On Thu, 2015-07-23 at 20:33 +0000, Salz, Rich via RT wrote: > How about 256 on the stack?
Sure. -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
>From 57aa658b429b1962e2811c30e2b77edb85d134d3 Mon Sep 17 00:00:00 2001 From: David Woodhouse <david.woodho...@intel.com> Date: Fri, 24 Jul 2015 10:15:04 +0100 Subject: [PATCH] RT3955: Reduce stack usage in PKCS7_verify() and PKCS7_decrypt() Some environments, such as 32-bit UEFI, have strict limits on stack size. Using a 4KiB buffer on the stack for reading from the bio is somewhat excessive, so reduce it to 256 bytes. This might incur a slight performance penalty but it should be negligible. --- crypto/pkcs7/pk7_smime.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index e52e746..c3afc96 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -253,7 +253,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, STACK_OF(PKCS7_SIGNER_INFO) *sinfos; PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; - char buf[4096]; + char buf[256]; int i, j = 0, k, ret = 0; BIO *p7bio; BIO *tmpin, *tmpout; @@ -519,7 +519,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { BIO *tmpmem; int ret, i; - char buf[4096]; + char buf[256]; if (!p7) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER); -- 2.4.3
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev