cmac+hash: change parameter types

For consistency and safety, change the CMC and HSH functions to accept signed lengths and handle negative values as errors. Also, change the input data type to void * to not require casting in the caller.
2025-12-07 11:15:06 -05:00 · 2020-07-08 12:02:12 +02:00
parent de4ecc72d1
commit d93aa10bac
13 changed files with 64 additions and 53 deletions
--- a/cmac_nettle.c
+++ b/cmac_nettle.c
@@ -44,7 +44,7 @@ struct CMC_Instance_Record {

 /* ================================================== */

-unsigned int
+int
 CMC_GetKeyLength(CMC_Algorithm algorithm)
 {
  if (algorithm == CMC_AES128)
@@ -57,11 +57,11 @@ CMC_GetKeyLength(CMC_Algorithm algorithm)
 /* ================================================== */

 CMC_Instance
-CMC_CreateInstance(CMC_Algorithm algorithm, const unsigned char *key, unsigned int length)
+CMC_CreateInstance(CMC_Algorithm algorithm, const unsigned char *key, int length)
 {
  CMC_Instance inst;

-  if (length == 0 || length != CMC_GetKeyLength(algorithm))
+  if (length <= 0 || length != CMC_GetKeyLength(algorithm))
    return NULL;

  inst = MallocNew(struct CMC_Instance_Record);
@@ -83,10 +83,12 @@ CMC_CreateInstance(CMC_Algorithm algorithm, const unsigned char *key, unsigned i

 /* ================================================== */

-unsigned int
-CMC_Hash(CMC_Instance inst, const unsigned char *in, unsigned int in_len,
-         unsigned char *out, unsigned int out_len)
+int
+CMC_Hash(CMC_Instance inst, const void *in, int in_len, unsigned char *out, int out_len)
 {
+  if (in_len < 0 || out_len < 0)
+    return 0;
+
  if (out_len > CMAC128_DIGEST_SIZE)
    out_len = CMAC128_DIGEST_SIZE;