Make sure we don't underflow in the size macros Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>

commit: 1dda21c4a45d5cb7613addd9b84bac46a6fd9de9 [log] [tgz]
author: Bence Szépkúti <bence.szepkuti@arm.com> Wed Apr 21 11:09:50 2021 +0200
committer: Bence Szépkúti <bence.szepkuti@arm.com> Wed Apr 21 11:09:50 2021 +0200
tree: 9b5f1cdbf2a1260bf39935b43a9e1046e923a85c
parent: b639d4353800ecbaebdf1a069ab4efce94a61d47 [diff] [blame]
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 709ae6e..b56b346 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h

@@ -323,8 +323,9 @@
  *                            return 0.
  */
 #define PSA_AEAD_DECRYPT_OUTPUT_SIZE(key_type, alg, ciphertext_length) \
-    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ?                       \
-     (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :          \
+    (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 &&                      \
+         (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ?      \
+         (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) :      \
      0)
 
 /** A sufficient output buffer size for psa_aead_decrypt(), for any of the
commit	1dda21c4a45d5cb7613addd9b84bac46a6fd9de9	[log] [tgz]
author	Bence Szépkúti <bence.szepkuti@arm.com>	Wed Apr 21 11:09:50 2021 +0200
committer	Bence Szépkúti <bence.szepkuti@arm.com>	Wed Apr 21 11:09:50 2021 +0200
tree	9b5f1cdbf2a1260bf39935b43a9e1046e923a85c
parent	b639d4353800ecbaebdf1a069ab4efce94a61d47 [diff] [blame]