modes/ctr128.c: fix false carry in counter increment procedure.

GH issue #1916 affects only big-endian platforms. TLS is not affected, because TLS fragment is never big enough. Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit 76f572ed0469a277d92378848250b7a9705d3071)
author: Andy Polyakov <appro@openssl.org> 2016-11-20 23:38:12 +0100
committer: Andy Polyakov <appro@openssl.org> 2016-11-25 17:25:05 +0100
commit: edfca4e3daab653ec6db79ef1b01762db7ba1a52 (patch)
tree: 29acd619b5727b995e9e28a3b69135397928c19c
parent: ca88f01d6c84cff55032b0a39a2d128b266b6b7c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c
index bcafd6b6bf..d4b22728e6 100644
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@@ -100,7 +100,7 @@ static void ctr128_inc_aligned(unsigned char *counter)
         --n;
         d = data[n] += c;
         /* did addition carry? */
-        c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
+        c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);
     } while (n);
 }
 #endif
author	Andy Polyakov <appro@openssl.org>	2016-11-20 23:38:12 +0100
committer	Andy Polyakov <appro@openssl.org>	2016-11-25 17:25:05 +0100
commit	edfca4e3daab653ec6db79ef1b01762db7ba1a52 (patch)
tree	29acd619b5727b995e9e28a3b69135397928c19c
parent	ca88f01d6c84cff55032b0a39a2d128b266b6b7c (diff)