Add safety for nonce length to internal driver

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 14:32:55 +01:00 · 2021-09-28 14:32:55 +01:00 · 946c920475
commit 946c920475
parent bb0f9e1740
1 changed files with 10 additions and 0 deletions
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@ -412,6 +412,16 @@ psa_status_t mbedtls_psa_aead_set_nonce(
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
    if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
    {
+        /* Note - ChaChaPoly allows an 8 byte nonce, but we would have to
+         * allocate a buffer in the operation, copy the nonce to it and pad
+         * it, so for now check the nonce is 12 bytes, as
+         * mbedtls_chachapoly_starts() assumes it can read 12 bytes from the
+         * passed in buffer. */
+        if( nonce_length != 12 )
+        {
+            return( PSA_ERROR_INVALID_ARGUMENT );
+        }
+
        status = mbedtls_to_psa_error(
           mbedtls_chachapoly_starts( &operation->ctx.chachapoly,
                                      nonce,