From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/1116 Path: news.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: FreeSec crypt() Date: Wed, 13 Jun 2012 13:27:11 -0400 Message-ID: <20120613172711.GF163@brightrain.aerifal.cx> References: <20120612235113.GA21296@openwall.com> <20120613011842.GA163@brightrain.aerifal.cx> <20120613061032.GH17860@port70.net> <20120613125839.GB163@brightrain.aerifal.cx> <20120613131807.GA22380@openwall.com> <20120613145603.GD163@brightrain.aerifal.cx> <20120613164546.GA23407@openwall.com> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1339608709 17761 80.91.229.3 (13 Jun 2012 17:31:49 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 13 Jun 2012 17:31:49 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-1117-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jun 13 19:31:47 2012 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from [195.42.179.200] (helo=mother.openwall.net) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1SerPs-0003rH-09 for gllmg-musl@plane.gmane.org; Wed, 13 Jun 2012 19:31:36 +0200 Original-Received: (qmail 12134 invoked by uid 550); 13 Jun 2012 17:31:35 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 12126 invoked from network); 13 Jun 2012 17:31:35 -0000 Content-Disposition: inline In-Reply-To: <20120613164546.GA23407@openwall.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Broken-Reverse-DNS: no host name found for IP address 195.42.179.200 Xref: news.gmane.org gmane.linux.lib.musl.general:1116 Archived-At: On Wed, Jun 13, 2012 at 08:45:46PM +0400, Solar Designer wrote: > On Wed, Jun 13, 2012 at 10:56:03AM -0400, Rich Felker wrote: > > On Wed, Jun 13, 2012 at 05:18:07PM +0400, Solar Designer wrote: > > > > Note that even if the behavior were defined, this code seems to have > > > > different behavior for high bytes depending on the signedness of char. > .... > > > Why would signedness of char matter > > > if the behavior of the signed char overflowing left shift were defined? > > > > Well if char is signed, (char)0x80 << 1 is -256. If char is unsigned, > > (char)0x80 << 1 is 256. > > Sure, but we had: > > const char *key; > u_char *q; > *q++ = *key << 1; > > so while *key << 1 is either -256 or 256 (promoted to int or unsigned > int), those high bits get dropped on the assignment to *q anyway, > resulting in the same value there either way. No? You're right on that. Ideally the functions should just take arguments of type unsigned char *, and the crypt/crypt_r wrapper should cast the original char * to unsigned char *. This is the same way all the standard string functions (like strcmp) are required to work. Casting/converting the _value_ after reading it also happens to work, and is sufficient for musl's purposes (we assume, per POSIX, that CHAR_BIT is 8, but also that signed types are twos complement), but only reinterpreting by casting the pointer before reading it is 100% portable. On a non-twos-complement machine, reading a signed char is lossy (it can only obtain 255 possible values, not 256). Rich