diff --git a/crypto_kem/ntrulpr653/avx2/Makefile b/crypto_kem/ntrulpr653/avx2/Makefile index 5d22a4ce..80410df7 100644 --- a/crypto_kem/ntrulpr653/avx2/Makefile +++ b/crypto_kem/ntrulpr653/avx2/Makefile @@ -4,7 +4,7 @@ LIB=libntrulpr653_avx2.a HEADERS=api.h crypto_core_multsntrup653.h crypto_core_multsntrup653_ntt.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_653x1541.h crypto_decode_653x3.h crypto_decode_653xint16.h crypto_decode_653xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_653x1541.h crypto_encode_653x1541round.h crypto_encode_653x3.h crypto_encode_653xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1025.h params.h OBJECTS=crypto_core_multsntrup653.o crypto_core_multsntrup653_ntt.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_653x1541.o crypto_decode_653x3.o crypto_decode_653xint16.o crypto_decode_653xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_653x1541.o crypto_encode_653x1541round.o crypto_encode_653x3.o crypto_encode_653xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1025.o kem.o -CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/ntrulpr653/avx2/crypto_core_multsntrup653.c b/crypto_kem/ntrulpr653/avx2/crypto_core_multsntrup653.c index 7381e5ca..8c754b1f 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_core_multsntrup653.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_core_multsntrup653.c @@ -291,9 +291,9 @@ int PQCLEAN_NTRULPR653_AVX2_crypto_core_multsntrup653(unsigned char *outbytes, c store_x16(&f[i], x); } for (i = 0; i < p; ++i) { - int8 gi = kbytes[i]; + int8 gi = (int8) kbytes[i]; int8 gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (int16) (gi0 - (gi & (gi0 << 1))); } mult768(fg, f, g); diff --git a/crypto_kem/ntrulpr653/avx2/crypto_decode_256x2.c b/crypto_kem/ntrulpr653/avx2/crypto_decode_256x2.c index 506266a5..db4b2b68 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_decode_256x2.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_decode_256x2.c @@ -3,7 +3,7 @@ #include #define COPY _mm256_set_epi64x(0x0303030303030303,0x0202020202020202,0x0101010101010101,0x0000000000000000) -#define MASK _mm256_set1_epi64x(0x8040201008040201) +#define MASK _mm256_set1_epi64x((int64_t) 0x8040201008040201) #define MASK2 _mm256_set1_epi64x(0x0101010101010101) void PQCLEAN_NTRULPR653_AVX2_crypto_decode_256x2(void *v, const unsigned char *s) { diff --git a/crypto_kem/ntrulpr653/avx2/crypto_decode_653x1541.c b/crypto_kem/ntrulpr653/avx2/crypto_decode_653x1541.c index 21ae3335..e03c76a5 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_decode_653x1541.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_decode_653x1541.c @@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) { } static inline int16 mulhi(int16 x, int16 y) { - return (x * (int32)y) >> 16; + return (int16) ((x * (int32)y) >> 16); } static inline __m256i add(__m256i x, __m256i y) { @@ -79,7 +79,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 += s[1 * i + 0]; /* -39...290 */ a0 = mulhi(a0, 3) - mulhi(mullo(a0, -923), 71); /* -36...35 */ a0 += (a0 >> 15) & 71; /* 0...70 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -22153); /* invalid inputs might need reduction mod 9402 */ @@ -100,7 +100,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 += s[1 * i + 0]; /* -67...325 */ a0 = mulhi(a0, 10) - mulhi(mullo(a0, -489), 134); /* -68...67 */ a0 += (a0 >> 15) & 134; /* 0...133 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, 19563); /* invalid inputs might need reduction mod 134 */ @@ -119,7 +119,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, 1223) - mulhi(mullo(a0, -5681), 2953); /* -1477...1782 */ a0 += s[1 * i + 0]; /* -1477...2037 */ a0 += (a0 >> 15) & 2953; /* 0...2952 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -9543); /* invalid inputs might need reduction mod 815 */ @@ -136,7 +136,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, 1223) - mulhi(mullo(a0, -5681), 2953); /* -1505...1514 */ a0 += s[2 * i + 0]; /* -1505...1769 */ a0 += (a0 >> 15) & 2953; /* 0...2952 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -9543); /* invalid inputs might need reduction mod 2953 */ @@ -158,7 +158,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, 1756) - mulhi(mullo(a0, -1206), 13910); /* -7142...7159 */ a0 += s[2 * i + 0]; /* -7142...7414 */ a0 += (a0 >> 15) & 13910; /* 0...13909 */ - a1 = (a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1); + a1 = (int16) ((a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1)); a1 = mullo(a1, -13437); /* invalid inputs might need reduction mod 13910 */ @@ -178,7 +178,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, -101) - mulhi(mullo(a0, -8891), 1887); /* -969...943 */ a0 += s[1 * i + 0]; /* -969...1198 */ a0 += (a0 >> 15) & 1887; /* 0...1886 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 5279); /* invalid inputs might need reduction mod 1887 */ @@ -234,7 +234,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, 2401) - mulhi(mullo(a0, -2487), 6745); /* -3497...3527 */ a0 += s[2 * i + 0]; /* -3497...3782 */ a0 += (a0 >> 15) & 6745; /* 0...6744 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -29207); /* invalid inputs might need reduction mod 7910 */ @@ -287,7 +287,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, 64) - mulhi(mullo(a0, -12768), 1314); /* -657...673 */ a0 += s[1 * i + 0]; /* -657...928 */ a0 += (a0 >> 15) & 1314; /* 0...1313 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, -399); /* invalid inputs might need reduction mod 1541 */ @@ -369,7 +369,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653x1541(void *v, const unsigned char /* R1 ------> R0: reconstruct mod 653*[1541] */ - R0[652] = 3 * R1[326] - 2310; + R0[652] = (int16) (3 * R1[326] - 2310); s -= 326; i = 310; for (;;) { diff --git a/crypto_kem/ntrulpr653/avx2/crypto_decode_653xint16.c b/crypto_kem/ntrulpr653/avx2/crypto_decode_653xint16.c index fc5d7fd2..9af423af 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_decode_653xint16.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_decode_653xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_decode_653xint16(void *v, const unsigned cha for (i = 0; i < 653; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/ntrulpr653/avx2/crypto_encode_256x16.c b/crypto_kem/ntrulpr653/avx2/crypto_encode_256x16.c index b17a2188..4b3a9647 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_encode_256x16.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_encode_256x16.c @@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_256x16(unsigned char *s, const void * const unsigned char *T = v; int i; for (i = 0; i < 128; ++i) { - s[i] = T[2 * i] + (T[2 * i + 1] << 4); + s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4)); } } diff --git a/crypto_kem/ntrulpr653/avx2/crypto_encode_256x2.c b/crypto_kem/ntrulpr653/avx2/crypto_encode_256x2.c index 058fc8f4..c77f1095 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_encode_256x2.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_encode_256x2.c @@ -29,60 +29,60 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_256x2(unsigned char *s, const void *v int32_t c5 = _mm256_movemask_epi8(b5); int32_t c6 = _mm256_movemask_epi8(b6); int32_t c7 = _mm256_movemask_epi8(b7); - *s++ = c0; + *s++ = (unsigned char) c0; c0 >>= 8; - *s++ = c0; + *s++ = (unsigned char) c0; c0 >>= 8; - *s++ = c0; + *s++ = (unsigned char) c0; c0 >>= 8; - *s++ = c0; - *s++ = c1; + *s++ = (unsigned char) c0; + *s++ = (unsigned char) c1; c1 >>= 8; - *s++ = c1; + *s++ = (unsigned char) c1; c1 >>= 8; - *s++ = c1; + *s++ = (unsigned char) c1; c1 >>= 8; - *s++ = c1; - *s++ = c2; + *s++ = (unsigned char) c1; + *s++ = (unsigned char) c2; c2 >>= 8; - *s++ = c2; + *s++ = (unsigned char) c2; c2 >>= 8; - *s++ = c2; + *s++ = (unsigned char) c2; c2 >>= 8; - *s++ = c2; - *s++ = c3; + *s++ = (unsigned char) c2; + *s++ = (unsigned char) c3; c3 >>= 8; - *s++ = c3; + *s++ = (unsigned char) c3; c3 >>= 8; - *s++ = c3; + *s++ = (unsigned char) c3; c3 >>= 8; - *s++ = c3; - *s++ = c4; + *s++ = (unsigned char) c3; + *s++ = (unsigned char) c4; c4 >>= 8; - *s++ = c4; + *s++ = (unsigned char) c4; c4 >>= 8; - *s++ = c4; + *s++ = (unsigned char) c4; c4 >>= 8; - *s++ = c4; - *s++ = c5; + *s++ = (unsigned char) c4; + *s++ = (unsigned char) c5; c5 >>= 8; - *s++ = c5; + *s++ = (unsigned char) c5; c5 >>= 8; - *s++ = c5; + *s++ = (unsigned char) c5; c5 >>= 8; - *s++ = c5; - *s++ = c6; + *s++ = (unsigned char) c5; + *s++ = (unsigned char) c6; c6 >>= 8; - *s++ = c6; + *s++ = (unsigned char) c6; c6 >>= 8; - *s++ = c6; + *s++ = (unsigned char) c6; c6 >>= 8; - *s++ = c6; - *s++ = c7; + *s++ = (unsigned char) c6; + *s++ = (unsigned char) c7; c7 >>= 8; - *s++ = c7; + *s++ = (unsigned char) c7; c7 >>= 8; - *s++ = c7; + *s++ = (unsigned char) c7; c7 >>= 8; - *s++ = c7; + *s++ = (unsigned char) c7; } diff --git a/crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541.c b/crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541.c index f0a66124..081783f3 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541.c @@ -42,26 +42,26 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[326] = (((R0[652] + 2310) & 16383) * 10923) >> 15; + R[326] = (uint16) ((((R0[652] + 2310) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -124,22 +124,22 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -204,22 +204,22 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -229,9 +229,9 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1887; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[10] = R[20]; @@ -239,11 +239,11 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)13910; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[5] = R[10]; @@ -251,36 +251,36 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[4]; r1 = R[5]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[2] = r2; + R[2] = (uint16) r2; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)134; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)71; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541round.c b/crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541round.c index 878fe438..d994ed24 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541round.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_encode_653x1541round.c @@ -44,26 +44,26 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[326] = (((3 * ((10923 * R0[652] + 16384) >> 15) + 2310) & 16383) * 10923) >> 15; + R[326] = (uint16) ((((3 * ((10923 * R0[652] + 16384) >> 15) + 2310) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -126,22 +126,22 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -206,22 +206,22 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -231,9 +231,9 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1887; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[10] = R[20]; @@ -241,11 +241,11 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)13910; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[5] = R[10]; @@ -253,36 +253,36 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653x1541round(unsigned char *out, con r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[4]; r1 = R[5]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[2] = r2; + R[2] = (uint16) r2; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)134; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)71; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/ntrulpr653/avx2/crypto_encode_653xint16.c b/crypto_kem/ntrulpr653/avx2/crypto_encode_653xint16.c index 7d60b0c9..f4432f5f 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_encode_653xint16.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_encode_653xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR653_AVX2_crypto_encode_653xint16(unsigned char *s, const voi for (i = 0; i < 653; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c b/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c index e1327c65..efa749c2 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_sort_int32.c @@ -44,7 +44,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) { int32x8_MINMAX(x0, y0); int32x8_store(x + n - 8, x0); int32x8_store(y + n - 8, y0); - n &= ~7; + n &= ~(size_t) 7; } do { int32x8 x0 = int32x8_load(x); diff --git a/crypto_kem/ntrulpr653/avx2/crypto_verify_1025.c b/crypto_kem/ntrulpr653/avx2/crypto_verify_1025.c index 4286184b..33861c45 100644 --- a/crypto_kem/ntrulpr653/avx2/crypto_verify_1025.c +++ b/crypto_kem/ntrulpr653/avx2/crypto_verify_1025.c @@ -27,10 +27,10 @@ int PQCLEAN_NTRULPR653_AVX2_crypto_verify_1025(const unsigned char *x, const uns diff |= _mm256_srli_epi32(diff, 16); diff |= _mm256_srli_epi64(diff, 32); - differentbits = _mm256_extract_epi8(diff, 0); - differentbits |= _mm256_extract_epi8(diff, 8); - differentbits |= _mm256_extract_epi8(diff, 16); - differentbits |= _mm256_extract_epi8(diff, 24); + differentbits = (unsigned int) _mm256_extract_epi8(diff, 0); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 8); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 16); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 24); return (int) (1 & ((differentbits - 1) >> 8)) - 1; } diff --git a/crypto_kem/ntrulpr653/avx2/kem.c b/crypto_kem/ntrulpr653/avx2/kem.c index 19ae250f..efa4a044 100644 --- a/crypto_kem/ntrulpr653/avx2/kem.c +++ b/crypto_kem/ntrulpr653/avx2/kem.c @@ -18,7 +18,7 @@ /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -38,24 +38,24 @@ typedef int16 Fq; /* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */ /* assumes twos complement; use, e.g., gcc -fwrapv */ static Fq Fq_freeze(int32 x) { - x -= q * ((q18 * x) >> 18); - x -= q * ((q27 * x + 67108864) >> 27); - return x; + x -= (int32) (q * ((q18 * x) >> 18)); + x -= (int32) (q * ((q27 * x + 67108864) >> 27)); + return (Fq) x; } /* works for all uint32 x */ static Fq Fq_bigfreeze(uint32 x) { - x -= q * ((x * (uint64)q31) >> 31); - x -= q * ((x * (uint64)q31) >> 31); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); x -= q; x += (-(x >> 31)) & (uint32)q; - return x; + return (Fq) x; } /* ----- Top and Right */ static int8 Top(Fq C) { - return (tau1 * (int32)(C + tau0) + 16384) >> 15; + return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15); } static Fq Right(int8 T) { @@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) { } PQCLEAN_NTRULPR653_AVX2_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR653_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char int8 T[I]; Top_decode(T, c + Rounded_bytes); for (i = 0; i < I; ++i) { - r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); + r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); } } } @@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR653_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char Hide(cnew, x, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Inputs_bytes; ++i) { - x[1 + i] ^= mask & (x[1 + i] ^ rho[i]); + x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i])); } for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Inputs_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/ntrulpr653/clean/Makefile b/crypto_kem/ntrulpr653/clean/Makefile index 7807ed9b..c1856934 100644 --- a/crypto_kem/ntrulpr653/clean/Makefile +++ b/crypto_kem/ntrulpr653/clean/Makefile @@ -4,7 +4,7 @@ LIB=libntrulpr653_clean.a HEADERS=api.h crypto_core_multsntrup653.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_653x1541.h crypto_decode_653x3.h crypto_decode_653xint16.h crypto_decode_653xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_653x1541.h crypto_encode_653x1541round.h crypto_encode_653x3.h crypto_encode_653xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1025.h params.h OBJECTS=crypto_core_multsntrup653.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_653x1541.o crypto_decode_653x3.o crypto_decode_653xint16.o crypto_decode_653xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_653x1541.o crypto_encode_653x1541round.o crypto_encode_653x3.o crypto_encode_653xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1025.o kem.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/ntrulpr653/clean/crypto_core_multsntrup653.c b/crypto_kem/ntrulpr653/clean/crypto_core_multsntrup653.c index 5b38329b..77d270cf 100644 --- a/crypto_kem/ntrulpr653/clean/crypto_core_multsntrup653.c +++ b/crypto_kem/ntrulpr653/clean/crypto_core_multsntrup653.c @@ -14,7 +14,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } int PQCLEAN_NTRULPR653_CLEAN_crypto_core_multsntrup653(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) { @@ -30,9 +30,9 @@ int PQCLEAN_NTRULPR653_CLEAN_crypto_core_multsntrup653(unsigned char *outbytes, } for (i = 0; i < p; ++i) { - small gi = kbytes[i]; + small gi = (small) kbytes[i]; small gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (small) (gi0 - (gi & (gi0 << 1))); } for (i = 0; i < p; ++i) { diff --git a/crypto_kem/ntrulpr653/clean/crypto_decode_653x1541.c b/crypto_kem/ntrulpr653/clean/crypto_decode_653x1541.c index 5e07c4bb..edd6d15f 100644 --- a/crypto_kem/ntrulpr653/clean/crypto_decode_653x1541.c +++ b/crypto_kem/ntrulpr653/clean/crypto_decode_653x1541.c @@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q = 0; - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */ /* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */ /* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */ @@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += qpart; /* x <= 49146 */ - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */ /* 0 <= newx <= m + 49146(2^14-1)/2^31 */ /* 0 <= newx <= m + 0.4 */ @@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += mask; /* x < m */ - *r = x; + *r = (uint16) x; } static uint16 uint32_mod_uint14(uint32 x, uint16 m) { @@ -81,14 +81,14 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha r1 = (r1 << 8) | *--s; r1 = (r1 << 8) | *--s; r1 = uint32_mod_uint14(r1, 2608); /* needed only for invalid inputs */ - R10[0] = r1; + R10[0] = (uint16) r1; r2 = R10[0]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 71); R9[0] = r0; r1 = uint32_mod_uint14(r1, 9402); /* needed only for invalid inputs */ - R9[1] = r1; + R9[1] = (uint16) r1; R8[2] = R9[1]; r2 = R9[0]; @@ -96,14 +96,14 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 134); R8[0] = r0; r1 = uint32_mod_uint14(r1, 134); /* needed only for invalid inputs */ - R8[1] = r1; + R8[1] = (uint16) r1; r2 = R8[2]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 2953); R7[4] = r0; r1 = uint32_mod_uint14(r1, 815); /* needed only for invalid inputs */ - R7[5] = r1; + R7[5] = (uint16) r1; for (i = 1; i >= 0; --i) { r2 = R8[i]; r2 = (r2 << 8) | *--s; @@ -111,7 +111,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 2953); R7[2 * i] = r0; r1 = uint32_mod_uint14(r1, 2953); /* needed only for invalid inputs */ - R7[2 * i + 1] = r1; + R7[2 * i + 1] = (uint16) r1; } R6[10] = R7[5]; @@ -122,7 +122,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 13910); R6[2 * i] = r0; r1 = uint32_mod_uint14(r1, 13910); /* needed only for invalid inputs */ - R6[2 * i + 1] = r1; + R6[2 * i + 1] = (uint16) r1; } R5[20] = R6[10]; @@ -132,7 +132,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 1887); R5[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1887); /* needed only for invalid inputs */ - R5[2 * i + 1] = r1; + R5[2 * i + 1] = (uint16) r1; } R4[40] = R5[20]; @@ -142,7 +142,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 695); R4[2 * i] = r0; r1 = uint32_mod_uint14(r1, 695); /* needed only for invalid inputs */ - R4[2 * i + 1] = r1; + R4[2 * i + 1] = (uint16) r1; } r2 = R4[40]; @@ -151,7 +151,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 6745); R3[80] = r0; r1 = uint32_mod_uint14(r1, 7910); /* needed only for invalid inputs */ - R3[81] = r1; + R3[81] = (uint16) r1; for (i = 39; i >= 0; --i) { r2 = R4[i]; r2 = (r2 << 8) | *--s; @@ -159,7 +159,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 6745); R3[2 * i] = r0; r1 = uint32_mod_uint14(r1, 6745); /* needed only for invalid inputs */ - R3[2 * i + 1] = r1; + R3[2 * i + 1] = (uint16) r1; } r2 = R3[81]; @@ -167,14 +167,14 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 1314); R2[162] = r0; r1 = uint32_mod_uint14(r1, 1541); /* needed only for invalid inputs */ - R2[163] = r1; + R2[163] = (uint16) r1; for (i = 80; i >= 0; --i) { r2 = R3[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1314); R2[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1314); /* needed only for invalid inputs */ - R2[2 * i + 1] = r1; + R2[2 * i + 1] = (uint16) r1; } R1[326] = R2[163]; @@ -185,16 +185,16 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653x1541(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 9277); R1[2 * i] = r0; r1 = uint32_mod_uint14(r1, 9277); /* needed only for invalid inputs */ - R1[2 * i + 1] = r1; + R1[2 * i + 1] = (uint16) r1; } - R0[652] = 3 * R1[326] - 2310; + R0[652] = (int16) (3 * R1[326] - 2310); for (i = 325; i >= 0; --i) { r2 = R1[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1541); - R0[2 * i] = 3 * r0 - 2310; + R0[2 * i] = (int16) (3 * r0 - 2310); r1 = uint32_mod_uint14(r1, 1541); /* needed only for invalid inputs */ - R0[2 * i + 1] = 3 * r1 - 2310; + R0[2 * i + 1] = (int16) (3 * r1 - 2310); } } diff --git a/crypto_kem/ntrulpr653/clean/crypto_decode_653xint16.c b/crypto_kem/ntrulpr653/clean/crypto_decode_653xint16.c index e2299739..22634823 100644 --- a/crypto_kem/ntrulpr653/clean/crypto_decode_653xint16.c +++ b/crypto_kem/ntrulpr653/clean/crypto_decode_653xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_decode_653xint16(void *v, const unsigned ch for (i = 0; i < 653; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/ntrulpr653/clean/crypto_encode_256x16.c b/crypto_kem/ntrulpr653/clean/crypto_encode_256x16.c index c985088c..8f425feb 100644 --- a/crypto_kem/ntrulpr653/clean/crypto_encode_256x16.c +++ b/crypto_kem/ntrulpr653/clean/crypto_encode_256x16.c @@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_256x16(unsigned char *s, const void const unsigned char *T = v; int i; for (i = 0; i < 128; ++i) { - s[i] = T[2 * i] + (T[2 * i + 1] << 4); + s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4)); } } diff --git a/crypto_kem/ntrulpr653/clean/crypto_encode_256x2.c b/crypto_kem/ntrulpr653/clean/crypto_encode_256x2.c index 4ab11cd7..d09e48af 100644 --- a/crypto_kem/ntrulpr653/clean/crypto_encode_256x2.c +++ b/crypto_kem/ntrulpr653/clean/crypto_encode_256x2.c @@ -8,6 +8,6 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_256x2(unsigned char *s, const void * s[i] = 0; } for (i = 0; i < 256; ++i) { - s[i >> 3] |= (r[i] & 1) << (i & 7); + s[i >> 3] |= (unsigned char) ((r[i] & 1) << (i & 7)); } } diff --git a/crypto_kem/ntrulpr653/clean/crypto_encode_653x1541.c b/crypto_kem/ntrulpr653/clean/crypto_encode_653x1541.c index 1862de4c..77a5cde1 100644 --- a/crypto_kem/ntrulpr653/clean/crypto_encode_653x1541.c +++ b/crypto_kem/ntrulpr653/clean/crypto_encode_653x1541.c @@ -15,24 +15,24 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(unsigned char *out, const v uint32 r2; for (i = 0; i < 326; ++i) { - r0 = (((R0[2 * i] + 2310) & 16383) * 10923) >> 15; - r1 = (((R0[2 * i + 1] + 2310) & 16383) * 10923) >> 15; + r0 = (uint16) ((((R0[2 * i] + 2310) & 16383) * 10923) >> 15); + r1 = (uint16) ((((R0[2 * i + 1] + 2310) & 16383) * 10923) >> 15); r2 = r0 + r1 * (uint32)1541; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } - R[326] = (((R0[652] + 2310) & 16383) * 10923) >> 15; + R[326] = (uint16) ((((R0[652] + 2310) & 16383) * 10923) >> 15); for (i = 0; i < 163; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)9277; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[163] = R[326]; @@ -40,29 +40,29 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(unsigned char *out, const v r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1314; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 41; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)6745; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 20; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)695; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[20] = R[40]; @@ -70,9 +70,9 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(unsigned char *out, const v r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1887; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[10] = R[20]; @@ -80,11 +80,11 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(unsigned char *out, const v r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)13910; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[5] = R[10]; @@ -92,36 +92,36 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(unsigned char *out, const v r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[4]; r1 = R[5]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[2] = r2; + R[2] = (uint16) r2; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)134; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)71; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/ntrulpr653/clean/crypto_encode_653x1541round.c b/crypto_kem/ntrulpr653/clean/crypto_encode_653x1541round.c index a4b969c4..2361d1c2 100644 --- a/crypto_kem/ntrulpr653/clean/crypto_encode_653x1541round.c +++ b/crypto_kem/ntrulpr653/clean/crypto_encode_653x1541round.c @@ -11,7 +11,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541round(unsigned char *out, co int i; for (i = 0; i < p; ++i) { - x[i] = 3 * ((10923 * a[i] + 16384) >> 15); + x[i] = (int16) (3 * ((10923 * a[i] + 16384) >> 15)); } PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x1541(out, x); } diff --git a/crypto_kem/ntrulpr653/clean/crypto_encode_653x3.c b/crypto_kem/ntrulpr653/clean/crypto_encode_653x3.c index 34f1f6c4..2dc3dffc 100644 --- a/crypto_kem/ntrulpr653/clean/crypto_encode_653x3.c +++ b/crypto_kem/ntrulpr653/clean/crypto_encode_653x3.c @@ -11,9 +11,9 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653x3(unsigned char *s, const void * for (i = 0; i < p / 4; ++i) { x = *f++ + 1; - x += (*f++ + 1) << 2; - x += (*f++ + 1) << 4; - x += (*f++ + 1) << 6; + x += (uint8) ((*f++ + 1) << 2); + x += (uint8) ((*f++ + 1) << 4); + x += (uint8) ((*f++ + 1) << 6); *s++ = x; } x = *f++ + 1; diff --git a/crypto_kem/ntrulpr653/clean/crypto_encode_653xint16.c b/crypto_kem/ntrulpr653/clean/crypto_encode_653xint16.c index 6bb71b20..70193303 100644 --- a/crypto_kem/ntrulpr653/clean/crypto_encode_653xint16.c +++ b/crypto_kem/ntrulpr653/clean/crypto_encode_653xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR653_CLEAN_crypto_encode_653xint16(unsigned char *s, const vo for (i = 0; i < 653; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/ntrulpr653/clean/kem.c b/crypto_kem/ntrulpr653/clean/kem.c index 6d4eaa4a..a4970a69 100644 --- a/crypto_kem/ntrulpr653/clean/kem.c +++ b/crypto_kem/ntrulpr653/clean/kem.c @@ -18,7 +18,7 @@ /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -38,24 +38,24 @@ typedef int16 Fq; /* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */ /* assumes twos complement; use, e.g., gcc -fwrapv */ static Fq Fq_freeze(int32 x) { - x -= q * ((q18 * x) >> 18); - x -= q * ((q27 * x + 67108864) >> 27); - return x; + x -= (int32) (q * ((q18 * x) >> 18)); + x -= (int32) (q * ((q27 * x + 67108864) >> 27)); + return (Fq) x; } /* works for all uint32 x */ static Fq Fq_bigfreeze(uint32 x) { - x -= q * ((x * (uint64)q31) >> 31); - x -= q * ((x * (uint64)q31) >> 31); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); x -= q; x += (-(x >> 31)) & (uint32)q; - return x; + return (Fq) x; } /* ----- Top and Right */ static int8 Top(Fq C) { - return (tau1 * (int32)(C + tau0) + 16384) >> 15; + return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15); } static Fq Right(int8 T) { @@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) { } PQCLEAN_NTRULPR653_CLEAN_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR653_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha int8 T[I]; Top_decode(T, c + Rounded_bytes); for (i = 0; i < I; ++i) { - r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); + r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); } } } @@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR653_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha Hide(cnew, x, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Inputs_bytes; ++i) { - x[1 + i] ^= mask & (x[1 + i] ^ rho[i]); + x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i])); } for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Inputs_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/ntrulpr761/avx2/Makefile b/crypto_kem/ntrulpr761/avx2/Makefile index 053dd074..d0da86f6 100644 --- a/crypto_kem/ntrulpr761/avx2/Makefile +++ b/crypto_kem/ntrulpr761/avx2/Makefile @@ -4,7 +4,7 @@ LIB=libntrulpr761_avx2.a HEADERS=api.h crypto_core_multsntrup761.h crypto_core_multsntrup761_ntt.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_761x1531.h crypto_decode_761x3.h crypto_decode_761xint16.h crypto_decode_761xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_761x1531.h crypto_encode_761x1531round.h crypto_encode_761x3.h crypto_encode_761xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1167.h params.h OBJECTS=crypto_core_multsntrup761.o crypto_core_multsntrup761_ntt.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_761x1531.o crypto_decode_761x3.o crypto_decode_761xint16.o crypto_decode_761xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_761x1531.o crypto_encode_761x1531round.o crypto_encode_761x3.o crypto_encode_761xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1167.o kem.o -CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/ntrulpr761/avx2/crypto_core_multsntrup761.c b/crypto_kem/ntrulpr761/avx2/crypto_core_multsntrup761.c index b38397a3..c5a1ce0d 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_core_multsntrup761.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_core_multsntrup761.c @@ -291,9 +291,9 @@ int PQCLEAN_NTRULPR761_AVX2_crypto_core_multsntrup761(unsigned char *outbytes, c store_x16(&f[i], x); } for (i = 0; i < p; ++i) { - int8 gi = kbytes[i]; + int8 gi = (int8) kbytes[i]; int8 gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (int16) (gi0 - (gi & (gi0 << 1))); } mult768(fg, f, g); diff --git a/crypto_kem/ntrulpr761/avx2/crypto_decode_256x2.c b/crypto_kem/ntrulpr761/avx2/crypto_decode_256x2.c index defc1b76..dd58d199 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_decode_256x2.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_decode_256x2.c @@ -3,7 +3,7 @@ #include #define COPY _mm256_set_epi64x(0x0303030303030303,0x0202020202020202,0x0101010101010101,0x0000000000000000) -#define MASK _mm256_set1_epi64x(0x8040201008040201) +#define MASK _mm256_set1_epi64x((int64_t) 0x8040201008040201) #define MASK2 _mm256_set1_epi64x(0x0101010101010101) void PQCLEAN_NTRULPR761_AVX2_crypto_decode_256x2(void *v, const unsigned char *s) { diff --git a/crypto_kem/ntrulpr761/avx2/crypto_decode_761x1531.c b/crypto_kem/ntrulpr761/avx2/crypto_decode_761x1531.c index 3b373183..730bd88c 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_decode_761x1531.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_decode_761x1531.c @@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) { } static inline int16 mulhi(int16 x, int16 y) { - return (x * (int32)y) >> 16; + return (int16) ((x * (int32)y) >> 16); } static inline __m256i add(__m256i x, __m256i y) { @@ -78,7 +78,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 60) - mulhi(mullo(a0, -28292), 593); /* -297...311 */ a0 += s[1 * i + 0]; /* -297...566 */ a0 += (a0 >> 15) & 593; /* 0...592 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -31055); /* invalid inputs might need reduction mod 1500 */ @@ -100,7 +100,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 672) - mulhi(mullo(a0, -2692), 6232); /* -3148...3152 */ a0 += s[2 * i + 0]; /* -3148...3407 */ a0 += (a0 >> 15) & 6232; /* 0...6231 */ - a1 = (a2 << 13) + (s[2 * i + 1] << 5) + ((s[2 * i] - a0) >> 3); + a1 = (int16) ((a2 << 13) + (s[2 * i + 1] << 5) + ((s[2 * i] - a0) >> 3)); a1 = mullo(a1, 12451); /* invalid inputs might need reduction mod 6232 */ @@ -119,7 +119,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, -476) - mulhi(mullo(a0, -13284), 1263); /* -751...631 */ a0 += s[1 * i + 0]; /* -751...886 */ a0 += (a0 >> 15) & 1263; /* 0...1262 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -22001); /* invalid inputs might need reduction mod 304 */ @@ -134,7 +134,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, -476) - mulhi(mullo(a0, -13284), 1263); /* -751...631 */ a0 += s[1 * i + 0]; /* -751...886 */ a0 += (a0 >> 15) & 1263; /* 0...1262 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -22001); /* invalid inputs might need reduction mod 1263 */ @@ -155,7 +155,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 2348) - mulhi(mullo(a0, -1844), 9097); /* -4712...4741 */ a0 += s[2 * i + 0]; /* -4712...4996 */ a0 += (a0 >> 15) & 9097; /* 0...9096 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, 17081); /* invalid inputs might need reduction mod 2188 */ @@ -172,7 +172,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 2348) - mulhi(mullo(a0, -1844), 9097); /* -4712...4741 */ a0 += s[2 * i + 0]; /* -4712...4996 */ a0 += (a0 >> 15) & 9097; /* 0...9096 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, 17081); /* invalid inputs might need reduction mod 9097 */ @@ -191,7 +191,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 372) - mulhi(mullo(a0, -10994), 1526); /* -763...856 */ a0 += s[1 * i + 0]; /* -763...1111 */ a0 += (a0 >> 15) & 1526; /* 0...1525 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, -18381); /* invalid inputs might need reduction mod 367 */ @@ -206,7 +206,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 372) - mulhi(mullo(a0, -10994), 1526); /* -763...856 */ a0 += s[1 * i + 0]; /* -763...1111 */ a0 += (a0 >> 15) & 1526; /* 0...1525 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, -18381); /* invalid inputs might need reduction mod 1526 */ @@ -225,7 +225,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, -284) - mulhi(mullo(a0, -26844), 625); /* -384...312 */ a0 += s[1 * i + 0]; /* -384...567 */ a0 += (a0 >> 15) & 625; /* 0...624 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 32401); /* invalid inputs might need reduction mod 150 */ @@ -276,7 +276,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 2816) - mulhi(mullo(a0, -2621), 6400); /* -3338...3378 */ a0 += s[2 * i + 0]; /* -3338...3633 */ a0 += (a0 >> 15) & 6400; /* 0...6399 */ - a1 = (a2 << 8) + s[2 * i + 1] + ((s[2 * i] - a0) >> 8); + a1 = (int16) ((a2 << 8) + s[2 * i + 1] + ((s[2 * i] - a0) >> 8)); a1 = mullo(a1, 23593); /* invalid inputs might need reduction mod 1531 */ @@ -397,7 +397,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761x1531(void *v, const unsigned char /* R1 ------> R0: reconstruct mod 761*[1531] */ - R0[760] = 3 * R1[380] - 2295; + R0[760] = (int16) (3 * R1[380] - 2295); s -= 380; i = 364; for (;;) { diff --git a/crypto_kem/ntrulpr761/avx2/crypto_decode_761xint16.c b/crypto_kem/ntrulpr761/avx2/crypto_decode_761xint16.c index f72588a9..6c2f717a 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_decode_761xint16.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_decode_761xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_decode_761xint16(void *v, const unsigned cha for (i = 0; i < 761; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/ntrulpr761/avx2/crypto_encode_256x16.c b/crypto_kem/ntrulpr761/avx2/crypto_encode_256x16.c index 3cdf2a1d..073c52e9 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_encode_256x16.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_encode_256x16.c @@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_256x16(unsigned char *s, const void * const unsigned char *T = v; int i; for (i = 0; i < 128; ++i) { - s[i] = T[2 * i] + (T[2 * i + 1] << 4); + s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4)); } } diff --git a/crypto_kem/ntrulpr761/avx2/crypto_encode_256x2.c b/crypto_kem/ntrulpr761/avx2/crypto_encode_256x2.c index 5bafef06..46c6ae54 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_encode_256x2.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_encode_256x2.c @@ -29,60 +29,60 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_256x2(unsigned char *s, const void *v int32_t c5 = _mm256_movemask_epi8(b5); int32_t c6 = _mm256_movemask_epi8(b6); int32_t c7 = _mm256_movemask_epi8(b7); - *s++ = c0; + *s++ = (unsigned char) c0; c0 >>= 8; - *s++ = c0; + *s++ = (unsigned char) c0; c0 >>= 8; - *s++ = c0; + *s++ = (unsigned char) c0; c0 >>= 8; - *s++ = c0; - *s++ = c1; + *s++ = (unsigned char) c0; + *s++ = (unsigned char) c1; c1 >>= 8; - *s++ = c1; + *s++ = (unsigned char) c1; c1 >>= 8; - *s++ = c1; + *s++ = (unsigned char) c1; c1 >>= 8; - *s++ = c1; - *s++ = c2; + *s++ = (unsigned char) c1; + *s++ = (unsigned char) c2; c2 >>= 8; - *s++ = c2; + *s++ = (unsigned char) c2; c2 >>= 8; - *s++ = c2; + *s++ = (unsigned char) c2; c2 >>= 8; - *s++ = c2; - *s++ = c3; + *s++ = (unsigned char) c2; + *s++ = (unsigned char) c3; c3 >>= 8; - *s++ = c3; + *s++ = (unsigned char) c3; c3 >>= 8; - *s++ = c3; + *s++ = (unsigned char) c3; c3 >>= 8; - *s++ = c3; - *s++ = c4; + *s++ = (unsigned char) c3; + *s++ = (unsigned char) c4; c4 >>= 8; - *s++ = c4; + *s++ = (unsigned char) c4; c4 >>= 8; - *s++ = c4; + *s++ = (unsigned char) c4; c4 >>= 8; - *s++ = c4; - *s++ = c5; + *s++ = (unsigned char) c4; + *s++ = (unsigned char) c5; c5 >>= 8; - *s++ = c5; + *s++ = (unsigned char) c5; c5 >>= 8; - *s++ = c5; + *s++ = (unsigned char) c5; c5 >>= 8; - *s++ = c5; - *s++ = c6; + *s++ = (unsigned char) c5; + *s++ = (unsigned char) c6; c6 >>= 8; - *s++ = c6; + *s++ = (unsigned char) c6; c6 >>= 8; - *s++ = c6; + *s++ = (unsigned char) c6; c6 >>= 8; - *s++ = c6; - *s++ = c7; + *s++ = (unsigned char) c6; + *s++ = (unsigned char) c7; c7 >>= 8; - *s++ = c7; + *s++ = (unsigned char) c7; c7 >>= 8; - *s++ = c7; + *s++ = (unsigned char) c7; c7 >>= 8; - *s++ = c7; + *s++ = (unsigned char) c7; } diff --git a/crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531.c b/crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531.c index 8726b5ba..b9cb299e 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531.c @@ -42,26 +42,26 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531(unsigned char *out, const vo )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[380] = (((R0[760] + 2295) & 16383) * 10923) >> 15; + R[380] = (uint16) ((((R0[760] + 2295) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -124,22 +124,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531(unsigned char *out, const vo )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -195,22 +195,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531(unsigned char *out, const vo )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -237,22 +237,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531(unsigned char *out, const vo )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -261,41 +261,41 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)9097; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1263; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)6232; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)593; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531round.c b/crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531round.c index e1f96889..bd73145b 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531round.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_encode_761x1531round.c @@ -44,26 +44,26 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531round(unsigned char *out, con )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[380] = (((3 * ((10923 * R0[760] + 16384) >> 15) + 2295) & 16383) * 10923) >> 15; + R[380] = (uint16) ((((3 * ((10923 * R0[760] + 16384) >> 15) + 2295) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -126,22 +126,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531round(unsigned char *out, con )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -197,22 +197,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531round(unsigned char *out, con )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -239,22 +239,22 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531round(unsigned char *out, con )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -263,41 +263,41 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761x1531round(unsigned char *out, con r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)9097; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1263; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)6232; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)593; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/ntrulpr761/avx2/crypto_encode_761xint16.c b/crypto_kem/ntrulpr761/avx2/crypto_encode_761xint16.c index cc86a098..8894a09d 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_encode_761xint16.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_encode_761xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR761_AVX2_crypto_encode_761xint16(unsigned char *s, const voi for (i = 0; i < 761; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c b/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c index ac82d1a4..14a400a7 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_sort_int32.c @@ -44,7 +44,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) { int32x8_MINMAX(x0, y0); int32x8_store(x + n - 8, x0); int32x8_store(y + n - 8, y0); - n &= ~7; + n &= ~(size_t) 7; } do { int32x8 x0 = int32x8_load(x); diff --git a/crypto_kem/ntrulpr761/avx2/crypto_verify_1167.c b/crypto_kem/ntrulpr761/avx2/crypto_verify_1167.c index 17c1da57..5fa3f002 100644 --- a/crypto_kem/ntrulpr761/avx2/crypto_verify_1167.c +++ b/crypto_kem/ntrulpr761/avx2/crypto_verify_1167.c @@ -27,10 +27,10 @@ int PQCLEAN_NTRULPR761_AVX2_crypto_verify_1167(const unsigned char *x, const uns diff |= _mm256_srli_epi32(diff, 16); diff |= _mm256_srli_epi64(diff, 32); - differentbits = _mm256_extract_epi8(diff, 0); - differentbits |= _mm256_extract_epi8(diff, 8); - differentbits |= _mm256_extract_epi8(diff, 16); - differentbits |= _mm256_extract_epi8(diff, 24); + differentbits = (unsigned int) _mm256_extract_epi8(diff, 0); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 8); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 16); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 24); return (int) (1 & ((differentbits - 1) >> 8)) - 1; } diff --git a/crypto_kem/ntrulpr761/avx2/kem.c b/crypto_kem/ntrulpr761/avx2/kem.c index e42cf7d0..cedf347e 100644 --- a/crypto_kem/ntrulpr761/avx2/kem.c +++ b/crypto_kem/ntrulpr761/avx2/kem.c @@ -18,7 +18,7 @@ /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -38,24 +38,24 @@ typedef int16 Fq; /* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */ /* assumes twos complement; use, e.g., gcc -fwrapv */ static Fq Fq_freeze(int32 x) { - x -= q * ((q18 * x) >> 18); - x -= q * ((q27 * x + 67108864) >> 27); - return x; + x -= (int32) (q * ((q18 * x) >> 18)); + x -= (int32) (q * ((q27 * x + 67108864) >> 27)); + return (Fq) x; } /* works for all uint32 x */ static Fq Fq_bigfreeze(uint32 x) { - x -= q * ((x * (uint64)q31) >> 31); - x -= q * ((x * (uint64)q31) >> 31); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); x -= q; x += (-(x >> 31)) & (uint32)q; - return x; + return (Fq) x; } /* ----- Top and Right */ static int8 Top(Fq C) { - return (tau1 * (int32)(C + tau0) + 16384) >> 15; + return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15); } static Fq Right(int8 T) { @@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) { } PQCLEAN_NTRULPR761_AVX2_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR761_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char int8 T[I]; Top_decode(T, c + Rounded_bytes); for (i = 0; i < I; ++i) { - r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); + r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); } } } @@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR761_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char Hide(cnew, x, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Inputs_bytes; ++i) { - x[1 + i] ^= mask & (x[1 + i] ^ rho[i]); + x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i])); } for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Inputs_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/ntrulpr761/clean/Makefile b/crypto_kem/ntrulpr761/clean/Makefile index b1efe00b..5a6bbbc5 100644 --- a/crypto_kem/ntrulpr761/clean/Makefile +++ b/crypto_kem/ntrulpr761/clean/Makefile @@ -4,7 +4,7 @@ LIB=libntrulpr761_clean.a HEADERS=api.h crypto_core_multsntrup761.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_761x1531.h crypto_decode_761x3.h crypto_decode_761xint16.h crypto_decode_761xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_761x1531.h crypto_encode_761x1531round.h crypto_encode_761x3.h crypto_encode_761xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1167.h params.h OBJECTS=crypto_core_multsntrup761.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_761x1531.o crypto_decode_761x3.o crypto_decode_761xint16.o crypto_decode_761xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_761x1531.o crypto_encode_761x1531round.o crypto_encode_761x3.o crypto_encode_761xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1167.o kem.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/ntrulpr761/clean/crypto_core_multsntrup761.c b/crypto_kem/ntrulpr761/clean/crypto_core_multsntrup761.c index 6fadd821..4c5086f5 100644 --- a/crypto_kem/ntrulpr761/clean/crypto_core_multsntrup761.c +++ b/crypto_kem/ntrulpr761/clean/crypto_core_multsntrup761.c @@ -14,7 +14,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } int PQCLEAN_NTRULPR761_CLEAN_crypto_core_multsntrup761(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) { @@ -30,9 +30,9 @@ int PQCLEAN_NTRULPR761_CLEAN_crypto_core_multsntrup761(unsigned char *outbytes, } for (i = 0; i < p; ++i) { - small gi = kbytes[i]; + small gi = (small) kbytes[i]; small gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (small) (gi0 - (gi & (gi0 << 1))); } for (i = 0; i < p; ++i) { diff --git a/crypto_kem/ntrulpr761/clean/crypto_decode_761x1531.c b/crypto_kem/ntrulpr761/clean/crypto_decode_761x1531.c index fe2c1adb..904358f0 100644 --- a/crypto_kem/ntrulpr761/clean/crypto_decode_761x1531.c +++ b/crypto_kem/ntrulpr761/clean/crypto_decode_761x1531.c @@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q = 0; - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */ /* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */ /* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */ @@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += qpart; /* x <= 49146 */ - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */ /* 0 <= newx <= m + 49146(2^14-1)/2^31 */ /* 0 <= newx <= m + 0.4 */ @@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += mask; /* x < m */ - *r = x; + *r = (uint16) x; } static uint16 uint32_mod_uint14(uint32 x, uint16 m) { @@ -81,14 +81,14 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha r1 = (r1 << 8) | *--s; r1 = (r1 << 8) | *--s; r1 = uint32_mod_uint14(r1, 3475); /* needed only for invalid inputs */ - R10[0] = r1; + R10[0] = (uint16) r1; r2 = R10[0]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 593); R9[0] = r0; r1 = uint32_mod_uint14(r1, 1500); /* needed only for invalid inputs */ - R9[1] = r1; + R9[1] = (uint16) r1; R8[2] = R9[1]; r2 = R9[0]; @@ -97,21 +97,21 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 6232); R8[0] = r0; r1 = uint32_mod_uint14(r1, 6232); /* needed only for invalid inputs */ - R8[1] = r1; + R8[1] = (uint16) r1; r2 = R8[2]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1263); R7[4] = r0; r1 = uint32_mod_uint14(r1, 304); /* needed only for invalid inputs */ - R7[5] = r1; + R7[5] = (uint16) r1; for (i = 1; i >= 0; --i) { r2 = R8[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1263); R7[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1263); /* needed only for invalid inputs */ - R7[2 * i + 1] = r1; + R7[2 * i + 1] = (uint16) r1; } r2 = R7[5]; @@ -120,7 +120,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 9097); R6[10] = r0; r1 = uint32_mod_uint14(r1, 2188); /* needed only for invalid inputs */ - R6[11] = r1; + R6[11] = (uint16) r1; for (i = 4; i >= 0; --i) { r2 = R7[i]; r2 = (r2 << 8) | *--s; @@ -128,7 +128,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 9097); R6[2 * i] = r0; r1 = uint32_mod_uint14(r1, 9097); /* needed only for invalid inputs */ - R6[2 * i + 1] = r1; + R6[2 * i + 1] = (uint16) r1; } r2 = R6[11]; @@ -136,14 +136,14 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 1526); R5[22] = r0; r1 = uint32_mod_uint14(r1, 367); /* needed only for invalid inputs */ - R5[23] = r1; + R5[23] = (uint16) r1; for (i = 10; i >= 0; --i) { r2 = R6[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1526); R5[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1526); /* needed only for invalid inputs */ - R5[2 * i + 1] = r1; + R5[2 * i + 1] = (uint16) r1; } r2 = R5[23]; @@ -151,14 +151,14 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 625); R4[46] = r0; r1 = uint32_mod_uint14(r1, 150); /* needed only for invalid inputs */ - R4[47] = r1; + R4[47] = (uint16) r1; for (i = 22; i >= 0; --i) { r2 = R5[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 625); R4[2 * i] = r0; r1 = uint32_mod_uint14(r1, 625); /* needed only for invalid inputs */ - R4[2 * i + 1] = r1; + R4[2 * i + 1] = (uint16) r1; } r2 = R4[47]; @@ -167,7 +167,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 6400); R3[94] = r0; r1 = uint32_mod_uint14(r1, 1531); /* needed only for invalid inputs */ - R3[95] = r1; + R3[95] = (uint16) r1; for (i = 46; i >= 0; --i) { r2 = R4[i]; r2 = (r2 << 8) | *--s; @@ -175,7 +175,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 6400); R3[2 * i] = r0; r1 = uint32_mod_uint14(r1, 6400); /* needed only for invalid inputs */ - R3[2 * i + 1] = r1; + R3[2 * i + 1] = (uint16) r1; } R2[190] = R3[95]; @@ -185,7 +185,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 1280); R2[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1280); /* needed only for invalid inputs */ - R2[2 * i + 1] = r1; + R2[2 * i + 1] = (uint16) r1; } R1[380] = R2[190]; @@ -196,16 +196,16 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761x1531(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 9157); R1[2 * i] = r0; r1 = uint32_mod_uint14(r1, 9157); /* needed only for invalid inputs */ - R1[2 * i + 1] = r1; + R1[2 * i + 1] = (uint16) r1; } - R0[760] = 3 * R1[380] - 2295; + R0[760] = (int16) (3 * R1[380] - 2295); for (i = 379; i >= 0; --i) { r2 = R1[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1531); - R0[2 * i] = 3 * r0 - 2295; + R0[2 * i] = (int16) (3 * r0 - 2295); r1 = uint32_mod_uint14(r1, 1531); /* needed only for invalid inputs */ - R0[2 * i + 1] = 3 * r1 - 2295; + R0[2 * i + 1] = (int16) (3 * r1 - 2295); } } diff --git a/crypto_kem/ntrulpr761/clean/crypto_decode_761xint16.c b/crypto_kem/ntrulpr761/clean/crypto_decode_761xint16.c index d13db387..b506fcc9 100644 --- a/crypto_kem/ntrulpr761/clean/crypto_decode_761xint16.c +++ b/crypto_kem/ntrulpr761/clean/crypto_decode_761xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_decode_761xint16(void *v, const unsigned ch for (i = 0; i < 761; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/ntrulpr761/clean/crypto_encode_256x16.c b/crypto_kem/ntrulpr761/clean/crypto_encode_256x16.c index c3f825b9..af79cc4f 100644 --- a/crypto_kem/ntrulpr761/clean/crypto_encode_256x16.c +++ b/crypto_kem/ntrulpr761/clean/crypto_encode_256x16.c @@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_256x16(unsigned char *s, const void const unsigned char *T = v; int i; for (i = 0; i < 128; ++i) { - s[i] = T[2 * i] + (T[2 * i + 1] << 4); + s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4)); } } diff --git a/crypto_kem/ntrulpr761/clean/crypto_encode_256x2.c b/crypto_kem/ntrulpr761/clean/crypto_encode_256x2.c index ff31479e..51701ea5 100644 --- a/crypto_kem/ntrulpr761/clean/crypto_encode_256x2.c +++ b/crypto_kem/ntrulpr761/clean/crypto_encode_256x2.c @@ -8,6 +8,6 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_256x2(unsigned char *s, const void * s[i] = 0; } for (i = 0; i < 256; ++i) { - s[i >> 3] |= (r[i] & 1) << (i & 7); + s[i >> 3] |= (unsigned char) ((r[i] & 1) << (i & 7)); } } diff --git a/crypto_kem/ntrulpr761/clean/crypto_encode_761x1531.c b/crypto_kem/ntrulpr761/clean/crypto_encode_761x1531.c index 74243957..e8750688 100644 --- a/crypto_kem/ntrulpr761/clean/crypto_encode_761x1531.c +++ b/crypto_kem/ntrulpr761/clean/crypto_encode_761x1531.c @@ -15,24 +15,24 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x1531(unsigned char *out, const v uint32 r2; for (i = 0; i < 380; ++i) { - r0 = (((R0[2 * i] + 2295) & 16383) * 10923) >> 15; - r1 = (((R0[2 * i + 1] + 2295) & 16383) * 10923) >> 15; + r0 = (uint16) ((((R0[2 * i] + 2295) & 16383) * 10923) >> 15); + r1 = (uint16) ((((R0[2 * i + 1] + 2295) & 16383) * 10923) >> 15); r2 = r0 + r1 * (uint32)1531; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } - R[380] = (((R0[760] + 2295) & 16383) * 10923) >> 15; + R[380] = (uint16) ((((R0[760] + 2295) & 16383) * 10923) >> 15); for (i = 0; i < 190; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)9157; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[190] = R[380]; @@ -40,9 +40,9 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x1531(unsigned char *out, const v r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1280; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[95] = R[190]; @@ -50,70 +50,70 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x1531(unsigned char *out, const v r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)6400; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 24; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)625; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 12; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1526; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 6; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)9097; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1263; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)6232; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)593; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/ntrulpr761/clean/crypto_encode_761x1531round.c b/crypto_kem/ntrulpr761/clean/crypto_encode_761x1531round.c index 101283b5..eefb4275 100644 --- a/crypto_kem/ntrulpr761/clean/crypto_encode_761x1531round.c +++ b/crypto_kem/ntrulpr761/clean/crypto_encode_761x1531round.c @@ -11,7 +11,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x1531round(unsigned char *out, co int i; for (i = 0; i < p; ++i) { - x[i] = 3 * ((10923 * a[i] + 16384) >> 15); + x[i] = (int16) (3 * ((10923 * a[i] + 16384) >> 15)); } PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x1531(out, x); } diff --git a/crypto_kem/ntrulpr761/clean/crypto_encode_761x3.c b/crypto_kem/ntrulpr761/clean/crypto_encode_761x3.c index 53cf0e21..7f9bd4d4 100644 --- a/crypto_kem/ntrulpr761/clean/crypto_encode_761x3.c +++ b/crypto_kem/ntrulpr761/clean/crypto_encode_761x3.c @@ -11,9 +11,9 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761x3(unsigned char *s, const void * for (i = 0; i < p / 4; ++i) { x = *f++ + 1; - x += (*f++ + 1) << 2; - x += (*f++ + 1) << 4; - x += (*f++ + 1) << 6; + x += (uint8) ((*f++ + 1) << 2); + x += (uint8) ((*f++ + 1) << 4); + x += (uint8) ((*f++ + 1) << 6); *s++ = x; } x = *f++ + 1; diff --git a/crypto_kem/ntrulpr761/clean/crypto_encode_761xint16.c b/crypto_kem/ntrulpr761/clean/crypto_encode_761xint16.c index ec3d1541..8cbb2e9f 100644 --- a/crypto_kem/ntrulpr761/clean/crypto_encode_761xint16.c +++ b/crypto_kem/ntrulpr761/clean/crypto_encode_761xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR761_CLEAN_crypto_encode_761xint16(unsigned char *s, const vo for (i = 0; i < 761; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/ntrulpr761/clean/kem.c b/crypto_kem/ntrulpr761/clean/kem.c index 16f24b4a..b3c55589 100644 --- a/crypto_kem/ntrulpr761/clean/kem.c +++ b/crypto_kem/ntrulpr761/clean/kem.c @@ -18,7 +18,7 @@ /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -38,24 +38,24 @@ typedef int16 Fq; /* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */ /* assumes twos complement; use, e.g., gcc -fwrapv */ static Fq Fq_freeze(int32 x) { - x -= q * ((q18 * x) >> 18); - x -= q * ((q27 * x + 67108864) >> 27); - return x; + x -= (int32) (q * ((q18 * x) >> 18)); + x -= (int32) (q * ((q27 * x + 67108864) >> 27)); + return (Fq) x; } /* works for all uint32 x */ static Fq Fq_bigfreeze(uint32 x) { - x -= q * ((x * (uint64)q31) >> 31); - x -= q * ((x * (uint64)q31) >> 31); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); x -= q; x += (-(x >> 31)) & (uint32)q; - return x; + return (Fq) x; } /* ----- Top and Right */ static int8 Top(Fq C) { - return (tau1 * (int32)(C + tau0) + 16384) >> 15; + return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15); } static Fq Right(int8 T) { @@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) { } PQCLEAN_NTRULPR761_CLEAN_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR761_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha int8 T[I]; Top_decode(T, c + Rounded_bytes); for (i = 0; i < I; ++i) { - r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); + r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); } } } @@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR761_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha Hide(cnew, x, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Inputs_bytes; ++i) { - x[1 + i] ^= mask & (x[1 + i] ^ rho[i]); + x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i])); } for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Inputs_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/ntrulpr857/avx2/Makefile b/crypto_kem/ntrulpr857/avx2/Makefile index e4918b62..654e4a83 100644 --- a/crypto_kem/ntrulpr857/avx2/Makefile +++ b/crypto_kem/ntrulpr857/avx2/Makefile @@ -4,7 +4,7 @@ LIB=libntrulpr857_avx2.a HEADERS=api.h crypto_core_multsntrup857.h crypto_core_multsntrup857_ntt.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_857x1723.h crypto_decode_857x3.h crypto_decode_857xint16.h crypto_decode_857xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_857x1723.h crypto_encode_857x1723round.h crypto_encode_857x3.h crypto_encode_857xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1312.h params.h OBJECTS=crypto_core_multsntrup857.o crypto_core_multsntrup857_ntt.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_857x1723.o crypto_decode_857x3.o crypto_decode_857xint16.o crypto_decode_857xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_857x1723.o crypto_encode_857x1723round.o crypto_encode_857x3.o crypto_encode_857xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1312.o kem.o -CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/ntrulpr857/avx2/crypto_core_multsntrup857.c b/crypto_kem/ntrulpr857/avx2/crypto_core_multsntrup857.c index 674fa8e3..9138df20 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_core_multsntrup857.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_core_multsntrup857.c @@ -398,9 +398,9 @@ int PQCLEAN_NTRULPR857_AVX2_crypto_core_multsntrup857(unsigned char *outbytes, c store_x16(&f[i], x); } for (i = 0; i < p; ++i) { - int8 gi = kbytes[i]; + int8 gi = (int8) kbytes[i]; int8 gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (int8) (gi0 - (gi & (gi0 << 1))); } mult1024(fg, f, g); diff --git a/crypto_kem/ntrulpr857/avx2/crypto_decode_256x2.c b/crypto_kem/ntrulpr857/avx2/crypto_decode_256x2.c index 58051a54..ca8da2c4 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_decode_256x2.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_decode_256x2.c @@ -3,7 +3,7 @@ #include #define COPY _mm256_set_epi64x(0x0303030303030303,0x0202020202020202,0x0101010101010101,0x0000000000000000) -#define MASK _mm256_set1_epi64x(0x8040201008040201) +#define MASK _mm256_set1_epi64x((int64_t) 0x8040201008040201) #define MASK2 _mm256_set1_epi64x(0x0101010101010101) void PQCLEAN_NTRULPR857_AVX2_crypto_decode_256x2(void *v, const unsigned char *s) { diff --git a/crypto_kem/ntrulpr857/avx2/crypto_decode_857x1723.c b/crypto_kem/ntrulpr857/avx2/crypto_decode_857x1723.c index ff768213..f76abc32 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_decode_857x1723.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_decode_857x1723.c @@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) { } static inline int16 mulhi(int16 x, int16 y) { - return (x * (int32)y) >> 16; + return (int16) ((x * (int32)y) >> 16); } static inline __m256i add(__m256i x, __m256i y) { @@ -79,7 +79,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 = mulhi(a0, 276) - mulhi(mullo(a0, -22580), 743); /* -374...374 */ a0 += s[2 * i + 0]; /* -374...629 */ a0 += (a0 >> 15) & 743; /* 0...742 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -3881); /* invalid inputs might need reduction mod 14044 */ @@ -100,7 +100,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 436; /* -670..>37 */ a0 += (a0 >> 15) & 436; /* -234...435 */ a0 += (a0 >> 15) & 436; /* 0...435 */ - a1 = (a2 << 6) + ((s[i] - a0) >> 2); + a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2)); a1 = mullo(a1, 2405); /* invalid inputs might need reduction mod 8246 */ @@ -117,7 +117,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 436; /* -670..>37 */ a0 += (a0 >> 15) & 436; /* -234...435 */ a0 += (a0 >> 15) & 436; /* 0...435 */ - a1 = (a2 << 6) + ((s[i] - a0) >> 2); + a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2)); a1 = mullo(a1, 2405); /* invalid inputs might need reduction mod 436 */ @@ -139,7 +139,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 334; /* -501..>103 */ a0 += (a0 >> 15) & 334; /* -167...333 */ a0 += (a0 >> 15) & 334; /* 0...333 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, -22761); /* invalid inputs might need reduction mod 334 */ @@ -160,7 +160,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 292; /* -438..>125 */ a0 += (a0 >> 15) & 292; /* -146...291 */ a0 += (a0 >> 15) & 292; /* 0...291 */ - a1 = (a2 << 6) + ((s[i] - a0) >> 2); + a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2)); a1 = mullo(a1, -3591); /* invalid inputs might need reduction mod 7229 */ @@ -177,7 +177,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 292; /* -438..>125 */ a0 += (a0 >> 15) & 292; /* -146...291 */ a0 += (a0 >> 15) & 292; /* 0...291 */ - a1 = (a2 << 6) + ((s[i] - a0) >> 2); + a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2)); a1 = mullo(a1, -3591); /* invalid inputs might need reduction mod 292 */ @@ -199,7 +199,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 273; /* -410..