Bugfix: dangling pointer passed to pkcs11-helper

Github: Fixes OpenVPN/openvpn#323 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20230509170517.2637245-1-selva.nair@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26640.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit f4850745709c5b80ab7d09c03a86c5ceea6d10a2)
author: Selva Nair 2023-05-09 13:05:17 -0400
committer: Gert Doering 2023-05-10 09:58:13 +0200
commit: 7e4becb4cd8be7f0d5ff80cf80877ea152f99830 (patch)
tree: c3ec97956d77c1d739ae987a2ac4aa49113f1ef7
parent: a32f914051909cc5e7692964af169fc3224270e5 (diff)
download: openvpn-7e4becb4cd8be7f0d5ff80cf80877ea152f99830.zip
openvpn-7e4becb4cd8be7f0d5ff80cf80877ea152f99830.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c
index eee86e1..9b0ab39 100644
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -165,6 +165,7 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
 {
     pkcs11h_certificate_t cert = handle;
     CK_MECHANISM mech = {CKM_RSA_PKCS, NULL, 0}; /* default value */
+    CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
 
     unsigned char buf[EVP_MAX_MD_SIZE];
     size_t buflen;
@@ -203,7 +204,6 @@ xkey_pkcs11h_sign(void *handle, unsigned char *sig,
         }
         else if (!strcmp(sigalg.padmode, "pss"))
         {
-            CK_RSA_PKCS_PSS_PARAMS pss_params = {0};
             mech.mechanism = CKM_RSA_PKCS_PSS;
 
             if (!set_pss_params(&pss_params, sigalg, cert))
author	Selva Nair	2023-05-09 13:05:17 -0400
committer	Gert Doering	2023-05-10 09:58:13 +0200
commit	7e4becb4cd8be7f0d5ff80cf80877ea152f99830 (patch)
tree	c3ec97956d77c1d739ae987a2ac4aa49113f1ef7
parent	a32f914051909cc5e7692964af169fc3224270e5 (diff)
download	openvpn-7e4becb4cd8be7f0d5ff80cf80877ea152f99830.zip openvpn-7e4becb4cd8be7f0d5ff80cf80877ea152f99830.tar.gz