Fix potential undefined behaviour in Camellia

2025-11-04 04:32:24 -05:00 · 2014-11-10 13:05:43 +01:00 · 2014-11-10 13:05:43 +01:00 · b31b61b9e8
commit b31b61b9e8
parent d6197a37e0
2 changed files with 9 additions and 8 deletions
--- a/1
+++ b/1
@ -8,6 +8,7 @@ Features
 Bugfix
   * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found
     by Julian Ospald).
+   * Fix potential undefined behaviour in Camellia.

 Changes
   * Use deterministic nonces for AEAD ciphers in TLS by default (possible to
--- a/library/camellia.c
+++ b/library/camellia.c
@ -304,14 +304,14 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
    I0 = x[0] ^ k[0];
    I1 = x[1] ^ k[1];

-    I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
-         (SBOX2((I0 >> 16) & 0xFF) << 16) |
-         (SBOX3((I0 >>  8) & 0xFF) <<  8) |
-         (SBOX4((I0      ) & 0xFF)      );
-    I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
-         (SBOX3((I1 >> 16) & 0xFF) << 16) |
-         (SBOX4((I1 >>  8) & 0xFF) <<  8) |
-         (SBOX1((I1      ) & 0xFF)      );
+    I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
+         ((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
+         ((uint32_t) SBOX3((I0 >>  8) & 0xFF) <<  8) |
+         ((uint32_t) SBOX4((I0      ) & 0xFF)      );
+    I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
+         ((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
+         ((uint32_t) SBOX4((I1 >>  8) & 0xFF) <<  8) |
+         ((uint32_t) SBOX1((I1      ) & 0xFF)      );

    I0 ^= (I1 << 8) | (I1 >> 24);
    I1 ^= (I0 << 16) | (I0 >> 16);