AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add safety for nonce length to internal driver

Browse Source 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2021-09-28 14:32:55 +01:00
parent bb0f9e1740
commit 946c920475
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/psa_crypto_aead.c
View File

@ -412,6 +412,16 @@ psa_status_t mbedtls_psa_aead_set_nonce(
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305) #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
{ {
/* Note - ChaChaPoly allows an 8 byte nonce, but we would have to
* allocate a buffer in the operation, copy the nonce to it and pad
* it, so for now check the nonce is 12 bytes, as
* mbedtls_chachapoly_starts() assumes it can read 12 bytes from the
* passed in buffer. */
if( nonce_length != 12 )
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_chachapoly_starts( &operation->ctx.chachapoly, mbedtls_chachapoly_starts( &operation->ctx.chachapoly,
nonce, nonce,