Fix misuse of signed ints in the HAVEGE module

The elements of the HAVEGE state are manipulated with bitwise
operations, with the expectations that the elements are 32-bit
unsigned integers (or larger). But they are declared as int, and so
the code has undefined behavior. Clang with Asan correctly points out
some shifts that reach the sign bit.

Use unsigned int internally. This is technically an aliasing violation
since we're accessing an array of `int` via a pointer to `unsigned
int`, but since we don't access the array directly inside the same
function, it's very unlikely to be compiled in an unintended manner.
This commit is contained in:
Gilles Peskine 2019-06-17 15:01:08 +02:00
parent 418e7611f6
commit 31a4ba7264

View file

@ -54,7 +54,7 @@
* ------------------------------------------------------------------------ * ------------------------------------------------------------------------
*/ */
#define SWAP(X,Y) { int *T = (X); (X) = (Y); (Y) = T; } #define SWAP(X,Y) { unsigned *T = (X); (X) = (Y); (Y) = T; }
#define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; #define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
#define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1; #define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
@ -77,7 +77,7 @@
PTX = (PT1 >> 18) & 7; \ PTX = (PT1 >> 18) & 7; \
PT1 &= 0x1FFF; \ PT1 &= 0x1FFF; \
PT2 &= 0x1FFF; \ PT2 &= 0x1FFF; \
CLK = (int) mbedtls_timing_hardclock(); \ CLK = (unsigned) mbedtls_timing_hardclock(); \
\ \
i = 0; \ i = 0; \
A = &WALK[PT1 ]; RES[i++] ^= *A; \ A = &WALK[PT1 ]; RES[i++] ^= *A; \
@ -100,7 +100,7 @@
\ \
IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \ IN = (*A >> (5)) ^ (*A << (27)) ^ CLK; \
*A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \ *A = (*B >> (6)) ^ (*B << (26)) ^ CLK; \
*B = IN; CLK = (int) mbedtls_timing_hardclock(); \ *B = IN; CLK = (unsigned) mbedtls_timing_hardclock(); \
*C = (*C >> (7)) ^ (*C << (25)) ^ CLK; \ *C = (*C >> (7)) ^ (*C << (25)) ^ CLK; \
*D = (*D >> (8)) ^ (*D << (24)) ^ CLK; \ *D = (*D >> (8)) ^ (*D << (24)) ^ CLK; \
\ \
@ -151,19 +151,20 @@
PT1 ^= (PT2 ^ 0x10) & 0x10; \ PT1 ^= (PT2 ^ 0x10) & 0x10; \
\ \
for( n++, i = 0; i < 16; i++ ) \ for( n++, i = 0; i < 16; i++ ) \
hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i]; POOL[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];
/* /*
* Entropy gathering function * Entropy gathering function
*/ */
static void havege_fill( mbedtls_havege_state *hs ) static void havege_fill( mbedtls_havege_state *hs )
{ {
int i, n = 0; unsigned i, n = 0;
int U1, U2, *A, *B, *C, *D; unsigned U1, U2, *A, *B, *C, *D;
int PT1, PT2, *WALK, RES[16]; unsigned PT1, PT2, *WALK, *POOL, RES[16];
int PTX, PTY, CLK, PTEST, IN; unsigned PTX, PTY, CLK, PTEST, IN;
WALK = hs->WALK; WALK = (unsigned *) hs->WALK;
POOL = (unsigned *) hs->pool;
PT1 = hs->PT1; PT1 = hs->PT1;
PT2 = hs->PT2; PT2 = hs->PT2;