OpenSSH private key format errors with LibreSSL 2.7

Sun Apr 8 05:13:53 AEST 2018

Hi Joel,

After adding that line

3769         clear_libcrypto_errors();
3770         if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
3771             (char *)passphrase)) == NULL) {
3772                 r = convert_libcrypto_error();
3773 ERR_print_errors_fp(stderr);
3774                 goto out;
3775         }

$ bin/ssh-add ~/.ssh/id_rsa-oldformat
34383182280:error:09FFF072:lib(9):func(4095):reason(114):/usr/src/crypto/libressl/crypto/pem/pem_lib.c:529:
Error loading key "/home/bernard/.ssh/id_rsa-oldformat": invalid format

Cheers, Bernard.

2018-04-07 14:30 GMT+02:00 Joel Sing <joel at sing.id.au>:
> On Saturday 07 April 2018 11:50:15 Bernard Spil wrote:
>> On 2018-04-07 11:24, Bernard Spil wrote:
>> > On 2018-04-07 9:04, Joel Sing wrote:
>> >> On Friday 06 April 2018 21:31:01 Bernard Spil wrote:
>> >>> Hi,
>> >>>
>> >>> When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA
>> >>> and
>> >>> ECDSA private keys.
>> >>>
>> >>>      Error loading key "./id_rsa": invalid format
>> >>>
>> >>> Rebuilding OpenSSH with LibreSSL 2.6.x fixes the issue. I had fixed
>> >>> this
>> >>> issue early on with LibreSSL 2.7 by converting the key to "new file
>> >>> format" (to verify the ecdsa key wasn't corrupted I loaded it in
>> >>>
>> >>> Fail:
>> >>> -----BEGIN EC PRIVATE KEY-----
>> >>> Proc-Type: 4,ENCRYPTED
>> >>> DEK-Info: AES-128-CBC,<snip>
>> >>>
>> >>> -----BEGIN RSA PRIVATE KEY-----
>> >>> Proc-Type: 4,ENCRYPTED
>> >>> DEK-Info: AES-128-CBC,<snip>
>> >>>
>> >>> Success (both keys after converting):
>> >>> -----BEGIN OPENSSH PRIVATE KEY-----
>> >>>
>> >>> I've been digging through ssh-keygen to find a way to convert them
>> >>> but
>> >>> have yet to find the right knobs. -e only exports public keys.
>> >>>
>> >>> Currently running `make test` on OpenSSH 7.7 with LibreSSL 2.7.2.
>> >>>
>> >>> Any hints?
>> >>
>> >> What does the following say, when compiled with 2.7.2:
>> >>
>> >> $ openssl version
>> >> $ openssl rsa -in ~/.ssh/id_rsa -noout ; echo $?
>> >> $ ssh -V
>> >
>> > Meanwhile I've figured out that I can prevent issues if I convert the
>> > private key file to new format with
>> >
>> >    ssh-keygen -po -f keyfile
>
> This is a workaround - it uses an OpenSSH specific format, rather than
> OpenSSL's encrypted PEM.
>
>> > I had saved my old key as id_rsa-oldformat
>> >
>> > $ openssl version
>> > LibreSSL 2.7.2
>> > $ openssl rsa -in ~/.ssh/id_rsa-oldformat -noout
>> > Enter pass phrase for /home/bernard/.ssh/id_rsa-oldformat:
>> > $ echo $?
>> > 0
>
> This confirms that LibreSSL 2.7.2 can still read, decode and decrypt the key.
>
>> > $ ssh -V
>> > OpenSSH_7.2p2, LibreSSL 2.7.1
>> > $ /usr/local/bin/ssh -V
>> > OpenSSH_7.6p1, LibreSSL 2.7.1
>> >
>> > I see that I need to recompile ssh with 2.7.2, the libraries they use
>> > are 2.7.2 not 2.7.1.
>> >
>> > Cheers, Bernard.
>>
>> To rule out issues with OpenSSH in base or ports on FreeBSD, I've now
>> built a vanilla OpenSSH 7.7p1 linked against LibreSSL. No change.
>>
>> $ ./configure --prefix=$HOME/openssh
>> $ make
>> $ make instal
>> $ cd ~/openssh/bin
>> $ ./ssh -V
>> OpenSSH_7.7p1, LibreSSL 2.7.2
>> $ ldd ./ssh
>> ./ssh:
>>          libcrypto.so.43 => /lib/libcrypto.so.43 (0x8008c3000)
>>          libutil.so.9 => /lib/libutil.so.9 (0x800cab000)
>>          libz.so.6 => /lib/libz.so.6 (0x800ebf000)
>>          libcrypt.so.5 => /lib/libcrypt.so.5 (0x8010d8000)
>>          libc.so.7 => /lib/libc.so.7 (0x8012f7000)
>> $ ./ssh-add ~/.ssh/id_rsa-oldformat
>> Error loading key "/home/bernard/.ssh/id_rsa-oldformat": invalid format
>
> I've built LibreSSL 2.7.2 portable and OpenSSH 7.7p1 on a clean system:
>
> $ ./ssh -V
> OpenSSH_7.7p1, LibreSSL 2.7.2
> $ ./ssh-add
> Enter passphrase for /home/joel/.ssh/id_rsa:
> Identity added: /home/joel/.ssh/id_rsa (/home/joel/.ssh/id_rsa)
>
> The only thing that really changed from 2.6.4 to 2.7.2 in this area was the
> auto-initialisation. I suspect that there is something with your environment
> that is triggering the problem. The failure you're seeing is most likely
> coming from the PEM_read_bio_PrivateKey() call in
> sshkey_parse_private_pem_fileblob() - adding the following after line 3772 of
> sshkey.c may give us some insight:
>
>   ERR_print_errors_fp(stderr);
>