Make sure we don't underflow in the size macros

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-21 11:09:50 +02:00 · 2021-04-21 11:09:50 +02:00 · 1dda21c4a4
commit 1dda21c4a4
parent b639d43538
2 changed files with 8 additions and 6 deletions
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@ -323,8 +323,9 @@
 *                            return 0.
 */
 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
-    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ?                       \
-     (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :          \
+    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 &&                      \
+         (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ?      \
+         (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :      \
     0)

 /** A sufficient output buffer size for psa_aead_decrypt(), for any of the