diff options
-rw-r--r-- | ssh-pkcs11.c | 41 |
1 files changed, 16 insertions, 25 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 01f968a9b..dd8d501ae 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11.c,v 1.28 2019/01/20 22:51:37 djm Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.29 2019/01/20 23:00:12 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. | 4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. |
@@ -411,7 +411,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
411 | CK_RV rv; | 411 | CK_RV rv; |
412 | ECDSA_SIG *ret = NULL; | 412 | ECDSA_SIG *ret = NULL; |
413 | u_char *sig; | 413 | u_char *sig; |
414 | const u_char *cp; | ||
415 | 414 | ||
416 | if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) { | 415 | if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) { |
417 | ossl_error("EC_KEY_get_key_method_data failed for ec"); | 416 | ossl_error("EC_KEY_get_key_method_data failed for ec"); |
@@ -435,29 +434,21 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
435 | error("C_Sign failed: %lu", rv); | 434 | error("C_Sign failed: %lu", rv); |
436 | goto done; | 435 | goto done; |
437 | } | 436 | } |
438 | cp = sig; | 437 | if (siglen < 64 || siglen > 132 || siglen % 2) { |
439 | ret = d2i_ECDSA_SIG(NULL, &cp, siglen); | 438 | ossl_error("d2i_ECDSA_SIG failed"); |
440 | if (ret == NULL) { | 439 | goto done; |
441 | /* | 440 | } |
442 | * d2i_ECDSA_SIG failed, so sig does not point to a DER-encoded | 441 | bnlen = siglen/2; |
443 | * sequence, but to the concatenation r|s. | 442 | if ((ret = ECDSA_SIG_new()) == NULL) { |
444 | */ | 443 | error("ECDSA_SIG_new failed"); |
445 | if (siglen < 64 || siglen > 132 || siglen % 2) { | 444 | goto done; |
446 | ossl_error("d2i_ECDSA_SIG failed"); | 445 | } |
447 | goto done; | 446 | if (BN_bin2bn(sig, bnlen, ret->r) == NULL || |
448 | } | 447 | BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) { |
449 | bnlen = siglen/2; | 448 | ossl_error("d2i_ECDSA_SIG failed"); |
450 | if ((ret = ECDSA_SIG_new()) == NULL) { | 449 | ECDSA_SIG_free(ret); |
451 | error("ECDSA_SIG_new failed"); | 450 | ret = NULL; |
452 | goto done; | 451 | goto done; |
453 | } | ||
454 | if (BN_bin2bn(sig, bnlen, ret->r) == NULL || | ||
455 | BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) { | ||
456 | ossl_error("d2i_ECDSA_SIG failed"); | ||
457 | ECDSA_SIG_free(ret); | ||
458 | ret = NULL; | ||
459 | goto done; | ||
460 | } | ||
461 | } | 452 | } |
462 | done: | 453 | done: |
463 | free(sig); | 454 | free(sig); |