include/crypto/chacha.h | 12 ++++----- include/crypto/curve25519.h | 24 ++++++++++------- include/crypto/md5.h | 11 ++++---- include/crypto/poly1305.h | 2 +- include/crypto/sha1.h | 12 +++++---- include/crypto/sha2.h | 53 ++++++++++++++++++++++--------------- 6 files changed, 65 insertions(+), 49 deletions(-)
This series depends on the 'at_least' macro added by
https://lore.kernel.org/r/20251122025510.1625066-4-Jason@zx2c4.com
It can also be retrieved from
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git more-at-least-decorations-v1
Add the at_least (i.e. 'static') decoration to the fixed-size array
parameters of more of the crypto library functions. This causes clang
to generate a warning if a too-small array of known size is passed.
Eric Biggers (6):
lib/crypto: chacha: Add at_least decoration to fixed-size array params
lib/crypto: curve25519: Add at_least decoration to fixed-size array
params
lib/crypto: md5: Add at_least decoration to fixed-size array params
lib/crypto: poly1305: Add at_least decoration to fixed-size array
params
lib/crypto: sha1: Add at_least decoration to fixed-size array params
lib/crypto: sha2: Add at_least decoration to fixed-size array params
include/crypto/chacha.h | 12 ++++-----
include/crypto/curve25519.h | 24 ++++++++++-------
include/crypto/md5.h | 11 ++++----
include/crypto/poly1305.h | 2 +-
include/crypto/sha1.h | 12 +++++----
include/crypto/sha2.h | 53 ++++++++++++++++++++++---------------
6 files changed, 65 insertions(+), 49 deletions(-)
base-commit: 86d930bb1c19ec798fd432c5b8f25912373c98b2
--
2.51.2
On Sat, Nov 22, 2025 at 11:42:00AM -0800, Eric Biggers wrote: > This series depends on the 'at_least' macro added by > https://lore.kernel.org/r/20251122025510.1625066-4-Jason@zx2c4.com > It can also be retrieved from > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git more-at-least-decorations-v1 > > Add the at_least (i.e. 'static') decoration to the fixed-size array > parameters of more of the crypto library functions. This causes clang > to generate a warning if a too-small array of known size is passed. > > Eric Biggers (6): > lib/crypto: chacha: Add at_least decoration to fixed-size array params > lib/crypto: curve25519: Add at_least decoration to fixed-size array > params > lib/crypto: md5: Add at_least decoration to fixed-size array params > lib/crypto: poly1305: Add at_least decoration to fixed-size array > params > lib/crypto: sha1: Add at_least decoration to fixed-size array params > lib/crypto: sha2: Add at_least decoration to fixed-size array params > Applied this series to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next The build errors should be gone now, since I rebased it on top of Jason's v4 patch (https://lore.kernel.org/linux-crypto/20251123054819.2371989-3-Jason@zx2c4.com/). - Eric
On Sat, 22 Nov 2025 at 20:42, Eric Biggers <ebiggers@kernel.org> wrote: > > This series depends on the 'at_least' macro added by > https://lore.kernel.org/r/20251122025510.1625066-4-Jason@zx2c4.com > It can also be retrieved from > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git more-at-least-decorations-v1 > > Add the at_least (i.e. 'static') decoration to the fixed-size array > parameters of more of the crypto library functions. This causes clang > to generate a warning if a too-small array of known size is passed. > FTR GCC does so too. > Eric Biggers (6): > lib/crypto: chacha: Add at_least decoration to fixed-size array params > lib/crypto: curve25519: Add at_least decoration to fixed-size array > params > lib/crypto: md5: Add at_least decoration to fixed-size array params > lib/crypto: poly1305: Add at_least decoration to fixed-size array > params > lib/crypto: sha1: Add at_least decoration to fixed-size array params > lib/crypto: sha2: Add at_least decoration to fixed-size array params > Acked-by: Ard Biesheuvel <ardb@kernel.org> > include/crypto/chacha.h | 12 ++++----- > include/crypto/curve25519.h | 24 ++++++++++------- > include/crypto/md5.h | 11 ++++---- > include/crypto/poly1305.h | 2 +- > include/crypto/sha1.h | 12 +++++---- > include/crypto/sha2.h | 53 ++++++++++++++++++++++--------------- > 6 files changed, 65 insertions(+), 49 deletions(-) > > > base-commit: 86d930bb1c19ec798fd432c5b8f25912373c98b2 > -- > 2.51.2 >
