acvptool: Fix error reporting if dk or c are empty
err could be nil when bound to %s.
Change-Id: I96d26517fb7ee6ca4ca65d9a3056bc5e31715a91
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/83767
Reviewed-by: Adam Langley <agl@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/util/fipstools/acvp/acvptool/subprocess/mlkem.go b/util/fipstools/acvp/acvptool/subprocess/mlkem.go
index e01cb2e..a112ed8 100644
--- a/util/fipstools/acvp/acvptool/subprocess/mlkem.go
+++ b/util/fipstools/acvp/acvptool/subprocess/mlkem.go
@@ -3,6 +3,7 @@
import (
"encoding/hex"
"encoding/json"
+ "errors"
"fmt"
"strings"
)
@@ -80,6 +81,17 @@
K string `json:"k,omitempty"`
}
+func decodeNonEmptyHex(in string) ([]byte, error) {
+ ret, err := hex.DecodeString(in)
+ if err != nil {
+ return nil, err
+ }
+ if len(ret) == 0 {
+ return nil, errors.New("empty string")
+ }
+ return ret, nil
+}
+
type mlkem struct{}
func (m *mlkem) Process(vectorSet []byte, t Transactable) (any, error) {
@@ -202,14 +214,14 @@
cmdName := group.ParameterSet + "/decap"
for _, test := range group.Tests {
- dk, err := hex.DecodeString(test.DK)
- if err != nil || len(dk) == 0 {
+ dk, err := decodeNonEmptyHex(test.DK)
+ if err != nil {
return nil, fmt.Errorf("failed to decode dk in test case %d/%d: %s",
group.ID, test.ID, err)
}
- c, err := hex.DecodeString(test.C)
- if err != nil || len(c) == 0 {
+ c, err := decodeNonEmptyHex(test.C)
+ if err != nil {
return nil, fmt.Errorf("failed to decode c in test case %d/%d: %s",
group.ID, test.ID, err)
}
