From da252bed3c561fed9cbd114527b37396f23d82f5 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 5 Nov 2019 16:23:49 +0100
Subject: [PATCH] Define a constant for the maximum signature size from
 pk_sign()

Based on the buffer size used in the pk_sign sample program, this is
MBEDTLS_MPI_MAX_SIZE.
---
 include/mbedtls/pk.h      | 14 ++++++++++++--
 programs/pkey/pk_sign.c   |  2 +-
 programs/pkey/pk_verify.c |  2 +-
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index d750004d5..a51177807 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -101,6 +101,11 @@ typedef struct mbedtls_pk_rsassa_pss_options
 
 } mbedtls_pk_rsassa_pss_options;
 
+/**
+ * \brief           Maximum size of a signature made by mbedtls_pk_sign().
+ */
+#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+
 /**
  * \brief           Types for interfacing with the debug module
  */
@@ -442,8 +447,13 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
  * \param md_alg    Hash algorithm used (see notes)
  * \param hash      Hash of the message to sign
  * \param hash_len  Hash length or 0 (see notes)
- * \param sig       Place to write the signature
- * \param sig_len   Number of bytes written
+ * \param sig       Place to write the signature.
+ *                  It must have enough room for the signature.
+ *                  #MBEDTLS_PK_SIGNATURE_MAX_SIZE is always enough.
+ *                  You may use a smaller buffer if it is large enough
+ *                  given the key type.
+ * \param sig_len   On successful return,
+ *                  the number of bytes written to \p sig.
  * \param f_rng     RNG function
  * \param p_rng     RNG parameter
  *
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 47a098a1a..79fb27376 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -70,7 +70,7 @@ int main( int argc, char *argv[] )
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
     unsigned char hash[32];
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
     char filename[512];
     const char *pers = "mbedtls_pk_sign";
     size_t olen = 0;
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index a6bfe3f29..72caf7139 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -65,7 +65,7 @@ int main( int argc, char *argv[] )
     size_t i;
     mbedtls_pk_context pk;
     unsigned char hash[32];
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
     char filename[512];
 
     mbedtls_pk_init( &pk );