From ac60dfc680deafe5e0e26fc18e6b71b61f647760 Mon Sep 17 00:00:00 2001 From: Christoph Hagen Date: Sun, 8 Oct 2017 02:31:13 +0900 Subject: [PATCH 1/3] Another magic number removed --- src/curve.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/curve.c b/src/curve.c index dbeb37e1..eb3b9c74 100644 --- a/src/curve.c +++ b/src/curve.c @@ -597,7 +597,7 @@ int curve_verify_vrf_signature(signal_context *context, return SG_ERR_INVAL; } - if(!message_data || !signature_data || signature_len != 96) { + if(!message_data || !signature_data || signature_len != VRF_SIGNATURE_LEN) { signal_log(context, SG_LOG_ERROR, "Invalid message or signature format"); return SG_ERR_VRF_SIG_VERIF_FAILED; } From f03ee80c9f181f2f4f4989cf357978f392c33671 Mon Sep 17 00:00:00 2001 From: Christoph Hagen Date: Sun, 8 Oct 2017 02:32:05 +0900 Subject: [PATCH 2/3] Revert "Another magic number removed" This reverts commit ac60dfc680deafe5e0e26fc18e6b71b61f647760. --- src/curve.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/curve.c b/src/curve.c index eb3b9c74..dbeb37e1 100644 --- a/src/curve.c +++ b/src/curve.c @@ -597,7 +597,7 @@ int curve_verify_vrf_signature(signal_context *context, return SG_ERR_INVAL; } - if(!message_data || !signature_data || signature_len != VRF_SIGNATURE_LEN) { + if(!message_data || !signature_data || signature_len != 96) { signal_log(context, SG_LOG_ERROR, "Invalid message or signature format"); return SG_ERR_VRF_SIG_VERIF_FAILED; } From 6e249fd644c2ae236ba9e452e4e03f45b90f1572 Mon Sep 17 00:00:00 2001 From: Christoph Hagen Date: Thu, 1 Mar 2018 19:47:31 +0100 Subject: [PATCH 3/3] Fix downcast warnings Add explicit casting to some assignments that have warnings due to implicit casting to smaller types. --- src/curve25519/curve25519-donna.c | 12 +----------- src/curve25519/ed25519/additions/zeroize.h | 2 +- src/curve25519/ed25519/fe_frombytes.c | 20 ++++++++++---------- src/curve25519/ed25519/fe_mul.c | 20 ++++++++++---------- src/curve25519/ed25519/fe_sq.c | 20 ++++++++++---------- src/curve25519/ed25519/fe_sq2.c | 20 ++++++++++---------- src/curve25519/ed25519/nacl_sha512/hash.c | 2 +- 7 files changed, 43 insertions(+), 53 deletions(-) diff --git a/src/curve25519/curve25519-donna.c b/src/curve25519/curve25519-donna.c index f2c2ac58..8047db35 100644 --- a/src/curve25519/curve25519-donna.c +++ b/src/curve25519/curve25519-donna.c @@ -273,16 +273,6 @@ div_by_2_25(const limb v) return (v + roundoff) >> 25; } -/* return v / (2^25), using only shifts and adds. - * - * On entry: v can take any value. */ -static inline s32 -div_s32_by_2_25(const s32 v) -{ - const s32 roundoff = ((uint32_t)(v >> 31)) >> 7; - return (v + roundoff) >> 25; -} - /* Reduce all coefficients of the short form input so that |x| < 2^26. * * On entry: |output[i]| < 280*2^54 */ @@ -487,7 +477,7 @@ fcontract(u8 *output, limb *input_limbs) { /* |input_limbs[i]| < 2^26, so it's valid to convert to an s32. */ for (i = 0; i < 10; i++) { - input[i] = input_limbs[i]; + input[i] = (s32) input_limbs[i]; } for (j = 0; j < 2; ++j) { diff --git a/src/curve25519/ed25519/additions/zeroize.h b/src/curve25519/ed25519/additions/zeroize.h index 0db68bb4..95e974ae 100644 --- a/src/curve25519/ed25519/additions/zeroize.h +++ b/src/curve25519/ed25519/additions/zeroize.h @@ -7,6 +7,6 @@ void zeroize(unsigned char* b, size_t len); -void