Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pam_p11 for openSUSE:Factory checked in at 2021-06-09 21:52:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam_p11 (Old) and /work/SRC/openSUSE:Factory/.pam_p11.new.32437 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam_p11" Wed Jun 9 21:52:50 2021 rev:24 rq:898582 version:0.3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/pam_p11/pam_p11.changes 2019-08-13 13:27:39.673317384 +0200 +++ /work/SRC/openSUSE:Factory/.pam_p11.new.32437/pam_p11.changes 2021-06-09 21:53:15.986577874 +0200 @@ -1,0 +2,8 @@ +Mon May 17 23:16:30 UTC 2021 - Ferdinand Thiessen <r...@fthiessen.de> + +- Update to version 0.3.1 + * CVE-2019-16058: Fixed buffer overflow when creating signatures + longer than 256 bytes +- Drop upstream fixed pam_p11-0.3.0-lto-type-mismatch.patch + +------------------------------------------------------------------- Old: ---- pam_p11-0.3.0-lto-type-mismatch.patch pam_p11-0.3.0.tar.gz New: ---- pam_p11-0.3.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam_p11.spec ++++++ --- /var/tmp/diff_new_pack.x2aPqt/_old 2021-06-09 21:53:16.558578894 +0200 +++ /var/tmp/diff_new_pack.x2aPqt/_new 2021-06-09 21:53:16.562578901 +0200 @@ -17,16 +17,14 @@ Name: pam_p11 -Version: 0.3.0 +Version: 0.3.1 Release: 0 Summary: PAM Authentication Module for Using Cryptographic Tokens License: LGPL-2.1-or-later Group: Hardware/Other URL: https://github.com/OpenSC/pam_p11 -Source0: https://github.com/OpenSC/pam_p11/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz +Source0: %{url}/releases/download/pam_p11-%{version}/pam_p11-%{version}.tar.gz Source1: baselibs.conf -# PATCH-FIX-UPSTREAM -- Fix build with LTO, picked from upstream -Patch0: pam_p11-0.3.0-lto-type-mismatch.patch BuildRequires: libp11-devel BuildRequires: openssl-devel BuildRequires: pam-devel @@ -45,7 +43,6 @@ %prep %setup -q -%patch0 -p1 %build %configure\ ++++++ pam_p11-0.3.0.tar.gz -> pam_p11-0.3.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_p11-0.3.0/NEWS new/pam_p11-0.3.1/NEWS --- old/pam_p11-0.3.0/NEWS 2019-04-24 23:21:32.000000000 +0200 +++ new/pam_p11-0.3.1/NEWS 2019-09-11 22:36:09.000000000 +0200 @@ -1,5 +1,8 @@ NEWS for Pam_p11 -- History of user visible changes +New in 0.3.1; 2019-09-11; Frank Morgner +* CVE-2019-16058: Fixed buffer overflow when creating signatures longer than 256 bytes + New in 0.3.0; 2019-04-24; Frank Morgner * Add Italian translation * Add support for matching the PIN-input with a regular expression diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_p11-0.3.0/README.md new/pam_p11-0.3.1/README.md --- old/pam_p11-0.3.0/README.md 2019-04-24 23:18:33.000000000 +0200 +++ new/pam_p11-0.3.1/README.md 2019-09-11 22:29:30.000000000 +0200 @@ -71,7 +71,7 @@ ``` mkdir -p ~/.eid chmod 0755 ~/.eid -pkcs11-tool --read-object --type cert --id 45 --module /usr/lib/opensc-pkcs11.so --outfile cert.cer +pkcs11-tool --read-object --type cert --id 45 --module /usr/lib/opensc-pkcs11.so --output-file cert.cer openssl x509 -inform DER -in cert.cer -outform PEM >> ~/.eid/authorized_certificates chmod 0644 ~/.eid/authorized_certificates ``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_p11-0.3.0/configure new/pam_p11-0.3.1/configure --- old/pam_p11-0.3.0/configure 2019-04-24 23:23:07.000000000 +0200 +++ new/pam_p11-0.3.1/configure 2019-09-11 22:36:17.