cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-03 20:22:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Change sha256 output type from an array to a pointer

Browse Source 
The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-224 hash into a
28-byte buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-05-13 00:45:25 +02:00
parent 3e3a6789d1
commit d7b3d92476
4 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog.d/sha512-output-type.txt
View File

@ -1,5 +1,6 @@
API changes API changes
* The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret * The output parameter of mbedtls_sha512_finish_ret, mbedtls_sha512_ret,
now has a pointer type rather than array type. This removes spurious mbedtls_sha256_finish_ret and mbedtls_sha256_ret now has a pointer type
warnings in some compilers when outputting a SHA-384 hash into a rather than array type. This removes spurious warnings in some compilers
48-byte buffer. when outputting a SHA-384 or SHA-224 hash into a buffer of exactly
the hash size.

6
docs/3.0-migration-guide.d/sha512-output-type.md
View File

@ -1,8 +1,8 @@
SHA-512 output type change SHA-512 and SHA-256 output type change
-------------------------- --------------------------
The output parameter of `mbedtls_sha512_finish_ret()` and `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer. The output parameter of `mbedtls_sha256_finish_ret()`, `mbedtls_sha256_ret()`, `mbedtls_sha512_finish_ret()`, `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer or a SHA-224 hash into a 28-byte buffer.
This makes no difference to a vast majority of applications. If your code takes a pointer to one of these functions, you may need to change the type of the pointer. This makes no difference to a vast majority of applications. If your code takes a pointer to one of these functions, you may need to change the type of the pointer.
Alternative implementations of the SHA512 module must adjust their functions' prototype accordingly. Alternative implementations of the SHA256 and SHA512 modules must adjust their functions' prototype accordingly.

12
include/mbedtls/sha256.h
View File

@ -127,13 +127,14 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
* \param ctx The SHA-256 context. This must be initialized * \param ctx The SHA-256 context. This must be initialized
* and have a hash operation started. * and have a hash operation started.
* \param output The SHA-224 or SHA-256 checksum result. * \param output The SHA-224 or SHA-256 checksum result.
* This must be a writable buffer of length \c 32 Bytes. * This must be a writable buffer of length \c 32 bytes
* for SHA-256, 28 bytes for SHA-224.
* *
* \return \c 0 on success. * \return \c 0 on success.
* \return A negative error code on failure. * \return A negative error code on failure.
*/ */
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
unsigned char output[32] ); unsigned char *output );
/** /**
* \brief This function processes a single data block within * \brief This function processes a single data block within
@ -163,14 +164,15 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
* \param input The buffer holding the data. This must be a readable * \param input The buffer holding the data. This must be a readable
* buffer of length \p ilen Bytes. * buffer of length \p ilen Bytes.
* \param ilen The length of the input data in Bytes. * \param ilen The length of the input data in Bytes.
* \param output The SHA-224 or SHA-256 checksum result. This must * \param output The SHA-224 or SHA-256 checksum result.
* be a writable buffer of length \c 32 Bytes. * This must be a writable buffer of length \c 32 bytes
* for SHA-256, 28 bytes for SHA-224.
* \param is224 Determines which function to use. This must be * \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224. * either \c 0 for SHA-256, or \c 1 for SHA-224.
*/ */
int mbedtls_sha256_ret( const unsigned char *input, int mbedtls_sha256_ret( const unsigned char *input,
size_t ilen, size_t ilen,
unsigned char output[32], unsigned char *output,
int is224 ); int is224 );
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)

4
library/sha256.c
View File

@ -332,7 +332,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
* SHA-256 final digest * SHA-256 final digest
*/ */
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
unsigned char output[32] ) unsigned char *output )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t used; uint32_t used;
@ -401,7 +401,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
*/ */
int mbedtls_sha256_ret( const unsigned char *input, int mbedtls_sha256_ret( const unsigned char *input,
size_t ilen, size_t ilen,
unsigned char output[32], unsigned char *output,
int is224 ) int is224 )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;