From 9322296334c80a87994bb4779619210e76ffaf26 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Mon, 22 Oct 2018 12:04:29 +0700
Subject: Apply CCM nonce length check for encryption only

---
 crypto/src/crypto/modes/CcmBlockCipher.cs | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'crypto/src')

diff --git a/crypto/src/crypto/modes/CcmBlockCipher.cs b/crypto/src/crypto/modes/CcmBlockCipher.cs
index 4de40d58e..0a28a288f 100644
--- a/crypto/src/crypto/modes/CcmBlockCipher.cs
+++ b/crypto/src/crypto/modes/CcmBlockCipher.cs
@@ -91,10 +91,8 @@ namespace Org.BouncyCastle.Crypto.Modes
                 keyParam = cipherParameters;
             }
 
-            if (nonce == null || nonce.Length < 7 || nonce.Length > 13)
-            {
+            if (nonce == null || (forEncryption && (nonce.Length < 7 || nonce.Length > 13)))
                 throw new ArgumentException("nonce must have length from 7 to 13 octets");
-            }
 
             Reset();
         }
-- 
cgit 1.5.1