From b841eb4c5458ad85da66d9040c5b4e69f54fb9df Mon Sep 17 00:00:00 2001
From: Alexander Neumann <alexander@bumpern.de>
Date: Sun, 22 Nov 2015 20:42:20 +0100
Subject: [PATCH] crypto: check key for validity

---
 crypto/crypto.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/crypto/crypto.go b/crypto/crypto.go
index 4a1a66bed..559569679 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -233,6 +233,10 @@ var ErrInvalidCiphertext = errors.New("invalid ciphertext, same slice used for p
 // necessary. ciphertext and plaintext may not point to (exactly) the same
 // slice or non-intersecting slices.
 func Encrypt(ks *Key, ciphertext []byte, plaintext []byte) ([]byte, error) {
+	if !ks.Valid() {
+		return nil, errors.New("invalid key")
+	}
+
 	ciphertext = ciphertext[:cap(ciphertext)]
 
 	// test for same slice, if possible
@@ -271,6 +275,10 @@ func Encrypt(ks *Key, ciphertext []byte, plaintext []byte) ([]byte, error) {
 // IV || Ciphertext || MAC. plaintext and ciphertext may point to (exactly) the
 // same slice.
 func Decrypt(ks *Key, plaintext []byte, ciphertextWithMac []byte) ([]byte, error) {
+	if !ks.Valid() {
+		return nil, errors.New("invalid key")
+	}
+
 	// check for plausible length
 	if len(ciphertextWithMac) < ivSize+macSize {
 		panic("trying to decrypt invalid data: ciphertext too small")