commit 0aff3ffb8882a161de9550cc4ea8caacc713aadb
author David Benjamin <davidben@chromium.org> Mon Dec 07 13:17:03 2015 -0500
committer Adam Langley <agl@google.com> Wed Dec 16 19:59:29 2015 +0000
tree f8277b7c908d0ec7c79003e1d142570a906ea5d2
parent 5a19d7dfa8abe611da91d3b90f3313611bc9b3c4

Store the partial block as uint8_t, not uint32_t.

The uint32_t likely dates to them using HASH_LONG everywhere. Nothing ever
touches c->data as a uint32_t, only bytes. (Which makes sense seeing as it
stores the partial block.)

Change-Id: I634cb7f2b6306523aa663f8697b7dc92aa491320
Reviewed-on: https://boringssl-review.googlesource.com/6651
Reviewed-by: Adam Langley <agl@google.com>

crypto/digest/md32_common.h

diff --git a/crypto/digest/md32_common.h b/crypto/digest/md32_common.h
index 716e029..25665db 100644
--- a/crypto/digest/md32_common.h
+++ b/crypto/digest/md32_common.h
@@ -77,7 +77,7 @@
  *     typedef struct <name>_state_st {
  *       uint32_t h[<chaining length> / sizeof(uint32_t)];
  *       uint32_t Nl, Nh;
- *       uint32_t data[HASH_CBLOCK / sizeof(uint32_t)];
+ *       uint8_t data[HASH_CBLOCK];
  *       unsigned num;
  *       ...
  *     } <NAME>_CTX;
@@ -245,19 +245,17 @@
 
   size_t n = c->num;
   if (n != 0) {
-    uint8_t *p = (uint8_t *)c->data;
-
     if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
-      memcpy(p + n, data, HASH_CBLOCK - n);
-      HASH_BLOCK_DATA_ORDER(c->h, p, 1);
+      memcpy(c->data + n, data, HASH_CBLOCK - n);
+      HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
       n = HASH_CBLOCK - n;
       data += n;
       len -= n;
       c->num = 0;
       /* Keep |c->data| zeroed when unused. */
-      memset(p, 0, HASH_CBLOCK);
+      memset(c->data, 0, HASH_CBLOCK);
     } else {
-      memcpy(p + n, data, len);
+      memcpy(c->data + n, data, len);
       c->num += (unsigned)len;
       return 1;
     }
@@ -272,9 +270,8 @@
   }
 
   if (len != 0) {
-    uint8_t *p = (uint8_t *)c->data;
     c->num = (unsigned)len;
-    memcpy(p, data, len);
+    memcpy(c->data, data, len);
   }
   return 1;
 }
@@ -286,23 +283,23 @@
 
 
 int HASH_FINAL(uint8_t *md, HASH_CTX *c) {
-  uint8_t *p = (uint8_t *)c->data;
-  size_t n = c->num;
-
   /* |c->data| always has room for at least one byte. A full block would have
    * been consumed. */
+  size_t n = c->num;
   assert(n < HASH_CBLOCK);
-  p[n] = 0x80;
+  c->data[n] = 0x80;
   n++;
 
+  /* Fill the block with zeros if there isn't room for a 64-bit length. */
   if (n > (HASH_CBLOCK - 8)) {
-    memset(p + n, 0, HASH_CBLOCK - n);
+    memset(c->data + n, 0, HASH_CBLOCK - n);
     n = 0;
-    HASH_BLOCK_DATA_ORDER(c->h, p, 1);
+    HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
   }
-  memset(p + n, 0, HASH_CBLOCK - 8 - n);
+  memset(c->data + n, 0, HASH_CBLOCK - 8 - n);
 
-  p += HASH_CBLOCK - 8;
+  /* Append a 64-bit length to the block and process it. */
+  uint8_t *p = c->data + HASH_CBLOCK - 8;
 #if defined(DATA_ORDER_IS_BIG_ENDIAN)
   (void)HOST_l2c(c->Nh, p);
   (void)HOST_l2c(c->Nl, p);
@@ -310,10 +307,10 @@
   (void)HOST_l2c(c->Nl, p);
   (void)HOST_l2c(c->Nh, p);
 #endif
-  p -= HASH_CBLOCK;
-  HASH_BLOCK_DATA_ORDER(c->h, p, 1);
+  assert(p == c->data + HASH_CBLOCK);
+  HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
   c->num = 0;
-  memset(p, 0, HASH_CBLOCK);
+  memset(c->data, 0, HASH_CBLOCK);
 
   HASH_MAKE_STRING(c, md);
   return 1;