hashes/sha256: Remove static variables from sha256

This removes the static (thread-unsafe) variables from sha256 and hmac_sha256 to remove a potential footgun. The static variable is only used when the caller does not supply a pointer to store the digest and it is returned via the (undocumented) return value. This commit removes this option and makes the digest argument mandatory.
RIOT-OS · Nov 29, 2023 · e454849 · e454849
1 parent 6eed92b
commit e454849
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 20 deletions.
diff --git a/sys/hashes/sha256.c b/sys/hashes/sha256.c
@@ -68,20 +68,14 @@ void sha256_init(sha256_context_t *ctx)
     ctx->state[7] = 0x5BE0CD19;
 }
 
-void *sha256(const void *data, size_t len, void *digest)
+void sha256(const void *data, size_t len, void *digest)
 {
     sha256_context_t c;
-    static unsigned char m[SHA256_DIGEST_LENGTH];
-
-    if (digest == NULL) {
-        digest = m;
-    }
+    assert(digest);
 
     sha256_init(&c);
     sha2xx_update(&c, data, len);
     sha256_final(&c, digest);
-
-    return digest;
 }
 
 void hmac_sha256_init(hmac_context_t *ctx, const void *key, size_t key_length)
@@ -135,12 +129,6 @@ void hmac_sha256_final(hmac_context_t *ctx, void *digest)
 {
     unsigned char tmp[SHA256_DIGEST_LENGTH];
 
-    static unsigned char m[SHA256_DIGEST_LENGTH];
-
-    if (digest == NULL) {
-        digest = m;
-    }
-
     sha256_final(&ctx->c_in, tmp);
     sha2xx_update(&ctx->c_out, tmp, SHA256_DIGEST_LENGTH);
     sha256_final(&ctx->c_out, digest);

diff --git a/sys/include/hashes/sha256.h b/sys/include/hashes/sha256.h
@@ -128,11 +128,10 @@ static inline void sha256_final(sha256_context_t *ctx, void *digest)
  *
  * @param[in] data   pointer to the buffer to generate hash from
  * @param[in] len    length of the buffer
- * @param[out] digest optional pointer to an array for the result, length must
+ * @param[out] digest Pointer to an array for the result, length must
  *                    be SHA256_DIGEST_LENGTH
- *                    if digest == NULL, one static buffer is used
  */
-void *sha256(const void *data, size_t len, void *digest);
+void sha256(const void *data, size_t len, void *digest);
 
 /**
  * @brief hmac_sha256_init HMAC SHA-256 calculation. Initiate calculation of a HMAC
@@ -153,9 +152,7 @@ void hmac_sha256_update(hmac_context_t *ctx, const void *data, size_t len);
 /**
  * @brief hmac_sha256_final HMAC SHA-256 finalization. Finish HMAC calculation and export the value
  * @param[in] ctx hmac_context_t handle to use
- * @param[out] digest the computed hmac-sha256,
- *             length MUST be SHA256_DIGEST_LENGTH
- *             if digest == NULL, a static buffer is used
+ * @param[out] digest the computed hmac-sha256, length MUST be SHA256_DIGEST_LENGTH
  */
 void hmac_sha256_final(hmac_context_t *ctx, void *digest);