Remove support for static buffers in HMAC/digests

HMAC() and the one-step digests used to support passing a NULL buffer and would return the digest in a static buffer. This design is firmly from the nineties, not thread safe and it saves callers a single line. The few ports that used to rely this were fixed with patches sent to non-hostile (and non-dead) upstreams. It's early enough in the release cycle that remaining uses hidden from the compiler should be caught, at least the ones that matter. There won't be that many since BoringSSL removed this feature in 2017. https://boringssl-review.googlesource.com/14528 Add non-null attributes to the headers and add a few missing bounded attributes. ok beck jsing
author: tb <> 2024-06-01 07:36:17 +0000
committer: tb <> 2024-06-01 07:36:17 +0000
commit: f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4 (patch)
tree: d92a9fa364845580193b9ab3f5f391408342fa26
parent: aee2754cfbb89d3dff4c3a521fb027d0c6967bc9 (diff)
download: openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.gz
openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.bz2
openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.zip
14 files changed, 35 insertions, 55 deletions
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index 7c882ba15b..1315b1a0d2 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.c,v 1.34 2024/03/30 10:10:58 tb Exp $ */
+/* $OpenBSD: hmac.c,v 1.35 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -263,11 +263,8 @@ HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d,
    size_t n, unsigned char *md, unsigned int *md_len)
 {
        HMAC_CTX c;
-        static unsigned char m[EVP_MAX_MD_SIZE];
        const unsigned char dummy_key[1] = { 0 };
-        if (md == NULL)
-                md = m;
        if (key == NULL) {
                key = dummy_key;
                key_len = 0;
diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h
index 1ce365294c..abdd19450e 100644
--- a/src/lib/libcrypto/hmac/hmac.h
+++ b/src/lib/libcrypto/hmac/hmac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.h,v 1.17 2023/04/25 15:48:48 tb Exp $ */
+/* $OpenBSD: hmac.h,v 1.18 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -85,7 +85,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md,
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-    const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len);
+    const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len)
+    __attribute__((__nonnull__ (6)));
 int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
diff --git a/src/lib/libcrypto/md4/md4.c b/src/lib/libcrypto/md4/md4.c
index 42c5b21428..9cf1ff9532 100644
--- a/src/lib/libcrypto/md4/md4.c
+++ b/src/lib/libcrypto/md4/md4.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: md4.c,v 1.17 2024/03/28 08:00:07 jsing Exp $ */
+/* $OpenBSD: md4.c,v 1.18 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -336,10 +336,7 @@ unsigned char *
 MD4(const unsigned char *d, size_t n, unsigned char *md)
 {
        MD4_CTX c;
-        static unsigned char m[MD4_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
        if (!MD4_Init(&c))
                return NULL;
        MD4_Update(&c, d, n);
diff --git a/src/lib/libcrypto/md4/md4.h b/src/lib/libcrypto/md4/md4.h
index cb4f3cb6e9..bf4313b345 100644
--- a/src/lib/libcrypto/md4/md4.h
+++ b/src/lib/libcrypto/md4/md4.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md4.h,v 1.17 2023/07/08 06:47:26 jsing Exp $ */
+/* $OpenBSD: md4.h,v 1.18 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -92,8 +92,11 @@ typedef struct MD4state_st {
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
+    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int MD4_Final(unsigned char *md, MD4_CTX *c);
 unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
+    __attribute__ ((__nonnull__(3)))
+    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 void MD4_Transform(MD4_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/md5/md5.c b/src/lib/libcrypto/md5/md5.c
index 35d1ac9144..744c66f005 100644
--- a/src/lib/libcrypto/md5/md5.c
+++ b/src/lib/libcrypto/md5/md5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: md5.c,v 1.22 2024/03/28 08:00:08 jsing Exp $ */
