commit d48874f6575a5f97f3e9dde97fd66a35b6bcb819
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Apr 14 00:01:53 2022 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Tue May 17 16:26:29 2022 +0200
tree 1ae335c9dfa5a874d175f7465250f8920e8f9656
parent 7d1502939a7993d3abba9dd4548c6a8b964f8b2c

Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation

We want to check:
1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits
   if the caller uses the key-specific buffer size macro)
2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits
   if the caller uses the generic buffer size macro)
3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
   (consistency in the calculation)

We were only testing (1) and (2). Test (3) as well. (1) and (3) together
imply (2) so there's no need to test (2).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/suites/test_suite_psa_crypto.function

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index ae7b503..41488f6 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -5118,7 +5118,7 @@
                     expected_output->x, expected_output->len );
     TEST_ASSERT( output_length <=
                  PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) );
-    TEST_ASSERT( output_length <=
+    TEST_ASSERT( PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) <=
                  PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
     mbedtls_free( output );
     output = NULL;