From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Fri, 10 Apr 2020 21:22:21 +0000 (+0200)
Subject: Fixed shift of integers on 16 bit machines
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=f2af4c9dcd354344e9324c196ff6fda984e29fef;p=Monocypher.git

Fixed shift of integers on 16 bit machines
---

diff --git a/src/monocypher.c b/src/monocypher.c
index 7ecb60a..3dd3f26 100644
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -1068,16 +1068,16 @@ static void fe_ccopy(fe f, const fe g, int b)
 
 #define FE_CARRY                                                        \
     i64 c0, c1, c2, c3, c4, c5, c6, c7, c8, c9;                         \
-    c9 = (t9 + (i64)(1<<24)) >> 25; t0 += c9 * 19; t9 -= c9 * (1 << 25); \
-    c1 = (t1 + (i64)(1<<24)) >> 25; t2 += c1;      t1 -= c1 * (1 << 25); \
-    c3 = (t3 + (i64)(1<<24)) >> 25; t4 += c3;      t3 -= c3 * (1 << 25); \
-    c5 = (t5 + (i64)(1<<24)) >> 25; t6 += c5;      t5 -= c5 * (1 << 25); \
-    c7 = (t7 + (i64)(1<<24)) >> 25; t8 += c7;      t7 -= c7 * (1 << 25); \
-    c0 = (t0 + (i64)(1<<25)) >> 26; t1 += c0;      t0 -= c0 * (1 << 26); \
-    c2 = (t2 + (i64)(1<<25)) >> 26; t3 += c2;      t2 -= c2 * (1 << 26); \
-    c4 = (t4 + (i64)(1<<25)) >> 26; t5 += c4;      t4 -= c4 * (1 << 26); \
-    c6 = (t6 + (i64)(1<<25)) >> 26; t7 += c6;      t6 -= c6 * (1 << 26); \
-    c8 = (t8 + (i64)(1<<25)) >> 26; t9 += c8;      t8 -= c8 * (1 << 26); \
+    c9 = (t9 + ((i64)1<<24)) >> 25; t0 += c9 * 19; t9 -= c9 * ((i64)1 << 25); \
+    c1 = (t1 + ((i64)1<<24)) >> 25; t2 += c1;      t1 -= c1 * ((i64)1 << 25); \
+    c3 = (t3 + ((i64)1<<24)) >> 25; t4 += c3;      t3 -= c3 * ((i64)1 << 25); \
+    c5 = (t5 + ((i64)1<<24)) >> 25; t6 += c5;      t5 -= c5 * ((i64)1 << 25); \
+    c7 = (t7 + ((i64)1<<24)) >> 25; t8 += c7;      t7 -= c7 * ((i64)1 << 25); \
+    c0 = (t0 + ((i64)1<<25)) >> 26; t1 += c0;      t0 -= c0 * ((i64)1 << 26); \
+    c2 = (t2 + ((i64)1<<25)) >> 26; t3 += c2;      t2 -= c2 * ((i64)1 << 26); \
+    c4 = (t4 + ((i64)1<<25)) >> 26; t5 += c4;      t4 -= c4 * ((i64)1 << 26); \
+    c6 = (t6 + ((i64)1<<25)) >> 26; t7 += c6;      t6 -= c6 * ((i64)1 << 26); \
+    c8 = (t8 + ((i64)1<<25)) >> 26; t9 += c8;      t8 -= c8 * ((i64)1 << 26); \
     h[0]=(i32)t0;  h[1]=(i32)t1;  h[2]=(i32)t2;  h[3]=(i32)t3;  h[4]=(i32)t4; \
     h[5]=(i32)t5;  h[6]=(i32)t6;  h[7]=(i32)t7;  h[8]=(i32)t8;  h[9]=(i32)t9
 
@@ -1142,20 +1142,20 @@ static void fe_mul(fe h, const fe f, const fe g)
     i64 h9 = f0*(i64)g9 + f1*(i64)g8 + f2*(i64)g7 + f3*(i64)g6 + f4*(i64)g5
         +    f5*(i64)g4 + f6*(i64)g3 + f7*(i64)g2 + f8*(i64)g1 + f9*(i64)g0;
 
