From 61adb6cf950b65a7bfce9a8d78a7744dfae9f978 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 11 Oct 2021 12:08:29 +0100
Subject: [PATCH] Fix a bug in signature self tests in the FIPS module

When calling EVP_PKEY_sign(), the size of the signature buffer must
be passed in *siglen.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
---
 providers/fips/self_test_kats.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 81f7226ba19..94a0cf842c0 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -446,7 +446,7 @@ static int self_test_sign(const ST_KAT_SIGN *t,
     EVP_PKEY *pkey = NULL;
     unsigned char sig[256];
     BN_CTX *bnctx = NULL;
-    size_t siglen = 0;
+    size_t siglen = sizeof(sig);
     static const unsigned char dgst[] = {
         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
-- 
2.47.2