From e7a83922d58f144cedb993cf9f98c63d1080ac7f Mon Sep 17 00:00:00 2001 From: Thom Wiggers Date: Thu, 17 Sep 2020 10:23:24 +0200 Subject: [PATCH] Silence a bunch of Windows warnings --- crypto_kem/kyber1024-90s/clean/indcpa.c | 3 ++- crypto_kem/kyber1024-90s/clean/kem.c | 2 +- crypto_kem/kyber1024-90s/clean/poly.c | 6 +++--- crypto_kem/kyber1024-90s/clean/polyvec.c | 22 +++++++++++----------- crypto_kem/kyber1024-90s/clean/reduce.c | 2 +- crypto_kem/kyber1024/clean/indcpa.c | 3 ++- crypto_kem/kyber1024/clean/kem.c | 2 +- crypto_kem/kyber1024/clean/poly.c | 6 +++--- crypto_kem/kyber1024/clean/polyvec.c | 22 +++++++++++----------- crypto_kem/kyber1024/clean/reduce.c | 2 +- crypto_kem/kyber512-90s/clean/indcpa.c | 3 ++- crypto_kem/kyber512-90s/clean/kem.c | 2 +- crypto_kem/kyber512-90s/clean/poly.c | 6 +++--- crypto_kem/kyber512-90s/clean/polyvec.c | 10 +++++----- crypto_kem/kyber512-90s/clean/reduce.c | 2 +- crypto_kem/kyber512/clean/indcpa.c | 3 ++- crypto_kem/kyber512/clean/kem.c | 2 +- crypto_kem/kyber512/clean/poly.c | 6 +++--- crypto_kem/kyber512/clean/polyvec.c | 10 +++++----- crypto_kem/kyber512/clean/reduce.c | 2 +- crypto_kem/kyber768-90s/clean/indcpa.c | 3 ++- crypto_kem/kyber768-90s/clean/kem.c | 2 +- crypto_kem/kyber768-90s/clean/poly.c | 6 +++--- crypto_kem/kyber768-90s/clean/polyvec.c | 10 +++++----- crypto_kem/kyber768-90s/clean/reduce.c | 2 +- crypto_kem/kyber768/clean/indcpa.c | 3 ++- crypto_kem/kyber768/clean/kem.c | 2 +- crypto_kem/kyber768/clean/poly.c | 6 +++--- crypto_kem/kyber768/clean/polyvec.c | 10 +++++----- crypto_kem/kyber768/clean/reduce.c | 2 +- 30 files changed, 84 insertions(+), 78 deletions(-) diff --git a/crypto_kem/kyber1024-90s/clean/indcpa.c b/crypto_kem/kyber1024-90s/clean/indcpa.c index 32b3404c..49821e55 100644 --- a/crypto_kem/kyber1024-90s/clean/indcpa.c +++ b/crypto_kem/kyber1024-90s/clean/indcpa.c @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) // Not static for benchmarking void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { - unsigned int ctr = 0, i = 0, j = 0; + unsigned int ctr = 0; + uint8_t i = 0, j = 0; uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; xof_state state; diff --git a/crypto_kem/kyber1024-90s/clean/kem.c b/crypto_kem/kyber1024-90s/clean/kem.c index 9020f577..6ea89031 100644 --- a/crypto_kem/kyber1024-90s/clean/kem.c +++ b/crypto_kem/kyber1024-90s/clean/kem.c @@ -117,7 +117,7 @@ int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(unsigned char *ss, hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); /* Overwrite pre-k with z on re-encryption failure */ - PQCLEAN_KYBER102490S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); + PQCLEAN_KYBER102490S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); /* hash concatenation of pre-k and H(c) to k */ kdf(ss, kr, 2 * KYBER_SYMBYTES); diff --git a/crypto_kem/kyber1024-90s/clean/poly.c b/crypto_kem/kyber1024-90s/clean/poly.c index bafb04a5..abecfc70 100644 --- a/crypto_kem/kyber1024-90s/clean/poly.c +++ b/crypto_kem/kyber1024-90s/clean/poly.c @@ -85,9 +85,9 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a for (i = 0; i < KYBER_N / 2; i++) { t0 = a->coeffs[2 * i]; t1 = a->coeffs[2 * i + 1]; - r[3 * i + 0] = (t0 >> 0); - r[3 * i + 1] = (t0 >> 8) | (t1 << 4); - r[3 * i + 2] = (t1 >> 4); + r[3 * i + 