[Bug 2913] Reading PEM keys might fail if they decrypt to garbage with zero-length passprahse with new OpenSSL 1.1.0i

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Oct 8 17:26:59 AEDT 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2913

--- Comment #11 from Jakub Jelen <jjelen at redhat.com> ---
(In reply to Damien Miller from comment #10)
> Does the patch attached to bug 2901 avoid this?

You can try that yourself with the key attached to the bug referenced
in the bug description.

It does not solve the problem. Running the same test with your patch
gives to following:

$ SSH_AUTH_SOCK= ./ssh -i invalid_key -F /dev/null localhost 
error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
Load key "invalid_key": invalid format

The reason why is that had_passphrase is 0 (passphrase is zero-length)
and therefore we return SSH_ERR_INVALID_FORMAT from the
translate_libcrypto_error().

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list