>118 */ a0 += (a0 >> 15) & 273; /* -137...272 */ a0 += (a0 >> 15) & 273; /* 0...272 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 4081); /* invalid inputs might need reduction mod 273 */ @@ -218,7 +218,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 = mulhi(a0, -259) - mulhi(mullo(a0, -3971), 4225); /* -2178...2112 */ a0 += s[1 * i + 0]; /* -2178...2367 */ a0 += (a0 >> 15) & 4225; /* 0...4224 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 12161); /* invalid inputs might need reduction mod 438 */ @@ -272,7 +272,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 += s[1 * i + 0]; /* -33...287 */ a0 = mulhi(a0, 16) - mulhi(mullo(a0, -1008), 65); /* -33...32 */ a0 += (a0 >> 15) & 65; /* 0...64 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 4033); /* invalid inputs might need reduction mod 1723 */ @@ -391,7 +391,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857x1723(void *v, const unsigned char /* R1 ------> R0: reconstruct mod 857*[1723] */ - R0[856] = 3 * R1[428] - 2583; + R0[856] = (int16) (3 * R1[428] - 2583); s -= 428; i = 412; for (;;) { diff --git a/crypto_kem/ntrulpr857/avx2/crypto_decode_857xint16.c b/crypto_kem/ntrulpr857/avx2/crypto_decode_857xint16.c index b44dd5b1..f9dc31e6 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_decode_857xint16.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_decode_857xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_decode_857xint16(void *v, const unsigned cha for (i = 0; i < 857; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/ntrulpr857/avx2/crypto_encode_256x16.c b/crypto_kem/ntrulpr857/avx2/crypto_encode_256x16.c index a60c27c6..a1ead4c1 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_encode_256x16.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_encode_256x16.c @@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_256x16(unsigned char *s, const void * const unsigned char *T = v; int i; for (i = 0; i < 128; ++i) { - s[i] = T[2 * i] + (T[2 * i + 1] << 4); + s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4)); } } diff --git a/crypto_kem/ntrulpr857/avx2/crypto_encode_256x2.c b/crypto_kem/ntrulpr857/avx2/crypto_encode_256x2.c index 6220e2ab..f24fae0e 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_encode_256x2.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_encode_256x2.c @@ -29,60 +29,60 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_256x2(unsigned char *s, const void *v int32_t c5 = _mm256_movemask_epi8(b5); int32_t c6 = _mm256_movemask_epi8(b6); int32_t c7 = _mm256_movemask_epi8(b7); - *s++ = c0; + *s++ = (unsigned char) c0; c0 >>= 8; - *s++ = c0; + *s++ = (unsigned char) c0; c0 >>= 8; - *s++ = c0; + *s++ = (unsigned char) c0; c0 >>= 8; - *s++ = c0; - *s++ = c1; + *s++ = (unsigned char) c0; + *s++ = (unsigned char) c1; c1 >>= 8; - *s++ = c1; + *s++ = (unsigned char) c1; c1 >>= 8; - *s++ = c1; + *s++ = (unsigned char) c1; c1 >>= 8; - *s++ = c1; - *s++ = c2; + *s++ = (unsigned char) c1; + *s++ = (unsigned char) c2; c2 >>= 8; - *s++ = c2; + *s++ = (unsigned char) c2; c2 >>= 8; - *s++ = c2; + *s++ = (unsigned char) c2; c2 >>= 8; - *s++ = c2; - *s++ = c3; + *s++ = (unsigned char) c2; + *s++ = (unsigned char) c3; c3 >>= 8; - *s++ = c3; + *s++ = (unsigned char) c3; c3 >>= 8; - *s++ = c3; + *s++ = (unsigned char) c3; c3 >>= 8; - *s++ = c3; - *s++ = c4; + *s++ = (unsigned char) c3; + *s++ = (unsigned char) c4; c4 >>= 8; - *s++ = c4; + *s++ = (unsigned char) c4; c4 >>= 8; - *s++ = c4; + *s++ = (unsigned char) c4; c4 >>= 8; - *s++ = c4; - *s++ = c5; + *s++ = (unsigned char) c4; + *s++ = (unsigned char) c5; c5 >>= 8; - *s++ = c5; + *s++ = (unsigned char) c5; c5 >>= 8; - *s++ = c5; + *s++ = (unsigned char) c5; c5 >>= 8; - *s++ = c5; - *s++ = c6; + *s++ = (unsigned char) c5; + *s++ = (unsigned char) c6; c6 >>= 8; - *s++ = c6; + *s++ = (unsigned char) c6; c6 >>= 8; - *s++ = c6; + *s++ = (unsigned char) c6; c6 >>= 8; - *s++ = c6; - *s++ = c7; + *s++ = (unsigned char) c6; + *s++ = (unsigned char) c7; c7 >>= 8; - *s++ = c7; + *s++ = (unsigned char) c7; c7 >>= 8; - *s++ = c7; + *s++ = (unsigned char) c7; c7 >>= 8; - *s++ = c7; + *s++ = (unsigned char) c7; } diff --git a/crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723.c b/crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723.c index 0fce803b..0ea0103d 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723.c @@ -42,26 +42,26 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[428] = (((R0[856] + 2583) & 16383) * 10923) >> 15; + R[428] = (uint16) ((((R0[856] + 2583) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -145,14 +145,14 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)65; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[106]; r1 = R[107]; r2 = r0 + r1 * (uint32)65; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[53] = r2; + R[53] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -194,9 +194,9 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo r0 = R[52]; r1 = R[53]; r2 = r0 + r1 * (uint32)4225; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[26] = r2; + R[26] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -220,22 +220,22 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -245,18 +245,18 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)292; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)334; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[3] = R[6]; @@ -264,20 +264,20 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)436; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)743; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723round.c b/crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723round.c index 48343d4f..946000c0 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723round.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_encode_857x1723round.c @@ -44,26 +44,26 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[428] = (((3 * ((10923 * R0[856] + 16384) >> 15) + 2583) & 16383) * 10923) >> 15; + R[428] = (uint16) ((((3 * ((10923 * R0[856] + 16384) >> 15) + 2583) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -147,14 +147,14 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)65; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[106]; r1 = R[107]; r2 = r0 + r1 * (uint32)65; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[53] = r2; + R[53] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -196,9 +196,9 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con r0 = R[52]; r1 = R[53]; r2 = r0 + r1 * (uint32)4225; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[26] = r2; + R[26] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -222,22 +222,22 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -247,18 +247,18 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)292; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)334; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[3] = R[6]; @@ -266,20 +266,20 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857x1723round(unsigned char *out, con r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)436; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)743; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/ntrulpr857/avx2/crypto_encode_857xint16.c b/crypto_kem/ntrulpr857/avx2/crypto_encode_857xint16.c index 136c7990..61cda598 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_encode_857xint16.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_encode_857xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR857_AVX2_crypto_encode_857xint16(unsigned char *s, const voi for (i = 0; i < 857; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c b/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c index 84544dc6..878ef932 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_sort_int32.c @@ -44,7 +44,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) { int32x8_MINMAX(x0, y0); int32x8_store(x + n - 8, x0); int32x8_store(y + n - 8, y0); - n &= ~7; + n &= ~(size_t) 7; } do { int32x8 x0 = int32x8_load(x); diff --git a/crypto_kem/ntrulpr857/avx2/crypto_verify_1312.c b/crypto_kem/ntrulpr857/avx2/crypto_verify_1312.c index 950aa37b..53073a5e 100644 --- a/crypto_kem/ntrulpr857/avx2/crypto_verify_1312.c +++ b/crypto_kem/ntrulpr857/avx2/crypto_verify_1312.c @@ -27,10 +27,10 @@ int PQCLEAN_NTRULPR857_AVX2_crypto_verify_1312(const unsigned char *x, const uns diff |= _mm256_srli_epi32(diff, 16); diff |= _mm256_srli_epi64(diff, 32); - differentbits = _mm256_extract_epi8(diff, 0); - differentbits |= _mm256_extract_epi8(diff, 8); - differentbits |= _mm256_extract_epi8(diff, 16); - differentbits |= _mm256_extract_epi8(diff, 24); + differentbits = (unsigned int) _mm256_extract_epi8(diff, 0); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 8); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 16); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 24); return (int) (1 & ((differentbits - 1) >> 8)) - 1; } diff --git a/crypto_kem/ntrulpr857/avx2/kem.c b/crypto_kem/ntrulpr857/avx2/kem.c index 4946b7a1..28b44266 100644 --- a/crypto_kem/ntrulpr857/avx2/kem.c +++ b/crypto_kem/ntrulpr857/avx2/kem.c @@ -18,7 +18,7 @@ /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -38,24 +38,24 @@ typedef int16 Fq; /* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */ /* assumes twos complement; use, e.g., gcc -fwrapv */ static Fq Fq_freeze(int32 x) { - x -= q * ((q18 * x) >> 18); - x -= q * ((q27 * x + 67108864) >> 27); - return x; + x -= (int32) (q * ((q18 * x) >> 18)); + x -= (int32) (q * ((q27 * x + 67108864) >> 27)); + return (Fq) x; } /* works for all uint32 x */ static Fq Fq_bigfreeze(uint32 x) { - x -= q * ((x * (uint64)q31) >> 31); - x -= q * ((x * (uint64)q31) >> 31); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); x -= q; x += (-(x >> 31)) & (uint32)q; - return x; + return (Fq) x; } /* ----- Top and Right */ static int8 Top(Fq C) { - return (tau1 * (int32)(C + tau0) + 16384) >> 15; + return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15); } static Fq Right(int8 T) { @@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) { } PQCLEAN_NTRULPR857_AVX2_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR857_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char int8 T[I]; Top_decode(T, c + Rounded_bytes); for (i = 0; i < I; ++i) { - r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); + r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); } } } @@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR857_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char Hide(cnew, x, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Inputs_bytes; ++i) { - x[1 + i] ^= mask & (x[1 + i] ^ rho[i]); + x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i])); } for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Inputs_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/ntrulpr857/clean/Makefile b/crypto_kem/ntrulpr857/clean/Makefile index 62c358a8..9929921e 100644 --- a/crypto_kem/ntrulpr857/clean/Makefile +++ b/crypto_kem/ntrulpr857/clean/Makefile @@ -4,7 +4,7 @@ LIB=libntrulpr857_clean.a HEADERS=api.h crypto_core_multsntrup857.h crypto_decode_256x16.h crypto_decode_256x2.h crypto_decode_857x1723.h crypto_decode_857x3.h crypto_decode_857xint16.h crypto_decode_857xint32.h crypto_encode_256x16.h crypto_encode_256x2.h crypto_encode_857x1723.h crypto_encode_857x1723round.h crypto_encode_857x3.h crypto_encode_857xint16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1312.h params.h OBJECTS=crypto_core_multsntrup857.o crypto_decode_256x16.o crypto_decode_256x2.o crypto_decode_857x1723.o crypto_decode_857x3.o crypto_decode_857xint16.o crypto_decode_857xint32.o crypto_encode_256x16.o crypto_encode_256x2.o crypto_encode_857x1723.o crypto_encode_857x1723round.o crypto_encode_857x3.o crypto_encode_857xint16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1312.o kem.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/ntrulpr857/clean/crypto_core_multsntrup857.c b/crypto_kem/ntrulpr857/clean/crypto_core_multsntrup857.c index 28c153d4..724c2ea9 100644 --- a/crypto_kem/ntrulpr857/clean/crypto_core_multsntrup857.c +++ b/crypto_kem/ntrulpr857/clean/crypto_core_multsntrup857.c @@ -14,7 +14,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } int PQCLEAN_NTRULPR857_CLEAN_crypto_core_multsntrup857(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) { @@ -30,9 +30,9 @@ int PQCLEAN_NTRULPR857_CLEAN_crypto_core_multsntrup857(unsigned char *outbytes, } for (i = 0; i < p; ++i) { - small gi = kbytes[i]; + small gi = (small) kbytes[i]; small gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (small) (gi0 - (gi & (gi0 << 1))); } for (i = 0; i < p; ++i) { diff --git a/crypto_kem/ntrulpr857/clean/crypto_decode_857x1723.c b/crypto_kem/ntrulpr857/clean/crypto_decode_857x1723.c index ca5630a2..0720915e 100644 --- a/crypto_kem/ntrulpr857/clean/crypto_decode_857x1723.c +++ b/crypto_kem/ntrulpr857/clean/crypto_decode_857x1723.c @@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q = 0; - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */ /* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */ /* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */ @@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += qpart; /* x <= 49146 */ - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */ /* 0 <= newx <= m + 49146(2^14-1)/2^31 */ /* 0 <= newx <= m + 0.4 */ @@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += mask; /* x < m */ - *r = x; + *r = (uint16) x; } static uint16 uint32_mod_uint14(uint32 x, uint16 m) { @@ -80,7 +80,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha r1 = 0; r1 = (r1 << 8) | *--s; r1 = uint32_mod_uint14(r1, 160); /* needed only for invalid inputs */ - R10[0] = r1; + R10[0] = (uint16) r1; r2 = R10[0]; r2 = (r2 << 8) | *--s; @@ -88,20 +88,20 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 743); R9[0] = r0; r1 = uint32_mod_uint14(r1, 14044); /* needed only for invalid inputs */ - R9[1] = r1; + R9[1] = (uint16) r1; r2 = R9[1]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 436); R8[2] = r0; r1 = uint32_mod_uint14(r1, 8246); /* needed only for invalid inputs */ - R8[3] = r1; + R8[3] = (uint16) r1; r2 = R9[0]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 436); R8[0] = r0; r1 = uint32_mod_uint14(r1, 436); /* needed only for invalid inputs */ - R8[1] = r1; + R8[1] = (uint16) r1; R7[6] = R8[3]; for (i = 2; i >= 0; --i) { @@ -110,7 +110,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 334); R7[2 * i] = r0; r1 = uint32_mod_uint14(r1, 334); /* needed only for invalid inputs */ - R7[2 * i + 1] = r1; + R7[2 * i + 1] = (uint16) r1; } r2 = R7[6]; @@ -118,14 +118,14 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 292); R6[12] = r0; r1 = uint32_mod_uint14(r1, 7229); /* needed only for invalid inputs */ - R6[13] = r1; + R6[13] = (uint16) r1; for (i = 5; i >= 0; --i) { r2 = R7[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 292); R6[2 * i] = r0; r1 = uint32_mod_uint14(r1, 292); /* needed only for invalid inputs */ - R6[2 * i + 1] = r1; + R6[2 * i + 1] = (uint16) r1; } R5[26] = R6[13]; @@ -135,7 +135,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 273); R5[2 * i] = r0; r1 = uint32_mod_uint14(r1, 273); /* needed only for invalid inputs */ - R5[2 * i + 1] = r1; + R5[2 * i + 1] = (uint16) r1; } r2 = R5[26]; @@ -143,7 +143,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 4225); R4[52] = r0; r1 = uint32_mod_uint14(r1, 438); /* needed only for invalid inputs */ - R4[53] = r1; + R4[53] = (uint16) r1; for (i = 25; i >= 0; --i) { r2 = R5[i]; r2 = (r2 << 8) | *--s; @@ -151,7 +151,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 4225); R4[2 * i] = r0; r1 = uint32_mod_uint14(r1, 4225); /* needed only for invalid inputs */ - R4[2 * i + 1] = r1; + R4[2 * i + 1] = (uint16) r1; } r2 = R4[53]; @@ -159,13 +159,13 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 65); R3[106] = r0; r1 = uint32_mod_uint14(r1, 1723); /* needed only for invalid inputs */ - R3[107] = r1; + R3[107] = (uint16) r1; for (i = 52; i >= 0; --i) { r2 = R4[i]; uint32_divmod_uint14(&r1, &r0, r2, 65); R3[2 * i] = r0; r1 = uint32_mod_uint14(r1, 65); /* needed only for invalid inputs */ - R3[2 * i + 1] = r1; + R3[2 * i + 1] = (uint16) r1; } R2[214] = R3[107]; @@ -176,7 +176,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 2053); R2[2 * i] = r0; r1 = uint32_mod_uint14(r1, 2053); /* needed only for invalid inputs */ - R2[2 * i + 1] = r1; + R2[2 * i + 1] = (uint16) r1; } R1[428] = R2[214]; @@ -187,16 +187,16 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857x1723(void *v, const unsigned cha uint32_divmod_uint14(&r1, &r0, r2, 11597); R1[2 * i] = r0; r1 = uint32_mod_uint14(r1, 11597); /* needed only for invalid inputs */ - R1[2 * i + 1] = r1; + R1[2 * i + 1] = (uint16) r1; } - R0[856] = 3 * R1[428] - 2583; + R0[856] = (int16) (3 * R1[428] - 2583); for (i = 427; i >= 0; --i) { r2 = R1[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1723); - R0[2 * i] = 3 * r0 - 2583; + R0[2 * i] = (int16) (3 * r0 - 2583); r1 = uint32_mod_uint14(r1, 1723); /* needed only for invalid inputs */ - R0[2 * i + 1] = 3 * r1 - 2583; + R0[2 * i + 1] = (int16) (3 * r1 - 2583); } } diff --git a/crypto_kem/ntrulpr857/clean/crypto_decode_857xint16.c b/crypto_kem/ntrulpr857/clean/crypto_decode_857xint16.c index ec185e8e..d8c620c1 100644 --- a/crypto_kem/ntrulpr857/clean/crypto_decode_857xint16.c +++ b/crypto_kem/ntrulpr857/clean/crypto_decode_857xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_decode_857xint16(void *v, const unsigned ch for (i = 0; i < 857; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/ntrulpr857/clean/crypto_encode_256x16.c b/crypto_kem/ntrulpr857/clean/crypto_encode_256x16.c index dcaba21a..81f8c4d2 100644 --- a/crypto_kem/ntrulpr857/clean/crypto_encode_256x16.c +++ b/crypto_kem/ntrulpr857/clean/crypto_encode_256x16.c @@ -5,6 +5,6 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_256x16(unsigned char *s, const void const unsigned char *T = v; int i; for (i = 0; i < 128; ++i) { - s[i] = T[2 * i] + (T[2 * i + 1] << 4); + s[i] = (unsigned char) (T[2 * i] + (T[2 * i + 1] << 4)); } } diff --git a/crypto_kem/ntrulpr857/clean/crypto_encode_256x2.c b/crypto_kem/ntrulpr857/clean/crypto_encode_256x2.c index ccd8fb73..8ce08dfe 100644 --- a/crypto_kem/ntrulpr857/clean/crypto_encode_256x2.c +++ b/crypto_kem/ntrulpr857/clean/crypto_encode_256x2.c @@ -8,6 +8,6 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_256x2(unsigned char *s, const void * s[i] = 0; } for (i = 0; i < 256; ++i) { - s[i >> 3] |= (r[i] & 1) << (i & 7); + s[i >> 3] |= (unsigned char) ((r[i] & 1) << (i & 7)); } } diff --git a/crypto_kem/ntrulpr857/clean/crypto_encode_857x1723.c b/crypto_kem/ntrulpr857/clean/crypto_encode_857x1723.c index 3922bf8f..0efa1a68 100644 --- a/crypto_kem/ntrulpr857/clean/crypto_encode_857x1723.c +++ b/crypto_kem/ntrulpr857/clean/crypto_encode_857x1723.c @@ -15,24 +15,24 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(unsigned char *out, const v uint32 r2; for (i = 0; i < 428; ++i) { - r0 = (((R0[2 * i] + 2583) & 16383) * 10923) >> 15; - r1 = (((R0[2 * i + 1] + 2583) & 16383) * 10923) >> 15; + r0 = (uint16) ((((R0[2 * i] + 2583) & 16383) * 10923) >> 15); + r1 = (uint16) ((((R0[2 * i + 1] + 2583) & 16383) * 10923) >> 15); r2 = r0 + r1 * (uint32)1723; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } - R[428] = (((R0[856] + 2583) & 16383) * 10923) >> 15; + R[428] = (uint16) ((((R0[856] + 2583) & 16383) * 10923) >> 15); for (i = 0; i < 214; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)11597; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[214] = R[428]; @@ -40,11 +40,11 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(unsigned char *out, const v r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2053; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[107] = R[214]; @@ -52,39 +52,39 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(unsigned char *out, const v r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)65; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[106]; r1 = R[107]; r2 = r0 + r1 * (uint32)65; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[53] = r2; + R[53] = (uint16) r2; for (i = 0; i < 26; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)4225; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[52]; r1 = R[53]; r2 = r0 + r1 * (uint32)4225; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[26] = r2; + R[26] = (uint16) r2; for (i = 0; i < 13; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)273; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[13] = R[26]; @@ -92,18 +92,18 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(unsigned char *out, const v r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)292; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)334; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[3] = R[6]; @@ -111,20 +111,20 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(unsigned char *out, const v r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)436; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)743; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/ntrulpr857/clean/crypto_encode_857x1723round.c b/crypto_kem/ntrulpr857/clean/crypto_encode_857x1723round.c index 9e7460ba..229bdc9d 100644 --- a/crypto_kem/ntrulpr857/clean/crypto_encode_857x1723round.c +++ b/crypto_kem/ntrulpr857/clean/crypto_encode_857x1723round.c @@ -11,7 +11,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723round(unsigned char *out, co int i; for (i = 0; i < p; ++i) { - x[i] = 3 * ((10923 * a[i] + 16384) >> 15); + x[i] = (int16) (3 * ((10923 * a[i] + 16384) >> 15)); } PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x1723(out, x); } diff --git a/crypto_kem/ntrulpr857/clean/crypto_encode_857x3.c b/crypto_kem/ntrulpr857/clean/crypto_encode_857x3.c index b19644b4..d0646e88 100644 --- a/crypto_kem/ntrulpr857/clean/crypto_encode_857x3.c +++ b/crypto_kem/ntrulpr857/clean/crypto_encode_857x3.c @@ -11,9 +11,9 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857x3(unsigned char *s, const void * for (i = 0; i < p / 4; ++i) { x = *f++ + 1; - x += (*f++ + 1) << 2; - x += (*f++ + 1) << 4; - x += (*f++ + 1) << 6; + x += (uint8) ((*f++ + 1) << 2); + x += (uint8) ((*f++ + 1) << 4); + x += (uint8) ((*f++ + 1) << 6); *s++ = x; } x = *f++ + 1; diff --git a/crypto_kem/ntrulpr857/clean/crypto_encode_857xint16.c b/crypto_kem/ntrulpr857/clean/crypto_encode_857xint16.c index 76a54c19..64c559c7 100644 --- a/crypto_kem/ntrulpr857/clean/crypto_encode_857xint16.c +++ b/crypto_kem/ntrulpr857/clean/crypto_encode_857xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_NTRULPR857_CLEAN_crypto_encode_857xint16(unsigned char *s, const vo for (i = 0; i < 857; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/ntrulpr857/clean/kem.c b/crypto_kem/ntrulpr857/clean/kem.c index 3b7db820..c714d458 100644 --- a/crypto_kem/ntrulpr857/clean/kem.c +++ b/crypto_kem/ntrulpr857/clean/kem.c @@ -18,7 +18,7 @@ /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -38,24 +38,24 @@ typedef int16 Fq; /* works for -14000000 < x < 14000000 if q in 4591, 4621, 5167 */ /* assumes twos complement; use, e.g., gcc -fwrapv */ static Fq Fq_freeze(int32 x) { - x -= q * ((q18 * x) >> 18); - x -= q * ((q27 * x + 67108864) >> 27); - return x; + x -= (int32) (q * ((q18 * x) >> 18)); + x -= (int32) (q * ((q27 * x + 67108864) >> 27)); + return (Fq) x; } /* works for all uint32 x */ static Fq Fq_bigfreeze(uint32 x) { - x -= q * ((x * (uint64)q31) >> 31); - x -= q * ((x * (uint64)q31) >> 31); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); + x -= (uint32) (q * ((x * (uint64)q31) >> 31)); x -= q; x += (-(x >> 31)) & (uint32)q; - return x; + return (Fq) x; } /* ----- Top and Right */ static int8 Top(Fq C) { - return (tau1 * (int32)(C + tau0) + 16384) >> 15; + return (int8) ((tau1 * (int32)(C + tau0) + 16384) >> 15); } static Fq Right(int8 T) { @@ -88,7 +88,7 @@ static void Short_fromlist(small *out, const uint32 *in) { } PQCLEAN_NTRULPR857_CLEAN_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -99,7 +99,7 @@ static void Short_fromlist(small *out, const uint32 *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -278,7 +278,7 @@ int PQCLEAN_NTRULPR857_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha int8 T[I]; Top_decode(T, c + Rounded_bytes); for (i = 0; i < I; ++i) { - r[i] = -int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); + r[i] = (int8) - int16_negative_mask(Fq_freeze(Right(T[i]) - aB[i] + 4 * w + 1)); } } } @@ -289,12 +289,12 @@ int PQCLEAN_NTRULPR857_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned cha Hide(cnew, x, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Inputs_bytes; ++i) { - x[1 + i] ^= mask & (x[1 + i] ^ rho[i]); + x[1 + i] ^= (unsigned char) (mask & (x[1 + i] ^ rho[i])); } for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Inputs_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/sntrup653/avx2/Makefile b/crypto_kem/sntrup653/avx2/Makefile index bc2fbbd0..ebf71a7b 100644 --- a/crypto_kem/sntrup653/avx2/Makefile +++ b/crypto_kem/sntrup653/avx2/Makefile @@ -4,7 +4,7 @@ LIB=libsntrup653_avx2.a HEADERS=api.h crypto_core_inv3sntrup653.h crypto_core_invsntrup653.h crypto_core_mult3sntrup653.h crypto_core_multsntrup653.h crypto_core_multsntrup653_ntt.h crypto_core_scale3sntrup653.h crypto_core_weightsntrup653.h crypto_core_wforcesntrup653.h crypto_decode_653x1541.h crypto_decode_653x3.h crypto_decode_653x4621.h crypto_decode_653xint16.h crypto_decode_653xint32.h crypto_decode_int16.h crypto_encode_653x1541.h crypto_encode_653x1541round.h crypto_encode_653x3.h crypto_encode_653x4621.h crypto_encode_653xfreeze3.h crypto_encode_653xint16.h crypto_encode_int16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_897.h params.h OBJECTS=crypto_core_inv3sntrup653.o crypto_core_invsntrup653.o crypto_core_mult3sntrup653.o crypto_core_multsntrup653.o crypto_core_multsntrup653_ntt.o crypto_core_scale3sntrup653.o crypto_core_weightsntrup653.o crypto_core_wforcesntrup653.o crypto_decode_653x1541.o crypto_decode_653x3.o crypto_decode_653x4621.o crypto_decode_653xint16.o crypto_decode_653xint32.o crypto_decode_int16.o crypto_encode_653x1541.o crypto_encode_653x1541round.o crypto_encode_653x3.o crypto_encode_653x4621.o crypto_encode_653xfreeze3.o crypto_encode_653xint16.o crypto_encode_int16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_897.o kem.o -CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/sntrup653/avx2/crypto_core_inv3sntrup653.c b/crypto_kem/sntrup653/avx2/crypto_core_inv3sntrup653.c index 66292c3a..37570727 100644 --- a/crypto_kem/sntrup653/avx2/crypto_core_inv3sntrup653.c +++ b/crypto_kem/sntrup653/avx2/crypto_core_inv3sntrup653.c @@ -179,7 +179,7 @@ static void vec256_final(small *out, const vec256 *V0, const vec256 *V1) { vec256_tobits(V1, v1); for (i = 0; i < ppad; ++i) { - v[i] = v0[i] + 2 * v1[i] - 4 * (v0[i] & v1[i]); + v[i] = (small) (v0[i] + 2 * v1[i] - 4 * (v0[i] & v1[i])); } for (i = 0; i < ppad; ++i) { @@ -252,11 +252,11 @@ static inline int vec256_bit0mask(vec256 *f) { static inline void vec256_divx_1(vec256 *f) { vec256 f0 = f[0]; - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); low0 = low0 >> 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); f[0] = _mm256_permute4x64_epi64(f0, 0x39); } @@ -265,14 +265,14 @@ static inline void vec256_divx_2(vec256 *f) { vec256 f0 = f[0]; vec256 f1 = f[1]; - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); low0 = (low0 >> 1) | (low1 << 63); low1 = low1 >> 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); f[0] = _mm256_permute4x64_epi64(f0, 0x39); f[1] = _mm256_permute4x64_epi64(f1, 0x39); @@ -283,17 +283,17 @@ static inline void vec256_divx_3(vec256 *f) { vec256 f1 = f[1]; vec256 f2 = f[2]; - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); - unsigned long long low2 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low2 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); low0 = (low0 >> 1) | (low1 << 63); low1 = (low1 >> 1) | (low2 << 63); low2 = low2 >> 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); - f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, low2), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); + f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, (long long) low2), 0x3); f[0] = _mm256_permute4x64_epi64(f0, 0x39); f[1] = _mm256_permute4x64_epi64(f1, 0x39); @@ -303,11 +303,11 @@ static inline void vec256_divx_3(vec256 *f) { static inline void vec256_timesx_1(vec256 *f) { vec256 f0 = _mm256_permute4x64_epi64(f[0], 0x93); - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); low0 = low0 << 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); f[0] = f0; } @@ -316,14 +316,14 @@ static inline void vec256_timesx_2(vec256 *f) { vec256 f0 = _mm256_permute4x64_epi64(f[0], 0x93); vec256 f1 = _mm256_permute4x64_epi64(f[1], 0x93); - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); low1 = (low1 << 1) | (low0 >> 63); low0 = low0 << 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); f[0] = f0; f[1] = f1; @@ -336,7 +336,7 @@ static inline void vec256_timesx_3(vec256 *f) { unsigned long long low0 = *(unsigned long long *) &f0; unsigned long long low1 = *(unsigned long long *) &f1; - unsigned long long low2 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); + unsigned long long low2 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); low2 = (low2 << 1) | (low1 >> 63); low1 = (low1 << 1) | (low0 >> 63); @@ -344,7 +344,7 @@ static inline void vec256_timesx_3(vec256 *f) { *(unsigned long long *) &f0 = low0; *(unsigned long long *) &f1 = low1; - f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, low2), 0x3); + f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, (long long) low2), 0x3); f[0] = f0; f[1] = f1; @@ -537,6 +537,6 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_inv3sntrup653(unsigned char *outbytes, co vec256_scale(V0, V1, c0vec, c1vec); vec256_final(out, V0, V1); - out[p] = negative_mask(minusdelta); + out[p] = (small) negative_mask(minusdelta); return 0; } diff --git a/crypto_kem/sntrup653/avx2/crypto_core_invsntrup653.c b/crypto_kem/sntrup653/avx2/crypto_core_invsntrup653.c index e36d64c5..be775232 100644 --- a/crypto_kem/sntrup653/avx2/crypto_core_invsntrup653.c +++ b/crypto_kem/sntrup653/avx2/crypto_core_invsntrup653.c @@ -14,11 +14,11 @@ /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* return -1 if x<0; otherwise return 0 */ @@ -37,7 +37,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } /* nonnegative e */ @@ -158,13 +158,13 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_invsntrup653(unsigned char *outbytes, con f0 = f[0]; minusdelta = -delta; - swap = int16_negative_mask(minusdelta) & int16_nonzero_mask(g0); + swap = int16_negative_mask((int16) minusdelta) & int16_nonzero_mask(g0); delta ^= swap & (delta ^ minusdelta); delta += 1; fgflip = swap & (f0 ^ g0); - f0 ^= fgflip; - g0 ^= fgflip; + f0 ^= (Fq) fgflip; + g0 ^= (Fq) fgflip; f[0] = f0; @@ -177,13 +177,13 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_invsntrup653(unsigned char *outbytes, con f0 = f[0]; minusdelta = -delta; - swap = int16_negative_mask(minusdelta) & int16_nonzero_mask(g0); + swap = int16_negative_mask((int16) minusdelta) & int16_nonzero_mask(g0); delta ^= swap & (delta ^ minusdelta); delta += 1; fgflip = swap & (f0 ^ g0); - f0 ^= fgflip; - g0 ^= fgflip; + f0 ^= (Fq) fgflip; + g0 ^= (Fq) fgflip; f[0] = f0; @@ -197,6 +197,6 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_invsntrup653(unsigned char *outbytes, con } crypto_encode_pxint16(outbytes, out); - outbytes[2 * p] = int16_nonzero_mask(delta); + outbytes[2 * p] = (unsigned char) int16_nonzero_mask((int16) delta); return 0; } diff --git a/crypto_kem/sntrup653/avx2/crypto_core_mult3sntrup653.c b/crypto_kem/sntrup653/avx2/crypto_core_mult3sntrup653.c index 4a692c84..b1b50703 100644 --- a/crypto_kem/sntrup653/avx2/crypto_core_mult3sntrup653.c +++ b/crypto_kem/sntrup653/avx2/crypto_core_mult3sntrup653.c @@ -229,14 +229,14 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_mult3sntrup653(unsigned char *outbytes, c } for (i = 0; i < p; ++i) { - int8 fi = inbytes[i]; + int8 fi = (int8) inbytes[i]; int8 fi0 = fi & 1; - f[i] = fi0 - (fi & (fi0 << 1)); + f[i] = (int16) (fi0 - (fi & (fi0 << 1))); } for (i = 0; i < p; ++i) { - int8 gi = kbytes[i]; + int8 gi = (int8) kbytes[i]; int8 gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (int16) (gi0 - (gi & (gi0 << 1))); } mult768(fg, f, g); @@ -252,7 +252,7 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_mult3sntrup653(unsigned char *outbytes, c } for (i = 0; i < p; ++i) { - outbytes[i] = h[i]; + outbytes[i] = (unsigned char) h[i]; } return 0; diff --git a/crypto_kem/sntrup653/avx2/crypto_core_multsntrup653.c b/crypto_kem/sntrup653/avx2/crypto_core_multsntrup653.c index d91f5582..7af7050b 100644 --- a/crypto_kem/sntrup653/avx2/crypto_core_multsntrup653.c +++ b/crypto_kem/sntrup653/avx2/crypto_core_multsntrup653.c @@ -291,9 +291,9 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_multsntrup653(unsigned char *outbytes, co store_x16(&f[i], x); } for (i = 0; i < p; ++i) { - int8 gi = kbytes[i]; + int8 gi = (int8) kbytes[i]; int8 gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (int16) (gi0 - (gi & (gi0 << 1))); } mult768(fg, f, g); diff --git a/crypto_kem/sntrup653/avx2/crypto_core_weightsntrup653.c b/crypto_kem/sntrup653/avx2/crypto_core_weightsntrup653.c index c2b932e6..b7ef33de 100644 --- a/crypto_kem/sntrup653/avx2/crypto_core_weightsntrup653.c +++ b/crypto_kem/sntrup653/avx2/crypto_core_weightsntrup653.c @@ -37,8 +37,8 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_weightsntrup653(unsigned char *outbytes, sum = _mm256_hadd_epi16(sum, sum); /* want sum[0]+sum[8] */ - weight = _mm256_extract_epi16(sum, 0); - weight += _mm256_extract_epi16(sum, 8); + weight = (int16) _mm256_extract_epi16(sum, 0); + weight += (int16) _mm256_extract_epi16(sum, 8); PQCLEAN_SNTRUP653_AVX2_crypto_encode_int16(outbytes, &weight); return 0; diff --git a/crypto_kem/sntrup653/avx2/crypto_core_wforcesntrup653.c b/crypto_kem/sntrup653/avx2/crypto_core_wforcesntrup653.c index 90da1ebb..63636176 100644 --- a/crypto_kem/sntrup653/avx2/crypto_core_wforcesntrup653.c +++ b/crypto_kem/sntrup653/avx2/crypto_core_wforcesntrup653.c @@ -17,7 +17,7 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_core_wforcesntrup653(unsigned char *out, const crypto_core_weight((unsigned char *) &weight, in); PQCLEAN_SNTRUP653_AVX2_crypto_decode_int16(&weight, (unsigned char *) &weight); - mask = (weight - w) | (w - weight); + mask = (int16) ((weight - w) | (w - weight)); mask >>= 15; maskvec = _mm256_set1_epi16((short) ~mask); diff --git a/crypto_kem/sntrup653/avx2/crypto_decode_653x1541.c b/crypto_kem/sntrup653/avx2/crypto_decode_653x1541.c index da5d6f19..493a936e 100644 --- a/crypto_kem/sntrup653/avx2/crypto_decode_653x1541.c +++ b/crypto_kem/sntrup653/avx2/crypto_decode_653x1541.c @@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) { } static inline int16 mulhi(int16 x, int16 y) { - return (x * (int32)y) >> 16; + return (int16) ((x * (int32)y) >> 16); } static inline __m256i add(__m256i x, __m256i y) { @@ -79,7 +79,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 += s[1 * i + 0]; /* -39...290 */ a0 = mulhi(a0, 3) - mulhi(mullo(a0, -923), 71); /* -36...35 */ a0 += (a0 >> 15) & 71; /* 0...70 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -22153); /* invalid inputs might need reduction mod 9402 */ @@ -100,7 +100,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 += s[1 * i + 0]; /* -67...325 */ a0 = mulhi(a0, 10) - mulhi(mullo(a0, -489), 134); /* -68...67 */ a0 += (a0 >> 15) & 134; /* 0...133 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, 19563); /* invalid inputs might need reduction mod 134 */ @@ -119,7 +119,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, 1223) - mulhi(mullo(a0, -5681), 2953); /* -1477...1782 */ a0 += s[1 * i + 0]; /* -1477...2037 */ a0 += (a0 >> 15) & 2953; /* 0...2952 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -9543); /* invalid inputs might need reduction mod 815 */ @@ -136,7 +136,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, 1223) - mulhi(mullo(a0, -5681), 2953); /* -1505...1514 */ a0 += s[2 * i + 0]; /* -1505...1769 */ a0 += (a0 >> 15) & 2953; /* 0...2952 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -9543); /* invalid inputs might need reduction mod 2953 */ @@ -158,7 +158,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, 1756) - mulhi(mullo(a0, -1206), 13910); /* -7142...7159 */ a0 += s[2 * i + 0]; /* -7142...7414 */ a0 += (a0 >> 15) & 13910; /* 0...13909 */ - a1 = (a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1); + a1 = (int16) ((a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1)); a1 = mullo(a1, -13437); /* invalid inputs might need reduction mod 13910 */ @@ -178,7 +178,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, -101) - mulhi(mullo(a0, -8891), 1887); /* -969...943 */ a0 += s[1 * i + 0]; /* -969...1198 */ a0 += (a0 >> 15) & 1887; /* 0...1886 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 5279); /* invalid inputs might need reduction mod 1887 */ @@ -234,7 +234,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, 2401) - mulhi(mullo(a0, -2487), 6745); /* -3497...3527 */ a0 += s[2 * i + 0]; /* -3497...3782 */ a0 += (a0 >> 15) & 6745; /* 0...6744 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -29207); /* invalid inputs might need reduction mod 7910 */ @@ -287,7 +287,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char a0 = mulhi(a0, 64) - mulhi(mullo(a0, -12768), 1314); /* -657...673 */ a0 += s[1 * i + 0]; /* -657...928 */ a0 += (a0 >> 15) & 1314; /* 0...1313 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, -399); /* invalid inputs might need reduction mod 1541 */ @@ -369,7 +369,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x1541(void *v, const unsigned char /* R1 ------> R0: reconstruct mod 653*[1541] */ - R0[652] = 3 * R1[326] - 2310; + R0[652] = (int16) (3 * R1[326] - 2310); s -= 326; i = 310; for (;;) { diff --git a/crypto_kem/sntrup653/avx2/crypto_decode_653x4621.c b/crypto_kem/sntrup653/avx2/crypto_decode_653x4621.c index 04368a95..91468ec6 100644 --- a/crypto_kem/sntrup653/avx2/crypto_decode_653x4621.c +++ b/crypto_kem/sntrup653/avx2/crypto_decode_653x4621.c @@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) { } static inline int16 mulhi(int16 x, int16 y) { - return (x * (int32)y) >> 16; + return (int16) ((x * (int32)y) >> 16); } static inline __m256i add(__m256i x, __m256i y) { @@ -81,7 +81,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char a0 = mulhi(a0, 396) - mulhi(mullo(a0, -20092), 835); /* -421...422 */ a0 += s[2 * i + 0]; /* -421...677 */ a0 += (a0 >> 15) & 835; /* 0...834 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, 8555); /* invalid inputs might need reduction mod 6708 */ @@ -103,7 +103,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char a0 = mulhi(a0, 3088) - mulhi(mullo(a0, -2268), 7396); /* -3873...3920 */ a0 += s[2 * i + 0]; /* -3873...4175 */ a0 += (a0 >> 15) & 7396; /* 0...7395 */ - a1 = (a2 << 14) + (s[2 * i + 1] << 6) + ((s[2 * i] - a0) >> 2); + a1 = (int16) ((a2 << 14) + (s[2 * i + 1] << 6) + ((s[2 * i] - a0) >> 2)); a1 = mullo(a1, -18679); /* invalid inputs might need reduction mod 7396 */ @@ -120,7 +120,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char a2 = a0 = R8[2]; a0 = mulhi(a0, 4) - mulhi(mullo(a0, -762), 86); /* -43...44 */ a0 += (a0 >> 15) & 86; /* 0...85 */ - a1 = (a2 - a0) >> 1; + a1 = (int16) ((a2 - a0) >> 1); a1 = mullo(a1, -16765); /* invalid inputs might need reduction mod 78 */ @@ -134,7 +134,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char a2 = a0 = R8[i]; a0 = mulhi(a0, 4) - mulhi(mullo(a0, -762), 86); /* -43...44 */ a0 += (a0 >> 15) & 86; /* 0...85 */ - a1 = (a2 - a0) >> 1; + a1 = (int16) ((a2 - a0) >> 1); a1 = mullo(a1, -16765); /* invalid inputs might need reduction mod 86 */ @@ -156,7 +156,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char a0 = mulhi(a0, -14) - mulhi(mullo(a0, -7079), 2370); /* -1186...1185 */ a0 += s[2 * i + 0]; /* -1186...1440 */ a0 += (a0 >> 15) & 2370; /* 0...2369 */ - a1 = (a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1); + a1 = (int16) ((a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1)); a1 = mullo(a1, -8351); /* invalid inputs might need reduction mod 2370 */ @@ -178,7 +178,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char a0 = mulhi(a0, 4710) - mulhi(mullo(a0, -1346), 12461); /* -6679...6781 */ a0 += s[2 * i + 0]; /* -6679...7036 */ a0 += (a0 >> 15) & 12461; /* 0...12460 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -19675); /* invalid inputs might need reduction mod 12461 */ @@ -234,7 +234,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char a0 = mulhi(a0, 248) - mulhi(mullo(a0, -24818), 676); /* -340...340 */ a0 += s[2 * i + 0]; /* -340...595 */ a0 += (a0 >> 15) & 676; /* 0...675 */ - a1 = (a2 << 14) + (s[2 * i + 1] << 6) + ((s[2 * i] - a0) >> 2); + a1 = (int16) ((a2 << 14) + (s[2 * i + 1] << 6) + ((s[2 * i] - a0) >> 2)); a1 = mullo(a1, -23655); /* invalid inputs might need reduction mod 7510 */ @@ -285,7 +285,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653x4621(void *v, const unsigned char a0 -= 416; /* -640..>47 */ a0 += (a0 >> 15) & 416; /* -224...415 */ a0 += (a0 >> 15) & 416; /* 0...415 */ - a1 = (a2 << 3) + ((s[i] - a0) >> 5); + a1 = (int16) ((a2 << 3) + ((s[i] - a0) >> 5)); a1 = mullo(a1, 20165); /* invalid inputs might need reduction mod 4621 */ diff --git a/crypto_kem/sntrup653/avx2/crypto_decode_653xint16.c b/crypto_kem/sntrup653/avx2/crypto_decode_653xint16.c index dfa1cda2..d297f24c 100644 --- a/crypto_kem/sntrup653/avx2/crypto_decode_653xint16.c +++ b/crypto_kem/sntrup653/avx2/crypto_decode_653xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_653xint16(void *v, const unsigned char for (i = 0; i < 653; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/sntrup653/avx2/crypto_decode_int16.c b/crypto_kem/sntrup653/avx2/crypto_decode_int16.c index 7db93101..b798013c 100644 --- a/crypto_kem/sntrup653/avx2/crypto_decode_int16.c +++ b/crypto_kem/sntrup653/avx2/crypto_decode_int16.c @@ -4,6 +4,6 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_decode_int16(void *x, const unsigned char *s) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; + u1 = (uint16_t) (u1 << 8); *(uint16_t *) x = u0 | u1; } diff --git a/crypto_kem/sntrup653/avx2/crypto_encode_653x1541.c b/crypto_kem/sntrup653/avx2/crypto_encode_653x1541.c index 4269c16b..36cbb7ee 100644 --- a/crypto_kem/sntrup653/avx2/crypto_encode_653x1541.c +++ b/crypto_kem/sntrup653/avx2/crypto_encode_653x1541.c @@ -42,26 +42,26 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[326] = (((R0[652] + 2310) & 16383) * 10923) >> 15; + R[326] = (uint16) ((((R0[652] + 2310) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -124,22 +124,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -204,22 +204,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -229,9 +229,9 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1887; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[10] = R[20]; @@ -239,11 +239,11 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)13910; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[5] = R[10]; @@ -251,36 +251,36 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[4]; r1 = R[5]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[2] = r2; + R[2] = (uint16) r2; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)134; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)71; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup653/avx2/crypto_encode_653x1541round.c b/crypto_kem/sntrup653/avx2/crypto_encode_653x1541round.c index d019eeb5..b2e34128 100644 --- a/crypto_kem/sntrup653/avx2/crypto_encode_653x1541round.c +++ b/crypto_kem/sntrup653/avx2/crypto_encode_653x1541round.c @@ -44,26 +44,26 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[326] = (((3 * ((10923 * R0[652] + 16384) >> 15) + 2310) & 16383) * 10923) >> 15; + R[326] = (uint16) ((((3 * ((10923 * R0[652] + 16384) >> 15) + 2310) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -126,22 +126,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -206,22 +206,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -231,9 +231,9 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1887; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[10] = R[20]; @@ -241,11 +241,11 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)13910; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[5] = R[10]; @@ -253,36 +253,36 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x1541round(unsigned char *out, cons r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[4]; r1 = R[5]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[2] = r2; + R[2] = (uint16) r2; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)134; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)71; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup653/avx2/crypto_encode_653x4621.c b/crypto_kem/sntrup653/avx2/crypto_encode_653x4621.c index 45c443b7..530a9ce3 100644 --- a/crypto_kem/sntrup653/avx2/crypto_encode_653x4621.c +++ b/crypto_kem/sntrup653/avx2/crypto_encode_653x4621.c @@ -82,22 +82,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -125,22 +125,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -162,33 +162,33 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } r0 = R[80]; r1 = R[81]; r2 = r0 + r1 * (uint32)676; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[40] = r2; + R[40] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -212,22 +212,22 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -237,11 +237,11 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)12461; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[10] = R[20]; @@ -249,11 +249,11 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2370; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[5] = R[10]; @@ -261,28 +261,28 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653x4621(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)86; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)7396; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)835; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup653/avx2/crypto_encode_653xint16.c b/crypto_kem/sntrup653/avx2/crypto_encode_653xint16.c index 5443662e..28c79250 100644 --- a/crypto_kem/sntrup653/avx2/crypto_encode_653xint16.c +++ b/crypto_kem/sntrup653/avx2/crypto_encode_653xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_653xint16(unsigned char *s, const void for (i = 0; i < 653; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/sntrup653/avx2/crypto_encode_int16.c b/crypto_kem/sntrup653/avx2/crypto_encode_int16.c index aa327402..b69b49dd 100644 --- a/crypto_kem/sntrup653/avx2/crypto_encode_int16.c +++ b/crypto_kem/sntrup653/avx2/crypto_encode_int16.c @@ -4,6 +4,6 @@ void PQCLEAN_SNTRUP653_AVX2_crypto_encode_int16(unsigned char *s, const void *x) { uint16 u = *(const uint16 *) x; - s[0] = u; - s[1] = u >> 8; + s[0] = (unsigned char) u; + s[1] = (unsigned char) (u >> 8); } diff --git a/crypto_kem/sntrup653/avx2/crypto_sort_int32.c b/crypto_kem/sntrup653/avx2/crypto_sort_int32.c index 1db58519..77d117c6 100644 --- a/crypto_kem/sntrup653/avx2/crypto_sort_int32.c +++ b/crypto_kem/sntrup653/avx2/crypto_sort_int32.c @@ -44,7 +44,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) { int32x8_MINMAX(x0, y0); int32x8_store(x + n - 8, x0); int32x8_store(y + n - 8, y0); - n &= ~7; + n &= ~(size_t) 7; } do { int32x8 x0 = int32x8_load(x); diff --git a/crypto_kem/sntrup653/avx2/crypto_verify_897.c b/crypto_kem/sntrup653/avx2/crypto_verify_897.c index 4b298e67..10cffa5b 100644 --- a/crypto_kem/sntrup653/avx2/crypto_verify_897.c +++ b/crypto_kem/sntrup653/avx2/crypto_verify_897.c @@ -27,10 +27,10 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_verify_897(const unsigned char *x, const unsig diff |= _mm256_srli_epi32(diff, 16); diff |= _mm256_srli_epi64(diff, 32); - differentbits = _mm256_extract_epi8(diff, 0); - differentbits |= _mm256_extract_epi8(diff, 8); - differentbits |= _mm256_extract_epi8(diff, 16); - differentbits |= _mm256_extract_epi8(diff, 24); + differentbits = (unsigned int) _mm256_extract_epi8(diff, 0); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 8); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 16); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 24); return (int) (1 & ((differentbits - 1) >> 8)) - 1; } diff --git a/crypto_kem/sntrup653/avx2/kem.c b/crypto_kem/sntrup653/avx2/kem.c index 6c53b32e..12c67d51 100644 --- a/crypto_kem/sntrup653/avx2/kem.c +++ b/crypto_kem/sntrup653/avx2/kem.c @@ -65,7 +65,7 @@ static void Rq_recip3(Fq *out, const small *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -103,7 +103,7 @@ static void Short_random(small *out) { } PQCLEAN_SNTRUP653_AVX2_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -115,7 +115,7 @@ static void Small_random(small *out) { L[i] = urandom32(); } for (i = 0; i < p; ++i) { - out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1; + out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } } @@ -248,13 +248,13 @@ int PQCLEAN_SNTRUP653_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char Hide(x, cnew, r_enc, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Small_bytes; ++i) { - r_enc[i + 1] ^= mask & (r_enc[i + 1] ^ rho[i]); + r_enc[i + 1] ^= (unsigned char) (mask & (r_enc[i + 1] ^ rho[i])); } Hash(x + 1, r_enc, 1 + Small_bytes); /* XXX: can instead do cmov on cached hash of rho */ for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Hash_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/sntrup653/clean/Makefile b/crypto_kem/sntrup653/clean/Makefile index 81ded6d1..b454b3cb 100644 --- a/crypto_kem/sntrup653/clean/Makefile +++ b/crypto_kem/sntrup653/clean/Makefile @@ -4,7 +4,7 @@ LIB=libsntrup653_clean.a HEADERS=api.h crypto_core_inv3sntrup653.h crypto_core_invsntrup653.h crypto_core_mult3sntrup653.h crypto_core_multsntrup653.h crypto_core_scale3sntrup653.h crypto_core_weightsntrup653.h crypto_core_wforcesntrup653.h crypto_decode_653x1541.h crypto_decode_653x3.h crypto_decode_653x4621.h crypto_decode_653xint16.h crypto_decode_653xint32.h crypto_encode_653x1541.h crypto_encode_653x1541round.h crypto_encode_653x3.h crypto_encode_653x4621.h crypto_encode_653xfreeze3.h crypto_encode_653xint16.h crypto_encode_int16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_897.h params.h OBJECTS=crypto_core_inv3sntrup653.o crypto_core_invsntrup653.o crypto_core_mult3sntrup653.o crypto_core_multsntrup653.o crypto_core_scale3sntrup653.o crypto_core_weightsntrup653.o crypto_core_wforcesntrup653.o crypto_decode_653x1541.o crypto_decode_653x3.o crypto_decode_653x4621.o crypto_decode_653xint16.o crypto_decode_653xint32.o crypto_encode_653x1541.o crypto_encode_653x1541round.o crypto_encode_653x3.o crypto_encode_653x4621.o crypto_encode_653xfreeze3.o crypto_encode_653xint16.o crypto_encode_int16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_897.o kem.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/sntrup653/clean/crypto_core_inv3sntrup653.c b/crypto_kem/sntrup653/clean/crypto_core_inv3sntrup653.c index 27a30edc..bb4e752c 100644 --- a/crypto_kem/sntrup653/clean/crypto_core_inv3sntrup653.c +++ b/crypto_kem/sntrup653/clean/crypto_core_inv3sntrup653.c @@ -13,16 +13,16 @@ /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -36,7 +36,7 @@ typedef int8 small; /* works for -16384 <= x < 16384 */ static small F3_freeze(int16 x) { - return x - 3 * ((10923 * x + 16384) >> 15); + return (small) (x - 3 * ((10923 * x + 16384) >> 15)); } /* byte p of output is 0 if recip succeeded; else -1 */ @@ -61,7 +61,7 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_inv3sntrup653(unsigned char *outbytes, c f[p - 1] = f[p] = -1; for (i = 0; i < p; ++i) { small i1 = in[i] & 1; - g[p - 1 - i] = i1 - (in[i] & (i1 << 1)); + g[p - 1 - i] = (small) (i1 - (in[i] & (i1 << 1))); } g[p] = 0; @@ -74,24 +74,24 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_inv3sntrup653(unsigned char *outbytes, c v[0] = 0; sign = -g[0] * f[0]; - swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]); + swap = int16_negative_mask(-(int16) delta) & int16_nonzero_mask(g[0]); delta ^= swap & (delta ^ -delta); delta += 1; for (i = 0; i < p + 1; ++i) { t = swap & (f[i] ^ g[i]); - f[i] ^= t; - g[i] ^= t; + f[i] ^= (small) t; + g[i] ^= (small) t; t = swap & (v[i] ^ r[i]); - v[i] ^= t; - r[i] ^= t; + v[i] ^= (small) t; + r[i] ^= (small) t; } for (i = 0; i < p + 1; ++i) { - g[i] = F3_freeze(g[i] + sign * f[i]); + g[i] = F3_freeze((int16) (g[i] + sign * f[i])); } for (i = 0; i < p + 1; ++i) { - r[i] = F3_freeze(r[i] + sign * v[i]); + r[i] = F3_freeze((int16) (r[i] + sign * v[i])); } for (i = 0; i < p; ++i) { @@ -102,9 +102,9 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_inv3sntrup653(unsigned char *outbytes, c sign = f[0]; for (i = 0; i < p; ++i) { - out[i] = sign * v[p - 1 - i]; + out[i] = (small) sign * v[p - 1 - i]; } - out[p] = int16_nonzero_mask(delta); + out[p] = (small) int16_nonzero_mask((int16) delta); return 0; } diff --git a/crypto_kem/sntrup653/clean/crypto_core_invsntrup653.c b/crypto_kem/sntrup653/clean/crypto_core_invsntrup653.c index e69c7c40..572abb39 100644 --- a/crypto_kem/sntrup653/clean/crypto_core_invsntrup653.c +++ b/crypto_kem/sntrup653/clean/crypto_core_invsntrup653.c @@ -13,16 +13,16 @@ /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -40,7 +40,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } static Fq Fq_recip(Fq a1) { @@ -91,17 +91,17 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_invsntrup653(unsigned char *outbytes, co } v[0] = 0; - swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]); + swap = int16_negative_mask((int16) - delta) & int16_nonzero_mask(g[0]); delta ^= swap & (delta ^ -delta); delta += 1; for (i = 0; i < p + 1; ++i) { t = swap & (f[i] ^ g[i]); - f[i] ^= t; - g[i] ^= t; + f[i] ^= (Fq) t; + g[i] ^= (Fq) t; t = swap & (v[i] ^ r[i]); - v[i] ^= t; - r[i] ^= t; + v[i] ^= (Fq) t; + r[i] ^= (Fq) t; } f0 = f[0]; @@ -125,7 +125,6 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_invsntrup653(unsigned char *outbytes, co } crypto_encode_pxint16(outbytes, out); - - outbytes[2 * p] = int16_nonzero_mask(delta); + outbytes[2 * p] = (unsigned char) int16_nonzero_mask((int16) delta); return 0; } diff --git a/crypto_kem/sntrup653/clean/crypto_core_mult3sntrup653.c b/crypto_kem/sntrup653/clean/crypto_core_mult3sntrup653.c index 3947b9df..7d0d4636 100644 --- a/crypto_kem/sntrup653/clean/crypto_core_mult3sntrup653.c +++ b/crypto_kem/sntrup653/clean/crypto_core_mult3sntrup653.c @@ -8,7 +8,7 @@ typedef int8 small; /* works for -16384 <= x < 16384 */ static small F3_freeze(int16 x) { - return x - 3 * ((10923 * x + 16384) >> 15); + return (small) (x - 3 * ((10923 * x + 16384) >> 15)); } int PQCLEAN_SNTRUP653_CLEAN_crypto_core_mult3sntrup653(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) { @@ -20,27 +20,27 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_mult3sntrup653(unsigned char *outbytes, int i, j; for (i = 0; i < p; ++i) { - small fi = inbytes[i]; + small fi = (small) inbytes[i]; small fi0 = fi & 1; - f[i] = fi0 - (fi & (fi0 << 1)); + f[i] = (small) (fi0 - (fi & (fi0 << 1))); } for (i = 0; i < p; ++i) { - small gi = kbytes[i]; + small gi = (small) kbytes[i]; small gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (small) (gi0 - (gi & (gi0 << 1))); } for (i = 0; i < p; ++i) { result = 0; for (j = 0; j <= i; ++j) { - result += f[j] * g[i - j]; + result += (small) (f[j] * g[i - j]); } fg[i] = F3_freeze(result); } for (i = p; i < p + p - 1; ++i) { result = 0; for (j = i - p + 1; j < p; ++j) { - result += f[j] * g[i - j]; + result += (small) (f[j] * g[i - j]); } fg[i] = F3_freeze(result); } diff --git a/crypto_kem/sntrup653/clean/crypto_core_multsntrup653.c b/crypto_kem/sntrup653/clean/crypto_core_multsntrup653.c index 5b0e6c98..d44aedae 100644 --- a/crypto_kem/sntrup653/clean/crypto_core_multsntrup653.c +++ b/crypto_kem/sntrup653/clean/crypto_core_multsntrup653.c @@ -14,7 +14,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } int PQCLEAN_SNTRUP653_CLEAN_crypto_core_multsntrup653(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) { @@ -30,9 +30,9 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_multsntrup653(unsigned char *outbytes, c } for (i = 0; i < p; ++i) { - small gi = kbytes[i]; + small gi = (small) kbytes[i]; small gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (small) (gi0 - (gi & (gi0 << 1))); } for (i = 0; i < p; ++i) { diff --git a/crypto_kem/sntrup653/clean/crypto_core_wforcesntrup653.c b/crypto_kem/sntrup653/clean/crypto_core_wforcesntrup653.c index f8a64711..80e55851 100644 --- a/crypto_kem/sntrup653/clean/crypto_core_wforcesntrup653.c +++ b/crypto_kem/sntrup653/clean/crypto_core_wforcesntrup653.c @@ -12,11 +12,11 @@ typedef int8 small; /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* 0 if Weightw_is(r), else -1 */ @@ -27,7 +27,7 @@ static int Weightw_mask(const small *r) { for (i = 0; i < p; ++i) { weight += r[i] & 1; } - return int16_nonzero_mask(weight - w); + return int16_nonzero_mask((int16) (weight - w)); } /* out = in if bottom bits of in have weight w */ @@ -39,10 +39,10 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_core_wforcesntrup653(unsigned char *outbytes, mask = Weightw_mask(in); /* 0 if weight w, else -1 */ for (i = 0; i < w; ++i) { - out[i] = ((in[i] ^ 1) & ~mask) ^ 1; + out[i] = (small) (((in[i] ^ 1) & ~mask) ^ 1); } for (i = w; i < p; ++i) { - out[i] = in[i] & ~mask; + out[i] = (small) (in[i] & ~mask); } return 0; } diff --git a/crypto_kem/sntrup653/clean/crypto_decode_653x1541.c b/crypto_kem/sntrup653/clean/crypto_decode_653x1541.c index b6a10aca..acaf947a 100644 --- a/crypto_kem/sntrup653/clean/crypto_decode_653x1541.c +++ b/crypto_kem/sntrup653/clean/crypto_decode_653x1541.c @@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q = 0; - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */ /* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */ /* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */ @@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += qpart; /* x <= 49146 */ - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */ /* 0 <= newx <= m + 49146(2^14-1)/2^31 */ /* 0 <= newx <= m + 0.4 */ @@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += mask; /* x < m */ - *r = x; + *r = (uint16) x; } static uint16 uint32_mod_uint14(uint32 x, uint16 m) { @@ -81,14 +81,14 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char r1 = (r1 << 8) | *--s; r1 = (r1 << 8) | *--s; r1 = uint32_mod_uint14(r1, 2608); /* needed only for invalid inputs */ - R10[0] = r1; + R10[0] = (uint16) r1; r2 = R10[0]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 71); R9[0] = r0; r1 = uint32_mod_uint14(r1, 9402); /* needed only for invalid inputs */ - R9[1] = r1; + R9[1] = (uint16) r1; R8[2] = R9[1]; r2 = R9[0]; @@ -96,14 +96,14 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 134); R8[0] = r0; r1 = uint32_mod_uint14(r1, 134); /* needed only for invalid inputs */ - R8[1] = r1; + R8[1] = (uint16) r1; r2 = R8[2]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 2953); R7[4] = r0; r1 = uint32_mod_uint14(r1, 815); /* needed only for invalid inputs */ - R7[5] = r1; + R7[5] = (uint16) r1; for (i = 1; i >= 0; --i) { r2 = R8[i]; r2 = (r2 << 8) | *--s; @@ -111,7 +111,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 2953); R7[2 * i] = r0; r1 = uint32_mod_uint14(r1, 2953); /* needed only for invalid inputs */ - R7[2 * i + 1] = r1; + R7[2 * i + 1] = (uint16) r1; } R6[10] = R7[5]; @@ -122,7 +122,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 13910); R6[2 * i] = r0; r1 = uint32_mod_uint14(r1, 13910); /* needed only for invalid inputs */ - R6[2 * i + 1] = r1; + R6[2 * i + 1] = (uint16) r1; } R5[20] = R6[10]; @@ -132,7 +132,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 1887); R5[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1887); /* needed only for invalid inputs */ - R5[2 * i + 1] = r1; + R5[2 * i + 1] = (uint16) r1; } R4[40] = R5[20]; @@ -142,7 +142,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 695); R4[2 * i] = r0; r1 = uint32_mod_uint14(r1, 695); /* needed only for invalid inputs */ - R4[2 * i + 1] = r1; + R4[2 * i + 1] = (uint16) r1; } r2 = R4[40]; @@ -151,7 +151,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 6745); R3[80] = r0; r1 = uint32_mod_uint14(r1, 7910); /* needed only for invalid inputs */ - R3[81] = r1; + R3[81] = (uint16) r1; for (i = 39; i >= 0; --i) { r2 = R4[i]; r2 = (r2 << 8) | *--s; @@ -159,7 +159,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 6745); R3[2 * i] = r0; r1 = uint32_mod_uint14(r1, 6745); /* needed only for invalid inputs */ - R3[2 * i + 1] = r1; + R3[2 * i + 1] = (uint16) r1; } r2 = R3[81]; @@ -167,14 +167,14 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 1314); R2[162] = r0; r1 = uint32_mod_uint14(r1, 1541); /* needed only for invalid inputs */ - R2[163] = r1; + R2[163] = (uint16) r1; for (i = 80; i >= 0; --i) { r2 = R3[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1314); R2[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1314); /* needed only for invalid inputs */ - R2[2 * i + 1] = r1; + R2[2 * i + 1] = (uint16) r1; } R1[326] = R2[163]; @@ -185,16 +185,16 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x1541(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 9277); R1[2 * i] = r0; r1 = uint32_mod_uint14(r1, 9277); /* needed only for invalid inputs */ - R1[2 * i + 1] = r1; + R1[2 * i + 1] = (uint16) r1; } - R0[652] = 3 * R1[326] - 2310; + R0[652] = (int16) (3 * R1[326] - 2310); for (i = 325; i >= 0; --i) { r2 = R1[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1541); - R0[2 * i] = 3 * r0 - 2310; + R0[2 * i] = (int16) (3 * r0 - 2310); r1 = uint32_mod_uint14(r1, 1541); /* needed only for invalid inputs */ - R0[2 * i + 1] = 3 * r1 - 2310; + R0[2 * i + 1] = (int16) (3 * r1 - 2310); } } diff --git a/crypto_kem/sntrup653/clean/crypto_decode_653x4621.c b/crypto_kem/sntrup653/clean/crypto_decode_653x4621.c index 2bf05aaa..59a0b93e 100644 --- a/crypto_kem/sntrup653/clean/crypto_decode_653x4621.c +++ b/crypto_kem/sntrup653/clean/crypto_decode_653x4621.c @@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q = 0; - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */ /* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */ /* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */ @@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += qpart; /* x <= 49146 */ - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */ /* 0 <= newx <= m + 49146(2^14-1)/2^31 */ /* 0 <= newx <= m + 0.4 */ @@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += mask; /* x < m */ - *r = x; + *r = (uint16) x; } static uint16 uint32_mod_uint14(uint32 x, uint16 m) { @@ -80,7 +80,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char r1 = 0; r1 = (r1 << 8) | *--s; r1 = uint32_mod_uint14(r1, 86); /* needed only for invalid inputs */ - R10[0] = r1; + R10[0] = (uint16) r1; r2 = R10[0]; r2 = (r2 << 8) | *--s; @@ -88,7 +88,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 835); R9[0] = r0; r1 = uint32_mod_uint14(r1, 6708); /* needed only for invalid inputs */ - R9[1] = r1; + R9[1] = (uint16) r1; R8[2] = R9[1]; r2 = R9[0]; @@ -97,19 +97,19 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 7396); R8[0] = r0; r1 = uint32_mod_uint14(r1, 7396); /* needed only for invalid inputs */ - R8[1] = r1; + R8[1] = (uint16) r1; r2 = R8[2]; uint32_divmod_uint14(&r1, &r0, r2, 86); R7[4] = r0; r1 = uint32_mod_uint14(r1, 78); /* needed only for invalid inputs */ - R7[5] = r1; + R7[5] = (uint16) r1; for (i = 1; i >= 0; --i) { r2 = R8[i]; uint32_divmod_uint14(&r1, &r0, r2, 86); R7[2 * i] = r0; r1 = uint32_mod_uint14(r1, 86); /* needed only for invalid inputs */ - R7[2 * i + 1] = r1; + R7[2 * i + 1] = (uint16) r1; } R6[10] = R7[5]; @@ -120,7 +120,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 2370); R6[2 * i] = r0; r1 = uint32_mod_uint14(r1, 2370); /* needed only for invalid inputs */ - R6[2 * i + 1] = r1; + R6[2 * i + 1] = (uint16) r1; } R5[20] = R6[10]; @@ -131,7 +131,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 12461); R5[2 * i] = r0; r1 = uint32_mod_uint14(r1, 12461); /* needed only for invalid inputs */ - R5[2 * i + 1] = r1; + R5[2 * i + 1] = (uint16) r1; } R4[40] = R5[20]; @@ -141,7 +141,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 1786); R4[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1786); /* needed only for invalid inputs */ - R4[2 * i + 1] = r1; + R4[2 * i + 1] = (uint16) r1; } r2 = R4[40]; @@ -150,14 +150,14 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 676); R3[80] = r0; r1 = uint32_mod_uint14(r1, 7510); /* needed only for invalid inputs */ - R3[81] = r1; + R3[81] = (uint16) r1; for (i = 39; i >= 0; --i) { r2 = R4[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 676); R3[2 * i] = r0; r1 = uint32_mod_uint14(r1, 676); /* needed only for invalid inputs */ - R3[2 * i + 1] = r1; + R3[2 * i + 1] = (uint16) r1; } r2 = R3[81]; @@ -165,14 +165,14 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 416); R2[162] = r0; r1 = uint32_mod_uint14(r1, 4621); /* needed only for invalid inputs */ - R2[163] = r1; + R2[163] = (uint16) r1; for (i = 80; i >= 0; --i) { r2 = R3[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 416); R2[2 * i] = r0; r1 = uint32_mod_uint14(r1, 416); /* needed only for invalid inputs */ - R2[2 * i + 1] = r1; + R2[2 * i + 1] = (uint16) r1; } R1[326] = R2[163]; @@ -182,17 +182,17 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653x4621(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 326); R1[2 * i] = r0; r1 = uint32_mod_uint14(r1, 326); /* needed only for invalid inputs */ - R1[2 * i + 1] = r1; + R1[2 * i + 1] = (uint16) r1; } - R0[652] = R1[326] - 2310; + R0[652] = (int16) (R1[326] - 2310); for (i = 325; i >= 0; --i) { r2 = R1[i]; r2 = (r2 << 8) | *--s; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 4621); - R0[2 * i] = r0 - 2310; + R0[2 * i] = (int16) (r0 - 2310); r1 = uint32_mod_uint14(r1, 4621); /* needed only for invalid inputs */ - R0[2 * i + 1] = r1 - 2310; + R0[2 * i + 1] = (int16) (r1 - 2310); } } diff --git a/crypto_kem/sntrup653/clean/crypto_decode_653xint16.c b/crypto_kem/sntrup653/clean/crypto_decode_653xint16.c index 655095cd..33aea66a 100644 --- a/crypto_kem/sntrup653/clean/crypto_decode_653xint16.c +++ b/crypto_kem/sntrup653/clean/crypto_decode_653xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_decode_653xint16(void *v, const unsigned cha for (i = 0; i < 653; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/sntrup653/clean/crypto_encode_653x1541.c b/crypto_kem/sntrup653/clean/crypto_encode_653x1541.c index 6b442cb2..1c04c23a 100644 --- a/crypto_kem/sntrup653/clean/crypto_encode_653x1541.c +++ b/crypto_kem/sntrup653/clean/crypto_encode_653x1541.c @@ -15,24 +15,24 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x1541(unsigned char *out, const vo uint32 r2; for (i = 0; i < 326; ++i) { - r0 = (((R0[2 * i] + 2310) & 16383) * 10923) >> 15; - r1 = (((R0[2 * i + 1] + 2310) & 16383) * 10923) >> 15; + r0 = (uint16) ((((R0[2 * i] + 2310) & 16383) * 10923) >> 15); + r1 = (uint16) ((((R0[2 * i + 1] + 2310) & 16383) * 10923) >> 15); r2 = r0 + r1 * (uint32)1541; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } - R[326] = (((R0[652] + 2310) & 16383) * 10923) >> 15; + R[326] = (uint16) ((((R0[652] + 2310) & 16383) * 10923) >> 15); for (i = 0; i < 163; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)9277; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[163] = R[326]; @@ -40,29 +40,29 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x1541(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1314; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 41; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)6745; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 20; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)695; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[20] = R[40]; @@ -70,9 +70,9 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x1541(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1887; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[10] = R[20]; @@ -80,11 +80,11 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x1541(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)13910; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[5] = R[10]; @@ -92,36 +92,36 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x1541(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[4]; r1 = R[5]; r2 = r0 + r1 * (uint32)2953; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[2] = r2; + R[2] = (uint16) r2; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)134; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)71; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup653/clean/crypto_encode_653x1541round.c b/crypto_kem/sntrup653/clean/crypto_encode_653x1541round.c index b53d2dce..34256ac3 100644 --- a/crypto_kem/sntrup653/clean/crypto_encode_653x1541round.c +++ b/crypto_kem/sntrup653/clean/crypto_encode_653x1541round.c @@ -11,7 +11,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x1541round(unsigned char *out, con int i; for (i = 0; i < p; ++i) { - x[i] = 3 * ((10923 * a[i] + 16384) >> 15); + x[i] = (int16) (3 * ((10923 * a[i] + 16384) >> 15)); } PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x1541(out, x); } diff --git a/crypto_kem/sntrup653/clean/crypto_encode_653x3.c b/crypto_kem/sntrup653/clean/crypto_encode_653x3.c index f6628a47..61ae2eed 100644 --- a/crypto_kem/sntrup653/clean/crypto_encode_653x3.c +++ b/crypto_kem/sntrup653/clean/crypto_encode_653x3.c @@ -11,9 +11,9 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x3(unsigned char *s, const void *v for (i = 0; i < p / 4; ++i) { x = *f++ + 1; - x += (*f++ + 1) << 2; - x += (*f++ + 1) << 4; - x += (*f++ + 1) << 6; + x += (uint8) ((*f++ + 1) << 2); + x += (uint8) ((*f++ + 1) << 4); + x += (uint8) ((*f++ + 1) << 6); *s++ = x; } x = *f++ + 1; diff --git a/crypto_kem/sntrup653/clean/crypto_encode_653x4621.c b/crypto_kem/sntrup653/clean/crypto_encode_653x4621.c index 7c3f120f..09d6378f 100644 --- a/crypto_kem/sntrup653/clean/crypto_encode_653x4621.c +++ b/crypto_kem/sntrup653/clean/crypto_encode_653x4621.c @@ -18,11 +18,11 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x4621(unsigned char *out, const vo r0 = (R0[2 * i] + 2310) & 16383; r1 = (R0[2 * i + 1] + 2310) & 16383; r2 = r0 + r1 * (uint32)4621; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[326] = (R0[652] + 2310) & 16383; @@ -30,9 +30,9 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x4621(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)326; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[163] = R[326]; @@ -40,35 +40,35 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x4621(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)416; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 40; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)676; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[80]; r1 = R[81]; r2 = r0 + r1 * (uint32)676; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[40] = r2; + R[40] = (uint16) r2; for (i = 0; i < 20; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1786; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[20] = R[40]; @@ -76,11 +76,11 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x4621(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)12461; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[10] = R[20]; @@ -88,11 +88,11 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x4621(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2370; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[5] = R[10]; @@ -100,28 +100,28 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653x4621(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)86; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)7396; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)835; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup653/clean/crypto_encode_653xfreeze3.c b/crypto_kem/sntrup653/clean/crypto_encode_653xfreeze3.c index b938d071..58ceed32 100644 --- a/crypto_kem/sntrup653/clean/crypto_encode_653xfreeze3.c +++ b/crypto_kem/sntrup653/clean/crypto_encode_653xfreeze3.c @@ -12,7 +12,7 @@ /* and F3_freeze(x) is in {-2,-1,0,1,2} */ static inline unsigned char F3_freeze(int16 x) { - return x - 3 * ((10923 * x + 16384) >> 15); + return (unsigned char) (x - 3 * ((10923 * x + 16384) >> 15)); } void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653xfreeze3(unsigned char *s, const void *v) { diff --git a/crypto_kem/sntrup653/clean/crypto_encode_653xint16.c b/crypto_kem/sntrup653/clean/crypto_encode_653xint16.c index 8555ae26..d543b0c1 100644 --- a/crypto_kem/sntrup653/clean/crypto_encode_653xint16.c +++ b/crypto_kem/sntrup653/clean/crypto_encode_653xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_653xint16(unsigned char *s, const voi for (i = 0; i < 653; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/sntrup653/clean/crypto_encode_int16.c b/crypto_kem/sntrup653/clean/crypto_encode_int16.c index 01d126c0..36c5d9b4 100644 --- a/crypto_kem/sntrup653/clean/crypto_encode_int16.c +++ b/crypto_kem/sntrup653/clean/crypto_encode_int16.c @@ -4,6 +4,6 @@ void PQCLEAN_SNTRUP653_CLEAN_crypto_encode_int16(unsigned char *s, const void *x) { uint16 u = *(const uint16 *) x; - s[0] = u; - s[1] = u >> 8; + s[0] = (unsigned char) u; + s[1] = (unsigned char) (u >> 8); } diff --git a/crypto_kem/sntrup653/clean/kem.c b/crypto_kem/sntrup653/clean/kem.c index 9ade99fb..c589097c 100644 --- a/crypto_kem/sntrup653/clean/kem.c +++ b/crypto_kem/sntrup653/clean/kem.c @@ -65,7 +65,7 @@ static void Rq_recip3(Fq *out, const small *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -103,7 +103,7 @@ static void Short_random(small *out) { } PQCLEAN_SNTRUP653_CLEAN_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -115,7 +115,7 @@ static void Small_random(small *out) { L[i] = urandom32(); } for (i = 0; i < p; ++i) { - out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1; + out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } } @@ -248,13 +248,13 @@ int PQCLEAN_SNTRUP653_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned char Hide(x, cnew, r_enc, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Small_bytes; ++i) { - r_enc[i + 1] ^= mask & (r_enc[i + 1] ^ rho[i]); + r_enc[i + 1] ^= (unsigned char) (mask & (r_enc[i + 1] ^ rho[i])); } Hash(x + 1, r_enc, 1 + Small_bytes); /* XXX: can instead do cmov on cached hash of rho */ for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Hash_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/sntrup761/avx2/Makefile b/crypto_kem/sntrup761/avx2/Makefile index 3e1c7ac2..2336c9db 100644 --- a/crypto_kem/sntrup761/avx2/Makefile +++ b/crypto_kem/sntrup761/avx2/Makefile @@ -4,7 +4,7 @@ LIB=libsntrup761_avx2.a HEADERS=api.h crypto_core_inv3sntrup761.h crypto_core_invsntrup761.h crypto_core_mult3sntrup761.h crypto_core_multsntrup761.h crypto_core_multsntrup761_ntt.h crypto_core_scale3sntrup761.h crypto_core_weightsntrup761.h crypto_core_wforcesntrup761.h crypto_decode_761x1531.h crypto_decode_761x3.h crypto_decode_761x4591.h crypto_decode_761xint16.h crypto_decode_761xint32.h crypto_decode_int16.h crypto_encode_761x1531.h crypto_encode_761x1531round.h crypto_encode_761x3.h crypto_encode_761x4591.h crypto_encode_761xfreeze3.h crypto_encode_761xint16.h crypto_encode_int16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1039.h params.h OBJECTS=crypto_core_inv3sntrup761.o crypto_core_invsntrup761.o crypto_core_mult3sntrup761.o crypto_core_multsntrup761.o crypto_core_multsntrup761_ntt.o crypto_core_scale3sntrup761.o crypto_core_weightsntrup761.o crypto_core_wforcesntrup761.o crypto_decode_761x1531.o crypto_decode_761x3.o crypto_decode_761x4591.o crypto_decode_761xint16.o crypto_decode_761xint32.o crypto_decode_int16.o crypto_encode_761x1531.o crypto_encode_761x1531round.o crypto_encode_761x3.o crypto_encode_761x4591.o crypto_encode_761xfreeze3.o crypto_encode_761xint16.o crypto_encode_int16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1039.o kem.o -CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/sntrup761/avx2/crypto_core_inv3sntrup761.c b/crypto_kem/sntrup761/avx2/crypto_core_inv3sntrup761.c index 71fdf508..03c327eb 100644 --- a/crypto_kem/sntrup761/avx2/crypto_core_inv3sntrup761.c +++ b/crypto_kem/sntrup761/avx2/crypto_core_inv3sntrup761.c @@ -179,7 +179,7 @@ static void vec256_final(small *out, const vec256 *V0, const vec256 *V1) { vec256_tobits(V1, v1); for (i = 0; i < ppad; ++i) { - v[i] = v0[i] + 2 * v1[i] - 4 * (v0[i] & v1[i]); + v[i] = (small) (v0[i] + 2 * v1[i] - 4 * (v0[i] & v1[i])); } for (i = 0; i < ppad; ++i) { @@ -252,11 +252,11 @@ static inline int vec256_bit0mask(vec256 *f) { static inline void vec256_divx_1(vec256 *f) { vec256 f0 = f[0]; - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); low0 = low0 >> 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); f[0] = _mm256_permute4x64_epi64(f0, 0x39); } @@ -265,14 +265,14 @@ static inline void vec256_divx_2(vec256 *f) { vec256 f0 = f[0]; vec256 f1 = f[1]; - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); low0 = (low0 >> 1) | (low1 << 63); low1 = low1 >> 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); f[0] = _mm256_permute4x64_epi64(f0, 0x39); f[1] = _mm256_permute4x64_epi64(f1, 0x39); @@ -283,17 +283,17 @@ static inline void vec256_divx_3(vec256 *f) { vec256 f1 = f[1]; vec256 f2 = f[2]; - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); - unsigned long long low2 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low2 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); low0 = (low0 >> 1) | (low1 << 63); low1 = (low1 >> 1) | (low2 << 63); low2 = low2 >> 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); - f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, low2), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); + f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, (long long) low2), 0x3); f[0] = _mm256_permute4x64_epi64(f0, 0x39); f[1] = _mm256_permute4x64_epi64(f1, 0x39); @@ -303,11 +303,11 @@ static inline void vec256_divx_3(vec256 *f) { static inline void vec256_timesx_1(vec256 *f) { vec256 f0 = _mm256_permute4x64_epi64(f[0], 0x93); - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); low0 = low0 << 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); f[0] = f0; } @@ -316,14 +316,14 @@ static inline void vec256_timesx_2(vec256 *f) { vec256 f0 = _mm256_permute4x64_epi64(f[0], 0x93); vec256 f1 = _mm256_permute4x64_epi64(f[1], 0x93); - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); low1 = (low1 << 1) | (low0 >> 63); low0 = low0 << 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); f[0] = f0; f[1] = f1; @@ -336,7 +336,7 @@ static inline void vec256_timesx_3(vec256 *f) { unsigned long long low0 = *(unsigned long long *) &f0; unsigned long long low1 = *(unsigned long long *) &f1; - unsigned long long low2 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); + unsigned long long low2 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); low2 = (low2 << 1) | (low1 >> 63); low1 = (low1 << 1) | (low0 >> 63); @@ -344,7 +344,7 @@ static inline void vec256_timesx_3(vec256 *f) { *(unsigned long long *) &f0 = low0; *(unsigned long long *) &f1 = low1; - f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, low2), 0x3); + f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, (long long) low2), 0x3); f[0] = f0; f[1] = f1; @@ -537,6 +537,6 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_core_inv3sntrup761(unsigned char *outbytes, co vec256_scale(V0, V1, c0vec, c1vec); vec256_final(out, V0, V1); - out[p] = negative_mask(minusdelta); + out[p] = (small) negative_mask(minusdelta); return 0; } diff --git a/crypto_kem/sntrup761/avx2/crypto_core_invsntrup761.c b/crypto_kem/sntrup761/avx2/crypto_core_invsntrup761.c index 6fdd9e0d..7ef48607 100644 --- a/crypto_kem/sntrup761/avx2/crypto_core_invsntrup761.c +++ b/crypto_kem/sntrup761/avx2/crypto_core_invsntrup761.c @@ -14,11 +14,11 @@ /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* return -1 if x<0; otherwise return 0 */ @@ -37,7 +37,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } /* nonnegative e */ @@ -158,13 +158,13 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_core_invsntrup761(unsigned char *outbytes, con f0 = f[0]; minusdelta = -delta; - swap = int16_negative_mask(minusdelta) & int16_nonzero_mask(g0); + swap = int16_negative_mask((int16) minusdelta) & int16_nonzero_mask(g0); delta ^= swap & (delta ^ minusdelta); delta += 1; fgflip = swap & (f0 ^ g0); - f0 ^= fgflip; - g0 ^= fgflip; + f0 ^= (Fq) fgflip; + g0 ^= (Fq) fgflip; f[0] = f0; @@ -177,13 +177,13 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_core_invsntrup761(unsigned char *outbytes, con f0 = f[0]; minusdelta = -delta; - swap = int16_negative_mask(minusdelta) & int16_nonzero_mask(g0); + swap = int16_negative_mask((int16) minusdelta) & int16_nonzero_mask(g0); delta ^= swap & (delta ^ minusdelta); delta += 1; fgflip = swap & (f0 ^ g0); - f0 ^= fgflip; - g0 ^= fgflip; + f0 ^= (Fq) fgflip; + g0 ^= (Fq) fgflip; f[0] = f0; @@ -197,6 +197,6 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_core_invsntrup761(unsigned char *outbytes, con } crypto_encode_pxint16(outbytes, out); - outbytes[2 * p] = int16_nonzero_mask(delta); + outbytes[2 * p] = (unsigned char) int16_nonzero_mask((int16) delta); return 0; } diff --git a/crypto_kem/sntrup761/avx2/crypto_core_mult3sntrup761.c b/crypto_kem/sntrup761/avx2/crypto_core_mult3sntrup761.c index ad5b13ec..4a6ddcdc 100644 --- a/crypto_kem/sntrup761/avx2/crypto_core_mult3sntrup761.c +++ b/crypto_kem/sntrup761/avx2/crypto_core_mult3sntrup761.c @@ -229,14 +229,14 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_core_mult3sntrup761(unsigned char *outbytes, c } for (i = 0; i < p; ++i) { - int8 fi = inbytes[i]; + int8 fi = (int8) inbytes[i]; int8 fi0 = fi & 1; - f[i] = fi0 - (fi & (fi0 << 1)); + f[i] = (int16) (fi0 - (fi & (fi0 << 1))); } for (i = 0; i < p; ++i) { - int8 gi = kbytes[i]; + int8 gi = (int8) kbytes[i]; int8 gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (int16) (gi0 - (gi & (gi0 << 1))); } mult768(fg, f, g); @@ -252,7 +252,7 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_core_mult3sntrup761(unsigned char *outbytes, c } for (i = 0; i < p; ++i) { - outbytes[i] = h[i]; + outbytes[i] = (unsigned char) h[i]; } return 0; diff --git a/crypto_kem/sntrup761/avx2/crypto_core_multsntrup761.c b/crypto_kem/sntrup761/avx2/crypto_core_multsntrup761.c index 58b83ed2..87253477 100644 --- a/crypto_kem/sntrup761/avx2/crypto_core_multsntrup761.c +++ b/crypto_kem/sntrup761/avx2/crypto_core_multsntrup761.c @@ -291,9 +291,9 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_core_multsntrup761(unsigned char *outbytes, co store_x16(&f[i], x); } for (i = 0; i < p; ++i) { - int8 gi = kbytes[i]; + int8 gi = (int8) kbytes[i]; int8 gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (int16) (gi0 - (gi & (gi0 << 1))); } mult768(fg, f, g); diff --git a/crypto_kem/sntrup761/avx2/crypto_core_weightsntrup761.c b/crypto_kem/sntrup761/avx2/crypto_core_weightsntrup761.c index 3398fe2f..2184979d 100644 --- a/crypto_kem/sntrup761/avx2/crypto_core_weightsntrup761.c +++ b/crypto_kem/sntrup761/avx2/crypto_core_weightsntrup761.c @@ -36,8 +36,8 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_core_weightsntrup761(unsigned char *outbytes, sum = _mm256_hadd_epi16(sum, sum); /* want sum[0]+sum[8] */ - weight = _mm256_extract_epi16(sum, 0); - weight += _mm256_extract_epi16(sum, 8); + weight = (int16) _mm256_extract_epi16(sum, 0); + weight += (int16) _mm256_extract_epi16(sum, 8); PQCLEAN_SNTRUP761_AVX2_crypto_encode_int16(outbytes, &weight); return 0; diff --git a/crypto_kem/sntrup761/avx2/crypto_core_wforcesntrup761.c b/crypto_kem/sntrup761/avx2/crypto_core_wforcesntrup761.c index 0a89659a..0dedf0af 100644 --- a/crypto_kem/sntrup761/avx2/crypto_core_wforcesntrup761.c +++ b/crypto_kem/sntrup761/avx2/crypto_core_wforcesntrup761.c @@ -17,7 +17,7 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_core_wforcesntrup761(unsigned char *out, const crypto_core_weight((unsigned char *) &weight, in); PQCLEAN_SNTRUP761_AVX2_crypto_decode_int16(&weight, (unsigned char *) &weight); - mask = (weight - w) | (w - weight); + mask = (int16) ((weight - w) | (w - weight)); mask >>= 15; maskvec = _mm256_set1_epi16((short) ~mask); diff --git a/crypto_kem/sntrup761/avx2/crypto_decode_761x1531.c b/crypto_kem/sntrup761/avx2/crypto_decode_761x1531.c index 83dae782..7de1f43d 100644 --- a/crypto_kem/sntrup761/avx2/crypto_decode_761x1531.c +++ b/crypto_kem/sntrup761/avx2/crypto_decode_761x1531.c @@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) { } static inline int16 mulhi(int16 x, int16 y) { - return (x * (int32)y) >> 16; + return (int16) ((x * (int32)y) >> 16); } static inline __m256i add(__m256i x, __m256i y) { @@ -78,7 +78,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 60) - mulhi(mullo(a0, -28292), 593); /* -297...311 */ a0 += s[1 * i + 0]; /* -297...566 */ a0 += (a0 >> 15) & 593; /* 0...592 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -31055); /* invalid inputs might need reduction mod 1500 */ @@ -100,7 +100,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 672) - mulhi(mullo(a0, -2692), 6232); /* -3148...3152 */ a0 += s[2 * i + 0]; /* -3148...3407 */ a0 += (a0 >> 15) & 6232; /* 0...6231 */ - a1 = (a2 << 13) + (s[2 * i + 1] << 5) + ((s[2 * i] - a0) >> 3); + a1 = (int16) ((a2 << 13) + (s[2 * i + 1] << 5) + ((s[2 * i] - a0) >> 3)); a1 = mullo(a1, 12451); /* invalid inputs might need reduction mod 6232 */ @@ -119,7 +119,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, -476) - mulhi(mullo(a0, -13284), 1263); /* -751...631 */ a0 += s[1 * i + 0]; /* -751...886 */ a0 += (a0 >> 15) & 1263; /* 0...1262 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -22001); /* invalid inputs might need reduction mod 304 */ @@ -134,7 +134,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, -476) - mulhi(mullo(a0, -13284), 1263); /* -751...631 */ a0 += s[1 * i + 0]; /* -751...886 */ a0 += (a0 >> 15) & 1263; /* 0...1262 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -22001); /* invalid inputs might need reduction mod 1263 */ @@ -155,7 +155,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 2348) - mulhi(mullo(a0, -1844), 9097); /* -4712...4741 */ a0 += s[2 * i + 0]; /* -4712...4996 */ a0 += (a0 >> 15) & 9097; /* 0...9096 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, 17081); /* invalid inputs might need reduction mod 2188 */ @@ -172,7 +172,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 2348) - mulhi(mullo(a0, -1844), 9097); /* -4712...4741 */ a0 += s[2 * i + 0]; /* -4712...4996 */ a0 += (a0 >> 15) & 9097; /* 0...9096 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, 17081); /* invalid inputs might need reduction mod 9097 */ @@ -191,7 +191,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 372) - mulhi(mullo(a0, -10994), 1526); /* -763...856 */ a0 += s[1 * i + 0]; /* -763...1111 */ a0 += (a0 >> 15) & 1526; /* 0...1525 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, -18381); /* invalid inputs might need reduction mod 367 */ @@ -206,7 +206,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 372) - mulhi(mullo(a0, -10994), 1526); /* -763...856 */ a0 += s[1 * i + 0]; /* -763...1111 */ a0 += (a0 >> 15) & 1526; /* 0...1525 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, -18381); /* invalid inputs might need reduction mod 1526 */ @@ -225,7 +225,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, -284) - mulhi(mullo(a0, -26844), 625); /* -384...312 */ a0 += s[1 * i + 0]; /* -384...567 */ a0 += (a0 >> 15) & 625; /* 0...624 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 32401); /* invalid inputs might need reduction mod 150 */ @@ -276,7 +276,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char a0 = mulhi(a0, 2816) - mulhi(mullo(a0, -2621), 6400); /* -3338...3378 */ a0 += s[2 * i + 0]; /* -3338...3633 */ a0 += (a0 >> 15) & 6400; /* 0...6399 */ - a1 = (a2 << 8) + s[2 * i + 1] + ((s[2 * i] - a0) >> 8); + a1 = (int16) ((a2 << 8) + s[2 * i + 1] + ((s[2 * i] - a0) >> 8)); a1 = mullo(a1, 23593); /* invalid inputs might need reduction mod 1531 */ @@ -397,7 +397,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x1531(void *v, const unsigned char /* R1 ------> R0: reconstruct mod 761*[1531] */ - R0[760] = 3 * R1[380] - 2295; + R0[760] = (int16) (3 * R1[380] - 2295); s -= 380; i = 364; for (;;) { diff --git a/crypto_kem/sntrup761/avx2/crypto_decode_761x4591.c b/crypto_kem/sntrup761/avx2/crypto_decode_761x4591.c index 35cd3196..c8e3bfbc 100644 --- a/crypto_kem/sntrup761/avx2/crypto_decode_761x4591.c +++ b/crypto_kem/sntrup761/avx2/crypto_decode_761x4591.c @@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) { } static inline int16 mulhi(int16 x, int16 y) { - return (x * (int32)y) >> 16; + return (int16) ((x * (int32)y) >> 16); } static inline __m256i add(__m256i x, __m256i y) { @@ -80,7 +80,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x4591(void *v, const unsigned char a0 = mulhi(a0, -3624) - mulhi(mullo(a0, -1772), 9470); /* -5011...5046 */ a0 += s[2 * i + 0]; /* -5011...5301 */ a0 += (a0 >> 15) & 9470; /* 0...9469 */ - a1 = (a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1); + a1 = (int16) ((a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1)); a1 = mullo(a1, -21121); /* invalid inputs might need reduction mod 11127 */ @@ -100,7 +100,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x4591(void *v, const unsigned char a0 = mulhi(a0, 541) - mulhi(mullo(a0, -10775), 1557); /* -779...913 */ a0 += s[1 * i + 0]; /* -779...1168 */ a0 += (a0 >> 15) & 1557; /* 0...1556 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -26307); /* invalid inputs might need reduction mod 1557 */ @@ -119,7 +119,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x4591(void *v, const unsigned char a0 = mulhi(a0, -545) - mulhi(mullo(a0, -1661), 10101); /* -5187...5050 */ a0 += s[1 * i + 0]; /* -5187...5305 */ a0 += (a0 >> 15) & 10101; /* 0...10100 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 12509); /* invalid inputs might need reduction mod 282 */ @@ -136,7 +136,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x4591(void *v, const unsigned char a0 = mulhi(a0, -545) - mulhi(mullo(a0, -1661), 10101); /* -5095...5093 */ a0 += s[2 * i + 0]; /* -5095...5348 */ a0 += (a0 >> 15) & 10101; /* 0...10100 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, 12509); /* invalid inputs might need reduction mod 10101 */ @@ -157,7 +157,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x4591(void *v, const unsigned char a0 = mulhi(a0, -656) - mulhi(mullo(a0, -10434), 1608); /* -815...813 */ a0 += s[2 * i + 0]; /* -815...1068 */ a0 += (a0 >> 15) & 1608; /* 0...1607 */ - a1 = (a2 << 13) + (s[2 * i + 1] << 5) + ((s[2 * i] - a0) >> 3); + a1 = (int16) ((a2 << 13) + (s[2 * i + 1] << 5) + ((s[2 * i] - a0) >> 3)); a1 = mullo(a1, 6521); /* invalid inputs might need reduction mod 11468 */ @@ -172,7 +172,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x4591(void *v, const unsigned char a0 = mulhi(a0, -656) - mulhi(mullo(a0, -10434), 1608); /* -968...804 */ a0 += s[1 * i + 0]; /* -968...1059 */ a0 += (a0 >> 15) & 1608; /* 0...1607 */ - a1 = (a2 << 5) + ((s[i] - a0) >> 3); + a1 = (int16) ((a2 << 5) + ((s[i] - a0) >> 3)); a1 = mullo(a1, 6521); /* invalid inputs might need reduction mod 1608 */ @@ -191,7 +191,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x4591(void *v, const unsigned char a0 = mulhi(a0, 4206) - mulhi(mullo(a0, -1634), 10265); /* -5133...6184 */ a0 += s[1 * i + 0]; /* -5133...6439 */ a0 += (a0 >> 15) & 10265; /* 0...10264 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -19415); /* invalid inputs might need reduction mod 286 */ @@ -208,7 +208,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x4591(void *v, const unsigned char a0 = mulhi(a0, 4206) - mulhi(mullo(a0, -1634), 10265); /* -5462...5545 */ a0 += s[2 * i + 0]; /* -5462...5800 */ a0 += (a0 >> 15) & 10265; /* 0...10264 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -19415); /* invalid inputs might need reduction mod 10265 */ @@ -229,7 +229,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x4591(void *v, const unsigned char a0 = mulhi(a0, -134) - mulhi(mullo(a0, -10350), 1621); /* -813...812 */ a0 += s[2 * i + 0]; /* -813...1067 */ a0 += (a0 >> 15) & 1621; /* 0...1620 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -14595); /* invalid inputs might need reduction mod 11550 */ @@ -278,7 +278,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761x4591(void *v, const unsigned char a0 = mulhi(a0, -272) - mulhi(mullo(a0, -26052), 644); /* -390...322 */ a0 += s[1 * i + 0]; /* -390...577 */ a0 += (a0 >> 15) & 644; /* 0...643 */ - a1 = (a2 << 6) + ((s[i] - a0) >> 2); + a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2)); a1 = mullo(a1, -7327); /* invalid inputs might need reduction mod 4591 */ diff --git a/crypto_kem/sntrup761/avx2/crypto_decode_761xint16.c b/crypto_kem/sntrup761/avx2/crypto_decode_761xint16.c index 4b323850..68210a2c 100644 --- a/crypto_kem/sntrup761/avx2/crypto_decode_761xint16.c +++ b/crypto_kem/sntrup761/avx2/crypto_decode_761xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_761xint16(void *v, const unsigned char for (i = 0; i < 761; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/sntrup761/avx2/crypto_decode_int16.c b/crypto_kem/sntrup761/avx2/crypto_decode_int16.c index 3e4bf8ef..3994a7e5 100644 --- a/crypto_kem/sntrup761/avx2/crypto_decode_int16.c +++ b/crypto_kem/sntrup761/avx2/crypto_decode_int16.c @@ -4,6 +4,6 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_decode_int16(void *x, const unsigned char *s) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; + u1 = (uint16_t) (u1 << 8); *(uint16_t *) x = u0 | u1; } diff --git a/crypto_kem/sntrup761/avx2/crypto_encode_761x1531.c