| Message ID | 20240702225330.13136-1-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [ima-evm-utils] Require specifying openssl PKCS11 engine or provider access method | expand |
On 7/2/24 18:53, Mimi Zohar wrote: > Directly calling the new imaevm_signhash() function without specifying > the access_info may result in dereferencing a NULL pointer. Require > specifying the openssl PKCS11 access method. > > Fixes: 5d89393ff9ab ("Implement imaevm_signhash library function and deprecate sign_hash") > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> > --- > src/libimaevm.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/src/libimaevm.c b/src/libimaevm.c > index a0176c0df9ef..6321f105d91f 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > @@ -1118,6 +1118,11 @@ static EVP_PKEY *read_priv_pkey(const char *keyfile, const char *keypass, > EVP_PKEY *pkey = NULL; > > if (!strncmp(keyfile, "pkcs11:", 7)) { > + if (!access_info) { > + log_err("PKCS11 engine or provider not specified"); > + return NULL; > + } > + > switch (access_info->type) { > case IMAEVM_OSSL_ACCESS_TYPE_ENGINE: > pkey = read_priv_pkey_engine(access_info->u.engine,
diff --git a/src/libimaevm.c b/src/libimaevm.c index a0176c0df9ef..6321f105d91f 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -1118,6 +1118,11 @@ static EVP_PKEY *read_priv_pkey(const char *keyfile, const char *keypass, EVP_PKEY *pkey = NULL; if (!strncmp(keyfile, "pkcs11:", 7)) { + if (!access_info) { + log_err("PKCS11 engine or provider not specified"); + return NULL; + } + switch (access_info->type) { case IMAEVM_OSSL_ACCESS_TYPE_ENGINE: pkey = read_priv_pkey_engine(access_info->u.engine,
Directly calling the new imaevm_signhash() function without specifying the access_info may result in dereferencing a NULL pointer. Require specifying the openssl PKCS11 access method. Fixes: 5d89393ff9ab ("Implement imaevm_signhash library function and deprecate sign_hash") Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- src/libimaevm.c | 5 +++++ 1 file changed, 5 insertions(+)