0] = (uint8_t)(t0 >> 0); + r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); + r[3 * i + 2] = (uint8_t)(t1 >> 4); } } diff --git a/crypto_kem/kyber1024-90s/clean/polyvec.c b/crypto_kem/kyber1024-90s/clean/polyvec.c index aa36c8df..a0cc8d12 100644 --- a/crypto_kem/kyber1024-90s/clean/polyvec.c +++ b/crypto_kem/kyber1024-90s/clean/polyvec.c @@ -27,17 +27,17 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESS } } - r[ 0] = (t[0] >> 0); - r[ 1] = (t[0] >> 8) | (t[1] << 3); - r[ 2] = (t[1] >> 5) | (t[2] << 6); - r[ 3] = (t[2] >> 2); - r[ 4] = (t[2] >> 10) | (t[3] << 1); - r[ 5] = (t[3] >> 7) | (t[4] << 4); - r[ 6] = (t[4] >> 4) | (t[5] << 7); - r[ 7] = (t[5] >> 1); - r[ 8] = (t[5] >> 9) | (t[6] << 2); - r[ 9] = (t[6] >> 6) | (t[7] << 5); - r[10] = (t[7] >> 3); + r[ 0] = (uint8_t)(t[0] >> 0); + r[ 1] = (uint8_t)((t[0] >> 8) | (t[1] << 3)); + r[ 2] = (uint8_t)((t[1] >> 5) | (t[2] << 6)); + r[ 3] = (uint8_t)(t[2] >> 2); + r[ 4] = (uint8_t)((t[2] >> 10) | (t[3] << 1)); + r[ 5] = (uint8_t)((t[3] >> 7) | (t[4] << 4)); + r[ 6] = (uint8_t)((t[4] >> 4) | (t[5] << 7)); + r[ 7] = (uint8_t)(t[5] >> 1); + r[ 8] = (uint8_t)((t[5] >> 9) | (t[6] << 2)); + r[ 9] = (uint8_t)((t[6] >> 6) | (t[7] << 5)); + r[10] = (uint8_t)(t[7] >> 3); r += 11; } } diff --git a/crypto_kem/kyber1024-90s/clean/reduce.c b/crypto_kem/kyber1024-90s/clean/reduce.c index 89ea4861..638cf7eb 100644 --- a/crypto_kem/kyber1024-90s/clean/reduce.c +++ b/crypto_kem/kyber1024-90s/clean/reduce.c @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a) { t = (int32_t)u * KYBER_Q; t = a - t; t >>= 16; - return t; + return (int16_t)t; } /************************************************* diff --git a/crypto_kem/kyber1024/clean/indcpa.c b/crypto_kem/kyber1024/clean/indcpa.c index a15802f0..d2e3758a 100644 --- a/crypto_kem/kyber1024/clean/indcpa.c +++ b/crypto_kem/kyber1024/clean/indcpa.c @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) // Not static for benchmarking void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { - unsigned int ctr = 0, i = 0, j = 0; + unsigned int ctr = 0; + uint8_t i = 0, j = 0; uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; xof_state state; diff --git a/crypto_kem/kyber1024/clean/kem.c b/crypto_kem/kyber1024/clean/kem.c index 20cd3ab0..954ed0f3 100644 --- a/crypto_kem/kyber1024/clean/kem.c +++ b/crypto_kem/kyber1024/clean/kem.c @@ -117,7 +117,7 @@ int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(unsigned char *ss, hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); /* Overwrite pre-k with z on re-encryption failure */ - PQCLEAN_KYBER1024_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); + PQCLEAN_KYBER1024_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); /* hash concatenation of pre-k and H(c) to k */ kdf(ss, kr, 2 * KYBER_SYMBYTES); diff --git a/crypto_kem/kyber1024/clean/poly.c b/crypto_kem/kyber1024/clean/poly.c index 8da3f722..2fd6f281 100644 --- a/crypto_kem/kyber1024/clean/poly.c +++ b/crypto_kem/kyber1024/clean/poly.c @@ -85,9 +85,9 @@ void PQCLEAN_KYBER1024_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) { for (i = 0; i < KYBER_N / 2; i++) { t0 = a->coeffs[2 * i]; t1 = a->coeffs[2 * i + 1]; - r[3 * i + 0] = (t0 >> 0); - r[3 * i + 1] = (t0 >> 8) | (t1 << 4); - r[3 * i + 2] = (t1 >> 4); + r[3 * i + 