aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/misc/cryptobox/cryptobox.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-09-22 20:55:44 -0400
committerJack Lloyd <[email protected]>2017-09-22 20:55:44 -0400
commit02c543e9a00ad8a61bbe7345d00790b4ea65d86c (patch)
treea52a6f4202bea34ec6c0651103aadc148f9ffafa /src/lib/misc/cryptobox/cryptobox.cpp
parenta75ec5543b683601856359586798bc268c0eb4be (diff)
Avoid creating invalid iterator references when input_len == 0
Diffstat (limited to 'src/lib/misc/cryptobox/cryptobox.cpp')
-rw-r--r--src/lib/misc/cryptobox/cryptobox.cpp14
1 files changed, 10 insertions, 4 deletions
diff --git a/src/lib/misc/cryptobox/cryptobox.cpp b/src/lib/misc/cryptobox/cryptobox.cpp
index 8097bf9bb..bb897949f 100644
--- a/src/lib/misc/cryptobox/cryptobox.cpp
+++ b/src/lib/misc/cryptobox/cryptobox.cpp
@@ -55,7 +55,8 @@ std::string encrypt(const uint8_t input[], size_t input_len,
out_buf[i] = get_byte(i, CRYPTOBOX_VERSION_CODE);
rng.randomize(&out_buf[VERSION_CODE_LEN], PBKDF_SALT_LEN);
// space left for MAC here
- copy_mem(&out_buf[CRYPTOBOX_HEADER_LEN], input, input_len);
+ if(input_len > 0)
+ copy_mem(&out_buf[CRYPTOBOX_HEADER_LEN], input, input_len);
// Generate the keys and IV
@@ -82,7 +83,8 @@ std::string encrypt(const uint8_t input[], size_t input_len,
std::unique_ptr<MessageAuthenticationCode> hmac =
MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");
hmac->set_key(mac_key, MAC_KEY_LEN);
- hmac->update(&out_buf[CRYPTOBOX_HEADER_LEN], input_len);
+ if(input_len > 0)
+ hmac->update(&out_buf[CRYPTOBOX_HEADER_LEN], input_len);
// Can't write directly because of MAC truncation
secure_vector<uint8_t> mac = hmac->final();
@@ -128,8 +130,12 @@ decrypt_bin(const uint8_t input[], size_t input_len,
std::unique_ptr<MessageAuthenticationCode> hmac =
MessageAuthenticationCode::create_or_throw("HMAC(SHA-512)");
hmac->set_key(mac_key, MAC_KEY_LEN);
- hmac->update(&ciphertext[CRYPTOBOX_HEADER_LEN],
- ciphertext.size() - CRYPTOBOX_HEADER_LEN);
+
+ if(ciphertext.size() > CRYPTOBOX_HEADER_LEN)
+ {
+ hmac->update(&ciphertext[CRYPTOBOX_HEADER_LEN],
+ ciphertext.size() - CRYPTOBOX_HEADER_LEN);
+ }
secure_vector<uint8_t> computed_mac = hmac->final();
if(!constant_time_compare(computed_mac.data(), box_mac, MAC_OUTPUT_LEN))