aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjvijtiuk <juraj.vijtiuk@sartura.hr>2017-12-28 20:45:49 +0100
committerAndreas Schneider <asn@cryptomilk.org>2017-12-28 20:46:37 +0100
commitea99215664abe1003e37eaa6dc1dc24733ed7d37 (patch)
treebef0338668ae58eb0ae17a99241ef667204d2995 /src
parentc3c492a190475a96bddcfe3a10da74f7a0e0baba (diff)
downloadlibssh-ea99215664abe1003e37eaa6dc1dc24733ed7d37.tar.gz
libssh-ea99215664abe1003e37eaa6dc1dc24733ed7d37.tar.xz
libssh-ea99215664abe1003e37eaa6dc1dc24733ed7d37.zip
pki: Fix accidental ECC switch case fallthroughs into ed25119 cases when built without ECC
Summary: When ed25519 was introduced in commit 93c7b81b4ea1046bd2f65f4a510d5966786e8d3d, the ed25519 case was added after the ecdsa case in src/pki.c. The ecdsa case seems to have relied on falling through to report an error, when HAVE_ECC is not defined. If HAVE_ECC is not defined, but ecdsa keys are used, with for example, ssh_pki_import_pubkey_file, the code fallthroughs into the ed25519 case. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: Unit tests passed. No memory leaks found with valgrind. Reviewers: asn Differential Revision: https://bugs.libssh.org/D13 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
-rw-r--r--src/pki.c5
-rw-r--r--src/pki_crypto.c3
2 files changed, 5 insertions, 3 deletions
diff --git a/src/pki.c b/src/pki.c
index c362ae24..763b4070 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -771,8 +771,8 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
}
}
break;
- case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_ECC
+ case SSH_KEYTYPE_ECDSA:
{
ssh_string e;
ssh_string i;
@@ -1201,8 +1201,8 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
if(rc == SSH_ERROR)
goto error;
break;
- case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_ECC
+ case SSH_KEYTYPE_ECDSA:
rc = pki_key_generate_ecdsa(key, parameter);
if (rc == SSH_ERROR) {
goto error;
@@ -1221,6 +1221,7 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN:
+ default:
goto error;
}
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index e34f197f..2aa0e956 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -697,8 +697,8 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
goto err;
}
break;
- case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_ECC
+ case SSH_KEYTYPE_ECDSA:
if (passphrase == NULL) {
struct pem_get_password_struct pgp = { auth_fn, auth_data };
@@ -730,6 +730,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN:
+ default:
BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type);
return NULL;