[Bug 2913] New: Reading PEM keys might file if they decrypt to garbage with zero-length passprahse with new OpenSSL 1.1.0i

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Oct 3 20:31:37 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2913

            Bug ID: 2913
           Summary: Reading PEM keys might file if they decrypt to garbage
                    with zero-length passprahse with new OpenSSL 1.1.0i
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Keywords: patch
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 3183
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3183&action=edit
proposed patch

Some encrypted PEM keys stopped working from OpenSSH with the new
OpenSSL 1.1.0i, while they still can be used from OpenSSL. The example
key is attached to the Red Hat bugzilla [1].

After some analysis done by Tomas, there is a change in OpenSSL that
supports zero-length passprahse, that are passed by default to the PEM
decryption methods. In a rare case, the padding is decrypted
successfully with this passprahse, the garbage is passed further which
results in fail in OpenSSH.

The correct solution is to create a password callback that returns -1
to overwrite the default passphrase callback as attached in the patch.

With this patch, the ssh tools correctly ask for the passphrase, rather
than failing with invalid key error.

For more information, see the attached bugzilla [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1632902

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list