Closed blocksebastian closed 2 years ago
I'm not convinced this is in fact fixed. Here are the warnings I'm getting when using current hydrogen, gcc version 11.2.1 20210728 (Red Hat 11.2.1-1)
on x86_64 (here keygen.c
is my program, into which hydrogen.c
is included):
In file included from hydrogen/hydrogen.c:18,
from keygen.c:3:
In function 'hydro_sign_verify_p2',
inlined from 'hydro_sign_verify_challenge' at hydrogen/impl/sign.h:117:12,
inlined from 'hydro_sign_final_verify' at hydrogen/impl/sign.h:178:12:
hydrogen/impl/sign.h:103:5: warning: 'hydro_x25519_core' accessing 160 bytes in a region of size 32 []8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wstringop-overflow=-Wstringop-overflow=]8;;]
103 | hydro_x25519_core(&xs[0], challenge, pk, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hydrogen/impl/sign.h: In function 'hydro_sign_final_verify':
hydrogen/impl/sign.h:103:5: note: referencing argument 1 of type 'hydro_x25519_limb_t (*)[4]' {aka 'long unsigned int (*)[4]'}
In file included from hydrogen/hydrogen.c:15,
from keygen.c:3:
hydrogen/impl/x25519.h:253:1: note: in a call to function 'hydro_x25519_core'
253 | hydro_x25519_core(hydro_x25519_fe xs[5], const uint8_t scalar[hydro_x25519_BYTES],
| ^~~~~~~~~~~~~~~~~
In file included from hydrogen/hydrogen.c:18,
from keygen.c:3:
In function 'hydro_sign_verify_p2',
inlined from 'hydro_sign_verify_challenge' at hydrogen/impl/sign.h:117:12,
inlined from 'hydro_sign_final_verify' at hydrogen/impl/sign.h:178:12:
hydrogen/impl/sign.h:104:5: warning: 'hydro_x25519_core' accessing 160 bytes in a region of size 32 []8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wstringop-overflow=-Wstringop-overflow=]8;;]
104 | hydro_x25519_core(&xs[2], sig, hydro_x25519_BASE_POINT, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hydrogen/impl/sign.h: In function 'hydro_sign_final_verify':
hydrogen/impl/sign.h:104:5: note: referencing argument 1 of type 'hydro_x25519_limb_t (*)[4]' {aka 'long unsigned int (*)[4]'}
In file included from hydrogen/hydrogen.c:15,
from keygen.c:3:
hydrogen/impl/x25519.h:253:1: note: in a call to function 'hydro_x25519_core'
253 | hydro_x25519_core(hydro_x25519_fe xs[5], const uint8_t scalar[hydro_x25519_BYTES],
| ^~~~~~~~~~~~~~~~~
In file included from hydrogen/hydrogen.c:18,
from keygen.c:3:
In function 'hydro_sign_verify_core',
inlined from 'hydro_sign_verify_p2' at hydrogen/impl/sign.h:106:12,
inlined from 'hydro_sign_verify_challenge' at hydrogen/impl/sign.h:117:12,
inlined from 'hydro_sign_final_verify' at hydrogen/impl/sign.h:178:12:
hydrogen/impl/sign.h:74:5: warning: 'hydro_x25519_ladder_part1' accessing 160 bytes in a region of size 32 []8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wstringop-overflow=-Wstringop-overflow=]8;;]
74 | hydro_x25519_ladder_part1(xs);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hydrogen/impl/sign.h: In function 'hydro_sign_final_verify':
hydrogen/impl/sign.h:74:5: note: referencing argument 1 of type 'hydro_x25519_limb_t (*)[4]' {aka 'long unsigned int (*)[4]'}
In file included from hydrogen/hydrogen.c:15,
from keygen.c:3:
hydrogen/impl/x25519.h:219:1: note: in a call to function 'hydro_x25519_ladder_part1'
219 | hydro_x25519_ladder_part1(hydro_x25519_fe xs[5])
| ^~~~~~~~~~~~~~~~~~~~~~~~~
and with gcc version 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04)
on aarch64 (looks exactly the same):
In file included from hydrogen/hydrogen.c:18,
from keygen.c:3:
In function ‘hydro_sign_verify_p2’,
inlined from ‘hydro_sign_verify_challenge’ at hydrogen/impl/sign.h:117:12,
inlined from ‘hydro_sign_final_verify’ at hydrogen/impl/sign.h:178:12:
