From 456cffcd2e808a3a9c3ff47f988138bbce555e0e Mon Sep 17 00:00:00 2001
From: Jason Gross <jgross@mit.edu>
Date: Mon, 14 Jan 2019 20:09:21 -0500
Subject: Fix computation of INTX_MIN

The minimum is -2^(bitwidth-1), not -2^bitwidth.  Oops.
---
 curve25519_64.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'curve25519_64.c')

diff --git a/curve25519_64.c b/curve25519_64.c
index 3a637743e..23bf361d8 100644
--- a/curve25519_64.c
+++ b/curve25519_64.c
@@ -41,7 +41,7 @@ static void fiat_25519_addcarryx_u51(uint64_t* out1, fiat_25519_uint1* out2, fia
  */
 static void fiat_25519_subborrowx_u51(uint64_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) {
   int64_t x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3);
-  fiat_25519_int1 x2 = (fiat_25519_int1)((fiat_25519_int128)x1 >> 51);
+  fiat_25519_int1 x2 = (fiat_25519_int1)(x1 >> 51);
   uint64_t x3 = (x1 & UINT64_C(0x7ffffffffffff));
   *out1 = x3;
   *out2 = (fiat_25519_uint1)(0x0 - x2);
-- 
cgit v1.2.3