Add output size parameter to signature functions

The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(), mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable() now take an extra parameter indicating the size of the output buffer for the signature. No change to RSA because for RSA, the output size is trivial to calculate. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-29 11:41:15 +03:00 · 2021-06-22 00:09:00 +02:00
parent 1fed4b8324
commit f00f152444
19 changed files with 131 additions and 81 deletions
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@ -184,7 +184,7 @@ int main( int argc, char *argv[] )

    if( ( ret = mbedtls_ecdsa_write_signature( &ctx_sign, MBEDTLS_MD_SHA256,
                                       hash, sizeof( hash ),
-                                       sig, &sig_len,
+                                       sig, sizeof( sig ), &sig_len,
                                       mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_ecdsa_write_signature returned %d\n", ret );
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@ -123,8 +123,9 @@ int main( int argc, char *argv[] )
        goto exit;
    }

-    if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
-                         mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+    if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0,
+                                 buf, sizeof( buf ), &olen,
+                                 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret );
        goto exit;
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@ -139,8 +139,9 @@ int main( int argc, char *argv[] )
        goto exit;
    }

-    if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0, buf, &olen,
-                         mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
+    if( ( ret = mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, 0,
+                                 buf, sizeof( buf ), &olen,
+                                 mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
    {
        mbedtls_printf( " failed\n  ! mbedtls_pk_sign returned %d\n\n", ret );
        goto exit;
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -1131,7 +1131,7 @@ static int ssl_async_resume( mbedtls_ssl_context *ssl,
            ret = mbedtls_pk_sign( key_slot->pk,
                                   ctx->md_alg,
                                   ctx->input, ctx->input_len,
-                                   output, output_len,
+                                   output, output_size, output_len,
                                   config_data->f_rng, config_data->p_rng );
            break;
        default:
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@ -1088,7 +1088,7 @@ int main( int argc, char *argv[] )
                                              curve_info->name );
            TIME_PUBLIC( title, "sign",
                    ret = mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
-                                                tmp, &sig_len, myrand, NULL ) );
+                                                tmp, sizeof( tmp ), &sig_len, myrand, NULL ) );

            mbedtls_ecdsa_free( &ecdsa );
        }
@ -1104,7 +1104,7 @@ int main( int argc, char *argv[] )

            if( mbedtls_ecdsa_genkey( &ecdsa, curve_info->grp_id, myrand, NULL ) != 0 ||
                mbedtls_ecdsa_write_signature( &ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
-                                               tmp, &sig_len, myrand, NULL ) != 0 )
+                                               tmp, sizeof( tmp ), &sig_len, myrand, NULL ) != 0 )
            {
                mbedtls_exit( 1 );
            }