Properly handle GCM's range of nonce sizes
Add comment to the effect that we cannot really check nonce size as the
GCM spec allows almost arbitrarily large nonces. As a result of this,
change the operation nonce over to an allocated buffer to avoid overflow
situations.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h
index fcac5ca..ef4842e 100644
--- a/library/psa_crypto_aead.h
+++ b/library/psa_crypto_aead.h
@@ -263,6 +263,8 @@
* \retval #PSA_ERROR_NOT_SUPPORTED
* Algorithm previously set is not supported in this configuration of
* the library.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * (GCM and CCM only) Unable to allocate buffer for nonce.
*/
psa_status_t mbedtls_psa_aead_set_nonce(
mbedtls_psa_aead_operation_t *operation,