(g1, _mm_loadl_epi64((__m128i *)&idx.arr[(good >> 24) & 0xFF]), 1);
 
         //g0 = _mm256_cvtepu8_epi64(_mm_loadl_epi64((__m128i *)&good));
-        //g1 = _mm256_i64gather_epi64((long long *)idx, g0, 8);
+        //g1 = _mm256_i64gather_epi64((long long *)idx.arr, g0, 8);
 
         /* Barrett reduction of (still unsigned) values */
         g2 = _mm256_mulhi_epu16(f0, v);

crypto_kem/kyber1024/avx2/rejsample.h

@@ -1,10 +1,8 @@
-#ifndef REJSAMPLE_H
-#define REJSAMPLE_H
-
+#ifndef PQCLEAN_KYBER1024_AVX2_REJSAMPLE_H
+#define PQCLEAN_KYBER1024_AVX2_REJSAMPLE_H
 #include "params.h"
 #include <stdint.h>
 
-
 unsigned int PQCLEAN_KYBER1024_AVX2_rej_uniform_avx(int16_t *r,
         const unsigned char *buf);
 

crypto_kem/kyber1024/avx2/shuffle.S

@@ -1,4 +1,4 @@
-#include "cdecl.inc"
+#include "cdecl.h"
 .include "fq.inc"
 .include "shuffle.inc"
 
@@ -92,7 +92,9 @@ vmovdqa		%ymm11,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx)
+.global _cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx)
 cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx):
+_cdecl(PQCLEAN_KYBER1024_AVX2_nttunpack_avx):
 call		nttunpack128_avx
 add		$256,%rdi
 call		nttunpack128_avx
@@ -169,7 +171,9 @@ vmovdqu		%ymm9,160(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx)
+.global _cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx)
 cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx):
+_cdecl(PQCLEAN_KYBER1024_AVX2_ntttobytes_avx):
 #consts
 vmovdqa		_16XQ*2(%rdx),%ymm0
 call		ntttobytes128_avx
@@ -245,7 +249,9 @@ vmovdqa		%ymm1,224(%rdi)
 ret
 
 .global cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx)
+.global _cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx)
 cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx):
+_cdecl(PQCLEAN_KYBER1024_AVX2_nttfrombytes_avx):
 #consts
 vmovdqa		_16XMASK*2(%rdx),%ymm0
 call		nttfrombytes128_avx

crypto_kem/kyber1024/avx2/symmetric-shake.c

@@ -9,8 +9,8 @@
 *
 * Description: Absorb step of the SHAKE128 specialized for the Kyber context.
 *
-* Arguments:   - keccak_state *state: pointer to (uninitialized) output
-*                                     Keccak state
+* Arguments:   - xof_state *state: pointer to (uninitialized) output
+*                                  Keccak state
 *              - const uint8_t *seed: pointer to KYBER_SYMBYTES input
 *                                     to be absorbed into state
 *              - uint8_t i            additional byte of input
@@ -20,7 +20,7 @@ void PQCLEAN_KYBER1024_AVX2_kyber_shake128_absorb(xof_state *state,
         const uint8_t seed[KYBER_SYMBYTES],
         uint8_t x,
         uint8_t y) {
-    unsigned int i = 0;
+    unsigned int i;
     uint8_t extseed[KYBER_SYMBYTES + 2];
 
     for (i = 0; i < KYBER_SYMBYTES; i++) {
@@ -48,7 +48,7 @@ void PQCLEAN_KYBER1024_AVX2_kyber_shake256_prf(uint8_t *out,
         size_t outlen,
         const uint8_t key[KYBER_SYMBYTES],
         uint8_t nonce) {
-    unsigned int i = 0;
+    unsigned int i;
     uint8_t extkey[KYBER_SYMBYTES + 1];
 
     for (i = 0; i < KYBER_SYMBYTES; i++) {

crypto_kem/kyber1024/avx2/symmetric.h

@@ -1,17 +1,16 @@
-#ifndef SYMMETRIC_H
-#define SYMMETRIC_H
-
+#ifndef PQCLEAN_KYBER1024_AVX2_SYMMETRIC_H
+#define PQCLEAN_KYBER1024_AVX2_SYMMETRIC_H
+#include "fips202.h"
+#include "fips202x4.h"
 #include "params.h"
 #include <stddef.h>
 #include <stdint.h>
 
 
-#include "fips202.h"
-#include "fips202x4.h"
 
 typedef shake128ctx xof_state;
 
