Make sure we don't underflow in the size macros Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>

commit: 1dda21c4a45d5cb7613addd9b84bac46a6fd9de9 [log] [tgz]
author: Bence Szépkúti <bence.szepkuti@arm.com> Wed Apr 21 11:09:50 2021 +0200
committer: Bence Szépkúti <bence.szepkuti@arm.com> Wed Apr 21 11:09:50 2021 +0200
tree: 9b5f1cdbf2a1260bf39935b43a9e1046e923a85c
parent: b639d4353800ecbaebdf1a069ab4efce94a61d47 [diff] [blame]
diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h
index 04a4f30..5dabbd2 100644
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h

@@ -337,10 +337,11 @@
  *                            algorithm.
  *                            If the AEAD algorithm is not recognized, return 0.
  */
-#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length ) \
-    MBEDTLS_DEPRECATED_CONSTANT( size_t,                             \
-        PSA_ALG_IS_AEAD( alg ) ?                                     \
-        (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) :   \
+#define PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG( alg, ciphertext_length )   \
+    MBEDTLS_DEPRECATED_CONSTANT( size_t,                               \
+        PSA_ALG_IS_AEAD( alg ) &&                                      \
+            (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) ? \
+            (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH( alg ) : \
         0 )
 
 /** A sufficient output buffer size for psa_aead_update().
commit	1dda21c4a45d5cb7613addd9b84bac46a6fd9de9	[log] [tgz]
author	Bence Szépkúti <bence.szepkuti@arm.com>	Wed Apr 21 11:09:50 2021 +0200
committer	Bence Szépkúti <bence.szepkuti@arm.com>	Wed Apr 21 11:09:50 2021 +0200
tree	9b5f1cdbf2a1260bf39935b43a9e1046e923a85c
parent	b639d4353800ecbaebdf1a069ab4efce94a61d47 [diff] [blame]