Silence -Wstringop-overflow warnings with gcc 14 on s390x

Compiling OpenSSL on s390x with gcc 14 (i.e. in Fedora 41) shows several
-Wstringop-overflow warnings in providers/implementations/rands/drbg_ctr.c
and test/params_api_test.c.

Add explicit length checks to let the compiler know that it won't overrun
the buffer. This also silences the warnings.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27710)

(cherry picked from commit 9a788281d91f698d6a229d588b9cb36987549669)

diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c
index 0c4553ad58ddacd0c9e1e0e3f6251fc1a2986fba..10460cd09410bfcc13345cbb8b83fa62ff9a90a2 100644 (file)
--- a/providers/implementations/rands/drbg_ctr.c
+++ b/providers/implementations/rands/drbg_ctr.c
@@ -20,6 +20,7 @@
 #include "prov/providercommon.h"
 #include "prov/provider_ctx.h"
 #include "drbg_local.h"
+#include "internal/common.h"
 
 static OSSL_FUNC_rand_newctx_fn drbg_ctr_new_wrapper;
 static OSSL_FUNC_rand_freectx_fn drbg_ctr_free;
@@ -82,6 +83,8 @@ static void ctr_XOR(PROV_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
      * are XORing. So just process however much input we have.
      */
     n = inlen < ctr->keylen ? inlen : ctr->keylen;
+    if (!ossl_assert(n <= sizeof(ctr->K)))
+        return;
     for (i = 0; i < n; i++)
         ctr->K[i] ^= in[i];
     if (inlen <= ctr->keylen)

diff --git a/test/params_api_test.c b/test/params_api_test.c
index 715c2718bb3269f1f005ce0d0a81004eae1f04f1..84ccbf5a14927f70e364b246a713ae84ebd989eb 100644 (file)
--- a/test/params_api_test.c
+++ b/test/params_api_test.c
@@ -44,6 +44,8 @@ static void le_copy(unsigned char *out, size_t outlen,
     } else {
         if (outlen < inlen)
             in = (const char *)in + inlen - outlen;
+        if (!ossl_assert(outlen <= inlen))
+            return;
         swap_copy(out, in, outlen);
     }
 }