Silence -Wstringop-overflow warnings with gcc 14 on s390x

Compiling OpenSSL on s390x with gcc 14 (i.e. in Fedora 41) shows several
-Wstringop-overflow warnings in providers/implementations/rands/drbg_ctr.c
and test/params_api_test.c.

Add explicit length checks to let the compiler know that it won't overrun
the buffer. This also silences the warnings.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27710)

diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c
index b906da099184623377ead44ea8fcdb82472832a0..a5c929a2cadcbd4f08a19be4540fa3c987cc8563 100644 (file)
--- a/providers/implementations/rands/drbg_ctr.c
+++ b/providers/implementations/rands/drbg_ctr.c
@@ -23,6 +23,7 @@
 #include "crypto/evp.h"
 #include "crypto/evp/evp_local.h"
 #include "internal/provider.h"
+#include "internal/common.h"
 
 static OSSL_FUNC_rand_newctx_fn drbg_ctr_new_wrapper;
 static OSSL_FUNC_rand_freectx_fn drbg_ctr_free;
@@ -85,6 +86,8 @@ static void ctr_XOR(PROV_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
      * are XORing. So just process however much input we have.
      */
     n = inlen < ctr->keylen ? inlen : ctr->keylen;
+    if (!ossl_assert(n <= sizeof(ctr->K)))
+        return;
     for (i = 0; i < n; i++)
         ctr->K[i] ^= in[i];
     if (inlen <= ctr->keylen)

diff --git a/test/params_api_test.c b/test/params_api_test.c
index 20cf4fdf217dadf131faa874968324c47ef48973..7d82316a19ce6831992ba31877362e7556c08d71 100644 (file)
--- a/test/params_api_test.c
+++ b/test/params_api_test.c
@@ -44,6 +44,8 @@ static void le_copy(unsigned char *out, size_t outlen,
     } else {
         if (outlen < inlen)
             in = (const char *)in + inlen - outlen;
+        if (!ossl_assert(outlen <= inlen))
+            return;
         swap_copy(out, in, outlen);
     }
 }