Fix possible sign extension problem with newer compilers.

* cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24. * cipher/blowfish.c (do_encrypt_block): Ditto. (do_decrypt_block): Ditto. * cipher/camellia.c (CAMELLIA_RR8): Ditto. * cipher/cast5.c (do_encrypt_block): Ditto. (do_decrypt_block): Ditto. (do_cast_setkey): Ditto. * cipher/twofish.c (INPACK): Ditto. * util/iobuf.c (block_filter): Ditto. -- For cipher/des.c Reported-by: Balint Reczey <balint@balintreczey.hu> See commit 57af33d9e7 for details. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-01 18:06:14 +01:00 · 2016-02-01 18:06:14 +01:00 · 22caa5c2d4
parent aa4a3aa3e7
commit 22caa5c2d4
6 changed files with 42 additions and 42 deletions
--- a/cipher/blowfish.c
+++ b/cipher/blowfish.c
@ -278,7 +278,7 @@ static void
 burn_stack (int bytes)
 {
    char buf[64];
-    
+
    wipememory(buf,sizeof buf);
    bytes -= sizeof buf;
    if (bytes > 0)
@ -424,8 +424,8 @@ do_encrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
 {
    u32 d1, d2;

-    d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
-    d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+    d1 = (u32)inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+    d2 = (u32)inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
    do_encrypt( bc, &d1, &d2 );
    outbuf[0] = (d1 >> 24) & 0xff;
    outbuf[1] = (d1 >> 16) & 0xff;
@ -449,8 +449,8 @@ do_decrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
 {
    u32 d1, d2;

-    d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
-    d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+    d1 = (u32)inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+    d2 = (u32)inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
    decrypt( bc, &d1, &d2 );
    outbuf[0] = (d1 >> 24) & 0xff;
    outbuf[1] = (d1 >> 16) & 0xff;
--- a/cipher/camellia.c
+++ b/cipher/camellia.c
@ -18,7 +18,7 @@
 */

 /*
- * Algorithm Specification 
+ * Algorithm Specification
 *  http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
 */

@ -77,7 +77,7 @@ typedef unsigned char u8;
 #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])

 /* rotation right shift 1byte */
-#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+#define CAMELLIA_RR8(x) (((x) >> 8) + ((u32)(x) << 24))
 /* rotation left shift 1bit */
 #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
 /* rotation left shift 1byte */
@ -936,7 +936,7 @@ void camellia_setup256(const unsigned char *key, u32 *subkey)
    CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
    dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
    CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
-    
+
    return;
 }

@ -1048,14 +1048,14 @@ void camellia_encrypt128(const u32 *subkey, u32 *io)
    io[1] = io[3];
    io[2] = t0;
    io[3] = t1;
-	
+
    return;
 }

 void camellia_decrypt128(const u32 *subkey, u32 *io)
 {
    u32 il,ir,t0,t1;               /* temporary valiables */
-    
+
    /* pre whitening but absorb kw2*/
    io[0] ^= CamelliaSubkeyL(24);
    io[1] ^= CamelliaSubkeyR(24);
@ -1266,7 +1266,7 @@ void camellia_decrypt256(const u32 *subkey, u32 *io)
    /* pre whitening but absorb kw2*/
    io[0] ^= CamelliaSubkeyL(32);
    io[1] ^= CamelliaSubkeyR(32);
-	
+
    /* main iteration */
    CAMELLIA_ROUNDSM(io[0],io[1],
 		     CamelliaSubkeyL(31),CamelliaSubkeyR(31),
@ -1378,8 +1378,8 @@ void camellia_decrypt256(const u32 *subkey, u32 *io)
 * API for compatibility
 */

-void Camellia_Ekeygen(const int keyBitLength, 
-		      const unsigned char *rawKey, 
+void Camellia_Ekeygen(const int keyBitLength,
+		      const unsigned char *rawKey,
 		      KEY_TABLE_TYPE keyTable)
 {
    switch(keyBitLength) {
@ -1398,9 +1398,9 @@ void Camellia_Ekeygen(const int keyBitLength,
 }


-void Camellia_EncryptBlock(const int keyBitLength, 
-			   const unsigned char *plaintext, 
-			   const KEY_TABLE_TYPE keyTable, 
+void Camellia_EncryptBlock(const int keyBitLength,
+			   const unsigned char *plaintext,
+			   const KEY_TABLE_TYPE keyTable,
 			   unsigned char *ciphertext)
 {
    u32 tmp[4];
@ -1429,9 +1429,9 @@ void Camellia_EncryptBlock(const int keyBitLength,
    PUTU32(ciphertext + 12, tmp[3]);
 }

