Merge branch '3.0'

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## 3.0.37 - 2024-03-02
+
+- SSH2: don't set stream timeout if timeout is 0 (#1986)
+
 ## 3.0.36 - 2024-02-25
 
 - BigInteger: put guardrails on isPrime() and randomPrime() (CVE-2024-27354)

phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php

@@ -20,6 +20,7 @@
 use phpseclib3\Common\Functions\Strings;
 use phpseclib3\Crypt\AES;
 use phpseclib3\Crypt\Random;
+use phpseclib3\Exception\BadDecryptionException;
 use phpseclib3\Exception\RuntimeException;
 use phpseclib3\Exception\UnexpectedValueException;
 
@@ -97,7 +98,7 @@ public static function load($key, ?string $password = null): array
                     $crypto->setPassword($password, 'bcrypt', $salt, $rounds, 32);
                     break;
                 default:
-                    throw new RuntimeException('The only supported cipherse are: none, aes256-ctr (' . $ciphername . ' is being used)');
+                    throw new RuntimeException('The only supported ciphers are: none, aes256-ctr (' . $ciphername . ' is being used)');
             }
 
             [$publicKey, $paddedKey] = Strings::unpackSSH2('ss', $key);
@@ -108,7 +109,10 @@ public static function load($key, ?string $password = null): array
             [$checkint1, $checkint2] = Strings::unpackSSH2('NN', $paddedKey);
             // any leftover bytes in $paddedKey are for padding? but they should be sequential bytes. eg. 1, 2, 3, etc.
             if ($checkint1 != $checkint2) {
-                throw new RuntimeException('The two checkints do not match');
+                if (isset($crypto)) {
+                    throw new BadDecryptionException('Unable to decrypt key - please verify the password you are using');
+                }
+                throw new RuntimeException("The two checkints do not match ($checkint1 vs. $checkint2)");
             }
             self::checkType($type);