Add documentation notes about the required size of the signature buffers

This commit is contained in:
k-stachowiak 2019-05-31 20:16:50 +02:00
parent c775ee1cfe
commit 4e36da32b3
2 changed files with 14 additions and 3 deletions

View File

@ -416,6 +416,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
* *
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
*
* \note In order to ensure enough space for the signature, the
* \p sig buffer size must be of at least
* `max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)` bytes.
*/ */
int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hash_len, const unsigned char *hash, size_t hash_len,
@ -430,6 +434,10 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
* \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC * \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
* operations. For RSA, same as \c mbedtls_pk_sign(). * operations. For RSA, same as \c mbedtls_pk_sign().
* *
* \note In order to ensure enough space for the signature, the
* \p sig buffer size must be of at least
* `max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)` bytes.
*
* \param ctx The PK context to use. It must have been set up * \param ctx The PK context to use. It must have been set up
* with a private key. * with a private key.
* \param md_alg Hash algorithm used (see notes) * \param md_alg Hash algorithm used (see notes)

View File

@ -904,7 +904,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
* the size of the hash corresponding to \p md_alg. * the size of the hash corresponding to \p md_alg.
* \param sig The buffer to hold the signature. This must be a writable * \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. * for an 2048-bit RSA modulus. A buffer length of
* #MBEDTLS_MPI_MAX_SIZE is always safe.
* *
* \return \c 0 if the signing operation was successful. * \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@ -951,7 +952,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
* the size of the hash corresponding to \p md_alg. * the size of the hash corresponding to \p md_alg.
* \param sig The buffer to hold the signature. This must be a writable * \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. * for an 2048-bit RSA modulus. A buffer length of
* #MBEDTLS_MPI_MAX_SIZE is always safe.
* *
* \return \c 0 if the signing operation was successful. * \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@ -1012,7 +1014,8 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
* the size of the hash corresponding to \p md_alg. * the size of the hash corresponding to \p md_alg.
* \param sig The buffer to hold the signature. This must be a writable * \param sig The buffer to hold the signature. This must be a writable
* buffer of length \c ctx->len Bytes. For example, \c 256 Bytes * buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus. * for an 2048-bit RSA modulus. A buffer length of
* #MBEDTLS_MPI_MAX_SIZE is always safe.
* *
* \return \c 0 if the signing operation was successful. * \return \c 0 if the signing operation was successful.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.