version 1.41, 2016/10/24 01:09:17 |
version 1.42, 2017/02/10 04:34:50 |
|
|
|
|
if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, |
if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL, |
(char *)passphrase)) == NULL) { |
(char *)passphrase)) == NULL) { |
r = SSH_ERR_KEY_WRONG_PASSPHRASE; |
unsigned long pem_err = ERR_peek_last_error(); |
|
int pem_reason = ERR_GET_REASON(pem_err); |
|
|
|
/* |
|
* Translate OpenSSL error codes to determine whether |
|
* passphrase is required/incorrect. |
|
*/ |
|
switch (ERR_GET_LIB(pem_err)) { |
|
case ERR_LIB_PEM: |
|
switch (pem_reason) { |
|
case PEM_R_BAD_PASSWORD_READ: |
|
case PEM_R_PROBLEMS_GETTING_PASSWORD: |
|
case PEM_R_BAD_DECRYPT: |
|
r = SSH_ERR_KEY_WRONG_PASSPHRASE; |
|
goto out; |
|
default: |
|
r = SSH_ERR_INVALID_FORMAT; |
|
goto out; |
|
} |
|
case ERR_LIB_EVP: |
|
switch (pem_reason) { |
|
case EVP_R_BAD_DECRYPT: |
|
r = SSH_ERR_KEY_WRONG_PASSPHRASE; |
|
goto out; |
|
case EVP_R_BN_DECODE_ERROR: |
|
case EVP_R_DECODE_ERROR: |
|
case EVP_R_PRIVATE_KEY_DECODE_ERROR: |
|
r = SSH_ERR_INVALID_FORMAT; |
|
goto out; |
|
default: |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
case ERR_LIB_ASN1: |
|
r = SSH_ERR_INVALID_FORMAT; |
|
goto out; |
|
} |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
goto out; |
goto out; |
} |
} |
if (pk->type == EVP_PKEY_RSA && |
if (pk->type == EVP_PKEY_RSA && |
|
|
sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, |
sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type, |
const char *passphrase, struct sshkey **keyp, char **commentp) |
const char *passphrase, struct sshkey **keyp, char **commentp) |
{ |
{ |
|
int r = SSH_ERR_INTERNAL_ERROR; |
|
|
if (keyp != NULL) |
if (keyp != NULL) |
*keyp = NULL; |
*keyp = NULL; |
if (commentp != NULL) |
if (commentp != NULL) |
|
|
return sshkey_parse_private2(blob, type, passphrase, |
return sshkey_parse_private2(blob, type, passphrase, |
keyp, commentp); |
keyp, commentp); |
case KEY_UNSPEC: |
case KEY_UNSPEC: |
if (sshkey_parse_private2(blob, type, passphrase, keyp, |
r = sshkey_parse_private2(blob, type, passphrase, keyp, |
commentp) == 0) |
commentp); |
return 0; |
/* Do not fallback to PEM parser if only passphrase is wrong. */ |
|
if (r == 0 || r == SSH_ERR_KEY_WRONG_PASSPHRASE) |
|
return r; |
#ifdef WITH_OPENSSL |
#ifdef WITH_OPENSSL |
return sshkey_parse_private_pem_fileblob(blob, type, |
return sshkey_parse_private_pem_fileblob(blob, type, |
passphrase, keyp); |
passphrase, keyp); |