On Thursday 07 January 2016 13:26:37 Niels Möller wrote:
Tim Ruehsen tim.ruehsen@gmx.de writes:
just experienced a crash (assertion) when using md5 on short input.
test: md5.c:81: nettle_md5_digest: Assertion `length <= 16' failed.
The code is
struct md5_ctx md5; md5_init(&md5); md5_update(&md5, "moin", 4); md5_digest(&md5, 20, digest);
^^
The problem isn't the *input* length, but the output length. The length argument for md5_digest can be at most MD5_DIGEST_SIZE, i.e., 16.
When walking back from lunch everything sorted out in my brain. I was too hungry when I wrote that text. Sorry for the noise.
But what's wrong with providing a larger buffer than needed ? Imagine snprintf would throw an assertion if the provided buffer is 'too large'.
Asserts in nettle are triggered when bugs in nettle or in the application violate necessary assumptions required for correct operation. In most cases, an immediate crash is preferable to follow on problems such data corruption or invalid memory accesses. Right, I know there are some exceptional production systems (e.g, the Ariadne rocket...) where it *might* be preferable to ignore problems and hope for the best, and I also know there are different opinions. But my view is that in general, it makes sense to keep asserts also in production code.
Some admins have their jobs due to 'stop-by-assertion' software - at least that is good thing about assertions ;)
Best Regards
Tim