From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Tue, 7 Mar 2017 19:59:41 +0000 (+0100)
Subject: fixed undefined behavior
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=5610ac13a09a34ef98c187fb32ce3ed608c4b759;p=Monocypher.git

fixed undefined behavior
---

diff --git a/monocypher.c b/monocypher.c
index b2a43d1..18ff661 100644
--- a/monocypher.c
+++ b/monocypher.c
@@ -908,11 +908,18 @@ sv fe_tobytes(u8 s[32], const fe h)
         q += t[2*i+1]; q >>= 25;
     }
     t[0] += 19 * q;
-    FOR (i, 0, 5) {
-        i32 carry;
-        carry = t[2*i  ] >> 26; t[2*i+1] += carry; t[2*i  ] -= carry << 26;
-        carry = t[2*i+1] >> 25; t[2*i+2] += carry; t[2*i+1] -= carry << 25;
-    }
+
+    i32 c0 = t[0] >> 26; t[1] += c0; t[0] -= c0 << 26;
+    i32 c1 = t[1] >> 25; t[2] += c1; t[1] -= c1 << 25;
+    i32 c2 = t[2] >> 26; t[3] += c2; t[2] -= c2 << 26;
+    i32 c3 = t[3] >> 25; t[4] += c3; t[3] -= c3 << 25;
+    i32 c4 = t[4] >> 26; t[5] += c4; t[4] -= c4 << 26;
+    i32 c5 = t[5] >> 25; t[6] += c5; t[5] -= c5 << 25;
+    i32 c6 = t[6] >> 26; t[7] += c6; t[6] -= c6 << 26;
+    i32 c7 = t[7] >> 25; t[8] += c7; t[7] -= c7 << 25;
+    i32 c8 = t[8] >> 26; t[9] += c8; t[8] -= c8 << 26;
+    i32 c9 = t[9] >> 25;             t[9] -= c9 << 25;
+
     store32_le(s +  0, ((u32)t[0] >>  0) | ((u32)t[1] << 26));
     store32_le(s +  4, ((u32)t[1] >>  6) | ((u32)t[2] << 19));
     store32_le(s +  8, ((u32)t[2] >> 13) | ((u32)t[3] << 13));