From eac6c757a27db9457b0f9301f4c0f654638b75d7 Mon Sep 17 00:00:00 2001
From: Paul Elliott <paul.elliott@arm.com>
Date: Wed, 15 Sep 2021 19:08:27 +0100
Subject: [PATCH] Make nonce length check return error where it can

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
---
 library/psa_crypto_aead.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 033dc8207..46eb1c933 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -195,12 +195,10 @@ psa_status_t mbedtls_psa_aead_encrypt(
     }
     tag = ciphertext + plaintext_length;
 
-    if( mbedtls_aead_check_nonce_length( &operation, nonce_length )
-        != PSA_SUCCESS )
-    {
-        status = PSA_ERROR_NOT_SUPPORTED;
+    status = mbedtls_aead_check_nonce_length( &operation, nonce_length );
+
+    if( status != PSA_SUCCESS )
         goto exit;
-    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation.alg == PSA_ALG_CCM )
@@ -310,12 +308,10 @@ psa_status_t mbedtls_psa_aead_decrypt(
     if( status != PSA_SUCCESS )
         goto exit;
 
-    if( mbedtls_aead_check_nonce_length( &operation, nonce_length )
-        != PSA_SUCCESS )
-    {
-        status = PSA_ERROR_NOT_SUPPORTED;
+    status = mbedtls_aead_check_nonce_length( &operation, nonce_length );
+
+    if( status != PSA_SUCCESS )
         goto exit;
-    }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
     if( operation.alg == PSA_ALG_CCM )