Fix output size calculations in cipher tests

Some calls to psa_cipher_finish or psa_cipher_update append to a
buffer. Several of these calls were not calculating the offset into
the buffer or the remaining buffer size correctly.

This did not lead to buffer overflows before because the buffer sizes
were sufficiently large for our test inputs. This did not lead to
incorrect output when the test was designed to append but actually
wrote too early because all the existing test cases either have no
output from finish (stream cipher) or have no output from update (CBC,
with less than one block of input).

Author: gilles-peskine-arm

tests/suites/test_suite_psa_crypto.function

@@ -2415,8 +2415,8 @@ void cipher_encrypt( int alg_arg, int key_type_arg,
                                    &function_output_length ) );
     total_output_length += function_output_length;
     status = psa_cipher_finish( &operation,
-                                output + function_output_length,
-                                output_buffer_size,
+                                output + total_output_length,
+                                output_buffer_size - total_output_length,
                                 &function_output_length );
     total_output_length += function_output_length;
 
@@ -2483,12 +2483,13 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
     PSA_ASSERT( psa_cipher_update( &operation,
                                    input->x + first_part_size,
                                    input->len - first_part_size,
-                                   output, output_buffer_size,
+                                   output + total_output_length,
+                                   output_buffer_size - total_output_length,
                                    &function_output_length ) );
     total_output_length += function_output_length;
     PSA_ASSERT( psa_cipher_finish( &operation,
-                                   output + function_output_length,
-                                   output_buffer_size,
+                                   output + total_output_length,
+                                   output_buffer_size - total_output_length,
                                    &function_output_length ) );
     total_output_length += function_output_length;
     PSA_ASSERT( psa_cipher_abort( &operation ) );
@@ -2554,12 +2555,13 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
     PSA_ASSERT( psa_cipher_update( &operation,
                                    input->x + first_part_size,
                                    input->len - first_part_size,
-                                   output, output_buffer_size,
+                                   output + total_output_length,
+                                   output_buffer_size - total_output_length,
                                    &function_output_length ) );
     total_output_length += function_output_length;
     PSA_ASSERT( psa_cipher_finish( &operation,
-                                   output + function_output_length,
-                                   output_buffer_size,
+                                   output + total_output_length,
+                                   output_buffer_size - total_output_length,
                                    &function_output_length ) );
     total_output_length += function_output_length;
     PSA_ASSERT( psa_cipher_abort( &operation ) );
@@ -2622,8 +2624,8 @@ void cipher_decrypt( int alg_arg, int key_type_arg,
                                    &function_output_length ) );
     total_output_length += function_output_length;
     status = psa_cipher_finish( &operation,
-                                output + function_output_length,
-                                output_buffer_size,
+                                output + total_output_length,
+                                output_buffer_size - total_output_length,
                                 &function_output_length );
     total_output_length += function_output_length;
     TEST_EQUAL( status, expected_status );
@@ -2689,7 +2691,8 @@ void cipher_verify_output( int alg_arg, int key_type_arg,
                                    output1, output1_size,
                                    &output1_length ) );
     PSA_ASSERT( psa_cipher_finish( &operation1,
-                                   output1 + output1_length, output1_size,
+                                   output1 + output1_length,
+                                   output1_size - output1_length,
                                    &function_output_length ) );
 
     output1_length += function_output_length;
@@ -2707,7 +2710,7 @@ void cipher_verify_output( int alg_arg, int key_type_arg,
     function_output_length = 0;
     PSA_ASSERT( psa_cipher_finish( &operation2,
                                    output2 + output2_length,
-                                   output2_size,
+                                   output2_size - output2_length,
                                    &function_output_length ) );
 
     output2_length += function_output_length;