On Sun, Nov 23, 2025 at 09:31:19AM +0100, Ard Biesheuvel wrote: > On Sat, 22 Nov 2025 at 20:42, Eric Biggers <ebiggers@kernel.org> wrote: > > > > This series depends on the 'at_least' macro added by > > https://lore.kernel.org/r/20251122025510.1625066-4-Jason@zx2c4.com > > It can also be retrieved from > > > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git more-at-least-decorations-v1 > > > > Add the at_least (i.e. 'static') decoration to the fixed-size array > > parameters of more of the crypto library functions. This causes clang > > to generate a warning if a too-small array of known size is passed. > > > > FTR GCC does so too. See https://lore.kernel.org/linux-crypto/20251115021430.GA2148@sol/ Unfortunately gcc puts these warnings under -Wstringop-overflow which the kernel disables, so we don't see them. clang works, though. - Eric
On Sun, Nov 23, 2025 at 9:37 PM Eric Biggers <ebiggers@kernel.org> wrote: > > On Sun, Nov 23, 2025 at 09:31:19AM +0100, Ard Biesheuvel wrote: > > On Sat, 22 Nov 2025 at 20:42, Eric Biggers <ebiggers@kernel.org> wrote: > > > > > > This series depends on the 'at_least' macro added by > > > https://lore.kernel.org/r/20251122025510.1625066-4-Jason@zx2c4.com > > > It can also be retrieved from > > > > > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git more-at-least-decorations-v1 > > > > > > Add the at_least (i.e. 'static') decoration to the fixed-size array > > > parameters of more of the crypto library functions. This causes clang > > > to generate a warning if a too-small array of known size is passed. > > > > > > > FTR GCC does so too. > > See https://lore.kernel.org/linux-crypto/20251115021430.GA2148@sol/ > Unfortunately gcc puts these warnings under -Wstringop-overflow which > the kernel disables, so we don't see them. clang works, though. Is that disabling new? Look at the commit message in my chapoly patch... The warning shown there happened from a real live kernel build. Jason
On Sun, Nov 23, 2025 at 09:38:49PM +0100, Jason A. Donenfeld wrote: > On Sun, Nov 23, 2025 at 9:37 PM Eric Biggers <ebiggers@kernel.org> wrote: > > > > On Sun, Nov 23, 2025 at 09:31:19AM +0100, Ard Biesheuvel wrote: > > > On Sat, 22 Nov 2025 at 20:42, Eric Biggers <ebiggers@kernel.org> wrote: > > > > > > > > This series depends on the 'at_least' macro added by > > > > https://lore.kernel.org/r/20251122025510.1625066-4-Jason@zx2c4.com > > > > It can also be retrieved from > > > > > > > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git more-at-least-decorations-v1 > > > > > > > > Add the at_least (i.e. 'static') decoration to the fixed-size array > > > > parameters of more of the crypto library functions. This causes clang > > > > to generate a warning if a too-small array of known size is passed. > > > > > > > > > > FTR GCC does so too. > > > > See https://lore.kernel.org/linux-crypto/20251115021430.GA2148@sol/ > > Unfortunately gcc puts these warnings under -Wstringop-overflow which > > the kernel disables, so we don't see them. clang works, though. > > Is that disabling new? No. > Look at the commit message in my chapoly patch... The warning shown > there happened from a real live kernel build. Oh, there's actually a difference between const and non-const parameters. A const parameter gives -Wstringop-overread, while a non-const one gives -Wstringop-overflow. Only the latter is disabled. - Eric
