In openssh_read(), we shouldn't ever return SSH2_WRONG_PASSPHRASE for

an unencrypted key. (The other import function, sshcom_read(), already got this right.) Thanks to David Wedderwille for the report. This is more than just an error-reporting mistake; it actually causes Windows PuTTYgen to tight-loop on attempting to load a corrupt OpenSSH key, because the 'wrong passphrase' return value causes the caller to loop round and try again, but of course it knows the key is unencrypted so it doesn't prompt for a different passphrase and just tries again with no change... [originally from svn r9643]
2025-01-10 01:48:00 +00:00 · 2012-08-30 18:44:34 +00:00 · 2012-08-30 18:44:34 +00:00 · dbc8ea8e35
commit dbc8ea8e35
parent e2a48fe9b1
1 changed files with 4 additions and 3 deletions
--- a/import.c
+++ b/import.c
@ -592,12 +592,13 @@ struct ssh2_userkey *openssh_read(const Filename *filename, char *passphrase,
    
    p = key->keyblob;

-    /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */
+    /* Expect the SEQUENCE header. Take its absence as a failure to
+     * decrypt, if the key was encrypted. */
    ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags);
    p += ret;
    if (ret < 0 || id != 16) {
 	errmsg = "ASN.1 decoding failure";
-	retval = SSH2_WRONG_PASSPHRASE;
+        retval = key->encrypted ? SSH2_WRONG_PASSPHRASE : NULL;
 	goto error;
    }

@ -629,7 +630,7 @@ struct ssh2_userkey *openssh_read(const Filename *filename, char *passphrase,
 	if (ret < 0 || id != 2 ||
 	    key->keyblob+key->keyblob_len-p < len) {
 	    errmsg = "ASN.1 decoding failure";
-	    retval = SSH2_WRONG_PASSPHRASE;
+	    retval = key->encrypted ? SSH2_WRONG_PASSPHRASE : NULL;
 	    goto error;
 	}