=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-pkcs11-helper.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- src/usr.bin/ssh/ssh-pkcs11-helper.c 2018/01/08 15:18:46 1.14 +++ src/usr.bin/ssh/ssh-pkcs11-helper.c 2019/01/20 22:51:37 1.15 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11-helper.c,v 1.14 2018/01/08 15:18:46 markus Exp $ */ +/* $OpenBSD: ssh-pkcs11-helper.c,v 1.15 2019/01/20 22:51:37 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * @@ -103,7 +103,7 @@ process_add(void) { char *name, *pin; - struct sshkey **keys; + struct sshkey **keys = NULL; int r, i, nkeys; u_char *blob; size_t blen; @@ -132,11 +132,13 @@ free(blob); add_key(keys[i], name); } - free(keys); } else { if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if ((r = sshbuf_put_u32(msg, -nkeys)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); } + free(keys); free(pin); free(name); send_msg(msg); @@ -185,15 +187,33 @@ else { if ((found = lookup_key(key)) != NULL) { #ifdef WITH_OPENSSL + u_int xslen; int ret; - slen = RSA_size(key->rsa); - signature = xmalloc(slen); - if ((ret = RSA_private_encrypt(dlen, data, signature, - found->rsa, RSA_PKCS1_PADDING)) != -1) { - slen = ret; - ok = 0; - } + if (key->type == KEY_RSA) { + slen = RSA_size(key->rsa); + signature = xmalloc(slen); + ret = RSA_private_encrypt(dlen, data, signature, + found->rsa, RSA_PKCS1_PADDING); + if (ret != -1) { + slen = ret; + ok = 0; + } + } else if (key->type == KEY_ECDSA) { + xslen = ECDSA_size(key->ecdsa); + signature = xmalloc(xslen); + /* "The parameter type is ignored." */ + ret = ECDSA_sign(-1, data, dlen, signature, + &xslen, found->ecdsa); + if (ret != 0) + ok = 0; + else + error("%s: ECDSA_sign" + " returns %d", __func__, ret); + slen = xslen; + } else + error("%s: don't know how to sign with key " + "type %d", __func__, (int)key->type); #endif /* WITH_OPENSSL */ } sshkey_free(key);