CVS commit: [netbsd-9] src/sys/crypto/nist_hash_drbg

2022-09-18 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Sun Sep 18 13:36:29 UTC 2022

Modified Files:
src/sys/crypto/nist_hash_drbg [netbsd-9]: nist_hash_drbg.c

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1530):

sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.2
sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.3

Use CTASSERT where possible, run-time assertion where not.

Should fix negative-length variable-length array found by kamil.

Use an explicit run-time assertion where compile-time doesn't work.


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.2 -r1.1.2.3 \
src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c
diff -u src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c:1.1.2.2 src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c:1.1.2.3
--- src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c:1.1.2.2	Tue Sep  3 07:47:59 2019
+++ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c	Sun Sep 18 13:36:29 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: nist_hash_drbg.c,v 1.1.2.2 2019/09/03 07:47:59 martin Exp $	*/
+/*	$NetBSD: nist_hash_drbg.c,v 1.1.2.3 2022/09/18 13:36:29 martin Exp $	*/
 
 /*-
  * Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -49,7 +49,7 @@
 
 #ifdef _KERNEL
 #include 
-__KERNEL_RCSID(0, "$NetBSD: nist_hash_drbg.c,v 1.1.2.2 2019/09/03 07:47:59 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nist_hash_drbg.c,v 1.1.2.3 2022/09/18 13:36:29 martin Exp $");
 #endif
 
 #include 
@@ -1087,7 +1087,9 @@ nist_hash_drbg_initialize(void)
 			kat[i].reseed ? 0 : kat[i].additional[0]->hv_len);
 			reseed_counter++;
 			CHECK(i, "V[1]", D->V, kat[i].V[1], SEEDLEN_BYTES);
-			CHECK(i, "rnd_val[0]", rnd_val, kat[i].rnd_val[0],
+			ASSERT(sizeof(kat[i].rnd_val[0]) - trunc <=
+			sizeof rnd_val);
+			check(i, "rnd_val[0]", rnd_val, kat[i].rnd_val[0],
 			sizeof(kat[i].rnd_val[0]) - trunc);
 			if (D->reseed_counter != reseed_counter) {
 DPRINTF("bad reseed counter: %u, expected %u",
@@ -1109,7 +,9 @@ nist_hash_drbg_initialize(void)
 			kat[i].reseed ? 0 : kat[i].additional[1]->hv_len);
 			reseed_counter++;
 			CHECK(i, "V[2]", D->V, kat[i].V[2], SEEDLEN_BYTES);
-			CHECK(i, "rnd_val[1]", rnd_val, kat[i].rnd_val[1],
+			ASSERT(sizeof(kat[i].rnd_val[1]) - trunc <=
+			sizeof rnd_val);
+			check(i, "rnd_val[1]", rnd_val, kat[i].rnd_val[1],
 			sizeof(kat[i].rnd_val[1]) - trunc);
 			if (D->reseed_counter != reseed_counter) {
 DPRINTF("bad reseed counter: %u, expected %u",

CVS commit: [netbsd-9] src/sys/crypto/nist_hash_drbg

2022-09-18 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Sun Sep 18 13:36:29 UTC 2022

Modified Files:
src/sys/crypto/nist_hash_drbg [netbsd-9]: nist_hash_drbg.c

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #1530):

sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.2
sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.3

Use CTASSERT where possible, run-time assertion where not.

Should fix negative-length variable-length array found by kamil.

Use an explicit run-time assertion where compile-time doesn't work.


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.2 -r1.1.2.3 \
src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.