In the EVP_DigestSignFinal API, "before the call the siglen parameter should
contain the length of the sig buffer".
Signed-off-by: Juliusz Sosinowicz <juli...@wolfssl.com>
---
src/openvpn/crypto_openssl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 49698e4b3..4486d246d 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -1195,7 +1195,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
EVP_MD_CTX ctx, ctx_tmp, ctx_init;
EVP_PKEY *mac_key;
unsigned char A1[EVP_MAX_MD_SIZE];
- size_t A1_len;
+ size_t A1_len = EVP_MAX_MD_SIZE;
int ret = false;
chunk = EVP_MD_size(md);
@@ -1249,6 +1249,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
if (olen > chunk)
{
+ j = olen;
if (!EVP_DigestSignFinal(&ctx, out, &j))
{
goto err;
@@ -1263,6 +1264,7 @@ tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
}
else
{
+ A1_len = EVP_MAX_MD_SIZE;
/* last one */
if (!EVP_DigestSignFinal(&ctx, A1, &A1_len))
{
--
2.25.1
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