hydrogen/impl/sign.h:103:5: warning: ‘hydro_x25519_core’ accessing 160 bytes in a region of size 32 []8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wstringop-overflow=-Wstringop-overflow=]8;;]
103 | hydro_x25519_core(&xs[0], challenge, pk, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hydrogen/impl/sign.h: In function ‘hydro_sign_final_verify’:
hydrogen/impl/sign.h:103:5: note: referencing argument 1 of type ‘hydro_x25519_limb_t (*)[4]’ {aka ‘long unsigned int (*)[4]’}
In file included from hydrogen/hydrogen.c:15,
from keygen.c:3:
hydrogen/impl/x25519.h:253:1: note: in a call to function ‘hydro_x25519_core’
253 | hydro_x25519_core(hydro_x25519_fe xs[5], const uint8_t scalar[hydro_x25519_BYTES],
| ^~~~~~~~~~~~~~~~~
In file included from hydrogen/hydrogen.c:18,
from keygen.c:3:
In function ‘hydro_sign_verify_p2’,
inlined from ‘hydro_sign_verify_challenge’ at hydrogen/impl/sign.h:117:12,
inlined from ‘hydro_sign_final_verify’ at hydrogen/impl/sign.h:178:12:
hydrogen/impl/sign.h:104:5: warning: ‘hydro_x25519_core’ accessing 160 bytes in a region of size 32 []8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wstringop-overflow=-Wstringop-overflow=]8;;]
104 | hydro_x25519_core(&xs[2], sig, hydro_x25519_BASE_POINT, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hydrogen/impl/sign.h: In function ‘hydro_sign_final_verify’:
hydrogen/impl/sign.h:104:5: note: referencing argument 1 of type ‘hydro_x25519_limb_t (*)[4]’ {aka ‘long unsigned int (*)[4]’}
In file included from hydrogen/hydrogen.c:15,
from keygen.c:3:
hydrogen/impl/x25519.h:253:1: note: in a call to function ‘hydro_x25519_core’
253 | hydro_x25519_core(hydro_x25519_fe xs[5], const uint8_t scalar[hydro_x25519_BYTES],
| ^~~~~~~~~~~~~~~~~
In file included from hydrogen/hydrogen.c:18,
from keygen.c:3:
In function ‘hydro_sign_verify_core’,
inlined from ‘hydro_sign_verify_p2’ at hydrogen/impl/sign.h:106:12,
inlined from ‘hydro_sign_verify_challenge’ at hydrogen/impl/sign.h:117:12,
inlined from ‘hydro_sign_final_verify’ at hydrogen/impl/sign.h:178:12:
hydrogen/impl/sign.h:74:5: warning: ‘hydro_x25519_ladder_part1’ accessing 160 bytes in a region of size 32 []8;;https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wstringop-overflow=-Wstringop-overflow=]8;;]
74 | hydro_x25519_ladder_part1(xs);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hydrogen/impl/sign.h: In function ‘hydro_sign_final_verify’:
hydrogen/impl/sign.h:74:5: note: referencing argument 1 of type ‘hydro_x25519_limb_t (*)[4]’ {aka ‘long unsigned int (*)[4]’}
In file included from hydrogen/hydrogen.c:15,
from keygen.c:3:
hydrogen/impl/x25519.h:219:1: note: in a call to function ‘hydro_x25519_ladder_part1’
219 | hydro_x25519_ladder_part1(hydro_x25519_fe xs[5])
| ^~~~~~~~~~~~~~~~~~~~~~~~~
@jedisct1 You'll probably want to reopen this issue until it's actually confirmed fixed. Thanks.
@solardiz That looks like a bug in the analyzer.
1eee2b23f1bb170d4af155ea431ee8d0b6d9dde8 works around it.
@jedisct1 Thank you for the prompt fix! I confirm it avoids the warnings on my two systems above.
I just downloaded the Arm GNU Toolchain Version 11.2-2022.02 and want to cross-compile libhydrogen (current git). It builds and runs, but the warnings about accessing data out of region make me feel uncomfortable. System is a 32 Bit ARM.
Full build log
Patches
The first is quite easy to patch as the number of elements is given to the function and hydro_x25519_a24 is only defined as an array with length 1.
The other warnings are a little harder since it want hydro_x25519_fe[5] but there are different size of arrays. I'm not aware how to cast a "hydro_x25519_fe *" as it is used in hydro_sign_verify_p2 to a "hydro_x25519_fe[5]".