diff options
Diffstat (limited to 'ssh-pkcs11.c')
-rw-r--r-- | ssh-pkcs11.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 41992ceb7..7dc828978 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11.c,v 1.36 2019/01/20 23:12:35 djm Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.37 2019/01/21 00:47:34 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. | 4 | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. |
@@ -420,6 +420,7 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
420 | CK_RV rv; | 420 | CK_RV rv; |
421 | ECDSA_SIG *ret = NULL; | 421 | ECDSA_SIG *ret = NULL; |
422 | u_char *sig; | 422 | u_char *sig; |
423 | BIGNUM *r = NULL, *s = NULL; | ||
423 | 424 | ||
424 | if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) { | 425 | if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) { |
425 | ossl_error("EC_KEY_get_key_method_data failed for ec"); | 426 | ossl_error("EC_KEY_get_key_method_data failed for ec"); |
@@ -452,14 +453,24 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, | |||
452 | error("ECDSA_SIG_new failed"); | 453 | error("ECDSA_SIG_new failed"); |
453 | goto done; | 454 | goto done; |
454 | } | 455 | } |
455 | if (BN_bin2bn(sig, bnlen, ret->r) == NULL || | 456 | if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL || |
456 | BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) { | 457 | (s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) { |
457 | ossl_error("d2i_ECDSA_SIG failed"); | 458 | ossl_error("d2i_ECDSA_SIG failed"); |
458 | ECDSA_SIG_free(ret); | 459 | ECDSA_SIG_free(ret); |
459 | ret = NULL; | 460 | ret = NULL; |
460 | goto done; | 461 | goto done; |
461 | } | 462 | } |
463 | if (!ECDSA_SIG_set0(ret, r, s)) { | ||
464 | error("%s: ECDSA_SIG_set0 failed", __func__); | ||
465 | ECDSA_SIG_free(ret); | ||
466 | ret = NULL; | ||
467 | goto done; | ||
468 | } | ||
469 | r = s = NULL; /* now owned by ret */ | ||
470 | /* success */ | ||
462 | done: | 471 | done: |
472 | BN_free(r); | ||
473 | BN_free(s); | ||
463 | free(sig); | 474 | free(sig); |
464 | 475 | ||
465 | return (ret); | 476 | return (ret); |