diff --git a/openssh-7.6p1-pkcs11-uri.patch b/openssh-7.6p1-pkcs11-uri.patch index cdedcc8..2a702ed 100644 --- a/openssh-7.6p1-pkcs11-uri.patch +++ b/openssh-7.6p1-pkcs11-uri.patch @@ -3459,7 +3459,7 @@ diff -up openssh-7.6p1/ssh-pkcs11.c.pkcs11-uri openssh-7.6p1/ssh-pkcs11.c void *handle; CK_FUNCTION_LIST *function_list; CK_INFO info; -@@ -68,12 +70,48 @@ struct pkcs11_key { +@@ -68,12 +70,57 @@ struct pkcs11_key { CK_ULONG slotidx; int (*orig_finish)(RSA *rsa); RSA_METHOD rsa_method; @@ -3482,9 +3482,18 @@ diff -up openssh-7.6p1/ssh-pkcs11.c.pkcs11-uri openssh-7.6p1/ssh-pkcs11.c + struct pkcs11_key *k11; + + /* sanity - is it a RSA key with associated app_data? */ -+ if (key->type != KEY_RSA || -+ (k11 = RSA_get_app_data(key->rsa)) == NULL) ++ switch (key->type) { ++ case KEY_RSA: ++ if ((k11 = RSA_get_app_data(key->rsa)) == NULL) ++ return -1; ++ break; ++ case KEY_ECDSA: ++ if ((k11 = EC_KEY_get_ex_data(key->ecdsa, pkcs11_key_idx)) == NULL) ++ return -1; ++ break; ++ default: + return -1; ++ } + + /* omit type -- we are looking for private-public or private-certificate pairs */ + uri.id = k11->keyid;