[PATCH 02/15] crypto routines: Hint minimum buffer sizes to the compiler
Sebastian Huber
sebastian.huber at embedded-brains.de
Thu Sep 8 13:27:19 UTC 2022
From: Conrad Meyer <cem at FreeBSD.org>
Use the C99 'static' keyword to hint to the compiler IVs and output digest
sizes. The keyword informs the compiler of the minimum valid size for a given
array. Obviously not every pointer can be validated (i.e., the compiler can
produce false negative but not false positive reports).
No functional change. No ABI change.
Sponsored by: EMC / Isilon Storage Division
---
cpukit/include/sha256.h | 2 +-
cpukit/include/sha384.h | 2 +-
cpukit/include/sha512.h | 2 +-
cpukit/libmd/sha256c.c | 5 +++--
cpukit/libmd/sha512c.c | 8 ++++----
5 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/cpukit/include/sha256.h b/cpukit/include/sha256.h
index 9deed91255..4fe35935c0 100644
--- a/cpukit/include/sha256.h
+++ b/cpukit/include/sha256.h
@@ -47,7 +47,7 @@ __BEGIN_DECLS
void SHA256_Init(SHA256_CTX *);
void SHA256_Update(SHA256_CTX *, const void *, size_t);
-void SHA256_Final(unsigned char [SHA256_DIGEST_LENGTH], SHA256_CTX *);
+void SHA256_Final(unsigned char [static SHA256_DIGEST_LENGTH], SHA256_CTX *);
#ifndef _KERNEL
char *SHA256_End(SHA256_CTX *, char *);
char *SHA256_Data(const void *, unsigned int, char *);
diff --git a/cpukit/include/sha384.h b/cpukit/include/sha384.h
index 2035d6ff54..52f69efc95 100644
--- a/cpukit/include/sha384.h
+++ b/cpukit/include/sha384.h
@@ -47,7 +47,7 @@ __BEGIN_DECLS
void SHA384_Init(SHA384_CTX *);
void SHA384_Update(SHA384_CTX *, const void *, size_t);
-void SHA384_Final(unsigned char [SHA384_DIGEST_LENGTH], SHA384_CTX *);
+void SHA384_Final(unsigned char [static SHA384_DIGEST_LENGTH], SHA384_CTX *);
#ifndef _KERNEL
char *SHA384_End(SHA384_CTX *, char *);
char *SHA384_Data(const void *, unsigned int, char *);
diff --git a/cpukit/include/sha512.h b/cpukit/include/sha512.h
index 1964562160..de7d19abb3 100644
--- a/cpukit/include/sha512.h
+++ b/cpukit/include/sha512.h
@@ -47,7 +47,7 @@ __BEGIN_DECLS
void SHA512_Init(SHA512_CTX *);
void SHA512_Update(SHA512_CTX *, const void *, size_t);
-void SHA512_Final(unsigned char [SHA512_DIGEST_LENGTH], SHA512_CTX *);
+void SHA512_Final(unsigned char [static SHA512_DIGEST_LENGTH], SHA512_CTX *);
#ifndef _KERNEL
char *SHA512_End(SHA512_CTX *, char *);
char *SHA512_Data(const void *, unsigned int, char *);
diff --git a/cpukit/libmd/sha256c.c b/cpukit/libmd/sha256c.c
index 4c0371dda7..f5a453e43b 100644
--- a/cpukit/libmd/sha256c.c
+++ b/cpukit/libmd/sha256c.c
@@ -283,7 +283,7 @@ SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len)
* and clears the context state.
*/
void
-SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
+SHA256_Final(unsigned char digest[static SHA256_DIGEST_LENGTH], SHA256_CTX *ctx)
{
/* Add padding */
@@ -291,7 +291,8 @@ SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
/* Write the hash */
be32enc_vect(digest, ctx->state, 32);
+ be32enc_vect(digest, ctx->state, SHA256_DIGEST_LENGTH);
/* Clear the context state */
- memset((void *)ctx, 0, sizeof(*ctx));
+ memset(ctx, 0, sizeof(*ctx));
}
diff --git a/cpukit/libmd/sha512c.c b/cpukit/libmd/sha512c.c
index 7d0e875550..a93d8a44d8 100644
--- a/cpukit/libmd/sha512c.c
+++ b/cpukit/libmd/sha512c.c
@@ -307,7 +307,7 @@ SHA512_Update(SHA512_CTX * ctx, const void *in, size_t len)
* and clears the context state.
*/
void
-SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx)
+SHA512_Final(unsigned char digest[static SHA512_DIGEST_LENGTH], SHA512_CTX *ctx)
{
/* Add padding */
@@ -317,7 +317,7 @@ SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx)
be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH);
/* Clear the context state */
- memset((void *)ctx, 0, sizeof(*ctx));
+ memset(ctx, 0, sizeof(*ctx));
}
/*** SHA-384: *********************************************************/
@@ -357,7 +357,7 @@ SHA384_Update(SHA384_CTX * ctx, const void *in, size_t len)
* and clears the context state.
*/
void
-SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx)
+SHA384_Final(unsigned char digest[static SHA384_DIGEST_LENGTH], SHA384_CTX *ctx)
{
/* Add padding */
@@ -367,5 +367,5 @@ SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx)
be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH);
/* Clear the context state */
- memset((void *)ctx, 0, sizeof(*ctx));
+ memset(ctx, 0, sizeof(*ctx));
}
--
2.35.3
More information about the devel
mailing list