From 67d42597a96d3c5b537fe6eecd760045bce417f7 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Sat, 4 May 2019 08:13:23 +0100
Subject: [PATCH] Avoid use of large stack buffers in
 mbedtls_x509_write_crt_pem()

This commit rewrites mbedtls_x509write_crt_pem() to not use
a statically size stack buffer to temporarily store the DER
encoded form of the certificate to be written.

This is not necessary because the DER-to-PEM conversion
accepts overlapping input and output buffers.
---
 library/x509write_crt.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index fd6b52e2c..3c2321403 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -527,18 +527,17 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt,
                                void *p_rng )
 {
     int ret;
-    unsigned char output_buf[4096];
-    size_t olen = 0;
+    size_t olen;
 
-    if( ( ret = mbedtls_x509write_crt_der( crt, output_buf, sizeof(output_buf),
+    if( ( ret = mbedtls_x509write_crt_der( crt, buf, size,
                                    f_rng, p_rng ) ) < 0 )
     {
         return( ret );
     }
 
     if( ( ret = mbedtls_pem_write_buffer( PEM_BEGIN_CRT, PEM_END_CRT,
-                                  output_buf + sizeof(output_buf) - ret,
-                                  ret, buf, size, &olen ) ) != 0 )
+                                          buf + size - ret, ret,
+                                          buf, size, &olen ) ) != 0 )
     {
         return( ret );
     }