From ddc7a559a2943c49e3cc248f8b464ed356c37a5a Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Thu, 13 Apr 2023 15:32:29 +0700
Subject: Guard against null nonce and clone returned nonce

---
 crypto/src/crypto/parameters/AEADParameters.cs | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/crypto/src/crypto/parameters/AEADParameters.cs b/crypto/src/crypto/parameters/AEADParameters.cs
index 825d6b7f2..5b0ce33f2 100644
--- a/crypto/src/crypto/parameters/AEADParameters.cs
+++ b/crypto/src/crypto/parameters/AEADParameters.cs
@@ -30,13 +30,12 @@ namespace Org.BouncyCastle.Crypto.Parameters
 		 * @param nonce nonce to be used
 		 * @param associatedText associated text, if any
 		 */
-		public AeadParameters(
-			KeyParameter	key,
-			int				macSize,
-			byte[]			nonce,
-			byte[]			associatedText)
+		public AeadParameters(KeyParameter key, int macSize, byte[] nonce, byte[] associatedText)
 		{
-			this.key = key;
+            if (nonce == null)
+                throw new ArgumentNullException(nameof(nonce));
+
+            this.key = key;
 			this.nonce = nonce;
 			this.macSize = macSize;
 			this.associatedText = associatedText;
@@ -59,7 +58,11 @@ namespace Org.BouncyCastle.Crypto.Parameters
 
 		public virtual byte[] GetNonce()
 		{
-			return nonce;
+			return (byte[])nonce.Clone();
 		}
-	}
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+        internal ReadOnlySpan<byte> Nonce => nonce;
+#endif
+    }
 }
-- 
cgit 1.4.1