Bugzilla – Attachment 3187 Details for
Bug 2901
ssh-keygen generates an invalid key sometimes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
treat all ASN1 parse errors as "incorrect passphrase" if passphrase specified
bz2901.diff (text/plain), 1.90 KB, created by
Damien Miller
on 2018-10-08 14:55:47 AEDT
(
hide
)
Description:
treat all ASN1 parse errors as "incorrect passphrase" if passphrase specified
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2018-10-08 14:55:47 AEDT
Size:
1.90 KB
patch
obsolete
>diff --git a/sshkey.c b/sshkey.c >index 63c01ea6..1957d377 100644 >--- a/sshkey.c >+++ b/sshkey.c >@@ -3851,10 +3851,11 @@ sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob, > } > } > >+#include <stdio.h> > > #ifdef WITH_OPENSSL > static int >-translate_libcrypto_error(unsigned long pem_err) >+translate_libcrypto_error(unsigned long pem_err, int had_passphrase) > { > int pem_reason = ERR_GET_REASON(pem_err); > >@@ -3884,7 +3885,16 @@ translate_libcrypto_error(unsigned long pem_err) > return SSH_ERR_LIBCRYPTO_ERROR; > } > case ERR_LIB_ASN1: >- return SSH_ERR_INVALID_FORMAT; >+ /* >+ * OpenSSL may return various ASN.1 errors when attempting >+ * to parse a key with an incorrect passphrase. >+ * Treat all format errors as "incorrect passphrase" if a >+ * passphrase was supplied. >+ */ >+ if (had_passphrase) >+ return SSH_ERR_KEY_WRONG_PASSPHRASE; >+ else >+ return SSH_ERR_INVALID_FORMAT; > } > return SSH_ERR_LIBCRYPTO_ERROR; > } >@@ -3901,16 +3911,16 @@ clear_libcrypto_errors(void) > * passphrase is required/incorrect. > */ > static int >-convert_libcrypto_error(void) >+convert_libcrypto_error(int had_passphrase) > { > /* > * Some password errors are reported at the beginning > * of the error queue. > */ >- if (translate_libcrypto_error(ERR_peek_error()) == >+ if (translate_libcrypto_error(ERR_peek_error(), had_passphrase) == > SSH_ERR_KEY_WRONG_PASSPHRASE) > return SSH_ERR_KEY_WRONG_PASSPHRASE; >- return translate_libcrypto_error(ERR_peek_last_error()); >+ return translate_libcrypto_error(ERR_peek_last_error(), had_passphrase); > } > > static int >@@ -3936,7 +3946,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, > clear_libcrypto_errors(); > if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, > (char *)passphrase)) == NULL) { >- r = convert_libcrypto_error(); >+ r = convert_libcrypto_error(passphrase && *passphrase); > goto out; > } > if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA &&
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3187">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2901
:
3173
| 3187