It is mandatory to import public keys or certificates into pkcs #11 tokens for ecdsa keys, before importing the private keys.
This is because, unlike rsa, for ecdsa, public keys cannot be derived from the private key.
Currently if a private key is imported without importing the public key, libssh crashes with the following backtrace.
#0 0x00007fc332abab64 in EC_POINT_point2oct () from /lib64/libcrypto.so.1.1
#1 0x00007fc332728cda in make_ecpoint_string (p=0x0, g=0x5611485243e0) at /usr/src/debug/libssh-0.9.4-2.fc33.x86_64/src/pki_crypto.c:167
#2 pki_publickey_to_blob (key=key@entry=0x561148527f20) at /usr/src/debug/libssh-0.9.4-2.fc33.x86_64/src/pki_crypto.c:1333
#3 0x00007fc33271cc1b in ssh_pki_export_pubkey_blob (key=key@entry=0x561148527f20, pblob=pblob@entry=0x7ffea9f384d0) at /usr/src/debug/libssh-0.9.4-2.fc33.x86_64/src/pki.c:2041
#4 0x00007fc3326fc529 in ssh_userauth_publickey (session=0x5611484cff00, username=0x0, privkey=0x561148527f20) at /usr/src/debug/libssh-0.9.4-2.fc33.x86_64/src/auth.c:666
#5 0x00007fc332d106dd in myssh_statemach_act () from /lib64/libcurl.so.4
#6 0x00007fc332d1225a in myssh_multi_statemach () from /lib64/libcurl.so.4
#7 0x00007fc332cdbebd in multi_runsingle () from /lib64/libcurl.so.4
#8 0x00007fc332cdd001 in curl_multi_perform () from /lib64/libcurl.so.4
#9 0x00007fc332cd37fb in curl_easy_perform () from /lib64/libcurl.so.4
#10 0x0000561147332e30 in operate ()
#11 0x0000561147322244 in main ()
Although this is a negative test case and it should not be done, the expectation is that this case must be handled and a proper error should be reported. The crash should be fixed.
steps to reproduce:
initialize softhsm and import only the private key and execute:
curl -kvu root: sftp://localhost --key "$PKCS11_URI_ECDSA"
A simple reproducer can be written.