From 45ad306fbf0b66c0396d0be442c620293c63c531 Mon Sep 17 00:00:00 2001
From: Yanray Wang <yanray.wang@arm.com>
Date: Fri, 11 Aug 2023 15:03:51 +0800
Subject: [PATCH] pkwrite.c: save stack usage for pk_write_pubkey_pem

mbedtls_pk_write_pubkey_pem would allocate 2086 bytes in writing a DER
encoded RSA public key. To save stack usage significantly, we use
heap memory instead.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
---
 library/pkwrite.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/library/pkwrite.c b/library/pkwrite.c
index 439428cff..511e22251 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -759,20 +759,27 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
 int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char output_buf[PUB_DER_MAX_BYTES];
+    unsigned char *output_buf = NULL;
+    output_buf = calloc(1, PUB_DER_MAX_BYTES);
+    if (output_buf == NULL) {
+        return MBEDTLS_ERR_PK_ALLOC_FAILED;
+    }
     size_t olen = 0;
 
     if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf,
-                                           sizeof(output_buf))) < 0) {
+                                           PUB_DER_MAX_BYTES)) < 0) {
+        free(output_buf);
         return ret;
     }
 
     if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
-                                        output_buf + sizeof(output_buf) - ret,
+                                        output_buf + PUB_DER_MAX_BYTES - ret,
                                         ret, buf, size, &olen)) != 0) {
+        free(output_buf);
         return ret;
     }
 
+    free(output_buf);
     return 0;
 }