openssl/crypto
Matt Caswell 3475c7a185 Fix unintended sign extension
The function CRYPTO_128_unwrap_pad uses an 8 byte AIV (Alternative Initial
Value). The least significant 4 bytes of this is placed into the local
variable |ptext_len|. This is done as follows:

    ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7];

aiv[4] is an unsigned char, but (aiv[4] << 24) is promoted to a *signed*
int - therefore we could end up shifting into the sign bit and end up with
a negative value. |ptext_len| is a size_t (typically 64-bits). If the
result of the shifts is negative then the upper bits of |ptext_len| will
all be 1.

This commit fixes the issue by explicitly casting to an unsigned int.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-17 13:39:53 +00:00
..
aes Fix undefined behaviour in shifts. 2015-03-13 21:10:13 -07:00
asn1 Make X509_ATTRIBUTE opaque. 2015-03-16 15:54:19 +00:00
bf clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
bio BIO_debug_callback: Fix output on 64-bit machines 2015-03-10 12:32:39 +01:00
bn Fix error handling in bn_exp 2015-03-12 09:18:22 +00:00
buffer size_t for buffer functions. 2015-02-13 13:50:36 +00:00
camellia Fix crash in SPARC T4 XTS. 2015-02-24 10:11:36 +01:00
cast Dead code cleanup: #if 0 dropped from tests 2015-02-02 11:11:34 -05:00
cmac Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
cms Unchecked malloc fixes 2015-03-05 09:09:57 +00:00
comp Dead code removal: #if 0 bio, comp, rand 2015-01-29 21:38:57 -05:00
conf RT3670: Check return from BUF_MEM_grow_clean 2015-02-12 13:00:42 -05:00
des des/asm/des_enc.m4: fix brown-bag typo in last commit. 2015-02-09 08:58:43 +01:00
dh Fix dh_pub_encode 2015-03-12 09:22:56 +00:00
dsa Fix dsa_pub_encode 2015-03-12 09:23:42 +00:00
dso Unchecked malloc fixes 2015-03-05 09:09:57 +00:00
ec Avoid reading an unused byte after the buffer 2015-03-14 18:23:41 +01:00
ecdh Update ordinals, fix error message. 2015-03-15 15:56:24 +00:00
ecdsa Update ordinals, fix error message. 2015-03-15 15:56:24 +00:00
engine Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC 2015-03-11 09:29:37 -04:00
err Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC 2015-03-11 09:29:37 -04:00
evp Fix EVP_DigestInit_ex with NULL digest 2015-03-12 09:19:24 +00:00
hmac HMAC_cleanup, and HMAC_Init are stated as deprecated in the docs and source. 2015-02-10 14:32:56 +00:00
idea clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
include/internal Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
jpake Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
krb5 Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
lhash Add missing declaration for lh_node_usage_stats 2015-01-28 12:27:23 -05:00
md2 Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
md4 clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
md5 clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
mdc2 ui_compat cleanup; makefiles and vms 2015-02-06 16:49:17 -05:00
modes Fix unintended sign extension 2015-03-17 13:39:53 +00:00
objects Unchecked malloc fixes 2015-03-05 09:09:57 +00:00
ocsp Remove obsolete declarations. 2015-03-12 14:12:17 +00:00
pem ui_compat cleanup; makefiles and vms 2015-02-06 16:49:17 -05:00
perlasm Fix crash in SPARC T4 XTS. 2015-02-24 10:11:36 +01:00
pkcs7 Make X509_ATTRIBUTE opaque. 2015-03-16 15:54:19 +00:00
pkcs12 Make X509_ATTRIBUTE opaque. 2015-03-16 15:54:19 +00:00
pqueue Dead code removal: #if 0 conf, dso, pqueue, threads 2015-01-30 12:46:49 -05:00
rand Unchecked malloc fixes 2015-03-05 09:09:57 +00:00
rc2 clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
rc4 clang on Linux x86_64 complains about unreachable code. 2015-01-29 01:54:09 +01:00
rc5 ifdef cleanup, part 4a: '#ifdef undef' 2015-01-24 10:58:38 -05:00
ripemd Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp 2015-02-03 11:20:56 -05:00
rsa Fix RSA_X931_derive_ex 2015-03-12 09:26:14 +00:00
seed Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
sha ARMv4 assembly pack: add Cortex-A15 performance data. 2015-03-08 14:09:32 +01:00
srp Dead code: crypto/dh,modes,pkcs12,ripemd,rsa,srp 2015-02-03 11:20:56 -05:00
stack Fix memset call in stack.c 2015-03-17 13:39:53 +00:00
store util/mkstack.pl now generates entire safestack.h 2015-02-06 10:47:53 -05:00
threads Unchecked malloc fixes 2015-03-05 09:09:57 +00:00
ts Remove obsolete declarations. 2015-03-12 14:12:17 +00:00