-void Camellia_DecryptBlock(const int keyBitLength, 
-			   const unsigned char *ciphertext, 
-			   const KEY_TABLE_TYPE keyTable, 
+void Camellia_DecryptBlock(const int keyBitLength,
+			   const unsigned char *ciphertext,
+			   const KEY_TABLE_TYPE keyTable,
 			   unsigned char *plaintext)
 {
    u32 tmp[4];
--- a/cipher/cast5.c
+++ b/cipher/cast5.c
@ -353,7 +353,7 @@ static void
 burn_stack (int bytes)
 {
    char buf[64];
-    
+
    wipememory(buf,sizeof buf);
    bytes -= sizeof buf;
    if (bytes > 0)
@ -375,8 +375,8 @@ do_encrypt_block( CAST5_context *c, byte *outbuf, const byte *inbuf )
    /* (L0,R0) <-- (m1...m64).	(Split the plaintext into left and
     * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.)
     */
-    l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
-    r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+    l = (u32)inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+    r = (u32)inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];

    /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
     *	Li = Ri-1;
@ -433,8 +433,8 @@ do_decrypt_block (CAST5_context *c, byte *outbuf, const byte *inbuf )
    Km = c->Km;
    Kr = c->Kr;

-    l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
-    r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+    l = (u32)inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+    r = (u32)inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];

    t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
    t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
@ -588,10 +588,10 @@ do_cast_setkey( CAST5_context *c, const byte *key, unsigned keylen )
    if( keylen != 16 )
 	return G10ERR_WRONG_KEYLEN;

-    x[0] = key[0]  << 24 | key[1]  << 16 | key[2]  << 8 | key[3];
-    x[1] = key[4]  << 24 | key[5]  << 16 | key[6]  << 8 | key[7];
-    x[2] = key[8]  << 24 | key[9]  << 16 | key[10] << 8 | key[11];
-    x[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15];
+    x[0] = (u32)key[0]  << 24 | key[1]  << 16 | key[2]  << 8 | key[3];
+    x[1] = (u32)key[4]  << 24 | key[5]  << 16 | key[6]  << 8 | key[7];
+    x[2] = (u32)key[8]  << 24 | key[9]  << 16 | key[10] << 8 | key[11];
+    x[3] = (u32)key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15];

    key_schedule( x, z, k );
    for(i=0; i < 16; i++ )
--- a/cipher/des.c
+++ b/cipher/des.c
@ -429,15 +429,15 @@ static byte weak_keys[64][8] =
 /*
 * Macros to convert 8 bytes from/to 32bit words.
 */
-#define READ_64BIT_DATA(data, left, right)					\
-    left  = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];	\
-    right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
+#define READ_64BIT_DATA(data, left, right)				     \
+  left  = ((u32)data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
+  right = ((u32)data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];

-#define WRITE_64BIT_DATA(data, left, right)					\
-    data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; 		\
-    data[2] = (left >> 8) &0xff; data[3] = left &0xff;				\
-    data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff;		\
-    data[6] = (right >> 8) &0xff; data[7] = right &0xff;
+#define WRITE_64BIT_DATA(data, left, right)				\
+  data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; 		\
+  data[2] = (left >> 8) &0xff; data[3] = left &0xff;			\
+  data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff;		\
+  data[6] = (right >> 8) &0xff; data[7] = right &0xff;

 /*
 * Handy macros for encryption and decryption of data
@ -452,7 +452,7 @@ static void
 burn_stack (int bytes)
 {
    char buf[64];
-    
+
    wipememory(buf,sizeof buf);
    bytes -= sizeof buf;
    if (bytes > 0)
@ -960,7 +960,7 @@ do_tripledes_setkey ( void *ctx, const byte *key, unsigned keylen )
        burn_stack (64);
 	return G10ERR_WEAK_KEY;
    }
-    burn_stack (64); 
+    burn_stack (64);

    return 0;
 }
--- a/cipher/twofish.c
+++ b/cipher/twofish.c
@ -549,7 +549,7 @@ static void
 burn_stack (int bytes)
 {
    char buf[64];
-    
+
    wipememory(buf,sizeof buf);
    bytes -= sizeof buf;
    if (bytes > 0)
@ -702,7 +702,7 @@ twofish_setkey (void *ctx, const byte *key, unsigned int keylen)
    burn_stack (23+6*sizeof(void*));
    return rc;
 }
-        
+


 /* Macros to compute the g() function in the encryption and decryption
@ -756,7 +756,7 @@ twofish_setkey (void *ctx, const byte *key, unsigned int keylen)

 #define INPACK(n, x, m) \
   x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \
-     ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m]
+     ^ (in[4 * (n) + 2] << 16) ^ ((u32)in[4 * (n) + 3] << 24) ^ ctx->w[m]

 #define OUTUNPACK(n, x, m) \
   x ^= ctx->w[m]; \
--- a/util/iobuf.c
+++ b/util/iobuf.c
@ -738,7 +738,7 @@ block_filter(void *opaque, int control, IOBUF chain, byte *buf, size_t *ret_len)
 			}
 		    }
 		    else if( c == 255 ) {
-			a->size  = iobuf_get(chain) << 24;
+                        a->size  = (size_t)iobuf_get(chain) << 24;
 			a->size |= iobuf_get(chain) << 16;
 			a->size |= iobuf_get(chain) << 8;
 			if( (c = iobuf_get(chain)) == -1 ) {