From 3db449d7369368f50d10f49ee1b73b263183a759 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 7 Jun 2019 16:05:10 -0700
Subject: [PATCH] Public key authentication 1. Remove a forced test value for a
 sigSz in PrepareUserAuthRequestEcc. 2. When building the
 PrepareUserAuthRequest message for ECC user public keys, the temporary buffer
 for the signature should be the size of a signature for prime256 signatures,
 not 512 bytes.

---
 src/internal.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 865e200..b38eddf 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6918,7 +6918,6 @@ static int PrepareUserAuthRequestEcc(WOLFSSH* ssh, word32* payloadSz,
     if (ret == WS_SUCCESS) {
         if (authData->sf.publicKey.hasSignature) {
             int sigSz = wc_ecc_sig_size(&keySig->ks.ecc.key);
-            sigSz = 64;
 
             if (sigSz >= 0) {
                 *payloadSz += (LENGTH_SZ * 5) + (word32)sigSz +
@@ -6949,7 +6948,7 @@ static int BuildUserAuthRequestEcc(WOLFSSH* ssh,
     int ret = WS_SUCCESS;
     byte* r;
     byte* s;
-    byte sig[512];
+    byte sig[72]; /* wc_ecc_sig_size() for a prime256 key. */
     word32 sigSz = sizeof(sig), rSz, sSz;
 
     if (ssh == NULL || output == NULL || idx == NULL || authData == NULL ||