From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Fri, 10 Mar 2017 00:12:44 +0000 (+0100)
Subject: removed signed left shift UB
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=a6b931db9887a79b49668752d1df9885d0369030;p=Monocypher.git

removed signed left shift UB
---

diff --git a/monocypher.c b/monocypher.c
index 9b993fe..56686eb 100644
--- a/monocypher.c
+++ b/monocypher.c
@@ -796,16 +796,16 @@ static u32 load24_le(const u8 s[3])
 sv fe_carry(fe h, i64 t[10])
 {
     i64 c0, c1, c2, c3, c4, c5, c6, c7, c8, c9;
-    c9 = (t[9] + (i64) (1<<24)) >> 25; t[0] += c9 * 19; t[9] -= c9 << 25;
-    c1 = (t[1] + (i64) (1<<24)) >> 25; t[2] += c1;      t[1] -= c1 << 25;
-    c3 = (t[3] + (i64) (1<<24)) >> 25; t[4] += c3;      t[3] -= c3 << 25;
-    c5 = (t[5] + (i64) (1<<24)) >> 25; t[6] += c5;      t[5] -= c5 << 25;
-    c7 = (t[7] + (i64) (1<<24)) >> 25; t[8] += c7;      t[7] -= c7 << 25;
-    c0 = (t[0] + (i64) (1<<25)) >> 26; t[1] += c0;      t[0] -= c0 << 26;
-    c2 = (t[2] + (i64) (1<<25)) >> 26; t[3] += c2;      t[2] -= c2 << 26;
-    c4 = (t[4] + (i64) (1<<25)) >> 26; t[5] += c4;      t[4] -= c4 << 26;
-    c6 = (t[6] + (i64) (1<<25)) >> 26; t[7] += c6;      t[6] -= c6 << 26;
-    c8 = (t[8] + (i64) (1<<25)) >> 26; t[9] += c8;      t[8] -= c8 << 26;
+    c9 = (t[9] + (i64) (1<<24)) >> 25; t[0] += c9 * 19; t[9] -= (u64)c9 << 25;
+    c1 = (t[1] + (i64) (1<<24)) >> 25; t[2] += c1;      t[1] -= (u64)c1 << 25;
+    c3 = (t[3] + (i64) (1<<24)) >> 25; t[4] += c3;      t[3] -= (u64)c3 << 25;
+    c5 = (t[5] + (i64) (1<<24)) >> 25; t[6] += c5;      t[5] -= (u64)c5 << 25;
+    c7 = (t[7] + (i64) (1<<24)) >> 25; t[8] += c7;      t[7] -= (u64)c7 << 25;
+    c0 = (t[0] + (i64) (1<<25)) >> 26; t[1] += c0;      t[0] -= (u64)c0 << 26;
+    c2 = (t[2] + (i64) (1<<25)) >> 26; t[3] += c2;      t[2] -= (u64)c2 << 26;
+    c4 = (t[4] + (i64) (1<<25)) >> 26; t[5] += c4;      t[4] -= (u64)c4 << 26;
+    c6 = (t[6] + (i64) (1<<25)) >> 26; t[7] += c6;      t[6] -= (u64)c6 << 26;
+    c8 = (t[8] + (i64) (1<<25)) >> 26; t[9] += c8;      t[8] -= (u64)c8 << 26;
     FOR (i, 0, 10) { h[i] = t[i]; }
 }
 
@@ -867,18 +867,18 @@ sv fe_mul(fe h, const fe f, const fe g)
         +    f5*(i64)g4 + f6*(i64)g3 + f7*(i64)g2 + f8*(i64)g1 + f9*(i64)g0;
 
     i64 c0, c1, c2, c3, c4, c5, c6, c7, c8, c9;
-    c0 = (h0 + (i64) (1<<25)) >> 26; h1 += c0;      h0 -= c0 << 26;
-    c4 = (h4 + (i64) (1<<25)) >> 26; h5 += c4;      h4 -= c4 << 26;
-    c1 = (h1 + (i64) (1<<24)) >> 25; h2 += c1;      h1 -= c1 << 25;
-    c5 = (h5 + (i64) (1<<24)) >> 25; h6 += c5;      h5 -= c5 << 25;
-    c2 = (h2 + (i64) (1<<25)) >> 26; h3 += c2;      h2 -= c2 << 26;
-    c6 = (h6 + (i64) (1<<25)) >> 26; h7 += c6;      h6 -= c6 << 26;
-    c3 = (h3 + (i64) (1<<24)) >> 25; h4 += c3;      h3 -= c3 << 25;
-    c7 = (h7 + (i64) (1<<24)) >> 25; h8 += c7;      h7 -= c7 << 25;
-    c4 = (h4 + (i64) (1<<25)) >> 26; h5 += c4;      h4 -= c4 << 26;
-    c8 = (h8 + (i64) (1<<25)) >> 26; h9 += c8;      h8 -= c8 << 26;
-    c9 = (h9 + (i64) (1<<24)) >> 25; h0 += c9 * 19; h9 -= c9 << 25;
-    c0 = (h0 + (i64) (1<<25)) >> 26; h1 += c0;      h0 -= c0 << 26;
+    c0 = (h0 + (i64) (1<<25)) >> 26; h1 += c0;      h0 -= (u64)c0 << 26;
+    c4 = (h4 + (i64) (1<<25)) >> 26; h5 += c4;      h4 -= (u64)c4 << 26;
+    c1 = (h1 + (i64) (1<<24)) >> 25; h2 += c1;      h1 -= (u64)c1 << 25;
+    c5 = (h5 + (i64) (1<<24)) >> 25; h6 += c5;      h5 -= (u64)c5 << 25;
+    c2 = (h2 + (i64) (1<<25)) >> 26; h3 += c2;      h2 -= (u64)c2 << 26;
+    c6 = (h6 + (i64) (1<<25)) >> 26; h7 += c6;      h6 -= (u64)c6 << 26;
+    c3 = (h3 + (i64) (1<<24)) >> 25; h4 += c3;      h3 -= (u64)c3 << 25;
+    c7 = (h7 + (i64) (1<<24)) >> 25; h8 += c7;      h7 -= (u64)c7 << 25;
+    c4 = (h4 + (i64) (1<<25)) >> 26; h5 += c4;      h4 -= (u64)c4 << 26;
+    c8 = (h8 + (i64) (1<<25)) >> 26; h9 += c8;      h8 -= (u64)c8 << 26;
+    c9 = (h9 + (i64) (1<<24)) >> 25; h0 += c9 * 19; h9 -= (u64)c9 << 25;
+    c0 = (h0 + (i64) (1<<25)) >> 26; h1 += c0;      h0 -= (u64)c0 << 26;
 
