summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorSamuel Neves <sneves@dei.uc.pt>2018-05-11 21:15:55 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2018-05-13 16:58:53 +0200
commitac659ac1f0a4b18d56b1fa0cc85cbbdff86e3494 (patch)
tree83105089072768075789b190a25a387f73958bd9
parentb2c20c032ab89e24c8210b1159348e48d917aea2 (diff)
chacha20poly1305: make gcc 8.1 happy
GCC 8.1 does not know about the invariant `0 <= ctx->num < POLY1305_BLOCK_SIZE`. This results in a warning that `memcpy(ctx->data + num, inp, len);` may overflow the `data` field, which is correct for arbitrary values of `num`. To make the invariant explicit we ensure that `num` is in the required range. An alternative would be to change `ctx->num` to a 4-bit bitfield at the point of declaration. This changes the code from `test ebp, ebp; jz end` to `and ebp, 15; jz end`, which have identical performance characteristics. Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r--src/crypto/chacha20poly1305.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/crypto/chacha20poly1305.c b/src/crypto/chacha20poly1305.c
index 353cdf9..c066d93 100644
--- a/src/crypto/chacha20poly1305.c
+++ b/src/crypto/chacha20poly1305.c
@@ -536,7 +536,7 @@ static inline void poly1305_emit(void *ctx, u8 mac[16], const u32 nonce[4], bool
static void poly1305_update(struct poly1305_ctx *ctx, const u8 *inp, size_t len, bool have_simd)
{
- const size_t num = ctx->num;
+ const size_t num = ctx->num % POLY1305_BLOCK_SIZE;
size_t rem;
if (num) {
@@ -570,7 +570,7 @@ static void poly1305_update(struct poly1305_ctx *ctx, const u8 *inp, size_t len,
static void poly1305_finish(struct poly1305_ctx *ctx, u8 mac[16], bool have_simd)
{
- size_t num = ctx->num;
+ size_t num = ctx->num % POLY1305_BLOCK_SIZE;
if (num) {
ctx->data[num++] = 1; /* pad bit */