Merge branch 'master' of https://github.com/openssh/openssh-portable into latestw

match.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.34 2017/02/03 23:01:19 djm Exp $ */
+/* $OpenBSD: match.c,v 1.35 2017/02/15 23:38:31 jsg Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -297,8 +297,11 @@ match_filter_list(const char *proposal, const char *filter)
 	char *orig_prop = strdup(proposal);
 	char *cp, *tmp;
 
-	if (fix_prop == NULL || orig_prop == NULL)
+	if (fix_prop == NULL || orig_prop == NULL) {
+		free(orig_prop);
+		free(fix_prop);
 		return NULL;
+	}
 
 	tmp = orig_prop;
 	*fix_prop = '\0';

packet.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.245 2017/02/03 23:03:33 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.246 2017/02/28 06:10:08 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1466,8 +1466,10 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 				break;
 			}
 		}
-		if (r == 0)
-			return SSH_ERR_CONN_TIMEOUT;
+		if (r == 0) {
+			r = SSH_ERR_CONN_TIMEOUT;
+			goto out;
+		}
 		/* Read data from the socket. */
 		len = read(state->connection_in, buf, sizeof(buf));
 		if (len == 0) {

regress/test-exec.sh

@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.58 2016/12/16 01:06:27 dtucker Exp $
+#	$OpenBSD: test-exec.sh,v 1.59 2017/02/07 23:03:11 dtucker Exp $
 #	Placed in the Public Domain.
 
 #SUDO=sudo
@@ -444,12 +444,10 @@ Host *
 	User			$USER
 	GlobalKnownHostsFile	$OBJ/known_hosts
 	UserKnownHostsFile	$OBJ/known_hosts
-	RSAAuthentication	yes
 	PubkeyAuthentication	yes
 	ChallengeResponseAuthentication	no
 	HostbasedAuthentication	no
 	PasswordAuthentication	no
-	RhostsRSAAuthentication	no
 	BatchMode		yes
 	StrictHostKeyChecking	yes
 	LogLevel		DEBUG3

regress/unittests/utf8/tests.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: tests.c,v 1.3 2016/12/19 04:55:18 djm Exp $ */
+/*	$OpenBSD: tests.c,v 1.4 2017/02/19 00:11:29 djm Exp $ */
 /*
  * Regress test for the utf8.h *mprintf() API
  *
@@ -15,10 +15,7 @@
 
 #include "utf8.h"
 
-void	 badarg(void);
-void	 one(const char *, const char *, int, int, int, const char *);
-
-void
+static void
 badarg(void)
 {
 	char	 buf[16];
@@ -33,8 +30,8 @@ badarg(void)
 	TEST_DONE();
 }
 
-void
-one(const char *name, const char *mbs, int width,
+static void
+one(int utf8, const char *name, const char *mbs, int width,
     int wantwidth, int wantlen, const char *wants)
 {
 	char	 buf[16];
@@ -43,7 +40,7 @@ one(const char *name, const char *mbs, int width,
 
 	if (wantlen == -2)
 		wantlen = strlen(wants);
-	(void)strlcpy(buf, "utf8_", sizeof(buf));
+	(void)strlcpy(buf, utf8 ? "utf8_" : "c_", sizeof(buf));
 	(void)strlcat(buf, name, sizeof(buf));
 	TEST_START(buf);
 	wp = wantwidth == -2 ? NULL : &width;
@@ -70,19 +67,41 @@ tests(void)
 	TEST_DONE();
 