b/crypto_kem/sntrup761/avx2/crypto_encode_761x1531.c index c5a03da4..eeff059c 100644 --- a/crypto_kem/sntrup761/avx2/crypto_encode_761x1531.c +++ b/crypto_kem/sntrup761/avx2/crypto_encode_761x1531.c @@ -42,26 +42,26 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x1531(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[380] = (((R0[760] + 2295) & 16383) * 10923) >> 15; + R[380] = (uint16) ((((R0[760] + 2295) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -124,22 +124,22 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x1531(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -195,22 +195,22 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x1531(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -237,22 +237,22 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x1531(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -261,41 +261,41 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x1531(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)9097; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1263; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)6232; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)593; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup761/avx2/crypto_encode_761x1531round.c b/crypto_kem/sntrup761/avx2/crypto_encode_761x1531round.c index ab045dbd..0687a689 100644 --- a/crypto_kem/sntrup761/avx2/crypto_encode_761x1531round.c +++ b/crypto_kem/sntrup761/avx2/crypto_encode_761x1531round.c @@ -44,26 +44,26 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x1531round(unsigned char *out, cons )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[380] = (((3 * ((10923 * R0[760] + 16384) >> 15) + 2295) & 16383) * 10923) >> 15; + R[380] = (uint16) ((((3 * ((10923 * R0[760] + 16384) >> 15) + 2295) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -126,22 +126,22 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x1531round(unsigned char *out, cons )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -197,22 +197,22 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x1531round(unsigned char *out, cons )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -239,22 +239,22 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x1531round(unsigned char *out, cons )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -263,41 +263,41 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x1531round(unsigned char *out, cons r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)9097; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1263; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)6232; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)593; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup761/avx2/crypto_encode_761x4591.c b/crypto_kem/sntrup761/avx2/crypto_encode_761x4591.c index 7d87488f..20bafd0e 100644 --- a/crypto_kem/sntrup761/avx2/crypto_encode_761x4591.c +++ b/crypto_kem/sntrup761/avx2/crypto_encode_761x4591.c @@ -82,22 +82,22 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x4591(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -125,22 +125,22 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x4591(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -163,22 +163,22 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x4591(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -205,104 +205,104 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761x4591(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } r0 = R[46]; r1 = R[47]; r2 = r0 + r1 * (uint32)1621; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[23] = r2; + R[23] = (uint16) r2; for (i = 0; i < 11; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)10265; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[22]; r1 = R[23]; r2 = r0 + r1 * (uint32)10265; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[11] = r2; + R[11] = (uint16) r2; for (i = 0; i < 5; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1608; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[10]; r1 = R[11]; r2 = r0 + r1 * (uint32)1608; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[5] = r2; + R[5] = (uint16) r2; for (i = 0; i < 2; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)10101; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[4]; r1 = R[5]; r2 = r0 + r1 * (uint32)10101; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[2] = r2; + R[2] = (uint16) r2; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)1557; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)9470; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup761/avx2/crypto_encode_761xint16.c b/crypto_kem/sntrup761/avx2/crypto_encode_761xint16.c index ba851932..db839f08 100644 --- a/crypto_kem/sntrup761/avx2/crypto_encode_761xint16.c +++ b/crypto_kem/sntrup761/avx2/crypto_encode_761xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_761xint16(unsigned char *s, const void for (i = 0; i < 761; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/sntrup761/avx2/crypto_encode_int16.c b/crypto_kem/sntrup761/avx2/crypto_encode_int16.c index 378d0667..53b9535d 100644 --- a/crypto_kem/sntrup761/avx2/crypto_encode_int16.c +++ b/crypto_kem/sntrup761/avx2/crypto_encode_int16.c @@ -4,6 +4,6 @@ void PQCLEAN_SNTRUP761_AVX2_crypto_encode_int16(unsigned char *s, const void *x) { uint16 u = *(const uint16 *) x; - s[0] = u; - s[1] = u >> 8; + s[0] = (unsigned char) u; + s[1] = (unsigned char) (u >> 8); } diff --git a/crypto_kem/sntrup761/avx2/crypto_sort_int32.c b/crypto_kem/sntrup761/avx2/crypto_sort_int32.c index 0f42e458..9de85b51 100644 --- a/crypto_kem/sntrup761/avx2/crypto_sort_int32.c +++ b/crypto_kem/sntrup761/avx2/crypto_sort_int32.c @@ -44,7 +44,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) { int32x8_MINMAX(x0, y0); int32x8_store(x + n - 8, x0); int32x8_store(y + n - 8, y0); - n &= ~7; + n &= ~(size_t) 7; } do { int32x8 x0 = int32x8_load(x); diff --git a/crypto_kem/sntrup761/avx2/crypto_verify_1039.c b/crypto_kem/sntrup761/avx2/crypto_verify_1039.c index 2bc66d89..e2bc9f1c 100644 --- a/crypto_kem/sntrup761/avx2/crypto_verify_1039.c +++ b/crypto_kem/sntrup761/avx2/crypto_verify_1039.c @@ -27,10 +27,10 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_verify_1039(const unsigned char *x, const unsi diff |= _mm256_srli_epi32(diff, 16); diff |= _mm256_srli_epi64(diff, 32); - differentbits = _mm256_extract_epi8(diff, 0); - differentbits |= _mm256_extract_epi8(diff, 8); - differentbits |= _mm256_extract_epi8(diff, 16); - differentbits |= _mm256_extract_epi8(diff, 24); + differentbits = (unsigned int) _mm256_extract_epi8(diff, 0); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 8); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 16); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 24); return (int) (1 & ((differentbits - 1) >> 8)) - 1; } diff --git a/crypto_kem/sntrup761/avx2/kem.c b/crypto_kem/sntrup761/avx2/kem.c index 6eeeb496..4f579ffa 100644 --- a/crypto_kem/sntrup761/avx2/kem.c +++ b/crypto_kem/sntrup761/avx2/kem.c @@ -65,7 +65,7 @@ static void Rq_recip3(Fq *out, const small *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -103,7 +103,7 @@ static void Short_random(small *out) { } PQCLEAN_SNTRUP761_AVX2_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -115,7 +115,7 @@ static void Small_random(small *out) { L[i] = urandom32(); } for (i = 0; i < p; ++i) { - out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1; + out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } } @@ -248,13 +248,13 @@ int PQCLEAN_SNTRUP761_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char Hide(x, cnew, r_enc, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Small_bytes; ++i) { - r_enc[i + 1] ^= mask & (r_enc[i + 1] ^ rho[i]); + r_enc[i + 1] ^= (unsigned char) (mask & (r_enc[i + 1] ^ rho[i])); } Hash(x + 1, r_enc, 1 + Small_bytes); /* XXX: can instead do cmov on cached hash of rho */ for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Hash_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/sntrup761/clean/Makefile b/crypto_kem/sntrup761/clean/Makefile index b62759a2..ae82c644 100644 --- a/crypto_kem/sntrup761/clean/Makefile +++ b/crypto_kem/sntrup761/clean/Makefile @@ -4,7 +4,7 @@ LIB=libsntrup761_clean.a HEADERS=api.h crypto_core_inv3sntrup761.h crypto_core_invsntrup761.h crypto_core_mult3sntrup761.h crypto_core_multsntrup761.h crypto_core_scale3sntrup761.h crypto_core_weightsntrup761.h crypto_core_wforcesntrup761.h crypto_decode_761x1531.h crypto_decode_761x3.h crypto_decode_761x4591.h crypto_decode_761xint16.h crypto_decode_761xint32.h crypto_encode_761x1531.h crypto_encode_761x1531round.h crypto_encode_761x3.h crypto_encode_761x4591.h crypto_encode_761xfreeze3.h crypto_encode_761xint16.h crypto_encode_int16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1039.h params.h OBJECTS=crypto_core_inv3sntrup761.o crypto_core_invsntrup761.o crypto_core_mult3sntrup761.o crypto_core_multsntrup761.o crypto_core_scale3sntrup761.o crypto_core_weightsntrup761.o crypto_core_wforcesntrup761.o crypto_decode_761x1531.o crypto_decode_761x3.o crypto_decode_761x4591.o crypto_decode_761xint16.o crypto_decode_761xint32.o crypto_encode_761x1531.o crypto_encode_761x1531round.o crypto_encode_761x3.o crypto_encode_761x4591.o crypto_encode_761xfreeze3.o crypto_encode_761xint16.o crypto_encode_int16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1039.o kem.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/sntrup761/clean/crypto_core_inv3sntrup761.c b/crypto_kem/sntrup761/clean/crypto_core_inv3sntrup761.c index 9b9af62a..8db3bb2a 100644 --- a/crypto_kem/sntrup761/clean/crypto_core_inv3sntrup761.c +++ b/crypto_kem/sntrup761/clean/crypto_core_inv3sntrup761.c @@ -13,16 +13,16 @@ /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -36,7 +36,7 @@ typedef int8 small; /* works for -16384 <= x < 16384 */ static small F3_freeze(int16 x) { - return x - 3 * ((10923 * x + 16384) >> 15); + return (small) (x - 3 * ((10923 * x + 16384) >> 15)); } /* byte p of output is 0 if recip succeeded; else -1 */ @@ -61,7 +61,7 @@ int PQCLEAN_SNTRUP761_CLEAN_crypto_core_inv3sntrup761(unsigned char *outbytes, c f[p - 1] = f[p] = -1; for (i = 0; i < p; ++i) { small i1 = in[i] & 1; - g[p - 1 - i] = i1 - (in[i] & (i1 << 1)); + g[p - 1 - i] = (small) (i1 - (in[i] & (i1 << 1))); } g[p] = 0; @@ -74,24 +74,24 @@ int PQCLEAN_SNTRUP761_CLEAN_crypto_core_inv3sntrup761(unsigned char *outbytes, c v[0] = 0; sign = -g[0] * f[0]; - swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]); + swap = int16_negative_mask(-(int16) delta) & int16_nonzero_mask(g[0]); delta ^= swap & (delta ^ -delta); delta += 1; for (i = 0; i < p + 1; ++i) { t = swap & (f[i] ^ g[i]); - f[i] ^= t; - g[i] ^= t; + f[i] ^= (small) t; + g[i] ^= (small) t; t = swap & (v[i] ^ r[i]); - v[i] ^= t; - r[i] ^= t; + v[i] ^= (small) t; + r[i] ^= (small) t; } for (i = 0; i < p + 1; ++i) { - g[i] = F3_freeze(g[i] + sign * f[i]); + g[i] = F3_freeze((int16) (g[i] + sign * f[i])); } for (i = 0; i < p + 1; ++i) { - r[i] = F3_freeze(r[i] + sign * v[i]); + r[i] = F3_freeze((int16) (r[i] + sign * v[i])); } for (i = 0; i < p; ++i) { @@ -102,9 +102,9 @@ int PQCLEAN_SNTRUP761_CLEAN_crypto_core_inv3sntrup761(unsigned char *outbytes, c sign = f[0]; for (i = 0; i < p; ++i) { - out[i] = sign * v[p - 1 - i]; + out[i] = (small) sign * v[p - 1 - i]; } - out[p] = int16_nonzero_mask(delta); + out[p] = (small) int16_nonzero_mask((int16) delta); return 0; } diff --git a/crypto_kem/sntrup761/clean/crypto_core_invsntrup761.c b/crypto_kem/sntrup761/clean/crypto_core_invsntrup761.c index b496b030..16afe697 100644 --- a/crypto_kem/sntrup761/clean/crypto_core_invsntrup761.c +++ b/crypto_kem/sntrup761/clean/crypto_core_invsntrup761.c @@ -13,16 +13,16 @@ /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -40,7 +40,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } static Fq Fq_recip(Fq a1) { @@ -91,17 +91,17 @@ int PQCLEAN_SNTRUP761_CLEAN_crypto_core_invsntrup761(unsigned char *outbytes, co } v[0] = 0; - swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]); + swap = int16_negative_mask((int16) - delta) & int16_nonzero_mask(g[0]); delta ^= swap & (delta ^ -delta); delta += 1; for (i = 0; i < p + 1; ++i) { t = swap & (f[i] ^ g[i]); - f[i] ^= t; - g[i] ^= t; + f[i] ^= (Fq) t; + g[i] ^= (Fq) t; t = swap & (v[i] ^ r[i]); - v[i] ^= t; - r[i] ^= t; + v[i] ^= (Fq) t; + r[i] ^= (Fq) t; } f0 = f[0]; @@ -125,6 +125,6 @@ int PQCLEAN_SNTRUP761_CLEAN_crypto_core_invsntrup761(unsigned char *outbytes, co } crypto_encode_pxint16(outbytes, out); - outbytes[2 * p] = int16_nonzero_mask(delta); + outbytes[2 * p] = (unsigned char) int16_nonzero_mask((int16) delta); return 0; } diff --git a/crypto_kem/sntrup761/clean/crypto_core_mult3sntrup761.c b/crypto_kem/sntrup761/clean/crypto_core_mult3sntrup761.c index 7c32f29e..b25892b4 100644 --- a/crypto_kem/sntrup761/clean/crypto_core_mult3sntrup761.c +++ b/crypto_kem/sntrup761/clean/crypto_core_mult3sntrup761.c @@ -8,7 +8,7 @@ typedef int8 small; /* works for -16384 <= x < 16384 */ static small F3_freeze(int16 x) { - return x - 3 * ((10923 * x + 16384) >> 15); + return (small) (x - 3 * ((10923 * x + 16384) >> 15)); } int PQCLEAN_SNTRUP761_CLEAN_crypto_core_mult3sntrup761(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) { @@ -20,27 +20,27 @@ int PQCLEAN_SNTRUP761_CLEAN_crypto_core_mult3sntrup761(unsigned char *outbytes, int i, j; for (i = 0; i < p; ++i) { - small fi = inbytes[i]; + small fi = (small) inbytes[i]; small fi0 = fi & 1; - f[i] = fi0 - (fi & (fi0 << 1)); + f[i] = (small) (fi0 - (fi & (fi0 << 1))); } for (i = 0; i < p; ++i) { - small gi = kbytes[i]; + small gi = (small) kbytes[i]; small gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (small) (gi0 - (gi & (gi0 << 1))); } for (i = 0; i < p; ++i) { result = 0; for (j = 0; j <= i; ++j) { - result += f[j] * g[i - j]; + result += (small) (f[j] * g[i - j]); } fg[i] = F3_freeze(result); } for (i = p; i < p + p - 1; ++i) { result = 0; for (j = i - p + 1; j < p; ++j) { - result += f[j] * g[i - j]; + result += (small) (f[j] * g[i - j]); } fg[i] = F3_freeze(result); } diff --git a/crypto_kem/sntrup761/clean/crypto_core_multsntrup761.c b/crypto_kem/sntrup761/clean/crypto_core_multsntrup761.c index e283456e..0ae23c3c 100644 --- a/crypto_kem/sntrup761/clean/crypto_core_multsntrup761.c +++ b/crypto_kem/sntrup761/clean/crypto_core_multsntrup761.c @@ -14,7 +14,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } int PQCLEAN_SNTRUP761_CLEAN_crypto_core_multsntrup761(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) { @@ -30,9 +30,9 @@ int PQCLEAN_SNTRUP761_CLEAN_crypto_core_multsntrup761(unsigned char *outbytes, c } for (i = 0; i < p; ++i) { - small gi = kbytes[i]; + small gi = (small) kbytes[i]; small gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (small) (gi0 - (gi & (gi0 << 1))); } for (i = 0; i < p; ++i) { diff --git a/crypto_kem/sntrup761/clean/crypto_core_wforcesntrup761.c b/crypto_kem/sntrup761/clean/crypto_core_wforcesntrup761.c index 806d3111..a60b5405 100644 --- a/crypto_kem/sntrup761/clean/crypto_core_wforcesntrup761.c +++ b/crypto_kem/sntrup761/clean/crypto_core_wforcesntrup761.c @@ -12,11 +12,11 @@ typedef int8 small; /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* 0 if Weightw_is(r), else -1 */ @@ -27,7 +27,7 @@ static int Weightw_mask(const small *r) { for (i = 0; i < p; ++i) { weight += r[i] & 1; } - return int16_nonzero_mask(weight - w); + return int16_nonzero_mask((int16) (weight - w)); } /* out = in if bottom bits of in have weight w */ @@ -39,10 +39,10 @@ int PQCLEAN_SNTRUP761_CLEAN_crypto_core_wforcesntrup761(unsigned char *outbytes, mask = Weightw_mask(in); /* 0 if weight w, else -1 */ for (i = 0; i < w; ++i) { - out[i] = ((in[i] ^ 1) & ~mask) ^ 1; + out[i] = (small) (((in[i] ^ 1) & ~mask) ^ 1); } for (i = w; i < p; ++i) { - out[i] = in[i] & ~mask; + out[i] = (small) (in[i] & ~mask); } return 0; } diff --git a/crypto_kem/sntrup761/clean/crypto_decode_761x1531.c b/crypto_kem/sntrup761/clean/crypto_decode_761x1531.c index d19d7402..7d5f926b 100644 --- a/crypto_kem/sntrup761/clean/crypto_decode_761x1531.c +++ b/crypto_kem/sntrup761/clean/crypto_decode_761x1531.c @@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q = 0; - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */ /* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */ /* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */ @@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += qpart; /* x <= 49146 */ - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */ /* 0 <= newx <= m + 49146(2^14-1)/2^31 */ /* 0 <= newx <= m + 0.4 */ @@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += mask; /* x < m */ - *r = x; + *r = (uint16) x; } static uint16 uint32_mod_uint14(uint32 x, uint16 m) { @@ -81,14 +81,14 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x1531(void *v, const unsigned char r1 = (r1 << 8) | *--s; r1 = (r1 << 8) | *--s; r1 = uint32_mod_uint14(r1, 3475); /* needed only for invalid inputs */ - R10[0] = r1; + R10[0] = (uint16) r1; r2 = R10[0]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 593); R9[0] = r0; r1 = uint32_mod_uint14(r1, 1500); /* needed only for invalid inputs */ - R9[1] = r1; + R9[1] = (uint16) r1; R8[2] = R9[1]; r2 = R9[0]; @@ -97,21 +97,21 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x1531(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 6232); R8[0] = r0; r1 = uint32_mod_uint14(r1, 6232); /* needed only for invalid inputs */ - R8[1] = r1; + R8[1] = (uint16) r1; r2 = R8[2]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1263); R7[4] = r0; r1 = uint32_mod_uint14(r1, 304); /* needed only for invalid inputs */ - R7[5] = r1; + R7[5] = (uint16) r1; for (i = 1; i >= 0; --i) { r2 = R8[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1263); R7[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1263); /* needed only for invalid inputs */ - R7[2 * i + 1] = r1; + R7[2 * i + 1] = (uint16) r1; } r2 = R7[5]; @@ -120,7 +120,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x1531(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 9097); R6[10] = r0; r1 = uint32_mod_uint14(r1, 2188); /* needed only for invalid inputs */ - R6[11] = r1; + R6[11] = (uint16) r1; for (i = 4; i >= 0; --i) { r2 = R7[i]; r2 = (r2 << 8) | *--s; @@ -128,7 +128,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x1531(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 9097); R6[2 * i] = r0; r1 = uint32_mod_uint14(r1, 9097); /* needed only for invalid inputs */ - R6[2 * i + 1] = r1; + R6[2 * i + 1] = (uint16) r1; } r2 = R6[11]; @@ -136,14 +136,14 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x1531(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 1526); R5[22] = r0; r1 = uint32_mod_uint14(r1, 367); /* needed only for invalid inputs */ - R5[23] = r1; + R5[23] = (uint16) r1; for (i = 10; i >= 0; --i) { r2 = R6[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1526); R5[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1526); /* needed only for invalid inputs */ - R5[2 * i + 1] = r1; + R5[2 * i + 1] = (uint16) r1; } r2 = R5[23]; @@ -151,14 +151,14 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x1531(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 625); R4[46] = r0; r1 = uint32_mod_uint14(r1, 150); /* needed only for invalid inputs */ - R4[47] = r1; + R4[47] = (uint16) r1; for (i = 22; i >= 0; --i) { r2 = R5[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 625); R4[2 * i] = r0; r1 = uint32_mod_uint14(r1, 625); /* needed only for invalid inputs */ - R4[2 * i + 1] = r1; + R4[2 * i + 1] = (uint16) r1; } r2 = R4[47]; @@ -167,7 +167,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x1531(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 6400); R3[94] = r0; r1 = uint32_mod_uint14(r1, 1531); /* needed only for invalid inputs */ - R3[95] = r1; + R3[95] = (uint16) r1; for (i = 46; i >= 0; --i) { r2 = R4[i]; r2 = (r2 << 8) | *--s; @@ -175,7 +175,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x1531(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 6400); R3[2 * i] = r0; r1 = uint32_mod_uint14(r1, 6400); /* needed only for invalid inputs */ - R3[2 * i + 1] = r1; + R3[2 * i + 1] = (uint16) r1; } R2[190] = R3[95]; @@ -185,7 +185,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x1531(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 1280); R2[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1280); /* needed only for invalid inputs */ - R2[2 * i + 1] = r1; + R2[2 * i + 1] = (uint16) r1; } R1[380] = R2[190]; @@ -196,16 +196,16 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x1531(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 9157); R1[2 * i] = r0; r1 = uint32_mod_uint14(r1, 9157); /* needed only for invalid inputs */ - R1[2 * i + 1] = r1; + R1[2 * i + 1] = (uint16) r1; } - R0[760] = 3 * R1[380] - 2295; + R0[760] = (int16) (3 * R1[380] - 2295); for (i = 379; i >= 0; --i) { r2 = R1[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1531); - R0[2 * i] = 3 * r0 - 2295; + R0[2 * i] = (int16) (3 * r0 - 2295); r1 = uint32_mod_uint14(r1, 1531); /* needed only for invalid inputs */ - R0[2 * i + 1] = 3 * r1 - 2295; + R0[2 * i + 1] = (int16) (3 * r1 - 2295); } } diff --git a/crypto_kem/sntrup761/clean/crypto_decode_761x4591.c b/crypto_kem/sntrup761/clean/crypto_decode_761x4591.c index 630c11fe..0054517b 100644 --- a/crypto_kem/sntrup761/clean/crypto_decode_761x4591.c +++ b/crypto_kem/sntrup761/clean/crypto_decode_761x4591.c @@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q = 0; - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */ /* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */ /* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */ @@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += qpart; /* x <= 49146 */ - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */ /* 0 <= newx <= m + 49146(2^14-1)/2^31 */ /* 0 <= newx <= m + 0.4 */ @@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += mask; /* x < m */ - *r = x; + *r = (uint16) x; } static uint16 uint32_mod_uint14(uint32 x, uint16 m) { @@ -81,7 +81,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char r1 = (r1 << 8) | *--s; r1 = (r1 << 8) | *--s; r1 = uint32_mod_uint14(r1, 1608); /* needed only for invalid inputs */ - R10[0] = r1; + R10[0] = (uint16) r1; r2 = R10[0]; r2 = (r2 << 8) | *--s; @@ -89,7 +89,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 9470); R9[0] = r0; r1 = uint32_mod_uint14(r1, 11127); /* needed only for invalid inputs */ - R9[1] = r1; + R9[1] = (uint16) r1; R8[2] = R9[1]; r2 = R9[0]; @@ -97,14 +97,14 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 1557); R8[0] = r0; r1 = uint32_mod_uint14(r1, 1557); /* needed only for invalid inputs */ - R8[1] = r1; + R8[1] = (uint16) r1; r2 = R8[2]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 10101); R7[4] = r0; r1 = uint32_mod_uint14(r1, 282); /* needed only for invalid inputs */ - R7[5] = r1; + R7[5] = (uint16) r1; for (i = 1; i >= 0; --i) { r2 = R8[i]; r2 = (r2 << 8) | *--s; @@ -112,7 +112,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 10101); R7[2 * i] = r0; r1 = uint32_mod_uint14(r1, 10101); /* needed only for invalid inputs */ - R7[2 * i + 1] = r1; + R7[2 * i + 1] = (uint16) r1; } r2 = R7[5]; @@ -121,14 +121,14 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 1608); R6[10] = r0; r1 = uint32_mod_uint14(r1, 11468); /* needed only for invalid inputs */ - R6[11] = r1; + R6[11] = (uint16) r1; for (i = 4; i >= 0; --i) { r2 = R7[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1608); R6[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1608); /* needed only for invalid inputs */ - R6[2 * i + 1] = r1; + R6[2 * i + 1] = (uint16) r1; } r2 = R6[11]; @@ -136,7 +136,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 10265); R5[22] = r0; r1 = uint32_mod_uint14(r1, 286); /* needed only for invalid inputs */ - R5[23] = r1; + R5[23] = (uint16) r1; for (i = 10; i >= 0; --i) { r2 = R6[i]; r2 = (r2 << 8) | *--s; @@ -144,7 +144,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 10265); R5[2 * i] = r0; r1 = uint32_mod_uint14(r1, 10265); /* needed only for invalid inputs */ - R5[2 * i + 1] = r1; + R5[2 * i + 1] = (uint16) r1; } r2 = R5[23]; @@ -153,14 +153,14 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 1621); R4[46] = r0; r1 = uint32_mod_uint14(r1, 11550); /* needed only for invalid inputs */ - R4[47] = r1; + R4[47] = (uint16) r1; for (i = 22; i >= 0; --i) { r2 = R5[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1621); R4[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1621); /* needed only for invalid inputs */ - R4[2 * i + 1] = r1; + R4[2 * i + 1] = (uint16) r1; } r2 = R4[47]; @@ -168,14 +168,14 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 644); R3[94] = r0; r1 = uint32_mod_uint14(r1, 4591); /* needed only for invalid inputs */ - R3[95] = r1; + R3[95] = (uint16) r1; for (i = 46; i >= 0; --i) { r2 = R4[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 644); R3[2 * i] = r0; r1 = uint32_mod_uint14(r1, 644); /* needed only for invalid inputs */ - R3[2 * i + 1] = r1; + R3[2 * i + 1] = (uint16) r1; } R2[190] = R3[95]; @@ -185,7 +185,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 406); R2[2 * i] = r0; r1 = uint32_mod_uint14(r1, 406); /* needed only for invalid inputs */ - R2[2 * i + 1] = r1; + R2[2 * i + 1] = (uint16) r1; } R1[380] = R2[190]; @@ -195,17 +195,17 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761x4591(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 322); R1[2 * i] = r0; r1 = uint32_mod_uint14(r1, 322); /* needed only for invalid inputs */ - R1[2 * i + 1] = r1; + R1[2 * i + 1] = (uint16) r1; } - R0[760] = R1[380] - 2295; + R0[760] = (int16) (R1[380] - 2295); for (i = 379; i >= 0; --i) { r2 = R1[i]; r2 = (r2 << 8) | *--s; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 4591); - R0[2 * i] = r0 - 2295; + R0[2 * i] = (int16) (r0 - 2295); r1 = uint32_mod_uint14(r1, 4591); /* needed only for invalid inputs */ - R0[2 * i + 1] = r1 - 2295; + R0[2 * i + 1] = (int16) (r1 - 2295); } } diff --git a/crypto_kem/sntrup761/clean/crypto_decode_761xint16.c b/crypto_kem/sntrup761/clean/crypto_decode_761xint16.c index 7678d872..5d60473c 100644 --- a/crypto_kem/sntrup761/clean/crypto_decode_761xint16.c +++ b/crypto_kem/sntrup761/clean/crypto_decode_761xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_decode_761xint16(void *v, const unsigned cha for (i = 0; i < 761; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/sntrup761/clean/crypto_encode_761x1531.c b/crypto_kem/sntrup761/clean/crypto_encode_761x1531.c index 17db0eef..3ef8b3f1 100644 --- a/crypto_kem/sntrup761/clean/crypto_encode_761x1531.c +++ b/crypto_kem/sntrup761/clean/crypto_encode_761x1531.c @@ -15,24 +15,24 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x1531(unsigned char *out, const vo uint32 r2; for (i = 0; i < 380; ++i) { - r0 = (((R0[2 * i] + 2295) & 16383) * 10923) >> 15; - r1 = (((R0[2 * i + 1] + 2295) & 16383) * 10923) >> 15; + r0 = (uint16) ((((R0[2 * i] + 2295) & 16383) * 10923) >> 15); + r1 = (uint16) ((((R0[2 * i + 1] + 2295) & 16383) * 10923) >> 15); r2 = r0 + r1 * (uint32)1531; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } - R[380] = (((R0[760] + 2295) & 16383) * 10923) >> 15; + R[380] = (uint16) ((((R0[760] + 2295) & 16383) * 10923) >> 15); for (i = 0; i < 190; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)9157; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[190] = R[380]; @@ -40,9 +40,9 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x1531(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1280; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[95] = R[190]; @@ -50,70 +50,70 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x1531(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)6400; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 24; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)625; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 12; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1526; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 6; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)9097; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1263; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)6232; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)593; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup761/clean/crypto_encode_761x1531round.c b/crypto_kem/sntrup761/clean/crypto_encode_761x1531round.c index 6b10ccb4..6906d3e2 100644 --- a/crypto_kem/sntrup761/clean/crypto_encode_761x1531round.c +++ b/crypto_kem/sntrup761/clean/crypto_encode_761x1531round.c @@ -11,7 +11,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x1531round(unsigned char *out, con int i; for (i = 0; i < p; ++i) { - x[i] = 3 * ((10923 * a[i] + 16384) >> 15); + x[i] = (int16) (3 * ((10923 * a[i] + 16384) >> 15)); } PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x1531(out, x); } diff --git a/crypto_kem/sntrup761/clean/crypto_encode_761x3.c b/crypto_kem/sntrup761/clean/crypto_encode_761x3.c index 54deace0..32d00f3b 100644 --- a/crypto_kem/sntrup761/clean/crypto_encode_761x3.c +++ b/crypto_kem/sntrup761/clean/crypto_encode_761x3.c @@ -11,9 +11,9 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x3(unsigned char *s, const void *v for (i = 0; i < p / 4; ++i) { x = *f++ + 1; - x += (*f++ + 1) << 2; - x += (*f++ + 1) << 4; - x += (*f++ + 1) << 6; + x += (uint8) ((*f++ + 1) << 2); + x += (uint8) ((*f++ + 1) << 4); + x += (uint8) ((*f++ + 1) << 6); *s++ = x; } x = *f++ + 1; diff --git a/crypto_kem/sntrup761/clean/crypto_encode_761x4591.c b/crypto_kem/sntrup761/clean/crypto_encode_761x4591.c index c09514c2..1f82a69b 100644 --- a/crypto_kem/sntrup761/clean/crypto_encode_761x4591.c +++ b/crypto_kem/sntrup761/clean/crypto_encode_761x4591.c @@ -18,11 +18,11 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x4591(unsigned char *out, const vo r0 = (R0[2 * i] + 2295) & 16383; r1 = (R0[2 * i + 1] + 2295) & 16383; r2 = r0 + r1 * (uint32)4591; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[380] = (R0[760] + 2295) & 16383; @@ -30,9 +30,9 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x4591(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)322; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[190] = R[380]; @@ -40,9 +40,9 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x4591(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)406; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[95] = R[190]; @@ -50,98 +50,98 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761x4591(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)644; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 23; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1621; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[46]; r1 = R[47]; r2 = r0 + r1 * (uint32)1621; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[23] = r2; + R[23] = (uint16) r2; for (i = 0; i < 11; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)10265; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[22]; r1 = R[23]; r2 = r0 + r1 * (uint32)10265; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[11] = r2; + R[11] = (uint16) r2; for (i = 0; i < 5; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1608; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[10]; r1 = R[11]; r2 = r0 + r1 * (uint32)1608; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[5] = r2; + R[5] = (uint16) r2; for (i = 0; i < 2; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)10101; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[4]; r1 = R[5]; r2 = r0 + r1 * (uint32)10101; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[2] = r2; + R[2] = (uint16) r2; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)1557; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; R[1] = R[2]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)9470; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup761/clean/crypto_encode_761xfreeze3.c b/crypto_kem/sntrup761/clean/crypto_encode_761xfreeze3.c index d2b10e3e..f196e033 100644 --- a/crypto_kem/sntrup761/clean/crypto_encode_761xfreeze3.c +++ b/crypto_kem/sntrup761/clean/crypto_encode_761xfreeze3.c @@ -12,7 +12,7 @@ /* and F3_freeze(x) is in {-2,-1,0,1,2} */ static inline unsigned char F3_freeze(int16 x) { - return x - 3 * ((10923 * x + 16384) >> 15); + return (unsigned char) (x - 3 * ((10923 * x + 16384) >> 15)); } void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761xfreeze3(unsigned char *s, const void *v) { diff --git a/crypto_kem/sntrup761/clean/crypto_encode_761xint16.c b/crypto_kem/sntrup761/clean/crypto_encode_761xint16.c index 02384178..c5dcf16a 100644 --- a/crypto_kem/sntrup761/clean/crypto_encode_761xint16.c +++ b/crypto_kem/sntrup761/clean/crypto_encode_761xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_761xint16(unsigned char *s, const voi for (i = 0; i < 761; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/sntrup761/clean/crypto_encode_int16.c b/crypto_kem/sntrup761/clean/crypto_encode_int16.c index 074814aa..78b0d682 100644 --- a/crypto_kem/sntrup761/clean/crypto_encode_int16.c +++ b/crypto_kem/sntrup761/clean/crypto_encode_int16.c @@ -4,6 +4,6 @@ void PQCLEAN_SNTRUP761_CLEAN_crypto_encode_int16(unsigned char *s, const void *x) { uint16 u = *(const uint16 *) x; - s[0] = u; - s[1] = u >> 8; + s[0] = (unsigned char) u; + s[1] = (unsigned char) (u >> 8); } diff --git a/crypto_kem/sntrup761/clean/kem.c b/crypto_kem/sntrup761/clean/kem.c index fd9f1f63..87175305 100644 --- a/crypto_kem/sntrup761/clean/kem.c +++ b/crypto_kem/sntrup761/clean/kem.c @@ -65,7 +65,7 @@ static void Rq_recip3(Fq *out, const small *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -103,7 +103,7 @@ static void Short_random(small *out) { } PQCLEAN_SNTRUP761_CLEAN_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -115,7 +115,7 @@ static void Small_random(small *out) { L[i] = urandom32(); } for (i = 0; i < p; ++i) { - out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1; + out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } } @@ -248,13 +248,13 @@ int PQCLEAN_SNTRUP761_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned char Hide(x, cnew, r_enc, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Small_bytes; ++i) { - r_enc[i + 1] ^= mask & (r_enc[i + 1] ^ rho[i]); + r_enc[i + 1] ^= (unsigned char) (mask & (r_enc[i + 1] ^ rho[i])); } Hash(x + 1, r_enc, 1 + Small_bytes); /* XXX: can instead do cmov on cached hash of rho */ for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Hash_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/sntrup857/avx2/Makefile b/crypto_kem/sntrup857/avx2/Makefile index 58d4d010..e49c52a1 100644 --- a/crypto_kem/sntrup857/avx2/Makefile +++ b/crypto_kem/sntrup857/avx2/Makefile @@ -4,7 +4,7 @@ LIB=libsntrup857_avx2.a HEADERS=api.h crypto_core_inv3sntrup857.h crypto_core_invsntrup857.h crypto_core_mult3sntrup857.h crypto_core_multsntrup857.h crypto_core_multsntrup857_ntt.h crypto_core_scale3sntrup857.h crypto_core_weightsntrup857.h crypto_core_wforcesntrup857.h crypto_decode_857x1723.h crypto_decode_857x3.h crypto_decode_857x5167.h crypto_decode_857xint16.h crypto_decode_857xint32.h crypto_decode_int16.h crypto_encode_857x1723.h crypto_encode_857x1723round.h crypto_encode_857x3.h crypto_encode_857x5167.h crypto_encode_857xfreeze3.h crypto_encode_857xint16.h crypto_encode_int16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1184.h params.h OBJECTS=crypto_core_inv3sntrup857.o crypto_core_invsntrup857.o crypto_core_mult3sntrup857.o crypto_core_multsntrup857.o crypto_core_multsntrup857_ntt.o crypto_core_scale3sntrup857.o crypto_core_weightsntrup857.o crypto_core_wforcesntrup857.o crypto_decode_857x1723.o crypto_decode_857x3.o crypto_decode_857x5167.o crypto_decode_857xint16.o crypto_decode_857xint32.o crypto_decode_int16.o crypto_encode_857x1723.o crypto_encode_857x1723round.o crypto_encode_857x3.o crypto_encode_857x5167.o crypto_encode_857xfreeze3.o crypto_encode_857xint16.o crypto_encode_int16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1184.o kem.o -CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -mavx2 -mbmi2 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/sntrup857/avx2/crypto_core_inv3sntrup857.c b/crypto_kem/sntrup857/avx2/crypto_core_inv3sntrup857.c index 70a67231..f359e6c6 100644 --- a/crypto_kem/sntrup857/avx2/crypto_core_inv3sntrup857.c +++ b/crypto_kem/sntrup857/avx2/crypto_core_inv3sntrup857.c @@ -179,7 +179,7 @@ static void vec256_final(small *out, const vec256 *V0, const vec256 *V1) { vec256_tobits(V1, v1); for (i = 0; i < ppad; ++i) { - v[i] = v0[i] + 2 * v1[i] - 4 * (v0[i] & v1[i]); + v[i] = (small) (v0[i] + 2 * v1[i] - 4 * (v0[i] & v1[i])); } for (i = 0; i < ppad; ++i) { @@ -252,11 +252,11 @@ static inline int vec256_bit0mask(vec256 *f) { static inline void vec256_divx_1(vec256 *f) { vec256 f0 = f[0]; - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); low0 = low0 >> 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); f[0] = _mm256_permute4x64_epi64(f0, 0x39); } @@ -265,14 +265,14 @@ static inline void vec256_divx_2(vec256 *f) { vec256 f0 = f[0]; vec256 f1 = f[1]; - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); low0 = (low0 >> 1) | (low1 << 63); low1 = low1 >> 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); f[0] = _mm256_permute4x64_epi64(f0, 0x39); f[1] = _mm256_permute4x64_epi64(f1, 0x39); @@ -283,17 +283,17 @@ static inline void vec256_divx_3(vec256 *f) { vec256 f1 = f[1]; vec256 f2 = f[2]; - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); - unsigned long long low2 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low2 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); low0 = (low0 >> 1) | (low1 << 63); low1 = (low1 >> 1) | (low2 << 63); low2 = low2 >> 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); - f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, low2), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); + f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, (long long) low2), 0x3); f[0] = _mm256_permute4x64_epi64(f0, 0x39); f[1] = _mm256_permute4x64_epi64(f1, 0x39); @@ -306,20 +306,20 @@ static inline void vec256_divx_4(vec256 *f) { vec256 f2 = f[2]; vec256 f3 = f[3]; - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); - unsigned long long low2 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); - unsigned long long low3 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f3)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low2 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); + unsigned long long low3 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f3)); low0 = (low0 >> 1) | (low1 << 63); low1 = (low1 >> 1) | (low2 << 63); low2 = (low2 >> 1) | (low3 << 63); low3 = low3 >> 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); - f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, low2), 0x3); - f3 = _mm256_blend_epi32(f3, _mm256_set_epi64x(0, 0, 0, low3), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); + f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, (long long) low2), 0x3); + f3 = _mm256_blend_epi32(f3, _mm256_set_epi64x(0, 0, 0, (long long) low3), 0x3); f[0] = _mm256_permute4x64_epi64(f0, 0x39); f[1] = _mm256_permute4x64_epi64(f1, 0x39); @@ -330,11 +330,11 @@ static inline void vec256_divx_4(vec256 *f) { static inline void vec256_timesx_1(vec256 *f) { vec256 f0 = _mm256_permute4x64_epi64(f[0], 0x93); - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); low0 = low0 << 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); f[0] = f0; } @@ -343,14 +343,14 @@ static inline void vec256_timesx_2(vec256 *f) { vec256 f0 = _mm256_permute4x64_epi64(f[0], 0x93); vec256 f1 = _mm256_permute4x64_epi64(f[1], 0x93); - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); low1 = (low1 << 1) | (low0 >> 63); low0 = low0 << 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); f[0] = f0; f[1] = f1; @@ -363,7 +363,7 @@ static inline void vec256_timesx_3(vec256 *f) { unsigned long long low0 = *(unsigned long long *) &f0; unsigned long long low1 = *(unsigned long long *) &f1; - unsigned long long low2 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); + unsigned long long low2 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); low2 = (low2 << 1) | (low1 >> 63); low1 = (low1 << 1) | (low0 >> 63); @@ -371,7 +371,7 @@ static inline void vec256_timesx_3(vec256 *f) { *(unsigned long long *) &f0 = low0; *(unsigned long long *) &f1 = low1; - f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, low2), 0x3); + f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, (long long) low2), 0x3); f[0] = f0; f[1] = f1; @@ -384,20 +384,20 @@ static inline void vec256_timesx_4(vec256 *f) { vec256 f2 = _mm256_permute4x64_epi64(f[2], 0x93); vec256 f3 = _mm256_permute4x64_epi64(f[3], 0x93); - unsigned long long low0 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); - unsigned long long low1 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); - unsigned long long low2 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); - unsigned long long low3 = _mm_cvtsi128_si64(_mm256_castsi256_si128(f3)); + unsigned long long low0 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f0)); + unsigned long long low1 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f1)); + unsigned long long low2 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f2)); + unsigned long long low3 = (unsigned long long) _mm_cvtsi128_si64(_mm256_castsi256_si128(f3)); low3 = (low3 << 1) | (low2 >> 63); low2 = (low2 << 1) | (low1 >> 63); low1 = (low1 << 1) | (low0 >> 63); low0 = low0 << 1; - f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, low0), 0x3); - f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, low1), 0x3); - f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, low2), 0x3); - f3 = _mm256_blend_epi32(f3, _mm256_set_epi64x(0, 0, 0, low3), 0x3); + f0 = _mm256_blend_epi32(f0, _mm256_set_epi64x(0, 0, 0, (long long) low0), 0x3); + f1 = _mm256_blend_epi32(f1, _mm256_set_epi64x(0, 0, 0, (long long) low1), 0x3); + f2 = _mm256_blend_epi32(f2, _mm256_set_epi64x(0, 0, 0, (long long) low2), 0x3); + f3 = _mm256_blend_epi32(f3, _mm256_set_epi64x(0, 0, 0, (long long) low3), 0x3); f[0] = f0; f[1] = f1; @@ -653,6 +653,6 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_core_inv3sntrup857(unsigned char *outbytes, co vec256_scale(V0, V1, c0vec, c1vec); vec256_final(out, V0, V1); - out[p] = negative_mask(minusdelta); + out[p] = (small) negative_mask(minusdelta); return 0; } diff --git a/crypto_kem/sntrup857/avx2/crypto_core_invsntrup857.c b/crypto_kem/sntrup857/avx2/crypto_core_invsntrup857.c index 764c10ed..4ca429cd 100644 --- a/crypto_kem/sntrup857/avx2/crypto_core_invsntrup857.c +++ b/crypto_kem/sntrup857/avx2/crypto_core_invsntrup857.c @@ -14,11 +14,11 @@ /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* return -1 if x<0; otherwise return 0 */ @@ -37,7 +37,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } /* nonnegative e */ @@ -158,13 +158,13 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_core_invsntrup857(unsigned char *outbytes, con f0 = f[0]; minusdelta = -delta; - swap = int16_negative_mask(minusdelta) & int16_nonzero_mask(g0); + swap = int16_negative_mask((int16) minusdelta) & int16_nonzero_mask(g0); delta ^= swap & (delta ^ minusdelta); delta += 1; fgflip = swap & (f0 ^ g0); - f0 ^= fgflip; - g0 ^= fgflip; + f0 ^= (Fq) fgflip; + g0 ^= (Fq) fgflip; f[0] = f0; @@ -177,13 +177,13 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_core_invsntrup857(unsigned char *outbytes, con f0 = f[0]; minusdelta = -delta; - swap = int16_negative_mask(minusdelta) & int16_nonzero_mask(g0); + swap = int16_negative_mask((int16) minusdelta) & int16_nonzero_mask(g0); delta ^= swap & (delta ^ minusdelta); delta += 1; fgflip = swap & (f0 ^ g0); - f0 ^= fgflip; - g0 ^= fgflip; + f0 ^= (Fq) fgflip; + g0 ^= (Fq) fgflip; f[0] = f0; @@ -197,6 +197,6 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_core_invsntrup857(unsigned char *outbytes, con } crypto_encode_pxint16(outbytes, out); - outbytes[2 * p] = int16_nonzero_mask(delta); + outbytes[2 * p] = (unsigned char) int16_nonzero_mask((int16) delta); return 0; } diff --git a/crypto_kem/sntrup857/avx2/crypto_core_mult3sntrup857.c b/crypto_kem/sntrup857/avx2/crypto_core_mult3sntrup857.c index dd4b9fa4..c39cc70d 100644 --- a/crypto_kem/sntrup857/avx2/crypto_core_mult3sntrup857.c +++ b/crypto_kem/sntrup857/avx2/crypto_core_mult3sntrup857.c @@ -266,14 +266,14 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_core_mult3sntrup857(unsigned char *outbytes, c } for (i = 0; i < p; ++i) { - int8 fi = inbytes[i]; + int8 fi = (int8) inbytes[i]; int8 fi0 = fi & 1; - f[i] = fi0 - (fi & (fi0 << 1)); + f[i] = (int16) (fi0 - (fi & (fi0 << 1))); } for (i = 0; i < p; ++i) { - int8 gi = kbytes[i]; + int8 gi = (int8) kbytes[i]; int8 gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (int16) (gi0 - (gi & (gi0 << 1))); } mult1024(fg, f, g); @@ -289,7 +289,7 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_core_mult3sntrup857(unsigned char *outbytes, c } for (i = 0; i < p; ++i) { - outbytes[i] = h[i]; + outbytes[i] = (unsigned char) h[i]; } return 0; diff --git a/crypto_kem/sntrup857/avx2/crypto_core_multsntrup857.c b/crypto_kem/sntrup857/avx2/crypto_core_multsntrup857.c index 3cd25ff6..898c7297 100644 --- a/crypto_kem/sntrup857/avx2/crypto_core_multsntrup857.c +++ b/crypto_kem/sntrup857/avx2/crypto_core_multsntrup857.c @@ -398,9 +398,9 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_core_multsntrup857(unsigned char *outbytes, co store_x16(&f[i], x); } for (i = 0; i < p; ++i) { - int8 gi = kbytes[i]; + int8 gi = (int8) kbytes[i]; int8 gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (int8) (gi0 - (gi & (gi0 << 1))); } mult1024(fg, f, g); diff --git a/crypto_kem/sntrup857/avx2/crypto_core_weightsntrup857.c b/crypto_kem/sntrup857/avx2/crypto_core_weightsntrup857.c index 5df7914a..c8a37134 100644 --- a/crypto_kem/sntrup857/avx2/crypto_core_weightsntrup857.c +++ b/crypto_kem/sntrup857/avx2/crypto_core_weightsntrup857.c @@ -37,8 +37,8 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_core_weightsntrup857(unsigned char *outbytes, sum = _mm256_hadd_epi16(sum, sum); /* want sum[0]+sum[8] */ - weight = _mm256_extract_epi16(sum, 0); - weight += _mm256_extract_epi16(sum, 8); + weight = (int16) _mm256_extract_epi16(sum, 0); + weight += (int16) _mm256_extract_epi16(sum, 8); PQCLEAN_SNTRUP857_AVX2_crypto_encode_int16(outbytes, &weight); return 0; diff --git a/crypto_kem/sntrup857/avx2/crypto_core_wforcesntrup857.c b/crypto_kem/sntrup857/avx2/crypto_core_wforcesntrup857.c index 889de6f9..61264db3 100644 --- a/crypto_kem/sntrup857/avx2/crypto_core_wforcesntrup857.c +++ b/crypto_kem/sntrup857/avx2/crypto_core_wforcesntrup857.c @@ -17,7 +17,7 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_core_wforcesntrup857(unsigned char *out, const crypto_core_weight((unsigned char *) &weight, in); PQCLEAN_SNTRUP857_AVX2_crypto_decode_int16(&weight, (unsigned char *) &weight); - mask = (weight - w) | (w - weight); + mask = (int16) ((weight - w) | (w - weight)); mask >>= 15; maskvec = _mm256_set1_epi16((short) ~mask); diff --git a/crypto_kem/sntrup857/avx2/crypto_decode_857x1723.c b/crypto_kem/sntrup857/avx2/crypto_decode_857x1723.c index 336f1b6b..2691eb2b 100644 --- a/crypto_kem/sntrup857/avx2/crypto_decode_857x1723.c +++ b/crypto_kem/sntrup857/avx2/crypto_decode_857x1723.c @@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) { } static inline int16 mulhi(int16 x, int16 y) { - return (x * (int32)y) >> 16; + return (int16) ((x * (int32)y) >> 16); } static inline __m256i add(__m256i x, __m256i y) { @@ -79,7 +79,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 = mulhi(a0, 276) - mulhi(mullo(a0, -22580), 743); /* -374...374 */ a0 += s[2 * i + 0]; /* -374...629 */ a0 += (a0 >> 15) & 743; /* 0...742 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -3881); /* invalid inputs might need reduction mod 14044 */ @@ -100,7 +100,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 436; /* -670..>37 */ a0 += (a0 >> 15) & 436; /* -234...435 */ a0 += (a0 >> 15) & 436; /* 0...435 */ - a1 = (a2 << 6) + ((s[i] - a0) >> 2); + a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2)); a1 = mullo(a1, 2405); /* invalid inputs might need reduction mod 8246 */ @@ -117,7 +117,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 436; /* -670..>37 */ a0 += (a0 >> 15) & 436; /* -234...435 */ a0 += (a0 >> 15) & 436; /* 0...435 */ - a1 = (a2 << 6) + ((s[i] - a0) >> 2); + a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2)); a1 = mullo(a1, 2405); /* invalid inputs might need reduction mod 436 */ @@ -139,7 +139,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 334; /* -501..>103 */ a0 += (a0 >> 15) & 334; /* -167...333 */ a0 += (a0 >> 15) & 334; /* 0...333 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, -22761); /* invalid inputs might need reduction mod 334 */ @@ -160,7 +160,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 292; /* -438..>125 */ a0 += (a0 >> 15) & 292; /* -146...291 */ a0 += (a0 >> 15) & 292; /* 0...291 */ - a1 = (a2 << 6) + ((s[i] - a0) >> 2); + a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2)); a1 = mullo(a1, -3591); /* invalid inputs might need reduction mod 7229 */ @@ -177,7 +177,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 292; /* -438..>125 */ a0 += (a0 >> 15) & 292; /* -146...291 */ a0 += (a0 >> 15) & 292; /* 0...291 */ - a1 = (a2 << 6) + ((s[i] - a0) >> 2); + a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2)); a1 = mullo(a1, -3591); /* invalid inputs might need reduction mod 292 */ @@ -199,7 +199,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 -= 273; /* -410..>118 */ a0 += (a0 >> 15) & 273; /* -137...272 */ a0 += (a0 >> 15) & 273; /* 0...272 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 4081); /* invalid inputs might need reduction mod 273 */ @@ -218,7 +218,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 = mulhi(a0, -259) - mulhi(mullo(a0, -3971), 4225); /* -2178...2112 */ a0 += s[1 * i + 0]; /* -2178...2367 */ a0 += (a0 >> 15) & 4225; /* 0...4224 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 12161); /* invalid inputs might need reduction mod 438 */ @@ -272,7 +272,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x1723(void *v, const unsigned char a0 += s[1 * i + 0]; /* -33...287 */ a0 = mulhi(a0, 16) - mulhi(mullo(a0, -1008), 65); /* -33...32 */ a0 += (a0 >> 15) & 65; /* 0...64 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, 4033); /* invalid inputs might need reduction mod 1723 */ @@ -391,7 +391,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x1723(void *v, const unsigned char /* R1 ------> R0: reconstruct mod 857*[1723] */ - R0[856] = 3 * R1[428] - 2583; + R0[856] = (int16) (3 * R1[428] - 2583); s -= 428; i = 412; for (;;) { diff --git a/crypto_kem/sntrup857/avx2/crypto_decode_857x5167.c b/crypto_kem/sntrup857/avx2/crypto_decode_857x5167.c index be710422..59b6969d 100644 --- a/crypto_kem/sntrup857/avx2/crypto_decode_857x5167.c +++ b/crypto_kem/sntrup857/avx2/crypto_decode_857x5167.c @@ -10,7 +10,7 @@ static inline int16 mullo(int16 x, int16 y) { } static inline int16 mulhi(int16 x, int16 y) { - return (x * (int32)y) >> 16; + return (int16) ((x * (int32)y) >> 16); } static inline __m256i add(__m256i x, __m256i y) { @@ -78,7 +78,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x5167(void *v, const unsigned char a0 = mulhi(a0, -1248) - mulhi(mullo(a0, -3064), 5476); /* -3050...2738 */ a0 += s[1 * i + 0]; /* -3050...2993 */ a0 += (a0 >> 15) & 5476; /* 0...5475 */ - a1 = (a2 << 6) + ((s[i] - a0) >> 2); + a1 = (int16) ((a2 << 6) + ((s[i] - a0) >> 2)); a1 = mullo(a1, -3351); /* invalid inputs might need reduction mod 291 */ @@ -98,7 +98,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x5167(void *v, const unsigned char a0 += s[1 * i + 0]; /* -37...294 */ a0 = mulhi(a0, -28) - mulhi(mullo(a0, -886), 74); /* -38...37 */ a0 += (a0 >> 15) & 74; /* 0...73 */ - a1 = (a2 << 7) + ((s[i] - a0) >> 1); + a1 = (int16) ((a2 << 7) + ((s[i] - a0) >> 1)); a1 = mullo(a1, 7085); /* invalid inputs might need reduction mod 1004 */ @@ -112,7 +112,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x5167(void *v, const unsigned char a2 = a0 = R9[i]; a0 = mulhi(a0, -28) - mulhi(mullo(a0, -886), 74); /* -44...37 */ a0 += (a0 >> 15) & 74; /* 0...73 */ - a1 = (a2 - a0) >> 1; + a1 = (int16) (a2 - a0) >> 1; a1 = mullo(a1, 7085); /* invalid inputs might need reduction mod 74 */ @@ -134,7 +134,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x5167(void *v, const unsigned char a0 = mulhi(a0, -302) - mulhi(mullo(a0, -7647), 2194); /* -1104...1102 */ a0 += s[2 * i + 0]; /* -1104...1357 */ a0 += (a0 >> 15) & 2194; /* 0...2193 */ - a1 = (a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1); + a1 = (int16) ((a2 << 15) + (s[2 * i + 1] << 7) + ((s[2 * i] - a0) >> 1)); a1 = mullo(a1, 11769); /* invalid inputs might need reduction mod 2194 */ @@ -155,7 +155,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x5167(void *v, const unsigned char a0 = mulhi(a0, 1807) - mulhi(mullo(a0, -1399), 11991); /* -6161...6180 */ a0 += s[2 * i + 0]; /* -6161...6435 */ a0 += (a0 >> 15) & 11991; /* 0...11990 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -23321); /* invalid inputs might need reduction mod 5483 */ @@ -172,7 +172,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x5167(void *v, const unsigned char a0 = mulhi(a0, 1807) - mulhi(mullo(a0, -1399), 11991); /* -6161...6180 */ a0 += s[2 * i + 0]; /* -6161...6435 */ a0 += (a0 >> 15) & 11991; /* 0...11990 */ - a1 = (s[2 * i + 1] << 8) + s[2 * i] - a0; + a1 = (int16) ((s[2 * i + 1] << 8) + s[2 * i] - a0); a1 = mullo(a1, -23321); /* invalid inputs might need reduction mod 11991 */ @@ -192,7 +192,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x5167(void *v, const unsigned char a0 = mulhi(a0, 64) - mulhi(mullo(a0, -9576), 1752); /* -876...892 */ a0 += s[1 * i + 0]; /* -876...1147 */ a0 += (a0 >> 15) & 1752; /* 0...1751 */ - a1 = (a2 << 5) + ((s[i] - a0) >> 3); + a1 = (int16) ((a2 << 5) + ((s[i] - a0) >> 3)); a1 = mullo(a1, -1197); /* invalid inputs might need reduction mod 1752 */ @@ -211,7 +211,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x5167(void *v, const unsigned char a0 = mulhi(a0, 658) - mulhi(mullo(a0, -1566), 10713); /* -5357...5521 */ a0 += s[1 * i + 0]; /* -5357...5776 */ a0 += (a0 >> 15) & 10713; /* 0...10712 */ - a1 = (a2 << 8) + s[i] - a0; + a1 = (int16) ((a2 << 8) + s[i] - a0); a1 = mullo(a1, -14743); /* invalid inputs might need reduction mod 131 */ @@ -266,7 +266,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857x5167(void *v, const unsigned char a0 = mulhi(a0, 280) - mulhi(mullo(a0, -10131), 1656); /* -832...832 */ a0 += s[2 * i + 0]; /* -832...1087 */ a0 += (a0 >> 15) & 1656; /* 0...1655 */ - a1 = (a2 << 13) + (s[2 * i + 1] << 5) + ((s[2 * i] - a0) >> 3); + a1 = (int16) ((a2 << 13) + (s[2 * i + 1] << 5) + ((s[2 * i] - a0) >> 3)); a1 = mullo(a1, 1583); /* invalid inputs might need reduction mod 5167 */ diff --git a/crypto_kem/sntrup857/avx2/crypto_decode_857xint16.c b/crypto_kem/sntrup857/avx2/crypto_decode_857xint16.c index d52df0c3..8fc25e62 100644 --- a/crypto_kem/sntrup857/avx2/crypto_decode_857xint16.c +++ b/crypto_kem/sntrup857/avx2/crypto_decode_857xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_857xint16(void *v, const unsigned char for (i = 0; i < 857; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/sntrup857/avx2/crypto_decode_int16.c b/crypto_kem/sntrup857/avx2/crypto_decode_int16.c index a3a53a47..d92e2bf3 100644 --- a/crypto_kem/sntrup857/avx2/crypto_decode_int16.c +++ b/crypto_kem/sntrup857/avx2/crypto_decode_int16.c @@ -4,6 +4,6 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_decode_int16(void *x, const unsigned char *s) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; + u1 = (uint16_t) (u1 << 8); *(uint16_t *) x = u0 | u1; } diff --git a/crypto_kem/sntrup857/avx2/crypto_encode_857x1723.c b/crypto_kem/sntrup857/avx2/crypto_encode_857x1723.c index 8ae91a55..605677b3 100644 --- a/crypto_kem/sntrup857/avx2/crypto_encode_857x1723.c +++ b/crypto_kem/sntrup857/avx2/crypto_encode_857x1723.c @@ -42,26 +42,26 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[428] = (((R0[856] + 2583) & 16383) * 10923) >> 15; + R[428] = (uint16) ((((R0[856] + 2583) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -145,14 +145,14 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)65; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[106]; r1 = R[107]; r2 = r0 + r1 * (uint32)65; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[53] = r2; + R[53] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -194,9 +194,9 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723(unsigned char *out, const voi r0 = R[52]; r1 = R[53]; r2 = r0 + r1 * (uint32)4225; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[26] = r2; + R[26] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -220,22 +220,22 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -245,18 +245,18 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)292; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)334; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[3] = R[6]; @@ -264,20 +264,20 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)436; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)743; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup857/avx2/crypto_encode_857x1723round.c b/crypto_kem/sntrup857/avx2/crypto_encode_857x1723round.c index 7d9937a1..87439d76 100644 --- a/crypto_kem/sntrup857/avx2/crypto_encode_857x1723round.c +++ b/crypto_kem/sntrup857/avx2/crypto_encode_857x1723round.c @@ -44,26 +44,26 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723round(unsigned char *out, cons )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } - R[428] = (((3 * ((10923 * R0[856] + 16384) >> 15) + 2583) & 16383) * 10923) >> 15; + R[428] = (uint16) ((((3 * ((10923 * R0[856] + 16384) >> 15) + 2583) & 16383) * 10923) >> 15); reading = (uint16 *) R; writing = R; @@ -147,14 +147,14 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723round(unsigned char *out, cons r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)65; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[106]; r1 = R[107]; r2 = r0 + r1 * (uint32)65; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[53] = r2; + R[53] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -196,9 +196,9 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723round(unsigned char *out, cons r0 = R[52]; r1 = R[53]; r2 = r0 + r1 * (uint32)4225; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[26] = r2; + R[26] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -222,22 +222,22 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723round(unsigned char *out, cons )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -247,18 +247,18 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723round(unsigned char *out, cons r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)292; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)334; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[3] = R[6]; @@ -266,20 +266,20 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x1723round(unsigned char *out, cons r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)436; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)743; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup857/avx2/crypto_encode_857x5167.c b/crypto_kem/sntrup857/avx2/crypto_encode_857x5167.c index 1dbc4f29..896f12cb 100644 --- a/crypto_kem/sntrup857/avx2/crypto_encode_857x5167.c +++ b/crypto_kem/sntrup857/avx2/crypto_encode_857x5167.c @@ -82,22 +82,22 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x5167(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -125,22 +125,22 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x5167(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -168,33 +168,33 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x5167(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } r0 = R[106]; r1 = R[107]; r2 = r0 + r1 * (uint32)1656; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[53] = r2; + R[53] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -236,9 +236,9 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x5167(unsigned char *out, const voi r0 = R[52]; r1 = R[53]; r2 = r0 + r1 * (uint32)10713; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[26] = r2; + R[26] = (uint16) r2; reading = (uint16 *) R; writing = R; @@ -262,22 +262,22 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x5167(unsigned char *out, const voi )); x = _mm256_permute4x64_epi64(x, 0xd8); _mm_storeu_si128((__m128i *) writing, _mm256_extractf128_si256(x, 0)); - s0 = _mm256_extract_epi32(x, 4); - *out++ = s0; + s0 = (uint32) _mm256_extract_epi32(x, 4); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; - s0 = _mm256_extract_epi32(x, 6); - *out++ = s0; + *out++ = (unsigned char) s0; + s0 = (uint32) _mm256_extract_epi32(x, 6); + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; s0 >>= 8; - *out++ = s0; + *out++ = (unsigned char) s0; reading += 16; writing += 8; } @@ -287,45 +287,45 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857x5167(unsigned char *out, const voi r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)11991; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2194; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[3] = R[6]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)74; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[2]; r1 = R[3]; r2 = r0 + r1 * (uint32)74; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[1] = r2; + R[1] = (uint16) r2; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)5476; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup857/avx2/crypto_encode_857xint16.c b/crypto_kem/sntrup857/avx2/crypto_encode_857xint16.c index 7c889f7a..9ae26814 100644 --- a/crypto_kem/sntrup857/avx2/crypto_encode_857xint16.c +++ b/crypto_kem/sntrup857/avx2/crypto_encode_857xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_857xint16(unsigned char *s, const void for (i = 0; i < 857; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/sntrup857/avx2/crypto_encode_int16.c b/crypto_kem/sntrup857/avx2/crypto_encode_int16.c index 33767274..5696d24c 100644 --- a/crypto_kem/sntrup857/avx2/crypto_encode_int16.c +++ b/crypto_kem/sntrup857/avx2/crypto_encode_int16.c @@ -4,6 +4,6 @@ void PQCLEAN_SNTRUP857_AVX2_crypto_encode_int16(unsigned char *s, const void *x) { uint16 u = *(const uint16 *) x; - s[0] = u; - s[1] = u >> 8; + s[0] = (unsigned char) u; + s[1] = (unsigned char) (u >> 8); } diff --git a/crypto_kem/sntrup857/avx2/crypto_sort_int32.c b/crypto_kem/sntrup857/avx2/crypto_sort_int32.c index a438d7d3..ecd7b3b8 