From d48874f6575a5f97f3e9dde97fd66a35b6bcb819 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 14 Apr 2022 00:01:53 +0200 Subject: [PATCH] Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation We want to check: 1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits if the caller uses the key-specific buffer size macro) 2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits if the caller uses the generic buffer size macro) 3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (consistency in the calculation) We were only testing (1) and (2). Test (3) as well. (1) and (3) together imply (2) so there's no need to test (2). Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ae7b503b5..41488f623 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -5118,7 +5118,7 @@ void raw_key_agreement( int alg_arg, expected_output->x, expected_output->len ); TEST_ASSERT( output_length <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) ); - TEST_ASSERT( output_length <= + TEST_ASSERT( PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE ); mbedtls_free( output ); output = NULL;