Some error messages don't match the function calls. There's still this
one that looks weird. Not sure what it should say to be helpful:
"unexpected ec signature length" perhaps?
if (siglen < 64 || siglen > 132 || siglen % 2) {
ossl_error("d2i_ECDSA_SIG failed");
Index: ssh-pkcs11.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-pkcs11.c,v
retrieving revision 1.55
diff -u -p -r1.55 ssh-pkcs11.c
--- ssh-pkcs11.c 18 Nov 2021 21:11:01 -0000 1.55
+++ ssh-pkcs11.c 4 Mar 2023 08:21:59 -0000
@@ -513,7 +513,7 @@ ecdsa_do_sign(const unsigned char *dgst,
BIGNUM *r = NULL, *s = NULL;
if ((k11 = EC_KEY_get_ex_data(ec, ec_key_idx)) == NULL) {
- ossl_error("EC_KEY_get_key_method_data failed for ec");
+ ossl_error("EC_KEY_get_ex_data failed for ec");
return (NULL);
}
@@ -545,7 +545,7 @@ ecdsa_do_sign(const unsigned char *dgst,
}
if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL ||
(s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) {
- ossl_error("d2i_ECDSA_SIG failed");
+ ossl_error("BN_bin2bn failed");
ECDSA_SIG_free(ret);
ret = NULL;
goto done;
