upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrase

author djm@openbsd.org <djm@openbsd.org>

Tue, 9 Oct 2018 05:42:23 +0000 (05:42 +0000)

committer Damien Miller <djm@mindrot.org>

Tue, 9 Oct 2018 05:45:45 +0000 (16:45 +1100)
author djm@openbsd.org <djm@openbsd.org>
Tue, 9 Oct 2018 05:42:23 +0000 (05:42 +0000)
committer Damien Miller <djm@mindrot.org>
Tue, 9 Oct 2018 05:45:45 +0000 (16:45 +1100)
diff --git a/sshkey.c b/sshkey.c

index 63c01ea67ce133d99462528919dfa5bb8247f797..e1e882b72617bc8b26335880c0fb7c5f64ebac66 100644 (file)
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.70 2018/09/14 04:17:44 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.71 2018/10/09 05:42:23 djm Exp $ */
  /*
   * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
   * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -3936,7 +3936,16 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
         clear_libcrypto_errors();
         if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
             (char *)passphrase)) == NULL) {
-               r = convert_libcrypto_error();
+              /*
+               * libcrypto may return various ASN.1 errors when attempting
+               * to parse a key with an incorrect passphrase.
+               * Treat all format errors as "incorrect passphrase" if a
+               * passphrase was supplied.
+               */
+               if (passphrase != NULL && *passphrase != '\0')
+                       r = SSH_ERR_KEY_WRONG_PASSPHRASE;
+               else
+                       r = convert_libcrypto_error();
                 goto out;
         }
         if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA &&
author	djm@openbsd.org <djm@openbsd.org>
	Tue, 9 Oct 2018 05:42:23 +0000 (05:42 +0000)
committer	Damien Miller <djm@mindrot.org>
	Tue, 9 Oct 2018 05:45:45 +0000 (16:45 +1100)