Document what the signature tests are doing a bit better
Add a check that the purported output length is less than the buffer
size in sign_fail.
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 2fba854..1959e13 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -1589,17 +1589,21 @@
NULL,
&key_bits ) == PSA_SUCCESS );
+ /* Allocate a buffer which has the size advertized by the
+ * library. */
signature_size = PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type,
key_bits, alg );
TEST_ASSERT( signature_size != 0 );
signature = mbedtls_calloc( 1, signature_size );
TEST_ASSERT( signature != NULL );
+ /* Perform the signature. */
TEST_ASSERT( psa_asymmetric_sign( slot, alg,
input_data->x, input_data->len,
NULL, 0,
signature, signature_size,
&signature_length ) == PSA_SUCCESS );
+ /* Verify that the signature is correct. */
TEST_ASSERT( signature_length == output_data->len );
TEST_ASSERT( memcmp( signature, output_data->x,
output_data->len ) == 0 );
@@ -1614,11 +1618,12 @@
/* BEGIN_CASE */
void sign_fail( int key_type_arg, data_t *key_data,
int alg_arg, data_t *input_data,
- int signature_size, int expected_status_arg )
+ int signature_size_arg, int expected_status_arg )
{
int slot = 1;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t signature_size = signature_size_arg;
psa_status_t actual_status;
psa_status_t expected_status = expected_status_arg;
unsigned char *signature = NULL;
@@ -1649,7 +1654,11 @@
signature, signature_size,
&signature_length );
TEST_ASSERT( actual_status == expected_status );
- TEST_ASSERT( signature_length == 0 );
+ /* The value of *signature_length is unspecified on error, but
+ * whatever it is, it should be less than signature_size, so that
+ * if the caller tries to read *signature_length bytes without
+ * checking the error code then they don't overflow a buffer. */
+ TEST_ASSERT( signature_length <= signature_size );
exit:
psa_destroy_key( slot );