Ticket #13280: 0003-Stop-ed25519-8-bit-signed-left-shift-overflowing.patch

File 0003-Stop-ed25519-8-bit-signed-left-shift-overflowing.patch, 2.0 KB (added by teor, 5 years ago)

Fix an 8-bit signed left shift, standardise existinf 8-bit fix to SHL8()

  • src/ext/ed25519/ref10/crypto_int32.h

    From 4fcc8d4e55256b96de400ad8cb04be451471853c Mon Sep 17 00:00:00 2001
    From: teor <teor2345@gmail.com>
    Date: Mon, 29 Sep 2014 04:20:34 +1000
    Subject: [PATCH 3/3] Stop ed25519 8-bit signed left shift overflowing
    
    Add SHL8 in ed25519 similar to SHL32 & 64.
    Standardise usage in ge_scalarmult_base.c for 1 existing fix and 1 new fix.
    ---
     src/ext/ed25519/ref10/crypto_int32.h       | 13 +++++++++++++
     src/ext/ed25519/ref10/ge_scalarmult_base.c |  4 ++--
     2 files changed, 15 insertions(+), 2 deletions(-)
    
    diff --git a/src/ext/ed25519/ref10/crypto_int32.h b/src/ext/ed25519/ref10/crypto_int32.h
    index cb7c002..13d6561 100644
    a b  
    2626  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, crypto_uint32, crypto_int32)
    2727#endif /* UNSAFE_SIGNED_LSHIFT */
    2828
     29/* And for 8 bit types */
     30
     31#define crypto_int8 int8_t
     32#define crypto_uint8 uint8_t
     33
     34#ifdef UNSAFE_SIGNED_LSHIFT
     35/* the original version of the code */
     36#define SHL8(s, lshift) s << lshift
     37#else /* #ifndef UNSAFE_SIGNED_LSHIFT */
     38#define SHL8(s, lshift) \
     39  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, crypto_uint8, crypto_int8)
     40#endif /* UNSAFE_SIGNED_LSHIFT */
     41
    2942#endif /* CRYPTO_INT32_H */
  • src/ext/ed25519/ref10/ge_scalarmult_base.c

    diff --git a/src/ext/ed25519/ref10/ge_scalarmult_base.c b/src/ext/ed25519/ref10/ge_scalarmult_base.c
    index b74655f..384816c 100644
    a b static void select(ge_precomp *t,int pos,signed char b) 
    3939{
    4040  ge_precomp minust;
    4141  unsigned char bnegative = negative(b);
    42   unsigned char babs = b - (((-bnegative) & (unsigned char)b) << 1);
     42  unsigned char babs = b - SHL8(((-bnegative) & b),1);
    4343
    4444  ge_precomp_0(t);
    4545  cmov(t,&base[pos][0],equal(babs,1));
    void ge_scalarmult_base(ge_p3 *h,const unsigned char *a) 
    8686    e[i] += carry;
    8787    carry = e[i] + 8;
    8888    carry >>= 4;
    89     e[i] -= carry << 4;
     89    e[i] -= SHL8(carry,4);
    9090  }
    9191  e[63] += carry;
    9292  /* each e[i] is between -8 and 8 */