diff options
| author | Filippo Valsorda <hi@filippo.io> | 2019-11-17 18:43:54 -0500 |
|---|---|---|
| committer | Filippo Valsorda <filippo@golang.org> | 2019-12-05 16:18:47 +0000 |
| commit | 0a08dada0ff98d02f3864a23ae8d27cb8fba5303 (patch) | |
| tree | 52bdafe97d3886509ad71575af7fbb8a7efc119b /ssh/testdata/keys.go | |
| parent | 86a70503ff7e82ffc18c7b0de83db35da4791e6a (diff) | |
| download | go-x-crypto-0a08dada0ff98d02f3864a23ae8d27cb8fba5303.tar.xz | |
ssh: reject unencrypted keys from ParsePrivateKeyWithPassphrase
The behavior of ParsePrivateKeyWithPassphrase when the key is
unencrypted is unspecified. Currently, it just parses them like
ParsePrivateKey, which is unlikely to be what anyone wants: for us to
ignore a passphrase that they explicitly passed. It also makes the
implementation of encrypted OpenSSH keys in the next CL more confused.
Instead, make ParsePrivateKey return a PassphraseNeededError, so the
application logic can be ParsePrivateKey -> detect encrypted key ->
obtain passphrase -> ParsePrivateKeyWithPassphrase. That error will also
let us return the public key for OpenSSH keys.
Change-Id: Ife4fb2499ae538bef36e353adf9bc8e902662386
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/207599
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Diffstat (limited to 'ssh/testdata/keys.go')
| -rw-r--r-- | ssh/testdata/keys.go | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ssh/testdata/keys.go b/ssh/testdata/keys.go index 90181bc..0df38cd 100644 --- a/ssh/testdata/keys.go +++ b/ssh/testdata/keys.go @@ -164,9 +164,10 @@ var SSHCertificates = map[string][]byte{ } var PEMEncryptedKeys = []struct { - Name string - EncryptionKey string - PEMBytes []byte + Name string + EncryptionKey string + IncludesPublicKey bool + PEMBytes []byte }{ 0: { Name: "rsa-encrypted", |