summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorteor <teor2345@gmail.com>2014-09-28 20:34:21 -0400
committerNick Mathewson <nickm@torproject.org>2014-09-28 20:38:12 -0400
commit6b155dc1a6c7c7bd345514a31288c260e4588216 (patch)
tree433847c19e0ad3d19d4ea85c4f6f9f4b49d309c6
parent5190ec0bc4c22d7bab756e21db6e357ba07379c4 (diff)
downloadtor-6b155dc1a6c7c7bd345514a31288c260e4588216.tar.gz
tor-6b155dc1a6c7c7bd345514a31288c260e4588216.zip
Stop signed left shifts overflowing in ed25519: Macros
The macros let us use unsigned types for potentially overflowing left shifts. Create SHL32() and SHL64() and SHL8() macros for convenience.
-rw-r--r--src/ext/ed25519/ref10/crypto_int32.h22
-rw-r--r--src/ext/ed25519/ref10/crypto_int64.h20
2 files changed, 42 insertions, 0 deletions
diff --git a/src/ext/ed25519/ref10/crypto_int32.h b/src/ext/ed25519/ref10/crypto_int32.h
index cd5c7c28c5..dd13c91bd0 100644
--- a/src/ext/ed25519/ref10/crypto_int32.h
+++ b/src/ext/ed25519/ref10/crypto_int32.h
@@ -1,3 +1,25 @@
/* Added for Tor. */
+
+#ifndef CRYPTO_INT32_H
+#define CRYPTO_INT32_H
+
#include "torint.h"
#define crypto_int32 int32_t
+#define crypto_uint32 uint32_t
+
+/*
+ Stop signed left shifts overflowing
+ by using unsigned types for bitwise operations
+ */
+
+#ifndef OVERFLOW_SAFE_SIGNED_LSHIFT
+#define OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, utype, stype) \
+ ((stype)((utype)(s) << (utype)(lshift)))
+#endif
+
+#define SHL32(s, lshift) \
+ OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, crypto_uint32, crypto_int32)
+#define SHL8(s, lshift) \
+ OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, unsigned char, signed char)
+
+#endif /* CRYPTO_INT32_H */
diff --git a/src/ext/ed25519/ref10/crypto_int64.h b/src/ext/ed25519/ref10/crypto_int64.h
index de0b602068..46e8852ed0 100644
--- a/src/ext/ed25519/ref10/crypto_int64.h
+++ b/src/ext/ed25519/ref10/crypto_int64.h
@@ -1,3 +1,23 @@
/* Added for Tor. */
+
+#ifndef CRYPTO_INT64_H
+#define CRYPTO_INT64_H
+
#include "torint.h"
#define crypto_int64 int64_t
+#define crypto_uint64 uint64_t
+
+/*
+ Stop signed left shifts overflowing
+ by using unsigned types for bitwise operations
+ */
+
+#ifndef OVERFLOW_SAFE_SIGNED_LSHIFT
+#define OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, utype, stype) \
+ ((stype)((utype)(s) << (utype)(lshift)))
+#endif
+
+#define SHL64(s, lshift) \
+ OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, crypto_uint64, crypto_int64)
+
+#endif /* CRYPTO_INT64_H */