From 5eaa2df7b39b83f1cc8f8b6fd00bbec5c469c3fd Mon Sep 17 00:00:00 2001
From: miod <>
Date: Thu, 5 Nov 2015 21:59:13 +0000
Subject: Cast Td4[] values (which are uint8_t) to uint32_t before shifting
 them left by 24 bits; if we don't, Td4[] gets cast to signed int, and
 according to C>=99 6.5.7, signed int shifted by enough bits to cause a the
 sign bit to be set is an UB.

Reported by Pascal Cuoq on behalf of the trust-in-soft.com mafia I am
{partial,slightly related} to.
---
 src/lib/libcrypto/aes/aes_core.c         | 10 +++++-----
 src/lib/libssl/src/crypto/aes/aes_core.c | 10 +++++-----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c
index 93c32b919b..1b8a24c714 100644
--- a/src/lib/libcrypto/aes/aes_core.c
+++ b/src/lib/libcrypto/aes/aes_core.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_core.c,v 1.12 2015/02/10 09:46:30 miod Exp $ */
+/* $OpenBSD: aes_core.c,v 1.13 2015/11/05 21:59:13 miod Exp $ */
 /**
  * rijndael-alg-fst.c
  *
@@ -1132,28 +1132,28 @@ AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
 	 * map cipher state to byte array block:
 	 */
 	s0 =
-	    (Td4[(t0 >> 24)] << 24) ^
+	    (((uint32_t)Td4[(t0 >> 24)]) << 24) ^
 	    (Td4[(t3 >> 16) & 0xff] << 16) ^
 	    (Td4[(t2 >> 8) & 0xff] <<  8) ^
 	    (Td4[(t1) & 0xff]) ^
 	    rk[0];
 	PUTU32(out, s0);
 	s1 =
-	    (Td4[(t1 >> 24)] << 24) ^
+	    (((uint32_t)Td4[(t1 >> 24)]) << 24) ^
 	    (Td4[(t0 >> 16) & 0xff] << 16) ^
 	    (Td4[(t3 >> 8) & 0xff] <<  8) ^
 	    (Td4[(t2) & 0xff]) ^
 	    rk[1];
 	PUTU32(out + 4, s1);
 	s2 =
-	    (Td4[(t2 >> 24)] << 24) ^
+	    (((uint32_t)Td4[(t2 >> 24)]) << 24) ^
 	    (Td4[(t1 >> 16) & 0xff] << 16) ^
 	    (Td4[(t0 >> 8) & 0xff] <<  8) ^
 	    (Td4[(t3) & 0xff]) ^
 	    rk[2];
 	PUTU32(out + 8, s2);
 	s3 =
-	    (Td4[(t3 >> 24)] << 24) ^
+	    (((uint32_t)Td4[(t3 >> 24)]) << 24) ^
 	    (Td4[(t2 >> 16) & 0xff] << 16) ^
 	    (Td4[(t1 >> 8) & 0xff] <<  8) ^
 	    (Td4[(t0) & 0xff]) ^
diff --git a/src/lib/libssl/src/crypto/aes/aes_core.c b/src/lib/libssl/src/crypto/aes/aes_core.c
index 93c32b919b..1b8a24c714 100644
--- a/src/lib/libssl/src/crypto/aes/aes_core.c
+++ b/src/lib/libssl/src/crypto/aes/aes_core.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: aes_core.c,v 1.12 2015/02/10 09:46:30 miod Exp $ */
+/* $OpenBSD: aes_core.c,v 1.13 2015/11/05 21:59:13 miod Exp $ */
 /**
  * rijndael-alg-fst.c
  *
@@ -1132,28 +1132,28 @@ AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
 	 * map cipher state to byte array block:
 	 */
 	s0 =
-	    (Td4[(t0 >> 24)] << 24) ^
+	    (((uint32_t)Td4[(t0 >> 24)]) << 24) ^
 	    (Td4[(t3 >> 16) & 0xff] << 16) ^
 	    (Td4[(t2 >> 8) & 0xff] <<  8) ^
 	    (Td4[(t1) & 0xff]) ^
 	    rk[0];
 	PUTU32(out, s0);
 	s1 =
-	    (Td4[(t1 >> 24)] << 24) ^
+	    (((uint32_t)Td4[(t1 >> 24)]) << 24) ^
 	    (Td4[(t0 >> 16) & 0xff] << 16) ^
 	    (Td4[(t3 >> 8) & 0xff] <<  8) ^
 	    (Td4[(t2) & 0xff]) ^
 	    rk[1];
 	PUTU32(out + 4, s1);
 	s2 =
-	    (Td4[(t2 >> 24)] << 24) ^
+	    (((uint32_t)Td4[(t2 >> 24)]) << 24) ^
 	    (Td4[(t1 >> 16) & 0xff] << 16) ^
 	    (Td4[(t0 >> 8) & 0xff] <<  8) ^
 	    (Td4[(t3) & 0xff]) ^
 	    rk[2];
 	PUTU32(out + 8, s2);
 	s3 =
-	    (Td4[(t3 >> 24)] << 24) ^
+	    (((uint32_t)Td4[(t3 >> 24)]) << 24) ^
 	    (Td4[(t2 >> 16) & 0xff] << 16) ^
 	    (Td4[(t1 >> 8) & 0xff] <<  8) ^
 	    (Td4[(t0) & 0xff]) ^
-- 
cgit v1.2.3-55-g6feb