Return an error for IV lengths other than 12 with ChaCha20+Poly1305

The implementation was silently overwriting the IV length to 12 even though the caller passed a different value. Change the behavior to signal that a different length is not supported. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2025-07-30 22:43:08 +03:00 · 2021-12-01 22:19:33 +01:00
parent 33ca6af8a3
commit 63439eda62
3 changed files with 36 additions and 3 deletions
--- a/library/cipher.c
+++ b/library/cipher.c
@ -399,6 +399,11 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
        }
    }
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
+         iv_len != 12 )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#endif
 #endif

 #if defined(MBEDTLS_GCM_C)