0] = (uint8_t)(t0 >> 0); + r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); + r[3 * i + 2] = (uint8_t)(t1 >> 4); } } diff --git a/crypto_kem/kyber1024/clean/polyvec.c b/crypto_kem/kyber1024/clean/polyvec.c index dab073cd..3a67207b 100644 --- a/crypto_kem/kyber1024/clean/polyvec.c +++ b/crypto_kem/kyber1024/clean/polyvec.c @@ -27,17 +27,17 @@ void PQCLEAN_KYBER1024_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDB } } - r[ 0] = (t[0] >> 0); - r[ 1] = (t[0] >> 8) | (t[1] << 3); - r[ 2] = (t[1] >> 5) | (t[2] << 6); - r[ 3] = (t[2] >> 2); - r[ 4] = (t[2] >> 10) | (t[3] << 1); - r[ 5] = (t[3] >> 7) | (t[4] << 4); - r[ 6] = (t[4] >> 4) | (t[5] << 7); - r[ 7] = (t[5] >> 1); - r[ 8] = (t[5] >> 9) | (t[6] << 2); - r[ 9] = (t[6] >> 6) | (t[7] << 5); - r[10] = (t[7] >> 3); + r[ 0] = (uint8_t)(t[0] >> 0); + r[ 1] = (uint8_t)((t[0] >> 8) | (t[1] << 3)); + r[ 2] = (uint8_t)((t[1] >> 5) | (t[2] << 6)); + r[ 3] = (uint8_t)(t[2] >> 2); + r[ 4] = (uint8_t)((t[2] >> 10) | (t[3] << 1)); + r[ 5] = (uint8_t)((t[3] >> 7) | (t[4] << 4)); + r[ 6] = (uint8_t)((t[4] >> 4) | (t[5] << 7)); + r[ 7] = (uint8_t)(t[5] >> 1); + r[ 8] = (uint8_t)((t[5] >> 9) | (t[6] << 2)); + r[ 9] = (uint8_t)((t[6] >> 6) | (t[7] << 5)); + r[10] = (uint8_t)(t[7] >> 3); r += 11; } } diff --git a/crypto_kem/kyber1024/clean/reduce.c b/crypto_kem/kyber1024/clean/reduce.c index 03403dd2..fedeab74 100644 --- a/crypto_kem/kyber1024/clean/reduce.c +++ b/crypto_kem/kyber1024/clean/reduce.c @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER1024_CLEAN_montgomery_reduce(int32_t a) { t = (int32_t)u * KYBER_Q; t = a - t; t >>= 16; - return t; + return (int16_t)t; } /************************************************* diff --git a/crypto_kem/kyber512-90s/clean/indcpa.c b/crypto_kem/kyber512-90s/clean/indcpa.c index f06a2d79..6edbfe36 100644 --- a/crypto_kem/kyber512-90s/clean/indcpa.c +++ b/crypto_kem/kyber512-90s/clean/indcpa.c @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) // Not static for benchmarking void PQCLEAN_KYBER51290S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { - unsigned int ctr = 0, i = 0, j = 0; + unsigned int ctr = 0; + uint8_t i = 0, j = 0; uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; xof_state state; diff --git a/crypto_kem/kyber512-90s/clean/kem.c b/crypto_kem/kyber512-90s/clean/kem.c index ef28920c..b58a00df 100644 --- a/crypto_kem/kyber512-90s/clean/kem.c +++ b/crypto_kem/kyber512-90s/clean/kem.c @@ -117,7 +117,7 @@ int PQCLEAN_KYBER51290S_CLEAN_crypto_kem_dec(unsigned char *ss, hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); /* Overwrite pre-k with z on re-encryption failure */ - PQCLEAN_KYBER51290S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); + PQCLEAN_KYBER51290S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); /* hash concatenation of pre-k and H(c) to k */ kdf(ss, kr, 2 * KYBER_SYMBYTES); diff --git a/crypto_kem/kyber512-90s/clean/poly.c b/crypto_kem/kyber512-90s/clean/poly.c index f45e57dd..c2c64b4f 100644 --- a/crypto_kem/kyber512-90s/clean/poly.c +++ b/crypto_kem/kyber512-90s/clean/poly.c @@ -83,9 +83,9 @@ void PQCLEAN_KYBER51290S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) for (i = 0; i < KYBER_N / 2; i++) { t0 = a->coeffs[2 * i]; t1 = a->coeffs[2 * i + 1]; - r[3 * i + 0] = (t0 >> 0); - r[3 * i + 