From c61d5be86e3efb978883fc60687af42192aacaff Mon Sep 17 00:00:00 2001
From: Jason Gross <jgross@mit.edu>
Date: Mon, 14 Jan 2019 19:05:15 -0500
Subject: Don't cast signed to unsigned before shifting

Unfortunately, signed->unsigned casts do not commute with shifts.  We
take care to only extend the range when it needs extending, now.  This
was previously causing issues with subborrow.

We should really get proofs about casts in C semantics at some point
soon.

Fixes #489
---
 p256_64.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'p256_64.c')

diff --git a/p256_64.c b/p256_64.c
index 47d959fae..70b523744 100644
--- a/p256_64.c
+++ b/p256_64.c
@@ -46,7 +46,7 @@ static void fiat_p256_addcarryx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_
  */
 static void fiat_p256_subborrowx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) {
   fiat_p256_int128 x1 = ((arg2 - (fiat_p256_int128)arg1) - arg3);
-  fiat_p256_int1 x2 = (fiat_p256_int1)((fiat_p256_uint128)x1 >> 64);
+  fiat_p256_int1 x2 = (fiat_p256_int1)((fiat_p256_int256)x1 >> 64);
   uint64_t x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff));
   *out1 = x3;
   *out2 = (fiat_p256_uint1)(0x0 - x2);
@@ -1183,7 +1183,7 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) {
   uint8_t x16 = (uint8_t)(x13 & UINT8_C(0xff));
   uint8_t x17 = (uint8_t)(x15 >> 8);
   uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff));
-  fiat_p256_uint1 x19 = (fiat_p256_uint1)(x17 >> 8);
+  fiat_p256_uint1 x19 = (fiat_p256_uint1)((int64_t)x17 >> 8);
   uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff));
   uint64_t x21 = (x19 + x3);
   uint64_t x22 = (x21 >> 8);
@@ -1200,7 +1200,7 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) {
   uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff));
   uint8_t x34 = (uint8_t)(x32 >> 8);
   uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff));
-  fiat_p256_uint1 x36 = (fiat_p256_uint1)(x34 >> 8);
+  fiat_p256_uint1 x36 = (fiat_p256_uint1)((int64_t)x34 >> 8);
   uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff));
   uint64_t x38 = (x36 + x2);
   uint64_t x39 = (x38 >> 8);
@@ -1217,7 +1217,7 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) {
   uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff));
   uint8_t x51 = (uint8_t)(x49 >> 8);
   uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff));
-  fiat_p256_uint1 x53 = (fiat_p256_uint1)(x51 >> 8);
+  fiat_p256_uint1 x53 = (fiat_p256_uint1)((int64_t)x51 >> 8);
   uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff));
   uint64_t x55 = (x53 + x1);
   uint64_t x56 = (x55 >> 8);
-- 
cgit v1.2.3