-void PQCLEAN_KYBER1024_AVX2_kyber_shake128_absorb(shake128ctx *s,
+void PQCLEAN_KYBER1024_AVX2_kyber_shake128_absorb(xof_state *s,
         const uint8_t seed[KYBER_SYMBYTES],
         uint8_t x,
         uint8_t y);

crypto_kem/kyber1024/avx2/verify.c

@@ -15,8 +15,8 @@
 * Returns 0 if the byte arrays are equal, 1 otherwise
 **************************************************/
 int PQCLEAN_KYBER1024_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len) {
-    size_t pos = 0;
-    uint64_t r = 0;
+    size_t pos;
+    uint64_t r;
     __m256i avec, bvec, cvec;
 
     cvec = _mm256_setzero_si256();
@@ -53,7 +53,7 @@ int PQCLEAN_KYBER1024_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len
 *              unsigned char b:        Condition bit; has to be in {0,1}
 **************************************************/
 void PQCLEAN_KYBER1024_AVX2_cmov(uint8_t *restrict r, const uint8_t *restrict x, size_t len, uint8_t b) {
-    size_t pos = 0;
+    size_t pos;
     __m256i xvec, rvec, bvec;
 
     b = -b;

crypto_kem/kyber1024/avx2/verify.h

@@ -1,14 +1,11 @@
 #ifndef PQCLEAN_KYBER1024_AVX2_VERIFY_H
 #define PQCLEAN_KYBER1024_AVX2_VERIFY_H
-
 #include "params.h"
 #include <stddef.h>
 #include <stdint.h>
 
-
 int PQCLEAN_KYBER1024_AVX2_verify(const uint8_t *a, const uint8_t *b, size_t len);
 
-
 void PQCLEAN_KYBER1024_AVX2_cmov(uint8_t *r, const uint8_t *x, size_t len, uint8_t b);
 
 #endif

crypto_kem/kyber1024/clean/Makefile

@@ -1,8 +1,8 @@
 # This Makefile can be used with GNU Make or BSD Make
 
 LIB=libkyber1024_clean.a
-HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h verify.h symmetric.h
-OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o verify.o symmetric-shake.o
+HEADERS=api.h cbd.h indcpa.h kem.h ntt.h params.h poly.h polyvec.h reduce.h symmetric.h verify.h 
+OBJECTS=cbd.o indcpa.o kem.o ntt.o poly.o polyvec.o reduce.o symmetric-shake.o verify.o 
 
 CFLAGS=-O3 -Wall -Wextra -Wpedantic -Werror -Wmissing-prototypes -Wredundant-decls -std=c99 -I../../../common $(EXTRAFLAGS)
 

crypto_kem/kyber1024/clean/Makefile.Microsoft_nmake

@@ -2,7 +2,7 @@
 #    nmake /f Makefile.Microsoft_nmake
 
 LIBRARY=libkyber1024_clean.lib
-OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj verify.obj symmetric-shake.obj
+OBJECTS=cbd.obj indcpa.obj kem.obj ntt.obj poly.obj polyvec.obj reduce.obj symmetric-shake.obj verify.obj 
 
 # Warning C4146 is raised when a unary minus operator is applied to an
 # unsigned type; this has nonetheless been standard and portable for as

crypto_kem/kyber1024/clean/api.h

@@ -15,5 +15,4 @@ int PQCLEAN_KYBER1024_CLEAN_crypto_kem_enc(uint8_t *ct, uint8_t *ss, const uint8
 
 int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(uint8_t *ss, const uint8_t *ct, const uint8_t *sk);
 
-
 #endif

crypto_kem/kyber1024/clean/cbd.c

@@ -1,5 +1,5 @@
-#include "params.h"
 #include "cbd.h"
+#include "params.h"
 #include <stdint.h>
 
 /*************************************************
@@ -13,7 +13,7 @@
 * Returns 32-bit unsigned integer loaded from x
 **************************************************/
 static uint32_t load32_littleendian(const uint8_t x[4]) {
-    uint32_t r = 0;
+    uint32_t r;
     r  = (uint32_t)x[0];
     r |= (uint32_t)x[1] << 8;
     r |= (uint32_t)x[2] << 16;
@@ -32,9 +32,9 @@ static uint32_t load32_littleendian(const uint8_t x[4]) {
 *              - const uint8_t *buf: pointer to input byte array
 **************************************************/
 void PQCLEAN_KYBER1024_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]) {
-    unsigned int i = 0, j = 0;
-    uint32_t t = 0, d = 0;
-    int16_t a = 0, b = 0;
+    unsigned int i, j;
+    uint32_t t, d;
+    int16_t a, b;
 
     for (i = 0; i < KYBER_N / 8; i++) {
         t  = load32_littleendian(buf + 4 * i);

crypto_kem/kyber1024/clean/cbd.h

@@ -1,11 +1,9 @@
 #ifndef PQCLEAN_KYBER1024_CLEAN_CBD_H
 #define PQCLEAN_KYBER1024_CLEAN_CBD_H
-
 #include "params.h"
 #include "poly.h"
 #include <stdint.h>
 
