pki: Fix accidental ECC switch case fallthroughs into ed25119 cases when built without ECC

Summary: When ed25519 was introduced in commit 93c7b81b4ea1046bd2f65f4a510d5966786e8d3d, the ed25519 case was added after the ecdsa case in src/pki.c. The ecdsa case seems to have relied on falling through to report an error, when HAVE_ECC is not defined. If HAVE_ECC is not defined, but ecdsa keys are used, with for example, ssh_pki_import_pubkey_file, the code fallthroughs into the ed25519 case. Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr> Test Plan: Unit tests passed. No memory leaks found with valgrind. Reviewers: asn Differential Revision: https://bugs.libssh.org/D13 Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2017-12-28 20:45:49 +01:00 · 2017-12-28 20:45:49 +01:00 · ea99215664
--- a/src/pki.c
+++ b/src/pki.c
@ -771,8 +771,8 @@ static int pki_import_pubkey_buffer(ssh_buffer buffer,
                }
            }
            break;
-        case SSH_KEYTYPE_ECDSA:
 #ifdef HAVE_ECC
+        case SSH_KEYTYPE_ECDSA:
            {
                ssh_string e;
                ssh_string i;
@ -1201,8 +1201,8 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
            if(rc == SSH_ERROR)
                goto error;
            break;
-        case SSH_KEYTYPE_ECDSA:
 #ifdef HAVE_ECC
+        case SSH_KEYTYPE_ECDSA:
            rc = pki_key_generate_ecdsa(key, parameter);
            if (rc == SSH_ERROR) {
                goto error;
@ -1221,6 +1221,7 @@ int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
        case SSH_KEYTYPE_DSS_CERT01:
        case SSH_KEYTYPE_RSA_CERT01:
        case SSH_KEYTYPE_UNKNOWN:
+        default:
            goto error;
    }

--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@ -697,8 +697,8 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
                goto err;
            }
            break;
-        case SSH_KEYTYPE_ECDSA:
 #ifdef HAVE_ECC
+        case SSH_KEYTYPE_ECDSA:
            if (passphrase == NULL) {
                struct pem_get_password_struct pgp = { auth_fn, auth_data };

@ -730,6 +730,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
        case SSH_KEYTYPE_DSS_CERT01:
        case SSH_KEYTYPE_RSA_CERT01:
        case SSH_KEYTYPE_UNKNOWN:
+        default:
            BIO_free(mem);
            SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type);
            return NULL;