modes/ctr128.c: fix false carry in counter increment procedure.

GH issue #1916 affects only big-endian platforms. TLS is not affected, because TLS fragment is never big enough. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 76f572ed0469a277d92378848250b7a9705d3071)
2025-05-04 21:49:38 +00:00 · 2016-11-20 23:38:12 +01:00 · 2016-11-20 23:38:12 +01:00 · edfca4e3da
commit edfca4e3da
parent ca88f01d6c
1 changed files with 1 additions and 1 deletions
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@ -100,7 +100,7 @@ static void ctr128_inc_aligned(unsigned char *counter)
        --n;
        d = data[n] += c;
        /* did addition carry? */
-        c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
+        c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);
    } while (n);
 }
 #endif