aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--libar2.h12
-rw-r--r--libar2_hash_buf_size.323
-rw-r--r--libar2_hash_buf_size.c8
3 files changed, 29 insertions, 14 deletions
diff --git a/libar2.h b/libar2.h
index f121bc7..f518c8d 100644
--- a/libar2.h
+++ b/libar2.h
@@ -14,10 +14,8 @@
#if defined(__GNUC__)
# define LIBAR2_NONNULL__(...) __attribute__((nonnull(__VA_ARGS__)))
-# define LIBAR2_PURE__ __attribute__((pure))
#else
# define LIBAR2_NONNULL__(...)
-# define LIBAR2_PURE__
#endif
#ifndef LIBAR2_PUBLIC__
@@ -664,15 +662,15 @@ int libar2_hash(void *hash, void *msg, size_t msglen, struct libar2_argon2_param
* `libar2_hash`
*
* If `params->hashlen <= 64`, this function will
- * return `params->hashlen` as is, otherwise it
- * will return a value that is no greater than
- * `params->hashlen + 127`
+ * return `params->hashlen` as is
*
* @param params Hashing parameters
* @return The required allocation size of the
- * output parameter of `libar2_hash`
+ * output parameter of `libar2_hash`, 0
+ * with errno set to EOVERFLOW if the
+ * result is too large
*/
-LIBAR2_PUBLIC__ LIBAR2_NONNULL__(1) LIBAR2_PURE__
+LIBAR2_PUBLIC__ LIBAR2_NONNULL__(1)
size_t libar2_hash_buf_size(struct libar2_argon2_parameters *params);
#if defined(__clang__)
diff --git a/libar2_hash_buf_size.3 b/libar2_hash_buf_size.3
index f538cfc..dcb8285 100644
--- a/libar2_hash_buf_size.3
+++ b/libar2_hash_buf_size.3
@@ -26,19 +26,30 @@ may not be
.PP
The return value is
.I params->hashlen
-if this number is 64 or less, otherwise it is
+if this number is 64 or less, a multiple of 128
+that is around twice as large as
.I params->hashlen
-rounded up to the next multiple of 128.
+(can be a bit more).
.SH RETURN VALUES
-See
-.BR DESCRIPTION .
+The
+.BR libar2_hash_buf_size ()
+function returns the number of bytes that the
+output buffer size for the
+.BR libar2_hash (3)
+function upon successful completion. On failure
+0 is returned and
+.I errno
+is set to describe the error.
.SH ERRORS
The
.BR libar2_hash_buf_size ()
-function cannot fail; however, if the
-return value is 0, the value has overflown.
+function will fail if:
+.TP
+.B EOVERFLOW
+The resulting value is too large to fit
+in the return type.
.SH SEE ALSO
.BR libar2 (7),
diff --git a/libar2_hash_buf_size.c b/libar2_hash_buf_size.c
index b165d4b..109969f 100644
--- a/libar2_hash_buf_size.c
+++ b/libar2_hash_buf_size.c
@@ -5,5 +5,11 @@
size_t
libar2_hash_buf_size(struct libar2_argon2_parameters *params)
{
- return (params->hashlen > 64 && (params->hashlen & 127)) ? (params->hashlen | 127) + 1 : params->hashlen;
+ if (params->hashlen <= 64)
+ return params->hashlen;
+ if (params->hashlen > SIZE_MAX / 128 * 64 - 31) {
+ errno = EOVERFLOW;
+ return 0;
+ }
+ return (params->hashlen + 31) / 64 * 128;
}