From f3bc6c83f92ef9b23bfc523ef1b24bfa27e1f6e4 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 1 Jun 2024 07:36:17 +0000 Subject: Remove support for static buffers in HMAC/digests HMAC() and the one-step digests used to support passing a NULL buffer and would return the digest in a static buffer. This design is firmly from the nineties, not thread safe and it saves callers a single line. The few ports that used to rely this were fixed with patches sent to non-hostile (and non-dead) upstreams. It's early enough in the release cycle that remaining uses hidden from the compiler should be caught, at least the ones that matter. There won't be that many since BoringSSL removed this feature in 2017. https://boringssl-review.googlesource.com/14528 Add non-null attributes to the headers and add a few missing bounded attributes. ok beck jsing --- src/lib/libcrypto/sha/sha.h | 7 ++++++- src/lib/libcrypto/sha/sha1.c | 6 +----- src/lib/libcrypto/sha/sha256.c | 10 +--------- src/lib/libcrypto/sha/sha512.c | 10 +--------- 4 files changed, 9 insertions(+), 24 deletions(-) (limited to 'src/lib/libcrypto/sha') diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h index e1de79f4f4..f87203d912 100644 --- a/src/lib/libcrypto/sha/sha.h +++ b/src/lib/libcrypto/sha/sha.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sha.h,v 1.22 2023/07/08 07:08:11 jsing Exp $ */ +/* $OpenBSD: sha.h,v 1.23 2024/06/01 07:36:16 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -102,6 +102,7 @@ int SHA1_Update(SHA_CTX *c, const void *data, size_t len) __attribute__ ((__bounded__(__buffer__, 2, 3))); int SHA1_Final(unsigned char *md, SHA_CTX *c); unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__nonnull__(3))) __attribute__ ((__bounded__(__buffer__, 1, 2))); void SHA1_Transform(SHA_CTX *c, const unsigned char *data); #endif @@ -125,12 +126,14 @@ int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) __attribute__ ((__bounded__(__buffer__, 2, 3))); int SHA224_Final(unsigned char *md, SHA256_CTX *c); unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__nonnull__(3))) __attribute__ ((__bounded__(__buffer__, 1, 2))); int SHA256_Init(SHA256_CTX *c); int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) __attribute__ ((__bounded__(__buffer__, 2, 3))); int SHA256_Final(unsigned char *md, SHA256_CTX *c); unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__nonnull__(3))) __attribute__ ((__bounded__(__buffer__, 1, 2))); void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); #endif @@ -172,12 +175,14 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) __attribute__ ((__bounded__(__buffer__, 2, 3))); int SHA384_Final(unsigned char *md, SHA512_CTX *c); unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__nonnull__(3))) __attribute__ ((__bounded__(__buffer__, 1, 2))); int SHA512_Init(SHA512_CTX *c); int SHA512_Update(SHA512_CTX *c, const void *data, size_t len) __attribute__ ((__bounded__(__buffer__, 2, 3))); int SHA512_Final(unsigned char *md, SHA512_CTX *c); unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__nonnull__(3))) __attribute__ ((__bounded__(__buffer__, 1, 2))); void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); #endif diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c index 32007d5d52..52338812db 100644 --- a/src/lib/libcrypto/sha/sha1.c +++ b/src/lib/libcrypto/sha/sha1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha1.c,v 1.14 2024/03/28 07:06:12 jsing Exp $ */ +/* $OpenBSD: sha1.c,v 1.15 2024/06/01 07:36:16 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -496,10 +496,6 @@ unsigned char * SHA1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; - static unsigned char m[SHA_DIGEST_LENGTH]; - - if (md == NULL) - md = m; if (!SHA1_Init(&c)) return NULL; diff --git a/src/lib/libcrypto/sha/sha256.c b/src/lib/libcrypto/sha/sha256.c index d18e8d219d..ab00c17878 100644 --- a/src/lib/libcrypto/sha/sha256.c +++ b/src/lib/libcrypto/sha/sha256.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha256.c,v 1.31 2024/03/28 04:23:02 jsing Exp $ */ +/* $OpenBSD: sha256.c,v 1.32 2024/06/01 07:36:16 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * @@ -317,10 +317,6 @@ unsigned char * SHA224(const unsigned char *d, size_t n, unsigned char *md) { SHA256_CTX c; - static unsigned char m[SHA224_DIGEST_LENGTH]; - - if (md == NULL) - md = m; SHA224_Init(&c); SHA256_Update(&c, d, n); @@ -479,10 +475,6 @@ unsigned char * SHA256(const unsigned char *d, size_t n, unsigned char *md) { SHA256_CTX c; - static unsigned char m[SHA256_DIGEST_LENGTH]; - - if (md == NULL) - md = m; SHA256_Init(&c); SHA256_Update(&c, d, n); diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c index 360a5c29fb..7a2a40d3df 100644 --- a/src/lib/libcrypto/sha/sha512.c +++ b/src/lib/libcrypto/sha/sha512.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sha512.c,v 1.41 2023/07/08 12:24:10 beck Exp $ */ +/* $OpenBSD: sha512.c,v 1.42 2024/06/01 07:36:16 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * @@ -345,10 +345,6 @@ unsigned char * SHA384(const unsigned char *d, size_t n, unsigned char *md) { SHA512_CTX c; - static unsigned char m[SHA384_DIGEST_LENGTH]; - - if (md == NULL) - md = m; SHA384_Init(&c); SHA512_Update(&c, d, n); @@ -498,10 +494,6 @@ unsigned char * SHA512(const unsigned char *d, size_t n, unsigned char *md) { SHA512_CTX c; - static unsigned char m[SHA512_DIGEST_LENGTH]; - - if (md == NULL) - md = m; SHA512_Init(&c); SHA512_Update(&c, d, n); -- cgit v1.2.3-55-g6feb