1] = (t0 >> 8) | (t1 << 4); - r[3 * i + 2] = (t1 >> 4); + r[3 * i + 0] = (uint8_t)(t0 >> 0); + r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); + r[3 * i + 2] = (uint8_t)(t1 >> 4); } } diff --git a/crypto_kem/kyber512-90s/clean/polyvec.c b/crypto_kem/kyber512-90s/clean/polyvec.c index 5dbdc260..0a4dfc29 100644 --- a/crypto_kem/kyber512-90s/clean/polyvec.c +++ b/crypto_kem/kyber512-90s/clean/polyvec.c @@ -27,11 +27,11 @@ void PQCLEAN_KYBER51290S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSE } } - r[0] = (t[0] >> 0); - r[1] = (t[0] >> 8) | (t[1] << 2); - r[2] = (t[1] >> 6) | (t[2] << 4); - r[3] = (t[2] >> 4) | (t[3] << 6); - r[4] = (t[3] >> 2); + r[0] = (uint8_t)(t[0] >> 0); + r[1] = (uint8_t)((t[0] >> 8) | (t[1] << 2)); + r[2] = (uint8_t)((t[1] >> 6) | (t[2] << 4)); + r[3] = (uint8_t)((t[2] >> 4) | (t[3] << 6)); + r[4] = (uint8_t)(t[3] >> 2); r += 5; } } diff --git a/crypto_kem/kyber512-90s/clean/reduce.c b/crypto_kem/kyber512-90s/clean/reduce.c index ad313be0..deb735cd 100644 --- a/crypto_kem/kyber512-90s/clean/reduce.c +++ b/crypto_kem/kyber512-90s/clean/reduce.c @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER51290S_CLEAN_montgomery_reduce(int32_t a) { t = (int32_t)u * KYBER_Q; t = a - t; t >>= 16; - return t; + return (int16_t)t; } /************************************************* diff --git a/crypto_kem/kyber512/clean/indcpa.c b/crypto_kem/kyber512/clean/indcpa.c index edb54c76..bb49e76d 100644 --- a/crypto_kem/kyber512/clean/indcpa.c +++ b/crypto_kem/kyber512/clean/indcpa.c @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) // Not static for benchmarking void PQCLEAN_KYBER512_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { - unsigned int ctr = 0, i = 0, j = 0; + unsigned int ctr = 0; + uint8_t i = 0, j = 0; uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; xof_state state; diff --git a/crypto_kem/kyber512/clean/kem.c b/crypto_kem/kyber512/clean/kem.c index f7b77456..7d01cc45 100644 --- a/crypto_kem/kyber512/clean/kem.c +++ b/crypto_kem/kyber512/clean/kem.c @@ -117,7 +117,7 @@ int PQCLEAN_KYBER512_CLEAN_crypto_kem_dec(unsigned char *ss, hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); /* Overwrite pre-k with z on re-encryption failure */ - PQCLEAN_KYBER512_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); + PQCLEAN_KYBER512_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); /* hash concatenation of pre-k and H(c) to k */ kdf(ss, kr, 2 * KYBER_SYMBYTES); diff --git a/crypto_kem/kyber512/clean/poly.c b/crypto_kem/kyber512/clean/poly.c index 8a319c7e..08c72d84 100644 --- a/crypto_kem/kyber512/clean/poly.c +++ b/crypto_kem/kyber512/clean/poly.c @@ -83,9 +83,9 @@ void PQCLEAN_KYBER512_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) { for (i = 0; i < KYBER_N / 2; i++) { t0 = a->coeffs[2 * i]; t1 = a->coeffs[2 * i + 1]; - r[3 * i + 0] = (t0 >> 0); - r[3 * i + 1] = (t0 >> 8) | (t1 << 4); - r[3 * i + 2] = (t1 >> 4); + r[3 * i + 0] = (uint8_t)(t0 >> 0); + r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); + r[3 * i + 2] = (uint8_t)(t1 >> 4); } } diff --git a/crypto_kem/kyber512/clean/polyvec.c b/crypto_kem/kyber512/clean/polyvec.c index 6033d526..68224c7e 100644 --- a/crypto_kem/kyber512/clean/polyvec.c +++ b/crypto_kem/kyber512/clean/polyvec.c @@ -27,11 +27,11 @@ void