when i used HMAC_Final() in openssl-0.9.6b, it did segmentation fault.
i used HMAC_Final() from sha2 functions i implemented.
as you know, sha2-512 needs the buffer size of 64 bytes
but the buffer is defined the static length, buf[EVP_MAX_MD_SIZE].
and EVP_MAX_MD_SIZE is defined 36 bytes in evp/evp.h.
evp/evp.h:
#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
it should be more than 64 bytes.
meanwhile, the EVP_MD structure in the HMAC_CTX structure has md_size.
why is the buffer in HMAC_Final() allocated by using this md_size ?
i mean,
buf = malloc(ctx->md->md_size);
i think unfortunately the type of HMAC_Final() is "void".
so would it be problem if the type became "int" ?
i know that the current openssl doesn't support sha2.
but openssl should assure the behavior of HMAC functions, shouldn't it ?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
