fix UB in cifra, adding halt_on_error to UBSAN_OPTIONS

.github/workflows/ci.yml

@@ -18,7 +18,7 @@ jobs:
           - name: "Linux / OpenSSL 1.1.1"
             command: make -f misc/docker-ci.mk
           - name: "Linux / OpenSSL 1.1.1 + ASan & UBSan"
-            command: make -f misc/docker-ci.mk CMAKE_ARGS='"-DCMAKE_C_COMPILER=clang;-fsanitize=address,undefined" "-DCMAKE_CXX_COMPILER=clang++;-fsanitize=address,undefined"' CHECK_ENVS="ASAN_OPTIONS=detect_leaks=0 UBSAN_OPTIONS=print_stacktrace=1"
+            command: make -f misc/docker-ci.mk CMAKE_ARGS='"-DCMAKE_C_COMPILER=clang;-fsanitize=address,undefined" "-DCMAKE_CXX_COMPILER=clang++;-fsanitize=address,undefined"' CHECK_ENVS="ASAN_OPTIONS=detect_leaks=0 UBSAN_OPTIONS=print_stacktrace=1:halt_on_error=1"
 
     timeout-minutes: 10
     steps:

deps/cifra/src/curve25519.tweetnacl.c

@@ -53,7 +53,7 @@ static void car25519(gf o)
     o[i] += (1LL << 16);
     c = o[i] >> 16;
     o[(i + 1) * (i < 15)] += c - 1 + 37 * (c - 1) * (i == 15);
-    o[i] -= c << 16;
+    o[i] -= (int64_t)((uint64_t)c << 16);
   }
 }
 
@@ -78,7 +78,7 @@ static void pack25519(uint8_t out[32], const gf n)
   car25519(t);
   car25519(t);
   car25519(t);
-  
+
   for(j = 0; j < 2; j++)
   {
     m[0] = t[0] - 0xffed;
@@ -157,7 +157,7 @@ static void inv25519(gf o, const gf i)
   int a;
   for (a = 0; a < 16; a++)
     c[a] = i[a];
-  
+
   for (a = 253; a >= 0; a--)
   {
     sqr(c, c);
@@ -182,7 +182,7 @@ void cf_curve25519_mul(uint8_t *q, const uint8_t *n, const uint8_t *p)
     z[i] = n[i];
   z[31] = (n[31] & 127) | 64;
   z[0] &= 248;
-  
+
   unpack25519(x, p);
 
   for(i = 0; i < 16; i++)