diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-06-28 16:19:15 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-06-28 16:45:21 +0300 |
commit | 35774126327f159bac200b8e154a829fd11e1035 (patch) | |
tree | dcc6510aad24b2d43634b84cc892293464af05b3 | |
parent | 41f7f2c64131e778978e90eed62b576adc8fd82a (diff) | |
download | gnutls-35774126327f159bac200b8e154a829fd11e1035.tar.gz |
nettle/mac: fail mac calculation if nonce is required but not provided
Fail _wrap_nettle_mac_set_nonce() and _wrap_nettle_mac_fast() if MAC
requires nonce, but it was not supplied.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-rw-r--r-- | lib/nettle/mac.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index 6b688add33..eac99af561 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -392,8 +392,12 @@ static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo, return gnutls_assert_val(ret); ctx.set_key(&ctx, key_size, key); - if (ctx.set_nonce) + if (ctx.set_nonce) { + if (nonce == NULL || nonce_size == 0) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + ctx.set_nonce(&ctx, nonce_size, nonce); + } ctx.update(&ctx, text_size, text); ctx.digest(&ctx, ctx.length, digest); @@ -482,7 +486,10 @@ wrap_nettle_mac_set_nonce(void *_ctx, const void *nonce, size_t noncelen) struct nettle_mac_ctx *ctx = _ctx; if (ctx->set_nonce == NULL) - return GNUTLS_E_INVALID_REQUEST; + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + if (nonce == NULL || noncelen == 0) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ctx->set_nonce(ctx->ctx_ptr, noncelen, nonce); |