diff options
author | Jack Lloyd <[email protected]> | 2017-09-22 20:55:44 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-09-22 20:55:44 -0400 |
commit | 02c543e9a00ad8a61bbe7345d00790b4ea65d86c (patch) | |
tree | a52a6f4202bea34ec6c0651103aadc148f9ffafa /src/lib/misc/cryptobox/cryptobox.cpp | |
parent | a75ec5543b683601856359586798bc268c0eb4be (diff) |
Avoid creating invalid iterator references when input_len == 0
Diffstat (limited to 'src/lib/misc/cryptobox/cryptobox.cpp')
-rw-r--r-- | src/lib/misc/cryptobox/cryptobox.cpp | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/lib/misc/cryptobox/cryptobox.cpp b/src/lib/misc/cryptobox/cryptobox.cpp index 8097bf9bb..bb897949f 100644 --- a/src/lib/misc/cryptobox/cryptobox.cpp +++ b/src/lib/misc/cryptobox/cryptobox.cpp @@ -55,7 +55,8 @@ std::string encrypt(const uint8_t input[], size_t input_len, out_buf[i] = get_byte(i, CRYPTOBOX_VERSION_CODE); rng.randomize(&out_buf[VERSION_CODE_LEN], PBKDF_SALT_LEN); // space left for MAC here - copy_mem(&out_buf[CRYPTOBOX_HEADER_LEN], input, input_len); + if(input_len > 0) + copy_mem(&out_buf[CRYPTOBOX_HEADER_LEN], input, input_len); // Generate the keys and IV @@ -82,7 +83,8 @@ std::string encrypt(const uint8_t input[], size_t input_len, std::unique_ptr<MessageAuthenticationCode> hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)"); hmac->set_key(mac_key, MAC_KEY_LEN); - hmac->update(&out_buf[CRYPTOBOX_HEADER_LEN], input_len); + if(input_len > 0) + hmac->update(&out_buf[CRYPTOBOX_HEADER_LEN], input_len); // Can't write directly because of MAC truncation secure_vector<uint8_t> mac = hmac->final(); @@ -128,8 +130,12 @@ decrypt_bin(const uint8_t input[], size_t input_len, std::unique_ptr<MessageAuthenticationCode> hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)"); hmac->set_key(mac_key, MAC_KEY_LEN); - hmac->update(&ciphertext[CRYPTOBOX_HEADER_LEN], - ciphertext.size() - CRYPTOBOX_HEADER_LEN); + + if(ciphertext.size() > CRYPTOBOX_HEADER_LEN) + { + hmac->update(&ciphertext[CRYPTOBOX_HEADER_LEN], + ciphertext.size() - CRYPTOBOX_HEADER_LEN); + } secure_vector<uint8_t> computed_mac = hmac->final(); if(!constant_time_compare(computed_mac.data(), box_mac, MAC_OUTPUT_LEN)) |