diff options
author | Sahana Prasad <sahana@redhat.com> | 2020-05-14 16:18:03 +0200 |
---|---|---|
committer | Sahana Prasad <sahana@redhat.com> | 2020-05-20 12:49:29 +0200 |
commit | 7de9722d23c43c631439aed79ab6dbb49736e4a8 (patch) | |
tree | e75b401d46858fb228d76592ab835010d5e993cd /src | |
parent | 641a80be74638be5b5114d148b5b3eb3e5c9293b (diff) | |
download | libssh-7de9722d23c43c631439aed79ab6dbb49736e4a8.tar.gz libssh-7de9722d23c43c631439aed79ab6dbb49736e4a8.tar.xz libssh-7de9722d23c43c631439aed79ab6dbb49736e4a8.zip |
src/pki_crypto.c pki_publickey_to_blob() should not be used to export public key from
private keys for ecdsa keys.
ssh_userauth_publickey() calls ssh_pki_export_pubkey_blob() and tries to export
the the public key from private key if public keys are not already imported
into pkcs #11 tokens.
Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/pki_crypto.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c index 689faa1e..08409209 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -1330,6 +1330,14 @@ ssh_string pki_publickey_to_blob(const ssh_key key) return NULL; } +#ifdef WITH_PKCS11_URI + if (ssh_key_is_private(key) && !EC_KEY_get0_public_key(key->ecdsa)) { + SSH_LOG(SSH_LOG_INFO, "It is mandatory to have separate public" + " ECDSA key objects in the PKCS #11 device. Unlike RSA," + " ECDSA public keys cannot be derived from their private keys."); + goto fail; + } +#endif e = make_ecpoint_string(EC_KEY_get0_group(key->ecdsa), EC_KEY_get0_public_key(key->ecdsa)); if (e == NULL) { |