In the EVP_DigestSignFinal API, "before the call the siglen parameter should contain the length of the sig buffer".
Signed-off-by: Juliusz Sosinowicz <juli...@wolfssl.com> --- src/openvpn/crypto_openssl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 49698e4b3..4486d246d 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -1195,7 +1195,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, EVP_MD_CTX ctx, ctx_tmp, ctx_init; EVP_PKEY *mac_key; unsigned char A1[EVP_MAX_MD_SIZE]; - size_t A1_len; + size_t A1_len = EVP_MAX_MD_SIZE; int ret = false; chunk = EVP_MD_size(md); @@ -1249,6 +1249,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, if (olen > chunk) { + j = olen; if (!EVP_DigestSignFinal(&ctx, out, &j)) { goto err; @@ -1263,6 +1264,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec, } else { + A1_len = EVP_MAX_MD_SIZE; /* last one */ if (!EVP_DigestSignFinal(&ctx, A1, &A1_len)) { -- 2.25.1 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel