From e9599796210c734021c1c32dbb25778ce0b885c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Mon, 10 Nov 2014 13:43:55 +0100
Subject: [PATCH] Fix ECDSA sign buffer size

---
 ChangeLog       | 2 ++
 library/ecdsa.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index bc0bbd0f8..d3b7124b4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,8 @@ Bugfix
    * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found
      by Julian Ospald).
    * Fix potential undefined behaviour in Camellia.
+   * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
+     multiple of 8 (found by Gergely Budai).
 
 Changes
    * Use deterministic nonces for AEAD ciphers in TLS by default (possible to
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 5af7f6b53..e9880efd2 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -333,7 +333,7 @@ cleanup:
 #if POLARSSL_ECP_MAX_BYTES > 124
 #error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix MAX_SIG_LEN"
 #endif
-#define MAX_SIG_LEN ( 3 + 2 * ( 2 + POLARSSL_ECP_MAX_BYTES ) )
+#define MAX_SIG_LEN ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) )
 
 /*
  * Convert a signature (given by context) to ASN.1