commit 085955c56744a9cc82f98ed850deca2165252d2c
author David Benjamin <davidben@google.com> Fri Feb 16 14:39:42 2018 -0500
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri Feb 16 20:02:56 2018 +0000
tree 783bf87ec643ce84e3936dfeb1c4c747f4fd10fa
parent f16cd4278fad69a569006de1136997b83db51898

Actually use the u64 cast.

The point was to remove the silly moduli.

Change-Id: I48c507c9dd1fc46e38e8991ed528b02b8da3dc1d
Reviewed-on: https://boringssl-review.googlesource.com/26044
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

crypto/fipsmodule/modes/ccm.c

diff --git a/crypto/fipsmodule/modes/ccm.c b/crypto/fipsmodule/modes/ccm.c
index dba9262..deff679 100644
--- a/crypto/fipsmodule/modes/ccm.c
+++ b/crypto/fipsmodule/modes/ccm.c
@@ -115,28 +115,28 @@
     // Cast to u64 to avoid the compiler complaining about invalid shifts.
     uint64_t aad_len_u64 = aad_len;
     if (aad_len_u64 < 0x10000 - 0x100) {
-      state->cmac.c[0] ^= (uint8_t)(aad_len >> 8);
-      state->cmac.c[1] ^= (uint8_t)aad_len;
+      state->cmac.c[0] ^= (uint8_t)(aad_len_u64 >> 8);
+      state->cmac.c[1] ^= (uint8_t)aad_len_u64;
       i = 2;
     } else if (aad_len_u64 <= 0xffffffff) {
       state->cmac.c[0] ^= 0xff;
       state->cmac.c[1] ^= 0xfe;
-      state->cmac.c[2] ^= (uint8_t)(aad_len >> 24);
-      state->cmac.c[3] ^= (uint8_t)(aad_len >> 16);
-      state->cmac.c[4] ^= (uint8_t)(aad_len >> 8);
-      state->cmac.c[5] ^= (uint8_t)aad_len;
+      state->cmac.c[2] ^= (uint8_t)(aad_len_u64 >> 24);
+      state->cmac.c[3] ^= (uint8_t)(aad_len_u64 >> 16);
+      state->cmac.c[4] ^= (uint8_t)(aad_len_u64 >> 8);
+      state->cmac.c[5] ^= (uint8_t)aad_len_u64;
       i = 6;
     } else {
       state->cmac.c[0] ^= 0xff;
       state->cmac.c[1] ^= 0xff;
-      state->cmac.c[2] ^= (uint8_t)(aad_len >> (56 % (sizeof(aad_len) * 8)));
-      state->cmac.c[3] ^= (uint8_t)(aad_len >> (48 % (sizeof(aad_len) * 8)));
-      state->cmac.c[4] ^= (uint8_t)(aad_len >> (40 % (sizeof(aad_len) * 8)));
-      state->cmac.c[5] ^= (uint8_t)(aad_len >> (32 % (sizeof(aad_len) * 8)));
-      state->cmac.c[6] ^= (uint8_t)(aad_len >> 24);
-      state->cmac.c[7] ^= (uint8_t)(aad_len >> 16);
-      state->cmac.c[8] ^= (uint8_t)(aad_len >> 8);
-      state->cmac.c[9] ^= (uint8_t)aad_len;
+      state->cmac.c[2] ^= (uint8_t)(aad_len_u64 >> 56);
+      state->cmac.c[3] ^= (uint8_t)(aad_len_u64 >> 48);
+      state->cmac.c[4] ^= (uint8_t)(aad_len_u64 >> 40);
+      state->cmac.c[5] ^= (uint8_t)(aad_len_u64 >> 32);
+      state->cmac.c[6] ^= (uint8_t)(aad_len_u64 >> 24);
+      state->cmac.c[7] ^= (uint8_t)(aad_len_u64 >> 16);
+      state->cmac.c[8] ^= (uint8_t)(aad_len_u64 >> 8);
+      state->cmac.c[9] ^= (uint8_t)aad_len_u64;
       i = 10;
     }