PQCLEAN_KYBER512_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBY } } - r[0] = (t[0] >> 0); - r[1] = (t[0] >> 8) | (t[1] << 2); - r[2] = (t[1] >> 6) | (t[2] << 4); - r[3] = (t[2] >> 4) | (t[3] << 6); - r[4] = (t[3] >> 2); + r[0] = (uint8_t)(t[0] >> 0); + r[1] = (uint8_t)((t[0] >> 8) | (t[1] << 2)); + r[2] = (uint8_t)((t[1] >> 6) | (t[2] << 4)); + r[3] = (uint8_t)((t[2] >> 4) | (t[3] << 6)); + r[4] = (uint8_t)(t[3] >> 2); r += 5; } } diff --git a/crypto_kem/kyber512/clean/reduce.c b/crypto_kem/kyber512/clean/reduce.c index 6e3b086d..a979a2ad 100644 --- a/crypto_kem/kyber512/clean/reduce.c +++ b/crypto_kem/kyber512/clean/reduce.c @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER512_CLEAN_montgomery_reduce(int32_t a) { t = (int32_t)u * KYBER_Q; t = a - t; t >>= 16; - return t; + return (int16_t)t; } /************************************************* diff --git a/crypto_kem/kyber768-90s/clean/indcpa.c b/crypto_kem/kyber768-90s/clean/indcpa.c index c87af874..a83f91da 100644 --- a/crypto_kem/kyber768-90s/clean/indcpa.c +++ b/crypto_kem/kyber768-90s/clean/indcpa.c @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) // Not static for benchmarking void PQCLEAN_KYBER76890S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { - unsigned int ctr = 0, i = 0, j = 0; + unsigned int ctr = 0; + uint8_t i = 0, j = 0; uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; xof_state state; diff --git a/crypto_kem/kyber768-90s/clean/kem.c b/crypto_kem/kyber768-90s/clean/kem.c index ca1a54f1..09710069 100644 --- a/crypto_kem/kyber768-90s/clean/kem.c +++ b/crypto_kem/kyber768-90s/clean/kem.c @@ -117,7 +117,7 @@ int PQCLEAN_KYBER76890S_CLEAN_crypto_kem_dec(unsigned char *ss, hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); /* Overwrite pre-k with z on re-encryption failure */ - PQCLEAN_KYBER76890S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); + PQCLEAN_KYBER76890S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); /* hash concatenation of pre-k and H(c) to k */ kdf(ss, kr, 2 * KYBER_SYMBYTES); diff --git a/crypto_kem/kyber768-90s/clean/poly.c b/crypto_kem/kyber768-90s/clean/poly.c index 30bf5c70..c0d8b67b 100644 --- a/crypto_kem/kyber768-90s/clean/poly.c +++ b/crypto_kem/kyber768-90s/clean/poly.c @@ -72,9 +72,9 @@ void PQCLEAN_KYBER76890S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) for (i = 0; i < KYBER_N / 2; i++) { t0 = a->coeffs[2 * i]; t1 = a->coeffs[2 * i + 1]; - r[3 * i + 0] = (t0 >> 0); - r[3 * i + 1] = (t0 >> 8) | (t1 << 4); - r[3 * i + 2] = (t1 >> 4); + r[3 * i + 0] = (uint8_t)(t0 >> 0); + r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); + r[3 * i + 2] = (uint8_t)(t1 >> 4); } } diff --git a/crypto_kem/kyber768-90s/clean/polyvec.c b/crypto_kem/kyber768-90s/clean/polyvec.c index b261f051..79de7d77 100644 --- a/crypto_kem/kyber768-90s/clean/polyvec.c +++ b/crypto_kem/kyber768-90s/clean/polyvec.c @@ -27,11 +27,11 @@ void PQCLEAN_KYBER76890S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSE } } - r[0] = (t[0] >> 0); - r[1] = (t[0] >> 8) | (t[1] << 2); - r[2] = (t[1] >> 6) | (t[2] << 4); - r[3] = (t[2] >> 4) | (t[3] << 6); - r[4] = (t[3] >> 2); + r[0] = (uint8_t)(t[0] >> 0); + r[1] = (uint8_t)((t[0] >> 8) | (t[1] << 2)); + r[2] = (uint8_t)((t[1] >> 6) | (t[2] << 4)); + r[3] = (uint8_t)((t[2] >> 4) | (t[3] << 