diff options
author | jvijtiuk <juraj.vijtiuk@sartura.hr> | 2017-12-28 20:45:49 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2017-12-28 20:46:37 +0100 |
commit | ea99215664abe1003e37eaa6dc1dc24733ed7d37 (patch) | |
tree | bef0338668ae58eb0ae17a99241ef667204d2995 | |
parent | c3c492a190475a96bddcfe3a10da74f7a0e0baba (diff) | |
download | libssh-ea99215664abe1003e37eaa6dc1dc24733ed7d37.tar.gz libssh-ea99215664abe1003e37eaa6dc1dc24733ed7d37.tar.xz libssh-ea99215664abe1003e37eaa6dc1dc24733ed7d37.zip |
pki: Fix accidental ECC switch case fallthroughs into ed25119 cases when built without ECC
Summary:
When ed25519 was introduced in commit 93c7b81b4ea1046bd2f65f4a510d5966786e8d3d,
the ed25519 case was added after the ecdsa case in src/pki.c. The ecdsa case seems to
have relied on falling through to report an error, when HAVE_ECC is not defined.
If HAVE_ECC is not defined, but ecdsa keys are used, with for example,
ssh_pki_import_pubkey_file, the code fallthroughs into the ed25519 case.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan: Unit tests passed. No memory leaks found with valgrind.
Reviewers: asn
Differential Revision: https://bugs.libssh.org/D13
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | src/pki.c | 5 | ||||
-rw-r--r-- | src/pki_crypto.c | 3 |
2 files changed, 5 insertions, 3 deletions
@@ -771,8 +771,8 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer, } } break; - case SSH_KEYTYPE_ECDSA: #ifdef HAVE_ECC + case SSH_KEYTYPE_ECDSA: { ssh_string e; ssh_string i; @@ -1201,8 +1201,8 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter, if(rc == SSH_ERROR) goto error; break; - case SSH_KEYTYPE_ECDSA: #ifdef HAVE_ECC + case SSH_KEYTYPE_ECDSA: rc = pki_key_generate_ecdsa(key, parameter); if (rc == SSH_ERROR) { goto error; @@ -1221,6 +1221,7 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter, case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_UNKNOWN: + default: goto error; } diff --git a/src/pki_crypto.c b/src/pki_crypto.c index e34f197f..2aa0e956 100644 --- a/src/pki_crypto.c +++ b/src/pki_crypto.c @@ -697,8 +697,8 @@ ssh_string pki_private_key_to_pem(const ssh_key key, goto err; } break; - case SSH_KEYTYPE_ECDSA: #ifdef HAVE_ECC + case SSH_KEYTYPE_ECDSA: if (passphrase == NULL) { struct pem_get_password_struct pgp = { auth_fn, auth_data }; @@ -730,6 +730,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key, case SSH_KEYTYPE_DSS_CERT01: case SSH_KEYTYPE_RSA_CERT01: case SSH_KEYTYPE_UNKNOWN: + default: BIO_free(mem); SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type); return NULL; |