Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check
escalates into a buffer overflow in the application code
Signed-off-by: Stephan Koch <koch@oberon.ch>
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 4304811..8f0ea25 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -7855,6 +7855,8 @@
TEST_EQUAL(actual_status, expected_status);
if (actual_status == PSA_SUCCESS) {
TEST_EQUAL(output_length, expected_output_length);
+ } else {
+ TEST_LE_U(output_length, output_size);
}
/* If the label is empty, the test framework puts a non-null pointer
@@ -7872,6 +7874,8 @@
TEST_EQUAL(actual_status, expected_status);
if (actual_status == PSA_SUCCESS) {
TEST_EQUAL(output_length, expected_output_length);
+ } else {
+ TEST_LE_U(output_length, output_size);
}
}