[Bug 2913] Reading PEM keys might fail if they decrypt to garbage with zero-length passprahse with new OpenSSL 1.1.0i
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Oct 5 21:42:48 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2913
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
FWIW I don't see the new OpenSSL behaviour documented either. Are you
sure it's an intentioned change?
I'm sure OpenSSH isn't the only application that depended on the old
behaviour. Wouldn't it be more sensible for OpenSSL to deal with
zero-length passwords internally; by checking for a plaintext key first
and then attempting to decrypt with a zero-length password?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list