[Bug 2913] Reading PEM keys might fail if they decrypt to garbage with zero-length passprahse with new OpenSSL 1.1.0i

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Oct 6 00:16:14 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2913

--- Comment #7 from Tomas Mraz <t8m at centrum.cz> ---
What OpenSSH does is very specific - it depends on returning some
particular error codes when zero length password is passed to OpenSSL
key loading function to distinguish between invalid keys vs. encrypted
keys. I would be very surprised this would be done elsewhere unless
they actually copied the key loading logic from OpenSSH.

Anyway I can report to OpenSSL that this change introduced OpenSSH
regression and see what they have to say about it.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list