Fix MAX_CONTEXT_SIZE stack buffer in CSR PEM conversion using heap allocation for small stack builds

jackctj117 · jackctj117 · commit 2d68f820a5d1 · 2026-02-24T13:03:00.000-07:00
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -7482,15 +7482,28 @@ static int CSR_MakeAndSign(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr, CSRKey* key,
     /* Optionally convert to PEM */
     if (rc >= 0 && outFormat == ENCODING_TYPE_PEM) {
     #ifdef WOLFSSL_DER_TO_PEM
+    #ifdef WOLFTPM_SMALL_STACK
+        byte* tmp = (byte*)XMALLOC(rc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmp == NULL) {
+            rc = MEMORY_E;
+        }
+        else
+    #else
         byte tmp[MAX_CONTEXT_SIZE];
         if (rc > (int)sizeof(tmp)) {
             rc = BUFFER_E;
         }
-        else {
-            XMEMCPY(tmp, out, rc);
+        else
+    #endif
+        {
+            int derSz = rc;
+            XMEMCPY(tmp, out, derSz);
             XMEMSET(out, 0, outSz);
-            rc = wc_DerToPem(tmp, (word32)rc, out, outSz,
+            rc = wc_DerToPem(tmp, (word32)derSz, out, outSz,
                 selfSignCert ? CERT_TYPE : CERTREQ_TYPE);
+        #ifdef WOLFTPM_SMALL_STACK
+            XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
         }
     #else
         #ifdef DEBUG_WOLFTPM
@@ -7622,15 +7635,28 @@ static int CSR_MakeAndSign_Cb(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr,
     /* Optionally convert to PEM */
     if (rc >= 0 && outFormat == ENCODING_TYPE_PEM) {
 #ifdef WOLFSSL_DER_TO_PEM
+    #ifdef WOLFTPM_SMALL_STACK
+        byte* tmp = (byte*)XMALLOC(rc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (tmp == NULL) {
+            rc = MEMORY_E;
+        }
+        else
+    #else
         byte tmp[MAX_CONTEXT_SIZE];
         if (rc > (int)sizeof(tmp)) {
             rc = BUFFER_E;
         }
-        else {
-            XMEMCPY(tmp, out, rc);
+        else
+    #endif
+        {
+            int derSz = rc;
+            XMEMCPY(tmp, out, derSz);
             XMEMSET(out, 0, outSz);
-            rc = wc_DerToPem(tmp, (word32)rc, out, outSz,
+            rc = wc_DerToPem(tmp, (word32)derSz, out, outSz,
                 selfSignCert ? CERT_TYPE : CERTREQ_TYPE);
+        #ifdef WOLFTPM_SMALL_STACK
+            XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
         }
 #else
         #ifdef DEBUG_WOLFTPM
