OpenSSH private key format errors with LibreSSL 2.7
Bernard Spil
brnrd at freebsd.org
Sun Apr 8 22:09:25 AEST 2018
Hi Brent,
For portable you add -lthr so I think that's fine. As LIBADD= thr wasn't
available in FreeBSD's base framework I opted for pthreads. Still have
to test with adding -lthr.
Cheers, Bernard.
On 2018-04-08 1:36, Brent Cook wrote:
> Hmm, that means we're missing a pthread dependency for FreeBSD by
> default in portable, I think.
>
> On Sat, Apr 7, 2018 at 6:19 PM, Bernard Spil <brnrd at freebsd.org> wrote:
>
> On 2018-04-07 21:50, Bob Beck wrote:
> So this:
>
> cipher->cipher = enc = EVP_get_cipherbyname(p);
>
> Is returning NULL
>
> and then
>
> if (enc == NULL) {
> PEMerror(PEM_R_UNSUPPORTED_ENCRYPTION);
>
> Is your failure.
>
> You need to instrument EVP_get_cipherbyname to see what's failing.
>
> the autoinit call was added there between 2.6 and 2.7 - so
> OPENSSL_init_crypto could cause you to return NULL if it
> fails - however that should only fail if your pthread_once or
> pthread_self are insane or failing.
>
> So see what thing in EVP_get_cipherbyname is failing
>
> I think you wanna intsrument EVP_
>
> On Sat, Apr 7, 2018 at 1:13 PM, Bernard Spil <brnrd at freebsd.org> wrote:
> Hi Joel,
>
> After adding that line
>
> 3769 clear_libcrypto_errors();
> 3770 if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
> 3771 (char *)passphrase)) == NULL) {
> 3772 r = convert_libcrypto_error();
> 3773 ERR_print_errors_fp(stderr);
> 3774 goto out;
> 3775 }
>
> $ bin/ssh-add ~/.ssh/id_rsa-oldformat
> 34383182280:error:09FFF072:lib(9):func(4095):reason(114):/usr/src/crypto/libressl/crypto/pem/pem_lib.c:529:
> Error loading key "/home/bernard/.ssh/id_rsa-oldformat": invalid format
>
> Cheers, Bernard.
>
> 2018-04-07 14:30 GMT+02:00 Joel Sing <joel at sing.id.au>:
> On Saturday 07 April 2018 11:50:15 Bernard Spil wrote:
> On 2018-04-07 11:24, Bernard Spil wrote:
>> On 2018-04-07 9:04, Joel Sing wrote:
>>> On Friday 06 April 2018 21:31:01 Bernard Spil wrote:
>>>> Hi,
>>>>
>>>> When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA
>>>> and
>>>> ECDSA private keys.
>>>>
>>>> Error loading key "./id_rsa": invalid format
>>>>
>>>> Rebuilding OpenSSH with LibreSSL 2.6.x fixes the issue. I had fixed
>>>> this
>>>> issue early on with LibreSSL 2.7 by converting the key to "new file
>>>> format" (to verify the ecdsa key wasn't corrupted I loaded it in
>>>>
>>>> Fail:
>>>> -----BEGIN EC PRIVATE KEY-----
>>>> Proc-Type: 4,ENCRYPTED
>>>> DEK-Info: AES-128-CBC,<snip>
>>>>
>>>> -----BEGIN RSA PRIVATE KEY-----
>>>> Proc-Type: 4,ENCRYPTED
>>>> DEK-Info: AES-128-CBC,<snip>
>>>>
>>>> Success (both keys after converting):
>>>> -----BEGIN OPENSSH PRIVATE KEY-----
>>>>
>>>> I've been digging through ssh-keygen to find a way to convert them
>>>> but
>>>> have yet to find the right knobs. -e only exports public keys.
>>>>
>>>> Currently running `make test` on OpenSSH 7.7 with LibreSSL 2.7.2.
>>>>
>>>> Any hints?
>>>
>>> What does the following say, when compiled with 2.7.2:
>>>
>>> $ openssl version
>>> $ openssl rsa -in ~/.ssh/id_rsa -noout ; echo $?
>>> $ ssh -V
>>
>> Meanwhile I've figured out that I can prevent issues if I convert the
>> private key file to new format with
>>
>> ssh-keygen -po -f keyfile
> This is a workaround - it uses an OpenSSH specific format, rather than
> OpenSSL's encrypted PEM.
>
>> I had saved my old key as id_rsa-oldformat
>>
>> $ openssl version
>> LibreSSL 2.7.2
>> $ openssl rsa -in ~/.ssh/id_rsa-oldformat -noout
>> Enter pass phrase for /home/bernard/.ssh/id_rsa-oldformat:
>> $ echo $?
>> 0
> This confirms that LibreSSL 2.7.2 can still read, decode and decrypt
> the key.
>
>> $ ssh -V
>> OpenSSH_7.2p2, LibreSSL 2.7.1
>> $ /usr/local/bin/ssh -V
>> OpenSSH_7.6p1, LibreSSL 2.7.1
>>
>> I see that I need to recompile ssh with 2.7.2, the libraries they use
>> are 2.7.2 not 2.7.1.
>>
>> Cheers, Bernard.
>
> To rule out issues with OpenSSH in base or ports on FreeBSD, I've now
> built a vanilla OpenSSH 7.7p1 linked against LibreSSL. No change.
>
> $ ./configure --prefix=$HOME/openssh
> $ make
> $ make instal
> $ cd ~/openssh/bin
> $ ./ssh -V
> OpenSSH_7.7p1, LibreSSL 2.7.2
> $ ldd ./ssh
> ./ssh:
> libcrypto.so.43 => /lib/libcrypto.so.43 (0x8008c3000)
> libutil.so.9 => /lib/libutil.so.9 (0x800cab000)
> libz.so.6 => /lib/libz.so.6 (0x800ebf000)
> libcrypt.so.5 => /lib/libcrypt.so.5 (0x8010d8000)
> libc.so.7 => /lib/libc.so.7 (0x8012f7000)
> $ ./ssh-add ~/.ssh/id_rsa-oldformat
> Error loading key "/home/bernard/.ssh/id_rsa-oldformat": invalid format
> I've built LibreSSL 2.7.2 portable and OpenSSH 7.7p1 on a clean system:
>
> $ ./ssh -V
> OpenSSH_7.7p1, LibreSSL 2.7.2
> $ ./ssh-add
> Enter passphrase for /home/joel/.ssh/id_rsa:
> Identity added: /home/joel/.ssh/id_rsa (/home/joel/.ssh/id_rsa)
>
> The only thing that really changed from 2.6.4 to 2.7.2 in this area was
> the
> auto-initialisation. I suspect that there is something with your
> environment
> that is triggering the problem. The failure you're seeing is most
> likely
> coming from the PEM_read_bio_PrivateKey() call in
> sshkey_parse_private_pem_fileblob() - adding the following after line
> 3772 of
> sshkey.c may give us some insight:
>
> ERR_print_errors_fp(stderr);
Thanks for the hint Bob! Was not linking against the thread libs. Added
that and now it's all hunkydory for base.
Cheers,
Bernard.
More information about the openssh-unix-dev
mailing list