diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-02-10 04:34:50 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-02-10 15:35:28 +1100 |
commit | 155d540d00ff55f063421ec182ec8ff2b7ab6cbe (patch) | |
tree | 069cdd4816c8f4f2e44dc85ac1dbb11e399d641e | |
parent | a287c5ad1e0bf9811c7b9221979b969255076019 (diff) |
upstream commit
bring back r1.34 that was backed out for problems loading
public keys:
translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
with additional fix from Jakub Jelen to solve the backout.
bz#2525 bz#2523 re-ok dtucker@
Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
-rw-r--r-- | sshkey.c | 51 |
1 files changed, 46 insertions, 5 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.41 2016/10/24 01:09:17 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.42 2017/02/10 04:34:50 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -3786,7 +3786,44 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, (char *)passphrase)) == NULL) { - r = SSH_ERR_KEY_WRONG_PASSPHRASE; + unsigned long pem_err = ERR_peek_last_error(); + int pem_reason = ERR_GET_REASON(pem_err); + + /* + * Translate OpenSSL error codes to determine whether + * passphrase is required/incorrect. + */ + switch (ERR_GET_LIB(pem_err)) { + case ERR_LIB_PEM: + switch (pem_reason) { + case PEM_R_BAD_PASSWORD_READ: + case PEM_R_PROBLEMS_GETTING_PASSWORD: + case PEM_R_BAD_DECRYPT: + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + default: + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + case ERR_LIB_EVP: + switch (pem_reason) { + case EVP_R_BAD_DECRYPT: + r = SSH_ERR_KEY_WRONG_PASSPHRASE; + goto out; + case EVP_R_BN_DECODE_ERROR: + case EVP_R_DECODE_ERROR: + case EVP_R_PRIVATE_KEY_DECODE_ERROR: + r = SSH_ERR_INVALID_FORMAT; + goto out; + default: + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + case ERR_LIB_ASN1: + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } if (pk->type == EVP_PKEY_RSA && @@ -3860,6 +3897,8 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, const char *passphrase, struct sshkey **keyp, char **commentp) { + int r = SSH_ERR_INTERNAL_ERROR; + if (keyp != NULL) *keyp = NULL; if (commentp != NULL) @@ -3882,9 +3921,11 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, return sshkey_parse_private2(blob, type, passphrase, keyp, commentp); case KEY_UNSPEC: - if (sshkey_parse_private2(blob, type, passphrase, keyp, - commentp) == 0) - return 0; + r = sshkey_parse_private2(blob, type, passphrase, keyp, + commentp); + /* Do not fallback to PEM parser if only passphrase is wrong. */ + if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE) + return r; #ifdef WITH_OPENSSL return sshkey_parse_private_pem_fileblob(blob, type, passphrase, keyp); |