     h[0] = h0;  h[1] = h1;  h[2] = h2;  h[3] = h3;  h[4] = h4;
     h[5] = h5;  h[6] = h6;  h[7] = h7;  h[8] = h8;  h[9] = h9;
@@ -914,22 +914,22 @@ sv fe_tobytes(u8 s[32], const fe h)
     }
     t[0] += 19 * q;
 
-    i32 c0 = t[0] >> 26; t[1] += c0; t[0] -= c0 << 26;
-    i32 c1 = t[1] >> 25; t[2] += c1; t[1] -= c1 << 25;
-    i32 c2 = t[2] >> 26; t[3] += c2; t[2] -= c2 << 26;
-    i32 c3 = t[3] >> 25; t[4] += c3; t[3] -= c3 << 25;
-    i32 c4 = t[4] >> 26; t[5] += c4; t[4] -= c4 << 26;
-    i32 c5 = t[5] >> 25; t[6] += c5; t[5] -= c5 << 25;
-    i32 c6 = t[6] >> 26; t[7] += c6; t[6] -= c6 << 26;
-    i32 c7 = t[7] >> 25; t[8] += c7; t[7] -= c7 << 25;
-    i32 c8 = t[8] >> 26; t[9] += c8; t[8] -= c8 << 26;
-    i32 c9 = t[9] >> 25;             t[9] -= c9 << 25;
+    i32 c0 = t[0] >> 26; t[1] += c0; t[0] -= (u64)c0 << 26;
+    i32 c1 = t[1] >> 25; t[2] += c1; t[1] -= (u64)c1 << 25;
+    i32 c2 = t[2] >> 26; t[3] += c2; t[2] -= (u64)c2 << 26;
+    i32 c3 = t[3] >> 25; t[4] += c3; t[3] -= (u64)c3 << 25;
+    i32 c4 = t[4] >> 26; t[5] += c4; t[4] -= (u64)c4 << 26;
+    i32 c5 = t[5] >> 25; t[6] += c5; t[5] -= (u64)c5 << 25;
+    i32 c6 = t[6] >> 26; t[7] += c6; t[6] -= (u64)c6 << 26;
+    i32 c7 = t[7] >> 25; t[8] += c7; t[7] -= (u64)c7 << 25;
+    i32 c8 = t[8] >> 26; t[9] += c8; t[8] -= (u64)c8 << 26;
+    i32 c9 = t[9] >> 25;             t[9] -= (u64)c9 << 25;
 
     store32_le(s +  0, ((u32)t[0] >>  0) | ((u32)t[1] << 26));
     store32_le(s +  4, ((u32)t[1] >>  6) | ((u32)t[2] << 19));
     store32_le(s +  8, ((u32)t[2] >> 13) | ((u32)t[3] << 13));
     store32_le(s + 12, ((u32)t[3] >> 19) | ((u32)t[4] <<  6));
-    store32_le(s + 16, ((u32)t[5] <<  0) | ((u32)t[6] << 25));
+    store32_le(s + 16, ((u32)t[5] >>  0) | ((u32)t[6] << 25));
     store32_le(s + 20, ((u32)t[6] >>  7) | ((u32)t[7] << 19));
     store32_le(s + 24, ((u32)t[7] >> 13) | ((u32)t[8] << 12));
     store32_le(s + 28, ((u32)t[8] >> 20) | ((u32)t[9] <<  6));
@@ -1170,24 +1170,23 @@ sv modL(u8 *r, i64 x[64])
                                 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
                                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 };
-    unsigned i;
-    for (i = 63; i >= 32; i--) {
+    for (unsigned i = 63; i >= 32; i--) {
         i64 carry = 0;
         FOR (j, i-32, i-12) {
             x[j] += carry - 16 * x[i] * L[j - (i - 32)];
             carry = (x[j] + 128) >> 8;
-            x[j] -= carry << 8;
+            x[j] -= (u64)carry << 8;
         }
         x[i-12] += carry;
         x[i] = 0;
     }
     i64 carry = 0;
-    FOR(j, 0, 32) {
-        x[j] += carry - (x[31] >> 4) * L[j];
-        carry = x[j] >> 8;
-        x[j] &= 255;
+    FOR(i, 0, 32) {
+        x[i] += carry - (x[31] >> 4) * L[i];
+        carry = x[i] >> 8;
+        x[i] &= 255;
     }
-    FOR(j, 0, 32) { x[j] -= carry * L[j]; }
+    FOR(i, 0, 32) { x[i] -= carry * L[i]; }
     FOR(i, 0, 32) {
         x[i+1] += x[i] >> 8;
         r[i  ]  = x[i] & 255;