OCBv3: fix handling of empty plaintext

sjaeckel · sjaeckel · commit 868c5a82c31c · 2017-08-03T13:19:12.000+02:00
diff --git a/src/encauth/ocb3/ocb3_decrypt.c b/src/encauth/ocb3/ocb3_decrypt.c
@@ -30,8 +30,10 @@ int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen,
    unsigned char *pt_b, *ct_b;
 
    LTC_ARGCHK(ocb != NULL);
-   LTC_ARGCHK(pt  != NULL);
-   LTC_ARGCHK(ct  != NULL);
+   if (ct == NULL) LTC_ARGCHK(ctlen == 0);
+   if (ctlen == 0) LTC_ARGCHK(ct    == NULL);
+   else            LTC_ARGCHK(pt    != NULL);
+
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       return err;
    }
diff --git a/src/encauth/ocb3/ocb3_decrypt_last.c b/src/encauth/ocb3/ocb3_decrypt_last.c
@@ -30,8 +30,10 @@ int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ct
    int err, x, full_blocks, full_blocks_len, last_block_len;
 
    LTC_ARGCHK(ocb != NULL);
-   LTC_ARGCHK(ct  != NULL);
-   LTC_ARGCHK(pt  != NULL);
+   if (ct == NULL) LTC_ARGCHK(ctlen == 0);
+   if (ctlen == 0) LTC_ARGCHK(ct    == NULL);
+   else            LTC_ARGCHK(pt    != NULL);
+
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       goto LBL_ERR;
    }
diff --git a/src/encauth/ocb3/ocb3_encrypt.c b/src/encauth/ocb3/ocb3_encrypt.c
@@ -30,8 +30,10 @@ int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen,
    unsigned char *pt_b, *ct_b;
 
    LTC_ARGCHK(ocb != NULL);
-   LTC_ARGCHK(pt  != NULL);
-   LTC_ARGCHK(ct  != NULL);
+   if (pt == NULL) LTC_ARGCHK(ptlen == 0);
+   if (ptlen == 0) LTC_ARGCHK(pt    == NULL);
+   else            LTC_ARGCHK(ct    != NULL);
+
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       return err;
    }
diff --git a/src/encauth/ocb3/ocb3_encrypt_last.c b/src/encauth/ocb3/ocb3_encrypt_last.c
@@ -30,7 +30,10 @@ int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long pt
    int err, x, full_blocks, full_blocks_len, last_block_len;
 
    LTC_ARGCHK(ocb != NULL);
-   LTC_ARGCHK(pt  != NULL);
+   if (pt == NULL) LTC_ARGCHK(ptlen == 0);
+   if (ptlen == 0) LTC_ARGCHK(pt    == NULL);
+   else            LTC_ARGCHK(ct    != NULL);
+
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       goto LBL_ERR;
    }
diff --git a/src/encauth/ocb3/ocb3_test.c b/src/encauth/ocb3/ocb3_test.c
@@ -219,8 +219,8 @@ int ocb3_test(void)
                                                    key, sizeof(key),
                                                    nonce, sizeof(nonce),
                                                    tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
-                                                   tests[x].pt, tests[x].ptlen,
-                                                   outct, outtag, &len)) != CRYPT_OK) {
+                                                   tests[x].ptlen != 0 ? tests[x].pt : NULL, tests[x].ptlen,
+                                                   tests[x].ptlen != 0 ? outct : NULL, outtag, &len)) != CRYPT_OK) {
            return err;
         }
 
@@ -233,8 +233,8 @@ int ocb3_test(void)
                                              key, sizeof(key),
                                              nonce, sizeof(nonce),
                                              tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
-                                             outct, tests[x].ptlen,
-                                             outct, tests[x].tag, len, &res)) != CRYPT_OK) {
+                                             tests[x].ptlen != 0 ? outct : NULL, tests[x].ptlen,
+                                             tests[x].ptlen != 0 ? outct : NULL, tests[x].tag, len, &res)) != CRYPT_OK) {
            return err;
         }
         if ((res != 1) || compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB3", x)) {
