On Thu, 2015-07-23 at 20:33 +0000, Salz, Rich via RT wrote: > How about 256 on the stack?
Sure. -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
>From 57aa658b429b1962e2811c30e2b77edb85d134d3 Mon Sep 17 00:00:00 2001
From: David Woodhouse <david.woodho...@intel.com>
Date: Fri, 24 Jul 2015 10:15:04 +0100
Subject: [PATCH] RT3955: Reduce stack usage in PKCS7_verify() and
PKCS7_decrypt()
Some environments, such as 32-bit UEFI, have strict limits on stack size.
Using a 4KiB buffer on the stack for reading from the bio is somewhat
excessive, so reduce it to 256 bytes. This might incur a slight performance
penalty but it should be negligible.
---
crypto/pkcs7/pk7_smime.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index e52e746..c3afc96 100644
--- a/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
@@ -253,7 +253,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
PKCS7_SIGNER_INFO *si;
X509_STORE_CTX cert_ctx;
- char buf[4096];
+ char buf[256];
int i, j = 0, k, ret = 0;
BIO *p7bio;
BIO *tmpin, *tmpout;
@@ -519,7 +519,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
{
BIO *tmpmem;
int ret, i;
- char buf[4096];
+ char buf[256];
if (!p7) {
PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
--
2.4.3
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
