load_private_key hell

Thu Aug 3 08:05:44 EST 2000

NOTE: If you know how to properly use load_private_key for dsa keys and 
NOTE: don't want to read my long post, simply reply with that info and
NOTE: I will really appreciate it.  thanks.

I've been playing with the source code and trying to create extra
apps.  All has been going well except the fact that I can't load a dsa
private key.  To highlight my problem I stole some code directly from
sshconnect2.c (which loads the dsa private key) and put it in a test
program, and it still doesn't work. The source will follow this message.
Then I got out my trusty copy of gdb.  I ran it on ssh and on my test
program, simultaneously.  While running I checked that the arguments to
load_private_key were identical in ssh and my test program for both times
they are called. I continued checking like this for every function call
inside load_private_key.  The first difference I noticed was in
load_private_key_dsa.  After it calls: in = BIO_new(BIO_s_file()); The
"in" stucture in my test program and ssh are identical except for
in->ex_data->dummy  which is 0 in ssh and 1886999597 in my program!?!  I
don't know how that happens, since that function takes no arguments. I'm
guessing some sort of global variable?  Also with the BIO functions I am
now into undocumented openssl code. yay!  Anyway, Since everything else
was identical I just set in->ex_data->dummy to 0 in gdb and let it run but
it still failed.  Next I let it go all the way to 
PEM_read_bio_DSAPrivateKey (more undocumented openssl code) without
changing in->ex_data->dummy.  Then I single instruction step all the way
through PEM_read_bio_DSAPrivateKey and I find something really odd.  Deep
in the middle of some library with no debuging info I get a big difference
between ssh and my test program.  In ssh I get:
_IO_fgets (buf=0xbffff0bc "", n=1, fp=0x6) at iofgets.c:34
34      in iofgets.c
which looks ok.  But in my program I get:
_IO_fgets (buf=0x5 <Address 0x5 out of bounds>, n=5, fp=0xa544156)
    at iofgets.c:34
34      in iofgets.c
Which is obviously broken, and it looks like somehow buf and fp have been
mixed up.  Anyway if sombody could give me any idea of how
load_private_key for dsa keys is supposed to work, I would really
appreciate it.

Adam Bentitou  

#include "includes.h"
#include <openssl/hmac.h>
#include "buffer.h"
#include "bufaux.h"
#include "ssh.h"
#include "xmalloc.h"
#include "rsa.h"
#include "ssh2.h"
#include "kex.h"
#include "key.h"
#include "dsa.h"
#include "authfile.h"

int main (int argc, char *argv[])
{
        Key *k;
        struct stat st;
        char *filename="/home/sun1/amb/.ssh/id_dsa";

        if (stat(filename, &st) != 0) {
                debug("key does not exist: %s", filename);
                return 0;
        }

        k = key_new(KEY_DSA);
        if (!load_private_key(filename, "", k, NULL)) {
                int success = 0;
                char *passphrase;
                char prompt[300];
                snprintf(prompt, sizeof prompt,
                     "Enter passphrase for DSA key '%.100s': ",
                     filename);
                passphrase = read_passphrase(prompt, 0);
                success = load_private_key(filename, passphrase, k, NULL);
                memset(passphrase, 0, strlen(passphrase));
                xfree(passphrase);
                if (!success) {
                        key_free(k);
                        printf("FAILURE\n");
                        exit(0);
                }
                printf("SUCCESS!\n");
        }
}