Skip to content

Commit

Permalink
Fix UB described in (#22)
Browse files Browse the repository at this point in the history
jedisct1/libsodium#333 (comment)

Signed-off-by: Bogdan Vaneev <warchantua@gmail.com>
  • Loading branch information
Warchant authored Mar 11, 2019
1 parent 3a3b188 commit b61a1e7
Show file tree
Hide file tree
Showing 9 changed files with 103 additions and 98 deletions.
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -59,3 +59,5 @@ external

example/build
.vs
_logs
_builds
21 changes: 12 additions & 9 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ endif (CCACHE_FOUND)

include("cmake/Hunter/init.cmake")
HunterGate(
URL "https://github.com/ruslo/hunter/archive/v0.23.105.tar.gz"
SHA1 "1c7aaffc90d4898f0b55d03b77deb890b2aa0a2b"
URL "https://github.com/ruslo/hunter/archive/v0.23.127.tar.gz"
SHA1 "2cd79807cb829127896811f8afa15e790b6bde19"
)


Expand All @@ -23,19 +23,22 @@ project(ed25519 VERSION ${SOVERSION} LANGUAGES C CXX)

enable_language(ASM)

set(CMAKE_POSITION_INDEPENDENT_CODE TRUE)
set(CMAKE_C_VISIBILITY_PRESET hidden)
set(CMAKE_CXX_VISIBILITY_PRESET hidden)
set(CMAKE_VISIBILITY_INLINES_HIDDEN ON)
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)

set(CMAKE_C_STANDARD 11) # force std=c11
set(CMAKE_C_STANDARD_REQUIRED ON)
set(CMAKE_C_EXTENSIONS OFF)
if(NOT EXISTS "${CMAKE_TOOLCHAIN_FILE}")
set(CMAKE_POSITION_INDEPENDENT_CODE TRUE)

set(CMAKE_CXX_STANDARD 11) # force std=c++11
set(CMAKE_CXX_STANDARD_REQUIRED ON)
set(CMAKE_CXX_EXTENSIONS OFF)
set(CMAKE_C_STANDARD 11) # force std=c11
set(CMAKE_C_STANDARD_REQUIRED ON)
set(CMAKE_C_EXTENSIONS OFF)

set(CMAKE_CXX_STANDARD 11) # force std=c++11
set(CMAKE_CXX_STANDARD_REQUIRED ON)
set(CMAKE_CXX_EXTENSIONS OFF)
endif()

option(TESTING "Enable testing" OFF)
option(COVERAGE "Enable coverage" OFF)
Expand Down
20 changes: 10 additions & 10 deletions lib/ed25519/ref10/fe_mul.c
Original file line number Diff line number Diff line change
Expand Up @@ -179,16 +179,16 @@ void fe_mul(fe h,const fe f,const fe g)
crypto_int64 h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19;
crypto_int64 h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38;
crypto_int64 h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ;
crypto_int64 carry0;
crypto_int64 carry1;
crypto_int64 carry2;
crypto_int64 carry3;
crypto_int64 carry4;
crypto_int64 carry5;
crypto_int64 carry6;
crypto_int64 carry7;
crypto_int64 carry8;
crypto_int64 carry9;
crypto_uint64 carry0;
crypto_uint64 carry1;
crypto_uint64 carry2;
crypto_uint64 carry3;
crypto_uint64 carry4;
crypto_uint64 carry5;
crypto_uint64 carry6;
crypto_uint64 carry7;
crypto_uint64 carry8;
crypto_uint64 carry9;

/*
|h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
Expand Down
20 changes: 10 additions & 10 deletions lib/ed25519/ref10/fe_sq.c
Original file line number Diff line number Diff line change
Expand Up @@ -106,16 +106,16 @@ void fe_sq(fe h,const fe f)
crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
crypto_int64 carry0;
crypto_int64 carry1;
crypto_int64 carry2;
crypto_int64 carry3;
crypto_int64 carry4;
crypto_int64 carry5;
crypto_int64 carry6;
crypto_int64 carry7;
crypto_int64 carry8;
crypto_int64 carry9;
crypto_uint64 carry0;
crypto_uint64 carry1;
crypto_uint64 carry2;
crypto_uint64 carry3;
crypto_uint64 carry4;
crypto_uint64 carry5;
crypto_uint64 carry6;
crypto_uint64 carry7;
crypto_uint64 carry8;
crypto_uint64 carry9;

carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26;
carry4 = (h4 + (crypto_int64) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26;
Expand Down
20 changes: 10 additions & 10 deletions lib/ed25519/ref10/fe_sq2.c
Original file line number Diff line number Diff line change
Expand Up @@ -106,16 +106,16 @@ void fe_sq2(fe h,const fe f)
crypto_int64 h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38;
crypto_int64 h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38;
crypto_int64 h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2;
crypto_int64 carry0;
crypto_int64 carry1;
crypto_int64 carry2;
crypto_int64 carry3;
crypto_int64 carry4;
crypto_int64 carry5;
crypto_int64 carry6;
crypto_int64 carry7;
crypto_int64 carry8;
crypto_int64 carry9;
crypto_uint64 carry0;
crypto_uint64 carry1;
crypto_uint64 carry2;
crypto_uint64 carry3;
crypto_uint64 carry4;
crypto_uint64 carry5;
crypto_uint64 carry6;
crypto_uint64 carry7;
crypto_uint64 carry8;
crypto_uint64 carry9;

h0 += h0;
h1 += h1;
Expand Down
36 changes: 18 additions & 18 deletions lib/ed25519/ref10/fe_tobytes.c
Original file line number Diff line number Diff line change
Expand Up @@ -38,16 +38,16 @@ void fe_tobytes(unsigned char *s,const fe h)
crypto_int32 h8 = h[8];
crypto_int32 h9 = h[9];
crypto_int32 q;
crypto_int32 carry0;
crypto_int32 carry1;
crypto_int32 carry2;
crypto_int32 carry3;
crypto_int32 carry4;
crypto_int32 carry5;
crypto_int32 carry6;
crypto_int32 carry7;
crypto_int32 carry8;
crypto_int32 carry9;
crypto_uint32 carry0;
crypto_uint32 carry1;
crypto_uint32 carry2;
crypto_uint32 carry3;
crypto_uint32 carry4;
crypto_uint32 carry5;
crypto_uint32 carry6;
crypto_uint32 carry7;
crypto_uint32 carry8;
crypto_uint32 carry9;

q = (19 * h9 + (((crypto_int32) 1) << 24)) >> 25;
q = (h0 + q) >> 26;
Expand Down Expand Up @@ -87,32 +87,32 @@ void fe_tobytes(unsigned char *s,const fe h)
s[0] = h0 >> 0;
s[1] = h0 >> 8;
s[2] = h0 >> 16;
s[3] = (h0 >> 24) | (h1 << 2);
s[3] = (h0 >> 24) | (h1 * (1u << 2u));
s[4] = h1 >> 6;
s[5] = h1 >> 14;
s[6] = (h1 >> 22) | (h2 << 3);
s[6] = (h1 >> 22) | (h2 * (1u << 3u));
s[7] = h2 >> 5;
s[8] = h2 >> 13;
s[9] = (h2 >> 21) | (h3 << 5);
s[9] = (h2 >> 21) | (h3 * (1u << 5u));
s[10] = h3 >> 3;
s[11] = h3 >> 11;
s[12] = (h3 >> 19) | (h4 << 6);
s[12] = (h3 >> 19) | (h4 * (1u << 6u));
s[13] = h4 >> 2;
s[14] = h4 >> 10;
s[15] = h4 >> 18;
s[16] = h5 >> 0;
s[17] = h5 >> 8;
s[18] = h5 >> 16;
s[19] = (h5 >> 24) | (h6 << 1);
s[19] = (h5 >> 24) | (h6 * (1u << 1u));
s[20] = h6 >> 7;
s[21] = h6 >> 15;
s[22] = (h6 >> 23) | (h7 << 3);
s[22] = (h6 >> 23) | (h7 * (1u << 3u));
s[23] = h7 >> 5;
s[24] = h7 >> 13;
s[25] = (h7 >> 21) | (h8 << 4);
s[25] = (h7 >> 21) | (h8 * (1u << 4u));
s[26] = h8 >> 4;
s[27] = h8 >> 12;
s[28] = (h8 >> 20) | (h9 << 6);
s[28] = (h8 >> 20) | (h9 * (1u << 6u));
s[29] = h9 >> 2;
s[30] = h9 >> 10;
s[31] = h9 >> 18;
Expand Down
2 changes: 1 addition & 1 deletion lib/ed25519/ref10/ge_scalarmult_base.c
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ static void select(ge_precomp *t,int pos,signed char b)
{
ge_precomp minust;
unsigned char bnegative = negative(b);
unsigned char babs = b - (((-bnegative) & b) << 1);
unsigned char babs = b - (((-bnegative) & b) * 2);