6)); + r[4] = (uint8_t)(t[3] >> 2); r += 5; } } diff --git a/crypto_kem/kyber768-90s/clean/reduce.c b/crypto_kem/kyber768-90s/clean/reduce.c index 2ad02e13..3967a765 100644 --- a/crypto_kem/kyber768-90s/clean/reduce.c +++ b/crypto_kem/kyber768-90s/clean/reduce.c @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER76890S_CLEAN_montgomery_reduce(int32_t a) { t = (int32_t)u * KYBER_Q; t = a - t; t >>= 16; - return t; + return (int16_t)t; } /************************************************* diff --git a/crypto_kem/kyber768/clean/indcpa.c b/crypto_kem/kyber768/clean/indcpa.c index bc3aa176..bd6e0d8b 100644 --- a/crypto_kem/kyber768/clean/indcpa.c +++ b/crypto_kem/kyber768/clean/indcpa.c @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) // Not static for benchmarking void PQCLEAN_KYBER768_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { - unsigned int ctr = 0, i = 0, j = 0; + unsigned int ctr = 0; + uint8_t i = 0, j = 0; uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; xof_state state; diff --git a/crypto_kem/kyber768/clean/kem.c b/crypto_kem/kyber768/clean/kem.c index f84bcfc5..3cd08c61 100644 --- a/crypto_kem/kyber768/clean/kem.c +++ b/crypto_kem/kyber768/clean/kem.c @@ -117,7 +117,7 @@ int PQCLEAN_KYBER768_CLEAN_crypto_kem_dec(unsigned char *ss, hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); /* Overwrite pre-k with z on re-encryption failure */ - PQCLEAN_KYBER768_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); + PQCLEAN_KYBER768_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); /* hash concatenation of pre-k and H(c) to k */ kdf(ss, kr, 2 * KYBER_SYMBYTES); diff --git a/crypto_kem/kyber768/clean/poly.c b/crypto_kem/kyber768/clean/poly.c index 4ffd0a1e..68d1c305 100644 --- a/crypto_kem/kyber768/clean/poly.c +++ b/crypto_kem/kyber768/clean/poly.c @@ -72,9 +72,9 @@ void PQCLEAN_KYBER768_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) { for (i = 0; i < KYBER_N / 2; i++) { t0 = a->coeffs[2 * i]; t1 = a->coeffs[2 * i + 1]; - r[3 * i + 0] = (t0 >> 0); - r[3 * i + 1] = (t0 >> 8) | (t1 << 4); - r[3 * i + 2] = (t1 >> 4); + r[3 * i + 0] = (uint8_t)(t0 >> 0); + r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); + r[3 * i + 2] = (uint8_t)(t1 >> 4); } } diff --git a/crypto_kem/kyber768/clean/polyvec.c b/crypto_kem/kyber768/clean/polyvec.c index 9a8193b1..b754eb95 100644 --- a/crypto_kem/kyber768/clean/polyvec.c +++ b/crypto_kem/kyber768/clean/polyvec.c @@ -27,11 +27,11 @@ void PQCLEAN_KYBER768_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBY } } - r[0] = (t[0] >> 0); - r[1] = (t[0] >> 8) | (t[1] << 2); - r[2] = (t[1] >> 6) | (t[2] << 4); - r[3] = (t[2] >> 4) | (t[3] << 6); - r[4] = (t[3] >> 2); + r[0] = (uint8_t)(t[0] >> 0); + r[1] = (uint8_t)((t[0] >> 8) | (t[1] << 2)); + r[2] = (uint8_t)((t[1] >> 6) | (t[2] << 4)); + r[3] = (uint8_t)((t[2] >> 4) | (t[3] << 6)); + r[4] = (uint8_t)(t[3] >> 2); r += 5; } } diff --git a/crypto_kem/kyber768/clean/reduce.c b/crypto_kem/kyber768/clean/reduce.c index 0bf2b1bd..72babc2c 100644 --- a/crypto_kem/kyber768/clean/reduce.c +++ b/crypto_kem/kyber768/clean/reduce.c @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) { t = (int32_t)u * KYBER_Q; t = a - t; t >>= 16; - return t; + return (int16_t)t; } /*************************************************