lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-07-28 01:41:48 +03:00
Code Activity

Deprecate SSH_BIND_OPTIONS_{RSA,ECDSA}KEY in favor of generic HOSTKEY

Browse Source 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <npocs@redhat.com>
This commit is contained in:
Jakub Jelen
2023-06-26 15:00:44 +02:00
parent 1bd690d75f
commit 9847f3f638
13 changed files with 48 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
examples/proxy.c
View File

@ -147,7 +147,7 @@ static struct argp_option options[] = {
.key = 'r', .key = 'r',
.arg = "FILE", .arg = "FILE",
.flags = 0, .flags = 0,
.doc = "Set the rsa key.", .doc = "Set the rsa host key (deprecated alias to 'k').",
.group = 0 .group = 0
}, },
{ {
@ -172,12 +172,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
case 'p': case 'p':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
break; break;
case 'r':
/* deprecated */
case 'k': case 'k':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
break; break;
case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
break;
case 'v': case 'v':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3"); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
break; break;
@ -226,7 +225,7 @@ int main(int argc, char **argv){
sshbind=ssh_bind_new(); sshbind=ssh_bind_new();
session=ssh_new(); session=ssh_new();
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, "sshd_rsa"); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, "sshd_rsa");
#ifdef HAVE_ARGP_H #ifdef HAVE_ARGP_H
/* /*

8
examples/sample_sftpserver.c
View File

@ -70,12 +70,12 @@ static void set_default_keys(ssh_bind sshbind,
{ {
if (!rsa_already_set) if (!rsa_already_set)
{ {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
KEYS_FOLDER "ssh_host_rsa_key"); KEYS_FOLDER "ssh_host_rsa_key");
} }
if (!ecdsa_already_set) if (!ecdsa_already_set)
{ {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
KEYS_FOLDER "ssh_host_ecdsa_key"); KEYS_FOLDER "ssh_host_ecdsa_key");
} }
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
@ -165,11 +165,11 @@ static error_t parse_opt(int key, char *arg, struct argp_state *state)
no_default_keys = 1; no_default_keys = 1;
break; break;
case 'r': case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
rsa_already_set = 1; rsa_already_set = 1;
break; break;
case 'e': case 'e':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
ecdsa_already_set = 1; ecdsa_already_set = 1;
break; break;
case 'a': case 'a':

8
examples/samplesshd-cb.c
View File

@ -177,7 +177,7 @@ static struct argp_option options[] = {
.key = 'r', .key = 'r',
.arg = "FILE", .arg = "FILE",
.flags = 0, .flags = 0,
.doc = "Set the rsa key.", .doc = "Set the rsa key (deprecated alias for 'k').",
.group = 0 .group = 0
}, },
{ {
@ -210,12 +210,10 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
case 'p': case 'p':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
break; break;
case 'r':
case 'k': case 'k':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
break; break;
case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
break;
case 'v': case 'v':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3"); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
break; break;
@ -267,7 +265,7 @@ int main(int argc, char **argv){
sshbind=ssh_bind_new(); sshbind=ssh_bind_new();
session=ssh_new(); session=ssh_new();
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key"); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key");
#ifdef HAVE_ARGP_H #ifdef HAVE_ARGP_H
/* /*

10
examples/samplesshd-kbdint.c
View File

@ -117,7 +117,7 @@ static struct argp_option options[] = {
.key = 'r', .key = 'r',
.arg = "FILE", .arg = "FILE",
.flags = 0, .flags = 0,
.doc = "Set the rsa key.", .doc = "Set the rsa key (deprecated alias for 'k').",
.group = 0 .group = 0
}, },
{ {
@ -143,12 +143,10 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
port = atoi(arg); port = atoi(arg);
break; break;
case 'r':
case 'k': case 'k':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
break; break;
case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
break;
case 'v': case 'v':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3"); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
break; break;
@ -295,8 +293,8 @@ int main(int argc, char **argv){
sshbind=ssh_bind_new(); sshbind=ssh_bind_new();
session=ssh_new(); session=ssh_new();
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
KEYS_FOLDER "ssh_host_rsa_key"); KEYS_FOLDER "ssh_host_rsa_key");
#ifdef HAVE_ARGP_H #ifdef HAVE_ARGP_H
/* /*

