Merge pull request #2923 from Patater/reduce-ram-pem-csr
x509write_csr: Reduce stack usage of mbedtls_x509write_csr_pem()
diff --git a/crypto b/crypto
index 3cdb3da..0b3dd8d 160000
--- a/crypto
+++ b/crypto
@@ -1 +1 @@
-Subproject commit 3cdb3da3a0c1631e14434a219dfa787513a915a7
+Subproject commit 0b3dd8d0249adb54abc7ad46303f3c22e44aefb7
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 03fb3fd..0a2357a 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -45,16 +45,6 @@
#include "mbedtls/pem.h"
#endif /* MBEDTLS_PEM_WRITE_C */
-/*
- * For the currently used signature algorithms the buffer to store any signature
- * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
- */
-#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
-#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
-#else
-#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
-#endif
-
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
@@ -347,7 +337,7 @@
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
- unsigned char sig[SIGNATURE_MAX_SIZE];
+ unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index accb448..23e3f78 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -49,16 +49,6 @@
#include "mbedtls/pem.h"
#endif
-/*
- * For the currently used signature algorithms the buffer to store any signature
- * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
- */
-#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
-#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
-#else
-#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
-#endif
-
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
{
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
@@ -148,7 +138,7 @@
size_t sig_oid_len = 0;
unsigned char *c, *c2;
unsigned char hash[64];
- unsigned char sig[SIGNATURE_MAX_SIZE];
+ unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
unsigned char tmp_buf[2048];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index bdedca4..a354e5b 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -60,17 +60,6 @@
#include <stdio.h>
#include <string.h>
-
-/*
- * For the currently used signature algorithms the buffer to store any signature
- * must be at least of size MAX(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)
- */
-#if MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_MPI_MAX_SIZE
-#define SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
-#else
-#define SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
-#endif
-
int main( int argc, char *argv[] )
{
FILE *f;
@@ -80,7 +69,7 @@
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char hash[32];
- unsigned char buf[SIGNATURE_MAX_SIZE];
+ unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
char filename[512];
const char *pers = "mbedtls_pk_sign";
size_t olen = 0;
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index a6bfe3f..72caf71 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -65,7 +65,7 @@
size_t i;
mbedtls_pk_context pk;
unsigned char hash[32];
- unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
char filename[512];
mbedtls_pk_init( &pk );
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index cd0eca7..e76b9d4 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -649,23 +649,6 @@
#### Build and test many configurations and targets
################################################################
-component_test_large_ecdsa_key_signature () {
-
- SMALL_MPI_MAX_SIZE=136 # Small enough to interfere with the EC signatures
-
- msg "build: cmake + MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE}, gcc, ASan" # ~ 1 min 50s
- scripts/config.py set MBEDTLS_MPI_MAX_SIZE $SMALL_MPI_MAX_SIZE
- CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- make
-
- INEVITABLY_PRESENT_FILE=Makefile
- SIGNATURE_FILE="${INEVITABLY_PRESENT_FILE}.sig" # Warning, this is rm -f'ed below
-
- msg "test: pk_sign secp521r1_prv.der for MBEDTLS_MPI_MAX_SIZE=${SMALL_MPI_MAX_SIZE} (ASan build)" # ~ 5s
- if_build_succeeded programs/pkey/pk_sign tests/data_files/secp521r1_prv.der $INEVITABLY_PRESENT_FILE
- rm -f $SIGNATURE_FILE
-}
-
component_test_default_out_of_box () {
msg "build: make, default config (out-of-box)" # ~1min
make