From 949094cfbc3e7a583ce94dfb36c0dd7d32093bc6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?=
 <moisesguimaraesm@gmail.com>
Date: Sat, 18 Oct 2014 14:38:57 -0300
Subject: [PATCH] internal.c: refactoring DoCertificateVerify to reduce stack
 usage: --- variable encodedSig moved to the heap (512 bytes saved)

---
 src/internal.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/internal.c b/src/internal.c
index c48fb26a9..81e3ed203 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -12333,12 +12333,23 @@ int DoSessionTicket(CYASSL* ssl,
             }
 
             if (IsAtLeastTLSv1_2(ssl)) {
+#ifdef CYASSL_SMALL_STACK
+                byte*  encodedSig = NULL;
+#else
                 byte   encodedSig[MAX_ENCODED_SIG_SZ];
+#endif
                 word32 sigSz;
                 byte*  digest = ssl->certHashes.sha;
                 int    typeH = SHAh;
                 int    digestSz = SHA_DIGEST_SIZE;
 
+#ifdef CYASSL_SMALL_STACK
+                encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
+                                                       DYNAMIC_TYPE_TMP_BUFFER);
+                if (encodedSig == NULL)
+                    return MEMORY_E;
+#endif
+
                 if (sigAlgo != rsa_sa_algo) {
                     CYASSL_MSG("Oops, peer sent RSA key but not in verify");
                 }
@@ -12363,6 +12374,10 @@ int DoSessionTicket(CYASSL* ssl,
                 if (outLen == (int)sigSz && out && XMEMCMP(out, encodedSig,
                                            min(sigSz, MAX_ENCODED_SIG_SZ)) == 0)
                     ret = 0; /* verified */
+
+#ifdef CYASSL_SMALL_STACK
+                XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
             }
             else {
                 if (outLen == FINISHED_SZ && out && XMEMCMP(out,