Some error messages don't match the function calls. There's still this one that looks weird. Not sure what it should say to be helpful: "unexpected ec signature length" perhaps?
if (siglen < 64 || siglen > 132 || siglen % 2) { ossl_error("d2i_ECDSA_SIG failed"); Index: ssh-pkcs11.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh-pkcs11.c,v retrieving revision 1.55 diff -u -p -r1.55 ssh-pkcs11.c --- ssh-pkcs11.c 18 Nov 2021 21:11:01 -0000 1.55 +++ ssh-pkcs11.c 4 Mar 2023 08:21:59 -0000 @@ -513,7 +513,7 @@ ecdsa_do_sign(const unsigned char *dgst, BIGNUM *r = NULL, *s = NULL; if ((k11 = EC_KEY_get_ex_data(ec, ec_key_idx)) == NULL) { - ossl_error("EC_KEY_get_key_method_data failed for ec"); + ossl_error("EC_KEY_get_ex_data failed for ec"); return (NULL); } @@ -545,7 +545,7 @@ ecdsa_do_sign(const unsigned char *dgst, } if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL || (s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) { - ossl_error("d2i_ECDSA_SIG failed"); + ossl_error("BN_bin2bn failed"); ECDSA_SIG_free(ret); ret = NULL; goto done;