In openssh_read(), we shouldn't ever return SSH2_WRONG_PASSPHRASE for

an unencrypted key. (The other import function, sshcom_read(), already
got this right.) Thanks to David Wedderwille for the report.

This is more than just an error-reporting mistake; it actually causes
Windows PuTTYgen to tight-loop on attempting to load a corrupt OpenSSH
key, because the 'wrong passphrase' return value causes the caller to
loop round and try again, but of course it knows the key is
unencrypted so it doesn't prompt for a different passphrase and just
tries again with no change...

git-svn-id: svn://svn.tartarus.org/sgt/putty@9643 cda61777-01e9-0310-a592-d414129be87e

diff --git a/import.c b/import.c
index 2ba2f9a..bb863d7 100644 (file)
--- a/import.c
+++ b/import.c
@@ -592,12 +592,13 @@ struct ssh2_userkey *openssh_read(const Filename *filename, char *passphrase,
     
     p = key->keyblob;
 
-    /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */
+    /* Expect the SEQUENCE header. Take its absence as a failure to
+     * decrypt, if the key was encrypted. */
     ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags);
     p += ret;
     if (ret < 0 || id != 16) {
        errmsg = "ASN.1 decoding failure";
-       retval = SSH2_WRONG_PASSPHRASE;
+        retval = key->encrypted ? SSH2_WRONG_PASSPHRASE : NULL;
        goto error;
     }
 
@@ -629,7 +630,7 @@ struct ssh2_userkey *openssh_read(const Filename *filename, char *passphrase,
        if (ret < 0 || id != 2 ||
            key->keyblob+key->keyblob_len-p < len) {
            errmsg = "ASN.1 decoding failure";
-           retval = SSH2_WRONG_PASSPHRASE;
+           retval = key->encrypted ? SSH2_WRONG_PASSPHRASE : NULL;
            goto error;
        }