[Bug 2913] Reading PEM keys might fail if they decrypt to garbage with zero-length passprahse with new OpenSSL 1.1.0i
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Oct 6 00:16:14 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2913
--- Comment #7 from Tomas Mraz <t8m at centrum.cz> ---
What OpenSSH does is very specific - it depends on returning some
particular error codes when zero length password is passed to OpenSSL
key loading function to distinguish between invalid keys vs. encrypted
keys. I would be very surprised this would be done elsewhere unless
they actually copied the key loading logic from OpenSSH.
Anyway I can report to OpenSSL that this change introduced OpenSSH
regression and see what they have to say about it.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list