diff options
| author | Rich Salz <rsalz@akamai.com> | 2015-09-04 08:13:19 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2015-09-05 17:40:48 -0400 |
| commit | 8e704858f21983383be2b77e986f475b51719a1e (patch) | |
| tree | 77661553cd59016b1b6b7d2e3857a6f3fc97a7bb /crypto/pkcs7 | |
| parent | ecdaa1aefd30a3624624a28139a1e78e17993725 (diff) | |
| download | openssl-8e704858f21983383be2b77e986f475b51719a1e.zip openssl-8e704858f21983383be2b77e986f475b51719a1e.tar.gz openssl-8e704858f21983383be2b77e986f475b51719a1e.tar.bz2 | |
RT3955: Reduce some stack usage
Use malloc/free instead of big onstack buffers.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'crypto/pkcs7')
| -rw-r--r-- | crypto/pkcs7/pk7_smime.c | 54 |
1 files changed, 34 insertions, 20 deletions
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 91557af..6522a51 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -64,6 +64,9 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> + +#define BUFFERSIZE 4096 + static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, @@ -113,6 +116,7 @@ int PKCS7_final(PKCS7 *p7, BIO *data, int flags) { BIO *p7bio; int ret = 0; + if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) { PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE); return 0; @@ -253,7 +257,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, STACK_OF(PKCS7_SIGNER_INFO) *sinfos; PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; - char buf[4096]; + char *buf = NULL; int i, j = 0, k, ret = 0; BIO *p7bio = NULL; BIO *tmpin = NULL, *tmpout = NULL; @@ -355,8 +359,12 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, tmpout = out; /* We now have to 'read' from p7bio to calculate digests etc. */ + if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } for (;;) { - i = BIO_read(p7bio, buf, sizeof(buf)); + i = BIO_read(p7bio, buf, BUFFERSIZE); if (i <= 0) break; if (tmpout) @@ -387,6 +395,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, ret = 1; err: + OPENSSL_free(buf); if (tmpin == indata) { if (indata) BIO_pop(p7bio); @@ -505,7 +514,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { BIO *tmpmem; int ret, i; - char buf[4096]; + char *buf = NULL; if (!p7) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER); @@ -549,24 +558,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) } BIO_free_all(bread); return ret; - } else { - for (;;) { - i = BIO_read(tmpmem, buf, sizeof(buf)); - if (i <= 0) { - ret = 1; - if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { - if (!BIO_get_cipher_status(tmpmem)) - ret = 0; - } - - break; - } - if (BIO_write(data, buf, i) != i) { - ret = 0; - break; + } + if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + for (;;) { + i = BIO_read(tmpmem, buf, BUFFERSIZE); + if (i <= 0) { + ret = 1; + if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { + if (!BIO_get_cipher_status(tmpmem)) + ret = 0; } + + break; + } + if (BIO_write(data, buf, i) != i) { + ret = 0; + break; } - BIO_free_all(tmpmem); - return ret; } +err: + OPENSSL_free(buf); + BIO_free_all(tmpmem); + return ret; } |