Change sha256 output type from an array to a pointer

The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-224 hash into a
28-byte buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-05-13 00:45:25 +02:00
parent 3e3a6789d1
commit d7b3d92476
4 changed files with 17 additions and 14 deletions

View file

@ -1,5 +1,6 @@
API changes
* The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-384 hash into a
48-byte buffer.
* The output parameter of mbedtls_sha512_finish_ret, mbedtls_sha512_ret,
mbedtls_sha256_finish_ret and mbedtls_sha256_ret now has a pointer type
rather than array type. This removes spurious warnings in some compilers
when outputting a SHA-384 or SHA-224 hash into a buffer of exactly
the hash size.

View file

@ -1,8 +1,8 @@
SHA-512 output type change
SHA-512 and SHA-256 output type change
--------------------------
The output parameter of `mbedtls_sha512_finish_ret()` and `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer.
The output parameter of `mbedtls_sha256_finish_ret()`, `mbedtls_sha256_ret()`, `mbedtls_sha512_finish_ret()`, `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer or a SHA-224 hash into a 28-byte buffer.
This makes no difference to a vast majority of applications. If your code takes a pointer to one of these functions, you may need to change the type of the pointer.
Alternative implementations of the SHA512 module must adjust their functions' prototype accordingly.
Alternative implementations of the SHA256 and SHA512 modules must adjust their functions' prototype accordingly.

View file

@ -127,13 +127,14 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
* \param ctx The SHA-256 context. This must be initialized
* and have a hash operation started.
* \param output The SHA-224 or SHA-256 checksum result.
* This must be a writable buffer of length \c 32 Bytes.
* This must be a writable buffer of length \c 32 bytes
* for SHA-256, 28 bytes for SHA-224.
*
* \return \c 0 on success.
* \return A negative error code on failure.
*/
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
unsigned char output[32] );
unsigned char *output );
/**
* \brief This function processes a single data block within
@ -163,14 +164,15 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
* \param input The buffer holding the data. This must be a readable
* buffer of length \p ilen Bytes.
* \param ilen The length of the input data in Bytes.
* \param output The SHA-224 or SHA-256 checksum result. This must
* be a writable buffer of length \c 32 Bytes.
* \param output The SHA-224 or SHA-256 checksum result.
* This must be a writable buffer of length \c 32 bytes
* for SHA-256, 28 bytes for SHA-224.
* \param is224 Determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
*/
int mbedtls_sha256_ret( const unsigned char *input,
size_t ilen,
unsigned char output[32],
unsigned char *output,
int is224 );
#if defined(MBEDTLS_SELF_TEST)

View file

@ -332,7 +332,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx,
* SHA-256 final digest
*/
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
unsigned char output[32] )
unsigned char *output )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
uint32_t used;
@ -401,7 +401,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
*/
int mbedtls_sha256_ret( const unsigned char *input,
size_t ilen,
unsigned char output[32],
unsigned char *output,
int is224 )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;