OpenSSH private key format errors with LibreSSL 2.7

Bernard Spil brnrd at freebsd.org
Sun Apr 8 09:19:13 AEST 2018 

On 2018-04-07 21:50, Bob Beck wrote:
> So this:
> 
>          cipher->cipher = enc = EVP_get_cipherbyname(p);
> 
> Is returning NULL
> 
> and then
> 
>         if (enc == NULL) {
>                 PEMerror(PEM_R_UNSUPPORTED_ENCRYPTION);
> 
> Is your failure.
> 
> 
> You need to instrument EVP_get_cipherbyname to see what's failing.
> 
> the autoinit call was added there between 2.6 and 2.7 - so
> OPENSSL_init_crypto could cause you to return NULL if it
> fails - however that should only fail if your pthread_once or
> pthread_self are insane or failing.
> 
> So see what thing in EVP_get_cipherbyname is failing
> 
> I think you wanna intsrument EVP_
> 
> On Sat, Apr 7, 2018 at 1:13 PM, Bernard Spil <brnrd at freebsd.org> wrote:
>> Hi Joel,
>> 
>> After adding that line
>> 
>> 3769         clear_libcrypto_errors();
>> 3770         if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
>> 3771             (char *)passphrase)) == NULL) {
>> 3772                 r = convert_libcrypto_error();
>> 3773 ERR_print_errors_fp(stderr);
>> 3774                 goto out;
>> 3775         }
>> 
>> $ bin/ssh-add ~/.ssh/id_rsa-oldformat
>> 34383182280:error:09FFF072:lib(9):func(4095):reason(114):/usr/src/crypto/libressl/crypto/pem/pem_lib.c:529:
>> Error loading key "/home/bernard/.ssh/id_rsa-oldformat": invalid 
>> format
>> 
>> Cheers, Bernard.
>> 
>> 2018-04-07 14:30 GMT+02:00 Joel Sing <joel at sing.id.au>:
>>> On Saturday 07 April 2018 11:50:15 Bernard Spil wrote:
>>>> On 2018-04-07 11:24, Bernard Spil wrote:
>>>> > On 2018-04-07 9:04, Joel Sing wrote:
>>>> >> On Friday 06 April 2018 21:31:01 Bernard Spil wrote:
>>>> >>> Hi,
>>>> >>>
>>>> >>> When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA
>>>> >>> and
>>>> >>> ECDSA private keys.
>>>> >>>
>>>> >>>      Error loading key "./id_rsa": invalid format
>>>> >>>
>>>> >>> Rebuilding OpenSSH with LibreSSL 2.6.x fixes the issue. I had fixed
>>>> >>> this
>>>> >>> issue early on with LibreSSL 2.7 by converting the key to "new file
>>>> >>> format" (to verify the ecdsa key wasn't corrupted I loaded it in
>>>> >>>
>>>> >>> Fail:
>>>> >>> -----BEGIN EC PRIVATE KEY-----
>>>> >>> Proc-Type: 4,ENCRYPTED
>>>> >>> DEK-Info: AES-128-CBC,<snip>
>>>> >>>
>>>> >>> -----BEGIN RSA PRIVATE KEY-----
>>>> >>> Proc-Type: 4,ENCRYPTED
>>>> >>> DEK-Info: AES-128-CBC,<snip>
>>>> >>>
>>>> >>> Success (both keys after converting):
>>>> >>> -----BEGIN OPENSSH PRIVATE KEY-----
>>>> >>>
>>>> >>> I've been digging through ssh-keygen to find a way to convert them
>>>> >>> but
>>>> >>> have yet to find the right knobs. -e only exports public keys.
>>>> >>>
>>>> >>> Currently running `make test` on OpenSSH 7.7 with LibreSSL 2.7.2.
>>>> >>>
