https://bugzilla.mindrot.org/show_bug.cgi?id=2522
--- Comment #7 from Jakub Jelen <[email protected]> --- Created attachment 2844 --> https://bugzilla.mindrot.org/attachment.cgi?id=2844&action=edit Do not fallback to PEM parser, if only passphrase is wrong Thank you for the details. Now I see. When the key in new format have a passphrase, it is not accepted. There is assumption that sshkey_load_private returns SSH_ERR_KEY_WRONG_PASSPHRASE when the initial attempt without passphrase fails (which quite makes sense). But parsing the key in sshkey_parse_private_fileblob_type goes through waterfall from parsing openssh format to parsing PEM format. Current implementation depends on the assumption that sshkey_parse_private_pem_fileblob returns WRONG_PASSPHRASE for everything that it does not know which gets wrong with the above patch applied (sorry that I did miss that). Proper solution would be to pass-through WRONG_PASSPHRASE return value from sshkey_parse_private2, which indicates that the parser knows the key type, but the passphrase it wrong and do not let it fall-through to the PEM parser (which does not know the key format). I ran the tests from initial bug, from the last comments and the the regress and all test passed. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
