[rtems commit] crypto routines: Hint minimum buffer sizes to the compiler

Fri Sep 9 04:43:20 UTC 2022

Module:    rtems
Branch:    master
Commit:    3a22e5d30f49090d95ebff0e157b19522a38be35
Changeset: http://git.rtems.org/rtems/commit/?id=3a22e5d30f49090d95ebff0e157b19522a38be35

Author:    Conrad Meyer <cem at FreeBSD.org>
Date:      Thu May 26 19:29:29 2016 +0000

crypto routines: Hint minimum buffer sizes to the compiler

Use the C99 'static' keyword to hint to the compiler IVs and output digest
sizes.  The keyword informs the compiler of the minimum valid size for a given
array.  Obviously not every pointer can be validated (i.e., the compiler can
produce false negative but not false positive reports).

No functional change.  No ABI change.

Sponsored by:	EMC / Isilon Storage Division

---

 cpukit/include/sha256.h | 2 +-
 cpukit/include/sha384.h | 2 +-
 cpukit/include/sha512.h | 2 +-
 cpukit/libmd/sha256c.c  | 5 +++--
 cpukit/libmd/sha512c.c  | 8 ++++----
 5 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/cpukit/include/sha256.h b/cpukit/include/sha256.h
index 9deed91255..4fe35935c0 100644
--- a/cpukit/include/sha256.h
+++ b/cpukit/include/sha256.h
@@ -47,7 +47,7 @@ __BEGIN_DECLS
 
 void	SHA256_Init(SHA256_CTX *);
 void	SHA256_Update(SHA256_CTX *, const void *, size_t);
-void	SHA256_Final(unsigned char [SHA256_DIGEST_LENGTH], SHA256_CTX *);
+void	SHA256_Final(unsigned char [static SHA256_DIGEST_LENGTH], SHA256_CTX *);
 #ifndef _KERNEL
 char   *SHA256_End(SHA256_CTX *, char *);
 char   *SHA256_Data(const void *, unsigned int, char *);
diff --git a/cpukit/include/sha384.h b/cpukit/include/sha384.h
index 2035d6ff54..52f69efc95 100644
--- a/cpukit/include/sha384.h
+++ b/cpukit/include/sha384.h
@@ -47,7 +47,7 @@ __BEGIN_DECLS
 
 void	SHA384_Init(SHA384_CTX *);
 void	SHA384_Update(SHA384_CTX *, const void *, size_t);
-void	SHA384_Final(unsigned char [SHA384_DIGEST_LENGTH], SHA384_CTX *);
+void	SHA384_Final(unsigned char [static SHA384_DIGEST_LENGTH], SHA384_CTX *);
 #ifndef _KERNEL
 char   *SHA384_End(SHA384_CTX *, char *);
 char   *SHA384_Data(const void *, unsigned int, char *);
diff --git a/cpukit/include/sha512.h b/cpukit/include/sha512.h
index 1964562160..de7d19abb3 100644
--- a/cpukit/include/sha512.h
+++ b/cpukit/include/sha512.h
@@ -47,7 +47,7 @@ __BEGIN_DECLS
 
 void	SHA512_Init(SHA512_CTX *);
 void	SHA512_Update(SHA512_CTX *, const void *, size_t);
-void	SHA512_Final(unsigned char [SHA512_DIGEST_LENGTH], SHA512_CTX *);
+void	SHA512_Final(unsigned char [static SHA512_DIGEST_LENGTH], SHA512_CTX *);
 #ifndef _KERNEL
 char   *SHA512_End(SHA512_CTX *, char *);
 char   *SHA512_Data(const void *, unsigned int, char *);
diff --git a/cpukit/libmd/sha256c.c b/cpukit/libmd/sha256c.c
index 4c0371dda7..f5a453e43b 100644
--- a/cpukit/libmd/sha256c.c
+++ b/cpukit/libmd/sha256c.c
@@ -283,7 +283,7 @@ SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len)
  * and clears the context state.
  */
 void
-SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
+SHA256_Final(unsigned char digest[static SHA256_DIGEST_LENGTH], SHA256_CTX *ctx)
 {
 
 	/* Add padding */
@@ -291,7 +291,8 @@ SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
 
 	/* Write the hash */
 	be32enc_vect(digest, ctx->state, 32);
+	be32enc_vect(digest, ctx->state, SHA256_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset((void *)ctx, 0, sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 }
diff --git a/cpukit/libmd/sha512c.c b/cpukit/libmd/sha512c.c
index 7d0e875550..a93d8a44d8 100644
--- a/cpukit/libmd/sha512c.c
+++ b/cpukit/libmd/sha512c.c
@@ -307,7 +307,7 @@ SHA512_Update(SHA512_CTX * ctx, const void *in, size_t len)
  * and clears the context state.
  */
 void
-SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx)
+SHA512_Final(unsigned char digest[static SHA512_DIGEST_LENGTH], SHA512_CTX *ctx)
 {
 
 	/* Add padding */
@@ -317,7 +317,7 @@ SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx)
 	be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset((void *)ctx, 0, sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 }
 
 /*** SHA-384: *********************************************************/
@@ -357,7 +357,7 @@ SHA384_Update(SHA384_CTX * ctx, const void *in, size_t len)
  * and clears the context state.
  */
 void
-SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx)
+SHA384_Final(unsigned char digest[static SHA384_DIGEST_LENGTH], SHA384_CTX *ctx)
 {
 
 	/* Add padding */
@@ -367,5 +367,5 @@ SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx)
 	be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset((void *)ctx, 0, sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 }

