[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Passphrase not working for ssh_pki_export_privkey_file
[Thread Prev] | [Thread Next]
- Subject: Re: Passphrase not working for ssh_pki_export_privkey_file
- From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Thu, 04 Jan 2018 15:25:23 +0100
- To: libssh@xxxxxxxxxx
On Sunday, 8 February 2015 11:17:39 CET Julian Lunz wrote: > On Fri, 06 Feb 2015 09:35:56 +0100 > > Andreas Schneider <asn@xxxxxxxxxxxxxx> wrote: > > On Thursday 05 February 2015 16:21:03 Julian Lunz wrote: > > > I had time to dig a bit further. > > > > > > The function pki_private_key_to_pem in src/pki_crypto.c +554 > > > is missing a cipher in case of passphrase != NULL. > > > > > > ssh-keygen uses AES-128-CBC therefore this is used in the attached > > > patch. > > > > > > Is the mailing list the preferred way for patches or better via > > > Redmine? > > > > Thank you very much for your contribution. It is fine to send patches > > to the mailing list. > > > > However to add the patch to the libssh repository we also need a test > > for it! > > > > Please take a look at tests/unittests/torture_pki.c and add a test. > > You get the unit tests if you install cmocka [1] and run 'cmake > > -DUNIT_TESTING=ON ..' > > > > > > Cheers, > > > > -- andreas > > > > [1] http://cmocka.org > > Sure, please find attached a patch series with tests included. > > # 0001-Fix-pki_private_key_to_pem-by-adding-cipher.patch > Contains the fix which adds cipher to ssh_string pki_private_key_to_pem. > > > # 0002-tests-Add-encrypted-keys-export-for-rsa-dsa-ecdsa.patch > Contains updated test for torture_pki_write_privkey_[rsa,dsa,ecdsa] > + added private keys for ecdsa. > > > I changed the existing calls to ssh_pki_export_privkey_file which had > "" as a passhrase since NULL != "". > > If PEM_write_bio_RSAPrivateKey has no cipher set, as it was before 0001, > keys are always written in unencrypted form. > > The documentation for ssh_pki_export_privkey_file says: > > passphrase The passphrase to use to encrypt the key with or > NULL. An empty string means no passphrase. > > If this should behave like that a check for an empty string in addition > to check for NULL is needed. Hi Julian, looks like we totally forgot about your patchset. Sorry for that! Could you please resend it with your Sign-Off and rebase on master? Also strange is that the test asks for a password. Thanks, Andreas -- Andreas Schneider GPG-ID: CC014E3D www.cryptomilk.org asn@xxxxxxxxxxxxxx
Archive administrator: postmaster@lists.cynapses.org