Niels Möller <[email protected]> writes: > I noticed that there are two failures in the ci builds. See > https://gitlab.com/gnutls/nettle/-/pipelines/1178451395. > > One failure is the new side-channel test failing with mini-gmp. Which is > expected, the test should just be skipped in mini-gmp builds (similar to > several other sc tests).
Yes, I'm attaching the patch for this. > The other is a complaint from ubsan. I guess it's related to the label > == NULL case. I don't know what's the proper place for a fix, maybe it's > not in the new code. I think the Nettle APIs should generally allow size > == 0, ptr == NULL more or less everywhere, even where libc functions we > use formally require ptr != NULL. This is similar to this issue: https://gitlab.com/gnutls/gnutls/-/issues/1306 where we passed NULL to sha*_update in the GnuTLS code, though it turned to be a non-issue. In the RSA-OAEP case, I'm not exactly sure whether we should be able to safely special case label == NULL as its hash is part of plaintext data block. Therefore I'm adding label = "" at the API entry points. Regards, -- Daiki Ueno
>From 9ffbac0aa6807231a6842a1ee67f6999c9c2c97a Mon Sep 17 00:00:00 2001 From: Daiki Ueno <[email protected]> Date: Sat, 17 Feb 2024 08:58:47 +0900 Subject: [PATCH] Fix a couple of CI failures in rsa-oaep-encrypt-test - Skip sc-rsa-oaep-encrypt-test when compiled with mini-gmp - Pass in "" as label if it was NULL, to pacify __nonnull nature of memcpy Signed-off-by: Daiki Ueno <[email protected]> --- rsa-oaep-decrypt.c | 7 +++++++ rsa-oaep-encrypt.c | 7 +++++++ testsuite/rsa-oaep-encrypt-test.c | 4 ++++ 3 files changed, 18 insertions(+) diff --git a/rsa-oaep-decrypt.c b/rsa-oaep-decrypt.c index 4006a021..2c00422c 100644 --- a/rsa-oaep-decrypt.c +++ b/rsa-oaep-decrypt.c @@ -55,6 +55,13 @@ _rsa_oaep_decrypt (const struct rsa_public_key *pub, TMP_GMP_DECL (m, mp_limb_t); TMP_GMP_DECL (em, uint8_t); int res; + const uint8_t empty = 0; + + if (label == NULL) + { + assert (label_length == 0); + label = ∅ + } TMP_GMP_ALLOC (m, mpz_size (pub->n)); TMP_GMP_ALLOC (em, key->size); diff --git a/rsa-oaep-encrypt.c b/rsa-oaep-encrypt.c index 488821f0..7e6bb1e5 100644 --- a/rsa-oaep-encrypt.c +++ b/rsa-oaep-encrypt.c @@ -51,9 +51,16 @@ _rsa_oaep_encrypt (const struct rsa_public_key *key, uint8_t *ciphertext) { mpz_t gibberish; + const uint8_t empty = 0; mpz_init (gibberish); + if (label == NULL) + { + assert (label_length == 0); + label = ∅ + } + if (_oaep_encode_mgf1 (gibberish, key->size, random_ctx, random, hash_ctx, hash, diff --git a/testsuite/rsa-oaep-encrypt-test.c b/testsuite/rsa-oaep-encrypt-test.c index 3d9808a5..511c2744 100644 --- a/testsuite/rsa-oaep-encrypt-test.c +++ b/testsuite/rsa-oaep-encrypt-test.c @@ -530,6 +530,10 @@ test_encrypt (void) void test_main (void) { +#if NETTLE_USE_MINI_GMP || WITH_EXTRA_ASSERTS + if (test_side_channel) + SKIP(); +#endif test_encrypt_decrypt (); test_encrypt (); } -- 2.43.0
_______________________________________________ nettle-bugs mailing list -- [email protected] To unsubscribe send an email to [email protected]