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for pam_p11 0.3.0. +# Generated by GNU Autoconf 2.69 for pam_p11 0.3.1. # # Report bugs to <https://github.com/OpenSC/pam_p11/issues>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='pam_p11' PACKAGE_TARNAME='pam_p11' -PACKAGE_VERSION='0.3.0' -PACKAGE_STRING='pam_p11 0.3.0' +PACKAGE_VERSION='0.3.1' +PACKAGE_STRING='pam_p11 0.3.1' PACKAGE_BUGREPORT='https://github.com/OpenSC/pam_p11/issues' PACKAGE_URL='' @@ -1370,7 +1370,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures pam_p11 0.3.0 to adapt to many kinds of systems. +\`configure' configures pam_p11 0.3.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1441,7 +1441,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of pam_p11 0.3.0:";; + short | recursive ) echo "Configuration of pam_p11 0.3.1:";; esac cat <<\_ACEOF @@ -1575,7 +1575,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -pam_p11 configure 0.3.0 +pam_p11 configure 0.3.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1998,7 +1998,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by pam_p11 $as_me 0.3.0, which was +It was created by pam_p11 $as_me 0.3.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2865,7 +2865,7 @@ # Define the identity of the package. PACKAGE='pam_p11' - VERSION='0.3.0' + VERSION='0.3.1' cat >>confdefs.h <<_ACEOF @@ -16422,7 +16422,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by pam_p11 $as_me 0.3.0, which was +This file was extended by pam_p11 $as_me 0.3.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -16488,7 +16488,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -pam_p11 config.status 0.3.0 +pam_p11 config.status 0.3.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_p11-0.3.0/configure.ac new/pam_p11-0.3.1/configure.ac --- old/pam_p11-0.3.0/configure.ac 2019-04-24 23:22:00.000000000 +0200 +++ new/pam_p11-0.3.1/configure.ac 2019-09-11 22:30:15.000000000 +0200 @@ -2,7 +2,7 @@ define([PACKAGE_VERSION_MAJOR], [0]) define([PACKAGE_VERSION_MINOR], [3]) -define([PACKAGE_VERSION_FIX], [0]) +define([PACKAGE_VERSION_FIX], [1]) define([PACKAGE_SUFFIX], []) define([PRODUCT_BUGREPORT], [https://github.com/OpenSC/pam_p11/issues]) Binary files old/pam_p11-0.3.0/po/de.gmo and new/pam_p11-0.3.1/po/de.gmo differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_p11-0.3.0/po/de.po new/pam_p11-0.3.1/po/de.po --- old/pam_p11-0.3.0/po/de.po 2019-04-24 23:27:12.000000000 +0200 +++ new/pam_p11-0.3.1/po/de.po 2019-09-11 22:42:23.000000000 +0200 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: pam_p11 0.1.7_git\n" "Report-Msgid-Bugs-To: https://github.com/OpenSC/pam_p11/issues\n"; -"POT-Creation-Date: 2019-04-24 23:27+0200\n" +"POT-Creation-Date: 2019-09-11 22:42+0200\n" "PO-Revision-Date: 2018-04-05 11:14+0200\n" "Last-Translator: Frank Morgner <frankmorg...@gmail.com>\n" "Language-Team: German\n" @@ -17,98 +17,98 @@ "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -#: src/pam_p11.c:204 +#: src/pam_p11.c:205 msgid "Error loading PKCS#11 module" msgstr "Fehler beim Laden des PKCS#11-Moduls" -#: src/pam_p11.c:212 src/pam_p11.c:264 +#: src/pam_p11.c:213 src/pam_p11.c:265 msgid "Error initializing PKCS#11 module" msgstr "Fehler beim Initialisieren des PKCS#11-Moduls" -#: src/pam_p11.c:332 +#: src/pam_p11.c:333 msgid " (last try)" msgstr " (letzter Versuch)" -#: src/pam_p11.c:339 +#: src/pam_p11.c:340 #, c-format msgid "Login on PIN pad with %s%s" msgstr "Login auf dem PIN-Pad mit %s%s" -#: src/pam_p11.c:345 +#: src/pam_p11.c:346 #, c-format msgid "Login with %s%s: " msgstr "Login mit %s%s: " -#: src/pam_p11.c:369 +#: src/pam_p11.c:370 msgid "Invalid PIN" msgstr "" -#: src/pam_p11.c:377 +#: src/pam_p11.c:378 msgid "PIN not verified; PIN locked" msgstr "PIN nicht verifiziert; PIN gesperrt" -#: src/pam_p11.c:379 +#: src/pam_p11.c:380 msgid "PIN not verified; one try remaining" msgstr "PIN nicht verifiziert; ein Versuch verbleibend" -#: src/pam_p11.c:381 +#: src/pam_p11.c:382 msgid "PIN not verified" msgstr "PIN nicht verifiziert" -#: src/pam_p11.c:423 +#: src/pam_p11.c:424 #, c-format msgid "Change PIN with PUK on PIN pad for %s" msgstr "??ndere PIN mit PUK auf dem PIN-Pad f??r %s" -#: src/pam_p11.c:427 +#: src/pam_p11.c:428 #, c-format msgid "Change PIN on PIN pad for %s" msgstr "??ndere PIN auf dem PIN-Pad f??r %s" -#: src/pam_p11.c:434 +#: src/pam_p11.c:435 #, c-format msgid "PUK for %s: " msgstr "PUK f??r %s: " -#: src/pam_p11.c:445 +#: src/pam_p11.c:446 msgid "Current PIN: " msgstr "Aktuelle PIN: " -#: src/pam_p11.c:463 +#: src/pam_p11.c:464 msgid "Enter new PIN: " msgstr "Neue PIN eingeben: " -#: src/pam_p11.c:466 +#: src/pam_p11.c:467 msgid "Retype new PIN: " msgstr "Neue PIN wiederholen: " -#: src/pam_p11.c:470 +#: src/pam_p11.c:471 msgid "PINs don't match" msgstr "PINs verschieden" -#: src/pam_p11.c:477 +#: src/pam_p11.c:478 #, fuzzy msgid "PIN not changed; PIN locked" msgstr "PIN nicht verifiziert; PIN gesperrt" -#: src/pam_p11.c:479 +#: src/pam_p11.c:480 #, fuzzy msgid "PIN not changed; one try remaining" msgstr "PIN nicht verifiziert; ein Versuch verbleibend" -#: src/pam_p11.c:481 +#: src/pam_p11.c:482 #, fuzzy msgid "PIN not changed" msgstr "PIN nicht verifiziert" -#: src/pam_p11.c:609 +#: src/pam_p11.c:610 msgid "No token found" msgstr "Kein Token gefunden" -#: src/pam_p11.c:611 +#: src/pam_p11.c:612 msgid "No authorized keys on token" msgstr "Keine autorisierten Schl??ssel auf dem Token" -#: src/pam_p11.c:664 +#: src/pam_p11.c:674 msgid "Error verifying key" msgstr "Fehler beim Verifizieren des Schl??ssels" Binary files old/pam_p11-0.3.0/po/it.gmo and new/pam_p11-0.3.1/po/it.gmo differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_p11-0.3.0/po/it.po new/pam_p11-0.3.1/po/it.po --- old/pam_p11-0.3.0/po/it.po 2019-04-24 23:27:12.000000000 +0200 +++ new/pam_p11-0.3.1/po/it.po 2019-09-11 22:42:23.000000000 +0200 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: pam-p11\n" "Report-Msgid-Bugs-To: https://github.com/OpenSC/pam_p11/issues\n"; -"POT-Creation-Date: 2019-04-24 23:27+0200\n" +"POT-Creation-Date: 2019-09-11 22:42+0200\n" "PO-Revision-Date: 2019-02-28 14:03+0000\n" "Last-Translator: Milo Casagrande <m...@milo.name>\n" "Language-Team: Italian <t...@lists.linux.it>\n" @@ -16,95 +16,95 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -#: src/pam_p11.c:204 +#: src/pam_p11.c:205 msgid "Error loading PKCS#11 module" msgstr "Errore nel caricare il modulo PKCS#11" -#: src/pam_p11.c:212 src/pam_p11.c:264 +#: src/pam_p11.c:213 src/pam_p11.c:265 msgid "Error initializing PKCS#11 module" msgstr "Errore nell'inizializzare il modulo PKCS#11" -#: src/pam_p11.c:332 +#: src/pam_p11.c:333 msgid " (last try)" msgstr " (ultimo tentativo)" -#: src/pam_p11.c:339 +#: src/pam_p11.c:340 #, c-format msgid "Login on PIN pad with %s%s" msgstr "Accesso su