Page MenuHomePhabricator

libssh crashes when ecdsa pkcs #11 private keys are imported without importing ecdsa pkcs #11 public keys
Closed, ResolvedPublic

Description

It is mandatory to import public keys or certificates into pkcs #11 tokens for ecdsa keys, before importing the private keys.
This is because, unlike rsa, for ecdsa, public keys cannot be derived from the private key.

Currently if a private key is imported without importing the public key, libssh crashes with the following backtrace.

#0 0x00007fc332abab64 in EC_POINT_point2oct () from /lib64/libcrypto.so.1.1
#1 0x00007fc332728cda in make_ecpoint_string (p=0x0, g=0x5611485243e0) at /usr/src/debug/libssh-0.9.4-2.fc33.x86_64/src/pki_crypto.c:167
#2 pki_publickey_to_blob (key=key@entry=0x561148527f20) at /usr/src/debug/libssh-0.9.4-2.fc33.x86_64/src/pki_crypto.c:1333
#3 0x00007fc33271cc1b in ssh_pki_export_pubkey_blob (key=key@entry=0x561148527f20, pblob=pblob@entry=0x7ffea9f384d0) at /usr/src/debug/libssh-0.9.4-2.fc33.x86_64/src/pki.c:2041
#4 0x00007fc3326fc529 in ssh_userauth_publickey (session=0x5611484cff00, username=0x0, privkey=0x561148527f20) at /usr/src/debug/libssh-0.9.4-2.fc33.x86_64/src/auth.c:666
#5 0x00007fc332d106dd in myssh_statemach_act () from /lib64/libcurl.so.4
#6 0x00007fc332d1225a in myssh_multi_statemach () from /lib64/libcurl.so.4
#7 0x00007fc332cdbebd in multi_runsingle () from /lib64/libcurl.so.4
#8 0x00007fc332cdd001 in curl_multi_perform () from /lib64/libcurl.so.4
#9 0x00007fc332cd37fb in curl_easy_perform () from /lib64/libcurl.so.4
#10 0x0000561147332e30 in operate ()
#11 0x0000561147322244 in main ()

Although this is a negative test case and it should not be done, the expectation is that this case must be handled and a proper error should be reported. The crash should be fixed.

steps to reproduce:
initialize softhsm and import only the private key and execute:
curl -kvu root: sftp://localhost --key "$PKCS11_URI_ECDSA"

A simple reproducer can be written.

Event Timeline

sahanaprasad07 renamed this task from libssh crashes when ecdsa pkcs #11 private URIs are imported without importing ecdsa pkcs #11 public URIs to libssh crashes when ecdsa pkcs #11 private keys are imported without importing ecdsa pkcs #11 public keys.Apr 6 2020, 8:31 AM
sahanaprasad07 created this task.
sahanaprasad07 added a subscriber: ansasaki.
Jakuje closed this task as Resolved.May 21 2020, 11:51 AM
Jakuje claimed this task.
Jakuje added a project: Restricted Project.
Jakuje added a subscriber: Jakuje.

Merged as 4e4711d2 and friends.