nettle/mac: fail mac calculation if nonce is required but not provided

Fail _wrap_nettle_mac_set_nonce() and _wrap_nettle_mac_fast() if MAC requires nonce, but it was not supplied. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
author: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 2019-06-28 16:19:15 +0300
committer: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> 2019-06-28 16:45:21 +0300
commit: 35774126327f159bac200b8e154a829fd11e1035 (patch)
tree: dcc6510aad24b2d43634b84cc892293464af05b3
parent: 41f7f2c64131e778978e90eed62b576adc8fd82a (diff)
download: gnutls-35774126327f159bac200b8e154a829fd11e1035.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index 6b688add33..eac99af561 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -392,8 +392,12 @@ static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo,
 		return gnutls_assert_val(ret);
 
 	ctx.set_key(&ctx, key_size, key);
-	if (ctx.set_nonce)
+	if (ctx.set_nonce) {
+		if (nonce == NULL || nonce_size == 0)
+			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
 		ctx.set_nonce(&ctx, nonce_size, nonce);
+	}
 	ctx.update(&ctx, text_size, text);
 	ctx.digest(&ctx, ctx.length, digest);
 	
@@ -482,7 +486,10 @@ wrap_nettle_mac_set_nonce(void *_ctx, const void *nonce, size_t noncelen)
 	struct nettle_mac_ctx *ctx = _ctx;
 
 	if (ctx->set_nonce == NULL)
-		return GNUTLS_E_INVALID_REQUEST;
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+	if (nonce == NULL || noncelen == 0)
+		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
 	ctx->set_nonce(ctx->ctx_ptr, noncelen, nonce);
author	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>	2019-06-28 16:19:15 +0300
committer	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>	2019-06-28 16:45:21 +0300
commit	35774126327f159bac200b8e154a829fd11e1035 (patch)
tree	dcc6510aad24b2d43634b84cc892293464af05b3
parent	41f7f2c64131e778978e90eed62b576adc8fd82a (diff)
download	gnutls-35774126327f159bac200b8e154a829fd11e1035.tar.gz