1. 15 Apr, 2016 1 commit
  2. 08 Dec, 2015 1 commit
  3. 29 Sep, 2014 3 commits
    • teor's avatar
      Stop ed25519 8-bit signed left shift overflowing · b7eab94a
      teor authored and Nick Mathewson's avatar Nick Mathewson committed
      Standardise usage in ge_scalarmult_base.c for 1 new fix.
      b7eab94a
    • Nick Mathewson's avatar
      Use SHL{8,32,64} in ed25519/ref10 to avoid left-shifting negative values · 6129ff32
      Nick Mathewson authored
      This helps us avoid undefined behavior. It's based on a patch from teor,
      except that I wrote a perl script to regenerate the patch:
      
        #!/usr/bin/perl -p -w -i
      
        BEGIN { %vartypes = (); }
      
        if (/^[{}]/) {
            %vartypes = ();
        }
      
        if (/^ *crypto_int(\d+) +([a-zA-Z_][_a-zA-Z0-9]*)/) {
            $vartypes{$2} = $1;
        } elsif (/^ *(?:signed +)char +([a-zA-Z_][_a-zA-Z0-9]*)/) {
            $vartypes{$1} = '8';
        }
      
        # This fixes at most one shift per line. But that's all the code does.
        if (/([a-zA-Z_][a-zA-Z_0-9]*) *<< *(\d+)/) {
            $v = $1;
            if (exists $vartypes{$v}) {
        	s/$v *<< *(\d+)/SHL$vartypes{$v}($v,$1)/;
            }
        }
      
        # remove extra parenthesis
        s/\(SHL64\((.*)\)\)/SHL64\($1\)/;
        s/\(SHL32\((.*)\)\)/SHL32\($1\)/;
        s/\(SHL8\((.*)\)\)/SHL8\($1\)/;
      6129ff32
    • teor's avatar
      Stop signed left shifts overflowing in ed25519: Macros · 6b155dc1
      teor authored and Nick Mathewson's avatar Nick Mathewson committed
      The macros let us use unsigned types for potentially overflowing left
      shifts. Create SHL32() and SHL64() and SHL8() macros for convenience.
      6b155dc1
  4. 26 Sep, 2014 1 commit
    • Nick Mathewson's avatar
      Comment-out dead code in ed25519/ref10 · 27bd1ef1
      Nick Mathewson authored
      There are some loops of the form
      
             for (i=1;i<1;++i) ...
      
      And of course, if the loop index is initialized to 1, it will never
      be less than 1, and the loop body will never be executed.  This
      upsets coverity.
      
      Patch fixes CID 1221543 and 1221542
      27bd1ef1
  5. 25 Sep, 2014 10 commits
  6. 26 Aug, 2014 4 commits