Make a helpful constant public
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 57f9b48..b0a5483 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -30,6 +30,25 @@
#include "md.h"
#endif
+/*
+ * RFC 4492 page 20:
+ *
+ * Ecdsa-Sig-Value ::= SEQUENCE {
+ * r INTEGER,
+ * s INTEGER
+ * }
+ *
+ * Size is at most
+ * 1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
+ * twice that + 1 (tag) + 2 (len) for the sequence
+ * (assuming ECP_MAX_BYTES is less than 126 for r and s,
+ * and less than 124 (total len <= 255) for the sequence)
+ */
+#if POLARSSL_ECP_MAX_BYTES > 124
+#error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix POLARSSL_ECDSA_MAX_LEN"
+#endif
+#define POLARSSL_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) )
+
/**
* \brief ECDSA context structure
*
@@ -124,7 +143,7 @@
*
* \note The "sig" buffer must be at least as large as twice the
* size of the curve used, plus 7 (eg. 71 bytes if a 256-bit
- * curve is used).
+ * curve is used). POLARSSL_ECDSA_MAX_LEN is always safe.
*
* \return 0 if successful,
* or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or
diff --git a/library/ecdsa.c b/library/ecdsa.c
index dfc2570..006413c 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -282,32 +282,13 @@
}
/*
- * RFC 4492 page 20:
- *
- * Ecdsa-Sig-Value ::= SEQUENCE {
- * r INTEGER,
- * s INTEGER
- * }
- *
- * Size is at most
- * 1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
- * twice that + 1 (tag) + 2 (len) for the sequence
- * (assuming ECP_MAX_BYTES is less than 126 for r and s,
- * and less than 124 (total len <= 255) for the sequence)
- */
-#if POLARSSL_ECP_MAX_BYTES > 124
-#error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix MAX_SIG_LEN"
-#endif
-#define MAX_SIG_LEN ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) )
-
-/*
* Convert a signature (given by context) to ASN.1
*/
static int ecdsa_signature_to_asn1( ecdsa_context *ctx,
unsigned char *sig, size_t *slen )
{
int ret;
- unsigned char buf[MAX_SIG_LEN];
+ unsigned char buf[POLARSSL_ECDSA_MAX_LEN];
unsigned char *p = buf + sizeof( buf );
size_t len = 0;