+/* $OpenBSD: md5.c,v 1.23 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -371,10 +371,7 @@ unsigned char *
 MD5(const unsigned char *d, size_t n, unsigned char *md)
 {
        MD5_CTX c;
-        static unsigned char m[MD5_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
        if (!MD5_Init(&c))
                return NULL;
        MD5_Update(&c, d, n);
diff --git a/src/lib/libcrypto/md5/md5.h b/src/lib/libcrypto/md5/md5.h
index d248c93a85..9191ff2131 100644
--- a/src/lib/libcrypto/md5/md5.h
+++ b/src/lib/libcrypto/md5/md5.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md5.h,v 1.21 2023/07/08 06:50:38 jsing Exp $ */
+/* $OpenBSD: md5.h,v 1.22 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -98,6 +98,7 @@ int MD5_Update(MD5_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int MD5_Final(unsigned char *md, MD5_CTX *c);
 unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 void MD5_Transform(MD5_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
diff --git a/src/lib/libcrypto/ripemd/ripemd.c b/src/lib/libcrypto/ripemd/ripemd.c
index b2d798c495..08fa208dcc 100644
--- a/src/lib/libcrypto/ripemd/ripemd.c
+++ b/src/lib/libcrypto/ripemd/ripemd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ripemd.c,v 1.18 2024/03/28 23:54:15 joshua Exp $ */
+/* $OpenBSD: ripemd.c,v 1.19 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -483,14 +483,10 @@ RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c)
 LCRYPTO_ALIAS(RIPEMD160_Final);
 unsigned char *
-RIPEMD160(const unsigned char *d, size_t n,
+RIPEMD160(const unsigned char *d, size_t n, unsigned char *md)
-    unsigned char *md)
 {
        RIPEMD160_CTX c;
-        static unsigned char m[RIPEMD160_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
        if (!RIPEMD160_Init(&c))
                return NULL;
        RIPEMD160_Update(&c, d, n);
diff --git a/src/lib/libcrypto/ripemd/ripemd.h b/src/lib/libcrypto/ripemd/ripemd.h
index 03ba781c4f..5925083c0c 100644
--- a/src/lib/libcrypto/ripemd/ripemd.h
+++ b/src/lib/libcrypto/ripemd/ripemd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ripemd.h,v 1.15 2023/07/08 06:52:56 jsing Exp $ */
+/* $OpenBSD: ripemd.h,v 1.16 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -93,9 +93,12 @@ typedef struct RIPEMD160state_st {
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
+    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
 unsigned char *RIPEMD160(const unsigned char *d, size_t n,
-    unsigned char *md);
+    unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
+    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h
index e1de79f4f4..f87203d912 100644
--- a/src/lib/libcrypto/sha/sha.h
+++ b/src/lib/libcrypto/sha/sha.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha.h,v 1.22 2023/07/08 07:08:11 jsing Exp $ */
+/* $OpenBSD: sha.h,v 1.23 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -102,6 +102,7 @@ int SHA1_Update(SHA_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int SHA1_Final(unsigned char *md, SHA_CTX *c);
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
@@ -125,12 +126,14 @@ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 int SHA256_Init(SHA256_CTX *c);
 int SHA256_Update(SHA256_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int SHA256_Final(unsigned char *md, SHA256_CTX *c);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
 #endif
@@ -172,12 +175,14 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
 unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 int SHA512_Init(SHA512_CTX *c);
 int SHA512_Update(SHA512_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int SHA512_Final(unsigned char *md, SHA512_CTX *c);
 unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
 #endif
diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c
index 32007d5d52..52338812db 100644
--- a/src/lib/libcrypto/sha/sha1.c
+++ b/src/lib/libcrypto/sha/sha1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha1.c,v 1.14 2024/03/28 07:06:12 jsing Exp $ */
+/* $OpenBSD: sha1.c,v 1.15 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -496,10 +496,6 @@ unsigned char *
