From bf88780e64945b568d98591159da2b8604444d73 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Nov 2019 19:21:51 +0100 Subject: [PATCH] Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in X.509 Use the constant that is now provided by the crypto submodule instead of rolling our own definition which is not correct in all cases. --- library/x509write_crt.c | 12 +----------- library/x509write_csr.c | 12 +----------- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 03fb3fd94..0a2357a58 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -45,16 +45,6 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -/* - * For the currently used signature algorithms the buffer to store any signature - * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE) - */ -#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE -#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN -#else -#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE -#endif - void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); @@ -347,7 +337,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, size_t sig_oid_len = 0; unsigned char *c, *c2; unsigned char hash[64]; - unsigned char sig[SIGNATURE_MAX_SIZE]; + unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 0d62d1d48..ffbf436ab 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -49,16 +49,6 @@ #include "mbedtls/pem.h" #endif -/* - * For the currently used signature algorithms the buffer to store any signature - * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE) - */ -#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE -#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN -#else -#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE -#endif - void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); @@ -148,7 +138,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s size_t sig_oid_len = 0; unsigned char *c, *c2; unsigned char hash[64]; - unsigned char sig[SIGNATURE_MAX_SIZE]; + unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char tmp_buf[2048]; size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0;