 	badarg();
-	one("empty", "", 2, 0, 0, "");
-	one("ascii", "x", -2, -2, -2, "x");
-	one("newline", "a\nb", -2, -2, -2, "a\nb");
-	one("cr", "a\rb", -2, -2, -2, "a\rb");
-	one("tab", "a\tb", -2, -2, -2, "a\tb");
-	one("esc", "\033x", -2, -2, -2, "\\033x");
-	one("inv_badbyte", "\377x", -2, -2, -2, "\\377x");
-	one("inv_nocont", "\341x", -2, -2, -2, "\\341x");
-	one("inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
-	one("sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
-	one("sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
-	one("width_ascii", "123", 2, 2, -1, "12");
-	one("width_double", "a\343\201\201", 2, 1, -1, "a");
-	one("double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201");
-	one("double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201");
+	one(1, "empty", "", 2, 0, 0, "");
+	one(1, "ascii", "x", -2, -2, -2, "x");
+	one(1, "newline", "a\nb", -2, -2, -2, "a\nb");
+	one(1, "cr", "a\rb", -2, -2, -2, "a\rb");
+	one(1, "tab", "a\tb", -2, -2, -2, "a\tb");
+	one(1, "esc", "\033x", -2, -2, -2, "\\033x");
+	one(1, "inv_badbyte", "\377x", -2, -2, -2, "\\377x");
+	one(1, "inv_nocont", "\341x", -2, -2, -2, "\\341x");
+	one(1, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
+	one(1, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
+	one(1, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
+	one(1, "width_ascii", "123", 2, 2, -1, "12");
+	one(1, "width_double", "a\343\201\201", 2, 1, -1, "a");
+	one(1, "double_fit", "a\343\201\201", 3, 3, 4, "a\343\201\201");
+	one(1, "double_spc", "a\343\201\201", 4, 3, 4, "a\343\201\201");
+
+	TEST_START("C_setlocale");
+	loc = setlocale(LC_CTYPE, "C");
+	ASSERT_PTR_NE(loc, NULL);
+	TEST_DONE();
+
+	badarg();
+	one(0, "empty", "", 2, 0, 0, "");
+	one(0, "ascii", "x", -2, -2, -2, "x");
+	one(0, "newline", "a\nb", -2, -2, -2, "a\nb");
+	one(0, "cr", "a\rb", -2, -2, -2, "a\rb");
+	one(0, "tab", "a\tb", -2, -2, -2, "a\tb");
+	one(0, "esc", "\033x", -2, -2, -2, "\\033x");
+	one(0, "inv_badbyte", "\377x", -2, -2, -2, "\\377x");
+	one(0, "inv_nocont", "\341x", -2, -2, -2, "\\341x");
+	one(0, "inv_nolead", "a\200b", -2, -2, -2, "a\\200b");
+	one(0, "sz_ascii", "1234567890123456", -2, -2, 16, "123456789012345");
+	one(0, "sz_esc", "123456789012\033", -2, -2, 16, "123456789012");
+	one(0, "width_ascii", "123", 2, 2, -1, "12");
+	one(0, "width_double", "a\343\201\201", 2, 1, -1, "a");
+	one(0, "double_fit", "a\343\201\201", 7, 5, -1, "a\\343");
+	one(0, "double_spc", "a\343\201\201", 13, 13, 13, "a\\343\\201\\201");
 }

sftp.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.177 2016/10/18 12:41:22 millert Exp $ */
+/* $OpenBSD: sftp.c,v 1.178 2017/02/15 01:46:47 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -1012,23 +1012,34 @@ static int
 do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
 {
 	struct sftp_statvfs st;
-	char s_used[FMT_SCALED_STRSIZE];
-	char s_avail[FMT_SCALED_STRSIZE];
-	char s_root[FMT_SCALED_STRSIZE];
-	char s_total[FMT_SCALED_STRSIZE];
-	unsigned long long ffree;
+	char s_used[FMT_SCALED_STRSIZE], s_avail[FMT_SCALED_STRSIZE];
+	char s_root[FMT_SCALED_STRSIZE], s_total[FMT_SCALED_STRSIZE];
+	char s_icapacity[16], s_dcapacity[16];
 
 	if (do_statvfs(conn, path, &st, 1) == -1)
 		return -1;
+	if (st.f_files == 0)
+		strlcpy(s_icapacity, "ERR", sizeof(s_icapacity));
+	else {
+		snprintf(s_icapacity, sizeof(s_icapacity), "%3llu%%",
+		    (unsigned long long)(100 * (st.f_files - st.f_ffree) /
+		    st.f_files));
+	}
+	if (st.f_blocks == 0)
+		strlcpy(s_dcapacity, "ERR", sizeof(s_dcapacity));
+	else {
+		snprintf(s_dcapacity, sizeof(s_dcapacity), "%3llu%%",
+		    (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
+		    st.f_blocks));
+	}
 	if (iflag) {
-		ffree = st.f_files ? (100 * (st.f_files - st.f_ffree) / st.f_files) : 0;
 		printf("     Inodes        Used       Avail      "
 		    "(root)    %%Capacity\n");
-		printf("%11llu %11llu %11llu %11llu         %3llu%%\n",
+		printf("%11llu %11llu %11llu %11llu         %s\n",
 		    (unsigned long long)st.f_files,
 		    (unsigned long long)(st.f_files - st.f_ffree),
 		    (unsigned long long)st.f_favail,
-		    (unsigned long long)st.f_ffree, ffree);
+		    (unsigned long long)st.f_ffree, s_icapacity);
 	} else if (hflag) {
 		strlcpy(s_used, "error", sizeof(s_used));
 		strlcpy(s_avail, "error", sizeof(s_avail));
@@ -1039,21 +1050,18 @@ do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
 		fmt_scaled(st.f_bfree * st.f_frsize, s_root);
 		fmt_scaled(st.f_blocks * st.f_frsize, s_total);
 		printf("    Size     Used    Avail   (root)    %%Capacity\n");
-		printf("%7sB %7sB %7sB %7sB         %3llu%%\n",
-		    s_total, s_used, s_avail, s_root,
-		    (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
-		    st.f_blocks));
+		printf("%7sB %7sB %7sB %7sB         %s\n",
+		    s_total, s_used, s_avail, s_root, s_dcapacity);
 	} else {
 		printf("        Size         Used        Avail       "
 		    "(root)    %%Capacity\n");
-		printf("%12llu %12llu %12llu %12llu         %3llu%%\n",
+		printf("%12llu %12llu %12llu %12llu         %s\n",
 		    (unsigned long long)(st.f_frsize * st.f_blocks / 1024),
 		    (unsigned long long)(st.f_frsize *
 		    (st.f_blocks - st.f_bfree) / 1024),
 		    (unsigned long long)(st.f_frsize * st.f_bavail / 1024),
 		    (unsigned long long)(st.f_frsize * st.f_bfree / 1024),
-		    (unsigned long long)(100 * (st.f_blocks - st.f_bfree) /
-		    st.f_blocks));
+		    s_dcapacity);
 	}
 	return 0;
 }

ssh-keygen.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.292 2016/09/12 03:29:16 dtucker Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.298 2017/03/06 02:03:20 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,6 +37,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <limits.h>
+#include <locale.h>
 
 #include "xmalloc.h"
 #include "sshkey.h"
@@ -57,6 +58,7 @@
 #include "atomicio.h"
 #include "krl.h"
 #include "digest.h"
+#include "utf8.h"
 
 #ifdef WITH_OPENSSL
 # define DEFAULT_KEY_TYPE_NAME "rsa"
@@ -847,7 +849,7 @@ fingerprint_one_key(const struct sshkey *public, const char *comment)
 	ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);
 	if (fp == NULL || ra == NULL)
 		fatal("%s: sshkey_fingerprint failed", __func__);
-	printf("%u %s %s (%s)\n", sshkey_size(public), fp,
+	mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
 	    comment ? comment : "no comment", sshkey_type(public));
 	if (log_level >= SYSLOG_LEVEL_VERBOSE)
 		printf("%s\n", ra);
@@ -1093,6 +1095,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
 	struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
 	char *hashed, *cp, *hosts, *ohosts;
 	int has_wild = l->hosts && strcspn(l->hosts, "*?!") != strlen(l->hosts);
+	int was_hashed = l->hosts && l->hosts[0] == HASH_DELIM;
 
