summaryrefslogtreecommitdiff
path: root/ssh-pkcs11-helper.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-pkcs11-helper.c')
-rw-r--r--ssh-pkcs11-helper.c40
1 files changed, 30 insertions, 10 deletions
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index 6301033c..92c6728b 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.14 2018/01/08 15:18:46 markus Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.15 2019/01/20 22:51:37 djm Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
*
@@ -110,7 +110,7 @@ static void
process_add(void)
{
char *name, *pin;
- struct sshkey **keys;
+ struct sshkey **keys = NULL;
int r, i, nkeys;
u_char *blob;
size_t blen;
@@ -139,11 +139,13 @@ process_add(void)
free(blob);
add_key(keys[i], name);
}
- free(keys);
} else {
if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ if ((r = sshbuf_put_u32(msg, -nkeys)) != 0)
+ fatal("%s: buffer error: %s", __func__, ssh_err(r));
}
+ free(keys);
free(pin);
free(name);
send_msg(msg);
@@ -192,15 +194,33 @@ process_sign(void)
else {
if ((found = lookup_key(key)) != NULL) {
#ifdef WITH_OPENSSL
+ u_int xslen;
int ret;
- slen = RSA_size(key->rsa);
- signature = xmalloc(slen);
- if ((ret = RSA_private_encrypt(dlen, data, signature,
- found->rsa, RSA_PKCS1_PADDING)) != -1) {
- slen = ret;
- ok = 0;
- }
+ if (key->type == KEY_RSA) {
+ slen = RSA_size(key->rsa);
+ signature = xmalloc(slen);
+ ret = RSA_private_encrypt(dlen, data, signature,
+ found->rsa, RSA_PKCS1_PADDING);
+ if (ret != -1) {
+ slen = ret;
+ ok = 0;
+ }
+ } else if (key->type == KEY_ECDSA) {
+ xslen = ECDSA_size(key->ecdsa);
+ signature = xmalloc(xslen);
+ /* "The parameter type is ignored." */
+ ret = ECDSA_sign(-1, data, dlen, signature,
+ &xslen, found->ecdsa);
+ if (ret != 0)
+ ok = 0;
+ else
+ error("%s: ECDSA_sign"
+ " returns %d", __func__, ret);
+ slen = xslen;
+ } else
+ error("%s: don't know how to sign with key "
+ "type %d", __func__, (int)key->type);
#endif /* WITH_OPENSSL */
}
sshkey_free(key);