From 8f0ef519d41441282110a14acb5fb2c1419bf16e Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Mon, 11 Dec 2023 15:17:11 +0000
Subject: [PATCH] Add buffer copying to psa_aead_set_nonce()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 library/psa_crypto.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 87c7cacb86..b58758cf06 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4938,11 +4938,14 @@ exit:
 /* Set the nonce for a multipart authenticated encryption or decryption
    operation.*/
 psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
-                                const uint8_t *nonce,
+                                const uint8_t *nonce_external,
                                 size_t nonce_length)
 {
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
+    LOCAL_INPUT_DECLARE(nonce_external, nonce);
+    LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce);
+
     if (operation->id == 0) {
         status = PSA_ERROR_BAD_STATE;
         goto exit;
@@ -4969,6 +4972,8 @@ exit:
         psa_aead_abort(operation);
     }
 
+    LOCAL_INPUT_FREE(nonce_external, nonce);
+
     return status;
 }