>>>> >>> Any hints?
>>>> >>
>>>> >> What does the following say, when compiled with 2.7.2:
>>>> >>
>>>> >> $ openssl version
>>>> >> $ openssl rsa -in ~/.ssh/id_rsa -noout ; echo $?
>>>> >> $ ssh -V
>>>> >
>>>> > Meanwhile I've figured out that I can prevent issues if I convert the
>>>> > private key file to new format with
>>>> >
>>>> >    ssh-keygen -po -f keyfile
>>> 
>>> This is a workaround - it uses an OpenSSH specific format, rather 
>>> than
>>> OpenSSL's encrypted PEM.
>>> 
>>>> > I had saved my old key as id_rsa-oldformat
>>>> >
>>>> > $ openssl version
>>>> > LibreSSL 2.7.2
>>>> > $ openssl rsa -in ~/.ssh/id_rsa-oldformat -noout
>>>> > Enter pass phrase for /home/bernard/.ssh/id_rsa-oldformat:
>>>> > $ echo $?
>>>> > 0
>>> 
>>> This confirms that LibreSSL 2.7.2 can still read, decode and decrypt 
>>> the key.
>>> 
>>>> > $ ssh -V
>>>> > OpenSSH_7.2p2, LibreSSL 2.7.1
>>>> > $ /usr/local/bin/ssh -V
>>>> > OpenSSH_7.6p1, LibreSSL 2.7.1
>>>> >
>>>> > I see that I need to recompile ssh with 2.7.2, the libraries they use
>>>> > are 2.7.2 not 2.7.1.
>>>> >
>>>> > Cheers, Bernard.
>>>> 
>>>> To rule out issues with OpenSSH in base or ports on FreeBSD, I've 
>>>> now
>>>> built a vanilla OpenSSH 7.7p1 linked against LibreSSL. No change.
>>>> 
>>>> $ ./configure --prefix=$HOME/openssh
>>>> $ make
>>>> $ make instal
>>>> $ cd ~/openssh/bin
>>>> $ ./ssh -V
>>>> OpenSSH_7.7p1, LibreSSL 2.7.2
>>>> $ ldd ./ssh
>>>> ./ssh:
>>>>          libcrypto.so.43 => /lib/libcrypto.so.43 (0x8008c3000)
>>>>          libutil.so.9 => /lib/libutil.so.9 (0x800cab000)
>>>>          libz.so.6 => /lib/libz.so.6 (0x800ebf000)
>>>>          libcrypt.so.5 => /lib/libcrypt.so.5 (0x8010d8000)
>>>>          libc.so.7 => /lib/libc.so.7 (0x8012f7000)
>>>> $ ./ssh-add ~/.ssh/id_rsa-oldformat
>>>> Error loading key "/home/bernard/.ssh/id_rsa-oldformat": invalid 
>>>> format
>>> 
>>> I've built LibreSSL 2.7.2 portable and OpenSSH 7.7p1 on a clean 
>>> system:
>>> 
>>> $ ./ssh -V
>>> OpenSSH_7.7p1, LibreSSL 2.7.2
>>> $ ./ssh-add
>>> Enter passphrase for /home/joel/.ssh/id_rsa:
>>> Identity added: /home/joel/.ssh/id_rsa (/home/joel/.ssh/id_rsa)
>>> 
>>> The only thing that really changed from 2.6.4 to 2.7.2 in this area 
>>> was the
>>> auto-initialisation. I suspect that there is something with your 
>>> environment
>>> that is triggering the problem. The failure you're seeing is most 
>>> likely
>>> coming from the PEM_read_bio_PrivateKey() call in
>>> sshkey_parse_private_pem_fileblob() - adding the following after line 
>>> 3772 of
>>> sshkey.c may give us some insight:
>>> 
>>>   ERR_print_errors_fp(stderr);
>>> 
>> 

Thanks for the hint Bob! Was not linking against the thread libs. Added 
that and now it's all hunkydory for base.

Cheers,

Bernard.

More information about the openssh-unix-dev mailing list