Fix reduce.c's overflowing multiplication

crypto_kem/kyber1024-90s/clean/reduce.c

@@ -18,7 +18,7 @@ int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a) {
     int32_t t;
     int16_t u;
 
-    u = (int16_t)(a * QINV);
+    u = (int16_t)(a * (int64_t)QINV);
     t = (int32_t)u * KYBER_Q;
     t = a - t;
     t >>= 16;

crypto_kem/kyber1024/clean/reduce.c

@@ -18,7 +18,7 @@ int16_t PQCLEAN_KYBER1024_CLEAN_montgomery_reduce(int32_t a) {
     int32_t t;
     int16_t u;
 
-    u = (int16_t)(a * QINV);
+    u = (int16_t)(a * (int64_t)QINV);
     t = (int32_t)u * KYBER_Q;
     t = a - t;
     t >>= 16;

crypto_kem/kyber512-90s/clean/reduce.c

@@ -18,7 +18,7 @@ int16_t PQCLEAN_KYBER51290S_CLEAN_montgomery_reduce(int32_t a) {
     int32_t t;
     int16_t u;
 
-    u = (int16_t)(a * QINV);
+    u = (int16_t)(a * (int64_t)QINV);
     t = (int32_t)u * KYBER_Q;
     t = a - t;
     t >>= 16;

crypto_kem/kyber512/clean/reduce.c

@@ -18,7 +18,7 @@ int16_t PQCLEAN_KYBER512_CLEAN_montgomery_reduce(int32_t a) {
     int32_t t;
     int16_t u;
 
-    u = (int16_t)(a * QINV);
+    u = (int16_t)(a * (int64_t)QINV);
     t = (int32_t)u * KYBER_Q;
     t = a - t;
     t >>= 16;

crypto_kem/kyber768-90s/clean/reduce.c

@@ -18,7 +18,7 @@ int16_t PQCLEAN_KYBER76890S_CLEAN_montgomery_reduce(int32_t a) {
     int32_t t;
     int16_t u;
 
-    u = (int16_t)(a * QINV);
+    u = (int16_t)(a * (int64_t)QINV);
     t = (int32_t)u * KYBER_Q;
     t = a - t;
     t >>= 16;

crypto_kem/kyber768/clean/reduce.c

@@ -18,7 +18,7 @@ int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) {
     int32_t t;
     int16_t u;
 
-    u = (int16_t)(a * QINV);
+    u = (int16_t)(a * (int64_t)QINV);
     t = (int32_t)u * KYBER_Q;
     t = a - t;
     t >>= 16;