fixed findings from code review

overheadhunter · overheadhunter · commit a456e7b22547 · 2025-11-19T20:53:29.000+01:00
[deploy]
diff --git a/src/main/java/org/cryptomator/siv/CMac.java b/src/main/java/org/cryptomator/siv/CMac.java
@@ -45,6 +45,7 @@ protected int engineGetMacLength() {
 
 	@Override
 	protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException {
+		engineReset();
 		try {
 			this.cipher = Cipher.getInstance(AES_ECB_NO_PADDING);
 		} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
@@ -63,9 +64,6 @@ protected void engineInit(Key key, AlgorithmParameterSpec params) throws Invalid
 		} finally {
 			Arrays.fill(L, (byte) 0);
 		}
-
-		// reset state
-		engineReset();
 	}
 
 	@Override
diff --git a/src/main/java/org/cryptomator/siv/SivCipher.java b/src/main/java/org/cryptomator/siv/SivCipher.java
@@ -54,9 +54,9 @@ protected int engineGetBlockSize() {
 	@Override
 	protected int engineGetOutputSize(int inputLen) {
 		if (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE) {
-			return 16 + inputLen;
+			return 16 + inputBuffer.length + inputLen;
 		} else if (opmode == Cipher.DECRYPT_MODE || opmode == Cipher.UNWRAP_MODE) {
-			return inputLen - 16;
+			return inputBuffer.length + inputLen - 16;
 		} else {
 			throw new IllegalStateException("Invalid opmode " + this.opmode);
 		}
@@ -123,7 +123,7 @@ protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] o
 
 	@Override
 	protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen) throws IllegalBlockSizeException, BadPaddingException {
-		int outputSize = engineGetOutputSize(inputBuffer.length + inputLen);
+		int outputSize = engineGetOutputSize(inputLen);
 		if (outputSize < 0) {
 			throw new IllegalBlockSizeException("Ciphertext too short (must be at least 16 bytes including SIV tag)");
 		}
@@ -139,7 +139,7 @@ protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen) thro
 
 	@Override
 	protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
-		int outputSize = engineGetOutputSize(inputBuffer.length + inputLen);
+		int outputSize = engineGetOutputSize(inputLen);
 		if (outputSize < 0) {
 			throw new IllegalBlockSizeException("Ciphertext too short (must be at least 16 bytes including SIV tag)");
 		}
diff --git a/src/main/java/org/cryptomator/siv/Utils.java b/src/main/java/org/cryptomator/siv/Utils.java
@@ -13,6 +13,9 @@ public class Utils {
 
 	// First bit 1, following bits 0.
 	static byte[] pad(byte[] in, int desiredLength) {
+		if (in.length >= desiredLength) {
+			throw new IllegalArgumentException("pad() expects input shorter than desiredLength");
+		}
 		final byte[] result = Arrays.copyOf(in, desiredLength);
 		result[in.length] = (byte) 0x80;
 		return result;
