From 2087929a909464b5a1acfcac13088e5ab75d953a Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 14 Nov 2017 12:53:12 +0100
Subject: [PATCH] Do not segfault for ECC keys in PKCS#11

---
 openssh-7.3p1-openssl-1.1.0.patch | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/openssh-7.3p1-openssl-1.1.0.patch b/openssh-7.3p1-openssl-1.1.0.patch
index 5062e6d..0cd907f 100644
--- a/openssh-7.3p1-openssl-1.1.0.patch
+++ b/openssh-7.3p1-openssl-1.1.0.patch
@@ -2594,7 +2594,7 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
  			}
  		} else {
  			cp = attribs[2].pValue;
-@@ -525,17 +538,18 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
+@@ -525,17 +538,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
  			    == NULL) {
  				error("d2i_X509 failed");
  			} else if ((evp = X509_get_pubkey(x509)) == NULL ||
@@ -2612,7 +2612,8 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
  				X509_free(x509);
  		}
 -		if (rsa && rsa->n && rsa->e &&
-+		RSA_get0_key(rsa, &n, &e, NULL);
++		if (rsa)
++			RSA_get0_key(rsa, &n, &e, NULL);
 +		if (rsa && n && e &&
  		    pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
  			if ((key = sshkey_new(KEY_UNSPEC)) == NULL)