-
 void PQCLEAN_KYBER1024_CLEAN_cbd(poly *r, const uint8_t buf[KYBER_ETA * KYBER_N / 4]);
 
 #endif

crypto_kem/kyber1024/clean/indcpa.c

@@ -22,7 +22,7 @@
 static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
                     polyvec *pk,
                     const uint8_t seed[KYBER_SYMBYTES]) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER1024_CLEAN_polyvec_tobytes(r, pk);
     for (i = 0; i < KYBER_SYMBYTES; i++) {
         r[i + KYBER_POLYVECBYTES] = seed[i];
@@ -44,7 +44,7 @@ static void pack_pk(uint8_t r[KYBER_INDCPA_PUBLICKEYBYTES],
 static void unpack_pk(polyvec *pk,
                       uint8_t seed[KYBER_SYMBYTES],
                       const uint8_t packedpk[KYBER_INDCPA_PUBLICKEYBYTES]) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER1024_CLEAN_polyvec_frombytes(pk, packedpk);
     for (i = 0; i < KYBER_SYMBYTES; i++) {
         seed[i] = packedpk[i + KYBER_POLYVECBYTES];
@@ -132,8 +132,8 @@ static unsigned int rej_uniform(int16_t *r,
                                 unsigned int len,
                                 const uint8_t *buf,
                                 unsigned int buflen) {
-    unsigned int ctr = 0, pos = 0;
-    uint16_t val = 0;
+    unsigned int ctr, pos;
+    uint16_t val;
 
     ctr = pos = 0;
     while (ctr < len && pos + 2 <= buflen) {
@@ -169,8 +169,7 @@ static unsigned int rej_uniform(int16_t *r,
                              + XOF_BLOCKBYTES)/XOF_BLOCKBYTES)
 // Not static for benchmarking
 void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) {
-    unsigned int ctr = 0;
-    uint8_t i = 0, j = 0;
+    unsigned int ctr, i, j;
     uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES];
     xof_state state;
 
@@ -208,7 +207,7 @@ void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYM
 **************************************************/
 void PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
         uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
     uint8_t buf[2 * KYBER_SYMBYTES];
     const uint8_t *publicseed = buf;
     const uint8_t *noiseseed = buf + KYBER_SYMBYTES;
@@ -264,7 +263,7 @@ void PQCLEAN_KYBER1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
                                         const uint8_t m[KYBER_INDCPA_MSGBYTES],
                                         const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
                                         const uint8_t coins[KYBER_SYMBYTES]) {
-    unsigned int i = 0;
+    unsigned int i;
     uint8_t seed[KYBER_SYMBYTES];
     uint8_t nonce = 0;
     polyvec sp, pkpv, ep, at[KYBER_K], bp;

crypto_kem/kyber1024/clean/indcpa.h

@@ -1,16 +1,20 @@
 #ifndef PQCLEAN_KYBER1024_CLEAN_INDCPA_H
 #define PQCLEAN_KYBER1024_CLEAN_INDCPA_H
-
 #include "params.h"
 #include "polyvec.h"
 #include <stdint.h>
 
 void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed);
+void PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
+        uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
 
-void PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
-
-void PQCLEAN_KYBER1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES], const uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES], const uint8_t coins[KYBER_SYMBYTES]);
+void PQCLEAN_KYBER1024_CLEAN_indcpa_enc(uint8_t c[KYBER_INDCPA_BYTES],
+                                        const uint8_t m[KYBER_INDCPA_MSGBYTES],
+                                        const uint8_t pk[KYBER_INDCPA_PUBLICKEYBYTES],
+                                        const uint8_t coins[KYBER_SYMBYTES]);
 
-void PQCLEAN_KYBER1024_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES], const uint8_t c[KYBER_INDCPA_BYTES], const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
+void PQCLEAN_KYBER1024_CLEAN_indcpa_dec(uint8_t m[KYBER_INDCPA_MSGBYTES],
+                                        const uint8_t c[KYBER_INDCPA_BYTES],
+                                        const uint8_t sk[KYBER_INDCPA_SECRETKEYBYTES]);
 
