Silence -Wstringop-overflow warnings with gcc 14 on s390x

Compiling OpenSSL on s390x with gcc 14 (i.e. in Fedora 41) shows several
-Wstringop-overflow warnings in providers/implementations/rands/drbg_ctr.c
and test/params_api_test.c.

Add explicit length checks to let the compiler know that it won't overrun
the buffer. This also silences the warnings.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27710)

(cherry picked from commit 9a788281d91f698d6a229d588b9cb36987549669)

diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c
index 21fdce640816dccc3ebbe7faa0edb789dabbf5d0..2bc355e0def824070f265b76eb3428b673c9038a 100644 (file)
--- a/providers/implementations/rands/drbg_ctr.c
+++ b/providers/implementations/rands/drbg_ctr.c
@@ -20,6 +20,7 @@
 #include "prov/providercommon.h"
 #include "prov/provider_ctx.h"
 #include "drbg_local.h"
+#include "internal/common.h"
 
 static OSSL_FUNC_rand_newctx_fn drbg_ctr_new_wrapper;
 static OSSL_FUNC_rand_freectx_fn drbg_ctr_free;
@@ -80,6 +81,8 @@ static void ctr_XOR(PROV_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
      * are XORing. So just process however much input we have.
      */
     n = inlen < ctr->keylen ? inlen : ctr->keylen;
+    if (!ossl_assert(n <= sizeof(ctr->K)))
+        return;
     for (i = 0; i < n; i++)
         ctr->K[i] ^= in[i];
     if (inlen <= ctr->keylen)