shift overflow in mpi/mpicoder.c
TOGAWA Satoshi
Satoshi.Togawa at jp.yokogawa.com
Tue Sep 3 03:34:03 CEST 2002
Hello.
I'm try to run RSA key-generate code in H8/300H processer (16bit CPU).
I used GnuPG-1.0.7's code, and I found shift overflow in mpi/mpicoder.c
when BYTES_PER_MPI_LIMB == 4.
--- mpicoder.c.orig Tue Sep 3 09:18:44 2002
+++ mpicoder.c Tue Sep 3 09:21:44 2002
@@ -402,10 +402,10 @@
for(i=0, p = buffer+nbytes-1; p >= buffer+BYTES_PER_MPI_LIMB; ) {
#if BYTES_PER_MPI_LIMB == 4
- alimb = *p-- ;
- alimb |= *p-- << 8 ;
- alimb |= *p-- << 16 ;
- alimb |= *p-- << 24 ;
+ alimb = (mpi_limb_t)*p-- ;
+ alimb |= (mpi_limb_t)*p-- << 8 ;
+ alimb |= (mpi_limb_t)*p-- << 16 ;
+ alimb |= (mpi_limb_t)*p-- << 24 ;
#elif BYTES_PER_MPI_LIMB == 8
alimb = (mpi_limb_t)*p-- ;
alimb |= (mpi_limb_t)*p-- << 8 ;
@@ -422,10 +422,10 @@
}
if( p >= buffer ) {
#if BYTES_PER_MPI_LIMB == 4
- alimb = *p-- ;
- if( p >= buffer ) alimb |= *p-- << 8 ;
- if( p >= buffer ) alimb |= *p-- << 16 ;
- if( p >= buffer ) alimb |= *p-- << 24 ;
+ alimb = (mpi_limb_t)*p-- ;
+ if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 8 ;
+ if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 16 ;
+ if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 24 ;
#elif BYTES_PER_MPI_LIMB == 8
alimb = (mpi_limb_t)*p-- ;
if( p >= buffer ) alimb |= (mpi_limb_t)*p-- << 8 ;
In this function, *p is byte type. So when we do (*p<<16) in CPU
whose integer is 16bit, shift overflow occered.
Regards,
Satoshi.Togawa at jp.yokogawa.com
More information about the Gnupg-devel
mailing list