upstream commit

translate OpenSSL error codes to something more
meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@

Upstream-ID: 4cb0795a366381724314e6515d57790c5930ffe5
This commit is contained in:
djm@openbsd.org 2016-06-17 05:06:23 +00:00 committed by Damien Miller
parent b64faeb5ed
commit 5e28b1a2a3
1 changed files with 39 additions and 2 deletions

View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.c,v 1.33 2016/05/02 09:36:42 djm Exp $ */ /* $OpenBSD: sshkey.c,v 1.34 2016/06/17 05:06:23 djm Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@ -3786,8 +3786,45 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
(char *)passphrase)) == NULL) { (char *)passphrase)) == NULL) {
unsigned long pem_err = ERR_peek_last_error();
int pem_reason = ERR_GET_REASON(pem_err);
/*
* Translate OpenSSL error codes to determine whether
* passphrase is required/incorrect.
*/
switch (ERR_GET_LIB(pem_err)) {
case ERR_LIB_PEM:
switch (pem_reason) {
case PEM_R_BAD_PASSWORD_READ:
case PEM_R_PROBLEMS_GETTING_PASSWORD:
case PEM_R_BAD_DECRYPT:
r = SSH_ERR_KEY_WRONG_PASSPHRASE; r = SSH_ERR_KEY_WRONG_PASSPHRASE;
goto out; goto out;
default:
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
case ERR_LIB_EVP:
switch (pem_reason) {
case EVP_R_BAD_DECRYPT:
r = SSH_ERR_KEY_WRONG_PASSPHRASE;
goto out;
case EVP_R_BN_DECODE_ERROR:
case EVP_R_DECODE_ERROR:
case EVP_R_PRIVATE_KEY_DECODE_ERROR:
r = SSH_ERR_INVALID_FORMAT;
goto out;
default:
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
case ERR_LIB_ASN1:
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
} }
if (pk->type == EVP_PKEY_RSA && if (pk->type == EVP_PKEY_RSA &&
(type == KEY_UNSPEC || type == KEY_RSA)) { (type == KEY_UNSPEC || type == KEY_RSA)) {