Make sure we don't underflow in the size macros

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-21 11:09:50 +02:00 · 2021-04-21 11:09:50 +02:00 · 1dda21c4a4
commit 1dda21c4a4
parent b639d43538
2 changed files with 8 additions and 6 deletions
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@ -337,10 +337,11 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key
 *                            algorithm.
 *                            If the AEAD algorithm is not recognized, return 0.
 */
-#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length ) \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t,                             \
-        PSA_ALG_IS_AEAD( alg ) ?                                     \
-        (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) :   \
+#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length )   \
+    MBEDTLS_DEPRECATED_CONSTANT( size_t,                               \
+        PSA_ALG_IS_AEAD( alg ) &&                                      \
+            (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) ? \
+            (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
        0 )

 /** A sufficient output buffer size for psa_aead_update().
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@ -323,8 +323,9 @@
 *                            return 0.
 */
 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
-    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ?                       \
-     (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :          \
+    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 &&                      \
+         (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ?      \
+         (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :      \
     0)

 /** A sufficient output buffer size for psa_aead_decrypt(), for any of the