-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3.8.2 gcc 13 warnings -Wstringop-overflow
, -Wdangling-pointer
#926
Comments
-Wstringop-overflow
and -Wdangling-pointer
-Wstringop-overflow
and -Wdangling-pointer
-Wstringop-overflow
, -Wdangling-pointer
This assumes that I wonder if the warning goes away if we do this, but I'm not sure if gcc is smart enough: diff --git a/lbressl/crypto/cmac/cmac.c b/libressl/crypto/cmac/cmac.c
index 257bd21ccad..75930fd3cfe 100644
--- a/libressl/crypto/cmac/cmac.c
+++ b/libressl/crypto/cmac/cmac.c
@@ -186,7 +186,8 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
return 0;
if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv))
return 0;
- bl = EVP_CIPHER_CTX_block_size(&ctx->cctx);
+ if ((bl = EVP_CIPHER_CTX_block_size(&ctx->cctx)) <= 0)
+ return 0;
if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl))
return 0;
make_kn(ctx->k1, ctx->tbl, bl); The second pile of warnings could be "solved" by deleting or commenting out this line: portable/crypto/compat/timegm.c Line 62 in e454895
However, it should be noted that Also note that this is a copy of musl code. |
I tried both of your suggestions and they do make these warnings [ Luckily, I'm not building musl from source :) ] |
Thanks for testing. Then I'll land a few fixes in the vicinity of that particular problem zone in cmac.c. I think it would be fine to comment out the line in the |
Do we even need timegm() anymore? I thought I got rid of all that?
… On Nov 3, 2023, at 3:53 PM, Theo Buehler ***@***.***> wrote:
Thanks for testing. Then I'll land a few fixes in the vicinity of that particular problem zone in cmac.c. I think it would be fine to comment out the line in the timegm.c code and explicitly say why it is done.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
@bob-beck there is one call left in |
Yeah, that’s silly, I can make that go away ;)
… On Nov 3, 2023, at 4:10 PM, Theo Buehler ***@***.***> wrote:
@bob-beck there is one call left in x509_verify_asn1_time_to_time_t() in x509_verify.c:
https://github.com/openbsd/src/blob/17e3ddc9933714bd053ce70afd6d575a774aee60/lib/libcrypto/x509/x509_verify.c#L78
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Unfortunately there are a few more in libtls which are a bit more annoying to fix. |
Add explanatory comments that refer to the spec so that all the weird dances make a little more sense. It turns out that this implmeentation only supports block ciphers with block sizes of 64 and 128 bits, so enforce this with a check. Simplify make_kn() to make a little more sense and make it constant time. Some stylistic fixes like checking pointers explicitly against NULL and shuffle things into an order that makes a bit more sense. Includes a fix for a warning reported by Viktor Szakats in libressl/portable#926 ok jsing
Add explanatory comments that refer to the spec so that all the weird dances make a little more sense. It turns out that this implmeentation only supports block ciphers with block sizes of 64 and 128 bits, so enforce this with a check. Simplify make_kn() to make a little more sense and make it constant time. Some stylistic fixes like checking pointers explicitly against NULL and shuffle things into an order that makes a bit more sense. Includes a fix for a warning reported by Viktor Szakats in libressl/portable#926 ok jsing
The warning in the CMAC code should also be gone with openbsd/src@8865b67 |
@botovq Great, thanks! I was looking, but in the wrong repo (https://github.com/libressl-portable/openbsd). Closing this as resolved. |
It's also there. I usually link to commits the |
Found it indeed: libressl/openbsd@0423d36 |
The text was updated successfully, but these errors were encountered: