poly1305/poly1305_base2_44.c: clarify shift boundary condition.

author Andy Polyakov <appro@openssl.org>

Sun, 25 Dec 2016 15:36:43 +0000 (16:36 +0100)

committer Andy Polyakov <appro@openssl.org>

Sat, 21 Jan 2017 21:33:38 +0000 (22:33 +0100)
author Andy Polyakov <appro@openssl.org>
Sun, 25 Dec 2016 15:36:43 +0000 (16:36 +0100)
committer Andy Polyakov <appro@openssl.org>
Sat, 21 Jan 2017 21:33:38 +0000 (22:33 +0100)
diff --git a/crypto/poly1305/poly1305_base2_44.c b/crypto/poly1305/poly1305_base2_44.c

index 20365852ffcd749436bd8ee65054ced5bc7888c1..b6313d01ba4e11ba79b4897a32082c6d6e2c594c 100644 (file)
--- a/crypto/poly1305/poly1305_base2_44.c
+++ b/crypto/poly1305/poly1305_base2_44.c
@@ -117,8 +117,8 @@ void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
  
          /* "lazy" reduction step */
          h0 = (u64)d0 & 0x0fffffffffff;
-        h1 = (u64)(d1 += d0 >> 44) & 0x0fffffffffff;
-        h2 = (u64)(d2 += d1 >> 44) & 0x03ffffffffff; /* last digit is 42 bits */
+        h1 = (u64)(d1 += (u64)(d0 >> 44)) & 0x0fffffffffff;
+        h2 = (u64)(d2 += (u64)(d1 >> 44)) & 0x03ffffffffff; /* last 42 bits */
  
          c = (d2 >> 42);
          h0 += c + (c << 2);
author	Andy Polyakov <appro@openssl.org>
	Sun, 25 Dec 2016 15:36:43 +0000 (16:36 +0100)
committer	Andy Polyakov <appro@openssl.org>
	Sat, 21 Jan 2017 21:33:38 +0000 (22:33 +0100)