From 6b1513e79a3244ccd5879fdd3399ea97f87f16f9 Mon Sep 17 00:00:00 2001
From: Jeff Forcier <jeff@bitprophet.org>
Date: Sun, 28 Nov 2021 15:25:33 -0500
Subject: Catch TypeError and UnsupportedAlgorithm when using Cryptography to
 load private key material

Prior to this change, these exceptions bubble up as-is instead of becoming
SSHException instances like most other key-loading errors
---
 paramiko/ecdsakey.py | 9 +++++++--
 paramiko/rsakey.py   | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/paramiko/ecdsakey.py b/paramiko/ecdsakey.py
index 05bd10f9..b609d130 100644
--- a/paramiko/ecdsakey.py
+++ b/paramiko/ecdsakey.py
@@ -20,7 +20,7 @@
 ECDSA keys
 """
 
-from cryptography.exceptions import InvalidSignature
+from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ec
@@ -288,7 +288,12 @@ class ECDSAKey(PKey):
                 key = serialization.load_der_private_key(
                     data, password=None, backend=default_backend()
                 )
-            except (ValueError, AssertionError) as e:
+            except (
+                ValueError,
+                AssertionError,
+                TypeError,
+                UnsupportedAlgorithm,
+            ) as e:
                 raise SSHException(str(e))
         elif pkformat == self._PRIVATE_KEY_FORMAT_OPENSSH:
             try:
diff --git a/paramiko/rsakey.py b/paramiko/rsakey.py
index 142dd278..292d0ccc 100644
--- a/paramiko/rsakey.py
+++ b/paramiko/rsakey.py
@@ -20,7 +20,7 @@
 RSA keys.
 """
 
-from cryptography.exceptions import InvalidSignature
+from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import rsa, padding
@@ -185,7 +185,7 @@ class RSAKey(PKey):
                 key = serialization.load_der_private_key(
                     data, password=None, backend=default_backend()
                 )
-            except ValueError as e:
+            except (ValueError, TypeError, UnsupportedAlgorithm) as e:
                 raise SSHException(str(e))
         elif pkformat == self._PRIVATE_KEY_FORMAT_OPENSSH:
             n, e, d, iqmp, p, q = self._uint32_cstruct_unpack(data, "iiiiii")
-- 
cgit v1.2.3