Date: Fri, 25 Oct 2013 21:50:53 +0200
On 10/25/2013 09:36 PM, John Regehr wrote:
>> What reason do you have to believe that crypto is using any signed
>> arithmetic? I would not.
>
> Here's an example that's at least slightly interesting, from the latest
> version of LibTomCrypt:
>
> kappa[i] =
> (key[pos ] << 24) ^
> (key[pos + 1] << 16) ^
> (key[pos + 2] << 8) ^
> (key[pos + 3] );
>
> key is a pointer to unsigned char. Of course, the array element becomes
> signed after promotion. The shift by 24 then executes an undefined
> behavior whenever the shifted value is >127.
>
> So the interesting thing is that the developer is basically doing things
> right and getting hosed by the arithmetic conversions.
If I'm reading 5p10 correctly, this should help (and is consistently
expressing intent):
kappa[i] =
(key[pos ] << 24u) ^
(key[pos + 1] << 16u) ^
(key[pos + 2] << 8u) ^
(key[pos + 3] );
Jens
>> What reason do you have to believe that crypto is using any signed
>> arithmetic? I would not.
>
> Here's an example that's at least slightly interesting, from the latest
> version of LibTomCrypt:
>
> kappa[i] =
> (key[pos ] << 24) ^
> (key[pos + 1] << 16) ^
> (key[pos + 2] << 8) ^
> (key[pos + 3] );
>
> key is a pointer to unsigned char. Of course, the array element becomes
> signed after promotion. The shift by 24 then executes an undefined
> behavior whenever the shifted value is >127.
>
> So the interesting thing is that the developer is basically doing things
> right and getting hosed by the arithmetic conversions.
If I'm reading 5p10 correctly, this should help (and is consistently
expressing intent):
kappa[i] =
(key[pos ] << 24u) ^
(key[pos + 1] << 16u) ^
(key[pos + 2] << 8u) ^
(key[pos + 3] );
Jens
Received on 2013-10-25 22:04:35