Attachment #2806 for bug #2522





	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
	    (char *)passphrase)) == NULL) {
		unsigned long pem_err = ERR_peek_last_error();
		int pem_reason = ERR_GET_REASON(pem_err);

		/*
		 * Translate OpenSSL error codes to determine whether
		 * passphrase is required/incorrect.
		 */
		switch (ERR_GET_LIB(pem_err)) {
		case ERR_LIB_PEM:
			switch (pem_reason) {
			case PEM_R_BAD_PASSWORD_READ:
			case PEM_R_PROBLEMS_GETTING_PASSWORD:
			case PEM_R_BAD_DECRYPT:
				r = SSH_ERR_KEY_WRONG_PASSPHRASE;
				goto out;
			default:
				r = SSH_ERR_INVALID_FORMAT;
				goto out;
			}
		case ERR_LIB_EVP:
			switch (pem_reason) {
			case EVP_R_BAD_DECRYPT:
				r = SSH_ERR_KEY_WRONG_PASSPHRASE;
				goto out;
			case EVP_R_BN_DECODE_ERROR:
			case EVP_R_DECODE_ERROR:
			case EVP_R_PRIVATE_KEY_DECODE_ERROR:
				r = SSH_ERR_INVALID_FORMAT;
				goto out;
			default:
				r = SSH_ERR_LIBCRYPTO_ERROR;
				goto out;
			}
		case ERR_LIB_ASN1:
			r = SSH_ERR_INVALID_FORMAT;
			goto out;
		}
		r = SSH_ERR_LIBCRYPTO_ERROR;
		goto out;
	}
	if (pk->type == EVP_PKEY_RSA &&

Return to bug 2522

Lines 3725-3731 sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, Link Here

(-)a/sshkey.c (-1 / +38 lines)
3725		3725
3726	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,	3726	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
3727	(char *)passphrase)) == NULL) {	3727	(char *)passphrase)) == NULL) {
3728	r = SSH_ERR_KEY_WRONG_PASSPHRASE;	3728	unsigned long pem_err = ERR_peek_last_error();
		3729	int pem_reason = ERR_GET_REASON(pem_err);
		3730
		3731	/*
		3732	* Translate OpenSSL error codes to determine whether
		3733	* passphrase is required/incorrect.
		3734	*/
		3735	switch (ERR_GET_LIB(pem_err)) {
		3736	case ERR_LIB_PEM:
		3737	switch (pem_reason) {
		3738	case PEM_R_BAD_PASSWORD_READ:
		3739	case PEM_R_PROBLEMS_GETTING_PASSWORD:
		3740	case PEM_R_BAD_DECRYPT:
		3741	r = SSH_ERR_KEY_WRONG_PASSPHRASE;
		3742	goto out;
		3743	default:
		3744	r = SSH_ERR_INVALID_FORMAT;
		3745	goto out;
		3746	}
		3747	case ERR_LIB_EVP:
		3748	switch (pem_reason) {
		3749	case EVP_R_BAD_DECRYPT:
		3750	r = SSH_ERR_KEY_WRONG_PASSPHRASE;
		3751	goto out;
		3752	case EVP_R_BN_DECODE_ERROR:
		3753	case EVP_R_DECODE_ERROR:
		3754	case EVP_R_PRIVATE_KEY_DECODE_ERROR:
		3755	r = SSH_ERR_INVALID_FORMAT;
		3756	goto out;
		3757	default:
		3758	r = SSH_ERR_LIBCRYPTO_ERROR;
		3759	goto out;
		3760	}
		3761	case ERR_LIB_ASN1:
		3762	r = SSH_ERR_INVALID_FORMAT;
		3763	goto out;
		3764	}
		3765	r = SSH_ERR_LIBCRYPTO_ERROR;
3729	goto out;	3766	goto out;
3730	}	3767	}
3731	if (pk->type == EVP_PKEY_RSA &&	3768	if (pk->type == EVP_PKEY_RSA &&