Blake2b, Poly1305: fixed undefined behaviour

Caugth by TIS-CI and the latest Clang's UBSan.
Incrementing a NULL pointer, even by a NULL offset, is not permitted.
This was caused by the removal of a conditional that exited early if the
message was empty.
The fix was to move the increment inside the alignment loop.

It may be tiny bit slower, but this was the slow path already.
Users can avoid it by aligning their increments to block boundaries.

diff --git a/src/monocypher.c b/src/monocypher.c
index a951e58168a00a0fcb507c89f28d4b8899581bd2..af4c2e2871bf41fbf8366c210c5ee4c449320124 100644 (file)
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -389,10 +389,10 @@ void crypto_poly1305_update(crypto_poly1305_ctx *ctx,
     // Align ourselves with block boundaries
     size_t aligned = MIN(align(ctx->c_idx, 16), message_size);
     FOR (i, 0, aligned) {
-        poly_take_input(ctx, message[i]);
+        poly_take_input(ctx, *message);
+        message++;
+        message_size--;
     }
-    message      += aligned;
-    message_size -= aligned;
 
     // If block is complete, process it and clear input
     if (ctx->c_idx == 16) {
@@ -583,11 +583,11 @@ void crypto_blake2b_update(crypto_blake2b_ctx *ctx,
     // The block that may result is not compressed yet
     size_t aligned = MIN(align(ctx->input_idx, 128), message_size);
     FOR (i, 0, aligned) {
-        blake2b_set_input(ctx, message[i], ctx->input_idx);
+        blake2b_set_input(ctx, *message, ctx->input_idx);
         ctx->input_idx++;
+        message++;
+        message_size--;
     }
-    message      += aligned;
-    message_size -= aligned;
 
     // Process the message block by block
     // The last block is not compressed yet.