From f553bb4bf22a6a8e4fa5f69cfbf91ce95327b790 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 12 Nov 2013 09:47:36 -0800 Subject: [PATCH] aes256-ctr: do not left shift more than 16 bits on a signed int. Spotted by John Regehr and clang -fsigned-integer-overflow --- .../crypto_stream/aes256estream/hongjun/aes256-ctr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/libsodium/crypto_stream/aes256estream/hongjun/aes256-ctr.c b/src/libsodium/crypto_stream/aes256estream/hongjun/aes256-ctr.c index 1eca36f7..8a26c222 100644 --- a/src/libsodium/crypto_stream/aes256estream/hongjun/aes256-ctr.c +++ b/src/libsodium/crypto_stream/aes256estream/hongjun/aes256-ctr.c @@ -27,7 +27,7 @@ ECRYPT_keysetup(ECRYPT_ctx* ctx, const u8* key, u32 keysize, u32 ivsize) w[i] = key[(i << 2)]; w[i] |= key[(i << 2)+1] << 8; w[i] |= key[(i << 2)+2] << 16; - w[i] |= key[(i << 2)+3] << 24; + w[i] |= (unsigned int) key[(i << 2)+3] << 24; } i = Nk; @@ -35,7 +35,7 @@ ECRYPT_keysetup(ECRYPT_ctx* ctx, const u8* key, u32 keysize, u32 ivsize) while( i < Nb*(Nr+1) ) { temp = w[i-1]; - temp = Sbox[ temp & 0xFF] << 24 ^ + temp = (unsigned int) Sbox[temp & 0xFF] << 24 ^ Sbox[(temp >> 8) & 0xFF] ^ (Sbox[(temp >> 16) & 0xFF] << 8 ) ^ (Sbox[(temp >> 24) & 0xFF] << 16) ^ @@ -56,10 +56,10 @@ ECRYPT_keysetup(ECRYPT_ctx* ctx, const u8* key, u32 keysize, u32 ivsize) i++; temp = w[i-1]; - temp = Sbox[ temp & 0xFF] ^ + temp = Sbox[temp & 0xFF] ^ Sbox[(temp >> 8) & 0xFF] << 8 ^ - (Sbox[(temp >> 16) & 0xFF] << 16 ) ^ - (Sbox[(temp >> 24) & 0xFF] << 24); + (Sbox[(temp >> 16) & 0xFF] << 16) ^ + ((unsigned int) Sbox[(temp >> 24) & 0xFF] << 24); w[i] = w[i-Nk] ^ temp; i++;