Merge pull request #280 from PQClean/ds-falcon-type-punning

Avoid type-punning warning in Falcon when strict-aliasing turned on
This commit is contained in:
mergify[bot] 2020-03-14 20:23:46 +00:00 committed by GitHub
commit bfbf99eb76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 28 additions and 22 deletions

View File

@ -46,6 +46,9 @@ PQCLEAN_FALCON1024_CLEAN_prng_init(prng *p, inner_shake256_context *src) {
uint64_t th, tl; uint64_t th, tl;
int i; int i;
uint32_t *d32 = (uint32_t *) p->state.d;
uint64_t *d64 = (uint64_t *) p->state.d;
inner_shake256_extract(src, tmp, 56); inner_shake256_extract(src, tmp, 56);
for (i = 0; i < 14; i ++) { for (i = 0; i < 14; i ++) {
uint32_t w; uint32_t w;
@ -54,11 +57,11 @@ PQCLEAN_FALCON1024_CLEAN_prng_init(prng *p, inner_shake256_context *src) {
| ((uint32_t)tmp[(i << 2) + 1] << 8) | ((uint32_t)tmp[(i << 2) + 1] << 8)
| ((uint32_t)tmp[(i << 2) + 2] << 16) | ((uint32_t)tmp[(i << 2) + 2] << 16)
| ((uint32_t)tmp[(i << 2) + 3] << 24); | ((uint32_t)tmp[(i << 2) + 3] << 24);
*(uint32_t *)(p->state.d + (i << 2)) = w; d32[i] = w;
} }
tl = *(uint32_t *)(p->state.d + 48); tl = d32[48 / sizeof(uint32_t)];
th = *(uint32_t *)(p->state.d + 52); th = d32[52 / sizeof(uint32_t)];
*(uint64_t *)(p->state.d + 48) = tl + (th << 32); d64[48 / sizeof(uint64_t)] = tl + (th << 32);
PQCLEAN_FALCON1024_CLEAN_prng_refill(p); PQCLEAN_FALCON1024_CLEAN_prng_refill(p);
} }
@ -85,12 +88,14 @@ PQCLEAN_FALCON1024_CLEAN_prng_refill(prng *p) {
uint64_t cc; uint64_t cc;
size_t u; size_t u;
uint32_t *d32 = (uint32_t *) p->state.d;
uint64_t *d64 = (uint64_t *) p->state.d;
/* /*
* State uses local endianness. Only the output bytes must be * State uses local endianness. Only the output bytes must be
* converted to little endian (if used on a big-endian machine). * converted to little endian (if used on a big-endian machine).
*/ */
cc = *(uint64_t *)(p->state.d + 48); cc = d64[48 / sizeof(uint64_t)];
for (u = 0; u < 8; u ++) { for (u = 0; u < 8; u ++) {
uint32_t state[16]; uint32_t state[16];
size_t v; size_t v;
@ -134,12 +139,10 @@ PQCLEAN_FALCON1024_CLEAN_prng_refill(prng *p) {
state[v] += CW[v]; state[v] += CW[v];
} }
for (v = 4; v < 14; v ++) { for (v = 4; v < 14; v ++) {
state[v] += ((uint32_t *)p->state.d)[v - 4]; state[v] += d32[v - 4];
} }
state[14] += ((uint32_t *)p->state.d)[10] state[14] += d32[10] ^ (uint32_t)cc;
^ (uint32_t)cc; state[15] += d32[11] ^ (uint32_t)(cc >> 32);
state[15] += ((uint32_t *)p->state.d)[11]
^ (uint32_t)(cc >> 32);
cc ++; cc ++;
/* /*
@ -157,7 +160,7 @@ PQCLEAN_FALCON1024_CLEAN_prng_refill(prng *p) {
(uint8_t)(state[v] >> 24); (uint8_t)(state[v] >> 24);
} }
} }
*(uint64_t *)(p->state.d + 48) = cc; d64[48 / sizeof(uint64_t)] = cc;
p->ptr = 0; p->ptr = 0;

View File

@ -46,6 +46,9 @@ PQCLEAN_FALCON512_CLEAN_prng_init(prng *p, inner_shake256_context *src) {
uint64_t th, tl; uint64_t th, tl;
int i; int i;
uint32_t *d32 = (uint32_t *) p->state.d;
uint64_t *d64 = (uint64_t *) p->state.d;
inner_shake256_extract(src, tmp, 56); inner_shake256_extract(src, tmp, 56);
for (i = 0; i < 14; i ++) { for (i = 0; i < 14; i ++) {
uint32_t w; uint32_t w;
@ -54,11 +57,11 @@ PQCLEAN_FALCON512_CLEAN_prng_init(prng *p, inner_shake256_context *src) {
| ((uint32_t)tmp[(i << 2) + 1] << 8) | ((uint32_t)tmp[(i << 2) + 1] << 8)
| ((uint32_t)tmp[(i << 2) + 2] << 16) | ((uint32_t)tmp[(i << 2) + 2] << 16)
| ((uint32_t)tmp[(i << 2) + 3] << 24); | ((uint32_t)tmp[(i << 2) + 3] << 24);
*(uint32_t *)(p->state.d + (i << 2)) = w; d32[i] = w;
} }
tl = *(uint32_t *)(p->state.d + 48); tl = d32[48 / sizeof(uint32_t)];
th = *(uint32_t *)(p->state.d + 52); th = d32[52 / sizeof(uint32_t)];
*(uint64_t *)(p->state.d + 48) = tl + (th << 32); d64[48 / sizeof(uint64_t)] = tl + (th << 32);
PQCLEAN_FALCON512_CLEAN_prng_refill(p); PQCLEAN_FALCON512_CLEAN_prng_refill(p);
} }
@ -85,12 +88,14 @@ PQCLEAN_FALCON512_CLEAN_prng_refill(prng *p) {
uint64_t cc; uint64_t cc;
size_t u; size_t u;
uint32_t *d32 = (uint32_t *) p->state.d;
uint64_t *d64 = (uint64_t *) p->state.d;
/* /*
* State uses local endianness. Only the output bytes must be * State uses local endianness. Only the output bytes must be
* converted to little endian (if used on a big-endian machine). * converted to little endian (if used on a big-endian machine).
*/ */
cc = *(uint64_t *)(p->state.d + 48); cc = d64[48 / sizeof(uint64_t)];
for (u = 0; u < 8; u ++) { for (u = 0; u < 8; u ++) {
uint32_t state[16]; uint32_t state[16];
size_t v; size_t v;
@ -134,12 +139,10 @@ PQCLEAN_FALCON512_CLEAN_prng_refill(prng *p) {
state[v] += CW[v]; state[v] += CW[v];
} }
for (v = 4; v < 14; v ++) { for (v = 4; v < 14; v ++) {
state[v] += ((uint32_t *)p->state.d)[v - 4]; state[v] += d32[v - 4];
} }
state[14] += ((uint32_t *)p->state.d)[10] state[14] += d32[10] ^ (uint32_t)cc;
^ (uint32_t)cc; state[15] += d32[11] ^ (uint32_t)(cc >> 32);
state[15] += ((uint32_t *)p->state.d)[11]
^ (uint32_t)(cc >> 32);
cc ++; cc ++;
/* /*
@ -157,7 +160,7 @@ PQCLEAN_FALCON512_CLEAN_prng_refill(prng *p) {
(uint8_t)(state[v] >> 24); (uint8_t)(state[v] >> 24);
} }
} }
*(uint64_t *)(p->state.d + 48) = cc; d64[48 / sizeof(uint64_t)] = cc;
p->ptr = 0; p->ptr = 0;