search

martinthomson / ohttp

Rust library for encapsulating HTTP messages in a cryptographic wrapper
Apache License 2.0
30 stars 23 forks source link

integer underflow in open in nss/aead.rs #30

Closed mozkeeler closed 1 year ago

mozkeeler commented 2 years ago

If ClientResponse::decapsulate is given an enc_response that doesn't actually have any ciphertext, Aead::open will cause integer underflow when determining inputs to PK11_AEADOp.