On Tue, 7 Mar 2023, Theo Buehler wrote:
> Some error messages don't match the function calls. There's still this
> one that looks weird. Not sure what it should say to be helpful:
> "unexpected ec signature length" perhaps?
>
> if (siglen < 64 || siglen > 132 || siglen % 2) {
> ossl_error("d2i_ECDSA_SIG failed");
Yeah, that should be:
error_f("bad signature length %lu", (u_long)siglen);
or similar.
ok for that and the others
> Index: ssh-pkcs11.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/ssh-pkcs11.c,v
> retrieving revision 1.55
> diff -u -p -r1.55 ssh-pkcs11.c
> --- ssh-pkcs11.c 18 Nov 2021 21:11:01 -0000 1.55
> +++ ssh-pkcs11.c 4 Mar 2023 08:21:59 -0000
> @@ -513,7 +513,7 @@ ecdsa_do_sign(const unsigned char *dgst,
> BIGNUM *r = NULL, *s = NULL;
>
> if ((k11 = EC_KEY_get_ex_data(ec, ec_key_idx)) == NULL) {
> - ossl_error("EC_KEY_get_key_method_data failed for ec");
> + ossl_error("EC_KEY_get_ex_data failed for ec");
> return (NULL);
> }
>
> @@ -545,7 +545,7 @@ ecdsa_do_sign(const unsigned char *dgst,
> }
> if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL ||
> (s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) {
> - ossl_error("d2i_ECDSA_SIG failed");
> + ossl_error("BN_bin2bn failed");
> ECDSA_SIG_free(ret);
> ret = NULL;
> goto done;
>
>
