Provide better error for non-supported private keys

Resolves: RHEL-68124

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>

openssh-9.9p1-non-supported-keys-err-msg.patch

@@ -0,0 +1,12 @@
+diff --color -ruNp a/sshkey.c b/sshkey.c
+--- a/sshkey.c	2025-04-29 11:20:59.484832762 +0200
++++ b/sshkey.c	2025-04-29 11:28:32.349323029 +0200
+@@ -3599,6 +3599,8 @@ translate_libcrypto_error(unsigned long
+ 		}
+ 	case ERR_LIB_ASN1:
+ 		return SSH_ERR_INVALID_FORMAT;
++	case ERR_LIB_OSSL_DECODER:
++		return SSH_ERR_INVALID_FORMAT;
+ 	}
+ 	return SSH_ERR_LIBCRYPTO_ERROR;
+ }

openssh.spec

@@ -210,6 +210,7 @@ Patch1022: openssh-9.9p1-openssl-mlkem.patch
 Patch1023: openssh-9.9p1-compression-directive.patch
 # upstream fc86875e6acb36401dfc1dfb6b628a9d1460f367
 Patch1024: openssh-9.9p1-disable-forwarding.patch
+Patch1025: openssh-9.9p1-non-supported-keys-err-msg.patch
 
 License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
 Requires: /sbin/nologin
@@ -399,6 +400,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
 %patch -P 1022 -p1 -b .openssl-mlkem
 %patch -P 1023 -p1 -b .compression
 %patch -P 1024 -p1 -b .disable-forwarding
+%patch -P 1025 -p1 -b .non-supported-keys-err-msg
 
 %patch -P 100 -p1 -b .coverity
 
@@ -682,6 +684,8 @@ test -f %{sysconfig_anaconda} && \
 * Tue Apr 29 2025 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-9
 - CVE-2025-32728: Fix logic error in DisableForwarding option
   Resolves: RHEL-86819
+- Provide better error for non-supported private keys
+  Resolves: RHEL-68124
 
 * Thu Mar 20 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-8
 - OpenSSH should not use its own implementation of MLKEM