ge_precomp_0(t);
cmov(t,&base[pos][0],equal(babs,1));
Expand Down
46 changes: 23 additions & 23 deletions lib/ed25519/ref10/sc_muladd.c
Original file line number Diff line number Diff line change
Expand Up @@ -94,29 +94,29 @@ void sc_muladd(unsigned char *s,const unsigned char *a,const unsigned char *b,co
crypto_int64 s21;
crypto_int64 s22;
crypto_int64 s23;
crypto_int64 carry0;
crypto_int64 carry1;
crypto_int64 carry2;
crypto_int64 carry3;
crypto_int64 carry4;
crypto_int64 carry5;
crypto_int64 carry6;
crypto_int64 carry7;
crypto_int64 carry8;
crypto_int64 carry9;
crypto_int64 carry10;
crypto_int64 carry11;
crypto_int64 carry12;
crypto_int64 carry13;
crypto_int64 carry14;
crypto_int64 carry15;
crypto_int64 carry16;
crypto_int64 carry17;
crypto_int64 carry18;
crypto_int64 carry19;
crypto_int64 carry20;
crypto_int64 carry21;
crypto_int64 carry22;
crypto_uint64 carry0;
crypto_uint64 carry1;
crypto_uint64 carry2;
crypto_uint64 carry3;
crypto_uint64 carry4;
crypto_uint64 carry5;
crypto_uint64 carry6;
crypto_uint64 carry7;
crypto_uint64 carry8;
crypto_uint64 carry9;
crypto_uint64 carry10;
crypto_uint64 carry11;
crypto_uint64 carry12;
crypto_uint64 carry13;
crypto_uint64 carry14;
crypto_uint64 carry15;
crypto_uint64 carry16;
crypto_uint64 carry17;
crypto_uint64 carry18;
crypto_uint64 carry19;
crypto_uint64 carry20;
crypto_uint64 carry21;
crypto_uint64 carry22;

s0 = c0 + a0*b0;
s1 = c1 + a0*b1 + a1*b0;
Expand Down
34 changes: 17 additions & 17 deletions lib/ed25519/ref10/sc_reduce.c
Original file line number Diff line number Diff line change
Expand Up @@ -57,23 +57,23 @@ void sc_reduce(unsigned char *s)
crypto_int64 s21 = 2097151 & (load_3(s + 55) >> 1);
crypto_int64 s22 = 2097151 & (load_4(s + 57) >> 6);
crypto_int64 s23 = (load_4(s + 60) >> 3);
crypto_int64 carry0;
crypto_int64 carry1;
crypto_int64 carry2;
crypto_int64 carry3;
crypto_int64 carry4;
crypto_int64 carry5;
crypto_int64 carry6;
crypto_int64 carry7;
crypto_int64 carry8;
crypto_int64 carry9;
crypto_int64 carry10;
crypto_int64 carry11;
crypto_int64 carry12;
crypto_int64 carry13;
crypto_int64 carry14;
crypto_int64 carry15;
crypto_int64 carry16;
crypto_uint64 carry0;
crypto_uint64 carry1;
crypto_uint64 carry2;
crypto_uint64 carry3;
crypto_uint64 carry4;
crypto_uint64 carry5;
crypto_uint64 carry6;
crypto_uint64 carry7;
crypto_uint64 carry8;
crypto_uint64 carry9;
crypto_uint64 carry10;
crypto_uint64 carry11;
crypto_uint64 carry12;
crypto_uint64 carry13;
crypto_uint64 carry14;
crypto_uint64 carry15;
crypto_uint64 carry16;

s11 += s23 * 666643;
s12 += s23 * 470296;
Expand Down

0 comments on commit b61a1e7

Please sign in to comment.