dispositivo inserimento PIN con %s%s" -#: src/pam_p11.c:345 +#: src/pam_p11.c:346 #, c-format msgid "Login with %s%s: " msgstr "Accesso con %s%s: " -#: src/pam_p11.c:369 +#: src/pam_p11.c:370 msgid "Invalid PIN" msgstr "" -#: src/pam_p11.c:377 +#: src/pam_p11.c:378 msgid "PIN not verified; PIN locked" msgstr "PIN non verificato; PIN bloccato" -#: src/pam_p11.c:379 +#: src/pam_p11.c:380 msgid "PIN not verified; one try remaining" msgstr "PIN non verificato; un tentativo rimasto" -#: src/pam_p11.c:381 +#: src/pam_p11.c:382 msgid "PIN not verified" msgstr "PIN non verificato" -#: src/pam_p11.c:423 +#: src/pam_p11.c:424 #, c-format msgid "Change PIN with PUK on PIN pad for %s" msgstr "Modifica del PIN con PUK su dispositivo inserimento PIN per %s" -#: src/pam_p11.c:427 +#: src/pam_p11.c:428 #, c-format msgid "Change PIN on PIN pad for %s" msgstr "Modifica del PIN su dispositivo inserimento PIN per %s" -#: src/pam_p11.c:434 +#: src/pam_p11.c:435 #, c-format msgid "PUK for %s: " msgstr "PUK per %s: " -#: src/pam_p11.c:445 +#: src/pam_p11.c:446 msgid "Current PIN: " msgstr "PIN attuale: " -#: src/pam_p11.c:463 +#: src/pam_p11.c:464 msgid "Enter new PIN: " msgstr "Inserire nuovo PIN: " -#: src/pam_p11.c:466 +#: src/pam_p11.c:467 msgid "Retype new PIN: " msgstr "Ripetere nuovo PIN: " -#: src/pam_p11.c:470 +#: src/pam_p11.c:471 msgid "PINs don't match" msgstr "I PIN non sono uguali" -#: src/pam_p11.c:477 +#: src/pam_p11.c:478 msgid "PIN not changed; PIN locked" msgstr "PIN non modificato; PIN bloccato" -#: src/pam_p11.c:479 +#: src/pam_p11.c:480 msgid "PIN not changed; one try remaining" msgstr "PIN non modificato; un tentativo rimasto" -#: src/pam_p11.c:481 +#: src/pam_p11.c:482 msgid "PIN not changed" msgstr "PIN non modificato" -#: src/pam_p11.c:609 +#: src/pam_p11.c:610 msgid "No token found" msgstr "Nessun token trovato" -#: src/pam_p11.c:611 +#: src/pam_p11.c:612 msgid "No authorized keys on token" msgstr "Nessuna chiave autorizzata sul token" -#: src/pam_p11.c:664 +#: src/pam_p11.c:674 msgid "Error verifying key" msgstr "Errore nel verificare la chiave" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_p11-0.3.0/po/pam_p11.pot new/pam_p11-0.3.1/po/pam_p11.pot --- old/pam_p11-0.3.0/po/pam_p11.pot 2019-04-24 23:27:12.000000000 +0200 +++ new/pam_p11-0.3.1/po/pam_p11.pot 2019-09-11 22:42:23.000000000 +0200 @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: pam_p11 0.3.0\n" +"Project-Id-Version: pam_p11 0.3.1\n" "Report-Msgid-Bugs-To: https://github.com/OpenSC/pam_p11/issues\n"; -"POT-Creation-Date: 2019-04-24 23:27+0200\n" +"POT-Creation-Date: 2019-09-11 22:42+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <l...@li.org>\n" @@ -17,95 +17,95 @@ "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" -#: src/pam_p11.c:204 +#: src/pam_p11.c:205 msgid "Error loading PKCS#11 module" msgstr "" -#: src/pam_p11.c:212 src/pam_p11.c:264 +#: src/pam_p11.c:213 src/pam_p11.c:265 msgid "Error initializing PKCS#11 module" msgstr "" -#: src/pam_p11.c:332 +#: src/pam_p11.c:333 msgid " (last try)" msgstr "" -#: src/pam_p11.c:339 +#: src/pam_p11.c:340 #, c-format msgid "Login on PIN pad with %s%s" msgstr "" -#: src/pam_p11.c:345 +#: src/pam_p11.c:346 #, c-format msgid "Login with %s%s: " msgstr "" -#: src/pam_p11.c:369 +#: src/pam_p11.c:370 msgid "Invalid PIN" msgstr "" -#: src/pam_p11.c:377 +#: src/pam_p11.c:378 msgid "PIN not verified; PIN