From 04659a023ef8ffefffd0aab273a396b5d876ebf6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 Jun 2019 15:12:51 +0200 Subject: [PATCH] Prevent building the HAVEGE module on platforms where it doesn't work If int is not capable of storing as many values as unsigned, the code may generate a trap value. If signed int and unsigned int aren't 32-bit types, the code may calculate meaningless values. --- library/havege.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/library/havege.c b/library/havege.c index 08f9d974d..c139e1db0 100644 --- a/library/havege.c +++ b/library/havege.c @@ -38,8 +38,19 @@ #include "mbedtls/timing.h" #include "mbedtls/platform_util.h" +#include #include +/* If int isn't capable of storing 2^32 distinct values, the code of this + * module may cause a processor trap or a miscalculation. If int is more + * than 32 bits, the code may not calculate the intended values. */ +#if INT_MIN + 1 != -0x7fffffff +#error "The HAVEGE module requires int to be exactly 32 bits, with INT_MIN = -2^31." +#endif +#if UINT_MAX != 0xffffffff +#error "The HAVEGE module requires unsigned to be exactly 32 bits." +#endif + /* ------------------------------------------------------------------------ * On average, one iteration accesses two 8-word blocks in the havege WALK * table, and generates 16 words in the RES array.