 	switch (l->status) {
 	case HKF_STATUS_OK:
@@ -1101,11 +1104,10 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
 		 * Don't hash hosts already already hashed, with wildcard
 		 * characters or a CA/revocation marker.
 		 */
-		if ((l->match & HKF_MATCH_HOST_HASHED) != 0 ||
-		    has_wild || l->marker != MRK_NONE) {
+		if (was_hashed || has_wild || l->marker != MRK_NONE) {
 			fprintf(ctx->out, "%s\n", l->line);
 			if (has_wild && !find_host) {
-				logit("%s:%ld: ignoring host name "
+				logit("%s:%lu: ignoring host name "
 				    "with wildcard: %.64s", l->path,
 				    l->linenum, l->hosts);
 			}
@@ -1127,7 +1129,7 @@ known_hosts_hash(struct hostkey_foreach_line *l, void *_ctx)
 	case HKF_STATUS_INVALID:
 		/* Retain invalid lines, but mark file as invalid. */
 		ctx->invalid = 1;
-		logit("%s:%ld: invalid line", l->path, l->linenum);
+		logit("%s:%lu: invalid line", l->path, l->linenum);
 		/* FALLTHROUGH */
 	default:
 		fprintf(ctx->out, "%s\n", l->line);
@@ -1161,14 +1163,14 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
 				 */
 				ctx->found_key = 1;
 				if (!quiet)
-					printf("# Host %s found: line %ld\n",
+					printf("# Host %s found: line %lu\n",
 					    ctx->host, l->linenum);
 			}
 			return 0;
 		} else if (find_host) {
 			ctx->found_key = 1;
 			if (!quiet) {
-				printf("# Host %s found: line %ld %s\n",
+				printf("# Host %s found: line %lu %s\n",
 				    ctx->host,
 				    l->linenum, l->marker == MRK_CA ? "CA" :
 				    (l->marker == MRK_REVOKE ? "REVOKED" : ""));
@@ -1177,7 +1179,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
 				known_hosts_hash(l, ctx);
 			else if (print_fingerprint) {
 				fp = sshkey_fingerprint(l->key, fptype, rep);
-				printf("%s %s %s %s\n", ctx->host,
+				mprintf("%s %s %s %s\n", ctx->host,
 				    sshkey_type(l->key), fp, l->comment);
 				free(fp);
 			} else
@@ -1188,7 +1190,7 @@ known_hosts_find_delete(struct hostkey_foreach_line *l, void *_ctx)
 		/* Retain non-matching hosts when deleting */
 		if (l->status == HKF_STATUS_INVALID) {
 			ctx->invalid = 1;
-			logit("%s:%ld: invalid line", l->path, l->linenum);
+			logit("%s:%lu: invalid line", l->path, l->linenum);
 		}
 		fprintf(ctx->out, "%s\n", l->line);
 	}
@@ -1333,7 +1335,7 @@ do_change_passphrase(struct passwd *pw)
 		fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
 	}
 	if (comment)
-		printf("Key has comment '%s'\n", comment);
+		mprintf("Key has comment '%s'\n", comment);
 
 	/* Ask the new passphrase (twice). */
 	if (identity_new_passphrase) {
@@ -1457,7 +1459,10 @@ do_change_comment(struct passwd *pw)
 		sshkey_free(private);
 		exit(1);
 	}
-	printf("Key now has comment '%s'\n", comment);
+	if (comment)
+		printf("Key now has comment '%s'\n", comment);
+	else
+		printf("Key now has no comment\n");
 
 	if (identity_comment) {
 		strlcpy(new_comment, identity_comment, sizeof(new_comment));
@@ -2220,11 +2225,17 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
 	exit(ret);
 }
 
+#ifdef WITH_SSH1
+# define RSA1_USAGE " | rsa1"
+#else
+# define RSA1_USAGE ""
+#endif
+
 static void
 usage(void)
 {
 	fprintf(stderr,
-	    "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n"
+	    "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa%s]\n"
 	    "                  [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
 	    "       ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
 	    "       ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
@@ -2232,7 +2243,7 @@ usage(void)
 	    "       ssh-keygen -y [-f input_keyfile]\n"
 	    "       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
 	    "       ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
-	    "       ssh-keygen -B [-f input_keyfile]\n");
+	    "       ssh-keygen -B [-f input_keyfile]\n", RSA1_USAGE);
 #ifdef ENABLE_PKCS11
 	fprintf(stderr,
 	    "       ssh-keygen -D pkcs11\n");
@@ -2297,6 +2308,8 @@ main(int argc, char **argv)
 
 	seed_rng();
 
+	msetlocale();
+
 	/* we need this for the home * directory.  */
 	pw = getpwuid(getuid());
 	if (!pw)

ssh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.448 2016/12/06 07:48:01 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.449 2017/02/17 02:04:15 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1103,7 +1103,7 @@ main(int ac, char **av)
 		options.proxy_use_fdpass = 0;
 		snprintf(port_s, sizeof(port_s), "%d", options.jump_port);
 		xasprintf(&options.proxy_command,
-		    "ssh%s%s%s%s%s%s%s%s%s%.*s -W %%h:%%p %s",
+		    "ssh%s%s%s%s%s%s%s%s%s%.*s -W [%%h]:%%p %s",
 		    /* Optional "-l user" argument if jump_user set */
 		    options.jump_user == NULL ? "" : " -l ",
 		    options.jump_user == NULL ? "" : options.jump_user,

ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.241 2017/02/03 23:01:19 djm Exp $
-.Dd $Mdocdate: February 3 2017 $
+.\" $OpenBSD: ssh_config.5,v 1.242 2017/02/27 14:30:33 jmc Exp $
+.Dd $Mdocdate: February 27 2017 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1147,7 +1147,7 @@ However, this option disables host authentication for localhost.
 The argument to this keyword must be
 .Cm yes
 or
-.Cm no .
+.Cm no
 (the default).
 .It Cm NumberOfPasswordPrompts
 Specifies the number of password prompts before giving up.

sshd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.482 2017/02/06 09:22:51 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.483 2017/02/24 03:16:34 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1084,15 +1084,11 @@ server_listen(void)
 			close(listen_sock);
 			continue;
 		}
-#ifdef WINDOWS
-		/* disable inheritance on listener socket */
-		if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) != 0) {
-			error("F_SETFD  FD_CLOEXEC on socket %d error %d", 
-			    listen_sock, errno);
+		if (fcntl(listen_sock, F_SETFD, FD_CLOEXEC) == -1) {
+			verbose("socket: CLOEXEC: %s", strerror(errno));
 			close(listen_sock);
 			continue;
 		}
-#endif /* WINDOWS */
 		/*
 		 * Set socket options.
 		 * Allow local port reuse in TIME_WAIT.

sshkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.41 2016/10/24 01:09:17 dtucker Exp $ */
+/* $OpenBSD: sshkey.c,v 1.43 2017/02/17 02:31:14 dtucker Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -89,7 +89,9 @@ static const struct keytype keytypes[] = {
 	{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",
 	    KEY_ED25519_CERT, 0, 1, 0 },
 #ifdef WITH_OPENSSL
+# ifdef WITH_SSH1
 	{ NULL, "RSA1", KEY_RSA1, 0, 0, 0 },
+# endif
 	{ "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 },
 	{ "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 },
 	{ "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 },
@@ -3786,7 +3788,46 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
 
 	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
 	    (char *)passphrase)) == NULL) {
-		r = SSH_ERR_KEY_WRONG_PASSPHRASE;
+		unsigned long pem_err = ERR_peek_last_error();
+		int pem_reason = ERR_GET_REASON(pem_err);
+
+		/*
+		 * Translate OpenSSL error codes to determine whether
+		 * passphrase is required/incorrect.
+		 */
+		switch (ERR_GET_LIB(pem_err)) {
+		case ERR_LIB_PEM:
+			switch (pem_reason) {
+			case PEM_R_BAD_PASSWORD_READ:
+			case PEM_R_PROBLEMS_GETTING_PASSWORD:
+			case PEM_R_BAD_DECRYPT:
+				r = SSH_ERR_KEY_WRONG_PASSPHRASE;
+				goto out;
+			default:
+				r = SSH_ERR_INVALID_FORMAT;
+				goto out;
+			}
+		case ERR_LIB_EVP:
+			switch (pem_reason) {
+			case EVP_R_BAD_DECRYPT:
+				r = SSH_ERR_KEY_WRONG_PASSPHRASE;
+				goto out;
+			case EVP_R_BN_DECODE_ERROR:
+			case EVP_R_DECODE_ERROR:
+#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
+			case EVP_R_PRIVATE_KEY_DECODE_ERROR:
+#endif
+				r = SSH_ERR_INVALID_FORMAT;
+				goto out;
+			default:
+				r = SSH_ERR_LIBCRYPTO_ERROR;
+				goto out;
+			}
+		case ERR_LIB_ASN1:
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
+		r = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
 	if (pk->type == EVP_PKEY_RSA &&
@@ -3860,6 +3901,8 @@ int
 sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
     const char *passphrase, struct sshkey **keyp, char **commentp)
 {
+	int r = SSH_ERR_INTERNAL_ERROR;
+
 	if (keyp != NULL)
 		*keyp = NULL;
 	if (commentp != NULL)
@@ -3882,9 +3925,11 @@ sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
 		return sshkey_parse_private2(blob, type, passphrase,
 		    keyp, commentp);
 	case KEY_UNSPEC:
-		if (sshkey_parse_private2(blob, type, passphrase, keyp,
-		    commentp) == 0)
-			return 0;
+		r = sshkey_parse_private2(blob, type, passphrase, keyp,
+		    commentp);
+		/* Do not fallback to PEM parser if only passphrase is wrong. */
+		if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE)
+			return r;
 #ifdef WITH_OPENSSL
 		return sshkey_parse_private_pem_fileblob(blob, type,
 		    passphrase, keyp);