From 22caa5c2d4b65289a0857c36bcded36b34baf4d2 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 1 Feb 2016 18:06:14 +0100 Subject: [PATCH] Fix possible sign extension problem with newer compilers. * cipher/des.c (READ_64BIT_DATA): Cast to u32 before shifting by 24. * cipher/blowfish.c (do_encrypt_block): Ditto. (do_decrypt_block): Ditto. * cipher/camellia.c (CAMELLIA_RR8): Ditto. * cipher/cast5.c (do_encrypt_block): Ditto. (do_decrypt_block): Ditto. (do_cast_setkey): Ditto. * cipher/twofish.c (INPACK): Ditto. * util/iobuf.c (block_filter): Ditto. -- For cipher/des.c Reported-by: Balint Reczey See commit 57af33d9e7c9b20b413b96882e670e75a67a5e65 for details. Signed-off-by: Werner Koch --- cipher/blowfish.c | 10 +++++----- cipher/camellia.c | 28 ++++++++++++++-------------- cipher/cast5.c | 18 +++++++++--------- cipher/des.c | 20 ++++++++++---------- cipher/twofish.c | 6 +++--- util/iobuf.c | 2 +- 6 files changed, 42 insertions(+), 42 deletions(-) diff --git a/cipher/blowfish.c b/cipher/blowfish.c index 61cd2b743..e421099d2 100644 --- a/cipher/blowfish.c +++ b/cipher/blowfish.c @@ -278,7 +278,7 @@ static void burn_stack (int bytes) { char buf[64]; - + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) @@ -424,8 +424,8 @@ do_encrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf ) { u32 d1, d2; - d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3]; - d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7]; + d1 = (u32)inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3]; + d2 = (u32)inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7]; do_encrypt( bc, &d1, &d2 ); outbuf[0] = (d1 >> 24) & 0xff; outbuf[1] = (d1 >> 16) & 0xff; @@ -449,8 +449,8 @@ do_decrypt_block( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf ) { u32 d1, d2; - d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3]; - d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7]; + d1 = (u32)inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3]; + d2 = (u32)inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7]; decrypt( bc, &d1, &d2 ); outbuf[0] = (d1 >> 24) & 0xff; outbuf[1] = (d1 >> 16) & 0xff; diff --git a/cipher/camellia.c b/cipher/camellia.c index 1a204e13b..a03266ea7 100644 --- a/cipher/camellia.c +++ b/cipher/camellia.c @@ -18,7 +18,7 @@ */ /* - * Algorithm Specification + * Algorithm Specification * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html */ @@ -77,7 +77,7 @@ typedef unsigned char u8; #define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1]) /* rotation right shift 1byte */ -#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24)) +#define CAMELLIA_RR8(x) (((x) >> 8) + ((u32)(x) << 24)) /* rotation left shift 1bit */ #define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31)) /* rotation left shift 1byte */ @@ -936,7 +936,7 @@ void camellia_setup256(const unsigned char *key, u32 *subkey) CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw; dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw); CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw; - + return; } @@ -1048,14 +1048,14 @@ void camellia_encrypt128(const u32 *subkey, u32 *io) io[1] = io[3]; io[2] = t0; io[3] = t1; - + return; } void camellia_decrypt128(const u32 *subkey, u32 *io) { u32 il,ir,t0,t1; /* temporary valiables */ - + /* pre whitening but absorb kw2*/ io[0] ^= CamelliaSubkeyL(24); io[1] ^= CamelliaSubkeyR(24); @@ -1266,7 +1266,7 @@ void camellia_decrypt256(const u32 *subkey, u32 *io) /* pre whitening but absorb kw2*/ io[0] ^= CamelliaSubkeyL(32); io[1] ^= CamelliaSubkeyR(32); - + /* main iteration */ CAMELLIA_ROUNDSM(io[0],io[1], CamelliaSubkeyL(31),CamelliaSubkeyR(31), @@ -1378,8 +1378,8 @@ void camellia_decrypt256(const u32 *subkey, u32 *io) * API for compatibility */ -void Camellia_Ekeygen(const int keyBitLength, - const unsigned char *rawKey, +void Camellia_Ekeygen(const int keyBitLength, + const unsigned char *rawKey, KEY_TABLE_TYPE keyTable) { switch(keyBitLength) { @@ -1398,9 +1398,9 @@ void Camellia_Ekeygen(const int keyBitLength, } -void Camellia_EncryptBlock(const int keyBitLength, - const unsigned char *plaintext, - const KEY_TABLE_TYPE keyTable, +void Camellia_EncryptBlock(const int keyBitLength, + const unsigned char *plaintext, + const KEY_TABLE_TYPE keyTable, unsigned char *ciphertext) { u32 tmp[4]; @@ -1429,9 +1429,9 @@ void Camellia_EncryptBlock(const int keyBitLength, PUTU32(ciphertext + 12, tmp[3]); } -void Camellia_DecryptBlock(const int keyBitLength, - const unsigned char *ciphertext, - const KEY_TABLE_TYPE keyTable, +void Camellia_DecryptBlock(const int keyBitLength, + const unsigned char *ciphertext, + const KEY_TABLE_TYPE keyTable, unsigned char *plaintext) { u32 tmp[4]; diff --git a/cipher/cast5.c