locked" msgstr "" -#: src/pam_p11.c:379 +#: src/pam_p11.c:380 msgid "PIN not verified; one try remaining" msgstr "" -#: src/pam_p11.c:381 +#: src/pam_p11.c:382 msgid "PIN not verified" msgstr "" -#: src/pam_p11.c:423 +#: src/pam_p11.c:424 #, c-format msgid "Change PIN with PUK on PIN pad for %s" msgstr "" -#: src/pam_p11.c:427 +#: src/pam_p11.c:428 #, c-format msgid "Change PIN on PIN pad for %s" msgstr "" -#: src/pam_p11.c:434 +#: src/pam_p11.c:435 #, c-format msgid "PUK for %s: " msgstr "" -#: src/pam_p11.c:445 +#: src/pam_p11.c:446 msgid "Current PIN: " msgstr "" -#: src/pam_p11.c:463 +#: src/pam_p11.c:464 msgid "Enter new PIN: " msgstr "" -#: src/pam_p11.c:466 +#: src/pam_p11.c:467 msgid "Retype new PIN: " msgstr "" -#: src/pam_p11.c:470 +#: src/pam_p11.c:471 msgid "PINs don't match" msgstr "" -#: src/pam_p11.c:477 +#: src/pam_p11.c:478 msgid "PIN not changed; PIN locked" msgstr "" -#: src/pam_p11.c:479 +#: src/pam_p11.c:480 msgid "PIN not changed; one try remaining" msgstr "" -#: src/pam_p11.c:481 +#: src/pam_p11.c:482 msgid "PIN not changed" msgstr "" -#: src/pam_p11.c:609 +#: src/pam_p11.c:610 msgid "No token found" msgstr "" -#: src/pam_p11.c:611 +#: src/pam_p11.c:612 msgid "No authorized keys on token" msgstr "" -#: src/pam_p11.c:664 +#: src/pam_p11.c:674 msgid "Error verifying key" msgstr "" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_p11-0.3.0/src/base64.c new/pam_p11-0.3.1/src/base64.c --- old/pam_p11-0.3.0/src/base64.c 2019-04-17 01:28:53.000000000 +0200 +++ new/pam_p11-0.3.1/src/base64.c 2019-08-12 23:28:30.000000000 +0200 @@ -18,7 +18,9 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -extern int sc_base64_decode(const char *in, unsigned char *out, unsigned int outlen); +#include <stddef.h> + +extern int sc_base64_decode(const char *in, unsigned char *out, size_t outlen); static const unsigned char bin_table[128] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, @@ -71,7 +73,7 @@ return c * 6 / 8; } -int sc_base64_decode(const char *in, unsigned char *out, unsigned int outlen) +int sc_base64_decode(const char *in, unsigned char *out, size_t outlen) { int len = 0, r, skip; unsigned int i; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pam_p11-0.3.0/src/pam_p11.c new/pam_p11-0.3.1/src/pam_p11.c --- old/pam_p11-0.3.0/src/pam_p11.c 2019-04-17 01:28:53.000000000 +0200 +++ new/pam_p11-0.3.1/src/pam_p11.c 2019-09-08 21:20:21.000000000 +0200 @@ -31,6 +31,7 @@ #include <openssl/crypto.h> #include <libp11.h> #include <regex.h> +#include <stdlib.h> /* openssl deprecated API emulation */ #ifndef HAVE_EVP_MD_CTX_NEW @@ -634,13 +635,22 @@ { int ok = 0; unsigned char challenge[30]; - unsigned char signature[256]; - unsigned int siglen = sizeof signature; + unsigned char *signature = NULL; + unsigned int siglen; const EVP_MD *md = EVP_sha1(); EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); EVP_PKEY *privkey = PKCS11_get_private_key(authkey); EVP_PKEY *pubkey = PKCS11_get_public_key(authkey); + if (NULL == privkey) + goto err; + siglen = EVP_PKEY_size(privkey); + if (siglen <= 0) + goto err; + signature = malloc(siglen); + if (NULL == signature) + goto err; + /* Verify a SHA-1 hash of random data, signed by the key. * * Note that this will not work keys that aren't eligible for signing. @@ -667,6 +677,7 @@ ok = 1; err: + free(signature); if (NULL != pubkey) EVP_PKEY_free(pubkey); if (NULL != privkey)
