diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2024-09-16 07:37:05 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-09-16 07:37:51 +0200 |
| commit | 0ca128c9ee894f1b0067abd473bfb33171df67f8 (patch) | |
| tree | 8d4daa5e1360dc5cd5f5065158efcb933af866dd /sntrup761.c | |
| parent | upstream: minor grammar/sort fixes for refuseconnection; ok djm (diff) | |
| download | openssh-0ca128c9ee894f1b0067abd473bfb33171df67f8.tar.xz openssh-0ca128c9ee894f1b0067abd473bfb33171df67f8.zip | |
upstream: use 64 bit math to avoid signed underflow. upstream code
relies on using -fwrapv to provide defined over/underflow behaviour, but we
use -ftrapv to catch integer errors and abort the program. ok dtucker@
OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b
Diffstat (limited to 'sntrup761.c')
| -rw-r--r-- | sntrup761.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/sntrup761.c b/sntrup761.c index 6606e854f..123d01381 100644 --- a/sntrup761.c +++ b/sntrup761.c @@ -1,5 +1,5 @@ -/* $OpenBSD: sntrup761.c,v 1.7 2024/09/15 02:20:51 djm Exp $ */ +/* $OpenBSD: sntrup761.c,v 1.8 2024/09/16 05:37:05 djm Exp $ */ /* * Public Domain, Authors: @@ -917,8 +917,8 @@ crypto_int32 crypto_int32_min(crypto_int32 crypto_int32_x,crypto_int32 crypto_in __asm__ ("cmp %w0,%w1\n csel %w0,%w0,%w1,lt" : "+r"(crypto_int32_x) : "r"(crypto_int32_y) : "cc"); return crypto_int32_x; #else - crypto_int32 crypto_int32_r = crypto_int32_y ^ crypto_int32_x; - crypto_int32 crypto_int32_z = crypto_int32_y - crypto_int32_x; + crypto_int64 crypto_int32_r = (crypto_int64)crypto_int32_y ^ (crypto_int64)crypto_int32_x; + crypto_int64 crypto_int32_z = (crypto_int64)crypto_int32_y - (crypto_int64)crypto_int32_x; crypto_int32_z ^= crypto_int32_r & (crypto_int32_z ^ crypto_int32_y); crypto_int32_z = crypto_int32_negative_mask(crypto_int32_z); crypto_int32_z &= crypto_int32_r; @@ -936,8 +936,8 @@ crypto_int32 crypto_int32_max(crypto_int32 crypto_int32_x,crypto_int32 crypto_in __asm__ ("cmp %w0,%w1\n csel %w0,%w1,%w0,lt" : "+r"(crypto_int32_x) : "r"(crypto_int32_y) : "cc"); return crypto_int32_x; #else - crypto_int32 crypto_int32_r = crypto_int32_y ^ crypto_int32_x; - crypto_int32 crypto_int32_z = crypto_int32_y - crypto_int32_x; + crypto_int64 crypto_int32_r = (crypto_int64)crypto_int32_y ^ (crypto_int64)crypto_int32_x; + crypto_int64 crypto_int32_z = (crypto_int64)crypto_int32_y - (crypto_int64)crypto_int32_x; crypto_int32_z ^= crypto_int32_r & (crypto_int32_z ^ crypto_int32_y); crypto_int32_z = crypto_int32_negative_mask(crypto_int32_z); crypto_int32_z &= crypto_int32_r; @@ -961,8 +961,8 @@ void crypto_int32_minmax(crypto_int32 *crypto_int32_p,crypto_int32 *crypto_int32 *crypto_int32_p = crypto_int32_r; *crypto_int32_q = crypto_int32_s; #else - crypto_int32 crypto_int32_r = crypto_int32_y ^ crypto_int32_x; - crypto_int32 crypto_int32_z = crypto_int32_y - crypto_int32_x; + crypto_int64 crypto_int32_r = (crypto_int64)crypto_int32_y ^ (crypto_int64)crypto_int32_x; + crypto_int64 crypto_int32_z = (crypto_int64)crypto_int32_y - (crypto_int64)crypto_int32_x; crypto_int32_z ^= crypto_int32_r & (crypto_int32_z ^ crypto_int32_y); crypto_int32_z = crypto_int32_negative_mask(crypto_int32_z); crypto_int32_z &= crypto_int32_r; |