100644 --- a/crypto_kem/sntrup857/avx2/crypto_sort_int32.c +++ b/crypto_kem/sntrup857/avx2/crypto_sort_int32.c @@ -44,7 +44,7 @@ static void minmax_vector(int32 *x, int32 *y, size_t n) { int32x8_MINMAX(x0, y0); int32x8_store(x + n - 8, x0); int32x8_store(y + n - 8, y0); - n &= ~7; + n &= ~(size_t) 7; } do { int32x8 x0 = int32x8_load(x); diff --git a/crypto_kem/sntrup857/avx2/crypto_verify_1184.c b/crypto_kem/sntrup857/avx2/crypto_verify_1184.c index 20fb5f4c..d854ffb6 100644 --- a/crypto_kem/sntrup857/avx2/crypto_verify_1184.c +++ b/crypto_kem/sntrup857/avx2/crypto_verify_1184.c @@ -27,10 +27,10 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_verify_1184(const unsigned char *x, const unsi diff |= _mm256_srli_epi32(diff, 16); diff |= _mm256_srli_epi64(diff, 32); - differentbits = _mm256_extract_epi8(diff, 0); - differentbits |= _mm256_extract_epi8(diff, 8); - differentbits |= _mm256_extract_epi8(diff, 16); - differentbits |= _mm256_extract_epi8(diff, 24); + differentbits = (unsigned int) _mm256_extract_epi8(diff, 0); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 8); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 16); + differentbits |= (unsigned int) _mm256_extract_epi8(diff, 24); return (int) (1 & ((differentbits - 1) >> 8)) - 1; } diff --git a/crypto_kem/sntrup857/avx2/kem.c b/crypto_kem/sntrup857/avx2/kem.c index 1cbfdf24..97772835 100644 --- a/crypto_kem/sntrup857/avx2/kem.c +++ b/crypto_kem/sntrup857/avx2/kem.c @@ -65,7 +65,7 @@ static void Rq_recip3(Fq *out, const small *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -103,7 +103,7 @@ static void Short_random(small *out) { } PQCLEAN_SNTRUP857_AVX2_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -115,7 +115,7 @@ static void Small_random(small *out) { L[i] = urandom32(); } for (i = 0; i < p; ++i) { - out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1; + out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } } @@ -248,13 +248,13 @@ int PQCLEAN_SNTRUP857_AVX2_crypto_kem_dec(unsigned char *k, const unsigned char Hide(x, cnew, r_enc, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Small_bytes; ++i) { - r_enc[i + 1] ^= mask & (r_enc[i + 1] ^ rho[i]); + r_enc[i + 1] ^= (unsigned char) (mask & (r_enc[i + 1] ^ rho[i])); } Hash(x + 1, r_enc, 1 + Small_bytes); /* XXX: can instead do cmov on cached hash of rho */ for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Hash_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0; diff --git a/crypto_kem/sntrup857/clean/Makefile b/crypto_kem/sntrup857/clean/Makefile index abe07fce..9c5e1649 100644 --- a/crypto_kem/sntrup857/clean/Makefile +++ b/crypto_kem/sntrup857/clean/Makefile @@ -4,7 +4,7 @@ LIB=libsntrup857_clean.a HEADERS=api.h crypto_core_inv3sntrup857.h crypto_core_invsntrup857.h crypto_core_mult3sntrup857.h crypto_core_multsntrup857.h crypto_core_scale3sntrup857.h crypto_core_weightsntrup857.h crypto_core_wforcesntrup857.h crypto_decode_857x1723.h crypto_decode_857x3.h crypto_decode_857x5167.h crypto_decode_857xint16.h crypto_decode_857xint32.h crypto_encode_857x1723.h crypto_encode_857x1723round.h crypto_encode_857x3.h crypto_encode_857x5167.h crypto_encode_857xfreeze3.h crypto_encode_857xint16.h crypto_encode_int16.h crypto_sort_int32.h crypto_sort_uint32.h crypto_stream_aes256ctr.h crypto_verify_1184.h params.h OBJECTS=crypto_core_inv3sntrup857.o crypto_core_invsntrup857.o crypto_core_mult3sntrup857.o crypto_core_multsntrup857.o crypto_core_scale3sntrup857.o crypto_core_weightsntrup857.o crypto_core_wforcesntrup857.o crypto_decode_857x1723.o crypto_decode_857x3.o crypto_decode_857x5167.o crypto_decode_857xint16.o crypto_decode_857xint32.o crypto_encode_857x1723.o crypto_encode_857x1723round.o crypto_encode_857x3.o crypto_encode_857x5167.o crypto_encode_857xfreeze3.o crypto_encode_857xint16.o crypto_encode_int16.o crypto_sort_int32.o crypto_sort_uint32.o crypto_stream_aes256ctr.o crypto_verify_1184.o kem.o -CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -std=c99 -I../../../common $(EXTRAFLAGS) +CFLAGS=-O3 -Wall -Wextra -Wpedantic -Wvla -Werror -Wredundant-decls -Wmissing-prototypes -Wconversion -std=c99 -I../../../common $(EXTRAFLAGS) all: $(LIB) diff --git a/crypto_kem/sntrup857/clean/crypto_core_inv3sntrup857.c b/crypto_kem/sntrup857/clean/crypto_core_inv3sntrup857.c index 234b2ad4..60f313ed 100644 --- a/crypto_kem/sntrup857/clean/crypto_core_inv3sntrup857.c +++ b/crypto_kem/sntrup857/clean/crypto_core_inv3sntrup857.c @@ -13,16 +13,16 @@ /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -36,7 +36,7 @@ typedef int8 small; /* works for -16384 <= x < 16384 */ static small F3_freeze(int16 x) { - return x - 3 * ((10923 * x + 16384) >> 15); + return (small) (x - 3 * ((10923 * x + 16384) >> 15)); } /* byte p of output is 0 if recip succeeded; else -1 */ @@ -61,7 +61,7 @@ int PQCLEAN_SNTRUP857_CLEAN_crypto_core_inv3sntrup857(unsigned char *outbytes, c f[p - 1] = f[p] = -1; for (i = 0; i < p; ++i) { small i1 = in[i] & 1; - g[p - 1 - i] = i1 - (in[i] & (i1 << 1)); + g[p - 1 - i] = (small) (i1 - (in[i] & (i1 << 1))); } g[p] = 0; @@ -74,24 +74,24 @@ int PQCLEAN_SNTRUP857_CLEAN_crypto_core_inv3sntrup857(unsigned char *outbytes, c v[0] = 0; sign = -g[0] * f[0]; - swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]); + swap = int16_negative_mask(-(int16) delta) & int16_nonzero_mask(g[0]); delta ^= swap & (delta ^ -delta); delta += 1; for (i = 0; i < p + 1; ++i) { t = swap & (f[i] ^ g[i]); - f[i] ^= t; - g[i] ^= t; + f[i] ^= (small) t; + g[i] ^= (small) t; t = swap & (v[i] ^ r[i]); - v[i] ^= t; - r[i] ^= t; + v[i] ^= (small) t; + r[i] ^= (small) t; } for (i = 0; i < p + 1; ++i) { - g[i] = F3_freeze(g[i] + sign * f[i]); + g[i] = F3_freeze((int16) (g[i] + sign * f[i])); } for (i = 0; i < p + 1; ++i) { - r[i] = F3_freeze(r[i] + sign * v[i]); + r[i] = F3_freeze((int16) (r[i] + sign * v[i])); } for (i = 0; i < p; ++i) { @@ -102,9 +102,9 @@ int PQCLEAN_SNTRUP857_CLEAN_crypto_core_inv3sntrup857(unsigned char *outbytes, c sign = f[0]; for (i = 0; i < p; ++i) { - out[i] = sign * v[p - 1 - i]; + out[i] = (small) sign * v[p - 1 - i]; } - out[p] = int16_nonzero_mask(delta); + out[p] = (small) int16_nonzero_mask((int16) delta); return 0; } diff --git a/crypto_kem/sntrup857/clean/crypto_core_invsntrup857.c b/crypto_kem/sntrup857/clean/crypto_core_invsntrup857.c index eb9823b8..383f2951 100644 --- a/crypto_kem/sntrup857/clean/crypto_core_invsntrup857.c +++ b/crypto_kem/sntrup857/clean/crypto_core_invsntrup857.c @@ -13,16 +13,16 @@ /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* return -1 if x<0; otherwise return 0 */ static int int16_negative_mask(int16 x) { - uint16 u = x; + uint16 u = (uint16) x; u >>= 15; return -(int) u; /* alternative with gcc -fwrapv: */ @@ -40,7 +40,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } static Fq Fq_recip(Fq a1) { @@ -91,17 +91,17 @@ int PQCLEAN_SNTRUP857_CLEAN_crypto_core_invsntrup857(unsigned char *outbytes, co } v[0] = 0; - swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]); + swap = int16_negative_mask((int16) - delta) & int16_nonzero_mask(g[0]); delta ^= swap & (delta ^ -delta); delta += 1; for (i = 0; i < p + 1; ++i) { t = swap & (f[i] ^ g[i]); - f[i] ^= t; - g[i] ^= t; + f[i] ^= (Fq) t; + g[i] ^= (Fq) t; t = swap & (v[i] ^ r[i]); - v[i] ^= t; - r[i] ^= t; + v[i] ^= (Fq) t; + r[i] ^= (Fq) t; } f0 = f[0]; @@ -126,6 +126,6 @@ int PQCLEAN_SNTRUP857_CLEAN_crypto_core_invsntrup857(unsigned char *outbytes, co crypto_encode_pxint16(outbytes, out); - outbytes[2 * p] = int16_nonzero_mask(delta); + outbytes[2 * p] = (unsigned char) int16_nonzero_mask((int16) delta); return 0; } diff --git a/crypto_kem/sntrup857/clean/crypto_core_mult3sntrup857.c b/crypto_kem/sntrup857/clean/crypto_core_mult3sntrup857.c index 02d8697b..d5391808 100644 --- a/crypto_kem/sntrup857/clean/crypto_core_mult3sntrup857.c +++ b/crypto_kem/sntrup857/clean/crypto_core_mult3sntrup857.c @@ -8,7 +8,7 @@ typedef int8 small; /* works for -16384 <= x < 16384 */ static small F3_freeze(int16 x) { - return x - 3 * ((10923 * x + 16384) >> 15); + return (small) (x - 3 * ((10923 * x + 16384) >> 15)); } int PQCLEAN_SNTRUP857_CLEAN_crypto_core_mult3sntrup857(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) { @@ -20,27 +20,27 @@ int PQCLEAN_SNTRUP857_CLEAN_crypto_core_mult3sntrup857(unsigned char *outbytes, int i, j; for (i = 0; i < p; ++i) { - small fi = inbytes[i]; + small fi = (small) inbytes[i]; small fi0 = fi & 1; - f[i] = fi0 - (fi & (fi0 << 1)); + f[i] = (small) (fi0 - (fi & (fi0 << 1))); } for (i = 0; i < p; ++i) { - small gi = kbytes[i]; + small gi = (small) kbytes[i]; small gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (small) (gi0 - (gi & (gi0 << 1))); } for (i = 0; i < p; ++i) { result = 0; for (j = 0; j <= i; ++j) { - result += f[j] * g[i - j]; + result += (int16) (f[j] * g[i - j]); } fg[i] = F3_freeze(result); } for (i = p; i < p + p - 1; ++i) { result = 0; for (j = i - p + 1; j < p; ++j) { - result += f[j] * g[i - j]; + result += (int16) (f[j] * g[i - j]); } fg[i] = F3_freeze(result); } diff --git a/crypto_kem/sntrup857/clean/crypto_core_multsntrup857.c b/crypto_kem/sntrup857/clean/crypto_core_multsntrup857.c index 80474ff8..2066e528 100644 --- a/crypto_kem/sntrup857/clean/crypto_core_multsntrup857.c +++ b/crypto_kem/sntrup857/clean/crypto_core_multsntrup857.c @@ -14,7 +14,7 @@ typedef int16 Fq; static Fq Fq_freeze(int32 x) { x -= q * ((q18 * x) >> 18); x -= q * ((q27 * x + 67108864) >> 27); - return x; + return (Fq) x; } int PQCLEAN_SNTRUP857_CLEAN_crypto_core_multsntrup857(unsigned char *outbytes, const unsigned char *inbytes, const unsigned char *kbytes) { @@ -30,9 +30,9 @@ int PQCLEAN_SNTRUP857_CLEAN_crypto_core_multsntrup857(unsigned char *outbytes, c } for (i = 0; i < p; ++i) { - small gi = kbytes[i]; + small gi = (small) kbytes[i]; small gi0 = gi & 1; - g[i] = gi0 - (gi & (gi0 << 1)); + g[i] = (small) (gi0 - (gi & (gi0 << 1))); } for (i = 0; i < p; ++i) { diff --git a/crypto_kem/sntrup857/clean/crypto_core_wforcesntrup857.c b/crypto_kem/sntrup857/clean/crypto_core_wforcesntrup857.c index 6a8dc8fd..b7d5b1d8 100644 --- a/crypto_kem/sntrup857/clean/crypto_core_wforcesntrup857.c +++ b/crypto_kem/sntrup857/clean/crypto_core_wforcesntrup857.c @@ -12,11 +12,11 @@ typedef int8 small; /* return -1 if x!=0; else return 0 */ static int int16_nonzero_mask(int16 x) { - uint16 u = x; /* 0, else 1...65535 */ + uint16 u = (uint16) x; /* 0, else 1...65535 */ uint32 v = u; /* 0, else 1...65535 */ v = -v; /* 0, else 2^32-65535...2^32-1 */ v >>= 31; /* 0, else 1 */ - return -v; /* 0, else -1 */ + return -(int) v; /* 0, else -1 */ } /* 0 if Weightw_is(r), else -1 */ @@ -27,7 +27,7 @@ static int Weightw_mask(const small *r) { for (i = 0; i < p; ++i) { weight += r[i] & 1; } - return int16_nonzero_mask(weight - w); + return int16_nonzero_mask((int16) (weight - w)); } /* out = in if bottom bits of in have weight w */ @@ -39,10 +39,10 @@ int PQCLEAN_SNTRUP857_CLEAN_crypto_core_wforcesntrup857(unsigned char *outbytes, mask = Weightw_mask(in); /* 0 if weight w, else -1 */ for (i = 0; i < w; ++i) { - out[i] = ((in[i] ^ 1) & ~mask) ^ 1; + out[i] = (small) (((in[i] ^ 1) & ~mask) ^ 1); } for (i = w; i < p; ++i) { - out[i] = in[i] & ~mask; + out[i] = (small) (in[i] & ~mask); } return 0; } diff --git a/crypto_kem/sntrup857/clean/crypto_decode_857x1723.c b/crypto_kem/sntrup857/clean/crypto_decode_857x1723.c index ab803b68..3664a899 100644 --- a/crypto_kem/sntrup857/clean/crypto_decode_857x1723.c +++ b/crypto_kem/sntrup857/clean/crypto_decode_857x1723.c @@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q = 0; - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */ /* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */ /* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */ @@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += qpart; /* x <= 49146 */ - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */ /* 0 <= newx <= m + 49146(2^14-1)/2^31 */ /* 0 <= newx <= m + 0.4 */ @@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += mask; /* x < m */ - *r = x; + *r = (uint16) x; } static uint16 uint32_mod_uint14(uint32 x, uint16 m) { @@ -80,7 +80,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x1723(void *v, const unsigned char r1 = 0; r1 = (r1 << 8) | *--s; r1 = uint32_mod_uint14(r1, 160); /* needed only for invalid inputs */ - R10[0] = r1; + R10[0] = (uint16) r1; r2 = R10[0]; r2 = (r2 << 8) | *--s; @@ -88,20 +88,20 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x1723(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 743); R9[0] = r0; r1 = uint32_mod_uint14(r1, 14044); /* needed only for invalid inputs */ - R9[1] = r1; + R9[1] = (uint16) r1; r2 = R9[1]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 436); R8[2] = r0; r1 = uint32_mod_uint14(r1, 8246); /* needed only for invalid inputs */ - R8[3] = r1; + R8[3] = (uint16) r1; r2 = R9[0]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 436); R8[0] = r0; r1 = uint32_mod_uint14(r1, 436); /* needed only for invalid inputs */ - R8[1] = r1; + R8[1] = (uint16) r1; R7[6] = R8[3]; for (i = 2; i >= 0; --i) { @@ -110,7 +110,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x1723(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 334); R7[2 * i] = r0; r1 = uint32_mod_uint14(r1, 334); /* needed only for invalid inputs */ - R7[2 * i + 1] = r1; + R7[2 * i + 1] = (uint16) r1; } r2 = R7[6]; @@ -118,14 +118,14 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x1723(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 292); R6[12] = r0; r1 = uint32_mod_uint14(r1, 7229); /* needed only for invalid inputs */ - R6[13] = r1; + R6[13] = (uint16) r1; for (i = 5; i >= 0; --i) { r2 = R7[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 292); R6[2 * i] = r0; r1 = uint32_mod_uint14(r1, 292); /* needed only for invalid inputs */ - R6[2 * i + 1] = r1; + R6[2 * i + 1] = (uint16) r1; } R5[26] = R6[13]; @@ -135,7 +135,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x1723(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 273); R5[2 * i] = r0; r1 = uint32_mod_uint14(r1, 273); /* needed only for invalid inputs */ - R5[2 * i + 1] = r1; + R5[2 * i + 1] = (uint16) r1; } r2 = R5[26]; @@ -143,7 +143,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x1723(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 4225); R4[52] = r0; r1 = uint32_mod_uint14(r1, 438); /* needed only for invalid inputs */ - R4[53] = r1; + R4[53] = (uint16) r1; for (i = 25; i >= 0; --i) { r2 = R5[i]; r2 = (r2 << 8) | *--s; @@ -151,7 +151,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x1723(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 4225); R4[2 * i] = r0; r1 = uint32_mod_uint14(r1, 4225); /* needed only for invalid inputs */ - R4[2 * i + 1] = r1; + R4[2 * i + 1] = (uint16) r1; } r2 = R4[53]; @@ -159,13 +159,13 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x1723(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 65); R3[106] = r0; r1 = uint32_mod_uint14(r1, 1723); /* needed only for invalid inputs */ - R3[107] = r1; + R3[107] = (uint16) r1; for (i = 52; i >= 0; --i) { r2 = R4[i]; uint32_divmod_uint14(&r1, &r0, r2, 65); R3[2 * i] = r0; r1 = uint32_mod_uint14(r1, 65); /* needed only for invalid inputs */ - R3[2 * i + 1] = r1; + R3[2 * i + 1] = (uint16) r1; } R2[214] = R3[107]; @@ -176,7 +176,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x1723(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 2053); R2[2 * i] = r0; r1 = uint32_mod_uint14(r1, 2053); /* needed only for invalid inputs */ - R2[2 * i + 1] = r1; + R2[2 * i + 1] = (uint16) r1; } R1[428] = R2[214]; @@ -187,16 +187,16 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x1723(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 11597); R1[2 * i] = r0; r1 = uint32_mod_uint14(r1, 11597); /* needed only for invalid inputs */ - R1[2 * i + 1] = r1; + R1[2 * i + 1] = (uint16) r1; } - R0[856] = 3 * R1[428] - 2583; + R0[856] = (int16) (3 * R1[428] - 2583); for (i = 427; i >= 0; --i) { r2 = R1[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1723); - R0[2 * i] = 3 * r0 - 2583; + R0[2 * i] = (int16) (3 * r0 - 2583); r1 = uint32_mod_uint14(r1, 1723); /* needed only for invalid inputs */ - R0[2 * i + 1] = 3 * r1 - 2583; + R0[2 * i + 1] = (int16) (3 * r1 - 2583); } } diff --git a/crypto_kem/sntrup857/clean/crypto_decode_857x5167.c b/crypto_kem/sntrup857/clean/crypto_decode_857x5167.c index 1068effe..67a01738 100644 --- a/crypto_kem/sntrup857/clean/crypto_decode_857x5167.c +++ b/crypto_kem/sntrup857/clean/crypto_decode_857x5167.c @@ -30,7 +30,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q = 0; - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */ /* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */ /* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */ @@ -42,7 +42,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += qpart; /* x <= 49146 */ - qpart = (x * (uint64)v) >> 31; + qpart = (uint32) ((x * (uint64)v) >> 31); /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */ /* 0 <= newx <= m + 49146(2^14-1)/2^31 */ /* 0 <= newx <= m + 0.4 */ @@ -59,7 +59,7 @@ static void uint32_divmod_uint14(uint32 *q, uint16 *r, uint32 x, uint16 m) { *q += mask; /* x < m */ - *r = x; + *r = (uint16) x; } static uint16 uint32_mod_uint14(uint32 x, uint16 m) { @@ -81,26 +81,26 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x5167(void *v, const unsigned char r1 = (r1 << 8) | *--s; r1 = (r1 << 8) | *--s; r1 = uint32_mod_uint14(r1, 6225); /* needed only for invalid inputs */ - R10[0] = r1; + R10[0] = (uint16) r1; r2 = R10[0]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 5476); R9[0] = r0; r1 = uint32_mod_uint14(r1, 291); /* needed only for invalid inputs */ - R9[1] = r1; + R9[1] = (uint16) r1; r2 = R9[1]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 74); R8[2] = r0; r1 = uint32_mod_uint14(r1, 1004); /* needed only for invalid inputs */ - R8[3] = r1; + R8[3] = (uint16) r1; r2 = R9[0]; uint32_divmod_uint14(&r1, &r0, r2, 74); R8[0] = r0; r1 = uint32_mod_uint14(r1, 74); /* needed only for invalid inputs */ - R8[1] = r1; + R8[1] = (uint16) r1; R7[6] = R8[3]; for (i = 2; i >= 0; --i) { @@ -110,7 +110,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x5167(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 2194); R7[2 * i] = r0; r1 = uint32_mod_uint14(r1, 2194); /* needed only for invalid inputs */ - R7[2 * i + 1] = r1; + R7[2 * i + 1] = (uint16) r1; } r2 = R7[6]; @@ -119,7 +119,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x5167(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 11991); R6[12] = r0; r1 = uint32_mod_uint14(r1, 5483); /* needed only for invalid inputs */ - R6[13] = r1; + R6[13] = (uint16) r1; for (i = 5; i >= 0; --i) { r2 = R7[i]; r2 = (r2 << 8) | *--s; @@ -127,7 +127,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x5167(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 11991); R6[2 * i] = r0; r1 = uint32_mod_uint14(r1, 11991); /* needed only for invalid inputs */ - R6[2 * i + 1] = r1; + R6[2 * i + 1] = (uint16) r1; } R5[26] = R6[13]; @@ -137,7 +137,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x5167(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 1752); R5[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1752); /* needed only for invalid inputs */ - R5[2 * i + 1] = r1; + R5[2 * i + 1] = (uint16) r1; } r2 = R5[26]; @@ -145,7 +145,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x5167(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 10713); R4[52] = r0; r1 = uint32_mod_uint14(r1, 131); /* needed only for invalid inputs */ - R4[53] = r1; + R4[53] = (uint16) r1; for (i = 25; i >= 0; --i) { r2 = R5[i]; r2 = (r2 << 8) | *--s; @@ -153,7 +153,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x5167(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 10713); R4[2 * i] = r0; r1 = uint32_mod_uint14(r1, 10713); /* needed only for invalid inputs */ - R4[2 * i + 1] = r1; + R4[2 * i + 1] = (uint16) r1; } r2 = R4[53]; @@ -162,14 +162,14 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x5167(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 1656); R3[106] = r0; r1 = uint32_mod_uint14(r1, 5167); /* needed only for invalid inputs */ - R3[107] = r1; + R3[107] = (uint16) r1; for (i = 52; i >= 0; --i) { r2 = R4[i]; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 1656); R3[2 * i] = r0; r1 = uint32_mod_uint14(r1, 1656); /* needed only for invalid inputs */ - R3[2 * i + 1] = r1; + R3[2 * i + 1] = (uint16) r1; } R2[214] = R3[107]; @@ -179,7 +179,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x5167(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 651); R2[2 * i] = r0; r1 = uint32_mod_uint14(r1, 651); /* needed only for invalid inputs */ - R2[2 * i + 1] = r1; + R2[2 * i + 1] = (uint16) r1; } R1[428] = R2[214]; @@ -189,17 +189,17 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857x5167(void *v, const unsigned char uint32_divmod_uint14(&r1, &r0, r2, 408); R1[2 * i] = r0; r1 = uint32_mod_uint14(r1, 408); /* needed only for invalid inputs */ - R1[2 * i + 1] = r1; + R1[2 * i + 1] = (uint16) r1; } - R0[856] = R1[428] - 2583; + R0[856] = (int16) (R1[428] - 2583); for (i = 427; i >= 0; --i) { r2 = R1[i]; r2 = (r2 << 8) | *--s; r2 = (r2 << 8) | *--s; uint32_divmod_uint14(&r1, &r0, r2, 5167); - R0[2 * i] = r0 - 2583; + R0[2 * i] = (int16) (r0 - 2583); r1 = uint32_mod_uint14(r1, 5167); /* needed only for invalid inputs */ - R0[2 * i + 1] = r1 - 2583; + R0[2 * i + 1] = (int16) (r1 - 2583); } } diff --git a/crypto_kem/sntrup857/clean/crypto_decode_857xint16.c b/crypto_kem/sntrup857/clean/crypto_decode_857xint16.c index 7841b093..ceb224bc 100644 --- a/crypto_kem/sntrup857/clean/crypto_decode_857xint16.c +++ b/crypto_kem/sntrup857/clean/crypto_decode_857xint16.c @@ -8,8 +8,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_decode_857xint16(void *v, const unsigned cha for (i = 0; i < 857; ++i) { uint16_t u0 = s[0]; uint16_t u1 = s[1]; - u1 <<= 8; - *x = u0 | u1; + *x = (uint16_t) (u0 | (u1 << 8)); x += 1; s += 2; } diff --git a/crypto_kem/sntrup857/clean/crypto_encode_857x1723.c b/crypto_kem/sntrup857/clean/crypto_encode_857x1723.c index 7a33a9a6..9fc987d2 100644 --- a/crypto_kem/sntrup857/clean/crypto_encode_857x1723.c +++ b/crypto_kem/sntrup857/clean/crypto_encode_857x1723.c @@ -15,24 +15,24 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x1723(unsigned char *out, const vo uint32 r2; for (i = 0; i < 428; ++i) { - r0 = (((R0[2 * i] + 2583) & 16383) * 10923) >> 15; - r1 = (((R0[2 * i + 1] + 2583) & 16383) * 10923) >> 15; + r0 = (uint16) ((((R0[2 * i] + 2583) & 16383) * 10923) >> 15); + r1 = (uint16) ((((R0[2 * i + 1] + 2583) & 16383) * 10923) >> 15); r2 = r0 + r1 * (uint32)1723; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } - R[428] = (((R0[856] + 2583) & 16383) * 10923) >> 15; + R[428] = (uint16) ((((R0[856] + 2583) & 16383) * 10923) >> 15); for (i = 0; i < 214; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)11597; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[214] = R[428]; @@ -40,11 +40,11 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x1723(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2053; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[107] = R[214]; @@ -52,39 +52,39 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x1723(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)65; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[106]; r1 = R[107]; r2 = r0 + r1 * (uint32)65; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[53] = r2; + R[53] = (uint16) r2; for (i = 0; i < 26; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)4225; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[52]; r1 = R[53]; r2 = r0 + r1 * (uint32)4225; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[26] = r2; + R[26] = (uint16) r2; for (i = 0; i < 13; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)273; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[13] = R[26]; @@ -92,18 +92,18 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x1723(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)292; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)334; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[3] = R[6]; @@ -111,20 +111,20 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x1723(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)436; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)743; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup857/clean/crypto_encode_857x1723round.c b/crypto_kem/sntrup857/clean/crypto_encode_857x1723round.c index fd73c0f5..2b73e9c8 100644 --- a/crypto_kem/sntrup857/clean/crypto_encode_857x1723round.c +++ b/crypto_kem/sntrup857/clean/crypto_encode_857x1723round.c @@ -11,7 +11,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x1723round(unsigned char *out, con int i; for (i = 0; i < p; ++i) { - x[i] = 3 * ((10923 * a[i] + 16384) >> 15); + x[i] = (int16) (3 * ((10923 * a[i] + 16384) >> 15)); } PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x1723(out, x); } diff --git a/crypto_kem/sntrup857/clean/crypto_encode_857x3.c b/crypto_kem/sntrup857/clean/crypto_encode_857x3.c index de61c551..2db8d7ea 100644 --- a/crypto_kem/sntrup857/clean/crypto_encode_857x3.c +++ b/crypto_kem/sntrup857/clean/crypto_encode_857x3.c @@ -11,9 +11,9 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x3(unsigned char *s, const void *v for (i = 0; i < p / 4; ++i) { x = *f++ + 1; - x += (*f++ + 1) << 2; - x += (*f++ + 1) << 4; - x += (*f++ + 1) << 6; + x += (uint8) ((*f++ + 1) << 2); + x += (uint8) ((*f++ + 1) << 4); + x += (uint8) ((*f++ + 1) << 6); *s++ = x; } x = *f++ + 1; diff --git a/crypto_kem/sntrup857/clean/crypto_encode_857x5167.c b/crypto_kem/sntrup857/clean/crypto_encode_857x5167.c index 064d5249..43318fb3 100644 --- a/crypto_kem/sntrup857/clean/crypto_encode_857x5167.c +++ b/crypto_kem/sntrup857/clean/crypto_encode_857x5167.c @@ -18,11 +18,11 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x5167(unsigned char *out, const vo r0 = (R0[2 * i] + 2583) & 16383; r1 = (R0[2 * i + 1] + 2583) & 16383; r2 = r0 + r1 * (uint32)5167; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[428] = (R0[856] + 2583) & 16383; @@ -30,9 +30,9 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x5167(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)408; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[214] = R[428]; @@ -40,9 +40,9 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x5167(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)651; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[107] = R[214]; @@ -50,43 +50,43 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x5167(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1656; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[106]; r1 = R[107]; r2 = r0 + r1 * (uint32)1656; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[53] = r2; + R[53] = (uint16) r2; for (i = 0; i < 26; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)10713; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } r0 = R[52]; r1 = R[53]; r2 = r0 + r1 * (uint32)10713; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[26] = r2; + R[26] = (uint16) r2; for (i = 0; i < 13; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)1752; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[13] = R[26]; @@ -94,45 +94,45 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857x5167(unsigned char *out, const vo r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)11991; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } for (i = 0; i < 3; ++i) { r0 = R[2 * i]; r1 = R[2 * i + 1]; r2 = r0 + r1 * (uint32)2194; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[i] = r2; + R[i] = (uint16) r2; } R[3] = R[6]; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)74; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[2]; r1 = R[3]; r2 = r0 + r1 * (uint32)74; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[1] = r2; + R[1] = (uint16) r2; r0 = R[0]; r1 = R[1]; r2 = r0 + r1 * (uint32)5476; - *out++ = r2; + *out++ = (unsigned char) r2; r2 >>= 8; - R[0] = r2; + R[0] = (uint16) r2; r0 = R[0]; - *out++ = r0; + *out++ = (unsigned char) r0; r0 >>= 8; - *out++ = r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ + *out++ = (unsigned char) r0; /*clang-analyzer-deadcode.DeadStores*/ /*r0 >>= 8;*/ } diff --git a/crypto_kem/sntrup857/clean/crypto_encode_857xfreeze3.c b/crypto_kem/sntrup857/clean/crypto_encode_857xfreeze3.c index 99fc3bc5..901b9c94 100644 --- a/crypto_kem/sntrup857/clean/crypto_encode_857xfreeze3.c +++ b/crypto_kem/sntrup857/clean/crypto_encode_857xfreeze3.c @@ -12,7 +12,7 @@ /* and F3_freeze(x) is in {-2,-1,0,1,2} */ static inline unsigned char F3_freeze(int16 x) { - return x - 3 * ((10923 * x + 16384) >> 15); + return (unsigned char) (x - 3 * ((10923 * x + 16384) >> 15)); } void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857xfreeze3(unsigned char *s, const void *v) { diff --git a/crypto_kem/sntrup857/clean/crypto_encode_857xint16.c b/crypto_kem/sntrup857/clean/crypto_encode_857xint16.c index d496ac17..a89e9f16 100644 --- a/crypto_kem/sntrup857/clean/crypto_encode_857xint16.c +++ b/crypto_kem/sntrup857/clean/crypto_encode_857xint16.c @@ -7,7 +7,7 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_857xint16(unsigned char *s, const voi for (i = 0; i < 857; ++i) { uint16_t u = *x++; - *s++ = u; - *s++ = u >> 8; + *s++ = (unsigned char) u; + *s++ = (unsigned char) (u >> 8); } } diff --git a/crypto_kem/sntrup857/clean/crypto_encode_int16.c b/crypto_kem/sntrup857/clean/crypto_encode_int16.c index 30756273..7746afc5 100644 --- a/crypto_kem/sntrup857/clean/crypto_encode_int16.c +++ b/crypto_kem/sntrup857/clean/crypto_encode_int16.c @@ -4,6 +4,6 @@ void PQCLEAN_SNTRUP857_CLEAN_crypto_encode_int16(unsigned char *s, const void *x) { uint16 u = *(const uint16 *) x; - s[0] = u; - s[1] = u >> 8; + s[0] = (unsigned char) u; + s[1] = (unsigned char) (u >> 8); } diff --git a/crypto_kem/sntrup857/clean/kem.c b/crypto_kem/sntrup857/clean/kem.c index a555e254..057a17c6 100644 --- a/crypto_kem/sntrup857/clean/kem.c +++ b/crypto_kem/sntrup857/clean/kem.c @@ -65,7 +65,7 @@ static void Rq_recip3(Fq *out, const small *in) { static void Hash(unsigned char *out, const unsigned char *in, int inlen) { unsigned char h[64]; int i; - sha512(h, in, inlen); + sha512(h, in, (size_t) inlen); for (i = 0; i < 32; ++i) { out[i] = h[i]; } @@ -103,7 +103,7 @@ static void Short_random(small *out) { } PQCLEAN_SNTRUP857_CLEAN_crypto_sort_uint32(L, ppadsort); for (i = 0; i < p; ++i) { - out[i] = (L[i] & 3) - 1; + out[i] = (small) ((L[i] & 3) - 1); } } @@ -115,7 +115,7 @@ static void Small_random(small *out) { L[i] = urandom32(); } for (i = 0; i < p; ++i) { - out[i] = (((L[i] & 0x3fffffff) * 3) >> 30) - 1; + out[i] = (small) ((((L[i] & 0x3fffffff) * 3) >> 30) - 1); } } @@ -248,13 +248,13 @@ int PQCLEAN_SNTRUP857_CLEAN_crypto_kem_dec(unsigned char *k, const unsigned char Hide(x, cnew, r_enc, r, pk, cache); mask = crypto_verify_clen(c, cnew); for (i = 0; i < Small_bytes; ++i) { - r_enc[i + 1] ^= mask & (r_enc[i + 1] ^ rho[i]); + r_enc[i + 1] ^= (unsigned char) (mask & (r_enc[i + 1] ^ rho[i])); } Hash(x + 1, r_enc, 1 + Small_bytes); /* XXX: can instead do cmov on cached hash of rho */ for (i = 0; i < Ciphertexts_bytes + Confirm_bytes; ++i) { x[1 + Hash_bytes + i] = c[i]; } - x[0] = 1 + mask; + x[0] = (unsigned char) (1 + mask); Hash(k, x, sizeof x); } return 0;