aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/pki_crypto.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 689faa1e..08409209 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -1330,6 +1330,14 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
return NULL;
}
+#ifdef WITH_PKCS11_URI
+ if (ssh_key_is_private(key) && !EC_KEY_get0_public_key(key->ecdsa)) {
+ SSH_LOG(SSH_LOG_INFO, "It is mandatory to have separate public"
+ " ECDSA key objects in the PKCS #11 device. Unlike RSA,"
+ " ECDSA public keys cannot be derived from their private keys.");
+ goto fail;
+ }
+#endif
e = make_ecpoint_string(EC_KEY_get0_group(key->ecdsa),
EC_KEY_get0_public_key(key->ecdsa));
if (e == NULL) {