From 044da08973957b32703fe338eb95c5171ce471ba Mon Sep 17 00:00:00 2001
From: Dimitri Staessens <dimitri@ouroboros.rocks>
Date: Sat, 7 Mar 2026 20:54:31 +0100
Subject: lib: Fix certificate DER encoding and key buffers

i2d_X509() allocated buf->data via OPENSSL_malloc(), but callers free
it with freebuf() which uses free(). Fix by allocating with malloc()
and encoding directly into the buffer. Also replaces MSGBUFSZ with
CRYPT_KEY_BUFSZ (4096) for key material buffers and removes leftover
debug logging.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
---
 src/irmd/oap/srv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/irmd/oap/srv.c')

diff --git a/src/irmd/oap/srv.c b/src/irmd/oap/srv.c
index 36391e50..afc54acc 100644
--- a/src/irmd/oap/srv.c
+++ b/src/irmd/oap/srv.c
@@ -384,7 +384,7 @@ int oap_srv_process(const struct name_info * info,
         struct oap_hdr        peer_hdr;
         struct oap_hdr        local_hdr;
         struct sec_config     kcfg;
-        uint8_t               kex_buf[MSGBUFSZ];
+        uint8_t               kex_buf[CRYPT_KEY_BUFSZ];
         uint8_t               hash_buf[MAX_HASH_SIZE];
         buffer_t              req_hash = BUF_INIT;
         ssize_t               hash_ret;
-- 
cgit v1.2.3