From 1dda21c4a45d5cb7613addd9b84bac46a6fd9de9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 21 Apr 2021 11:09:50 +0200 Subject: [PATCH] Make sure we don't underflow in the size macros MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- include/psa/crypto_compat.h | 9 +++++---- include/psa/crypto_sizes.h | 5 +++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 04a4f30c8..5dabbd25f 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -337,10 +337,11 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key * algorithm. * If the AEAD algorithm is not recognized, return 0. */ -#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length ) \ - MBEDTLS_DEPRECATED_CONSTANT( size_t, \ - PSA_ALG_IS_AEAD( alg ) ? \ - (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \ +#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length ) \ + MBEDTLS_DEPRECATED_CONSTANT( size_t, \ + PSA_ALG_IS_AEAD( alg ) && \ + (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) ? \ + (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \ 0 ) /** A sufficient output buffer size for psa_aead_update(). diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 709ae6ec9..b56b34645 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -323,8 +323,9 @@ * return 0. */ #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \ - (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \ - (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \ + (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \ + (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \ + (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \ 0) /** A sufficient output buffer size for psa_aead_decrypt(), for any of the