b/cipher/cast5.c index ed8c738d1..8d46f1aff 100644 --- a/cipher/cast5.c +++ b/cipher/cast5.c @@ -353,7 +353,7 @@ static void burn_stack (int bytes) { char buf[64]; - + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) @@ -375,8 +375,8 @@ do_encrypt_block( CAST5_context *c, byte *outbuf, const byte *inbuf ) /* (L0,R0) <-- (m1...m64). (Split the plaintext into left and * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.) */ - l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3]; - r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7]; + l = (u32)inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3]; + r = (u32)inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7]; /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows: * Li = Ri-1; @@ -433,8 +433,8 @@ do_decrypt_block (CAST5_context *c, byte *outbuf, const byte *inbuf ) Km = c->Km; Kr = c->Kr; - l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3]; - r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7]; + l = (u32)inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3]; + r = (u32)inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7]; t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]); t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]); @@ -588,10 +588,10 @@ do_cast_setkey( CAST5_context *c, const byte *key, unsigned keylen ) if( keylen != 16 ) return G10ERR_WRONG_KEYLEN; - x[0] = key[0] << 24 | key[1] << 16 | key[2] << 8 | key[3]; - x[1] = key[4] << 24 | key[5] << 16 | key[6] << 8 | key[7]; - x[2] = key[8] << 24 | key[9] << 16 | key[10] << 8 | key[11]; - x[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15]; + x[0] = (u32)key[0] << 24 | key[1] << 16 | key[2] << 8 | key[3]; + x[1] = (u32)key[4] << 24 | key[5] << 16 | key[6] << 8 | key[7]; + x[2] = (u32)key[8] << 24 | key[9] << 16 | key[10] << 8 | key[11]; + x[3] = (u32)key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15]; key_schedule( x, z, k ); for(i=0; i < 16; i++ ) diff --git a/cipher/des.c b/cipher/des.c index 756c1461c..670ba6598 100644 --- a/cipher/des.c +++ b/cipher/des.c @@ -429,15 +429,15 @@ static byte weak_keys[64][8] = /* * Macros to convert 8 bytes from/to 32bit words. */ -#define READ_64BIT_DATA(data, left, right) \ - left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \ - right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7]; +#define READ_64BIT_DATA(data, left, right) \ + left = ((u32)data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \ + right = ((u32)data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7]; -#define WRITE_64BIT_DATA(data, left, right) \ - data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \ - data[2] = (left >> 8) &0xff; data[3] = left &0xff; \ - data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \ - data[6] = (right >> 8) &0xff; data[7] = right &0xff; +#define WRITE_64BIT_DATA(data, left, right) \ + data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \ + data[2] = (left >> 8) &0xff; data[3] = left &0xff; \ + data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \ + data[6] = (right >> 8) &0xff; data[7] = right &0xff; /* * Handy macros for encryption and decryption of data @@ -452,7 +452,7 @@ static void burn_stack (int bytes) { char buf[64]; - + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) @@ -960,7 +960,7 @@ do_tripledes_setkey ( void *ctx, const byte *key, unsigned keylen ) burn_stack (64); return G10ERR_WEAK_KEY; } - burn_stack (64); + burn_stack (64); return 0; } diff --git a/cipher/twofish.c b/cipher/twofish.c index 2feccdf61..2fe379183 100644 --- a/cipher/twofish.c +++ b/cipher/twofish.c @@ -549,7 +549,7 @@ static void burn_stack (int bytes) { char buf[64]; - + wipememory(buf,sizeof buf); bytes -= sizeof buf; if (bytes > 0) @@ -702,7 +702,7 @@ twofish_setkey (void *ctx, const byte *key, unsigned int keylen) burn_stack (23+6*sizeof(void*)); return rc; } - + /* Macros to compute the g() function in the encryption and decryption @@ -756,7 +756,7 @@ twofish_setkey (void *ctx, const byte *key, unsigned int keylen) #define INPACK(n, x, m) \ x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \ - ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m] + ^ (in[4 * (n) + 2] << 16) ^ ((u32)in[4 * (n) + 3] << 24) ^ ctx->w[m] #define OUTUNPACK(n, x, m) \ x ^= ctx->w[m]; \ diff --git a/util/iobuf.c b/util/iobuf.c index 539356e3c..c8442929a 100644 --- a/util/iobuf.c +++ b/util/iobuf.c @@ -738,7 +738,7 @@ block_filter(void *opaque, int control, IOBUF chain, byte *buf, size_t *ret_len) } } else if( c == 255 ) { - a->size = iobuf_get(chain) << 24; + a->size = (size_t)iobuf_get(chain) << 24; a->size |= iobuf_get(chain) << 16; a->size |= iobuf_get(chain) << 8; if( (c = iobuf_get(chain)) == -1 ) {