From 444253bba579f26af746a0fbf42b89b8f44298a0 Mon Sep 17 00:00:00 2001 From: cem Date: Thu, 26 May 2016 19:29:29 +0000 Subject: crypto routines: Hint minimum buffer sizes to the compiler Use the C99 'static' keyword to hint to the compiler IVs and output digest sizes. The keyword informs the compiler of the minimum valid size for a given array. Obviously not every pointer can be validated (i.e., the compiler can produce false negative but not false positive reports). No functional change. No ABI change. Sponsored by: EMC / Isilon Storage Division --- sys/crypto/sha2/sha256.h | 2 +- sys/crypto/sha2/sha256c.c | 6 +++--- sys/crypto/sha2/sha384.h | 2 +- sys/crypto/sha2/sha512.h | 2 +- sys/crypto/sha2/sha512c.c | 8 ++++---- 5 files changed, 10 insertions(+), 10 deletions(-) (limited to 'sys/crypto/sha2') diff --git a/sys/crypto/sha2/sha256.h b/sys/crypto/sha2/sha256.h index 528af1e..17aae7d 100644 --- a/sys/crypto/sha2/sha256.h +++ b/sys/crypto/sha2/sha256.h @@ -78,7 +78,7 @@ __BEGIN_DECLS void SHA256_Init(SHA256_CTX *); void SHA256_Update(SHA256_CTX *, const void *, size_t); -void SHA256_Final(unsigned char [SHA256_DIGEST_LENGTH], SHA256_CTX *); +void SHA256_Final(unsigned char [static SHA256_DIGEST_LENGTH], SHA256_CTX *); #ifndef _KERNEL char *SHA256_End(SHA256_CTX *, char *); char *SHA256_Data(const void *, unsigned int, char *); diff --git a/sys/crypto/sha2/sha256c.c b/sys/crypto/sha2/sha256c.c index da9b02c..79ed61d 100644 --- a/sys/crypto/sha2/sha256c.c +++ b/sys/crypto/sha2/sha256c.c @@ -287,17 +287,17 @@ SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len) * and clears the context state. */ void -SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx) +SHA256_Final(unsigned char digest[static SHA256_DIGEST_LENGTH], SHA256_CTX *ctx) { /* Add padding */ SHA256_Pad(ctx); /* Write the hash */ - be32enc_vect(digest, ctx->state, 32); + be32enc_vect(digest, ctx->state, SHA256_DIGEST_LENGTH); /* Clear the context state */ - memset((void *)ctx, 0, sizeof(*ctx)); + memset(ctx, 0, sizeof(*ctx)); } #ifdef WEAK_REFS diff --git a/sys/crypto/sha2/sha384.h b/sys/crypto/sha2/sha384.h index ae63ba9..63dd948 100644 --- a/sys/crypto/sha2/sha384.h +++ b/sys/crypto/sha2/sha384.h @@ -74,7 +74,7 @@ __BEGIN_DECLS void SHA384_Init(SHA384_CTX *); void SHA384_Update(SHA384_CTX *, const void *, size_t); -void SHA384_Final(unsigned char [SHA384_DIGEST_LENGTH], SHA384_CTX *); +void SHA384_Final(unsigned char [static SHA384_DIGEST_LENGTH], SHA384_CTX *); #ifndef _KERNEL char *SHA384_End(SHA384_CTX *, char *); char *SHA384_Data(const void *, unsigned int, char *); diff --git a/sys/crypto/sha2/sha512.h b/sys/crypto/sha2/sha512.h index da0a018..b008aea 100644 --- a/sys/crypto/sha2/sha512.h +++ b/sys/crypto/sha2/sha512.h @@ -77,7 +77,7 @@ __BEGIN_DECLS void SHA512_Init(SHA512_CTX *); void SHA512_Update(SHA512_CTX *, const void *, size_t); -void SHA512_Final(unsigned char [SHA512_DIGEST_LENGTH], SHA512_CTX *); +void SHA512_Final(unsigned char [static SHA512_DIGEST_LENGTH], SHA512_CTX *); #ifndef _KERNEL char *SHA512_End(SHA512_CTX *, char *); char *SHA512_Data(const void *, unsigned int, char *); diff --git a/sys/crypto/sha2/sha512c.c b/sys/crypto/sha2/sha512c.c index 42ad058..5c107ea 100644 --- a/sys/crypto/sha2/sha512c.c +++ b/sys/crypto/sha2/sha512c.c @@ -311,7 +311,7 @@ SHA512_Update(SHA512_CTX * ctx, const void *in, size_t len) * and clears the context state. */ void -SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx) +SHA512_Final(unsigned char digest[static SHA512_DIGEST_LENGTH], SHA512_CTX *ctx) { /* Add padding */ @@ -321,7 +321,7 @@ SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx) be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH); /* Clear the context state */ - memset((void *)ctx, 0, sizeof(*ctx)); + memset(ctx, 0, sizeof(*ctx)); } /*** SHA-384: *********************************************************/ @@ -361,7 +361,7 @@ SHA384_Update(SHA384_CTX * ctx, const void *in, size_t len) * and clears the context state. */ void -SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx) +SHA384_Final(unsigned char digest[static SHA384_DIGEST_LENGTH], SHA384_CTX *ctx) { /* Add padding */ @@ -371,7 +371,7 @@ SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx) be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH); /* Clear the context state */ - memset((void *)ctx, 0, sizeof(*ctx)); + memset(ctx, 0, sizeof(*ctx)); } #ifdef WEAK_REFS -- cgit v1.1