Fixed bad bit shift and sign extension errors

4 files changed, 34 insertions, 10 deletions

diff --git a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
index 776201112..ef0a2bd01 100644
--- a/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
+++ b/src/libstrongswan/crypto/mgf1/mgf1_bitspender.c
@@ -79,13 +79,19 @@ METHOD(mgf1_bitspender_t, get_bits, bool,
 	private_mgf1_bitspender_t *this, int bits_needed, uint32_t *bits)
 {
 	int bits_now;
-	
+
+	*bits = 0x00000000;
+
+	if (bits_needed == 0)
+	{
+		/* trivial */
+		return TRUE;
+	}
 	if (bits_needed > 32)
 	{
 		/* too many bits requested */
 		return FALSE;
 	}
-	*bits = 0x00000000;
 
 	while (bits_needed)
 	{
@@ -113,17 +119,25 @@ METHOD(mgf1_bitspender_t, get_bits, bool,
 			bits_now = this->bits_left;
 			this->bits_left = 0;
 			bits_needed -= bits_now;
-			*bits <<= bits_now;
-			*bits |= this->bits;
 		}
 		else
 		{
 			bits_now = bits_needed;
 			this->bits_left -= bits_needed;
 			bits_needed = 0;
+		}
+		if (bits_now == 32)
+		{
+			*bits = this->bits;
+		}
+		else
+		{
 			*bits <<= bits_now;
 			*bits |= this->bits >> this->bits_left;
-			this->bits &= 0xffffffff >> (32 - this->bits_left);
+			if (this->bits_left)
+			{
+				this->bits &= 0xffffffff >> (32 - this->bits_left);
+			}
 		}
 	}
 	return TRUE;
@@ -151,7 +165,7 @@ METHOD(mgf1_bitspender_t, get_byte, bool,
 	}
 	*byte = this->bytes[4 - this->bytes_left--];
 
-	return TRUE;				
+	return TRUE;
 }
 
 METHOD(mgf1_bitspender_t, destroy, void,
diff --git a/src/libstrongswan/plugins/bliss/bliss_bitpacker.c b/src/libstrongswan/plugins/bliss/bliss_bitpacker.c
index 295c5a219..4d8446119 100644
--- a/src/libstrongswan/plugins/bliss/bliss_bitpacker.c
+++ b/src/libstrongswan/plugins/bliss/bliss_bitpacker.c
@@ -62,12 +62,19 @@ METHOD(bliss_bitpacker_t, get_bits, size_t,
 METHOD(bliss_bitpacker_t, write_bits, bool,
 	private_bliss_bitpacker_t *this, uint32_t value, size_t bits)
 {
+	if (bits == 0)
+	{
+		return TRUE;
+	}
 	if (bits > 32)
 	{
 		return FALSE;
 	}
+	if (bits < 32)
+	{
+		value &= (1 << bits) - 1;
+	}
 	this->bits += bits;
-	value &= (1 << bits) - 1;
 
 	while (TRUE)
 	{
@@ -152,7 +159,7 @@ METHOD(bliss_bitpacker_t, destroy, void,
 /**
  * See header.
  */
-bliss_bitpacker_t *bliss_bitpacker_create(size_t max_bits)
+bliss_bitpacker_t *bliss_bitpacker_create(uint16_t max_bits)
 {
 	private_bliss_bitpacker_t *this;
 
diff --git a/src/libstrongswan/plugins/bliss/bliss_bitpacker.h b/src/libstrongswan/plugins/bliss/bliss_bitpacker.h
index 52f6c8af0..2fe6cba1c 100644
--- a/src/libstrongswan/plugins/bliss/bliss_bitpacker.h
+++ b/src/libstrongswan/plugins/bliss/bliss_bitpacker.h
@@ -73,7 +73,7 @@ struct bliss_bitpacker_t {
  *
  * @param max_bits		Total number of bits to be stored
  */
-bliss_bitpacker_t* bliss_bitpacker_create(size_t max_bits);
+bliss_bitpacker_t* bliss_bitpacker_create(uint16_t max_bits);
 
 /**
  * Create a bliss_bitpacker_t object for reading
diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c
index f97d0f3f7..912ec3de5 100644
--- a/src/libstrongswan/plugins/bliss/bliss_public_key.c
+++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c
@@ -391,12 +391,15 @@ bool bliss_public_key_from_asn1(chunk_t object, bliss_param_set_t *set,
 {
 	bliss_bitpacker_t *packer;
 	uint32_t coefficient;
+	uint16_t needed_bits;
 	int i;
 
 	/* skip initial bit string octet defining unused bits */
 	object = chunk_skip(object, 1);
 
-	if (8 * object.len < set->n * set->q_bits)
+	needed_bits = set->n * set->q_bits;
+
+	if (8 * object.len < needed_bits)
 	{
 		return FALSE;
 	}