Ralf Junker 1 Posted December 28, 2020 The function declarations for f_EVP_PKEY_get_raw_private_key() and f_EVP_PKEY_get_raw_public_key() each have a wrong parameter type: outlen: Integer. The correct type is outlen: size_t. On 64-bit, this can lead to memory overwrite if the 64-bit size_t is written to the 32-bit Integer. Reference: https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_get_raw_private_key.html Ralf Share this post Link to post
Angus Robertson 574 Posted December 29, 2020 Thanks, will fix my local copy but won't be in SVN for at least a week. Angus Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
