diff --git a/CHANGELOG.md b/CHANGELOG.md index b2b602aa..abe7625d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 3.0.37 - 2024-03-02 + +- SSH2: don't set stream timeout if timeout is 0 (#1986) + ## 3.0.36 - 2024-02-25 - BigInteger: put guardrails on isPrime() and randomPrime() (CVE-2024-27354) diff --git a/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php b/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php index 6a614caa..4bbeffe1 100644 --- a/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php +++ b/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php @@ -20,6 +20,7 @@ namespace phpseclib3\Crypt\Common\Formats\Keys; use phpseclib3\Common\Functions\Strings; use phpseclib3\Crypt\AES; use phpseclib3\Crypt\Random; +use phpseclib3\Exception\BadDecryptionException; use phpseclib3\Exception\RuntimeException; use phpseclib3\Exception\UnexpectedValueException; @@ -97,7 +98,7 @@ abstract class OpenSSH $crypto->setPassword($password, 'bcrypt', $salt, $rounds, 32); break; default: - throw new RuntimeException('The only supported cipherse are: none, aes256-ctr (' . $ciphername . ' is being used)'); + throw new RuntimeException('The only supported ciphers are: none, aes256-ctr (' . $ciphername . ' is being used)'); } [$publicKey, $paddedKey] = Strings::unpackSSH2('ss', $key); @@ -108,7 +109,10 @@ abstract class OpenSSH [$checkint1, $checkint2] = Strings::unpackSSH2('NN', $paddedKey); // any leftover bytes in $paddedKey are for padding? but they should be sequential bytes. eg. 1, 2, 3, etc. if ($checkint1 != $checkint2) { - throw new RuntimeException('The two checkints do not match'); + if (isset($crypto)) { + throw new BadDecryptionException('Unable to decrypt key - please verify the password you are using'); + } + throw new RuntimeException("The two checkints do not match ($checkint1 vs. $checkint2)"); } self::checkType($type);