[Bug 2901] ssh-keygen generates an invalid key sometimes

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=2901

--- Comment #6 from Damien Miller <djm at mindrot.org> ---
I took a look at this. It appears that what is happening is that
OpenSSL is decrypting the key with the supplied incorrect passphrase
and finding enough initial valid plaintext upon decryption to continue
doing so.

Hacking sshkey.c to print the error stack yields:

140509893265048:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
140509893265048:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:386:Type=EC_PRIVATEKEY
140509893265048:error:10092010:elliptic curve
routines:d2i_ECPrivateKey:EC lib:ec_asn1.c:1029:
140509893265048:error:100DE08E:elliptic curve
routines:OLD_EC_PRIV_DECODE:decode error:ec_ameth.c:543:
140509893265048:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1220:
140509893265048:error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:386:Type=PKCS8_PRIV_KEY_INFO
140509893265048:error:0907B00D:PEM
routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:142:

Note that all the entries in the stack are parse/format errors and
there's literally nothing in there about invalid decryption.

AFAIK there's literally no way given the OpenSSL API (or maybe the PEM
format itself) to discern between keys with invalid format and valid
keys with an incorrect passphase.

The only think I think we could do is to treat all parsing errors as
incorrect passphrases. This is ugly too and makes it hard to tell a
user when they are trying to operate on a genuinely invalid key.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.