aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSahana Prasad <sahana@redhat.com>2020-05-14 16:18:03 +0200
committerSahana Prasad <sahana@redhat.com>2020-05-20 12:49:29 +0200
commit7de9722d23c43c631439aed79ab6dbb49736e4a8 (patch)
treee75b401d46858fb228d76592ab835010d5e993cd
parent641a80be74638be5b5114d148b5b3eb3e5c9293b (diff)
downloadlibssh-7de9722d23c43c631439aed79ab6dbb49736e4a8.tar.gz
libssh-7de9722d23c43c631439aed79ab6dbb49736e4a8.tar.xz
libssh-7de9722d23c43c631439aed79ab6dbb49736e4a8.zip
src/pki_crypto.c pki_publickey_to_blob() should not be used to export public key from
private keys for ecdsa keys. ssh_userauth_publickey() calls ssh_pki_export_pubkey_blob() and tries to export the the public key from private key if public keys are not already imported into pkcs #11 tokens. Signed-off-by: Sahana Prasad <sahana@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
-rw-r--r--src/pki_crypto.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 689faa1e..08409209 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1330,6 +1330,14 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
return NULL;
}
+#ifdef WITH_PKCS11_URI
+ if (ssh_key_is_private(key) && !EC_KEY_get0_public_key(key->ecdsa)) {
+ SSH_LOG(SSH_LOG_INFO, "It is mandatory to have separate public"
+ " ECDSA key objects in the PKCS #11 device. Unlike RSA,"
+ " ECDSA public keys cannot be derived from their private keys.");
+ goto fail;
+ }
+#endif
e = make_ecpoint_string(EC_KEY_get0_group(key->ecdsa),
EC_KEY_get0_public_key(key->ecdsa));
if (e == NULL) {