 SHA1(const unsigned char *d, size_t n, unsigned char *md)
 {
        SHA_CTX c;
-        static unsigned char m[SHA_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
        if (!SHA1_Init(&c))
                return NULL;
diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
index d18e8d219d..ab00c17878 100644
--- a/src/lib/libcrypto/sha/sha256.c
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha256.c,v 1.31 2024/03/28 04:23:02 jsing Exp $ */
+/* $OpenBSD: sha256.c,v 1.32 2024/06/01 07:36:16 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -317,10 +317,6 @@ unsigned char *
 SHA224(const unsigned char *d, size_t n, unsigned char *md)
 {
        SHA256_CTX c;
-        static unsigned char m[SHA224_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
        SHA224_Init(&c);
        SHA256_Update(&c, d, n);
@@ -479,10 +475,6 @@ unsigned char *
 SHA256(const unsigned char *d, size_t n, unsigned char *md)
 {
        SHA256_CTX c;
-        static unsigned char m[SHA256_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
        SHA256_Init(&c);
        SHA256_Update(&c, d, n);
diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c
index 360a5c29fb..7a2a40d3df 100644
--- a/src/lib/libcrypto/sha/sha512.c
+++ b/src/lib/libcrypto/sha/sha512.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha512.c,v 1.41 2023/07/08 12:24:10 beck Exp $ */
+/* $OpenBSD: sha512.c,v 1.42 2024/06/01 07:36:16 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
@@ -345,10 +345,6 @@ unsigned char *
 SHA384(const unsigned char *d, size_t n, unsigned char *md)
 {
        SHA512_CTX c;
-        static unsigned char m[SHA384_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
        SHA384_Init(&c);
        SHA512_Update(&c, d, n);
@@ -498,10 +494,6 @@ unsigned char *
 SHA512(const unsigned char *d, size_t n, unsigned char *md)
 {
        SHA512_CTX c;
-        static unsigned char m[SHA512_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
        SHA512_Init(&c);
        SHA512_Update(&c, d, n);
diff --git a/src/lib/libcrypto/whrlpool/whirlpool.c b/src/lib/libcrypto/whrlpool/whirlpool.c
index e1e0f7a899..80e147c3b5 100644
--- a/src/lib/libcrypto/whrlpool/whirlpool.c
+++ b/src/lib/libcrypto/whrlpool/whirlpool.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: whirlpool.c,v 1.2 2024/03/30 03:45:47 joshua Exp $ */
+/* $OpenBSD: whirlpool.c,v 1.3 2024/06/01 07:36:17 tb Exp $ */
 /**
 * The Whirlpool hashing function.
 *
@@ -846,10 +846,7 @@ unsigned char *
 WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
 {
        WHIRLPOOL_CTX ctx;
-        static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
        WHIRLPOOL_Init(&ctx);
        WHIRLPOOL_Update(&ctx, inp, bytes);
        WHIRLPOOL_Final(md, &ctx);
diff --git a/src/lib/libcrypto/whrlpool/whrlpool.h b/src/lib/libcrypto/whrlpool/whrlpool.h
index 875d34f7d3..1b4fac1993 100644
--- a/src/lib/libcrypto/whrlpool/whrlpool.h
+++ b/src/lib/libcrypto/whrlpool/whrlpool.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: whrlpool.h,v 1.5 2014/07/10 22:45:58 jsing Exp $ */
+/* $OpenBSD: whrlpool.h,v 1.6 2024/06/01 07:36:17 tb Exp $ */
 #include <stddef.h>
@@ -28,10 +28,13 @@ typedef struct	{
 #ifndef OPENSSL_NO_WHIRLPOOL
 int WHIRLPOOL_Init      (WHIRLPOOL_CTX *c);
-int WHIRLPOOL_Update    (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
+int WHIRLPOOL_Update    (WHIRLPOOL_CTX *c,const void *inp,size_t bytes)
+    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);
 int WHIRLPOOL_Final     (unsigned char *md,WHIRLPOOL_CTX *c);
-unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md);
+unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
+    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 #endif
 #ifdef __cplusplus
author	tb <>	2024-06-01 07:36:17 +0000
committer	tb <>	2024-06-01 07:36:17 +0000
commit	f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4 (patch)
tree	d92a9fa364845580193b9ab3f5f391408342fa26
parent	aee2754cfbb89d3dff4c3a521fb027d0c6967bc9 (diff)
download	openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.gz openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.bz2 openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.zip