CI fix:

Fix carry and borrow calculations in curve448_gf.cpp and ed448_internal.cpp

src/lib/pubkey/curve448/curve448_utils/curve448_gf.cpp

@@ -25,7 +25,7 @@ namespace {
 inline uint64_t u64_add(uint64_t a, uint64_t b, bool* carry) {
    // Let the compiler optimize this into fancy instructions
    const uint64_t sum = a + b;
-   *carry = static_cast<uint64_t>(sum < a);
+   *carry = sum < a;
    return sum;
 }
 
@@ -36,9 +36,9 @@ inline uint64_t u64_add(uint64_t a, uint64_t b, bool* carry) {
 inline uint64_t u64_add_with_carry(uint64_t a, uint64_t b, bool* carry) {
    // Let the compiler optimize this into fancy instructions
    uint64_t sum = a + b;
-   const uint64_t carry_a_plus_b = (sum < a);
-   sum += *carry;
-   *carry = carry_a_plus_b + static_cast<uint64_t>(sum < *carry);
+   const bool carry_a_plus_b = (sum < a);
+   sum += static_cast<uint64_t>(*carry);
+   *carry = static_cast<uint64_t>(carry_a_plus_b) | static_cast<uint64_t>(sum < static_cast<uint64_t>(*carry));
    return sum;
 }
 
@@ -49,10 +49,10 @@ inline uint64_t u64_add_with_carry(uint64_t a, uint64_t b, bool* carry) {
  */
 inline uint64_t u64_sub_with_borrow(uint64_t a, uint64_t b, bool* borrow) {
    // Let the compiler optimize this into fancy instructions
-   const word diff = a - b;
-   const word borrow_a_min_b = diff > a;
-   const word z = diff - *borrow;
-   *borrow = borrow_a_min_b + static_cast<uint64_t>(z > diff);
+   const uint64_t diff = a - b;
+   const bool borrow_a_min_b = diff > a;
+   const uint64_t z = diff - static_cast<uint64_t>(*borrow);
+   *borrow = static_cast<uint64_t>(borrow_a_min_b) | static_cast<uint64_t>(z > diff);
    return z;
 }
 
@@ -102,7 +102,6 @@ void reduce_after_add(std::span<uint64_t, 7> h_3, std::span<const uint64_t, 8> h
  * Algorithm 1 of paper "Reduction Modulo 2^448 - 2^224 - 1".
  */
 void reduce_after_mul(std::span<uint64_t, 7> out, std::span<const uint64_t, 14> in) {
-   BOTAN_ASSERT_NOMSG(sizeof(uint64_t) == 8);
    std::array<uint64_t, 8> r;
    std::array<uint64_t, 8> s;
    std::array<uint64_t, 8> t_0;
@@ -171,8 +170,10 @@ void word_arr_to_span64(std::span<uint64_t, S> out, std::span<const word, S * wo
 void gf_mul(std::span<uint64_t, 7> out, std::span<const uint64_t, 7> a, std::span<const uint64_t, 7> b) {
    std::array<uint64_t, 14> ws;
    if constexpr(std::same_as<uint64_t, word>) {
-      bigint_comba_mul7(
-         static_cast<word*>(ws.data()), static_cast<const word*>(a.data()), static_cast<const word*>(b.data()));
+      // Reinterpret cast to itself to prevent compiler errors on non 64-bit systems
+      bigint_comba_mul7(reinterpret_cast<word*>(ws.data()),
+                        reinterpret_cast<const word*>(a.data()),
+                        reinterpret_cast<const word*>(b.data()));
    } else {
       const auto a_arr = load_le<std::array<uint64_t, 7>>(store_le(a));
       const auto b_arr = load_le<std::array<uint64_t, 7>>(store_le(b));
@@ -197,8 +198,9 @@ void gf_mul(std::span<uint64_t, 7> out, std::span<const uint64_t, 7> a, std::spa
 void gf_square(std::span<uint64_t, 7> out, std::span<const uint64_t, 7> a) {
    std::array<uint64_t, 14> ws;
 
-   if constexpr(sizeof(word) == sizeof(uint64_t)) {
-      bigint_comba_sqr7(ws.data(), a.data());
+   if constexpr(std::same_as<uint64_t, word>) {
+      // Reinterpret cast to itself to prevent compiler errors on non 64-bit systems
+      bigint_comba_sqr7(reinterpret_cast<word*>(ws.data()), reinterpret_cast<const word*>(a.data()));
    } else {
       const auto a_arr = load_le<std::array<uint64_t, 7>>(store_le(a));
       auto ws_arr = std::array<word, words_per_uint64 * 14>{};

src/lib/pubkey/ed448/ed448_internal.cpp

@@ -313,7 +313,7 @@ bool verify_signature(std::span<const uint8_t, 57> pk,
       // 3. Check the group equation [4][S]B = [4]R + [4][k]A’. It’s
       //    sufficient, but not required, to instead check [S]B = R + [k]A’.
       return (big_s * Ed448Point::base_point()) == (big_r + k * Ed448Point::decode(pk));
-   } catch(Decoding_Error& e) {
+   } catch(Decoding_Error&) {
       return false;
    }
 }