diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2021-11-18 21:11:02 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2021-11-18 21:11:02 +0000 |
| commit | a05ed8447a6948235c2cad9fec3172cf0c99d992 (patch) | |
| tree | 2a3a599188acca4de7333f02fac140e5a8370b0e | |
| parent | 27322325897baf8c6c2fcf5c847ccb5e645167d0 (diff) | |
avoid xmalloc(0) for PKCS#11 keyid for ECDSA keys (we already did this
for RSA keys). Avoids fatal errors for PKCS#11 libraries that return
empty keyid, e.g. Microchip ATECC608B "cryptoauthlib"; bz#3364
| -rw-r--r-- | usr.bin/ssh/ssh-pkcs11.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/usr.bin/ssh/ssh-pkcs11.c b/usr.bin/ssh/ssh-pkcs11.c index 7a91281ca35..707725ceb9c 100644 --- a/usr.bin/ssh/ssh-pkcs11.c +++ b/usr.bin/ssh/ssh-pkcs11.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.54 2021/08/11 05:20:17 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.55 2021/11/18 21:11:01 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -601,9 +601,10 @@ pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, k11->slotidx = slotidx; /* identify key object on smartcard */ k11->keyid_len = keyid_attrib->ulValueLen; - k11->keyid = xmalloc(k11->keyid_len); - memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); - + if (k11->keyid_len > 0) { + k11->keyid = xmalloc(k11->keyid_len); + memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); + } EC_KEY_set_method(ec, ec_key_method); EC_KEY_set_ex_data(ec, ec_key_idx, k11); |