aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/gnsrecord/gnsrecord_crypto.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index 7fe0c6953..feb60ade9 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -99,7 +99,14 @@ eddsa_symmetric_decrypt (
99 const unsigned char *nonce, 99 const unsigned char *nonce,
100 void *result) 100 void *result)
101{ 101{
102 if (0 != crypto_secretbox_open_easy (result, block, size, nonce, key)) 102 ssize_t ctlen = size - crypto_secretbox_MACBYTES;
103 if (ctlen < 0)
104 return GNUNET_SYSERR;
105 if (0 != crypto_secretbox_open_detached (result,
106 block, // Ciphertext
107 ((unsigned char*)block) + ctlen, // TAG
108 ctlen,
109 nonce, key))
103 { 110 {
104 return GNUNET_SYSERR; 111 return GNUNET_SYSERR;
105 } 112 }
@@ -115,7 +122,11 @@ eddsa_symmetric_encrypt (
115 const unsigned char *nonce, 122 const unsigned char *nonce,
116 void *result) 123 void *result)
117{ 124{
118 crypto_secretbox_easy (result, block, size, nonce, key); 125 if (size > crypto_secretbox_MESSAGEBYTES_MAX)
126 return GNUNET_SYSERR;
127 crypto_secretbox_detached (result, // Ciphertext
128 result + size, // TAG
129 block, size, nonce, key);
119 return GNUNET_OK; 130 return GNUNET_OK;
120} 131}
121 132