Casting chars to unsigned chars.

google / safeside

Understand and mitigate software-observable side-channels

BSD 3-Clause "New" or "Revised" License

498 stars 54 forks source link

Casting chars to unsigned chars. #46

Closed asteinha closed 5 years ago

asteinha commented 5 years ago

Cast of char with ascii code between 128 and 255 to size_t gives wrong results (extremely high numbers instead of the ASCII codes). Casting it first to unsigned char and then to size_t implicitly seems to work correctly.

asteinha commented 5 years ago

What if we went in a different direction, where everything used uint8_t and the only place we did a cast was in main() when we pass a const char* to leak_byte?

Then we won't be able to use strlen. Or you want to call strlen on public_data directly?

mmdriley commented 5 years ago

I think the fact that the data we're leaking is a null-terminated string should be "forgotten" as early as possible. Everything else in the system should deal with uint8_t* pointers with an associated length.

So yes, we'd call strlen very early on, directly on public_data.

asteinha commented 5 years ago

OK, I'll fix that in another PR.