diff --git a/include/gmssl/sm2.h b/include/gmssl/sm2.h
index e6243810..0c36303a 100644
--- a/include/gmssl/sm2.h
+++ b/include/gmssl/sm2.h
@@ -304,7 +304,7 @@ int sm2_do_sign_fast(const SM2_Fn d, const uint8_t dgst[32], SM2_SIGNATURE *sig)
 int sm2_do_verify(const SM2_KEY *key, const uint8_t dgst[32], const SM2_SIGNATURE *sig);
 
 #define SM2_MIN_SIGNATURE_SIZE 8
-#define SM2_MAX_SIGNATURE_SIZE 74
+#define SM2_MAX_SIGNATURE_SIZE 72
 int sm2_signature_to_der(const SM2_SIGNATURE *sig, uint8_t **out, size_t *outlen);
 int sm2_signature_from_der(SM2_SIGNATURE *sig, const uint8_t **in, size_t *inlen);
 int sm2_signature_to_public_key_points(const SM2_SIGNATURE *sig, const uint8_t dgst[32],
diff --git a/src/tlcp.c b/src/tlcp.c
index ef18d2fb..ac6d649e 100644
--- a/src/tlcp.c
+++ b/src/tlcp.c
@@ -427,8 +427,8 @@ int tlcp_do_connect(TLS_CONNECT *conn)
 	// send CertificateVerify
 	if (conn->client_certs_len) {
 		tls_trace("send CertificateVerify\n");
-		uint8_t sigbuf[SM2_MAX_SIGNATURE_SIZE];
-		memset(sigbuf, 0, SM2_MAX_SIGNATURE_SIZE);
+		uint8_t sigbuf[2 + SM2_MAX_SIGNATURE_SIZE];
+		memset(sigbuf, 0, 2 + SM2_MAX_SIGNATURE_SIZE);
 		SM3_CTX cert_verify_ctx;
 		uint8_t cert_verify_hash[SM3_DIGEST_SIZE] = {0};
 		memset(&cert_verify_ctx, 0, sizeof(SM3_CTX));