Use "sufficient buffer size" in buffer size macros

Don't use "safe buffer size", because this it's somewhat misleading to
make it about safety: a buffer size that's too small will lead to a
runtime error, not to undefined behavior.
This commit is contained in:
Gilles Peskine 2019-05-21 15:59:56 +02:00
parent 2cb9e39b50
commit 56e2dc8010

View file

@ -426,9 +426,9 @@
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \ #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
(PSA_BITS_TO_BYTES(curve_bits) * 2) (PSA_BITS_TO_BYTES(curve_bits) * 2)
/** Safe signature buffer size for psa_asymmetric_sign(). /** Sufficient signature buffer size for psa_asymmetric_sign().
* *
* This macro returns a safe buffer size for a signature using a key * This macro returns a sufficient buffer size for a signature using a key
* of the specified type and size, with the specified algorithm. * of the specified type and size, with the specified algorithm.
* Note that the actual size of the signature may be smaller * Note that the actual size of the signature may be smaller
* (some algorithms produce a variable-size signature). * (some algorithms produce a variable-size signature).
@ -457,9 +457,9 @@
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
((void)alg, 0)) ((void)alg, 0))
/** Safe output buffer size for psa_asymmetric_encrypt(). /** Sufficient output buffer size for psa_asymmetric_encrypt().
* *
* This macro returns a safe buffer size for a ciphertext produced using * This macro returns a sufficient buffer size for a ciphertext produced using
* a key of the specified type and size, with the specified algorithm. * a key of the specified type and size, with the specified algorithm.
* Note that the actual size of the ciphertext may be smaller, depending * Note that the actual size of the ciphertext may be smaller, depending
* on the algorithm. * on the algorithm.
@ -488,9 +488,9 @@
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \ ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
0) 0)
/** Safe output buffer size for psa_asymmetric_decrypt(). /** Sufficient output buffer size for psa_asymmetric_decrypt().
* *
* This macro returns a safe buffer size for a ciphertext produced using * This macro returns a sufficient buffer size for a ciphertext produced using
* a key of the specified type and size, with the specified algorithm. * a key of the specified type and size, with the specified algorithm.
* Note that the actual size of the ciphertext may be smaller, depending * Note that the actual size of the ciphertext may be smaller, depending
* on the algorithm. * on the algorithm.
@ -629,7 +629,7 @@
#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \ #define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
(PSA_BITS_TO_BYTES(key_bits)) (PSA_BITS_TO_BYTES(key_bits))
/** Safe output buffer size for psa_export_key() or psa_export_public_key(). /** Sufficient output buffer size for psa_export_key() or psa_export_public_key().
* *
* This macro returns a compile-time constant if its arguments are * This macro returns a compile-time constant if its arguments are
* compile-time constants. * compile-time constants.