diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-03-07 20:54:31 +0100 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-03-14 11:23:59 +0100 |
| commit | 044da08973957b32703fe338eb95c5171ce471ba (patch) | |
| tree | fe1b0ce72e4421095deaa555fdaa9de62d664d0e /include | |
| parent | 4b76e15279792331f886cf756b825fb1e7a1c9ba (diff) | |
| download | ouroboros-044da08973957b32703fe338eb95c5171ce471ba.tar.gz ouroboros-044da08973957b32703fe338eb95c5171ce471ba.zip | |
lib: Fix certificate DER encoding and key buffers
i2d_X509() allocated buf->data via OPENSSL_malloc(), but callers free
it with freebuf() which uses free(). Fix by allocating with malloc()
and encoding directly into the buffer. Also replaces MSGBUFSZ with
CRYPT_KEY_BUFSZ (4096) for key material buffers and removes leftover
debug logging.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'include')
| -rw-r--r-- | include/ouroboros/crypt.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/include/ouroboros/crypt.h b/include/ouroboros/crypt.h index c0b001d1..5e082bb9 100644 --- a/include/ouroboros/crypt.h +++ b/include/ouroboros/crypt.h @@ -33,7 +33,6 @@ #define MAX_HASH_SIZE 64 /* SHA-512/BLAKE2b max */ #define KEX_ALGO_BUFSZ 32 #define KEX_CIPHER_BUFSZ 32 -#define MSGBUFSZ 2048 /* * On OSX the OpenSSL NIDs are automatically loaded with evp.h. @@ -95,6 +94,8 @@ #define X448MLKEM1024_PKSZ 1624 /* 56 + 1568 */ #define X448MLKEM1024_SKSZ 3224 /* 56 + 3168 */ +#define CRYPT_KEY_BUFSZ 4096 /* Safe buffer for key material */ + #define KEM_MODE_SERVER_ENCAP 0 /* Server encapsulates (default) */ #define KEM_MODE_CLIENT_ENCAP 1 /* Client encapsulates */ #define IS_KEX_ALGO_SET(cfg) ((cfg)->x.nid != NID_undef) |