commit 67d42597a96d3c5b537fe6eecd760045bce417f7
author Hanno Becker <hanno.becker@arm.com> Sat May 04 08:13:23 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Sat May 04 08:13:23 2019 +0100
tree 71839a800e4bf3b0a0ced776debded34667d8680
parent 4063ad22b39ca44e229f3499776a76cb3d6da2ae

Avoid use of large stack buffers in mbedtls_x509_write_crt_pem()

This commit rewrites mbedtls_x509write_crt_pem() to not use
a statically size stack buffer to temporarily store the DER
encoded form of the certificate to be written.

This is not necessary because the DER-to-PEM conversion
accepts overlapping input and output buffers.

library/x509write_crt.c

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index fd6b52e..3c23214 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -527,18 +527,17 @@
                                void *p_rng )
 {
     int ret;
-    unsigned char output_buf[4096];
-    size_t olen = 0;
+    size_t olen;
 
-    if( ( ret = mbedtls_x509write_crt_der( crt, output_buf, sizeof(output_buf),
+    if( ( ret = mbedtls_x509write_crt_der( crt, buf, size,
                                    f_rng, p_rng ) ) < 0 )
     {
         return( ret );
     }
 
     if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
-                                  output_buf + sizeof(output_buf) - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
+                                          buf + size - ret, ret,
+                                          buf, size, &olen ) ) != 0 )
     {
         return( ret );
     }