From 6792bebca7c4a92f7145811fc0cd3ba8551cb8a4 Mon Sep 17 00:00:00 2001
From: Ben Schmeckpeper <ben.schmeckpeper@gmail.com>
Date: Wed, 20 Jul 2022 11:43:40 -0500
Subject: Raise an error if BCryptPbkdf doesn't give us a key

This can happen if we request fewer than 1 round or if the password or salt are
blank or keylen + ivlen is zero.
---
 lib/net/ssh/authentication/ed25519.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/net/ssh/authentication/ed25519.rb b/lib/net/ssh/authentication/ed25519.rb
index dccc64f..892000a 100644
--- a/lib/net/ssh/authentication/ed25519.rb
+++ b/lib/net/ssh/authentication/ed25519.rb
@@ -77,6 +77,7 @@ module Net
               raise "BCryptPbkdf is not implemented for jruby" if RUBY_PLATFORM == "java"
 
               key = BCryptPbkdf::key(password, salt, keylen + ivlen, rounds)
+              raise DecryptError.new("BCyryptPbkdf failed", encrypted_key: true) unless key
             else
               key = '\x00' * (keylen + ivlen)
             end
-- 
cgit v1.2.1