commit d35304338007519eed957ab63dcc1a6d386a5dcb
author Andrzej Kurek <Andrzej.Kurek@arm.com> Thu Dec 02 09:31:58 2021 +0100
committer Andrzej Kurek <Andrzej.Kurek@arm.com> Thu Dec 02 09:31:58 2021 +0100
tree 810183a4b964c8bf8997bc9d0c90d2714e74bd55
parent 5375fd9a3ff67333e0b0a8c187a7d151f4cfa12f

Return an error for IV lengths other than 12 with ChaCha20+Poly1305

The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

library/cipher.c

diff --git a/library/cipher.c b/library/cipher.c
index 4a4a3e4..6153b33 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -399,6 +399,11 @@
             return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
         }
     }
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
+         iv_len != 12 )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#endif
 #endif
 
     if ( actual_iv_size != 0 )