Bugfix: dangling pointer passed to pkcs11-helper

author Selva Nair <selva.nair@gmail.com>

Tue, 9 May 2023 17:05:17 +0000 (13:05 -0400)

committer Gert Doering <gert@greenie.muc.de>

Wed, 10 May 2023 07:41:38 +0000 (09:41 +0200)
author Selva Nair <selva.nair@gmail.com>
Tue, 9 May 2023 17:05:17 +0000 (13:05 -0400)
committer Gert Doering <gert@greenie.muc.de>
Wed, 10 May 2023 07:41:38 +0000 (09:41 +0200)
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c

index eee86e17b6fe474270e14757d2fc89535edec0dd..9b0ab39f9cf814f3d19f5dfe25f795cd616fed8c 100644 (file)
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
  {
      pkcs11h_certificate_t cert = handle;
      CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */
+    CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
  
      unsigned char buf[EVP_MAX_MD_SIZE];
      size_t buflen;
@@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
          }
          else if (!strcmp(sigalg.padmode, "pss"))
          {
-            CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
              mech.mechanism = CKM_RSA_PKCS_PSS;
  
              if (!set_pss_params(&pss_params, sigalg, cert))
author	Selva Nair <selva.nair@gmail.com>
	Tue, 9 May 2023 17:05:17 +0000 (13:05 -0400)
committer	Gert Doering <gert@greenie.muc.de>
	Wed, 10 May 2023 07:41:38 +0000 (09:41 +0200)