diff options
Diffstat (limited to 'src/crypto/cipher/gcm.go')
-rw-r--r-- | src/crypto/cipher/gcm.go | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/crypto/cipher/gcm.go b/src/crypto/cipher/gcm.go index 73d78550f8..ba0af84a9d 100644 --- a/src/crypto/cipher/gcm.go +++ b/src/crypto/cipher/gcm.go @@ -86,7 +86,8 @@ func NewGCM(cipher Block) (AEAD, error) { } // NewGCMWithNonceSize returns the given 128-bit, block cipher wrapped in Galois -// Counter Mode, which accepts nonces of the given length. +// Counter Mode, which accepts nonces of the given length. The length must not +// be zero. // // Only use this function if you require compatibility with an existing // cryptosystem that uses non-standard nonce lengths. All other users should use @@ -112,6 +113,10 @@ func newGCMWithNonceAndTagSize(cipher Block, nonceSize, tagSize int) (AEAD, erro return nil, errors.New("cipher: incorrect tag size given to GCM") } + if nonceSize <= 0 { + return nil, errors.New("cipher: the nonce can't have zero length, or the security of the key will be immediately compromised") + } + if cipher, ok := cipher.(gcmAble); ok { return cipher.NewGCM(nonceSize, tagSize) } |