func (mgm *MGM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
mgm.validateNonce(nonce)
mgm.validateSizes(ciphertext, additionalData)
- if uint64(len(ciphertext)-mgm.tagSize) > mgm.maxSize {
+ if len(ciphertext) < mgm.TagSize {
+ return nil, errors.New("ciphertext is too short")
+ }
if uint64(len(ciphertext)-mgm.TagSize) > mgm.MaxSize {
panic("ciphertext is too big")
}
@table @strong
+@anchor{Release 5.2.0}
+@item 5.2.0
+ MGM does not panic when short (tagless) message is verified.
+
@anchor{Release 5.1.1}
@item 5.1.1
Tarball uses vendoring, instead of @env{GOPATH} overriding.