Attachment 2990 Details for Bug 2699 – search first entry in libcrypto error stack for better error

[patch] search first entry in libcrypto error stack for better error

bz2699.diff (text/plain), 2.94 KB, created by Damien Miller on 2017-06-09 14:38:21 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2017-06-09 14:38:21 AEST

Size: 2.94 KB

patch

obsolete

>diff --git a/sshkey.c b/sshkey.c
>index 9a3f0be5..a00004ef 100644
>--- a/sshkey.c
>+++ b/sshkey.c
>@@ -3365,6 +3365,64 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob,
> 
> 
> #ifdef WITH_OPENSSL
>+static int
>+translate_libcrypto_error(unsigned long pem_err)
>+{
>+	int pem_reason = ERR_GET_REASON(pem_err);
>+
>+	switch (ERR_GET_LIB(pem_err)) {
>+	case ERR_LIB_PEM:
>+		switch (pem_reason) {
>+		case PEM_R_BAD_PASSWORD_READ:
>+		case PEM_R_PROBLEMS_GETTING_PASSWORD:
>+		case PEM_R_BAD_DECRYPT:
>+			return SSH_ERR_KEY_WRONG_PASSPHRASE;
>+		default:
>+			return SSH_ERR_INVALID_FORMAT;
>+		}
>+	case ERR_LIB_EVP:
>+		switch (pem_reason) {
>+		case EVP_R_BAD_DECRYPT:
>+			return SSH_ERR_KEY_WRONG_PASSPHRASE;
>+		case EVP_R_BN_DECODE_ERROR:
>+		case EVP_R_DECODE_ERROR:
>+#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
>+		case EVP_R_PRIVATE_KEY_DECODE_ERROR:
>+#endif
>+			return SSH_ERR_INVALID_FORMAT;
>+		default:
>+			return SSH_ERR_LIBCRYPTO_ERROR;
>+		}
>+	case ERR_LIB_ASN1:
>+		return SSH_ERR_INVALID_FORMAT;
>+	}
>+	return SSH_ERR_LIBCRYPTO_ERROR;
>+}
>+
>+static void
>+clear_libcrypto_errors(void)
>+{
>+	while (ERR_get_error() != 0)
>+		;
>+}
>+
>+/*
>+ * Translate OpenSSL error codes to determine whether
>+ * passphrase is required/incorrect.
>+ */
>+static int
>+convert_libcrypto_error(void)
>+{
>+	/*
>+	 * Some password errors are reported at the beginning
>+	 * of the error queue.
>+	 */
>+	if (translate_libcrypto_error(ERR_peek_error()) ==
>+	    SSH_ERR_KEY_WRONG_PASSPHRASE)
>+		return SSH_ERR_KEY_WRONG_PASSPHRASE;
>+	return translate_libcrypto_error(ERR_peek_last_error());
>+}
>+
> static int
> sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
>     const char *passphrase, struct sshkey **keyp)
>@@ -3385,48 +3443,10 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
> 		goto out;
> 	}
> 
>+	clear_libcrypto_errors();
> 	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
> 	    (char *)passphrase)) == NULL) {
>-		unsigned long pem_err = ERR_peek_last_error();
>-		int pem_reason = ERR_GET_REASON(pem_err);
>-
>-		/*
>-		 * Translate OpenSSL error codes to determine whether
>-		 * passphrase is required/incorrect.
>-		 */
>-		switch (ERR_GET_LIB(pem_err)) {
>-		case ERR_LIB_PEM:
>-			switch (pem_reason) {
>-			case PEM_R_BAD_PASSWORD_READ:
>-			case PEM_R_PROBLEMS_GETTING_PASSWORD:
>-			case PEM_R_BAD_DECRYPT:
>-				r = SSH_ERR_KEY_WRONG_PASSPHRASE;
>-				goto out;
>-			default:
>-				r = SSH_ERR_INVALID_FORMAT;
>-				goto out;
>-			}
>-		case ERR_LIB_EVP:
>-			switch (pem_reason) {
>-			case EVP_R_BAD_DECRYPT:
>-				r = SSH_ERR_KEY_WRONG_PASSPHRASE;
>-				goto out;
>-			case EVP_R_BN_DECODE_ERROR:
>-			case EVP_R_DECODE_ERROR:
>-#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
>-			case EVP_R_PRIVATE_KEY_DECODE_ERROR:
>-#endif
>-				r = SSH_ERR_INVALID_FORMAT;
>-				goto out;
>-			default:
>-				r = SSH_ERR_LIBCRYPTO_ERROR;
>-				goto out;
>-			}
>-		case ERR_LIB_ASN1:
>-			r = SSH_ERR_INVALID_FORMAT;
>-			goto out;
>-		}
>-		r = SSH_ERR_LIBCRYPTO_ERROR;
>+		r = convert_libcrypto_error();
> 		goto out;
> 	}
> 	if (pk->type == EVP_PKEY_RSA &&

Flags:

dtucker: ok+

Actions: View | Diff

Attachments on bug 2699: 2990