From bac3f48dc96b19f5fc18d09b8db11109c3ff8c46 Mon Sep 17 00:00:00 2001 From: Koen Zandberg Date: Wed, 29 Nov 2023 10:36:50 +0100 Subject: [PATCH 1/2] hashes/sha256: Remove static variables from sha256 This removes the static (thread-unsafe) variables from sha256 and hmac_sha256 to remove a potential footgun. The static variable is only used when the caller does not supply a pointer to store the digest and it is returned via the (undocumented) return value. This commit removes this option and makes the digest argument mandatory. --- sys/hashes/sha256.c | 22 ++++------------------ sys/include/hashes/sha256.h | 14 ++++---------- 2 files changed, 8 insertions(+), 28 deletions(-) diff --git a/sys/hashes/sha256.c b/sys/hashes/sha256.c index 124db252ffb8..9d4c86138ff4 100644 --- a/sys/hashes/sha256.c +++ b/sys/hashes/sha256.c @@ -68,20 +68,14 @@ void sha256_init(sha256_context_t *ctx) ctx->state[7] = 0x5BE0CD19; } -void *sha256(const void *data, size_t len, void *digest) +void sha256(const void *data, size_t len, void *digest) { sha256_context_t c; - static unsigned char m[SHA256_DIGEST_LENGTH]; - - if (digest == NULL) { - digest = m; - } + assert(digest); sha256_init(&c); sha2xx_update(&c, data, len); sha256_final(&c, digest); - - return digest; } void hmac_sha256_init(hmac_context_t *ctx, const void *key, size_t key_length) @@ -135,19 +129,13 @@ void hmac_sha256_final(hmac_context_t *ctx, void *digest) { unsigned char tmp[SHA256_DIGEST_LENGTH]; - static unsigned char m[SHA256_DIGEST_LENGTH]; - - if (digest == NULL) { - digest = m; - } - sha256_final(&ctx->c_in, tmp); sha2xx_update(&ctx->c_out, tmp, SHA256_DIGEST_LENGTH); sha256_final(&ctx->c_out, digest); } -const void *hmac_sha256(const void *key, size_t key_length, - const void *data, size_t len, void *digest) +void hmac_sha256(const void *key, size_t key_length, + const void *data, size_t len, void *digest) { hmac_context_t ctx; @@ -155,8 +143,6 @@ const void *hmac_sha256(const void *key, size_t key_length, hmac_sha256_init(&ctx, key, key_length); hmac_sha256_update(&ctx,data, len); hmac_sha256_final(&ctx, digest); - - return digest; } /** diff --git a/sys/include/hashes/sha256.h b/sys/include/hashes/sha256.h index 4fd83a5772fd..b4a303926ea6 100644 --- a/sys/include/hashes/sha256.h +++ b/sys/include/hashes/sha256.h @@ -128,11 +128,10 @@ static inline void sha256_final(sha256_context_t *ctx, void *digest) * * @param[in] data pointer to the buffer to generate hash from * @param[in] len length of the buffer - * @param[out] digest optional pointer to an array for the result, length must + * @param[out] digest Pointer to an array for the result, length must * be SHA256_DIGEST_LENGTH - * if digest == NULL, one static buffer is used */ -void *sha256(const void *data, size_t len, void *digest); +void sha256(const void *data, size_t len, void *digest); /** * @brief hmac_sha256_init HMAC SHA-256 calculation. Initiate calculation of a HMAC @@ -153,9 +152,7 @@ void hmac_sha256_update(hmac_context_t *ctx, const void *data, size_t len); /** * @brief hmac_sha256_final HMAC SHA-256 finalization. Finish HMAC calculation and export the value * @param[in] ctx hmac_context_t handle to use - * @param[out] digest the computed hmac-sha256, - * length MUST be SHA256_DIGEST_LENGTH - * if digest == NULL, a static buffer is used + * @param[out] digest the computed hmac-sha256, length MUST be SHA256_DIGEST_LENGTH */ void hmac_sha256_final(hmac_context_t *ctx, void *digest); @@ -168,11 +165,8 @@ void hmac_sha256_final(hmac_context_t *ctx, void *digest); * @param[in] len the length of the message in bytes * @param[out] digest the computed hmac-sha256, * length MUST be SHA256_DIGEST_LENGTH - * if digest == NULL, a static buffer is used - * @returns pointer to the resulting digest. - * if result == NULL the pointer points to the static buffer */ -const void *hmac_sha256(const void *key, size_t key_length, +void hmac_sha256(const void *key, size_t key_length, const void *data, size_t len, void *digest); /** From 434e5647d04f8e89fa46045aa5fbbd0e546b63c5 Mon Sep 17 00:00:00 2001 From: Koen Zandberg Date: Wed, 29 Nov 2023 10:43:58 +0100 Subject: [PATCH 2/2] hashes/sha224: Remove static variables from sha224 --- sys/hashes/sha224.c | 11 +++-------- sys/include/hashes/sha224.h | 5 ++--- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/sys/hashes/sha224.c b/sys/hashes/sha224.c index 4bc4c7ed3985..189742578c84 100644 --- a/sys/hashes/sha224.c +++ b/sys/hashes/sha224.c @@ -19,6 +19,7 @@ */ #include +#include #include "hashes/sha224.h" #include "hashes/sha2xx_common.h" @@ -40,18 +41,12 @@ void sha224_init(sha224_context_t *ctx) ctx->state[7] = 0xBEFA4FA4; } -void *sha224(const void *data, size_t len, void *digest) +void sha224(const void *data, size_t len, void *digest) { sha224_context_t c; - static unsigned char m[SHA224_DIGEST_LENGTH]; - - if (digest == NULL) { - digest = m; - } + assert(digest); sha224_init(&c); sha224_update(&c, data, len); sha224_final(&c, digest); - - return digest; } diff --git a/sys/include/hashes/sha224.h b/sys/include/hashes/sha224.h index ecfb1fc64c2b..8f2d04953f1c 100644 --- a/sys/include/hashes/sha224.h +++ b/sys/include/hashes/sha224.h @@ -110,11 +110,10 @@ static inline void sha224_final(sha224_context_t *ctx, void *digest) * * @param[in] data pointer to the buffer to generate hash from * @param[in] len length of the buffer - * @param[out] digest optional pointer to an array for the result, length must + * @param[out] digest Pointer to an array for the result, length must * be SHA224_DIGEST_LENGTH - * if digest == NULL, one static buffer is used */ -void *sha224(const void *data, size_t len, void *digest); +void sha224(const void *data, size_t len, void *digest); #ifdef __cplusplus }