Add output size parameter to signature functions

The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(), mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable() now take an extra parameter indicating the size of the output buffer for the signature. No change to RSA because for RSA, the output size is trivial to calculate. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 00:09:00 +02:00 · 2021-06-22 00:09:00 +02:00 · f00f152444
commit f00f152444
parent 1fed4b8324
19 changed files with 131 additions and 81 deletions
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -2922,6 +2922,12 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl,
    (void) signature_len;
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */

+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+    size_t out_buf_len = ssl->out_buf_len - ( ssl->out_msg - ssl->out_buf );
+#else
+    size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN - ( ssl->out_msg - ssl->out_buf );
+#endif
+
    ssl->out_msglen = 4; /* header (type:1, length:3) to be written later */

    /*
@ -3224,6 +3230,7 @@ curve_matching_done:
        if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ),
                                     md_alg, hash, hashlen,
                                     ssl->out_msg + ssl->out_msglen + 2,
+                                     out_buf_len - ssl->out_msglen - 2,
                                     signature_len,
                                     ssl->conf->f_rng,
                                     ssl->conf->p_rng ) ) != 0 )