 #endif

crypto_kem/kyber1024/clean/kem.c

@@ -21,7 +21,7 @@
 * Returns 0 (success)
 **************************************************/
 int PQCLEAN_KYBER1024_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk) {
-    size_t i = 0;
+    size_t i;
     PQCLEAN_KYBER1024_CLEAN_indcpa_keypair(pk, sk);
     for (i = 0; i < KYBER_INDCPA_PUBLICKEYBYTES; i++) {
         sk[i + KYBER_INDCPA_SECRETKEYBYTES] = pk[i];
@@ -92,8 +92,8 @@ int PQCLEAN_KYBER1024_CLEAN_crypto_kem_enc(unsigned char *ct,
 int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(unsigned char *ss,
         const unsigned char *ct,
         const unsigned char *sk) {
-    size_t i = 0;
-    int fail = 0;
+    size_t i;
+    int fail;
     uint8_t buf[2 * KYBER_SYMBYTES];
     /* Will contain key, coins */
     uint8_t kr[2 * KYBER_SYMBYTES];

crypto_kem/kyber1024/clean/kem.h

@@ -1,17 +1,14 @@
 #ifndef PQCLEAN_KYBER1024_CLEAN_KEM_H
 #define PQCLEAN_KYBER1024_CLEAN_KEM_H
-
 #include "params.h"
 
 
 int PQCLEAN_KYBER1024_CLEAN_crypto_kem_keypair(unsigned char *pk, unsigned char *sk);
 
-
 int PQCLEAN_KYBER1024_CLEAN_crypto_kem_enc(unsigned char *ct,
         unsigned char *ss,
         const unsigned char *pk);
 
-
 int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(unsigned char *ss,
         const unsigned char *ct,
         const unsigned char *sk);

crypto_kem/kyber1024/clean/ntt.c

@@ -1,5 +1,5 @@
-#include "params.h"
 #include "ntt.h"
+#include "params.h"
 #include "reduce.h"
 #include <stdint.h>
 
@@ -89,8 +89,8 @@ static int16_t fqmul(int16_t a, int16_t b) {
 *                                of Zq
 **************************************************/
 void PQCLEAN_KYBER1024_CLEAN_ntt(int16_t r[256]) {
-    unsigned int len = 0, start = 0, j = 0, k = 0;
-    int16_t t = 0, zeta = 0;
+    unsigned int len, start, j, k;
+    int16_t t, zeta;
 
     k = 1;
     for (len = 128; len >= 2; len >>= 1) {
@@ -116,8 +116,8 @@ void PQCLEAN_KYBER1024_CLEAN_ntt(int16_t r[256]) {
 *                                of Zq
 **************************************************/
 void PQCLEAN_KYBER1024_CLEAN_invntt(int16_t r[256]) {
-    unsigned int start = 0, len = 0, j = 0, k = 0;
-    int16_t t = 0, zeta = 0;
+    unsigned int start, len, j, k;
+    int16_t t, zeta;
 
     k = 0;
     for (len = 2; len <= 128; len <<= 1) {
@@ -148,7 +148,10 @@ void PQCLEAN_KYBER1024_CLEAN_invntt(int16_t r[256]) {
 *              - const int16_t b[2]: pointer to the second factor
 *              - int16_t zeta:       integer defining the reduction polynomial
 **************************************************/
-void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta) {
+void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2],
+                                     const int16_t a[2],
+                                     const int16_t b[2],
+                                     int16_t zeta) {
     r[0]  = fqmul(a[1], b[1]);
     r[0]  = fqmul(r[0], zeta);
     r[0] += fqmul(a[0], b[0]);

crypto_kem/kyber1024/clean/ntt.h

@@ -1,22 +1,19 @@
 #ifndef PQCLEAN_KYBER1024_CLEAN_NTT_H
 #define PQCLEAN_KYBER1024_CLEAN_NTT_H
-
 #include "params.h"
 #include <stdint.h>
 
-
 extern const int16_t PQCLEAN_KYBER1024_CLEAN_zetas[128];
 
-
 extern const int16_t PQCLEAN_KYBER1024_CLEAN_zetas_inv[128];
 
-
 void PQCLEAN_KYBER1024_CLEAN_ntt(int16_t r[256]);
 
-
 void PQCLEAN_KYBER1024_CLEAN_invntt(int16_t r[256]);
 
-
-void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2], const int16_t a[2], const int16_t b[2], int16_t zeta);
+void PQCLEAN_KYBER1024_CLEAN_basemul(int16_t r[2],
+                                     const int16_t a[2],
+                                     const int16_t b[2],
+                                     int16_t zeta);
 
 #endif

crypto_kem/kyber1024/clean/params.h

@@ -1,6 +1,9 @@
 #ifndef PQCLEAN_KYBER1024_CLEAN_PARAMS_H
 #define PQCLEAN_KYBER1024_CLEAN_PARAMS_H
 
+
+
+
 #define KYBER_N 256
 #define KYBER_Q 3329