[tor-bugs] #13280 [Tor]: Stop signed left shift overflows in ed25519
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Sep 28 17:59:55 UTC 2014
#13280: Stop signed left shift overflows in ed25519
------------------------+--------------------------------
Reporter: teor | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version: Tor: unspecified
Resolution: | Keywords: tor-router ed25519
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------------
Comment (by teor):
The attached patch 0002-Allow-unsafe-left-shifts-in-ed25519-using-
DUNSAFE_SI.patch reverts to the previous behaviour on
-DUNSAFE_SIGNED_LSHIFT.
We can verify the ed25519 changes by diffing:
cpp -E -DUNSAFE_SIGNED_LSHIFT new_file.c
cpp -E old_file.c
Results:
* 28 non-significant bracket changes, as order of operations (<< before
|) preserves semantics;
* preprocessor line number/header order changes; and
* whitespace changes.
The diff also shows one intentional cast to unsigned char in
ed25519_ref10_select().
This cast resolves an 8-bit signed shift overflow (there's no macro for
8-bit shifts).
The 28 bracket and 1 unsigned char cast changes are much easier to verify
by hand than the original ~400 changes.
Alternately, the unsigned char cast could be removed, and then the
assembler/object/executable code should compare and behave identical. (But
I like the preprocessor method.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13280#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list