20
examples/ssh_server.c
View File

@ -60,11 +60,11 @@ static void set_default_keys(ssh_bind sshbind,
int rsa_already_set, int rsa_already_set,
int ecdsa_already_set) { int ecdsa_already_set) {
if (!rsa_already_set) { if (!rsa_already_set) {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
KEYS_FOLDER "ssh_host_rsa_key"); KEYS_FOLDER "ssh_host_rsa_key");
} }
if (!ecdsa_already_set) { if (!ecdsa_already_set) {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
KEYS_FOLDER "ssh_host_ecdsa_key"); KEYS_FOLDER "ssh_host_ecdsa_key");
} }
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
@ -109,7 +109,7 @@ static struct argp_option options[] = {
.key = 'r', .key = 'r',
.arg = "FILE", .arg = "FILE",
.flags = 0, .flags = 0,
.doc = "Set the rsa key.", .doc = "Set the rsa key (deprecated alias for 'k').",
.group = 0 .group = 0
}, },
{ {
@ -117,7 +117,7 @@ static struct argp_option options[] = {
.key = 'e', .key = 'e',
.arg = "FILE", .arg = "FILE",
.flags = 0, .flags = 0,
.doc = "Set the ecdsa key.", .doc = "Set the ecdsa key (deprecated alias for 'k').",
.group = 0 .group = 0
}, },
{ {
@ -186,11 +186,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
no_default_keys = 1; no_default_keys = 1;
break; break;
case 'r': case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
rsa_already_set = 1; rsa_already_set = 1;
break; break;
case 'e': case 'e':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
ecdsa_already_set = 1; ecdsa_already_set = 1;
break; break;
case 'a': case 'a':
@ -253,10 +253,10 @@ static int parse_opt(int argc, char **argv, ssh_bind sshbind) {
by just not setting the default keys */ by just not setting the default keys */
no_default_keys = 1; no_default_keys = 1;
} else if (key == 'r') { } else if (key == 'r') {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, optarg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, optarg);
rsa_already_set = 1; rsa_already_set = 1;
} else if (key == 'e') { } else if (key == 'e') {
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, optarg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, optarg);
ecdsa_already_set = 1; ecdsa_already_set = 1;
} else if (key == 'a') { } else if (key == 'a') {
strncpy(authorizedkeys, optarg, DEF_STR_SIZE-1); strncpy(authorizedkeys, optarg, DEF_STR_SIZE-1);
@ -277,13 +277,13 @@ static int parse_opt(int argc, char **argv, ssh_bind sshbind) {
"libssh %s -- a Secure Shell protocol implementation\n" "libssh %s -- a Secure Shell protocol implementation\n"
"\n" "\n"
" -a, --authorizedkeys=FILE Set the authorized keys file.\n" " -a, --authorizedkeys=FILE Set the authorized keys file.\n"
" -e, --ecdsakey=FILE Set the ecdsa key.\n" " -e, --ecdsakey=FILE Set the ecdsa key (deprecated alias for 'k').\n"
" -k, --hostkey=FILE Set a host key. Can be used multiple times.\n" " -k, --hostkey=FILE Set a host key. Can be used multiple times.\n"
" Implies no default keys.\n" " Implies no default keys.\n"
" -n, --no-default-keys Do not set default key locations.\n" " -n, --no-default-keys Do not set default key locations.\n"
" -p, --port=PORT Set the port to bind.\n" " -p, --port=PORT Set the port to bind.\n"
" -P, --pass=PASSWORD Set expected password.\n" " -P, --pass=PASSWORD Set expected password.\n"
" -r, --rsakey=FILE Set the rsa key.\n" " -r, --rsakey=FILE Set the rsa key (deprecated alias for 'k').\n"
" -u, --user=USERNAME Set expected username.\n" " -u, --user=USERNAME Set expected username.\n"
" -v, --verbose Get verbose output.\n" " -v, --verbose Get verbose output.\n"
" -?, --help Give this help list\n" " -?, --help Give this help list\n"

8
examples/sshd_direct-tcpip.c
View File

@ -591,7 +591,7 @@ static struct argp_option options[] = {
.key = 'r', .key = 'r',
.arg = "FILE", .arg = "FILE",
.flags = 0, .flags = 0,
.doc = "Set the rsa key.", .doc = "Set the rsa key (deprecated alias for 'k').",
.group = 0 .group = 0
}, },
{ {
@ -618,12 +618,10 @@ parse_opt (int key, char *arg, struct argp_state *state)
case 'p': case 'p':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
break; break;
case 'r':
case 'k': case 'k':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
break; break;
case 'r':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
break;
case 'v': case 'v':
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "1"); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "1");
break; break;
@ -674,7 +672,7 @@ main(int argc, char **argv)
session = ssh_new(); session = ssh_new();
mainloop = ssh_event_new(); mainloop = ssh_event_new();
ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key"); ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key");
#ifdef HAVE_ARGP_H #ifdef HAVE_ARGP_H
/* /*

