On Mon, Oct 18, 2021 at 06:40:28PM +0200, Tim Duesterhus wrote: > The OpenSSL documentation > (https://www.openssl.org/docs/man1.1.0/man3/HMAC.html) > specifies: > > > It places the result in md (which must have space for the output of the hash > > function, which is no more than EVP_MAX_MD_SIZE bytes). If md is NULL, the > > digest is placed in a static array. The size of the output is placed in > > md_len, unless it is NULL. Note: passing a NULL value for md to use the > > static array is not thread safe. > > `EVP_MAX_MD_SIZE` appears to be defined as `64`, so let's simply use a stack > buffer to avoid the whole memory management. (...)
Both patches applied, thanks! (I thought they were already in fact). Willy
