From 37f114a73ba37219b00a66f0a51219a696599745 Mon Sep 17 00:00:00 2001 From: Samuel Neves Date: Fri, 11 May 2018 21:15:55 +0100 Subject: chacha20poly1305: make gcc 8.1 happy GCC 8.1 does not know about the invariant `0 <= ctx->num < POLY1305_BLOCK_SIZE`. This results in a warning that `memcpy(ctx->data + num, inp, len);` may overflow the `data` field, which is correct for arbitrary values of `num`. To make the invariant explicit we ensure that `num` is in the required range. An alternative would be to change `ctx->num` to a 4-bit bitfield at the point of declaration. This changes the code from `test ebp, ebp; jz end` to `and ebp, 15; jz end`, which have identical performance characteristics. Signed-off-by: Samuel Neves --- src/crypto/chacha20poly1305.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/crypto/chacha20poly1305.c b/src/crypto/chacha20poly1305.c index 353cdf9..c066d93 100644 --- a/src/crypto/chacha20poly1305.c +++ b/src/crypto/chacha20poly1305.c @@ -536,7 +536,7 @@ static inline void poly1305_emit(void *ctx, u8 mac[16], const u32 nonce[4], bool static void poly1305_update(struct poly1305_ctx *ctx, const u8 *inp, size_t len, bool have_simd) { - const size_t num = ctx->num; + const size_t num = ctx->num % POLY1305_BLOCK_SIZE; size_t rem; if (num) { @@ -570,7 +570,7 @@ static void poly1305_update(struct poly1305_ctx *ctx, const u8 *inp, size_t len, static void poly1305_finish(struct poly1305_ctx *ctx, u8 mac[16], bool have_simd) { - size_t num = ctx->num; + size_t num = ctx->num % POLY1305_BLOCK_SIZE; if (num) { ctx->data[num++] = 1; /* pad bit */ -- cgit v1.2.3-59-g8ed1b