Add safety for nonce length to internal driver Signed-off-by: Paul Elliott <paul.elliott@arm.com>

commit: 946c9204757da344755d3265a779270ef578c1cb [log] [tgz]
author: Paul Elliott <paul.elliott@arm.com> Tue Sep 28 14:32:55 2021 +0100
committer: Paul Elliott <paul.elliott@arm.com> Tue Sep 28 14:42:36 2021 +0100
tree: 13f5e1d9b3dc33bb32eb62b55769b3fa09c569d5
parent: bb0f9e1740bf1f6630c120abb4e13a31514dad3f [diff] [blame]
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 5e36932..bc37a04 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c

@@ -412,6 +412,16 @@
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
     if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
     {
+        /* Note - ChaChaPoly allows an 8 byte nonce, but we would have to
+         * allocate a buffer in the operation, copy the nonce to it and pad
+         * it, so for now check the nonce is 12 bytes, as
+         * mbedtls_chachapoly_starts() assumes it can read 12 bytes from the
+         * passed in buffer. */
+        if( nonce_length != 12 )
+        {
+            return( PSA_ERROR_INVALID_ARGUMENT );
+        }
+
         status = mbedtls_to_psa_error(
            mbedtls_chachapoly_starts( &operation->ctx.chachapoly,
                                       nonce,
commit	946c9204757da344755d3265a779270ef578c1cb	[log] [tgz]
author	Paul Elliott <paul.elliott@arm.com>	Tue Sep 28 14:32:55 2021 +0100
committer	Paul Elliott <paul.elliott@arm.com>	Tue Sep 28 14:42:36 2021 +0100
tree	13f5e1d9b3dc33bb32eb62b55769b3fa09c569d5
parent	bb0f9e1740bf1f6630c120abb4e13a31514dad3f [diff] [blame]