diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2020-06-03 22:59:03 +0300 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2020-06-08 20:51:14 +0300 |
commit | 6cdd7268fe19b066ddb373e2f3c0b7ebf9b938dd (patch) | |
tree | b784ba1a8dde0d17d3fa8182ccacb3c9631c3668 /cipher/rijndael.c | |
parent | 3060aadec396802af13f08c4b2dd1b28f2a68c5d (diff) | |
download | libgcrypt-6cdd7268fe19b066ddb373e2f3c0b7ebf9b938dd.tar.gz |
rijndael: fix UBSAN warning on left shift by 24 places with type 'int'
* cipher/rijndael.c (do_encrypt_fn, do_decrypt_fn): Cast final
sbox/inv_sbox look-ups to 'u32' type.
--
Fixes following type of UBSAN errors seen from generic C-implementation
of rijndael:
runtime error: left shift of <xx> by 24 places cannot be represented\
in type 'int'
where <xx> is greater than 127.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'cipher/rijndael.c')
-rw-r--r-- | cipher/rijndael.c | 64 |
1 files changed, 32 insertions, 32 deletions
diff --git a/cipher/rijndael.c b/cipher/rijndael.c index a1c4cfc1..3e9bae55 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -886,28 +886,28 @@ do_encrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, /* Last round is special. */ - sb[0] = (sbox[(byte)(sa[0] >> (0 * 8)) * 4]) << (0 * 8); - sb[3] = (sbox[(byte)(sa[0] >> (1 * 8)) * 4]) << (1 * 8); - sb[2] = (sbox[(byte)(sa[0] >> (2 * 8)) * 4]) << (2 * 8); - sb[1] = (sbox[(byte)(sa[0] >> (3 * 8)) * 4]) << (3 * 8); + sb[0] = ((u32)sbox[(byte)(sa[0] >> (0 * 8)) * 4]) << (0 * 8); + sb[3] = ((u32)sbox[(byte)(sa[0] >> (1 * 8)) * 4]) << (1 * 8); + sb[2] = ((u32)sbox[(byte)(sa[0] >> (2 * 8)) * 4]) << (2 * 8); + sb[1] = ((u32)sbox[(byte)(sa[0] >> (3 * 8)) * 4]) << (3 * 8); sa[0] = rk[r][0] ^ sb[0]; - sb[1] ^= (sbox[(byte)(sa[1] >> (0 * 8)) * 4]) << (0 * 8); - sa[0] ^= (sbox[(byte)(sa[1] >> (1 * 8)) * 4]) << (1 * 8); - sb[3] ^= (sbox[(byte)(sa[1] >> (2 * 8)) * 4]) << (2 * 8); - sb[2] ^= (sbox[(byte)(sa[1] >> (3 * 8)) * 4]) << (3 * 8); + sb[1] ^= ((u32)sbox[(byte)(sa[1] >> (0 * 8)) * 4]) << (0 * 8); + sa[0] ^= ((u32)sbox[(byte)(sa[1] >> (1 * 8)) * 4]) << (1 * 8); + sb[3] ^= ((u32)sbox[(byte)(sa[1] >> (2 * 8)) * 4]) << (2 * 8); + sb[2] ^= ((u32)sbox[(byte)(sa[1] >> (3 * 8)) * 4]) << (3 * 8); sa[1] = rk[r][1] ^ sb[1]; - sb[2] ^= (sbox[(byte)(sa[2] >> (0 * 8)) * 4]) << (0 * 8); - sa[1] ^= (sbox[(byte)(sa[2] >> (1 * 8)) * 4]) << (1 * 8); - sa[0] ^= (sbox[(byte)(sa[2] >> (2 * 8)) * 4]) << (2 * 8); - sb[3] ^= (sbox[(byte)(sa[2] >> (3 * 8)) * 4]) << (3 * 8); + sb[2] ^= ((u32)sbox[(byte)(sa[2] >> (0 * 8)) * 4]) << (0 * 8); + sa[1] ^= ((u32)sbox[(byte)(sa[2] >> (1 * 8)) * 4]) << (1 * 8); + sa[0] ^= ((u32)sbox[(byte)(sa[2] >> (2 * 8)) * 4]) << (2 * 8); + sb[3] ^= ((u32)sbox[(byte)(sa[2] >> (3 * 8)) * 4]) << (3 * 8); sa[2] = rk[r][2] ^ sb[2]; - sb[3] ^= (sbox[(byte)(sa[3] >> (0 * 8)) * 4]) << (0 * 8); - sa[2] ^= (sbox[(byte)(sa[3] >> (1 * 8)) * 4]) << (1 * 8); - sa[1] ^= (sbox[(byte)(sa[3] >> (2 * 8)) * 4]) << (2 * 8); - sa[0] ^= (sbox[(byte)(sa[3] >> (3 * 8)) * 4]) << (3 * 8); + sb[3] ^= ((u32)sbox[(byte)(sa[3] >> (0 * 8)) * 4]) << (0 * 8); + sa[2] ^= ((u32)sbox[(byte)(sa[3] >> (1 * 8)) * 4]) << (1 * 8); + sa[1] ^= ((u32)sbox[(byte)(sa[3] >> (2 * 8)) * 4]) << (2 * 8); + sa[0] ^= ((u32)sbox[(byte)(sa[3] >> (3 * 8)) * 4]) << (3 * 8); sa[3] = rk[r][3] ^ sb[3]; buf_put_le32(b + 0, sa[0]); @@ -1286,28 +1286,28 @@ do_decrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, sa[3] = rk[1][3] ^ sb[3]; /* Last round is special. */ - sb[0] = inv_sbox[(byte)(sa[0] >> (0 * 8))] << (0 * 8); - sb[1] = inv_sbox[(byte)(sa[0] >> (1 * 8))] << (1 * 8); - sb[2] = inv_sbox[(byte)(sa[0] >> (2 * 8))] << (2 * 8); - sb[3] = inv_sbox[(byte)(sa[0] >> (3 * 8))] << (3 * 8); + sb[0] = (u32)inv_sbox[(byte)(sa[0] >> (0 * 8))] << (0 * 8); + sb[1] = (u32)inv_sbox[(byte)(sa[0] >> (1 * 8))] << (1 * 8); + sb[2] = (u32)inv_sbox[(byte)(sa[0] >> (2 * 8))] << (2 * 8); + sb[3] = (u32)inv_sbox[(byte)(sa[0] >> (3 * 8))] << (3 * 8); sa[0] = sb[0] ^ rk[0][0]; - sb[1] ^= inv_sbox[(byte)(sa[1] >> (0 * 8))] << (0 * 8); - sb[2] ^= inv_sbox[(byte)(sa[1] >> (1 * 8))] << (1 * 8); - sb[3] ^= inv_sbox[(byte)(sa[1] >> (2 * 8))] << (2 * 8); - sa[0] ^= inv_sbox[(byte)(sa[1] >> (3 * 8))] << (3 * 8); + sb[1] ^= (u32)inv_sbox[(byte)(sa[1] >> (0 * 8))] << (0 * 8); + sb[2] ^= (u32)inv_sbox[(byte)(sa[1] >> (1 * 8))] << (1 * 8); + sb[3] ^= (u32)inv_sbox[(byte)(sa[1] >> (2 * 8))] << (2 * 8); + sa[0] ^= (u32)inv_sbox[(byte)(sa[1] >> (3 * 8))] << (3 * 8); sa[1] = sb[1] ^ rk[0][1]; - sb[2] ^= inv_sbox[(byte)(sa[2] >> (0 * 8))] << (0 * 8); - sb[3] ^= inv_sbox[(byte)(sa[2] >> (1 * 8))] << (1 * 8); - sa[0] ^= inv_sbox[(byte)(sa[2] >> (2 * 8))] << (2 * 8); - sa[1] ^= inv_sbox[(byte)(sa[2] >> (3 * 8))] << (3 * 8); + sb[2] ^= (u32)inv_sbox[(byte)(sa[2] >> (0 * 8))] << (0 * 8); + sb[3] ^= (u32)inv_sbox[(byte)(sa[2] >> (1 * 8))] << (1 * 8); + sa[0] ^= (u32)inv_sbox[(byte)(sa[2] >> (2 * 8))] << (2 * 8); + sa[1] ^= (u32)inv_sbox[(byte)(sa[2] >> (3 * 8))] << (3 * 8); sa[2] = sb[2] ^ rk[0][2]; - sb[3] ^= inv_sbox[(byte)(sa[3] >> (0 * 8))] << (0 * 8); - sa[0] ^= inv_sbox[(byte)(sa[3] >> (1 * 8))] << (1 * 8); - sa[1] ^= inv_sbox[(byte)(sa[3] >> (2 * 8))] << (2 * 8); - sa[2] ^= inv_sbox[(byte)(sa[3] >> (3 * 8))] << (3 * 8); + sb[3] ^= (u32)inv_sbox[(byte)(sa[3] >> (0 * 8))] << (0 * 8); + sa[0] ^= (u32)inv_sbox[(byte)(sa[3] >> (1 * 8))] << (1 * 8); + sa[1] ^= (u32)inv_sbox[(byte)(sa[3] >> (2 * 8))] << (2 * 8); + sa[2] ^= (u32)inv_sbox[(byte)(sa[3] >> (3 * 8))] << (3 * 8); sa[3] = sb[3] ^ rk[0][3]; buf_put_le32(b + 0, sa[0]); |