[ima-evm-utils PATCH] Require specifying openssl PKCS11 engine or provider access method

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Directly calling the new imaevm_signhash() function without specifying
the access_info may result in dereferencing a NULL pointer.  Require
specifying the openssl PKCS11 access method.

Fixes: 5d89393ff9ab ("Implement imaevm_signhash library function and deprecate sign_hash")
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
 src/libimaevm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libimaevm.c b/src/libimaevm.c
index a0176c0df9ef..6321f105d91f 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -1118,6 +1118,11 @@ static EVP_PKEY *read_priv_pkey(const char *keyfile, const char *keypass,
 	EVP_PKEY *pkey = NULL;
 
 	if (!strncmp(keyfile, "pkcs11:", 7)) {
+		if (!access_info) {
+			log_err("PKCS11 engine or provider not specified");
+			return NULL;
+		}
+
 		switch (access_info->type) {
 		case IMAEVM_OSSL_ACCESS_TYPE_ENGINE:
 			pkey = read_priv_pkey_engine(access_info->u.engine,
-- 
2.43.0





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux