[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-bugs
Subject: [Bug 2522] Key parser should reflect errors from OpenSSL
From: bugzilla-daemon () bugzilla ! mindrot ! org
Date: 2016-06-29 10:41:33
Message-ID: bug-2522-705-Rvqaq0SQ3r () https ! bugzilla ! mindrot ! org/
[Download RAW message or body]
https://bugzilla.mindrot.org/show_bug.cgi?id=2522
--- Comment #7 from Jakub Jelen <jjelen@redhat.com> ---
Created attachment 2844
--> https://bugzilla.mindrot.org/attachment.cgi?id=2844&action=edit
Do not fallback to PEM parser, if only passphrase is wrong
Thank you for the details. Now I see. When the key in new format have a
passphrase, it is not accepted.
There is assumption that sshkey_load_private returns
SSH_ERR_KEY_WRONG_PASSPHRASE when the initial attempt without
passphrase fails (which quite makes sense).
But parsing the key in sshkey_parse_private_fileblob_type goes
through waterfall from parsing openssh format to parsing PEM format.
Current implementation depends on the assumption that
sshkey_parse_private_pem_fileblob returns WRONG_PASSPHRASE for
everything that it does not know which gets wrong with the above patch
applied (sorry that I did miss that).
Proper solution would be to pass-through WRONG_PASSPHRASE return value
from sshkey_parse_private2, which indicates that the parser knows the
key type, but the passphrase it wrong and do not let it fall-through to
the PEM parser (which does not know the key format).
I ran the tests from initial bug, from the last comments and the the
regress and all test passed.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic