Fix potential undefined behaviour in Camellia

This commit is contained in:
Manuel Pégourié-Gonnard 2014-11-10 13:05:43 +01:00
parent d6197a37e0
commit b31b61b9e8
2 changed files with 9 additions and 8 deletions

View File

@ -8,6 +8,7 @@ Features
Bugfix Bugfix
* User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found
by Julian Ospald). by Julian Ospald).
* Fix potential undefined behaviour in Camellia.
Changes Changes
* Use deterministic nonces for AEAD ciphers in TLS by default (possible to * Use deterministic nonces for AEAD ciphers in TLS by default (possible to

View File

@ -304,14 +304,14 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
I0 = x[0] ^ k[0]; I0 = x[0] ^ k[0];
I1 = x[1] ^ k[1]; I1 = x[1] ^ k[1];
I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) | I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
(SBOX2((I0 >> 16) & 0xFF) << 16) | ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
(SBOX3((I0 >> 8) & 0xFF) << 8) | ((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
(SBOX4((I0 ) & 0xFF) ); ((uint32_t) SBOX4((I0 ) & 0xFF) );
I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) | I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
(SBOX3((I1 >> 16) & 0xFF) << 16) | ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
(SBOX4((I1 >> 8) & 0xFF) << 8) | ((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
(SBOX1((I1 ) & 0xFF) ); ((uint32_t) SBOX1((I1 ) & 0xFF) );
I0 ^= (I1 << 8) | (I1 >> 24); I0 ^= (I1 << 8) | (I1 >> 24);
I1 ^= (I0 << 16) | (I0 >> 16); I1 ^= (I0 << 16) | (I0 >> 16);