Date: Thu, 26 May 2016 19:29:29 +0000 (UTC) From: "Conrad E. Meyer" <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r300773 - in head/sys: crypto crypto/aesni crypto/sha2 crypto/siphash kern sys Message-ID: <201605261929.u4QJTTV5085421@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Thu May 26 19:29:29 2016 New Revision: 300773 URL: https://svnweb.freebsd.org/changeset/base/300773 Log: crypto routines: Hint minimum buffer sizes to the compiler Use the C99 'static' keyword to hint to the compiler IVs and output digest sizes. The keyword informs the compiler of the minimum valid size for a given array. Obviously not every pointer can be validated (i.e., the compiler can produce false negative but not false positive reports). No functional change. No ABI change. Sponsored by: EMC / Isilon Storage Division Modified: head/sys/crypto/aesni/aesni.h head/sys/crypto/aesni/aesni_wrap.c head/sys/crypto/sha1.c head/sys/crypto/sha1.h head/sys/crypto/sha2/sha256.h head/sys/crypto/sha2/sha256c.c head/sys/crypto/sha2/sha384.h head/sys/crypto/sha2/sha512.h head/sys/crypto/sha2/sha512c.c head/sys/crypto/siphash/siphash.c head/sys/crypto/siphash/siphash.h head/sys/kern/md4c.c head/sys/kern/md5c.c head/sys/sys/md4.h head/sys/sys/md5.h Modified: head/sys/crypto/aesni/aesni.h ============================================================================== --- head/sys/crypto/aesni/aesni.h Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/aesni/aesni.h Thu May 26 19:29:29 2016 (r300773) @@ -79,23 +79,23 @@ void aesni_set_deckey(const uint8_t *enc */ void aesni_encrypt_cbc(int rounds, const void *key_schedule /*__aligned(16)*/, size_t len, const uint8_t *from, uint8_t *to, - const uint8_t iv[AES_BLOCK_LEN]); + const uint8_t iv[static AES_BLOCK_LEN]); void aesni_decrypt_cbc(int rounds, const void *key_schedule /*__aligned(16)*/, - size_t len, uint8_t *buf, const uint8_t iv[AES_BLOCK_LEN]); + size_t len, uint8_t *buf, const uint8_t iv[static AES_BLOCK_LEN]); void aesni_encrypt_ecb(int rounds, const void *key_schedule /*__aligned(16)*/, size_t len, const uint8_t *from, uint8_t *to); void aesni_decrypt_ecb(int rounds, const void *key_schedule /*__aligned(16)*/, size_t len, const uint8_t *from, uint8_t *to); void aesni_encrypt_icm(int rounds, const void *key_schedule /*__aligned(16)*/, size_t len, const uint8_t *from, uint8_t *to, - const uint8_t iv[AES_BLOCK_LEN]); + const uint8_t iv[static AES_BLOCK_LEN]); void aesni_encrypt_xts(int rounds, const void *data_schedule /*__aligned(16)*/, const void *tweak_schedule /*__aligned(16)*/, size_t len, - const uint8_t *from, uint8_t *to, const uint8_t iv[AES_BLOCK_LEN]); + const uint8_t *from, uint8_t *to, const uint8_t iv[static AES_BLOCK_LEN]); void aesni_decrypt_xts(int rounds, const void *data_schedule /*__aligned(16)*/, const void *tweak_schedule /*__aligned(16)*/, size_t len, - const uint8_t *from, uint8_t *to, const uint8_t iv[AES_BLOCK_LEN]); + const uint8_t *from, uint8_t *to, const uint8_t iv[static AES_BLOCK_LEN]); /* GCM & GHASH functions */ void AES_GCM_encrypt(const unsigned char *in, unsigned char *out, Modified: head/sys/crypto/aesni/aesni_wrap.c ============================================================================== --- head/sys/crypto/aesni/aesni_wrap.c Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/aesni/aesni_wrap.c