crypto routines: Hint minimum buffer sizes to the compiler

Use the C99 'static' keyword to hint to the compiler IVs and output digest sizes. The keyword informs the compiler of the minimum valid size for a given array. Obviously not every pointer can be validated (i.e., the compiler can produce false negative but not false positive reports). No functional change. No ABI change. Sponsored by: EMC / Isilon Storage Division
author: Conrad Meyer <cem@FreeBSD.org> 2016-05-26 19:29:29 +0000
committer: Sebastian Huber <sebastian.huber@embedded-brains.de> 2022-09-08 16:14:56 +0200
commit: 3a22e5d30f49090d95ebff0e157b19522a38be35 (patch)
tree: 8d76d7e97bfdb251821e89688794391ede575b16
parent: Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c (diff)
download: rtems-3a22e5d30f49090d95ebff0e157b19522a38be35.tar.bz2
5 files changed, 10 insertions, 9 deletions
diff --git a/cpukit/include/sha256.h b/cpukit/include/sha256.h
index 9deed91255..4fe35935c0 100644
--- a/cpukit/include/sha256.h
+++ b/cpukit/include/sha256.h
@@ -47,7 +47,7 @@ __BEGIN_DECLS
 
 void	SHA256_Init(SHA256_CTX *);
 void	SHA256_Update(SHA256_CTX *, const void *, size_t);
-void	SHA256_Final(unsigned char [SHA256_DIGEST_LENGTH], SHA256_CTX *);
+void	SHA256_Final(unsigned char [static SHA256_DIGEST_LENGTH], SHA256_CTX *);
 #ifndef _KERNEL
 char   *SHA256_End(SHA256_CTX *, char *);
 char   *SHA256_Data(const void *, unsigned int, char *);
diff --git a/cpukit/include/sha384.h b/cpukit/include/sha384.h
index 2035d6ff54..52f69efc95 100644
--- a/cpukit/include/sha384.h
+++ b/cpukit/include/sha384.h
@@ -47,7 +47,7 @@ __BEGIN_DECLS
 
 void	SHA384_Init(SHA384_CTX *);
 void	SHA384_Update(SHA384_CTX *, const void *, size_t);
-void	SHA384_Final(unsigned char [SHA384_DIGEST_LENGTH], SHA384_CTX *);
+void	SHA384_Final(unsigned char [static SHA384_DIGEST_LENGTH], SHA384_CTX *);
 #ifndef _KERNEL
 char   *SHA384_End(SHA384_CTX *, char *);
 char   *SHA384_Data(const void *, unsigned int, char *);
diff --git a/cpukit/include/sha512.h b/cpukit/include/sha512.h
index 1964562160..de7d19abb3 100644
--- a/cpukit/include/sha512.h
+++ b/cpukit/include/sha512.h
@@ -47,7 +47,7 @@ __BEGIN_DECLS
 
 void	SHA512_Init(SHA512_CTX *);
 void	SHA512_Update(SHA512_CTX *, const void *, size_t);
-void	SHA512_Final(unsigned char [SHA512_DIGEST_LENGTH], SHA512_CTX *);
+void	SHA512_Final(unsigned char [static SHA512_DIGEST_LENGTH], SHA512_CTX *);
 #ifndef _KERNEL
 char   *SHA512_End(SHA512_CTX *, char *);
 char   *SHA512_Data(const void *, unsigned int, char *);
diff --git a/cpukit/libmd/sha256c.c b/cpukit/libmd/sha256c.c
index 4c0371dda7..f5a453e43b 100644
--- a/cpukit/libmd/sha256c.c
+++ b/cpukit/libmd/sha256c.c
@@ -283,7 +283,7 @@ SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len)
  * and clears the context state.
  */
 void
-SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
+SHA256_Final(unsigned char digest[static SHA256_DIGEST_LENGTH], SHA256_CTX *ctx)
 {
 
 	/* Add padding */
@@ -291,7 +291,8 @@ SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
 
 	/* Write the hash */
 	be32enc_vect(digest, ctx->state, 32);
+	be32enc_vect(digest, ctx->state, SHA256_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset((void *)ctx, 0, sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 }
diff --git a/cpukit/libmd/sha512c.c b/cpukit/libmd/sha512c.c
index 7d0e875550..a93d8a44d8 100644
--- a/cpukit/libmd/sha512c.c
+++ b/cpukit/libmd/sha512c.c
@@ -307,7 +307,7 @@ SHA512_Update(SHA512_CTX * ctx, const void *in, size_t len)
  * and clears the context state.
  */
 void
-SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx)
+SHA512_Final(unsigned char digest[static SHA512_DIGEST_LENGTH], SHA512_CTX *ctx)
 {
 
 	/* Add padding */
@@ -317,7 +317,7 @@ SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx)
 	be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset((void *)ctx, 0, sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 }
 
 /*** SHA-384: *********************************************************/
@@ -357,7 +357,7 @@ SHA384_Update(SHA384_CTX * ctx, const void *in, size_t len)
  * and clears the context state.
  */
 void
-SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx)
+SHA384_Final(unsigned char digest[static SHA384_DIGEST_LENGTH], SHA384_CTX *ctx)
 {
 
 	/* Add padding */
@@ -367,5 +367,5 @@ SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx)
 	be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH);
 
 	/* Clear the context state */
-	memset((void *)ctx, 0, sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
 }
author	Conrad Meyer <cem@FreeBSD.org>	2016-05-26 19:29:29 +0000
committer	Sebastian Huber <sebastian.huber@embedded-brains.de>	2022-09-08 16:14:56 +0200
commit	3a22e5d30f49090d95ebff0e157b19522a38be35 (patch)
tree	8d76d7e97bfdb251821e89688794391ede575b16
parent	Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c (diff)
download	rtems-3a22e5d30f49090d95ebff0e157b19522a38be35.tar.bz2