nettle/mac: fail mac calculation if nonce is required but not provided

Fail _wrap_nettle_mac_set_nonce() and _wrap_nettle_mac_fast() if MAC
requires nonce, but it was not supplied.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index 6b688add33fe37aaa75ad09fcb313552e6134777..eac99af561549d3efed5a9d92f85a84474bc80f7 100644 (file)
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -392,8 +392,12 @@ static int wrap_nettle_mac_fast(gnutls_mac_algorithm_t algo,
                return gnutls_assert_val(ret);
 
        ctx.set_key(&ctx, key_size, key);
-       if (ctx.set_nonce)
+       if (ctx.set_nonce) {
+               if (nonce == NULL || nonce_size == 0)
+                       return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
                ctx.set_nonce(&ctx, nonce_size, nonce);
+       }
        ctx.update(&ctx, text_size, text);
        ctx.digest(&ctx, ctx.length, digest);
        
@@ -482,7 +486,10 @@ wrap_nettle_mac_set_nonce(void *_ctx, const void *nonce, size_t noncelen)
        struct nettle_mac_ctx *ctx = _ctx;
 
        if (ctx->set_nonce == NULL)
-               return GNUTLS_E_INVALID_REQUEST;
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+       if (nonce == NULL || noncelen == 0)
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
        ctx->set_nonce(ctx->ctx_ptr, noncelen, nonce);