txt_db OPENSSL_NO_xxx cleanup: many removals 2015-01-27 10:06:22 -05:00
ui Assume TERMIOS is default, remove TERMIO on all Linux. 2015-02-21 23:51:05 +01:00
whrlpool Re-align some comments after running the reformat script. 2015-01-22 09:20:10 +00:00
x509 Make X509_ATTRIBUTE opaque. 2015-03-16 15:54:19 +00:00
x509v3 Remove obsolete declarations. 2015-03-12 14:12:17 +00:00
alphacpuid.pl alphacpuid.pl: fix alignment bug. 2011-08-12 12:28:52 +00:00
arm64cpuid.pl Add assembly support to ios64-cross. 2015-01-23 15:38:41 +01:00
arm_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
armcap.c Add assembly support to ios64-cross. 2015-01-23 15:38:41 +01:00
armv4cpuid.S Remove inconsistency in ARM support. 2015-01-04 23:45:08 +01:00
c64xpluscpuid.pl C64x+ assembly pack: make it work with older toolchain. 2014-05-04 16:38:32 +02:00
constant_time_locl.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
constant_time_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
cpt_err.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
cryptlib.c OPENSSL_NO_XXX cleanup: OPENSSL_NO_BUF_FREELISTS 2015-01-27 16:43:53 -05:00
cryptlib.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
crypto-lib.com Catch up the VMS build. 2015-03-05 18:20:06 +01:00
crypto.h "#if 0" removal: header files 2015-01-27 17:44:12 -05:00
cversion.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ebcdic.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ebcdic.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ex_data.c Fix memory leak reporting. 2015-02-09 12:53:36 +00:00
fips_err.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
fips_ers.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ia64cpuid.S IA-64 assembler pack: fix typos and make it work on HP-UX. 2011-05-07 20:36:05 +00:00
install-crypto.com ui_compat cleanup; makefiles and vms 2015-02-06 16:49:17 -05:00
lock.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_nyi.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_unix.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_vms.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_win32.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_win.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
LPdir_wince.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
Makefile Add assembly support to ios64-cross. 2015-01-23 15:38:41 +01:00
md32_common.h Keep disclaiming 16-bit support. 2015-01-23 19:09:01 +01:00
mem_clr.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
mem_dbg.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
mem.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_dir_test.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_dir.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_dir.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_fips.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_init.c Dead code cleanup: crypto/*.c, x509v3, demos 2015-02-02 11:08:16 -05:00
o_str.c ifdef cleanup part 3: OPENSSL_SYSNAME 2015-01-23 11:58:26 -05:00
o_str.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
o_time.c Re-align some comments after running the reformat script. 2015-01-22 09:20:10 +00:00
opensslconf.h.in RT3548: Remove unsupported platforms 2014-12-28 01:17:52 -05:00
opensslv.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ossl_typ.h Remove obsolete declarations. 2015-03-12 14:12:17 +00:00
pariscid.pl PA-RISC assembler pack: switch to bve in 64-bit builds. 2013-06-18 10:37:00 +02:00
ppc_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ppccap.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
ppccpuid.pl aesp8-ppc.pl: fix typos. 2014-06-04 08:34:18 +02:00
s390xcap.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
s390xcpuid.S
sparc_arch.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
sparccpuid.S sparccpuid.S: work around emulator bug on T1. 2013-02-11 10:39:50 +01:00
sparcv9cap.c Dead code cleanup: crypto/*.c, x509v3, demos 2015-02-02 11:08:16 -05:00
symhacks.h Remove ui_compat 2015-02-06 14:52:40 -05:00
thr_id.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
uid.c Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
vms_rms.h Run util/openssl-format-source -v -c . 2015-01-22 09:20:09 +00:00
x86_64cpuid.pl x86[_64]cpuid.pl: add low-level RDSEED. 2014-02-14 17:24:12 +01:00
x86cpuid.pl Undo a90081576c 2014-08-09 08:02:20 -04:00