On Thu, Dec 10, 2015 at 6:55 AM, Jayalakshmi bhat
<bhat.jayalaks...@gmail.com> wrote:
> Hi Matt,
>
> Thanks for the patch. Unfortunately patch did not work. I continued
> debugging and found that issue was in constant_time_msb.
>
> static inline unsigned int constant_time_msb(unsigned int a) {
> - return 0 - (a >> (sizeof(a) * 8 - 1));
> + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1))));
> }
Forgive me for commenting... That looks questionable to me. C has some
non-intuitive rules, and usually one casts to an unsigned type during
shifts to avoid undefined behavior.
I would definitely build out a test case for it. Ensure the test cases
include a value with and without the high bit set on a 2's compliment
machine. Then, run it under GCC or Clang's Undefined Behavior
sanitizer. For GCC you need 4.9 or above. For Clang, you need 3.2 or
above.
I *think* Ben or Richard has a test build configuration that applies
the sanitizers.
Jeff
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
