Remove support for static buffers in HMAC/digests

HMAC() and the one-step digests used to support passing a NULL buffer and would return the digest in a static buffer. This design is firmly from the nineties, not thread safe and it saves callers a single line. The few ports that used to rely this were fixed with patches sent to non-hostile (and non-dead) upstreams. It's early enough in the release cycle that remaining uses hidden from the compiler should be caught, at least the ones that matter. There won't be that many since BoringSSL removed this feature in 2017. https://boringssl-review.googlesource.com/14528 Add non-null attributes to the headers and add a few missing bounded attributes. ok beck jsing
author: tb <> 2024-06-01 07:36:17 +0000
committer: tb <> 2024-06-01 07:36:17 +0000
commit: f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4 (patch)
tree: d92a9fa364845580193b9ab3f5f391408342fa26 /src/lib/libcrypto/ripemd
parent: aee2754cfbb89d3dff4c3a521fb027d0c6967bc9 (diff)
download: openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.gz
openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.bz2
openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.zip
2 files changed, 7 insertions, 8 deletions
diff --git a/src/lib/libcrypto/ripemd/ripemd.c b/src/lib/libcrypto/ripemd/ripemd.c
index b2d798c495..08fa208dcc 100644
--- a/src/lib/libcrypto/ripemd/ripemd.c
+++ b/src/lib/libcrypto/ripemd/ripemd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ripemd.c,v 1.18 2024/03/28 23:54:15 joshua Exp $ */
+/* $OpenBSD: ripemd.c,v 1.19 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -483,14 +483,10 @@ RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c)
 LCRYPTO_ALIAS(RIPEMD160_Final);
 unsigned char *
-RIPEMD160(const unsigned char *d, size_t n,
+RIPEMD160(const unsigned char *d, size_t n, unsigned char *md)
-    unsigned char *md)
 {
        RIPEMD160_CTX c;
-        static unsigned char m[RIPEMD160_DIGEST_LENGTH];
-        if (md == NULL)
-                md = m;
        if (!RIPEMD160_Init(&c))
                return NULL;
        RIPEMD160_Update(&c, d, n);
diff --git a/src/lib/libcrypto/ripemd/ripemd.h b/src/lib/libcrypto/ripemd/ripemd.h
index 03ba781c4f..5925083c0c 100644
--- a/src/lib/libcrypto/ripemd/ripemd.h
+++ b/src/lib/libcrypto/ripemd/ripemd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ripemd.h,v 1.15 2023/07/08 06:52:56 jsing Exp $ */
+/* $OpenBSD: ripemd.h,v 1.16 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -93,9 +93,12 @@ typedef struct RIPEMD160state_st {
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
+    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
 unsigned char *RIPEMD160(const unsigned char *d, size_t n,
-    unsigned char *md);
+    unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
+    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
 }
author	tb <>	2024-06-01 07:36:17 +0000
committer	tb <>	2024-06-01 07:36:17 +0000
commit	f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4 (patch)
tree	d92a9fa364845580193b9ab3f5f391408342fa26 /src/lib/libcrypto/ripemd
parent	aee2754cfbb89d3dff4c3a521fb027d0c6967bc9 (diff)
download	openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.gz openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.bz2 openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.zip