From f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 1 Jun 2024 07:36:17 +0000
Subject: Remove support for static buffers in HMAC/digests

HMAC() and the one-step digests used to support passing a NULL buffer and
would return the digest in a static buffer. This design is firmly from the
nineties, not thread safe and it saves callers a single line. The few ports
that used to rely this were fixed with patches sent to non-hostile (and
non-dead) upstreams. It's early enough in the release cycle that remaining
uses hidden from the compiler should be caught, at least the ones that
matter.

There won't be that many since BoringSSL removed this feature in 2017.
https://boringssl-review.googlesource.com/14528

Add non-null attributes to the headers and add a few missing bounded
attributes.

ok beck jsing
---
 src/lib/libcrypto/sha/sha256.c | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

(limited to 'src/lib/libcrypto/sha/sha256.c')

diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c
index d18e8d219d..ab00c17878 100644
--- a/src/lib/libcrypto/sha/sha256.c
+++ b/src/lib/libcrypto/sha/sha256.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sha256.c,v 1.31 2024/03/28 04:23:02 jsing Exp $ */
+/* $OpenBSD: sha256.c,v 1.32 2024/06/01 07:36:16 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -317,10 +317,6 @@ unsigned char *
 SHA224(const unsigned char *d, size_t n, unsigned char *md)
 {
 	SHA256_CTX c;
-	static unsigned char m[SHA224_DIGEST_LENGTH];
-
-	if (md == NULL)
-		md = m;
 
 	SHA224_Init(&c);
 	SHA256_Update(&c, d, n);
@@ -479,10 +475,6 @@ unsigned char *
 SHA256(const unsigned char *d, size_t n, unsigned char *md)
 {
 	SHA256_CTX c;
-	static unsigned char m[SHA256_DIGEST_LENGTH];
-
-	if (md == NULL)
-		md = m;
 
 	SHA256_Init(&c);
 	SHA256_Update(&c, d, n);
-- 
cgit v1.2.3-55-g6feb