upstream: cleanup unnecessary code in ECDSA pkcs#11 signature
work by markus@, feedback and ok djm@ OpenBSD-Commit-ID: affa5ca7d58d59fbd16169f77771dcdbd2b0306d
This commit is contained in:
parent
0c50992af4
commit
749aef3032
41
ssh-pkcs11.c
41
ssh-pkcs11.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-pkcs11.c,v 1.28 2019/01/20 22:51:37 djm Exp $ */
|
||||
/* $OpenBSD: ssh-pkcs11.c,v 1.29 2019/01/20 23:00:12 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2010 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2014 Pedro Martelletto. All rights reserved.
|
||||
|
@ -411,7 +411,6 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
|
|||
CK_RV rv;
|
||||
ECDSA_SIG *ret = NULL;
|
||||
u_char *sig;
|
||||
const u_char *cp;
|
||||
|
||||
if ((k11 = EC_KEY_get_ex_data(ec, 0)) == NULL) {
|
||||
ossl_error("EC_KEY_get_key_method_data failed for ec");
|
||||
|
@ -435,29 +434,21 @@ ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
|
|||
error("C_Sign failed: %lu", rv);
|
||||
goto done;
|
||||
}
|
||||
cp = sig;
|
||||
ret = d2i_ECDSA_SIG(NULL, &cp, siglen);
|
||||
if (ret == NULL) {
|
||||
/*
|
||||
* d2i_ECDSA_SIG failed, so sig does not point to a DER-encoded
|
||||
* sequence, but to the concatenation r|s.
|
||||
*/
|
||||
if (siglen < 64 || siglen > 132 || siglen % 2) {
|
||||
ossl_error("d2i_ECDSA_SIG failed");
|
||||
goto done;
|
||||
}
|
||||
bnlen = siglen/2;
|
||||
if ((ret = ECDSA_SIG_new()) == NULL) {
|
||||
error("ECDSA_SIG_new failed");
|
||||
goto done;
|
||||
}
|
||||
if (BN_bin2bn(sig, bnlen, ret->r) == NULL ||
|
||||
BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) {
|
||||
ossl_error("d2i_ECDSA_SIG failed");
|
||||
ECDSA_SIG_free(ret);
|
||||
ret = NULL;
|
||||
goto done;
|
||||
}
|
||||
if (siglen < 64 || siglen > 132 || siglen % 2) {
|
||||
ossl_error("d2i_ECDSA_SIG failed");
|
||||
goto done;
|
||||
}
|
||||
bnlen = siglen/2;
|
||||
if ((ret = ECDSA_SIG_new()) == NULL) {
|
||||
error("ECDSA_SIG_new failed");
|
||||
goto done;
|
||||
}
|
||||
if (BN_bin2bn(sig, bnlen, ret->r) == NULL ||
|
||||
BN_bin2bn(sig+bnlen, bnlen, ret->s) == NULL) {
|
||||
ossl_error("d2i_ECDSA_SIG failed");
|
||||
ECDSA_SIG_free(ret);
|
||||
ret = NULL;
|
||||
goto done;
|
||||
}
|
||||
done:
|
||||
free(sig);
|
||||
|
|
Loading…
Reference in New Issue