GHASH should check the nonce size

author: Jack Lloyd <[email protected]> 2018-08-10 19:46:09 -0400
committer: Jack Lloyd <[email protected]> 2018-08-10 19:46:09 -0400
commit: e9699a70cb21ec837c28e9732dad6a81321a462d (patch)
tree: 606c52fb7c336923afa35288c0b56b963d9f0a25 /src/lib/modes
parent: 1d7bde1fc8725a5b8aa39cf9cc6b452dc38421af (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/modes/aead/gcm/ghash.cpp b/src/lib/modes/aead/gcm/ghash.cpp
index 1d1e68e1c..68d0356f9 100644
--- a/src/lib/modes/aead/gcm/ghash.cpp
+++ b/src/lib/modes/aead/gcm/ghash.cpp
@@ -187,6 +187,7 @@ void GHASH::key_schedule(const uint8_t key[], size_t length)
 
 void GHASH::start(const uint8_t nonce[], size_t len)
    {
+   BOTAN_ARG_CHECK(len == 16, "GHASH requires a 128-bit nonce");
    m_nonce.assign(nonce, nonce + len);
    m_ghash = m_H_ad;
    }
author	Jack Lloyd <[email protected]>	2018-08-10 19:46:09 -0400
committer	Jack Lloyd <[email protected]>	2018-08-10 19:46:09 -0400
commit	e9699a70cb21ec837c28e9732dad6a81321a462d (patch)
tree	606c52fb7c336923afa35288c0b56b963d9f0a25 /src/lib/modes
parent	1d7bde1fc8725a5b8aa39cf9cc6b452dc38421af (diff)