[tor-bugs] #13280 [Tor]: Stop signed left shift overflows in ed25519

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#13280: Stop signed left shift overflows in ed25519
--------------------------------+----------------------------------
 Reporter:  teor                |          Owner:
     Type:  defect              |         Status:  new
 Priority:  normal              |      Milestone:
Component:  Tor                 |        Version:  Tor: unspecified
 Keywords:  tor-router ed25519  |  Actual Points:
Parent ID:                      |         Points:
--------------------------------+----------------------------------
 The new ed25519 code contains some signed left shifts of negative numbers,
 which clang identifies as runtime errors.

 Under -ftrapv, this causes a trap/crash.

 Without -ftrapv, this causes about 100 warnings during the tests like:
 crypto/ed25519_simple: src/ext/ed25519/ref10/ge_scalarmult_base.c:42:48:
 runtime error: left shift of negative value -2
 (log attached)

 A patch is attached that performs potentially overflowing left shifts in
 unsigned arithmetic. Macros SHL64 and SHL32 are defined for convenience.

 This is my first patch using git format-patch with a changes entry - let
 me know if it needs revising.

 Version: tor 2.6.?-alpha
 git: 5190ec0bc4c22d7bab756e21db6e357ba07379c4

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13280>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs