knownhosts: Give better warnings about unsupported key types

Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
2025-12-09 15:41:10 +03:00 · 2022-09-05 08:50:55 +02:00
parent b3b3fbfa1d
commit 2d79c7a9d5
1 changed files with 15 additions and 3 deletions
--- a/src/knownhosts.c
+++ b/src/knownhosts.c
@@ -483,6 +483,9 @@ static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e typ
 #ifdef HAVE_DSA
    case SSH_KEYTYPE_DSS:
        return "ssh-dss";
+#else
+        SSH_LOG(SSH_LOG_WARN, "DSS keys are not supported by this build");
+        break;
 #endif
 #ifdef HAVE_ECDH
    case SSH_KEYTYPE_ECDSA_P256:
@@ -491,13 +494,22 @@ static const char *ssh_known_host_sigs_from_hostkey_type(enum ssh_keytypes_e typ
        return "ecdsa-sha2-nistp384";
    case SSH_KEYTYPE_ECDSA_P521:
        return "ecdsa-sha2-nistp521";
+#else
+    case SSH_KEYTYPE_ECDSA_P256:
+    case SSH_KEYTYPE_ECDSA_P384:
+    case SSH_KEYTYPE_ECDSA_P521:
+        SSH_LOG(SSH_LOG_WARN, "ECDSA keys are not supported by this build");
+        break;
 #endif
    case SSH_KEYTYPE_UNKNOWN:
    default:
-        SSH_LOG(SSH_LOG_WARN, "The given type %d is not a base private key type "
-                "or is unsupported", type);
-        return NULL;
+        SSH_LOG(SSH_LOG_WARN,
+                "The given type %d is not a base private key type "
+                "or is unsupported",
+                type);
    }
+
+    return NULL;
 }

 /**