libtomcrypt src of unsigned_read should be const

src of unsigned_read should be const

Open mabuchner opened this issue 3 years ago • 4 comments

The ltc_math_descriptor.unsigned_read function pointer has a non-const src pointer argument, which the function is not supposed to modify

https://github.com/libtom/libtomcrypt/blob/673f5ce29015a9bba3c96792920a10601b5b0718/src/headers/tomcrypt_math.h#L179

This is error prone as one might accidentally swap dst and src.

The src pointer should get marked as const.

int (*unsigned_read)(void *dst,
                     const unsigned char *src,
                     unsigned long  len);

Dec 29 '21 09:12 mabuchner

In various places libtomcrypt tries to use a constant src, but it then has to cast away the constness in order to call the unsigned_read function. E.g. see this

https://github.com/libtom/libtomcrypt/blob/673f5ce29015a9bba3c96792920a10601b5b0718/src/pk/ecc/ecc_verify_hash.c#L78

Dec 29 '21 09:12 mabuchner

libtomcrypt libtomcrypt copied to clipboard

src of unsigned_read should be const

libtomcrypt
libtomcrypt copied to clipboard