From a8619bc69192ad427aead232e0bb0ed16e2dc7f6 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 18 Dec 2024 15:14:45 -0800 Subject: [PATCH] hmac internals: Make it clearer that `Context::try_sign` doesn't panic. Use `Digest::try_finish()` instead of `Digest::finish()`. Calculate `num_pending` directly from the inner digest, so that the compiler can use `OutputLen` range analysis to prove that the buffer is large enough. --- src/digest.rs | 9 +++++---- src/hmac.rs | 14 ++++++++------ 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/digest.rs b/src/digest.rs index 208954e06..39427262a 100644 --- a/src/digest.rs +++ b/src/digest.rs @@ -264,14 +264,15 @@ impl Context { /// `finish` consumes the context so it cannot be (mis-)used after `finish` /// has been called. pub fn finish(self) -> Digest { - self.try_finish().unwrap() + let cpu = cpu::features(); + self.try_finish(cpu) + .map_err(error::Unspecified::from) + .unwrap() } - fn try_finish(mut self) -> Result { - let cpu_features = cpu::features(); + pub(crate) fn try_finish(mut self, cpu_features: cpu::Features) -> Result { self.block .try_finish(&mut self.pending, self.num_pending, cpu_features) - .map_err(error::Unspecified::from) } /// The algorithm that this context is using. diff --git a/src/hmac.rs b/src/hmac.rs index 3bac7db9d..a62dbd731 100644 --- a/src/hmac.rs +++ b/src/hmac.rs @@ -312,19 +312,21 @@ impl Context { /// the return value of `sign` to a tag. Use `verify` for verification /// instead. pub fn sign(self) -> Tag { - self.try_sign().unwrap() + self.try_sign().map_err(error::Unspecified::from).unwrap() } - fn try_sign(self) -> Result { + fn try_sign(self) -> Result { let cpu_features = cpu::features(); - let algorithm = self.inner.algorithm(); + let inner = self.inner.try_finish(cpu_features)?; + let inner = inner.as_ref(); + let num_pending = inner.len(); let buffer = &mut [0u8; digest::MAX_BLOCK_LEN]; - let num_pending = algorithm.output_len(); - buffer[..num_pending].copy_from_slice(self.inner.finish().as_ref()); + const _BUFFER_IS_LARGE_ENOUGH_TO_HOLD_INNER: () = + assert!(digest::MAX_OUTPUT_LEN < digest::MAX_BLOCK_LEN); + buffer[..num_pending].copy_from_slice(inner); self.outer .try_finish(buffer, num_pending, cpu_features) .map(Tag) - .map_err(error::Unspecified::from) } }