From: Niels Möller Date: Sun, 10 Mar 2024 11:51:28 +0000 (+0100) Subject: Test aead update function with data split in pieces. X-Git-Tag: nettle_3.10rc1~27 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=de5b53466cd5dd4dac88330d1d30afb3e372af34;p=thirdparty%2Fnettle.git Test aead update function with data split in pieces. Fix ubsan issue affecting calls to _nettle_poly1305_update with input 0, NULL. --- diff --git a/ChangeLog b/ChangeLog index 4fa4a72f..ce9ddf05 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2024-03-10 Niels Möller + + * poly1305-update.c (_nettle_poly1305_update): Explicitly check + for empty input and return. + + * testsuite/testutils.c (test_aead): Test with associated split + data into two pieces in different ways, respecting block + boundaries. Also add a call to update(ctx, 0, NULL) in the + middle, and encrypt and decrypt calls with empty input. + 2024-03-08 Niels Möller Fix ubsan issues for empty hash updates. diff --git a/poly1305-update.c b/poly1305-update.c index 15ee3231..a00e5add 100644 --- a/poly1305-update.c +++ b/poly1305-update.c @@ -57,6 +57,9 @@ _nettle_poly1305_update (struct poly1305_ctx *ctx, uint8_t *block, unsigned index, size_t length, const uint8_t *m) { + if (!length) + return index; + if (index > 0) { /* Try to fill partial block */ diff --git a/testsuite/testutils.c b/testsuite/testutils.c index ac9d8f63..dcd653c1 100644 --- a/testsuite/testutils.c +++ b/testsuite/testutils.c @@ -864,15 +864,17 @@ test_aead(const struct nettle_aead *aead, assert (nonce->length == aead->nonce_size); aead->set_nonce(ctx, nonce->data); } - if (aead->update && authtext->length) - aead->update(ctx, authtext->length, authtext->data); - - if (offset > 0) - aead->encrypt(ctx, offset, out + out_align, in + in_align); - - if (offset < cleartext->length) - aead->encrypt(ctx, cleartext->length - offset, - out + out_align + offset, in + in_align + offset); + if (aead->update) + { + size_t a_offset = (offset <= authtext->length) ? offset : 0; + aead->update(ctx, a_offset, authtext->data); + aead->update(ctx, 0, NULL); + aead->update(ctx, authtext->length - a_offset, authtext->data + a_offset); + } + aead->encrypt(ctx, offset, out + out_align, in + in_align); + aead->encrypt(ctx, 0, out + out_align, NULL); + aead->encrypt(ctx, cleartext->length - offset, + out + out_align + offset, in + in_align + offset); if (!MEMEQ(cleartext->length, out + out_align, ciphertext->data)) { @@ -919,12 +921,10 @@ test_aead(const struct nettle_aead *aead, if (aead->update && authtext->length) aead->update(ctx, authtext->length, authtext->data); - if (offset > 0) - aead->decrypt (ctx, offset, out + out_align, out + out_align); - - if (offset < cleartext->length) - aead->decrypt(ctx, cleartext->length - offset, - out + out_align + offset, out + out_align + offset); + aead->decrypt(ctx, offset, out + out_align, out + out_align); + aead->decrypt(ctx, 0, out + out_align, NULL); + aead->decrypt(ctx, cleartext->length - offset, + out + out_align + offset, out + out_align + offset); ASSERT(MEMEQ(cleartext->length, out + out_align, cleartext->data));