From 8a23f49ebc79c98082926ca2d17f96e62f3f5b12 Mon Sep 17 00:00:00 2001
From: oberon-sk <koch@oberon.ch>
Date: Mon, 13 Feb 2023 13:42:02 +0100
Subject: [PATCH 1/2] asymmetric_encrypt: check output length only if return
 code is PSA_SUCCESS.

Signed-off-by: Stephan Koch <koch@oberon.ch>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 214096c09efc..a96bcf7c295c 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4173,7 +4173,9 @@ void asymmetric_encrypt(int key_type_arg,
                                            output, output_size,
                                            &output_length);
     TEST_EQUAL(actual_status, expected_status);
-    TEST_EQUAL(output_length, expected_output_length);
+    if (actual_status == PSA_SUCCESS) {
+        TEST_EQUAL(output_length, expected_output_length);
+    }
 
     /* If the label is empty, the test framework puts a non-null pointer
      * in label->x. Test that a null pointer works as well. */
@@ -4188,7 +4190,9 @@ void asymmetric_encrypt(int key_type_arg,
                                                output, output_size,
                                                &output_length);
         TEST_EQUAL(actual_status, expected_status);
-        TEST_EQUAL(output_length, expected_output_length);
+        if (actual_status == PSA_SUCCESS) {
+            TEST_EQUAL(output_length, expected_output_length);
+        }
     }
 
 exit:

From 6ed143635d0a91c79c21ec1d762e7e7d6aae20f5 Mon Sep 17 00:00:00 2001
From: Stephan Koch <koch@oberon.ch>
Date: Wed, 22 Feb 2023 13:39:21 +0100
Subject: [PATCH 2/2] Feedback from Arm: guarantee that output_length <=
 output_size even on error, to reduce the risk that a missing error check
 escalates into a buffer overflow in the application code

Signed-off-by: Stephan Koch <koch@oberon.ch>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 tests/suites/test_suite_psa_crypto.function | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index a96bcf7c295c..5bd7b36e5b41 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -4175,6 +4175,8 @@ void asymmetric_encrypt(int key_type_arg,
     TEST_EQUAL(actual_status, expected_status);
     if (actual_status == PSA_SUCCESS) {
         TEST_EQUAL(output_length, expected_output_length);
+    } else {
+        TEST_LE_U(output_length, output_size);
     }
 
     /* If the label is empty, the test framework puts a non-null pointer
@@ -4192,6 +4194,8 @@ void asymmetric_encrypt(int key_type_arg,
         TEST_EQUAL(actual_status, expected_status);
         if (actual_status == PSA_SUCCESS) {
             TEST_EQUAL(output_length, expected_output_length);
+        } else {
+            TEST_LE_U(output_length, output_size);
         }
     }