[Bug 2474] Enabling ECDSA in PKCS#11 support for ssh-agent
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Nov 25 09:17:51 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
Dmitry Savintsev <dsavints at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3069|0 |1
is obsolete| |
CC| |dsavints at gmail.com
--- Comment #9 from Dmitry Savintsev <dsavints at gmail.com> ---
Created attachment 3093
--> https://bugzilla.mindrot.org/attachment.cgi?id=3093&action=edit
Fifth Iteration off 7.6p1
I believe there is a small bug in the previous version of the patch
("Updated for 7.6p1" - 2017-10-20 15:48 EST) with missing zero check on
k11->keyid_len before calling xmalloc in pkcs11_ecdsa_wrap. This leads
to ssh-pkcs11-helper crashing when trying to add a SoftHSM
(https://www.opendnssec.org/softhsm/) card with an ECDSA key (though it
works fine with only RSA keys present). The check "if (k11->keyid_len
> 0) {" is present in the pkcs11_rsa_wrap function, now added also in
pkcs11_ecdsa_wrap. I also uploaded the 7.6p1 version with the previous
("Updated for 7.6p1") patch to
https://github.com/dmitris/openssh-portable/tree/7.6p1-bug2474-patch,
the version with the current fix is in
https://github.com/dmitris/openssh-portable/tree/7.6p1-bug2474-patch-fix
and the diff can be seen in the demo PR
https://github.com/dmitris/openssh-portable/pull/1/files.
With the fix applied, I was able to successfully add the SoftHSM "card"
with ECDSA keys with "ssh-add -s
/usr/local/lib/softhsm/libsofthsm2.so". (Thanks so much Mathias for
creating the patch and making this possible!)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list