xkey_pkcs11h_sign: fix dangling pointer

Warning by GCC 12:
pkcs11_openssl.c:237:22: warning:
dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=]

Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20230110131947.59552-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25942.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 202b34da386c8574692111bad23814602d0e09f5)

diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index 71347d31527f5d9213c16ccd953c83aa78fe0266..5c1de44e148f442d3ad26b00f902ac16ea189666 100644 (file)
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -169,6 +169,9 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
     unsigned char buf[EVP_MAX_MD_SIZE];
     size_t buflen;
 
+    unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for DigestInfo header */
+    size_t enc_len = sizeof(enc);
+
     if (!strcmp(sigalg.op, "DigestSign"))
     {
         msg(D_XKEY, "xkey_pkcs11h_sign: computing digest");
@@ -214,9 +217,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
         {
             /* CMA_RSA_PKCS needs pkcs1 encoded digest */
 
-            unsigned char enc[EVP_MAX_MD_SIZE + 32]; /* 32 bytes enough for DigestInfo header */
-            size_t enc_len = sizeof(enc);
-
             if (!encode_pkcs1(enc, &enc_len, sigalg.mdname, tbs, tbslen))
             {
                 return 0;