[Bug 2522] Key parser should reflect errors from OpenSSL
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Jun 29 20:41:33 AEST 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2522
--- Comment #7 from Jakub Jelen <jjelen at redhat.com> ---
Created attachment 2844
--> https://bugzilla.mindrot.org/attachment.cgi?id=2844&action=edit
Do not fallback to PEM parser, if only passphrase is wrong
Thank you for the details. Now I see. When the key in new format have a
passphrase, it is not accepted.
There is assumption that sshkey_load_private returns
SSH_ERR_KEY_WRONG_PASSPHRASE when the initial attempt without
passphrase fails (which quite makes sense).
But parsing the key in sshkey_parse_private_fileblob_type goes
through waterfall from parsing openssh format to parsing PEM format.
Current implementation depends on the assumption that
sshkey_parse_private_pem_fileblob returns WRONG_PASSPHRASE for
everything that it does not know which gets wrong with the above patch
applied (sorry that I did miss that).
Proper solution would be to pass-through WRONG_PASSPHRASE return value
from sshkey_parse_private2, which indicates that the parser knows the
key type, but the passphrase it wrong and do not let it fall-through to
the PEM parser (which does not know the key format).
I ran the tests from initial bug, from the last comments and the the
regress and all test passed.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list