poly1305/poly1305_base2_44.c: clarify shift boundary condition.

Reviewed-by: Matt Caswell <matt@openssl.org>
author: Andy Polyakov <appro@openssl.org> 2016-12-25 16:36:43 +0100
committer: Andy Polyakov <appro@openssl.org> 2017-01-21 22:33:38 +0100
commit: 9872238eb6fb981fc7c36ba4180d193cab077b34 (patch)
tree: 45c17269255b52ebddaf24fbef14a91c54530a41
parent: ec/asm/ecp_nistz256-ppc64.pl: minor POWER8-specific optimization. (diff)
download: openssl-9872238eb6fb981fc7c36ba4180d193cab077b34.tar.xz
openssl-9872238eb6fb981fc7c36ba4180d193cab077b34.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/poly1305/poly1305_base2_44.c b/crypto/poly1305/poly1305_base2_44.c
index 20365852ff..b6313d01ba 100644
--- a/crypto/poly1305/poly1305_base2_44.c
+++ b/crypto/poly1305/poly1305_base2_44.c
@@ -117,8 +117,8 @@ void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
 
         /* "lazy" reduction step */
         h0 = (u64)d0 & 0x0fffffffffff;
-        h1 = (u64)(d1 += d0 >> 44) & 0x0fffffffffff;
-        h2 = (u64)(d2 += d1 >> 44) & 0x03ffffffffff; /* last digit is 42 bits */
+        h1 = (u64)(d1 += (u64)(d0 >> 44)) & 0x0fffffffffff;
+        h2 = (u64)(d2 += (u64)(d1 >> 44)) & 0x03ffffffffff; /* last 42 bits */
 
         c = (d2 >> 42);
         h0 += c + (c << 2);
author	Andy Polyakov <appro@openssl.org>	2016-12-25 16:36:43 +0100
committer	Andy Polyakov <appro@openssl.org>	2017-01-21 22:33:38 +0100
commit	9872238eb6fb981fc7c36ba4180d193cab077b34 (patch)
tree	45c17269255b52ebddaf24fbef14a91c54530a41
parent	ec/asm/ecp_nistz256-ppc64.pl: minor POWER8-specific optimization. (diff)
download	openssl-9872238eb6fb981fc7c36ba4180d193cab077b34.tar.xz openssl-9872238eb6fb981fc7c36ba4180d193cab077b34.zip