* grub-core/lib/libgcrypt/cipher/serpent.c (serpent_key_prepare): Fix

	misaligned access.
	(serpent_setkey): Likewise.
	(serpent_encrypt_internal): Likewise.
	(serpent_decrypt_internal): Likewise.
	(serpent_encrypt): Don't put an alignment-increasing cast.
	(serpent_decrypt): Likewise.
	(serpent_test): Likewise.

diff --git a/ChangeLog b/ChangeLog
index 009d52f08052bf980d83707032a08f192f0d2bb7..7f44d38ed31ebe0ee637dac1294532dc1f6d907d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2011-12-15  Vladimir Serbinenko  <phcoder@gmail.com>
+
+       * grub-core/lib/libgcrypt/cipher/serpent.c (serpent_key_prepare): Fix
+       misaligned access.
+       (serpent_setkey): Likewise.
+       (serpent_encrypt_internal): Likewise.
+       (serpent_decrypt_internal): Likewise.
+       (serpent_encrypt): Don't put an alignment-increasing cast.
+       (serpent_decrypt): Likewise.
+       (serpent_test): Likewise.
+
 2011-12-15  Vladimir Serbinenko  <phcoder@gmail.com>
 
        * grub-core/loader/multiboot.c (grub_cmd_module): Fix target address.

diff --git a/grub-core/lib/libgcrypt/cipher/serpent.c b/grub-core/lib/libgcrypt/cipher/serpent.c
index 6b7e655a98cb458d459c1630ed0caf1d8a660fbc..b1026eafcf4b0003215757e25f492b42df29cb3d 100644 (file)
--- a/grub-core/lib/libgcrypt/cipher/serpent.c
+++ b/grub-core/lib/libgcrypt/cipher/serpent.c
@@ -585,22 +585,19 @@ serpent_key_prepare (const byte *key, unsigned int key_length,
   int i;
 
   /* Copy key.  */
-  for (i = 0; i < key_length / 4; i++)
-    {
+  memcpy (key_prepared, key, key_length);
 #ifdef WORDS_BIGENDIAN
-      key_prepared[i] = byte_swap_32 (((u32 *) key)[i]);
-#else
-      key_prepared[i] = ((u32 *) key)[i];
+  for (i = 0; i < key_length / 4; i++)
+    key_prepared[i] = byte_swap_32 (key_prepared[i]);
 #endif
-    }
 
-  if (i < 8)
+  if (key_length < 32)
     {
       /* Key must be padded according to the Serpent
         specification.  */
-      key_prepared[i] = 0x00000001;
+      key_prepared[key_length / 4] = 0x00000001;
 
-      for (i++; i < 8; i++)
+      for (i = key_length / 4 + 1; i < 8; i++)
        key_prepared[i] = 0;
     }
 }
@@ -707,21 +704,17 @@ serpent_setkey (void *ctx,
 
 static void
 serpent_encrypt_internal (serpent_context_t *context,
-                         const serpent_block_t input, serpent_block_t output)
+                         const byte *input, byte *output)
 {
   serpent_block_t b, b_next;
   int round = 0;
 
+  memcpy (b, input, sizeof (b));
 #ifdef WORDS_BIGENDIAN
-  b[0] = byte_swap_32 (input[0]);
-  b[1] = byte_swap_32 (input[1]);
-  b[2] = byte_swap_32 (input[2]);
-  b[3] = byte_swap_32 (input[3]);
-#else
-  b[0] = input[0];
-  b[1] = input[1];
-  b[2] = input[2];
-  b[3] = input[3];
+  b[0] = byte_swap_32 (b[0]);
+  b[1] = byte_swap_32 (b[1]);
+  b[2] = byte_swap_32 (b[2]);
+  b[3] = byte_swap_32 (b[3]);
 #endif
 
   ROUND (0, context->keys, b, b_next);
@@ -759,35 +752,27 @@ serpent_encrypt_internal (serpent_context_t *context,
   ROUND_LAST (7, context->keys, b, b_next);
 
