Remove support for static buffers in HMAC/digests

HMAC() and the one-step digests used to support passing a NULL buffer and would return the digest in a static buffer. This design is firmly from the nineties, not thread safe and it saves callers a single line. The few ports that used to rely this were fixed with patches sent to non-hostile (and non-dead) upstreams. It's early enough in the release cycle that remaining uses hidden from the compiler should be caught, at least the ones that matter. There won't be that many since BoringSSL removed this feature in 2017. https://boringssl-review.googlesource.com/14528 Add non-null attributes to the headers and add a few missing bounded attributes. ok beck jsing
author: tb <> 2024-06-01 07:36:17 +0000
committer: tb <> 2024-06-01 07:36:17 +0000
commit: f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4 (patch)
tree: d92a9fa364845580193b9ab3f5f391408342fa26 /src/lib/libcrypto/sha/sha.h
parent: aee2754cfbb89d3dff4c3a521fb027d0c6967bc9 (diff)
download: openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.gz
openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.bz2
openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h
index e1de79f4f4..f87203d912 100644
--- a/src/lib/libcrypto/sha/sha.h
+++ b/src/lib/libcrypto/sha/sha.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha.h,v 1.22 2023/07/08 07:08:11 jsing Exp $ */
+/* $OpenBSD: sha.h,v 1.23 2024/06/01 07:36:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -102,6 +102,7 @@ int SHA1_Update(SHA_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int SHA1_Final(unsigned char *md, SHA_CTX *c);
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
@@ -125,12 +126,14 @@ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 int SHA256_Init(SHA256_CTX *c);
 int SHA256_Update(SHA256_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int SHA256_Final(unsigned char *md, SHA256_CTX *c);
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
 #endif
@@ -172,12 +175,14 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
 unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 int SHA512_Init(SHA512_CTX *c);
 int SHA512_Update(SHA512_CTX *c, const void *data, size_t len)
    __attribute__ ((__bounded__(__buffer__, 2, 3)));
 int SHA512_Final(unsigned char *md, SHA512_CTX *c);
 unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+    __attribute__ ((__nonnull__(3)))
    __attribute__ ((__bounded__(__buffer__, 1, 2)));
 void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
 #endif
author	tb <>	2024-06-01 07:36:17 +0000
committer	tb <>	2024-06-01 07:36:17 +0000
commit	f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4 (patch)
tree	d92a9fa364845580193b9ab3f5f391408342fa26 /src/lib/libcrypto/sha/sha.h
parent	aee2754cfbb89d3dff4c3a521fb027d0c6967bc9 (diff)
download	openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.gz openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.tar.bz2 openbsd-f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4.zip