From 06297936f23c2d025cfd39ed66e91802330d00e1 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 11 Apr 2018 16:58:22 +0200
Subject: [PATCH] More precise bounds for PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE

---
 include/psa/crypto.h | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index f25837bfdf..1a2a7411da 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -1335,10 +1335,15 @@ psa_status_t psa_asymmetric_verify(psa_key_slot_t key,
                                    size_t signature_size);
 
 #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)     \
-    (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
-     ((void)alg, 0))
+    (PSA_KEY_TYPE_IS_RSA(key_type) ?                                    \
+     ((void)alg, PSA_BITS_TO_BYTES(key_bits)) :                         \
+     0)
 #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
-    PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg)
+    (PSA_KEY_TYPE_IS_RSA(key_type) ?                                    \
+     PSA_BITS_TO_BYTES(key_bits) - ((alg) == PSA_ALG_IS_RSA_OAEP_MGF1 ? \
+                                    2 * (PSA_ALG_RSA_GET_HASH(alg) + 1) : \
+                                    11 /*PKCS#1v1.5*/) :                \
+     0)
 
 /**
  * \brief Encrypt a short message with a public key.