Thu May 26 19:29:29 2016 (r300773) @@ -55,7 +55,7 @@ struct blocks8 { void aesni_encrypt_cbc(int rounds, const void *key_schedule, size_t len, - const uint8_t *from, uint8_t *to, const uint8_t iv[AES_BLOCK_LEN]) + const uint8_t *from, uint8_t *to, const uint8_t iv[static AES_BLOCK_LEN]) { __m128i tot, ivreg; size_t i; @@ -74,7 +74,7 @@ aesni_encrypt_cbc(int rounds, const void void aesni_decrypt_cbc(int rounds, const void *key_schedule, size_t len, - uint8_t *buf, const uint8_t iv[AES_BLOCK_LEN]) + uint8_t *buf, const uint8_t iv[static AES_BLOCK_LEN]) { __m128i blocks[8]; struct blocks8 *blks; @@ -204,7 +204,7 @@ nextc(__m128i x) void aesni_encrypt_icm(int rounds, const void *key_schedule, size_t len, - const uint8_t *from, uint8_t *to, const uint8_t iv[AES_BLOCK_LEN]) + const uint8_t *from, uint8_t *to, const uint8_t iv[static AES_BLOCK_LEN]) { __m128i tot; __m128i tmp1, tmp2, tmp3, tmp4; @@ -378,7 +378,7 @@ aesni_crypt_xts_block8(int rounds, const static void aesni_crypt_xts(int rounds, const __m128i *data_schedule, const __m128i *tweak_schedule, size_t len, const uint8_t *from, - uint8_t *to, const uint8_t iv[AES_BLOCK_LEN], int do_encrypt) + uint8_t *to, const uint8_t iv[static AES_BLOCK_LEN], int do_encrypt) { __m128i tweakreg; uint8_t tweak[AES_XTS_BLOCKSIZE] __aligned(16); @@ -418,7 +418,7 @@ aesni_crypt_xts(int rounds, const __m128 void aesni_encrypt_xts(int rounds, const void *data_schedule, const void *tweak_schedule, size_t len, const uint8_t *from, uint8_t *to, - const uint8_t iv[AES_BLOCK_LEN]) + const uint8_t iv[static AES_BLOCK_LEN]) { aesni_crypt_xts(rounds, data_schedule, tweak_schedule, len, from, to, @@ -428,7 +428,7 @@ aesni_encrypt_xts(int rounds, const void void aesni_decrypt_xts(int rounds, const void *data_schedule, const void *tweak_schedule, size_t len, const uint8_t *from, uint8_t *to, - const uint8_t iv[AES_BLOCK_LEN]) + const uint8_t iv[static AES_BLOCK_LEN]) { aesni_crypt_xts(rounds, data_schedule, tweak_schedule, len, from, to, Modified: head/sys/crypto/sha1.c ============================================================================== --- head/sys/crypto/sha1.c Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/sha1.c Thu May 26 19:29:29 2016 (r300773) @@ -249,16 +249,14 @@ sha1_loop(ctxt, input, len) } void -sha1_result(ctxt, digest0) - struct sha1_ctxt *ctxt; - caddr_t digest0; +sha1_result(struct sha1_ctxt *ctxt, char digest0[static SHA1_RESULTLEN]) { u_int8_t *digest; digest = (u_int8_t *)digest0; sha1_pad(ctxt); #if BYTE_ORDER == BIG_ENDIAN - bcopy(&ctxt->h.b8[0], digest, 20); + bcopy(&ctxt->h.b8[0], digest, SHA1_RESULTLEN); #else digest[0] = ctxt->h.b8[3]; digest[1] = ctxt->h.b8[2]; digest[2] = ctxt->h.b8[1]; digest[3] = ctxt->h.b8[0]; Modified: head/sys/crypto/sha1.h ============================================================================== --- head/sys/crypto/sha1.h Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/sha1.h Thu May 26 19:29:29 2016 (r300773) @@ -35,8 +35,8 @@ * implemented by Jun-ichiro itojun Itoh <itojun@itojun.org> */ -#ifndef _NETINET6_SHA1_H_ -#define _NETINET6_SHA1_H_ +#ifndef _CRYPTO_SHA1_H_ +#define _CRYPTO_SHA1_H_ struct sha1_ctxt { union { @@ -55,11 +55,13 @@ struct sha1_ctxt { }; typedef struct sha1_ctxt SHA1_CTX; +#define