Work around language and compiler bug in memcpy, etc.

Most C standard library functions are undefined if passed NULL, even when the corresponding length is zero. This gives them (and, in turn, all functions which call them) surprising behavior on empty arrays. Some compilers will miscompile code due to this rule. See also https://www.imperialviolet.org/2016/06/26/nonnull.html Add OPENSSL_memcpy, etc., wrappers which avoid this problem. BUG=23 Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e Reviewed-on: https://boringssl-review.googlesource.com/12928 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@google.com> 2016-12-13 01:07:13 -0500
committer: Adam Langley <agl@google.com> 2016-12-21 20:34:47 +0000
commit: 17cf2cb1d226b0ba2401304242df7ddd3b6f1ff2 (patch)
tree: 3e6b6da76353a25cad1850c46668107690e8b245 /decrepit/ripemd
parent: 56cadc3daf9090d7536d92319f0c6e7a39bf7f4f (diff)
download: boringssl-17cf2cb1d226b0ba2401304242df7ddd3b6f1ff2.zip
boringssl-17cf2cb1d226b0ba2401304242df7ddd3b6f1ff2.tar.gz
boringssl-17cf2cb1d226b0ba2401304242df7ddd3b6f1ff2.tar.bz2
2 files changed, 5 insertions, 4 deletions
diff --git a/decrepit/ripemd/ripemd.c b/decrepit/ripemd/ripemd.c
index ce47c28..ab9bc32 100644
--- a/decrepit/ripemd/ripemd.c
+++ b/decrepit/ripemd/ripemd.c
@@ -62,7 +62,7 @@
 
 
 int RIPEMD160_Init(RIPEMD160_CTX *ctx) {
-  memset(ctx, 0, sizeof(*ctx));
+  OPENSSL_memset(ctx, 0, sizeof(*ctx));
   ctx->h[0] = RIPEMD160_A;
   ctx->h[1] = RIPEMD160_B;
   ctx->h[2] = RIPEMD160_C;
diff --git a/decrepit/ripemd/ripemd_test.cc b/decrepit/ripemd/ripemd_test.cc
index ebcabdf..e39c893 100644
--- a/decrepit/ripemd/ripemd_test.cc
+++ b/decrepit/ripemd/ripemd_test.cc
@@ -19,6 +19,7 @@
 #include <stdio.h>
 #include <string.h>
 
+#include "../../crypto/internal.h"
 #include "../../crypto/test/test_util.h"
 
 
@@ -85,7 +86,7 @@ int main(void) {
         RIPEMD160_Final(digest, &ctx);
       }
 
-      if (memcmp(digest, test.expected, sizeof(digest)) != 0) {
+      if (OPENSSL_memcmp(digest, test.expected, sizeof(digest)) != 0) {
         fprintf(stderr, "#%u: bad result with stride %u: ", test_num,
                 static_cast<unsigned>(stride));
         hexdump(stderr, "", digest, sizeof(digest));
@@ -96,7 +97,7 @@ int main(void) {
 
   static const size_t kLargeBufSize = 1000000;
   std::unique_ptr<uint8_t[]> buf(new uint8_t[kLargeBufSize]);
-  memset(buf.get(), 'a', kLargeBufSize);
+  OPENSSL_memset(buf.get(), 'a', kLargeBufSize);
   uint8_t digest[RIPEMD160_DIGEST_LENGTH];
   RIPEMD160(buf.get(), kLargeBufSize, digest);
 
@@ -104,7 +105,7 @@ int main(void) {
       0x52, 0x78, 0x32, 0x43, 0xc1, 0x69, 0x7b, 0xdb, 0xe1, 0x6d,
       0x37, 0xf9, 0x7f, 0x68, 0xf0, 0x83, 0x25, 0xdc, 0x15, 0x28};
 
-  if (memcmp(digest, kMillionADigest, sizeof(digest)) != 0) {
+  if (OPENSSL_memcmp(digest, kMillionADigest, sizeof(digest)) != 0) {
     fprintf(stderr, "Digest incorrect for “million a's” test: ");
     hexdump(stderr, "", digest, sizeof(digest));
     ok = 0;
author	David Benjamin <davidben@google.com>	2016-12-13 01:07:13 -0500
committer	Adam Langley <agl@google.com>	2016-12-21 20:34:47 +0000
commit	17cf2cb1d226b0ba2401304242df7ddd3b6f1ff2 (patch)
tree	3e6b6da76353a25cad1850c46668107690e8b245 /decrepit/ripemd
parent	56cadc3daf9090d7536d92319f0c6e7a39bf7f4f (diff)
download	boringssl-17cf2cb1d226b0ba2401304242df7ddd3b6f1ff2.zip boringssl-17cf2cb1d226b0ba2401304242df7ddd3b6f1ff2.tar.gz boringssl-17cf2cb1d226b0ba2401304242df7ddd3b6f1ff2.tar.bz2