On 7/2/24 18:53, Mimi Zohar wrote:
Directly calling the new imaevm_signhash() function without specifying
the access_info may result in dereferencing a NULL pointer. Require
specifying the openssl PKCS11 access method.
Fixes: 5d89393ff9ab ("Implement imaevm_signhash library function and deprecate sign_hash")
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
src/libimaevm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index a0176c0df9ef..6321f105d91f 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -1118,6 +1118,11 @@ static EVP_PKEY *read_priv_pkey(const char *keyfile, const char *keypass,
EVP_PKEY *pkey = NULL;
if (!strncmp(keyfile, "pkcs11:", 7)) {
+ if (!access_info) {
+ log_err("PKCS11 engine or provider not specified");
+ return NULL;
+ }
+
switch (access_info->type) {
case IMAEVM_OSSL_ACCESS_TYPE_ENGINE:
pkey = read_priv_pkey_engine(access_info->u.engine,