4
include/libssh/server.h
View File

@ -41,11 +41,11 @@ enum ssh_bind_options_e {
SSH_BIND_OPTIONS_BINDPORT_STR, SSH_BIND_OPTIONS_BINDPORT_STR,
SSH_BIND_OPTIONS_HOSTKEY, SSH_BIND_OPTIONS_HOSTKEY,
SSH_BIND_OPTIONS_DSAKEY, /* deprecated */ SSH_BIND_OPTIONS_DSAKEY, /* deprecated */
SSH_BIND_OPTIONS_RSAKEY, SSH_BIND_OPTIONS_RSAKEY, /* deprecated */
SSH_BIND_OPTIONS_BANNER, SSH_BIND_OPTIONS_BANNER,
SSH_BIND_OPTIONS_LOG_VERBOSITY, SSH_BIND_OPTIONS_LOG_VERBOSITY,
SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR,
SSH_BIND_OPTIONS_ECDSAKEY, SSH_BIND_OPTIONS_ECDSAKEY, /* deprecated */
SSH_BIND_OPTIONS_IMPORT_KEY, SSH_BIND_OPTIONS_IMPORT_KEY,
SSH_BIND_OPTIONS_KEY_EXCHANGE, SSH_BIND_OPTIONS_KEY_EXCHANGE,
SSH_BIND_OPTIONS_CIPHERS_C_S, SSH_BIND_OPTIONS_CIPHERS_C_S,

25
src/options.c
View File

@ -1773,18 +1773,18 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
* char *). * char *).
* *
* - SSH_BIND_OPTIONS_RSAKEY: * - SSH_BIND_OPTIONS_RSAKEY:
* Set the path to the ssh host rsa key, SSHv2 * Deprecated alias to SSH_BIND_OPTIONS_HOSTKEY
* only (const char *). * (const char *).
* *
* - SSH_BIND_OPTIONS_ECDSAKEY: * - SSH_BIND_OPTIONS_ECDSAKEY:
* Set the path to the ssh host ecdsa key, * Deprecated alias to SSH_BIND_OPTIONS_HOSTKEY
* SSHv2 only (const char *). * (const char *).
* *
* - SSH_BIND_OPTIONS_BANNER: * - SSH_BIND_OPTIONS_BANNER:
* Set the server banner sent to clients (const char *). * Set the server banner sent to clients (const char *).
* *
* - SSH_BIND_OPTIONS_DSAKEY: * - SSH_BIND_OPTIONS_DSAKEY:
* This is DEPRECATED, please do not use * This is DEPRECATED, please do not use.
* *
* - SSH_BIND_OPTIONS_IMPORT_KEY: * - SSH_BIND_OPTIONS_IMPORT_KEY:
* Set the Private Key for the server directly (ssh_key) * Set the Private Key for the server directly (ssh_key)
@ -1871,6 +1871,9 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
} }
switch (type) { switch (type) {
case SSH_BIND_OPTIONS_RSAKEY:
case SSH_BIND_OPTIONS_ECDSAKEY:
/* deprecated */
case SSH_BIND_OPTIONS_HOSTKEY: case SSH_BIND_OPTIONS_HOSTKEY:
if (value == NULL) { if (value == NULL) {
ssh_set_error_invalid(sshbind); ssh_set_error_invalid(sshbind);
@ -2060,18 +2063,6 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
ssh_set_log_level(i & 0xffffU); ssh_set_log_level(i & 0xffffU);
} }
break; break;
case SSH_BIND_OPTIONS_RSAKEY:
rc = ssh_bind_set_key(sshbind, &sshbind->rsakey, value);
if (rc < 0) {
return -1;
}
break;
case SSH_BIND_OPTIONS_ECDSAKEY:
rc = ssh_bind_set_key(sshbind, &sshbind->ecdsakey, value);
if (rc < 0) {
return -1;
}
break;
case SSH_BIND_OPTIONS_BANNER: case SSH_BIND_OPTIONS_BANNER:
if (value == NULL) { if (value == NULL) {
ssh_set_error_invalid(sshbind); ssh_set_error_invalid(sshbind);

