From f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 1 Jun 2024 07:36:17 +0000 Subject: Remove support for static buffers in HMAC/digests HMAC() and the one-step digests used to support passing a NULL buffer and would return the digest in a static buffer. This design is firmly from the nineties, not thread safe and it saves callers a single line. The few ports that used to rely this were fixed with patches sent to non-hostile (and non-dead) upstreams. It's early enough in the release cycle that remaining uses hidden from the compiler should be caught, at least the ones that matter. There won't be that many since BoringSSL removed this feature in 2017. https://boringssl-review.googlesource.com/14528 Add non-null attributes to the headers and add a few missing bounded attributes. ok beck jsing --- src/lib/libcrypto/hmac/hmac.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/lib/libcrypto/hmac/hmac.h') diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h index 1ce365294c..abdd19450e 100644 --- a/src/lib/libcrypto/hmac/hmac.h +++ b/src/lib/libcrypto/hmac/hmac.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hmac.h,v 1.17 2023/04/25 15:48:48 tb Exp $ */ +/* $OpenBSD: hmac.h,v 1.18 2024/06/01 07:36:16 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -85,7 +85,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); + const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len) + __attribute__((__nonnull__ (6))); int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); -- cgit v1.2.3-55-g6feb