| commit | d3462e378f40ba6838b6c42584c30769ca633e6f | |
| author | Radim Krčmář <rkrcmar@redhat.com> | |
| Fri, 10 Jul 2015 17:18:01 +0000 (10 19:18 +0200) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Thu, 16 Jul 2015 18:00:21 +0000 (16 20:00 +0200) | ||
| tree | 6c07f65460414fb2c9343fe6eb3ac4ed8bc66256 | treesnapshot (tar.gz zip) |
| parent | becaeb726ae7da4212a788773ebdfe87b4833f5c | commitdiff |
crypto: avoid undefined behavior in nettle calls
Calling a function pointer that was cast from an incompatible function
results in undefined behavior. 'void *' isn't compatible with 'struct
XXX *', so we can't cast to nettle_cipher_func, but have to provide a
wrapper. (Conversion from 'void *' to 'struct XXX *' might require
computation, which won't be done if we drop argument's true type, and
pointers can have different sizes so passing arguments on stack would
bug.)
Having two different prototypes based on nettle version doesn't make
this solution any nicer.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Message-Id: <1437062641-12684-3-git-send-email-rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Calling a function pointer that was cast from an incompatible function
results in undefined behavior. 'void *' isn't compatible with 'struct
XXX *', so we can't cast to nettle_cipher_func, but have to provide a
wrapper. (Conversion from 'void *' to 'struct XXX *' might require
computation, which won't be done if we drop argument's true type, and
pointers can have different sizes so passing arguments on stack would
bug.)
Having two different prototypes based on nettle version doesn't make
this solution any nicer.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Message-Id: <1437062641-12684-3-git-send-email-rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| crypto/cipher-nettle.c | diffblobblamehistory |