search for: ulvaluelen

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

https://bugzilla.mindrot.org/show_bug.cgi?id=2474 Bug ID: 2474 Summary: Enabling ECDSA in PKCS#11 support for ssh-agent Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-bugs

...4.2) USB smart card for public key ssh authentication (using the -I option with the PKCS11 library for the eToken), but OpenSSH would abort with the message: xmalloc: zero size I tracked this down to the pkcs11_fetch_keys function in ssh-pkcs11.c, and discovered that C_GetAttributeValue returns a ulValueLen of 0 for some of the attributes for some of my certificates. I believe that this may be being caused by some CA certificates that I also have on the eToken, which are stored without their private keys. The attached patch (against CVS) resolves this issue by skipping to the next certificate if any...