Commit
https://github.com/OpenVPN/openvpn/commit/685e486e8b8f70c25f09590c24762ff734f94a51
introduced a variable length array. Although C99 supports that, MSVS 2013 still
requires
size of array to be compiler time constant. As a fix, use malloc/free.
v2:
Replace OPENSSL_malloc with gc_malloc
Signed-off-by: Lev Stipakov <lstipa...@gmail.com>
---
src/openvpn/ssl_openssl.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index c08d4fe..3c8d41f 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -141,12 +141,12 @@ key_state_export_keying_material(struct key_state_ssl
*ssl,
{
#if (OPENSSL_VERSION_NUMBER >= 0x10001000)
unsigned int size = session->opt->ekm_size;
- unsigned char ekm[size];
+ struct gc_arena gc = gc_new();
+ unsigned char* ekm = (unsigned char*) gc_malloc(size, true, &gc);
if (SSL_export_keying_material(ssl->ssl, ekm, sizeof(ekm),
session->opt->ekm_label, session->opt->ekm_label_size, NULL, 0, 0))
{
- struct gc_arena gc = gc_new();
unsigned int len = (size * 2) + 2;
const char *key = format_hex_ex (ekm, size, len, 0, NULL, &gc);
@@ -154,14 +154,13 @@ key_state_export_keying_material(struct key_state_ssl
*ssl,
dmsg(D_TLS_DEBUG_MED, "%s: exported keying material: %s",
__func__, key);
-
- gc_free(&gc);
}
else
{
msg (M_WARN, "WARNING: Export keying material failed!");
setenv_del (session->opt->es, "exported_keying_material");
}
+ gc_free(&gc);
#endif
}
}
--
1.9.1
