diff options
-rw-r--r-- | sshkey.c | 41 |
1 files changed, 39 insertions, 2 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshkey.c,v 1.33 2016/05/02 09:36:42 djm Exp $ */ | 1 | /* $OpenBSD: sshkey.c,v 1.34 2016/06/17 05:06:23 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. | 4 | * Copyright (c) 2008 Alexander von Gernler. All rights reserved. |
@@ -3786,7 +3786,44 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, | |||
3786 | 3786 | ||
3787 | if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, | 3787 | if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, |
3788 | (char *)passphrase)) == NULL) { | 3788 | (char *)passphrase)) == NULL) { |
3789 | r = SSH_ERR_KEY_WRONG_PASSPHRASE; | 3789 | unsigned long pem_err = ERR_peek_last_error(); |
3790 | int pem_reason = ERR_GET_REASON(pem_err); | ||
3791 | |||
3792 | /* | ||
3793 | * Translate OpenSSL error codes to determine whether | ||
3794 | * passphrase is required/incorrect. | ||
3795 | */ | ||
3796 | switch (ERR_GET_LIB(pem_err)) { | ||
3797 | case ERR_LIB_PEM: | ||
3798 | switch (pem_reason) { | ||
3799 | case PEM_R_BAD_PASSWORD_READ: | ||
3800 | case PEM_R_PROBLEMS_GETTING_PASSWORD: | ||
3801 | case PEM_R_BAD_DECRYPT: | ||
3802 | r = SSH_ERR_KEY_WRONG_PASSPHRASE; | ||
3803 | goto out; | ||
3804 | default: | ||
3805 | r = SSH_ERR_INVALID_FORMAT; | ||
3806 | goto out; | ||
3807 | } | ||
3808 | case ERR_LIB_EVP: | ||
3809 | switch (pem_reason) { | ||
3810 | case EVP_R_BAD_DECRYPT: | ||
3811 | r = SSH_ERR_KEY_WRONG_PASSPHRASE; | ||
3812 | goto out; | ||
3813 | case EVP_R_BN_DECODE_ERROR: | ||
3814 | case EVP_R_DECODE_ERROR: | ||
3815 | case EVP_R_PRIVATE_KEY_DECODE_ERROR: | ||
3816 | r = SSH_ERR_INVALID_FORMAT; | ||
3817 | goto out; | ||
3818 | default: | ||
3819 | r = SSH_ERR_LIBCRYPTO_ERROR; | ||
3820 | goto out; | ||
3821 | } | ||
3822 | case ERR_LIB_ASN1: | ||
3823 | r = SSH_ERR_INVALID_FORMAT; | ||
3824 | goto out; | ||
3825 | } | ||
3826 | r = SSH_ERR_LIBCRYPTO_ERROR; | ||
3790 | goto out; | 3827 | goto out; |
3791 | } | 3828 | } |
3792 | if (pk->type == EVP_PKEY_RSA && | 3829 | if (pk->type == EVP_PKEY_RSA && |