Avoid use of large stack buffers in mbedtls_x509_write_crt_pem()

This commit rewrites mbedtls_x509write_crt_pem() to not use
a statically size stack buffer to temporarily store the DER
encoded form of the certificate to be written.

This is not necessary because the DER-to-PEM conversion
accepts overlapping input and output buffers.
This commit is contained in:
Hanno Becker 2019-05-04 08:13:23 +01:00
parent 4063ad22b3
commit 67d42597a9

View file

@ -527,18 +527,17 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt,
void *p_rng )
{
int ret;
unsigned char output_buf[4096];
size_t olen = 0;
size_t olen;
if( ( ret = mbedtls_x509write_crt_der( crt, output_buf, sizeof(output_buf),
if( ( ret = mbedtls_x509write_crt_der( crt, buf, size,
f_rng, p_rng ) ) < 0 )
{
return( ret );
}
if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
output_buf + sizeof(output_buf) - ret,
ret, buf, size, &olen ) ) != 0 )
buf + size - ret, ret,
buf, size, &olen ) ) != 0 )
{
return( ret );
}