mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-10 22:45:39 +00:00
Fix misuse of signed ints in the HAVEGE module
The elements of the HAVEGE state are manipulated with bitwise operations, with the expectations that the elements are 32-bit unsigned integers (or larger). But they are declared as int, and so the code has undefined behavior. Clang with Asan correctly points out some shifts that reach the sign bit. Use unsigned int internally. This is technically an aliasing violation since we're accessing an array of `int` via a pointer to `unsigned int`, but since we don't access the array directly inside the same function, it's very unlikely to be compiled in an unintended manner.
This commit is contained in:
parent
418e7611f6
commit
31a4ba7264
|
@ -54,7 +54,7 @@
|
||||||
* ------------------------------------------------------------------------
|
* ------------------------------------------------------------------------
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define SWAP(X,Y) { int *T = (X); (X) = (Y); (Y) = T; }
|
#define SWAP(X,Y) { unsigned *T = (X); (X) = (Y); (Y) = T; }
|
||||||
|
|
||||||
#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
|
#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
|
||||||
#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
|
#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
|
||||||
|
@ -77,7 +77,7 @@
|
||||||
PTX = (PT1 >> 18) & 7; \
|
PTX = (PT1 >> 18) & 7; \
|
||||||
PT1 &= 0x1FFF; \
|
PT1 &= 0x1FFF; \
|
||||||
PT2 &= 0x1FFF; \
|
PT2 &= 0x1FFF; \
|
||||||
CLK = (int) mbedtls_timing_hardclock(); \
|
CLK = (unsigned) mbedtls_timing_hardclock(); \
|
||||||
\
|
\
|
||||||
i = 0; \
|
i = 0; \
|
||||||
A = &WALK[PT1 ]; RES[i++] ^= *A; \
|
A = &WALK[PT1 ]; RES[i++] ^= *A; \
|
||||||
|
@ -100,7 +100,7 @@
|
||||||
\
|
\
|
||||||
IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \
|
IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \
|
||||||
*A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \
|
*A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \
|
||||||
*B = IN; CLK = (int) mbedtls_timing_hardclock(); \
|
*B = IN; CLK = (unsigned) mbedtls_timing_hardclock(); \
|
||||||
*C = (*C >> (7)) ^ (*C << (25)) ^ CLK; \
|
*C = (*C >> (7)) ^ (*C << (25)) ^ CLK; \
|
||||||
*D = (*D >> (8)) ^ (*D << (24)) ^ CLK; \
|
*D = (*D >> (8)) ^ (*D << (24)) ^ CLK; \
|
||||||
\
|
\
|
||||||
|
@ -151,19 +151,20 @@
|
||||||
PT1 ^= (PT2 ^ 0x10) & 0x10; \
|
PT1 ^= (PT2 ^ 0x10) & 0x10; \
|
||||||
\
|
\
|
||||||
for( n++, i = 0; i < 16; i++ ) \
|
for( n++, i = 0; i < 16; i++ ) \
|
||||||
hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];
|
POOL[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Entropy gathering function
|
* Entropy gathering function
|
||||||
*/
|
*/
|
||||||
static void havege_fill( mbedtls_havege_state *hs )
|
static void havege_fill( mbedtls_havege_state *hs )
|
||||||
{
|
{
|
||||||
int i, n = 0;
|
unsigned i, n = 0;
|
||||||
int U1, U2, *A, *B, *C, *D;
|
unsigned U1, U2, *A, *B, *C, *D;
|
||||||
int PT1, PT2, *WALK, RES[16];
|
unsigned PT1, PT2, *WALK, *POOL, RES[16];
|
||||||
int PTX, PTY, CLK, PTEST, IN;
|
unsigned PTX, PTY, CLK, PTEST, IN;
|
||||||
|
|
||||||
WALK = hs->WALK;
|
WALK = (unsigned *) hs->WALK;
|
||||||
|
POOL = (unsigned *) hs->pool;
|
||||||
PT1 = hs->PT1;
|
PT1 = hs->PT1;
|
||||||
PT2 = hs->PT2;
|
PT2 = hs->PT2;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue