Merge branch 'mbedtls-2.16' into baremetal-2.16-20190909

* mbedtls-2.16: (28 commits)
  Bump version to Mbed TLS 2.16.3
  Changelog entry
  Check for zero length and NULL buffer pointer
  ssl-opt.sh: wait for proxy to start before running the script further
  Fix uninitialized variable in x509_crt
  HMAC DRBG: Split entropy-gathering requests to reduce request sizes
  Fix the license header of hkdf
  Add a change log entry
  Add a test for mlaformed ECJPAKE context
  Fix handling of md failure
  Add a test for signing content with a long ECDSA key
  Add documentation notes about the required size of the signature buffers
  Add missing MBEDTLS_ECP_C dependencies in check_config.h
  Change size of preallocated buffer for pk_sign() calls
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
  Add ChangeLog entry for new function
  Add ChangeLog entry
  Correct deterministic ECDSA behavior
  Add warning for alternative ECDSA implementations
  ...

programs/pkey/pk_sign.c

@@ -61,6 +61,16 @@ int main( void )
 #include <string.h>
 
 
+/*
+ * For the currently used signature algorithms the buffer to store any signature
+ * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
+ */
+#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
+#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
+#else
+#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#endif
+
 int main( int argc, char *argv[] )
 {
     FILE *f;
@@ -70,7 +80,7 @@ int main( int argc, char *argv[] )
     mbedtls_entropy_context entropy;
     mbedtls_ctr_drbg_context ctr_drbg;
     unsigned char hash[32];
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+    unsigned char buf[SIGNATURE_MAX_SIZE];
     char filename[512];
     const char *pers = "mbedtls_pk_sign";
     size_t olen = 0;