[openssh-commits] [openssh] 02/02: upstream: use 64 bit math to avoid signed underflow. upstream code

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Sep 16 15:38:10 AEST 2024 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 0ca128c9ee894f1b0067abd473bfb33171df67f8
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Mon Sep 16 05:37:05 2024 +0000

    upstream: use 64 bit math to avoid signed underflow. upstream code
    
    relies on using -fwrapv to provide defined over/underflow behaviour, but we
    use -ftrapv to catch integer errors and abort the program. ok dtucker@
    
    OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b
---
 sntrup761.c  | 14 +++++++-------
 sntrup761.sh |  7 ++++++-
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/sntrup761.c b/sntrup761.c
index 6606e854..123d0138 100644
--- a/sntrup761.c
+++ b/sntrup761.c
@@ -1,5 +1,5 @@
 
-/*  $OpenBSD: sntrup761.c,v 1.7 2024/09/15 02:20:51 djm Exp $ */
+/*  $OpenBSD: sntrup761.c,v 1.8 2024/09/16 05:37:05 djm Exp $ */
 
 /*
  * Public Domain, Authors:
@@ -917,8 +917,8 @@ crypto_int32 crypto_int32_min(crypto_int32 crypto_int32_x,crypto_int32 crypto_in
   __asm__ ("cmp %w0,%w1\n csel %w0,%w0,%w1,lt" : "+r"(crypto_int32_x) : "r"(crypto_int32_y) : "cc");
   return crypto_int32_x;
 #else
-  crypto_int32 crypto_int32_r = crypto_int32_y ^ crypto_int32_x;
-  crypto_int32 crypto_int32_z = crypto_int32_y - crypto_int32_x;
+  crypto_int64 crypto_int32_r = (crypto_int64)crypto_int32_y ^ (crypto_int64)crypto_int32_x;
+  crypto_int64 crypto_int32_z = (crypto_int64)crypto_int32_y - (crypto_int64)crypto_int32_x;
   crypto_int32_z ^= crypto_int32_r & (crypto_int32_z ^ crypto_int32_y);
   crypto_int32_z = crypto_int32_negative_mask(crypto_int32_z);
   crypto_int32_z &= crypto_int32_r;
@@ -936,8 +936,8 @@ crypto_int32 crypto_int32_max(crypto_int32 crypto_int32_x,crypto_int32 crypto_in
   __asm__ ("cmp %w0,%w1\n csel %w0,%w1,%w0,lt" : "+r"(crypto_int32_x) : "r"(crypto_int32_y) : "cc");
   return crypto_int32_x;
 #else
-  crypto_int32 crypto_int32_r = crypto_int32_y ^ crypto_int32_x;
-  crypto_int32 crypto_int32_z = crypto_int32_y - crypto_int32_x;
+  crypto_int64 crypto_int32_r = (crypto_int64)crypto_int32_y ^ (crypto_int64)crypto_int32_x;
+  crypto_int64 crypto_int32_z = (crypto_int64)crypto_int32_y - (crypto_int64)crypto_int32_x;
   crypto_int32_z ^= crypto_int32_r & (crypto_int32_z ^ crypto_int32_y);
   crypto_int32_z = crypto_int32_negative_mask(crypto_int32_z);
   crypto_int32_z &= crypto_int32_r;
@@ -961,8 +961,8 @@ void crypto_int32_minmax(crypto_int32 *crypto_int32_p,crypto_int32 *crypto_int32
   *crypto_int32_p = crypto_int32_r;
   *crypto_int32_q = crypto_int32_s;
 #else
-  crypto_int32 crypto_int32_r = crypto_int32_y ^ crypto_int32_x;
-  crypto_int32 crypto_int32_z = crypto_int32_y - crypto_int32_x;
+  crypto_int64 crypto_int32_r = (crypto_int64)crypto_int32_y ^ (crypto_int64)crypto_int32_x;
+  crypto_int64 crypto_int32_z = (crypto_int64)crypto_int32_y - (crypto_int64)crypto_int32_x;
   crypto_int32_z ^= crypto_int32_r & (crypto_int32_z ^ crypto_int32_y);
   crypto_int32_z = crypto_int32_negative_mask(crypto_int32_z);
   crypto_int32_z &= crypto_int32_r;
diff --git a/sntrup761.sh b/sntrup761.sh
index 92c803bb..4de8dc33 100644
--- a/sntrup761.sh
+++ b/sntrup761.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-#       $OpenBSD: sntrup761.sh,v 1.8 2024/09/15 02:20:51 djm Exp $
+#       $OpenBSD: sntrup761.sh,v 1.9 2024/09/16 05:37:05 djm Exp $
 #       Placed in the Public Domain.
 #
 AUTHOR="supercop-20240808/crypto_kem/sntrup761/ref/implementors"
@@ -63,8 +63,13 @@ for i in $FILES; do
 	        -e "s/static void crypto_int16_minmax/void crypto_int16_minmax/"
 	    ;;
 	*/cryptoint/crypto_int32.h)
+	# Use int64_t for intermediate values in crypto_int32_minmax to
+	# prevent signed 32-bit integer overflow when called by
+	# crypto_sort_int32. Original code depends on -fwrapv (we set -ftrapv)
 	    sed -e "s/static void crypto_int32_store/void crypto_int32_store/" \
 		-e "s/^[#]define crypto_int32_optblocker.*//" \
+		-e "s/crypto_int32 crypto_int32_r = crypto_int32_y ^ crypto_int32_x;/crypto_int64 crypto_int32_r = (crypto_int64)crypto_int32_y ^ (crypto_int64)crypto_int32_x;/" \
+		-e "s/crypto_int32 crypto_int32_z = crypto_int32_y - crypto_int32_x;/crypto_int64 crypto_int32_z = (crypto_int64)crypto_int32_y - (crypto_int64)crypto_int32_x;/" \
 	        -e "s/static void crypto_int32_minmax/void crypto_int32_minmax/"
 	    ;;
 	*/cryptoint/crypto_int64.h)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list