Stop signed left shifts overflowing in ed25519: Macros

The macros let us use unsigned types for potentially overflowing left
shifts. Create SHL32() and SHL64() and SHL8() macros for convenience.

diff --git a/src/ext/ed25519/ref10/crypto_int32.h b/src/ext/ed25519/ref10/crypto_int32.h
index cd5c7c28c5c6593a2f8eb2ceb9442f93e1c586f1..dd13c91bd07097e39f2c0cac04c9a418049f7690 100644 (file)
--- a/src/ext/ed25519/ref10/crypto_int32.h
+++ b/src/ext/ed25519/ref10/crypto_int32.h
@@ -1,3 +1,25 @@
 /* Added for Tor. */
+
+#ifndef CRYPTO_INT32_H
+#define CRYPTO_INT32_H
+
 #include "torint.h"
 #define crypto_int32 int32_t
+#define crypto_uint32 uint32_t
+
+/*
+ Stop signed left shifts overflowing
+ by using unsigned types for bitwise operations
+ */
+
+#ifndef OVERFLOW_SAFE_SIGNED_LSHIFT
+#define OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, utype, stype) \
+  ((stype)((utype)(s) << (utype)(lshift)))
+#endif
+
+#define SHL32(s, lshift) \
+  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, crypto_uint32, crypto_int32)
+#define SHL8(s, lshift) \
+  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, unsigned char, signed char)
+
+#endif /* CRYPTO_INT32_H */

diff --git a/src/ext/ed25519/ref10/crypto_int64.h b/src/ext/ed25519/ref10/crypto_int64.h
index de0b6020686803c90859063e2b8865d7854e20fe..46e8852ed06cf7bad830d54a5582d48b602c61e0 100644 (file)
--- a/src/ext/ed25519/ref10/crypto_int64.h
+++ b/src/ext/ed25519/ref10/crypto_int64.h
@@ -1,3 +1,23 @@
 /* Added for Tor. */
+
+#ifndef CRYPTO_INT64_H
+#define CRYPTO_INT64_H
+
 #include "torint.h"
 #define crypto_int64 int64_t
+#define crypto_uint64 uint64_t
+
+/*
+ Stop signed left shifts overflowing
+ by using unsigned types for bitwise operations
+ */
+
+#ifndef OVERFLOW_SAFE_SIGNED_LSHIFT
+#define OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, utype, stype) \
+  ((stype)((utype)(s) << (utype)(lshift)))
+#endif
+
+#define SHL64(s, lshift) \
+  OVERFLOW_SAFE_SIGNED_LSHIFT(s, lshift, crypto_uint64, crypto_int64)
+
+#endif /* CRYPTO_INT64_H */