From 16c55f99e872fe52a22336ccb4f09f35d33b2ffa Mon Sep 17 00:00:00 2001
From: Matthew Garrett <matthew.garrett@nebula.com>
Date: Thu, 3 Oct 2013 12:56:27 -0400
Subject: [PATCH] Add Tiano patch e98e59c237e17f064a4ecffb39d45499f89720a1

This is:
    Fix a bug in OpensslLib that PKCS7_verify will use over 8k stack space.

    Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
    Reviewed-by: Ye Ting  <ting.ye@intel.com>
    Reviewed-by: Dong Guo <guo.dong@intel.com>

from upstream.
---
 Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
index d6db27c..b0ff89a 100755
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
@@ -176,7 +176,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
 	PKCS7_SIGNER_INFO *si;
 	X509_STORE_CTX cert_ctx;
-	char buf[4096];
+	char *buf = NULL;
+	int bufsiz;
 	int i, j=0, k, ret = 0;
 	BIO *p7bio;
 	BIO *tmpin, *tmpout;
@@ -287,10 +288,16 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 		BIO_set_mem_eof_return(tmpout, 0);
 	} else tmpout = out;
 
+	bufsiz = 4096;
+	buf = OPENSSL_malloc (bufsiz);
+	if (buf == NULL) {
+		goto err;
+	}
+
 	/* We now have to 'read' from p7bio to calculate digests etc. */
 	for (;;)
 	{
-		i=BIO_read(p7bio,buf,sizeof(buf));
+		i=BIO_read(p7bio,buf,bufsiz);
 		if (i <= 0) break;
 		if (tmpout) BIO_write(tmpout, buf, i);
 	}
@@ -329,6 +336,10 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
 
 	sk_X509_free(signers);
 
+	if (buf != NULL) {
+		OPENSSL_free (buf);
+	}
+
 	return ret;
 }