-#define CARRY                                                             \
-    i64 c0, c1, c2, c3, c4, c5, c6, c7, c8, c9;                           \
-    c0 = (h0 + (i64) (1<<25)) >> 26; h1 += c0;      h0 -= c0 * (1 << 26); \
-    c4 = (h4 + (i64) (1<<25)) >> 26; h5 += c4;      h4 -= c4 * (1 << 26); \
-    c1 = (h1 + (i64) (1<<24)) >> 25; h2 += c1;      h1 -= c1 * (1 << 25); \
-    c5 = (h5 + (i64) (1<<24)) >> 25; h6 += c5;      h5 -= c5 * (1 << 25); \
-    c2 = (h2 + (i64) (1<<25)) >> 26; h3 += c2;      h2 -= c2 * (1 << 26); \
-    c6 = (h6 + (i64) (1<<25)) >> 26; h7 += c6;      h6 -= c6 * (1 << 26); \
-    c3 = (h3 + (i64) (1<<24)) >> 25; h4 += c3;      h3 -= c3 * (1 << 25); \
-    c7 = (h7 + (i64) (1<<24)) >> 25; h8 += c7;      h7 -= c7 * (1 << 25); \
-    c4 = (h4 + (i64) (1<<25)) >> 26; h5 += c4;      h4 -= c4 * (1 << 26); \
-    c8 = (h8 + (i64) (1<<25)) >> 26; h9 += c8;      h8 -= c8 * (1 << 26); \
-    c9 = (h9 + (i64) (1<<24)) >> 25; h0 += c9 * 19; h9 -= c9 * (1 << 25); \
-    c0 = (h0 + (i64) (1<<25)) >> 26; h1 += c0;      h0 -= c0 * (1 << 26); \
+#define CARRY                                                           \
+    i64 c0, c1, c2, c3, c4, c5, c6, c7, c8, c9;                         \
+    c0 = (h0 + ((i64)1<<25)) >> 26; h1 += c0;      h0 -= c0 * ((i64)1 << 26); \
+    c4 = (h4 + ((i64)1<<25)) >> 26; h5 += c4;      h4 -= c4 * ((i64)1 << 26); \
+    c1 = (h1 + ((i64)1<<24)) >> 25; h2 += c1;      h1 -= c1 * ((i64)1 << 25); \
+    c5 = (h5 + ((i64)1<<24)) >> 25; h6 += c5;      h5 -= c5 * ((i64)1 << 25); \
+    c2 = (h2 + ((i64)1<<25)) >> 26; h3 += c2;      h2 -= c2 * ((i64)1 << 26); \
+    c6 = (h6 + ((i64)1<<25)) >> 26; h7 += c6;      h6 -= c6 * ((i64)1 << 26); \
+    c3 = (h3 + ((i64)1<<24)) >> 25; h4 += c3;      h3 -= c3 * ((i64)1 << 25); \
+    c7 = (h7 + ((i64)1<<24)) >> 25; h8 += c7;      h7 -= c7 * ((i64)1 << 25); \
+    c4 = (h4 + ((i64)1<<25)) >> 26; h5 += c4;      h4 -= c4 * ((i64)1 << 26); \
+    c8 = (h8 + ((i64)1<<25)) >> 26; h9 += c8;      h8 -= c8 * ((i64)1 << 26); \
+    c9 = (h9 + ((i64)1<<24)) >> 25; h0 += c9 * 19; h9 -= c9 * ((i64)1 << 25); \
+    c0 = (h0 + ((i64)1<<25)) >> 26; h1 += c0;      h0 -= c0 * ((i64)1 << 26); \
     h[0]=(i32)h0;  h[1]=(i32)h1;  h[2]=(i32)h2;  h[3]=(i32)h3;  h[4]=(i32)h4; \
     h[5]=(i32)h5;  h[6]=(i32)h6;  h[7]=(i32)h7;  h[8]=(i32)h8;  h[9]=(i32)h9
 
@@ -1250,8 +1250,8 @@ static void fe_tobytes(u8 s[32], const fe h)
     t[0] += 19 * q;
     q = 0;
     FOR (i, 0, 5) {
-        t[i*2  ] += q;  q = t[i*2  ] >> 26;  t[i*2  ] -= q * (1 << 26);
-        t[i*2+1] += q;  q = t[i*2+1] >> 25;  t[i*2+1] -= q * (1 << 25);
+        t[i*2  ] += q;  q = t[i*2  ] >> 26;  t[i*2  ] -= q * ((i32)1 << 26);
+        t[i*2+1] += q;  q = t[i*2+1] >> 25;  t[i*2+1] -= q * ((i32)1 << 25);
     }
 
     store32_le(s +  0, ((u32)t[0] >>  0) | ((u32)t[1] << 26));