Make sure we don't underflow in the size macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h
index 04a4f30..5dabbd2 100644
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@@ -337,10 +337,11 @@
* algorithm.
* If the AEAD algorithm is not recognized, return 0.
*/
-#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length ) \
- MBEDTLS_DEPRECATED_CONSTANT( size_t, \
- PSA_ALG_IS_AEAD( alg ) ? \
- (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
+#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length ) \
+ MBEDTLS_DEPRECATED_CONSTANT( size_t, \
+ PSA_ALG_IS_AEAD( alg ) && \
+ (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) ? \
+ (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
0 )
/** A sufficient output buffer size for psa_aead_update().
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 709ae6e..b56b346 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -323,8 +323,9 @@
* return 0.
*/
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
- (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
- (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
+ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
+ (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
+ (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
0)
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the