crypto: Fix buffer extension in Decrypt()
This commit is contained in:
parent
589dbaaed2
commit
1f33e29ce2
2 changed files with 7 additions and 7 deletions
|
@ -276,11 +276,6 @@ func Decrypt(ks *Key, plaintext []byte, ciphertextWithMac []byte) ([]byte, error
|
|||
panic("trying to decrypt invalid data: ciphertext too small")
|
||||
}
|
||||
|
||||
if cap(plaintext) < len(ciphertextWithMac) {
|
||||
// extend plaintext
|
||||
plaintext = append(plaintext, make([]byte, len(ciphertextWithMac)-cap(plaintext))...)
|
||||
}
|
||||
|
||||
// extract mac
|
||||
l := len(ciphertextWithMac) - macSize
|
||||
ciphertextWithIV, mac := ciphertextWithMac[:l], ciphertextWithMac[l:]
|
||||
|
@ -293,6 +288,11 @@ func Decrypt(ks *Key, plaintext []byte, ciphertextWithMac []byte) ([]byte, error
|
|||
// extract iv
|
||||
iv, ciphertext := ciphertextWithIV[:ivSize], ciphertextWithIV[ivSize:]
|
||||
|
||||
if cap(plaintext) < len(ciphertext) {
|
||||
// extend plaintext
|
||||
plaintext = append(plaintext, make([]byte, len(ciphertext)-cap(plaintext))...)
|
||||
}
|
||||
|
||||
// decrypt data
|
||||
c, err := aes.NewCipher(ks.Encrypt[:])
|
||||
if err != nil {
|
||||
|
|
|
@ -107,10 +107,10 @@ func TestCornerCases(t *testing.T) {
|
|||
"wrong length returned for ciphertext, expected 0, got %d",
|
||||
len(c))
|
||||
|
||||
// this should decrypt to an empty slice
|
||||
// this should decrypt to nil
|
||||
p, err := crypto.Decrypt(k, nil, c)
|
||||
OK(t, err)
|
||||
Equals(t, []byte{}, p)
|
||||
Equals(t, []byte(nil), p)
|
||||
|
||||
// test encryption for same slice, this should return an error
|
||||
_, err = crypto.Encrypt(k, c, c)
|
||||
|
|
Loading…
Reference in a new issue