1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
From 7e4becb4cd8be7f0d5ff80cf80877ea152f99830 Mon Sep 17 00:00:00 2001
From: Selva Nair <selva.nair@gmail.com>
Date: Tue, 9 May 2023 13:05:17 -0400
Subject: [PATCH] Bugfix: dangling pointer passed to pkcs11-helper
Github: Fixes OpenVPN/openvpn#323
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230509170517.2637245-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26640.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit f4850745709c5b80ab7d09c03a86c5ceea6d10a2)
---
src/openvpn/pkcs11_openssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index eee86e17b6f..9b0ab39f9cf 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
{
pkcs11h_certificate_t cert = handle;
CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */
+ CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
unsigned char buf[EVP_MAX_MD_SIZE];
size_t buflen;
@@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
}
else if (!strcmp(sigalg.padmode, "pss"))
{
- CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
mech.mechanism = CKM_RSA_PKCS_PSS;
if (!set_pss_params(&pss_params, sigalg, cert))
|