On Sun, Nov 23, 2025 at 12:54:31PM -0800, Eric Biggers wrote: > Oh, there's actually a difference between const and non-const > parameters. A const parameter gives -Wstringop-overread, while a > non-const one gives -Wstringop-overflow. Only the latter is disabled. FWIW, I'm hoping we can make the last bit of progress needed to get -Warray-bounds and -Wstringop-overflow enabled globally after this patch helps us track down any stragglers: https://lore.kernel.org/lkml/20251121184342.it.626-kees@kernel.org/ -Kees -- Kees Cook
On Sat, Nov 22, 2025 at 11:42:00AM -0800, Eric Biggers wrote: > This series depends on the 'at_least' macro added by > https://lore.kernel.org/r/20251122025510.1625066-4-Jason@zx2c4.com > It can also be retrieved from > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git more-at-least-decorations-v1 > > Add the at_least (i.e. 'static') decoration to the fixed-size array > parameters of more of the crypto library functions. This causes clang > to generate a warning if a too-small array of known size is passed. > > Eric Biggers (6): > lib/crypto: chacha: Add at_least decoration to fixed-size array params > lib/crypto: curve25519: Add at_least decoration to fixed-size array > params > lib/crypto: md5: Add at_least decoration to fixed-size array params > lib/crypto: poly1305: Add at_least decoration to fixed-size array > params > lib/crypto: sha1: Add at_least decoration to fixed-size array params > lib/crypto: sha2: Add at_least decoration to fixed-size array params > > include/crypto/chacha.h | 12 ++++----- > include/crypto/curve25519.h | 24 ++++++++++------- > include/crypto/md5.h | 11 ++++---- > include/crypto/poly1305.h | 2 +- > include/crypto/sha1.h | 12 +++++---- > include/crypto/sha2.h | 53 ++++++++++++++++++++++--------------- It turns out this causes a build error when <crypto/poly1305.h>, <crypto/sha1.h>, or <crypto/sha2.h> is included before <linux/compiler.h>. Jason's patch to <crypto/chacha20poly1305.h> is okay, because that one indirectly includes <linux/compiler.h> by chance. I thought <linux/compiler.h> already got included in everything via the -include compiler flag. But it's actually <linux/compiler_types.h> which works that way, not <linux/compiler.h> which is a regular header. We can make these crypto headers include <linux/compiler.h>. But before we do that, should we perhaps consider putting the definition of 'at_least' in <linux/compiler_types.h> instead of in <linux/compiler.h>, so that it becomes always available? This is basically a core language feature. Maybe it belongs next to the definition of __counted_by, which is another definition related to array bounds? - Eric
On Sat, Nov 22, 2025 at 08:00:37PM -0800, Eric Biggers wrote: > We can make these crypto headers include <linux/compiler.h>. But before > we do that, should we perhaps consider putting the definition of > 'at_least' in <linux/compiler_types.h> instead of in <linux/compiler.h>, > so that it becomes always available? This is basically a core language > feature. Maybe it belongs next to the definition of __counted_by, which > is another definition related to array bounds? This is indeed exactly what should be done. Do you want me to make a v4 and you can rebase -next, or do you want to just fix this up on top? Jason
On Sun, Nov 23, 2025 at 06:16:05AM +0100, Jason A. Donenfeld wrote: > On Sat, Nov 22, 2025 at 08:00:37PM -0800, Eric Biggers wrote: > > We can make these crypto headers include <linux/compiler.h>. But before > > we do that, should we perhaps consider putting the definition of > > 'at_least' in <linux/compiler_types.h> instead of in <linux/compiler.h>, > > so that it becomes always available? This is basically a core language > > feature. Maybe it belongs next to the definition of __counted_by, which > > is another definition related to array bounds? > > This is indeed exactly what should be done. Do you want me to make a v4 > and you can rebase -next, or do you want to just fix this up on top? > > Jason Sending out v4 would be good. Thanks. - Eric
© 2016 - 2025 Red Hat, Inc.