fix some range check issues.

CryptoLib/src/Asn1/ClpDerOutputStream.pas

@@ -79,7 +79,10 @@ procedure TDerOutputStream.WriteEncoded(tag: Int32;
 begin
   WriteByte(Byte(tag));
   WriteLength(System.length(bytes));
-  Write(bytes[0], System.length(bytes));
+  if bytes <> Nil then
+  begin
+    Write(bytes[0], System.length(bytes));
+  end;
 end;
 
 procedure TDerOutputStream.WriteEncoded(flags, tagNo: Int32;

CryptoLib/src/Crypto/Engines/ClpIESEngine.pas

@@ -259,12 +259,18 @@ begin
     if (System.Length(FV) <> 0) then
     begin
       System.Move(K[0], K2[0], System.Length(K2) * System.SizeOf(Byte));
-      System.Move(K[System.Length(K2)], K1[0], System.Length(K1) *
-        System.SizeOf(Byte));
+      if K1 <> Nil then
+      begin
+        System.Move(K[System.Length(K2)], K1[0],
+          System.Length(K1) * System.SizeOf(Byte));
+      end;
     end
     else
     begin
-      System.Move(K[0], K1[0], System.Length(K1) * System.SizeOf(Byte));
+      if K1 <> Nil then
+      begin
+        System.Move(K[0], K1[0], System.Length(K1) * System.SizeOf(Byte));
+      end;
       System.Move(K[System.Length(K1)], K2[0], System.Length(K2) *
         System.SizeOf(Byte));
     end;
@@ -365,7 +371,7 @@ function TIESEngine.EncryptBlock(const &in: TCryptoLibByteArray;
   inOff, inLen: Int32): TCryptoLibByteArray;
 var
   C, K, K1, K2, p2, L2, T: TCryptoLibByteArray;
-  len, i: Int32;
+  len, i, lenCount: Int32;
 begin
   if (Fcipher = Nil) then
   begin
@@ -379,12 +385,18 @@ begin
     if (System.Length(FV) <> 0) then
     begin
       System.Move(K[0], K2[0], System.Length(K2) * System.SizeOf(Byte));
-      System.Move(K[System.Length(K2)], K1[0], System.Length(K1) *
-        System.SizeOf(Byte));
+      if K1 <> Nil then
+      begin
+        System.Move(K[System.Length(K2)], K1[0],
+          System.Length(K1) * System.SizeOf(Byte));
+      end;
     end
     else
     begin
-      System.Move(K[0], K1[0], System.Length(K1) * System.SizeOf(Byte));
+      if K1 <> Nil then
+      begin
+        System.Move(K[0], K1[0], System.Length(K1) * System.SizeOf(Byte));
+      end;
       System.Move(K[inLen], K2[0], System.Length(K2) * System.SizeOf(Byte));
     end;
 
@@ -460,8 +472,15 @@ begin
   // C := Encrypted Payload
   // T := Authentication Message (MAC)
   System.SetLength(Result, System.Length(FV) + len + System.Length(T));
-  System.Move(FV[0], Result[0], System.Length(FV) * System.SizeOf(Byte));
-  System.Move(C[0], Result[System.Length(FV)], len * System.SizeOf(Byte));
+  if FV <> Nil then
+  begin
+    System.Move(FV[0], Result[0], System.Length(FV) * System.SizeOf(Byte));
+  end;
+  lenCount := len * System.SizeOf(Byte);
+  if lenCount > 0 then
+  begin
+    System.Move(C[0], Result[System.Length(FV)], lenCount);
+  end;
   System.Move(T[0], Result[System.Length(FV) + len],
     System.Length(T) * System.SizeOf(Byte));
 

