commit 175c358e9e03f80dc5edafd9ff4781a7bf3f9e97
author Antonio de Angelis <Antonio.deAngelis@arm.com> Tue Apr 15 21:53:52 2025 +0100
committer Antonio de Angelis <Antonio.deAngelis@arm.com> Tue Apr 15 21:53:52 2025 +0100
tree 246b576d46f2d0731977bc3a09ce30451a879404
parent 723a1027a1574f6698df2b4b08c4e86d473f1881
parent e0a433c67c37138cd9dce23657ae82c5cbdcf51f

Merge remote-tracking branch 'origin/release/2.2.x'

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I91cfb0c6862b986bd301eaef93672d97eef9d3a3

tests_reg/test/secure_fw/suites/crypto/crypto_tests_common.c

diff --git a/tests_reg/test/secure_fw/suites/crypto/crypto_tests_common.c b/tests_reg/test/secure_fw/suites/crypto/crypto_tests_common.c
index 9f8cc5b..1ec66e2 100644
--- a/tests_reg/test/secure_fw/suites/crypto/crypto_tests_common.c
+++ b/tests_reg/test/secure_fw/suites/crypto/crypto_tests_common.c
@@ -11,6 +11,10 @@
 #include <string.h>
 #include "crypto_tests_common.h"
 
+/* Maximum array sizes to remove VLAs */
+#define PSA_HASH_LENGTH_MAX     64
+#define ECDSA_KEYS_PRIV_SZ_MAX  48
+
 /* Helper function to convert from string representation to binary */
 static uint8_t char_to_uint8_t(char c)
 {
@@ -2858,7 +2862,7 @@
         return;
     }
 
-    uint8_t encrypted_data[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(PSA_KEY_TYPE_RSA_KEY_PAIR, 2048, alg)];
+    uint8_t encrypted_data[PSA_BITS_TO_BYTES(2048)];
 
     status = psa_import_key(&key_attributes, key_pair, key_size, &key_id_local);
     if (status != PSA_SUCCESS) {
@@ -3239,15 +3243,21 @@
     }
 
     const size_t ecdsa_private_key_sz = ecdsa_keys[curve_selector].priv_sz;
-    uint8_t signature[PSA_ECDSA_SIGNATURE_SIZE(PSA_BYTES_TO_BITS(ecdsa_private_key_sz))];
+
+    assert(ECDSA_KEYS_PRIV_SZ_MAX >= ecdsa_private_key_sz);
+
+    uint8_t signature[PSA_ECDSA_SIGNATURE_SIZE(PSA_BYTES_TO_BITS(ECDSA_KEYS_PRIV_SZ_MAX))];
     char tmp_str[sizeof(signature) * 2 + 1]; /* enough to hold the hash string as well */
     size_t signature_length = 0;
     /* The expected format of the public key is uncompressed, i.e. 0x04 X Y */
     uint8_t ecdsa_pub_key[
-        PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_BYTES_TO_BITS(ecdsa_private_key_sz))];
+        PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_BYTES_TO_BITS(ECDSA_KEYS_PRIV_SZ_MAX))];
     size_t pub_key_length = 0;
     const psa_algorithm_t hash_alg = PSA_ALG_GET_HASH(alg);
-    uint8_t hash[PSA_HASH_LENGTH(hash_alg)];
+
+    assert(PSA_HASH_LENGTH_MAX >= PSA_HASH_LENGTH(hash_alg));
+
+    uint8_t hash[PSA_HASH_LENGTH_MAX];
     size_t hash_length = 0;
     uint8_t scratch_buffer[48 * 2 + 1]; /* Up to the P-384 pub key in uncompressed format */