 #ifdef WORDS_BIGENDIAN
-  output[0] = byte_swap_32 (b_next[0]);
-  output[1] = byte_swap_32 (b_next[1]);
-  output[2] = byte_swap_32 (b_next[2]);
-  output[3] = byte_swap_32 (b_next[3]);
-#else
-  output[0] = b_next[0];
-  output[1] = b_next[1];
-  output[2] = b_next[2];
-  output[3] = b_next[3];
+  b_next[0] = byte_swap_32 (b_next[0]);
+  b_next[1] = byte_swap_32 (b_next[1]);
+  b_next[2] = byte_swap_32 (b_next[2]);
+  b_next[3] = byte_swap_32 (b_next[3]);
 #endif
+  memcpy (output, b_next, sizeof (b_next));
 }
 
 static void
 serpent_decrypt_internal (serpent_context_t *context,
-                         const serpent_block_t input, serpent_block_t output)
+                         const byte *input, byte *output)
 {
   serpent_block_t b, b_next;
   int round = ROUNDS;
 
+  memcpy (b, input, sizeof (b));
 #ifdef WORDS_BIGENDIAN
-  b_next[0] = byte_swap_32 (input[0]);
-  b_next[1] = byte_swap_32 (input[1]);
-  b_next[2] = byte_swap_32 (input[2]);
-  b_next[3] = byte_swap_32 (input[3]);
-#else
-  b_next[0] = input[0];
-  b_next[1] = input[1];
-  b_next[2] = input[2];
-  b_next[3] = input[3];
+  b[0] = byte_swap_32 (b[0]);
+  b[1] = byte_swap_32 (b[1]);
+  b[2] = byte_swap_32 (b[2]);
+  b[3] = byte_swap_32 (b[3]);
 #endif
 
   ROUND_FIRST_INVERSE (7, context->keys, b_next, b);
@@ -824,18 +809,13 @@ serpent_decrypt_internal (serpent_context_t *context,
   ROUND_INVERSE (1, context->keys, b, b_next);
   ROUND_INVERSE (0, context->keys, b, b_next);
 
-
 #ifdef WORDS_BIGENDIAN
-  output[0] = byte_swap_32 (b_next[0]);
-  output[1] = byte_swap_32 (b_next[1]);
-  output[2] = byte_swap_32 (b_next[2]);
-  output[3] = byte_swap_32 (b_next[3]);
-#else
-  output[0] = b_next[0];
-  output[1] = b_next[1];
-  output[2] = b_next[2];
-  output[3] = b_next[3];
+  b_next[0] = byte_swap_32 (b_next[0]);
+  b_next[1] = byte_swap_32 (b_next[1]);
+  b_next[2] = byte_swap_32 (b_next[2]);
+  b_next[3] = byte_swap_32 (b_next[3]);
 #endif
+  memcpy (output, b_next, sizeof (b_next));
 }
 
 static void
@@ -843,8 +823,7 @@ serpent_encrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
 {
   serpent_context_t *context = ctx;
 
-  serpent_encrypt_internal (context,
-                           (const u32 *) buffer_in, (u32 *) buffer_out);
+  serpent_encrypt_internal (context, buffer_in, buffer_out);
   _gcry_burn_stack (2 * sizeof (serpent_block_t));
 }
 
@@ -853,9 +832,7 @@ serpent_decrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
 {
   serpent_context_t *context = ctx;
 
-  serpent_decrypt_internal (context,
-                           (const u32 *) buffer_in,
-                           (u32 *) buffer_out);
+  serpent_decrypt_internal (context, buffer_in, buffer_out);
   _gcry_burn_stack (2 * sizeof (serpent_block_t));
 }
 
@@ -915,8 +892,8 @@ serpent_test (void)
       serpent_setkey_internal (&context, test_data[i].key,
                                test_data[i].key_length);
       serpent_encrypt_internal (&context,
-                               (const u32 *) test_data[i].text_plain,
-                               (u32 *) scratch);
+                               test_data[i].text_plain,
+                               scratch);
 
       if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t)))
        switch (test_data[i].key_length)
@@ -930,8 +907,8 @@ serpent_test (void)
          }
 
     serpent_decrypt_internal (&context,
-                             (const u32 *) test_data[i].text_cipher,
-                             (u32 *) scratch);
+                             test_data[i].text_cipher,
+                             scratch);
     if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t)))
       switch (test_data[i].key_length)
        {