diff options
| author | Andy Polyakov <appro@openssl.org> | 2016-11-20 23:38:12 +0100 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2016-11-25 17:24:18 +0100 |
| commit | f47201b3279b3fd16f90ba512e5b203e4944b30c (patch) | |
| tree | 441714856f5d131f361cfc6542cf6bebb37c4350 | |
| parent | c4c71650bb670ab09ea7cc2e68cd4be7a414c855 (diff) | |
| download | openssl-new-f47201b3279b3fd16f90ba512e5b203e4944b30c.tar.gz | |
modes/ctr128.c: fix false carry in counter increment procedure.
GH issue #1916 affects only big-endian platforms. TLS is not affected,
because TLS fragment is never big enough.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 76f572ed0469a277d92378848250b7a9705d3071)
| -rw-r--r-- | crypto/modes/ctr128.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c index bcafd6b6bf..d4b22728e6 100644 --- a/crypto/modes/ctr128.c +++ b/crypto/modes/ctr128.c @@ -100,7 +100,7 @@ static void ctr128_inc_aligned(unsigned char *counter) --n; d = data[n] += c; /* did addition carry? */ - c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1); + c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1); } while (n); } #endif |