SHA1_RESULTLEN (160/8) + #ifdef _KERNEL extern void sha1_init(struct sha1_ctxt *); extern void sha1_pad(struct sha1_ctxt *); extern void sha1_loop(struct sha1_ctxt *, const u_int8_t *, size_t); -extern void sha1_result(struct sha1_ctxt *, caddr_t); +extern void sha1_result(struct sha1_ctxt *, char[static SHA1_RESULTLEN]); /* compatibilty with other SHA1 source codes */ #define SHA1Init(x) sha1_init((x)) @@ -67,6 +69,4 @@ extern void sha1_result(struct sha1_ctxt #define SHA1Final(x, y) sha1_result((y), (x)) #endif /* _KERNEL */ -#define SHA1_RESULTLEN (160/8) - -#endif /*_NETINET6_SHA1_H_*/ +#endif /*_CRYPTO_SHA1_H_*/ Modified: head/sys/crypto/sha2/sha256.h ============================================================================== --- head/sys/crypto/sha2/sha256.h Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/sha2/sha256.h Thu May 26 19:29:29 2016 (r300773) @@ -78,7 +78,7 @@ __BEGIN_DECLS void SHA256_Init(SHA256_CTX *); void SHA256_Update(SHA256_CTX *, const void *, size_t); -void SHA256_Final(unsigned char [SHA256_DIGEST_LENGTH], SHA256_CTX *); +void SHA256_Final(unsigned char [static SHA256_DIGEST_LENGTH], SHA256_CTX *); #ifndef _KERNEL char *SHA256_End(SHA256_CTX *, char *); char *SHA256_Data(const void *, unsigned int, char *); Modified: head/sys/crypto/sha2/sha256c.c ============================================================================== --- head/sys/crypto/sha2/sha256c.c Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/sha2/sha256c.c Thu May 26 19:29:29 2016 (r300773) @@ -287,17 +287,17 @@ SHA256_Update(SHA256_CTX * ctx, const vo * and clears the context state. */ void -SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx) +SHA256_Final(unsigned char digest[static SHA256_DIGEST_LENGTH], SHA256_CTX *ctx) { /* Add padding */ SHA256_Pad(ctx); /* Write the hash */ - be32enc_vect(digest, ctx->state, 32); + be32enc_vect(digest, ctx->state, SHA256_DIGEST_LENGTH); /* Clear the context state */ - memset((void *)ctx, 0, sizeof(*ctx)); + memset(ctx, 0, sizeof(*ctx)); } #ifdef WEAK_REFS Modified: head/sys/crypto/sha2/sha384.h ============================================================================== --- head/sys/crypto/sha2/sha384.h Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/sha2/sha384.h Thu May 26 19:29:29 2016 (r300773) @@ -74,7 +74,7 @@ __BEGIN_DECLS void SHA384_Init(SHA384_CTX *); void SHA384_Update(SHA384_CTX *, const void *, size_t); -void SHA384_Final(unsigned char [SHA384_DIGEST_LENGTH], SHA384_CTX *); +void SHA384_Final(unsigned char [static SHA384_DIGEST_LENGTH], SHA384_CTX *); #ifndef _KERNEL char *SHA384_End(SHA384_CTX *, char *); char *SHA384_Data(const void *, unsigned int, char *); Modified: head/sys/crypto/sha2/sha512.h ============================================================================== --- head/sys/crypto/sha2/sha512.h Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/sha2/sha512.h Thu May 26 19:29:29 2016 (r300773) @@ -77,7 +77,7 @@ __BEGIN_DECLS void SHA512_Init(SHA512_CTX *); void SHA512_Update(SHA512_CTX *, const void *, size_t); -void SHA512_Final(unsigned char [SHA512_DIGEST_LENGTH], SHA512_CTX *); +void SHA512_Final(unsigned char [static SHA512_DIGEST_LENGTH], SHA512_CTX *); #ifndef _KERNEL char *SHA512_End(SHA512_CTX *, char *); char *SHA512_Data(const void *, unsigned int, char *); Modified: head/sys/crypto/sha2/sha512c.c ============================================================================== --- head/sys/crypto/sha2/sha512c.c Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/sha2/sha512c.c Thu May 26 19:29:29 2016 (r300773) @@ -311,7 +311,7 @@ SHA512_Update(SHA512_CTX * ctx, const vo * and clears the context state. */ void -SHA512_Final(unsigned char digest[SHA512_DIGEST_LENGTH], SHA512_CTX * ctx) +SHA512_Final(unsigned char digest[static SHA512_DIGEST_LENGTH], SHA512_CTX *ctx) { /* Add padding */ @@ -321,7 +321,7 @@ SHA512_Final(unsigned char digest[SHA512 be64enc_vect(digest, ctx->state, SHA512_DIGEST_LENGTH); /* Clear the context state */ - memset((void *)ctx, 0, sizeof(*ctx)); + memset(ctx, 0, sizeof(*ctx)); } /*** SHA-384: *********************************************************/ @@ -361,7 +361,7 @@ SHA384_Update(SHA384_CTX * ctx, const vo * and clears the context state. */ void -SHA384_Final(unsigned char digest[SHA384_DIGEST_LENGTH], SHA384_CTX * ctx) +SHA384_Final(unsigned char digest[static SHA384_DIGEST_LENGTH], SHA384_CTX *ctx) { /* Add padding */ @@ -371,7 +371,7 @@ SHA384_Final(unsigned char digest[SHA384 be64enc_vect(digest, ctx->state, SHA384_DIGEST_LENGTH); /* Clear the context state */ - memset((void *)ctx, 0, sizeof(*ctx)); + memset(ctx, 0, sizeof(*ctx)); } #ifdef WEAK_REFS Modified: head/sys/crypto/siphash/siphash.c ============================================================================== --- head/sys/crypto/siphash/siphash.c Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/siphash/siphash.c Thu May 26 19:29:29 2016 (r300773) @@ -71,7 +71,7 @@ SipHash_InitX(SIPHASH_CTX *ctx, int rc, } void -SipHash_SetKey(SIPHASH_CTX *ctx, const uint8_t key[16]) +SipHash_SetKey(SIPHASH_CTX *ctx, const uint8_t key[static SIPHASH_KEY_LENGTH]) { uint64_t k[2]; @@ -167,7 +167,7 @@ SipHash_Update(SIPHASH_CTX *ctx, const v } void -SipHash_Final(void *dst, SIPHASH_CTX *ctx) +SipHash_Final(uint8_t dst[static SIPHASH_DIGEST_LENGTH], SIPHASH_CTX *ctx) { uint64_t r; @@ -196,8 +196,8 @@ SipHash_End(SIPHASH_CTX *ctx) } uint64_t -SipHashX(SIPHASH_CTX *ctx, int rc, int rf, const uint8_t key[16], - const void *src, size_t len) +SipHashX(SIPHASH_CTX *ctx, int rc, int rf, + const uint8_t key[static SIPHASH_KEY_LENGTH], const void *src, size_t len) { SipHash_InitX(ctx, rc, rf); Modified: head/sys/crypto/siphash/siphash.h ============================================================================== --- head/sys/crypto/siphash/siphash.h Thu May 26 19:17:51 2016 (r300772) +++ head/sys/crypto/siphash/siphash.h Thu May 26 19:29:29 2016 (r300773) @@ -68,14 +68,14 @@ typedef struct _SIPHASH_CTX { #define SipHash24_Init(x) SipHash_InitX((x), 2, 4) #define SipHash48_Init(x) SipHash_InitX((x), 4, 8) void SipHash_InitX(SIPHASH_CTX *, int, int); -void SipHash_SetKey(SIPHASH_CTX *, const uint8_t [16]); +void SipHash_SetKey(SIPHASH_CTX *, const uint8_t[static SIPHASH_KEY_LENGTH]); void SipHash_Update(SIPHASH_CTX *, const void *, size_t); -void SipHash_Final(void *, SIPHASH_CTX *); +void SipHash_Final(uint8_t[static SIPHASH_DIGEST_LENGTH], SIPHASH_CTX *); uint64_t SipHash_End(SIPHASH_CTX *); #define SipHash24(x, y, z, i) SipHashX((x), 2, 4, (y), (z), (i)); #define SipHash48(x, y, z, i) SipHashX((x), 