internal.c: refactoring DoServerKeyExchange to reduce stack usage:

--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
--- variable sha256 moved to the heap (sizeof(Sha256) saved)
--- variable sha384 moved to the heap (sizeof(Sha384) saved)

src/internal.c

@@ -9687,22 +9687,35 @@ static void PickHashSigAlgo(CYASSL* ssl,
         ssl->specs.kea == diffie_hellman_kea)
     {
 #ifndef NO_OLD_TLS
-        Md5    md5;
+#ifdef CYASSL_SMALL_STACK
-        Sha    sha;
+        Md5*    md5;
+        Sha*    sha;
+#else
+        Md5     md5[0];
+        Sha     sha[0];
+#endif
 #endif
 #ifndef NO_SHA256
-        Sha256 sha256;
+#ifdef CYASSL_SMALL_STACK
-        byte hash256[SHA256_DIGEST_SIZE];
+        Sha256* sha256;
+#else
+        Sha256  sha256[0];
+#endif
+        byte    hash256[SHA256_DIGEST_SIZE];
 #endif
 #ifdef CYASSL_SHA384
-        Sha384 sha384;
+#ifdef CYASSL_SMALL_STACK
-        byte hash384[SHA384_DIGEST_SIZE];
+        Sha384* sha384;
+#else
+        Sha384  sha384[0];
 #endif
-        byte   hash[FINISHED_SZ];
+        byte    hash384[SHA384_DIGEST_SIZE];
-        byte   messageVerify[MAX_DH_SZ];
+#endif
-        byte   hashAlgo = sha_mac;
+        byte    hash[FINISHED_SZ];
-        byte   sigAlgo  = ssl->specs.sig_algo;
+        byte    messageVerify[MAX_DH_SZ];
-        word16 verifySz = (word16) (*inOutIdx - begin);
+        byte    hashAlgo = sha_mac;
+        byte    sigAlgo  = ssl->specs.sig_algo;
+        word16  verifySz = (word16) (*inOutIdx - begin);
 
         /* save message for hash verify */
         if (verifySz > sizeof(messageVerify))
@@ -9733,54 +9746,76 @@ static void PickHashSigAlgo(CYASSL* ssl,
         /* verify signature */
 #ifndef NO_OLD_TLS
         /* md5 */
-        InitMd5(&md5);
+    #ifdef CYASSL_SMALL_STACK
-        Md5Update(&md5, ssl->arrays->clientRandom, RAN_LEN);
+        md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        Md5Update(&md5, ssl->arrays->serverRandom, RAN_LEN);
+        if (md5 == NULL)
-        Md5Update(&md5, messageVerify, verifySz);
+            return MEMORY_E;
-        Md5Final(&md5, hash);
+    #endif
+        InitMd5(md5);
+        Md5Update(md5, ssl->arrays->clientRandom, RAN_LEN);
+        Md5Update(md5, ssl->arrays->serverRandom, RAN_LEN);
+        Md5Update(md5, messageVerify, verifySz);
+        Md5Final(md5, hash);
+    #ifdef CYASSL_SMALL_STACK
+        XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
 
         /* sha */
-        ret = InitSha(&sha);
+    #ifdef CYASSL_SMALL_STACK
-        if (ret != 0)
+        sha = (Sha*)XMALLOC(sizeof(Sha), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (sha == NULL)
+            return MEMORY_E;
+    #endif
+        ret = InitSha(sha);
+        if (ret != 0) {
+        #ifdef CYASSL_SMALL_STACK
+            XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        #endif
             return ret;
-        ShaUpdate(&sha, ssl->arrays->clientRandom, RAN_LEN);
+        }
-        ShaUpdate(&sha, ssl->arrays->serverRandom, RAN_LEN);
+        ShaUpdate(sha, ssl->arrays->clientRandom, RAN_LEN);
-        ShaUpdate(&sha, messageVerify, verifySz);
+        ShaUpdate(sha, ssl->arrays->serverRandom, RAN_LEN);
-        ShaFinal(&sha, hash + MD5_DIGEST_SIZE);
+        ShaUpdate(sha, messageVerify, verifySz);
+        ShaFinal(sha, hash + MD5_DIGEST_SIZE);
+    #ifdef CYASSL_SMALL_STACK
+        XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
 #endif
 
 #ifndef NO_SHA256
-        ret = InitSha256(&sha256);
+    #ifdef CYASSL_SMALL_STACK
-        if (ret != 0)
+        sha256 = (Sha256*)XMALLOC(sizeof(Sha256), NULL,
-            return ret;
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
-        ret = Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN);
+        if (sha256 == NULL)
-        if (ret != 0)
+            return MEMORY_E;
-            return ret;
+    #endif
-        ret = Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN);
+        if (!(ret = InitSha256(sha256))
-        if (ret != 0)
+        &&  !(ret = Sha256Update(sha256, ssl->arrays->clientRandom, RAN_LEN))
-            return ret;
+        &&  !(ret = Sha256Update(sha256, ssl->arrays->serverRandom, RAN_LEN))
-        ret = Sha256Update(&sha256, messageVerify, verifySz);
+        &&  !(ret = Sha256Update(sha256, messageVerify, verifySz)))
-        if (ret != 0)
+              ret = Sha256Final(sha256, hash256);
-            return ret;
+    #ifdef CYASSL_SMALL_STACK
-        ret = Sha256Final(&sha256, hash256);
+        XFREE(sha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
         if (ret != 0)
             return ret;
 #endif
 
 #ifdef CYASSL_SHA384
-        ret = InitSha384(&sha384);
+    #ifdef CYASSL_SMALL_STACK
-        if (ret != 0)
+        sha384 = (Sha384*)XMALLOC(sizeof(Sha384), NULL,
-            return ret;
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
-        ret = Sha384Update(&sha384, ssl->arrays->clientRandom, RAN_LEN);
+        if (sha384 == NULL)
-        if (ret != 0)
+            return MEMORY_E;
-            return ret;
+    #endif
-        ret = Sha384Update(&sha384, ssl->arrays->serverRandom, RAN_LEN);
+        if (!(ret = InitSha384(sha384))
-        if (ret != 0)
+        &&  !(ret = Sha384Update(sha384, ssl->arrays->clientRandom, RAN_LEN))
-            return ret;
+        &&  !(ret = Sha384Update(sha384, ssl->arrays->serverRandom, RAN_LEN))
-        ret = Sha384Update(&sha384, messageVerify, verifySz);
+        &&  !(ret = Sha384Update(sha384, messageVerify, verifySz)))
-        if (ret != 0)
+              ret = Sha384Final(sha384, hash384);
-            return ret;
+    #ifdef CYASSL_SMALL_STACK
-        ret = Sha384Final(&sha384, hash384);
+        XFREE(sha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
         if (ret != 0)
             return ret;
 #endif