fix typo

miyazakh · miyazakh · commit e04fe0c34720 · 2026-04-10T15:26:16.000+09:00
diff --git a/doc/dox_comments/header_files/signature.h b/doc/dox_comments/header_files/signature.h
@@ -15,10 +15,13 @@
     WC_SIGNATURE_TYPE_RSA / WC_SIGNATURE_TYPE_RSA_W_ENC.
     The caller is responsible for ensuring the pointer refers to the correct
     type; this function cannot verify the actual runtime type of the object.
-    \param key_len If key is non-NULL, key_len Must be exactly sizeof(ecc_key)
+    \param key_len If key is non-NULL, key_len must be exactly sizeof(ecc_key)
     or sizeof(RsaKey) matching the sig_type. Passing any other value
     causes the function to return BAD_FUNC_ARG without dereferencing key.
-    The conventional idiom is to pass sizeof(*key) at the call site.
+    Always pass the size of the concrete key type at the call site: if you
+    have a typed pointer (e.g., ecc_key* k), use sizeof(*k); otherwise use
+    sizeof(ecc_key) or sizeof(RsaKey) directly.  Do not use sizeof(*key)
+    on the const void* parameter itself, as dereferencing void is invalid.
 
     _Example_
     \code
diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c
@@ -98,7 +98,7 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
              * the const void* API cannot verify the actual runtime
              * type of the pointed-to object.
              * Callers must pass a valid ecc_key* cast to const void*. */
-            if (key_len == sizeof(ecc_key)) {
+            if ((size_t)key_len == sizeof(ecc_key)) {
 #if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0))
                 sig_len = wc_ecc_sig_size((ecc_key*)(wc_ptr_t)key);
 #else
@@ -119,7 +119,7 @@ int wc_SignatureGetSize(enum wc_SignatureType sig_type,
             /* Verify that key_len matches exactly sizeof(RsaKey).
              * Same caveat as the ECC case above: size equality is necessary
              * but not sufficient; the caller must pass a valid RsaKey*. */
-            if (key_len == sizeof(RsaKey)) {
+            if ((size_t)key_len == sizeof(RsaKey)) {
 #if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0))
                 sig_len = wc_RsaEncryptSize((RsaKey*)(wc_ptr_t)key);
 #else
