commit ffbeedb83873df18e4ba8048224549770e37f95a
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Nov 10 13:05:43 2014 +0100
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Nov 17 11:52:34 2014 +0100
tree 9c8333b1d7690a8d649e318bd272bb85f784c73b
parent 7bf9f7e308eab31464cef0cc7a0b5422909dcd62

Fix potential undefined behaviour in Camellia

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 70e6ed5..59f5c8e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,9 @@
      (TLS server is not affected if it doesn't ask for a client certificate)
      found using Codenomicon Defensics).
 
+Bugfix
+   * Fix potential undefined behaviour in Camellia.
+
 Changes
    * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
    * Forbid repeated extensions in X.509 certificates.

library/camellia.c

diff --git a/library/camellia.c b/library/camellia.c
index 48fc3e6..99eb96c 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -293,14 +293,14 @@
     I0 = x[0] ^ k[0];
     I1 = x[1] ^ k[1];
 
-    I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
-         (SBOX2((I0 >> 16) & 0xFF) << 16) |
-         (SBOX3((I0 >>  8) & 0xFF) <<  8) |
-         (SBOX4((I0      ) & 0xFF)      );
-    I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
-         (SBOX3((I1 >> 16) & 0xFF) << 16) |
-         (SBOX4((I1 >>  8) & 0xFF) <<  8) |
-         (SBOX1((I1      ) & 0xFF)      );
+    I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
+         ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
+         ((uint32_t) SBOX3((I0 >>  8) & 0xFF) <<  8) |
+         ((uint32_t) SBOX4((I0      ) & 0xFF)      );
+    I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
+         ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
+         ((uint32_t) SBOX4((I1 >>  8) & 0xFF) <<  8) |
+         ((uint32_t) SBOX1((I1      ) & 0xFF)      );
 
     I0 ^= (I1 << 8) | (I1 >> 24);
     I1 ^= (I0 << 16) | (I0 >> 16);