lib: Fix certificate DER encoding and key buffers

i2d_X509() allocated buf->data via OPENSSL_malloc(), but callers free
it with freebuf() which uses free(). Fix by allocating with malloc()
and encoding directly into the buffer. Also replaces MSGBUFSZ with
CRYPT_KEY_BUFSZ (4096) for key material buffers and removes leftover
debug logging.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

2 files changed, 2 insertions, 2 deletions

diff --git a/src/irmd/oap/cli.c b/src/irmd/oap/cli.c
index 8ecd317d..7a202da7 100644
--- a/src/irmd/oap/cli.c
+++ b/src/irmd/oap/cli.c
@@ -50,7 +50,7 @@
 struct oap_cli_ctx {
         uint8_t           __id[OAP_ID_SIZE];
         buffer_t          id;
-        uint8_t           kex_buf[MSGBUFSZ];
+        uint8_t           kex_buf[CRYPT_KEY_BUFSZ];
         uint8_t           req_hash[MAX_HASH_SIZE];
         size_t            req_hash_len;
         int               req_md_nid;
diff --git a/src/irmd/oap/srv.c b/src/irmd/oap/srv.c
index 36391e50..afc54acc 100644
--- a/src/irmd/oap/srv.c
+++ b/src/irmd/oap/srv.c
@@ -384,7 +384,7 @@ int oap_srv_process(const struct name_info * info,
         struct oap_hdr        peer_hdr;
         struct oap_hdr        local_hdr;
         struct sec_config     kcfg;
-        uint8_t               kex_buf[MSGBUFSZ];
+        uint8_t               kex_buf[CRYPT_KEY_BUFSZ];
         uint8_t               hash_buf[MAX_HASH_SIZE];
         buffer_t              req_hash = BUF_INIT;
         ssize_t               hash_ret;