Return an error for IV lengths other than 12 with ChaCha20+Poly1305

The implementation was silently overwriting the IV length to 12 even though the caller passed a different value. Change the behavior to signal that a different length is not supported. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2025-08-07 06:42:56 +03:00 · 2021-12-02 09:31:58 +01:00
parent 5375fd9a3f
commit d353043380
3 changed files with 36 additions and 3 deletions
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -399,6 +399,11 @@ int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
        }
    }
+#if defined(MBEDTLS_CHACHAPOLY_C)
+    if ( ctx->cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 &&
+         iv_len != 12 )
+        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+#endif
 #endif

    if ( actual_iv_size != 0 )