Date: Wed, 13 Nov 2013 14:10:32 -0800
On 11/13/13, John Regehr <regehr_at_[hidden]> wrote:
> Ok, I've spent some time looking at open source crypto libraries and
> wrote up some results here:
>
> http://blog.regehr.org/archives/1054
>
> A good number of these problems will go away once shifting into the sign
> bit is no longer UB, and most of the rest go away once the maintainers
> of 5 packages fix their rotate functions.
It seems that this code also relies on a two's-complement representation.
We already have examples of rare machines that have different behavior.
I have not seen the examples, but is it not the case that casting to unsigned
before the shifts would have created defined behavior?
> Ok, I've spent some time looking at open source crypto libraries and
> wrote up some results here:
>
> http://blog.regehr.org/archives/1054
>
> A good number of these problems will go away once shifting into the sign
> bit is no longer UB, and most of the rest go away once the maintainers
> of 5 packages fix their rotate functions.
It seems that this code also relies on a two's-complement representation.
We already have examples of rare machines that have different behavior.
I have not seen the examples, but is it not the case that casting to unsigned
before the shifts would have created defined behavior?
-- Lawrence Crowl
Received on 2013-11-13 23:10:42