2
tests/fuzz/ssh_server_fuzzer.c
View File

@ -177,7 +177,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
assert(rc == 0); assert(rc == 0);
} }
rc = ssh_bind_options_set(sshbind, rc = ssh_bind_options_set(sshbind,
SSH_BIND_OPTIONS_RSAKEY, SSH_BIND_OPTIONS_HOSTKEY,
"/tmp/libssh_fuzzer_private_key"); "/tmp/libssh_fuzzer_private_key");
assert(rc == 0); assert(rc == 0);
rc = ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "none"); rc = ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_CIPHERS_C_S, "none");

8
tests/pkd/pkd_daemon.c
View File

@ -263,12 +263,10 @@ static int pkd_exec_hello(int fd, struct pkd_daemon_args *args)
goto outclose; goto outclose;
} }
if (type == PKD_RSA) { if (type == PKD_RSA ||
opts = SSH_BIND_OPTIONS_RSAKEY; type == PKD_ED25519 ||
} else if (type == PKD_ED25519) { type == PKD_ECDSA) {
opts = SSH_BIND_OPTIONS_HOSTKEY; opts = SSH_BIND_OPTIONS_HOSTKEY;
} else if (type == PKD_ECDSA) {
opts = SSH_BIND_OPTIONS_ECDSAKEY;
} else { } else {
pkderr("unknown hostkey type: %d\n", type); pkderr("unknown hostkey type: %d\n", type);
rc = -1; rc = -1;

4
tests/server/test_server/test_server.c
View File

@ -201,7 +201,7 @@ int run_server(struct server_state_st *state)
if (state->rsa_key != NULL) { if (state->rsa_key != NULL) {
rc = ssh_bind_options_set(sshbind, rc = ssh_bind_options_set(sshbind,
SSH_BIND_OPTIONS_RSAKEY, SSH_BIND_OPTIONS_HOSTKEY,
state->rsa_key); state->rsa_key);
if (rc != 0) { if (rc != 0) {
fprintf(stderr, fprintf(stderr,
@ -213,7 +213,7 @@ int run_server(struct server_state_st *state)
if (state->ecdsa_key != NULL) { if (state->ecdsa_key != NULL) {
rc = ssh_bind_options_set(sshbind, rc = ssh_bind_options_set(sshbind,
SSH_BIND_OPTIONS_ECDSAKEY, SSH_BIND_OPTIONS_HOSTKEY,
state->ecdsa_key); state->ecdsa_key);
if (rc != 0) { if (rc != 0) {
fprintf(stderr, fprintf(stderr,

5
tests/torture.c
View File

@ -395,12 +395,11 @@ ssh_bind torture_ssh_bind(const char *addr,
switch (key_type) { switch (key_type) {
case SSH_KEYTYPE_RSA: case SSH_KEYTYPE_RSA:
opts = SSH_BIND_OPTIONS_RSAKEY;
break;
case SSH_KEYTYPE_ECDSA_P256: case SSH_KEYTYPE_ECDSA_P256:
case SSH_KEYTYPE_ECDSA_P384: case SSH_KEYTYPE_ECDSA_P384:
case SSH_KEYTYPE_ECDSA_P521: case SSH_KEYTYPE_ECDSA_P521:
opts = SSH_BIND_OPTIONS_ECDSAKEY; case SSH_KEYTYPE_ED25519:
opts = SSH_BIND_OPTIONS_HOSTKEY;
break; break;
default: default:
goto out_free; goto out_free;

4
tests/unittests/torture_options.c
View File

@ -1802,7 +1802,7 @@ static void torture_bind_options_rsakey(void **state)
bind = test_state->bind; bind = test_state->bind;
rc = ssh_bind_options_set(bind, rc = ssh_bind_options_set(bind,
SSH_BIND_OPTIONS_RSAKEY, SSH_BIND_OPTIONS_HOSTKEY,
LIBSSH_RSA_TESTKEY); LIBSSH_RSA_TESTKEY);
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
assert_non_null(bind->rsakey); assert_non_null(bind->rsakey);
@ -1823,7 +1823,7 @@ static void torture_bind_options_ecdsakey(void **state)
bind = test_state->bind; bind = test_state->bind;
rc = ssh_bind_options_set(bind, rc = ssh_bind_options_set(bind,
SSH_BIND_OPTIONS_ECDSAKEY, SSH_BIND_OPTIONS_HOSTKEY,
LIBSSH_ECDSA_521_TESTKEY); LIBSSH_ECDSA_521_TESTKEY);
assert_int_equal(rc, 0); assert_int_equal(rc, 0);
assert_non_null(bind->ecdsakey); assert_non_null(bind->ecdsakey);