zeroize_stack(); +void zeroize_stack(void); #endif diff --git a/src/curve25519/ed25519/fe_frombytes.c b/src/curve25519/ed25519/fe_frombytes.c index 5c179174..87e24942 100644 --- a/src/curve25519/ed25519/fe_frombytes.c +++ b/src/curve25519/ed25519/fe_frombytes.c @@ -60,14 +60,14 @@ void fe_frombytes(fe h,const unsigned char *s) carry6 = (h6 + (crypto_int64) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; carry8 = (h8 + (crypto_int64) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; - h[5] = h5; - h[6] = h6; - h[7] = h7; - h[8] = h8; - h[9] = h9; + h[0] = (crypto_int32) h0; + h[1] = (crypto_int32) h1; + h[2] = (crypto_int32) h2; + h[3] = (crypto_int32) h3; + h[4] = (crypto_int32) h4; + h[5] = (crypto_int32) h5; + h[6] = (crypto_int32) h6; + h[7] = (crypto_int32) h7; + h[8] = (crypto_int32) h8; + h[9] = (crypto_int32) h9; } diff --git a/src/curve25519/ed25519/fe_mul.c b/src/curve25519/ed25519/fe_mul.c index 26ca8b36..d68e2101 100644 --- a/src/curve25519/ed25519/fe_mul.c +++ b/src/curve25519/ed25519/fe_mul.c @@ -240,14 +240,14 @@ void fe_mul(fe h,const fe f,const fe g) /* |h0| <= 2^25; from now on fits into int32 unchanged */ /* |h1| <= 1.01*2^24 */ - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; - h[5] = h5; - h[6] = h6; - h[7] = h7; - h[8] = h8; - h[9] = h9; + h[0] = (crypto_int32) h0; + h[1] = (crypto_int32) h1; + h[2] = (crypto_int32) h2; + h[3] = (crypto_int32) h3; + h[4] = (crypto_int32) h4; + h[5] = (crypto_int32) h5; + h[6] = (crypto_int32) h6; + h[7] = (crypto_int32) h7; + h[8] = (crypto_int32) h8; + h[9] = (crypto_int32) h9; } diff --git a/src/curve25519/ed25519/fe_sq.c b/src/curve25519/ed25519/fe_sq.c index 8dd11984..54a39496 100644 --- a/src/curve25519/ed25519/fe_sq.c +++ b/src/curve25519/ed25519/fe_sq.c @@ -136,14 +136,14 @@ void fe_sq(fe h,const fe f) carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; - h[5] = h5; - h[6] = h6; - h[7] = h7; - h[8] = h8; - h[9] = h9; + h[0] = (crypto_int32) h0; + h[1] = (crypto_int32) h1; + h[2] = (crypto_int32) h2; + h[3] = (crypto_int32) h3; + h[4] = (crypto_int32) h4; + h[5] = (crypto_int32) h5; + h[6] = (crypto_int32) h6; + h[7] = (crypto_int32) h7; + h[8] = (crypto_int32) h8; + h[9] = (crypto_int32) h9; } diff --git a/src/curve25519/ed25519/fe_sq2.c b/src/curve25519/ed25519/fe_sq2.c index 026ed3aa..01b149f5 100644 --- a/src/curve25519/ed25519/fe_sq2.c +++ b/src/curve25519/ed25519/fe_sq2.c @@ -147,14 +147,14 @@ void fe_sq2(fe h,const fe f) carry0 = (h0 + (crypto_int64) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; - h[5] = h5; - h[6] = h6; - h[7] = h7; - h[8] = h8; - h[9] = h9; + h[0] = (crypto_int32) h0; + h[1] = (crypto_int32) h1; + h[2] = (crypto_int32) h2; + h[3] = (crypto_int32) h3; + h[4] = (crypto_int32) h4; + h[5] = (crypto_int32) h5; + h[6] = (crypto_int32) h6; + h[7] = (crypto_int32) h7; + h[8] = (crypto_int32) h8; + h[9] = (crypto_int32) h9; } diff --git a/src/curve25519/ed25519/nacl_sha512/hash.c b/src/curve25519/ed25519/nacl_sha512/hash.c index 8934cc18..c4d20166 100644 --- a/src/curve25519/ed25519/nacl_sha512/hash.c +++ b/src/curve25519/ed25519/nacl_sha512/hash.c @@ -26,7 +26,7 @@ int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long { unsigned char h[64]; unsigned char padded[256]; - int i; + unsigned long long i; unsigned long long bytes = inlen; for (i = 0;i < 64;++i) h[i] = iv[i];