Google Git
Sign in
boringssl/boringssl.git/faa539f877432814d0f2de19846eb99f2ea1e207^!/.
commit
faa539f877432814d0f2de19846eb99f2ea1e207
[log]
author
Adam Langley <agl@google.com>
Thu Mar 30 10:06:42 2017 -0700
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Sun Apr 02 17:53:17 2017 +0000
tree
cf237a6ff0daace3c66ffda12532ae643df4e0e9
parent
ebcb5beb192686d6e8cbd4abd2b8e7a84fb81fb5 [diff]
Remove static output buffers for hash & HMAC functions.

These static output buffers are a legacy from a time before processes
had threads. This change drops support and callers who were depending on
this (of which there are hopefully none) will crash.

Change-Id: I7b8eb3440def507f92543e55465f821dfa02c7da
Reviewed-on: https://boringssl-review.googlesource.com/14528
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/crypto/constant_time_test.cc b/crypto/constant_time_test.cc
index 5ae0c37..0ad7192 100644
--- a/crypto/constant_time_test.cc
+++ b/crypto/constant_time_test.cc

@@ -62,7 +62,7 @@
   return b ? CONSTTIME_TRUE_S : CONSTTIME_FALSE_S;
 }
 
-static uint8_t test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255};
+static const uint8_t test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255};
 
 static size_t test_values_s[] = {
     0,

diff --git a/crypto/digest/digest_test.cc b/crypto/digest/digest_test.cc
index 36a62ab..15c48e0 100644
--- a/crypto/digest/digest_test.cc
+++ b/crypto/digest/digest_test.cc

@@ -225,13 +225,6 @@
     if (!CompareDigest(test, digest.get(), EVP_MD_size(test->md.func()))) {
       return false;
     }
-
-    // Test the deprecated static buffer variant, until it's removed.
-    out = test->md.one_shot_func((const uint8_t *)test->input,
-                                 strlen(test->input), NULL);
-    if (!CompareDigest(test, out, EVP_MD_size(test->md.func()))) {
-      return false;
-    }
   }
 
   return true;

diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index a252667..931f7a1 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c

@@ -69,15 +69,6 @@
               const uint8_t *data, size_t data_len, uint8_t *out,
               unsigned int *out_len) {
   HMAC_CTX ctx;
-  static uint8_t static_out_buffer[EVP_MAX_MD_SIZE];
-
-  /* OpenSSL has traditionally supported using a static buffer if |out| is
-   * NULL. We maintain that but don't document it. This behaviour should be
-   * considered to be deprecated. */
-  if (out == NULL) {
-    out = static_out_buffer;
-  }
-
   HMAC_CTX_init(&ctx);
   if (!HMAC_Init_ex(&ctx, key, key_len, evp_md, NULL) ||
       !HMAC_Update(&ctx, data, data_len) ||

diff --git a/crypto/md5/md5.c b/crypto/md5/md5.c
index 7712f47..adc5957 100644
--- a/crypto/md5/md5.c
+++ b/crypto/md5/md5.c

@@ -65,13 +65,6 @@
 
 uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out) {
   MD5_CTX ctx;
-  static uint8_t digest[MD5_DIGEST_LENGTH];
-
-  /* TODO(fork): remove this static buffer. */
-  if (out == NULL) {
-    out = digest;
-  }
-
   MD5_Init(&ctx);
   MD5_Update(&ctx, data, len);
   MD5_Final(out, &ctx);

diff --git a/crypto/sha/sha1.c b/crypto/sha/sha1.c
index 7c72713..4eb8189 100644
--- a/crypto/sha/sha1.c
+++ b/crypto/sha/sha1.c

@@ -82,12 +82,6 @@
 
 uint8_t *SHA1(const uint8_t *data, size_t len, uint8_t *out) {
   SHA_CTX ctx;
-  static uint8_t buf[SHA_DIGEST_LENGTH];
-
-  /* TODO(fork): remove this static buffer. */
-  if (out == NULL) {
-    out = buf;
-  }
   if (!SHA1_Init(&ctx)) {
     return NULL;
   }

diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index fb950d7..c3bd5ad 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c

@@ -99,12 +99,6 @@
 
 uint8_t *SHA224(const uint8_t *data, size_t len, uint8_t *out) {
   SHA256_CTX ctx;
-  static uint8_t buf[SHA224_DIGEST_LENGTH];
-
-  /* TODO(fork): remove this static buffer. */
-  if (out == NULL) {
-    out = buf;
-  }
   SHA224_Init(&ctx);
   SHA224_Update(&ctx, data, len);
   SHA224_Final(out, &ctx);
@@ -114,12 +108,6 @@
 
 uint8_t *SHA256(const uint8_t *data, size_t len, uint8_t *out) {
   SHA256_CTX ctx;
-  static uint8_t buf[SHA256_DIGEST_LENGTH];
-
-  /* TODO(fork): remove this static buffer. */
-  if (out == NULL) {
-    out = buf;
-  }
   SHA256_Init(&ctx);
   SHA256_Update(&ctx, data, len);
   SHA256_Final(out, &ctx);

diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index 8761150..e8284f1 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c

@@ -123,13 +123,6 @@
 
 uint8_t *SHA384(const uint8_t *data, size_t len, uint8_t *out) {
   SHA512_CTX ctx;
-  static uint8_t buf[SHA384_DIGEST_LENGTH];
-
-  /* TODO(fork): remove this static buffer. */
-  if (out == NULL) {
-    out = buf;
-  }
-
   SHA384_Init(&ctx);
   SHA384_Update(&ctx, data, len);
   SHA384_Final(out, &ctx);
@@ -139,12 +132,6 @@
 
 uint8_t *SHA512(const uint8_t *data, size_t len, uint8_t *out) {
   SHA512_CTX ctx;
-  static uint8_t buf[SHA512_DIGEST_LENGTH];
-
-  /* TODO(fork): remove this static buffer. */
-  if (out == NULL) {
-    out = buf;
-  }
   SHA512_Init(&ctx);
   SHA512_Update(&ctx, data, len);
   SHA512_Final(out, &ctx);