Permit 0-length inputs to Sign(Update), etc

[optnfast]

&data[0] panics for zero-length arrays.

I considered passing a null pointer (and length word of 0) for empty arrays. I chose not to do this because many standard C functions (e.g. memcpy) forbid this, and they may be used internally by the PKCS#11 implementation.

[miekg]

Why do we need this? Thought most of this convoluted stuff was needed for Windows support.

The cypher -> cipher is worth a separate PR btw.

[optnfast]

I've made a separate PR for the spelling stuff. I can rebase this one onto that when it's landed, if you like.

Why we need it (or at least, why I want it): 0-length inputs are an edge case but they do arise from time to time. The example I ran into was a test case for https://github.com/thalesignite/crypto11/ but particularly for hashes they do turn up in production too. Currently they panic this API, which is not very friendly l-)

I've added another commit with some symmetric testing (including this case). It turns out SoftHSMv2 doesn't behave very nicely in some of these cases (though it does cope with e.g. hashing), so I guess it's an edge case that people often forget to consider.

[optnfast]

I can rebase this one onto that when it's landed, if you like.

Now done.

[miekg]

I still believe this PR destroys the ability to run properly on windows - which I don't have or use, so I can say for sure (we also don't have tests for it, yeah.).

But a safer way is to check for nil slices and then error out, I think.

[mtharp]

It seems to work fine on Windows but I didn't do an exhaustive test. The Windows issues come into play with structures, not byte arrays.

I think this would be tidier if cMessage returned only the pointer, not the length. That way the invocation could be done all on line line like this:

e := C.Encrypt(c.ctx, C.CK_SESSION_HANDLE(sh), cMessage(message), C.CK_ULONG(len(message)), &enc, &enclen)

Just my opinion though.

Also the Encrypt.Empty test is crashing for me on softhsm2. I see you already commented out the EncryptUpdate.Empty test for the same reason.

[optnfast]

I think this would be tidier if cMessage returned only the pointer, not the length

Agreed.

[optnfast]

I'll look into the Encrypt.Empty crash. What version of softhsm2 do you have? (It works for me in Debian's 2.2.0-3 and 2.4.0-0.1.)

[mtharp]

2.3.0 on Fedora 28. Amusingly, it seems to be crashing for the exact same reason, trying to do &byteString[0].

[optnfast]

That's confusing. Do you have a backtrace?

[mtharp]

#1  0x00007ffff740b5c1 in __GI_abort () at abort.c:79
#2  0x00007fffee5b57d8 in std::__replacement_assert (__file=__file@entry=0x7fffee5d0e98 "/usr/include/c++/8/bits/stl_vector.h", __line=__line@entry=932,
    __function=__function@entry=0x7fffee5d3900 <std::vector<unsigned char, SecureAllocator<unsigned char> >::operator[](unsigned long)::__PRETTY_FUNCTION__> "std::vector<_Tp, _Alloc>::reference std::vector<_Tp, _Alloc>::operator[](std::vector<_Tp, _Alloc>::size_type) [with _Tp = unsigned char; _Alloc = SecureAllocator<unsigned char>; std::vector<_Tp, _Allo"..., __condition=__condition@entry=0x7fffee5d0e68 "__builtin_expect(__n < this->size(), true)") at /usr/include/c++/8/x86_64-redhat-linux/bits/c++config.h:2389
#3  0x00007fffee5b4673 in std::vector<unsigned char, SecureAllocator<unsigned char> >::operator[] (__n=0, this=0x7fffffffe4d8) at ByteString.cpp:190
#4  ByteString::byte_str (this=this@entry=0x7fffffffe4d0) at ByteString.cpp:190
#5  0x00007fffee577424 in SymEncrypt (pulEncryptedDataLen=0xc000019000, pEncryptedData=0x8b8650 "", ulDataLen=<optimized out>, pData=<optimized out>, session=0x8d3510) at SoftHSM.cpp:2312
#6  SoftHSM::C_Encrypt(unsigned long, unsigned char*, unsigned long, unsigned char*, unsigned long*) () at SoftHSM.cpp:2396
#7  0x00007fffee55d347 in C_Encrypt () at main.cpp:587
#8  0x000000000051a57b in _cgo_258385adc11b_Cfunc_Encrypt (v=0xc000057d48) at cgo-gcc-prolog:449
#9  0x000000000045a600 in runtime.asmcgocall () at /opt/go/src/runtime/asm_amd64.s:637

As far as I can tell it's still the case with the current codebase: https://github.com/opendnssec/SoftHSMv2/blob/develop/src/lib/SoftHSM.cpp#L2427

[optnfast]

Oh, I see what you mean. I think I'll disable the test here, rather than try to debug softhsm.

[optnfast]

Is anything else needed before this can be merged?

[miekg]

[ Quoting <notifications@github.com> in "Re: [miekg/pkcs11] Permit 0-length ..." ]

Is anything else needed before this can be merged?

probably not, but I haven't made any time to re-review this.

[miekg]

that failure @mtharp mentioned is that serious or "are you holding it wrong"? otherwise lgtm

[optnfast]

@miekg AIUI it is an issue in SoftHSM.