[tor/master] Stop signed left shifts overflowing in ed25519: Macros - tor-commits

29 Sep 2014

commit 6b155dc1a6c7c7bd345514a31288c260e4588216
Author: teor teor2345@gmail.com
Date:   Sun Sep 28 20:34:21 2014 -0400
Stop signed left shifts overflowing in ed25519: Macros
The macros let us use unsigned types for potentially overflowing left
    shifts. Create SHL32() and SHL64() and SHL8() macros for convenience.
---
 src/ext/ed25519/ref10/crypto_int32.h |   22 ++++++++++++++++++++++
 src/ext/ed25519/ref10/crypto_int64.h |   20 ++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/src/ext/ed25519/ref10/crypto_int32.h b/src/ext/ed25519/ref10/crypto_int32.h
index cd5c7c2..dd13c91 100644
--- a/src/ext/ed25519/ref10/crypto_int32.h
+++ b/src/ext/ed25519/ref10/crypto_int32.h
@@ -1,3 +1,25 @@
 /* Added for Tor. */
+
+#ifndef CRYPTO_INT32_H
+#define CRYPTO_INT32_H
+
 #include "torint.h"
 #define crypto_int32 int32_t
+#define crypto_uint32 uint32_t
+
+/*
+ Stop signed left shifts overflowing
+ by using unsigned types for bitwise operations
+ */
+
+#ifndef OVERFLOW_SAFE_SIGNED_LSHIFT
+#define OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, utype, stype) \
+  ((stype)((utype)(s) << (utype)(lshift)))
+#endif
+
+#define SHL32(s, lshift) \
+  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, crypto_uint32, crypto_int32)
+#define SHL8(s, lshift) \
+  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, unsigned char, signed char)
+
+#endif /* CRYPTO_INT32_H */
diff --git a/src/ext/ed25519/ref10/crypto_int64.h b/src/ext/ed25519/ref10/crypto_int64.h
index de0b602..46e8852 100644
--- a/src/ext/ed25519/ref10/crypto_int64.h
+++ b/src/ext/ed25519/ref10/crypto_int64.h
@@ -1,3 +1,23 @@
 /* Added for Tor. */
+
+#ifndef CRYPTO_INT64_H
+#define CRYPTO_INT64_H
+
 #include "torint.h"
 #define crypto_int64 int64_t
+#define crypto_uint64 uint64_t
+
+/*
+ Stop signed left shifts overflowing
+ by using unsigned types for bitwise operations
+ */
+
+#ifndef OVERFLOW_SAFE_SIGNED_LSHIFT
+#define OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, utype, stype) \
+  ((stype)((utype)(s) << (utype)(lshift)))
+#endif
+
+#define SHL64(s, lshift) \
+  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, crypto_uint64, crypto_int64)
+
+#endif /* CRYPTO_INT64_H */

    