Replace with statically allocated buffer

Replace with statically allocated buffer to avoid potential NULL pointer
dereference.

Fixes: 1fb6d1b5 ("fips140-2: moved PCT-test in wrap_nettle_generate_keys")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>

diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 5986a410c24f3aac02fb317c2aa15595e18fe9dc..c6f2b8b89dfedbd7e8cd0b0d60f69b9bf3ec4213 100644 (file)
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -3207,7 +3207,7 @@ static int pct_test(gnutls_pk_algorithm_t algo,
        const char const_data_sha512[64] =
                "onetwothreefourfivesixseveneightnineteneleventwelvethirteenfourt";
        gnutls_datum_t ddata, tmp = { NULL, 0 };
-       char *gen_data = NULL;
+       char gen_data[MAX_HASH_SIZE];
        gnutls_x509_spki_st spki;
        gnutls_fips140_context_t context;
 
@@ -3223,7 +3223,6 @@ static int pct_test(gnutls_pk_algorithm_t algo,
 
                me = _gnutls_dsa_q_to_hash(params, &hash_len);
                spki.dsa_dig = MAC_TO_DIG(me->id);
-               gen_data = gnutls_malloc(hash_len);
                gnutls_rnd(GNUTLS_RND_NONCE, gen_data, hash_len);
 
                ddata.data = (void *)gen_data;
@@ -3391,7 +3390,6 @@ cleanup:
                _gnutls_switch_lib_state(LIB_STATE_ERROR);
        }
        _gnutls_x509_spki_clear(&spki);
-       gnutls_free(gen_data);
        gnutls_free(sig.data);
        gnutls_free(tmp.data);
        return ret;