From c9e67109d0425fbb1d371200eefec858ae11c0bf Mon Sep 17 00:00:00 2001 From: Mattias Andrée Date: Mon, 14 Feb 2022 00:03:02 +0100 Subject: Fix previous commit --- libar2.h | 12 +++++------- libar2_hash_buf_size.3 | 23 +++++++++++++++++------ libar2_hash_buf_size.c | 8 +++++++- 3 files changed, 29 insertions(+), 14 deletions(-) diff --git a/libar2.h b/libar2.h index f121bc7..f518c8d 100644 --- a/libar2.h +++ b/libar2.h @@ -14,10 +14,8 @@ #if defined(__GNUC__) # define LIBAR2_NONNULL__(...) __attribute__((nonnull(__VA_ARGS__))) -# define LIBAR2_PURE__ __attribute__((pure)) #else # define LIBAR2_NONNULL__(...) -# define LIBAR2_PURE__ #endif #ifndef LIBAR2_PUBLIC__ @@ -664,15 +662,15 @@ int libar2_hash(void *hash, void *msg, size_t msglen, struct libar2_argon2_param * `libar2_hash` * * If `params->hashlen <= 64`, this function will - * return `params->hashlen` as is, otherwise it - * will return a value that is no greater than - * `params->hashlen + 127` + * return `params->hashlen` as is * * @param params Hashing parameters * @return The required allocation size of the - * output parameter of `libar2_hash` + * output parameter of `libar2_hash`, 0 + * with errno set to EOVERFLOW if the + * result is too large */ -LIBAR2_PUBLIC__ LIBAR2_NONNULL__(1) LIBAR2_PURE__ +LIBAR2_PUBLIC__ LIBAR2_NONNULL__(1) size_t libar2_hash_buf_size(struct libar2_argon2_parameters *params); #if defined(__clang__) diff --git a/libar2_hash_buf_size.3 b/libar2_hash_buf_size.3 index f538cfc..dcb8285 100644 --- a/libar2_hash_buf_size.3 +++ b/libar2_hash_buf_size.3 @@ -26,19 +26,30 @@ may not be .PP The return value is .I params->hashlen -if this number is 64 or less, otherwise it is +if this number is 64 or less, a multiple of 128 +that is around twice as large as .I params->hashlen -rounded up to the next multiple of 128. +(can be a bit more). .SH RETURN VALUES -See -.BR DESCRIPTION . +The +.BR libar2_hash_buf_size () +function returns the number of bytes that the +output buffer size for the +.BR libar2_hash (3) +function upon successful completion. On failure +0 is returned and +.I errno +is set to describe the error. .SH ERRORS The .BR libar2_hash_buf_size () -function cannot fail; however, if the -return value is 0, the value has overflown. +function will fail if: +.TP +.B EOVERFLOW +The resulting value is too large to fit +in the return type. .SH SEE ALSO .BR libar2 (7), diff --git a/libar2_hash_buf_size.c b/libar2_hash_buf_size.c index b165d4b..109969f 100644 --- a/libar2_hash_buf_size.c +++ b/libar2_hash_buf_size.c @@ -5,5 +5,11 @@ size_t libar2_hash_buf_size(struct libar2_argon2_parameters *params) { - return (params->hashlen > 64 && (params->hashlen & 127)) ? (params->hashlen | 127) + 1 : params->hashlen; + if (params->hashlen <= 64) + return params->hashlen; + if (params->hashlen > SIZE_MAX / 128 * 64 - 31) { + errno = EOVERFLOW; + return 0; + } + return (params->hashlen + 31) / 64 * 128; } -- cgit v1.2.3-70-g09d2