4, 8, (y), (z), (i)); -uint64_t SipHashX(SIPHASH_CTX *, int, int, const uint8_t [16], const void *, +uint64_t SipHashX(SIPHASH_CTX *, int, int, const uint8_t[static SIPHASH_KEY_LENGTH], const void *, size_t); int SipHash24_TestVectors(void); Modified: head/sys/kern/md4c.c ============================================================================== --- head/sys/kern/md4c.c Thu May 26 19:17:51 2016 (r300772) +++ head/sys/kern/md4c.c Thu May 26 19:29:29 2016 (r300773) @@ -164,9 +164,7 @@ MD4_CTX *context; /* MD4 finalization. Ends an MD4 message-digest operation, writing the the message digest and zeroizing the context. */ -void MD4Final (digest, context) -unsigned char digest[16]; /* message digest */ -MD4_CTX *context; /* context */ +void MD4Final (unsigned char digest[static 16], MD4_CTX *context) { /* Do padding */ MD4Pad (context); @@ -176,7 +174,7 @@ MD4_CTX *context; /* Zeroize sensitive information. */ - bzero((POINTER)context, sizeof (*context)); + bzero(context, sizeof (*context)); } /* MD4 basic transformation. Transforms state based on block. Modified: head/sys/kern/md5c.c ============================================================================== --- head/sys/kern/md5c.c Thu May 26 19:17:51 2016 (r300772) +++ head/sys/kern/md5c.c Thu May 26 19:29:29 2016 (r300773) @@ -217,18 +217,16 @@ MD5Pad (MD5_CTX *context) */ void -MD5Final (digest, context) - unsigned char digest[16]; - MD5_CTX *context; +MD5Final(unsigned char digest[static MD5_DIGEST_LENGTH], MD5_CTX *context) { /* Do padding. */ MD5Pad (context); /* Store state in digest */ - Encode (digest, context->state, 16); + Encode (digest, context->state, MD5_DIGEST_LENGTH); /* Zeroize sensitive information. */ - memset ((void *)context, 0, sizeof (*context)); + memset (context, 0, sizeof (*context)); } /* MD5 basic transformation. Transforms state based on block. */ Modified: head/sys/sys/md4.h ============================================================================== --- head/sys/sys/md4.h Thu May 26 19:17:51 2016 (r300772) +++ head/sys/sys/md4.h Thu May 26 19:29:29 2016 (r300773) @@ -39,10 +39,7 @@ __BEGIN_DECLS void MD4Init(MD4_CTX *); void MD4Update(MD4_CTX *, const unsigned char *, unsigned int); void MD4Pad(MD4_CTX *); -void MD4Final(unsigned char [16], MD4_CTX *); -char * MD4End(MD4_CTX *, char *); -char * MD4File(const char *, char *); -char * MD4Data(const unsigned char *, unsigned int, char *); +void MD4Final(unsigned char [static 16], MD4_CTX *); __END_DECLS #endif /* _MD4_H_ */ Modified: head/sys/sys/md5.h ============================================================================== --- head/sys/sys/md5.h Thu May 26 19:17:51 2016 (r300772) +++ head/sys/sys/md5.h Thu May 26 19:29:29 2016 (r300773) @@ -44,10 +44,6 @@ typedef struct MD5Context { __BEGIN_DECLS void MD5Init (MD5_CTX *); void MD5Update (MD5_CTX *, const void *, unsigned int); -void MD5Final (unsigned char [16], MD5_CTX *); -char * MD5End(MD5_CTX *, char *); -char * MD5File(const char *, char *); -char * MD5FileChunk(const char *, char *, off_t, off_t); -char * MD5Data(const void *, unsigned int, char *); +void MD5Final (unsigned char[static MD5_DIGEST_LENGTH], MD5_CTX *); __END_DECLS #endif /* _SYS_MD5_H_ */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605261929.u4QJTTV5085421>