commit b31b61b9e8359402a8124572d1a94c48d9ebb776
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Nov 10 13:05:43 2014 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Nov 12 00:01:51 2014 +0100
tree 4848ab431e7f813ede3d80c81eec1b86f700d09a
parent d6197a37e08e2c183ee308fdabf162a536966228

Fix potential undefined behaviour in Camellia

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index f38c0cf..bc0bbd0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@
 Bugfix
    * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found
      by Julian Ospald).
+   * Fix potential undefined behaviour in Camellia.
 
 Changes
    * Use deterministic nonces for AEAD ciphers in TLS by default (possible to

library/camellia.c

diff --git a/library/camellia.c b/library/camellia.c
index a4968f4..3956a40 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -304,14 +304,14 @@
     I0 = x[0] ^ k[0];
     I1 = x[1] ^ k[1];
 
-    I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
-         (SBOX2((I0 >> 16) & 0xFF) << 16) |
-         (SBOX3((I0 >>  8) & 0xFF) <<  8) |
-         (SBOX4((I0      ) & 0xFF)      );
-    I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
-         (SBOX3((I1 >> 16) & 0xFF) << 16) |
-         (SBOX4((I1 >>  8) & 0xFF) <<  8) |
-         (SBOX1((I1      ) & 0xFF)      );
+    I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
+         ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
+         ((uint32_t) SBOX3((I0 >>  8) & 0xFF) <<  8) |
+         ((uint32_t) SBOX4((I0      ) & 0xFF)      );
+    I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
+         ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
+         ((uint32_t) SBOX4((I1 >>  8) & 0xFF) <<  8) |
+         ((uint32_t) SBOX1((I1      ) & 0xFF)      );
 
     I0 ^= (I1 << 8) | (I1 >> 24);
     I1 ^= (I0 << 16) | (I0 >> 16);