Improve nonce length checks
Add the missing nonce length checks (this function is being used by
oneshot functions as well as multipart, and thus all cipher suites are
being used) and cover the case where a NULL buffer gets passed in.
Extended the set nonce test to cover this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index d877638..92c5ccf 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -141,6 +141,21 @@
mbedtls_psa_aead_operation_t *operation,
size_t nonce_length )
{
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
+ if( operation->alg == PSA_ALG_GCM )
+ {
+ if( nonce_length == 0 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_GCM */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
+ if( operation->alg == PSA_ALG_CCM )
+ {
+ if( nonce_length < 7 || nonce_length > 13 )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+ else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CCM */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 )
{
@@ -428,7 +443,7 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( mbedtls_aead_check_nonce_length( operation, nonce_length )
- != PSA_SUCCESS )
+ != PSA_SUCCESS || nonce == NULL )
{
return( PSA_ERROR_INVALID_ARGUMENT );
}