granicus.if.org Git - openssl/commit

author	Matt Caswell <matt@openssl.org>
	Thu, 12 Mar 2015 15:59:07 +0000 (15:59 +0000)
committer	Matt Caswell <matt@openssl.org>
	Tue, 17 Mar 2015 13:39:53 +0000 (13:39 +0000)
commit	3475c7a1854977e290ab44deb16551f6d55ad9a7
tree	10b41868ffb2d87bb51463ac9c070cbe340addf4	tree \| snapshot
parent	dfef52f6f277327e118fdd0fe34486852c2789b6	commit \| diff

Fix unintended sign extension

The function CRYPTO_128_unwrap_pad uses an 8 byte AIV (Alternative Initial
Value). The least significant 4 bytes of this is placed into the local
variable |ptext_len|. This is done as follows:

ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7];

aiv[4] is an unsigned char, but (aiv[4] << 24) is promoted to a *signed*
int - therefore we could end up shifting into the sign bit and end up with
a negative value. |ptext_len| is a size_t (typically 64-bits). If the
result of the shifts is negative then the upper bits of |ptext_len| will
all be 1.

This commit fixes the issue by explicitly casting to an unsigned int.

Reviewed-by: Richard Levitte <levitte@openssl.org>