CryptoLib/src/Crypto/Modes/ClpCfbBlockCipher.pas

@@ -222,7 +222,7 @@ end;
 function TCfbBlockCipher.DecryptBlock(const input: TCryptoLibByteArray;
   inOff: Int32; const outBytes: TCryptoLibByteArray; outOff: Int32): Int32;
 var
-  I: Int32;
+  I, count: Int32;
 begin
   if ((inOff + FblockSize) > System.length(input)) then
   begin
@@ -239,8 +239,11 @@ begin
   //
   // change over the input block.
   //
-  System.Move(FcfbV[FblockSize], FcfbV[0], (System.length(FcfbV) - FblockSize) *
-    System.SizeOf(Byte));
+  count := (System.length(FcfbV) - FblockSize) * System.SizeOf(Byte);
+  if count > 0 then
+  begin
+    System.Move(FcfbV[FblockSize], FcfbV[0], count);
+  end;
 
   System.Move(input[inOff], FcfbV[(System.length(FcfbV) - FblockSize)],
     FblockSize * System.SizeOf(Byte));
@@ -258,7 +261,7 @@ end;
 function TCfbBlockCipher.EncryptBlock(const input: TCryptoLibByteArray;
   inOff: Int32; const outBytes: TCryptoLibByteArray; outOff: Int32): Int32;
 var
-  I: Int32;
+  I, count: Int32;
 begin
   if ((inOff + FblockSize) > System.length(input)) then
   begin
@@ -282,8 +285,12 @@ begin
   //
   // change over the input block.
   //
-  System.Move(FcfbV[FblockSize], FcfbV[0], (System.length(FcfbV) - FblockSize) *
-    System.SizeOf(Byte));
+  count := (System.length(FcfbV) - FblockSize) * System.SizeOf(Byte);
+
+  if count > 0 then
+  begin
+    System.Move(FcfbV[FblockSize], FcfbV[0], count);
+  end;
 
   System.Move(outBytes[outOff], FcfbV[(System.length(FcfbV) - FblockSize)],
     FblockSize * System.SizeOf(Byte));

CryptoLib/src/Crypto/Modes/ClpOfbBlockCipher.pas

@@ -243,7 +243,7 @@ end;
 function TOfbBlockCipher.ProcessBlock(const input: TCryptoLibByteArray;
   inOff: Int32; const output: TCryptoLibByteArray; outOff: Int32): Int32;
 var
-  I: Int32;
+  I, count: Int32;
 begin
   if ((inOff + FblockSize) > System.length(input)) then
   begin
@@ -270,8 +270,12 @@ begin
   //
   // change over the input block.
   //
-  System.Move(FofbV[FblockSize], FofbV[0], (System.length(FofbV) - FblockSize) *
-    System.SizeOf(Byte));
+  count := (System.length(FofbV) - FblockSize) * System.SizeOf(Byte);
+
+  if count > 0 then
+  begin
+    System.Move(FofbV[FblockSize], FofbV[0], count);
+  end;
 
   System.Move(FofbOutV[0], FofbV[(System.length(FofbV) - FblockSize)],
     FblockSize * System.SizeOf(Byte));

CryptoLib/src/Crypto/Paddings/ClpPaddedBufferedBlockCipher.pas

@@ -232,7 +232,7 @@ end;
 function TPaddedBufferedBlockCipher.DoFinal(const output: TCryptoLibByteArray;
   outOff: Int32): Int32;
 var
-  blockSize, resultLen: Int32;
+  blockSize, resultLen, resultTotalLen: Int32;
 begin
   blockSize := Fcipher.GetBlockSize();
   resultLen := 0;
@@ -276,8 +276,11 @@ begin
 
     try
       resultLen := resultLen - Fpadding.PadCount(Fbuf);
-
-      System.Move(Fbuf[0], output[outOff], resultLen * System.SizeOf(Byte));
+      resultTotalLen := resultLen * System.SizeOf(Byte);
+      if resultTotalLen > 0 then
+      begin
+        System.Move(Fbuf[0], output[outOff], resultTotalLen);
+      end;
 
     finally
       Reset();