Change size of preallocated buffer for pk_sign() calls

This commit is contained in:
k-stachowiak 2019-05-31 20:11:26 +02:00
parent 31d1432233
commit c4638cc640
3 changed files with 33 additions and 3 deletions

View file

@ -45,6 +45,16 @@
#include "mbedtls/pem.h" #include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_PEM_WRITE_C */
/*
* For the currently used signature algorithms the buffer to store any signature
* must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
*/
#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#else
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
@ -317,7 +327,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
size_t sig_oid_len = 0; size_t sig_oid_len = 0;
unsigned char *c, *c2; unsigned char *c, *c2;
unsigned char hash[64]; unsigned char hash[64];
unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char sig[SIGNATURE_MAX_SIZE];
unsigned char tmp_buf[2048]; unsigned char tmp_buf[2048];
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0; size_t len = 0;

View file

@ -49,6 +49,16 @@
#include "mbedtls/pem.h" #include "mbedtls/pem.h"
#endif #endif
/*
* For the currently used signature algorithms the buffer to store any signature
* must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
*/
#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#else
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{ {
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
@ -138,7 +148,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
size_t sig_oid_len = 0; size_t sig_oid_len = 0;
unsigned char *c, *c2; unsigned char *c, *c2;
unsigned char hash[64]; unsigned char hash[64];
unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char sig[SIGNATURE_MAX_SIZE];
unsigned char tmp_buf[2048]; unsigned char tmp_buf[2048];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0; size_t len = 0;

View file

@ -72,6 +72,16 @@ void mbedtls_param_failed( const char *failure_condition,
} }
#endif #endif
/*
* For the currently used signature algorithms the buffer to store any signature
* must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
*/
#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
#else
#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
#endif
int main( int argc, char *argv[] ) int main( int argc, char *argv[] )
{ {
FILE *f; FILE *f;
@ -81,7 +91,7 @@ int main( int argc, char *argv[] )
mbedtls_entropy_context entropy; mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[32]; unsigned char hash[32];
unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; unsigned char buf[SIGNATURE_MAX_SIZE];
char filename[512]; char filename[512];
const char *pers = "mbedtls_pk_sign"; const char *pers = "mbedtls_pk_sign";
size_t olen = 0; size_t olen = 0;