From 0073a9c8941a0e04a10035e7cc00ffddc8c0f083 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Tue, 19 Nov 2019 12:15:16 -0800
Subject: [PATCH] Remove unnecessary dependency on 2's complement

Although the bit-representation of signed integer types in C99 is
implementation-defined and can be sign-magnitude, one's complement, or
two's complement[0], the conversion of negative values to an unsigned
integer type is defined to be adding 1 plus the maximum value of the
unsigned type[1].

Since -1 + 0xffffffff + 1 == 0xffffffff, just using u32 here has the
right behavior without relying on the representation of signed integers.

[0] http://port70.net/~nsz/c/c99/n1256.html#6.2.6.2p2
[1] http://port70.net/~nsz/c/c99/n1256.html#6.3.1.3p2
---
 src/monocypher.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/monocypher.c b/src/monocypher.c
index d9b6cfb..5855ec0 100644
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -1029,7 +1029,7 @@ static void fe_sub (fe h,const fe f,const fe g){FOR(i,0,10) h[i] = f[i] - g[i];}
 
 static void fe_cswap(fe f, fe g, int b)
 {
-    i32 mask = -b; // rely on 2's complement: -1 = 0xffffffff
+    u32 mask = -b; // -1 = 0xffffffff
     FOR (i, 0, 10) {
         i32 x = (f[i] ^ g[i]) & mask;
         f[i] = f[i] ^ x;
@@ -1039,7 +1039,7 @@ static void fe_cswap(fe f, fe g, int b)
 
 static void fe_ccopy(fe f, const fe g, int b)
 {
-    i32 mask = -b; // rely on 2's complement: -1 = 0xffffffff
+    u32 mask = -b; // -1 = 0xffffffff
     FOR (i, 0, 10) {
         i32 x = (f[i] ^ g[i]) & mask;
         f[i] = f[i] ^ x;
-- 
2.47.3