> > I saw that you missed this case earlier, but I thought that this call > cannot really fail. > > Assuming it can fail under certain conditions, wouldn't the M_FATAL > somewhat become a DoS on the server side?
The condition it can fail is basically that the crypto library is unable or unwilling to create a context for that hash algorithm. If that happens we later segfault. This basically only happend on the OpenSSL in FIPS mode, which claim to have MD5 but will then not accept to create MD5. So a fatal fail here is better than a segfault. Arne _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
