No panic during too short MGM message

diff --git a/gogost.go b/gogost.go
index e148c6883bcbb7dd659a2aebc46e7db7e6999cfd..ed45ddfe3b66a2083a179aa613f3d598b9068924 100644 (file)
--- a/gogost.go
+++ b/gogost.go
@@ -1,4 +1,4 @@
 // Pure Go GOST cryptographic functions library.
 package gogost
 
 // Pure Go GOST cryptographic functions library.
 package gogost
 

-const Version = "5.1.1"
+const Version = "5.2.0"

diff --git a/mgm/mode.go b/mgm/mode.go
index 065bff50edd0b96e5a01aff22be9f4270398d2f9..c281567fbaf9ceb8dc33777314e2122788064a7b 100644 (file)
--- a/mgm/mode.go
+++ b/mgm/mode.go
@@ -234,7 +234,9 @@ func (mgm *MGM) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
 func (mgm *MGM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
        mgm.validateNonce(nonce)
        mgm.validateSizes(ciphertext, additionalData)
 func (mgm *MGM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
        mgm.validateNonce(nonce)
        mgm.validateSizes(ciphertext, additionalData)

-       if uint64(len(ciphertext)-mgm.tagSize) > mgm.maxSize {
+       if len(ciphertext) < mgm.TagSize {
+               return nil, errors.New("ciphertext is too short")
+       }

        if uint64(len(ciphertext)-mgm.TagSize) > mgm.MaxSize {
                panic("ciphertext is too big")
        }
        if uint64(len(ciphertext)-mgm.TagSize) > mgm.MaxSize {
                panic("ciphertext is too big")
        }

diff --git a/news.texi b/news.texi
index 33ea6490cc3a4edb624ad55b8c7a7547bacc00f0..50b3e3a093014db31d932c462c0d72e1542eb3e0 100644 (file)
--- a/news.texi
+++ b/news.texi
@@ -3,6 +3,10 @@
 
 @table @strong
 
 
 @table @strong
 

+@anchor{Release 5.2.0}
+@item 5.2.0
+    MGM does not panic when short (tagless) message is verified.
+

 @anchor{Release 5.1.1}
 @item 5.1.1
     Tarball uses vendoring, instead of @env{GOPATH} overriding.
 @anchor{Release 5.1.1}
 @item 5.1.1
     Tarball uses vendoring, instead of @env{GOPATH} overriding.