lib/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2025-11-29 01:03:57 +03:00
Code Activity

src/pki_crypto.c pki_publickey_to_blob() should not be used to export public key from

Browse Source 
private keys for ecdsa keys.
                 ssh_userauth_publickey() calls ssh_pki_export_pubkey_blob() and tries to export
                 the the public key from private key if public keys are not already imported
                 into pkcs #11 tokens.

Signed-off-by: Sahana Prasad <sahana@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Sahana Prasad
2020-05-14 16:18:03 +02:00
parent 641a80be74
commit 7de9722d23
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/pki_crypto.c
View File

@@ -1330,6 +1330,14 @@ ssh_string pki_publickey_to_blob(const ssh_key key)
return NULL; return NULL;
} }
#ifdef WITH_PKCS11_URI
if (ssh_key_is_private(key) && !EC_KEY_get0_public_key(key->ecdsa)) {
SSH_LOG(SSH_LOG_INFO, "It is mandatory to have separate public"
" ECDSA key objects in the PKCS #11 device. Unlike RSA,"
" ECDSA public keys cannot be derived from their private keys.");
goto fail;
}
#endif
e = make_ecpoint_string(EC_KEY_get0_group(key->ecdsa), e = make_ecpoint_string(EC_KEY_get0_group(key->ecdsa),
EC_KEY_get0_public_key(key->ecdsa)); EC_KEY_get0_public_key(key->ecdsa));
if (e == NULL) { if (e == NULL) {