diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.c index fb247fd7a7..5110be4321 100644 --- a/crypto/bytestring/cbs.c +++ b/crypto/bytestring/cbs.c @@ -520,7 +520,9 @@ int CBS_get_asn1_int64(CBS *cbs, int64_t *out) { } uint8_t sign_extend[sizeof(int64_t)]; memset(sign_extend, is_negative ? 0xff : 0, sizeof(sign_extend)); - for (size_t i = 0; i < len; i++) { + // GCC 12/13 report `stringop-overflow` on the following line + // without additional condition: `i < sizeof(int64_t)` + for (size_t i = 0; i < len && i < sizeof(int64_t); i++) { // `data` is big-endian. // Values are always shifted toward the "little" end. #ifdef OPENSSL_BIG_ENDIAN diff --git a/crypto/fipsmodule/ecdsa/ecdsa.c b/crypto/fipsmodule/ecdsa/ecdsa.c index 67d820b411..5a946ed94a 100644 --- a/crypto/fipsmodule/ecdsa/ecdsa.c +++ b/crypto/fipsmodule/ecdsa/ecdsa.c @@ -442,7 +442,7 @@ ECDSA_SIG *ecdsa_digestsign_no_self_test(const EVP_MD *md, const uint8_t *input, const uint8_t *nonce, size_t nonce_len) { uint8_t digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; + unsigned int digest_len = EVP_MAX_MD_SIZE; if (!EVP_Digest(input, in_len, digest, &digest_len, md, NULL)) { return 0; } @@ -455,7 +455,7 @@ int ecdsa_digestverify_no_self_test(const EVP_MD *md, const uint8_t *input, size_t in_len, const ECDSA_SIG *sig, const EC_KEY *eckey){ uint8_t digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; + unsigned int digest_len = EVP_MAX_MD_SIZE; if (!EVP_Digest(input, in_len, digest, &digest_len, md, NULL)) { return 0; } diff --git a/crypto/fipsmodule/rsa/rsa.c b/crypto/fipsmodule/rsa/rsa.c index c7efbad9ca..f0144b7230 100644 --- a/crypto/fipsmodule/rsa/rsa.c +++ b/crypto/fipsmodule/rsa/rsa.c @@ -692,7 +692,7 @@ int rsa_digestsign_no_self_test(const EVP_MD *md, const uint8_t *input, size_t in_len, uint8_t *out, unsigned *out_len, RSA *rsa) { uint8_t digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; + unsigned int digest_len = EVP_MAX_MD_SIZE; if (!EVP_Digest(input, in_len, digest, &digest_len, md, NULL)) { return 0; } @@ -760,7 +760,7 @@ int rsa_digestverify_no_self_test(const EVP_MD *md, const uint8_t *input, size_t in_len, const uint8_t *sig, size_t sig_len, RSA *rsa) { uint8_t digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; + unsigned int digest_len = EVP_MAX_MD_SIZE; if (!EVP_Digest(input, in_len, digest, &digest_len, md, NULL)) { return 0; }