|
Lines 3851-3860
sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob,
Link Here
|
| 3851 |
} |
3851 |
} |
| 3852 |
} |
3852 |
} |
| 3853 |
|
3853 |
|
|
|
3854 |
#include <stdio.h> |
| 3854 |
|
3855 |
|
| 3855 |
#ifdef WITH_OPENSSL |
3856 |
#ifdef WITH_OPENSSL |
| 3856 |
static int |
3857 |
static int |
| 3857 |
translate_libcrypto_error(unsigned long pem_err) |
3858 |
translate_libcrypto_error(unsigned long pem_err, int had_passphrase) |
| 3858 |
{ |
3859 |
{ |
| 3859 |
int pem_reason = ERR_GET_REASON(pem_err); |
3860 |
int pem_reason = ERR_GET_REASON(pem_err); |
| 3860 |
|
3861 |
|
|
Lines 3884-3890
translate_libcrypto_error(unsigned long pem_err)
Link Here
|
| 3884 |
return SSH_ERR_LIBCRYPTO_ERROR; |
3885 |
return SSH_ERR_LIBCRYPTO_ERROR; |
| 3885 |
} |
3886 |
} |
| 3886 |
case ERR_LIB_ASN1: |
3887 |
case ERR_LIB_ASN1: |
| 3887 |
return SSH_ERR_INVALID_FORMAT; |
3888 |
/* |
|
|
3889 |
* OpenSSL may return various ASN.1 errors when attempting |
| 3890 |
* to parse a key with an incorrect passphrase. |
| 3891 |
* Treat all format errors as "incorrect passphrase" if a |
| 3892 |
* passphrase was supplied. |
| 3893 |
*/ |
| 3894 |
if (had_passphrase) |
| 3895 |
return SSH_ERR_KEY_WRONG_PASSPHRASE; |
| 3896 |
else |
| 3897 |
return SSH_ERR_INVALID_FORMAT; |
| 3888 |
} |
3898 |
} |
| 3889 |
return SSH_ERR_LIBCRYPTO_ERROR; |
3899 |
return SSH_ERR_LIBCRYPTO_ERROR; |
| 3890 |
} |
3900 |
} |
|
Lines 3901-3916
clear_libcrypto_errors(void)
Link Here
|
| 3901 |
* passphrase is required/incorrect. |
3911 |
* passphrase is required/incorrect. |
| 3902 |
*/ |
3912 |
*/ |
| 3903 |
static int |
3913 |
static int |
| 3904 |
convert_libcrypto_error(void) |
3914 |
convert_libcrypto_error(int had_passphrase) |
| 3905 |
{ |
3915 |
{ |
| 3906 |
/* |
3916 |
/* |
| 3907 |
* Some password errors are reported at the beginning |
3917 |
* Some password errors are reported at the beginning |
| 3908 |
* of the error queue. |
3918 |
* of the error queue. |
| 3909 |
*/ |
3919 |
*/ |
| 3910 |
if (translate_libcrypto_error(ERR_peek_error()) == |
3920 |
if (translate_libcrypto_error(ERR_peek_error(), had_passphrase) == |
| 3911 |
SSH_ERR_KEY_WRONG_PASSPHRASE) |
3921 |
SSH_ERR_KEY_WRONG_PASSPHRASE) |
| 3912 |
return SSH_ERR_KEY_WRONG_PASSPHRASE; |
3922 |
return SSH_ERR_KEY_WRONG_PASSPHRASE; |
| 3913 |
return translate_libcrypto_error(ERR_peek_last_error()); |
3923 |
return translate_libcrypto_error(ERR_peek_last_error(), had_passphrase); |
| 3914 |
} |
3924 |
} |
| 3915 |
|
3925 |
|
| 3916 |
static int |
3926 |
static int |
|
Lines 3936-3942
sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
Link Here
|
| 3936 |
clear_libcrypto_errors(); |
3946 |
clear_libcrypto_errors(); |
| 3937 |
if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, |
3947 |
if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, |
| 3938 |
(char *)passphrase)) == NULL) { |
3948 |
(char *)passphrase)) == NULL) { |
| 3939 |
r = convert_libcrypto_error(); |
3949 |
r = convert_libcrypto_error(passphrase && *passphrase); |
| 3940 |
goto out; |
3950 |
goto out; |
| 3941 |
} |
3951 |
} |
| 3942 |
if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA && |
3952 |
if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA && |