Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 10 May 2013 19:58:54 +0400
From: Alexander Cherepanov <>
Subject: Re: Core: undefined behavior in DES_std.c and MD5_std.c

On 2013-05-08 07:41, Solar Designer wrote:
>> Is it really necessary to have ARCH_WORD signed?
> I think there are a few places that require a signed type like this,
> e.g. DES_bs_cmp_all().

Why is that? Because of unary minus? Then it's the other way around: 
unary minus can overflow for signed integers but cannot for unsigned.

Ok, I've just tried it:

   sed -i 's/long/unsigned long/' x86-64.h
   sed -i 's/unsigned ARCH_WORD/ARCH_WORD/' *
   make linux-x86-64

and john works fine -- at least selftests pass. No visible performance 
gain though.

See also:

> BTW, its "~(ARCH_WORD)0" should probably be
> "~(unsigned ARCH_WORD)0",

Or this: "(unsigned ARCH_WORD)-1".

See, for example, 

> its right shifts could be turned from signed
> (usually arithmetic) to unsigned (logical) ones and the value only then
> cast to a signed type for the negation.

Actually, C standard doesn't guarantee that's signed shift is either 
arithmetic or logical. C11, 6.5.7p5 reads: "The result of E1 >> E2 is E1 
right-shifted E2 bit positions. If E1 has an unsigned type or if E1 has 
a signed type and a nonnegative value, the value of the result is the 
integral part of the quotient of E1 / 2[to the power of]E2 . If E1 has a 
signed type and a negative value, the resulting value is 

This leads to a question about platforms supported by JtR. Is it 
supposed to compile on a non-two's complement platform? On a platform 
with CHAR_BIT != 8 ? Etc.

> All of this is just asking for a rewrite.  Some years ago I actually
> thought of rewriting JtR from scratch, but I never found time.

I suppose that signed-ness of arithmetic is not the only problem?

Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.