From ea99215664abe1003e37eaa6dc1dc24733ed7d37 Mon Sep 17 00:00:00 2001
From: jvijtiuk <juraj.vijtiuk@sartura.hr>
Date: Thu, 28 Dec 2017 20:45:49 +0100
Subject: pki: Fix accidental ECC switch case fallthroughs into ed25119 cases
 when built without ECC

Summary:
When ed25519 was introduced in commit 93c7b81b4ea1046bd2f65f4a510d5966786e8d3d,
the ed25519 case was added after the ecdsa case in src/pki.c. The ecdsa case seems to
have relied on falling through to report an error, when HAVE_ECC is not defined.
If HAVE_ECC is not defined, but ecdsa keys are used, with for example,
ssh_pki_import_pubkey_file, the code fallthroughs into the ed25519 case.

Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>

Test Plan: Unit tests passed. No memory leaks found with valgrind.

Reviewers: asn

Differential Revision: https://bugs.libssh.org/D13
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/pki_crypto.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/pki_crypto.c')

diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index e34f197f..2aa0e956 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -697,8 +697,8 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
                 goto err;
             }
             break;
-        case SSH_KEYTYPE_ECDSA:
 #ifdef HAVE_ECC
+        case SSH_KEYTYPE_ECDSA:
             if (passphrase == NULL) {
                 struct pem_get_password_struct pgp = { auth_fn, auth_data };
 
@@ -730,6 +730,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
         case SSH_KEYTYPE_DSS_CERT01:
         case SSH_KEYTYPE_RSA_CERT01:
         case SSH_KEYTYPE_UNKNOWN:
+        default:
             BIO_free(mem);
             SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type);
             return NULL;
-- 
cgit v1.2.3