[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auth_fn segfaults when reading encrypted private key in new openssh format

On Mon, 2019-03-25 at 14:16 +0100, Jeroen Ooms wrote:
> I'm running into a crash with libssh 0.8.6 / 0.8.90 that appears when
> reading an encrypted (passphrased) id_rsa in the new openssh private
> key format. My code looks like this:
>   ssh_key privkey = NULL;
>   ssh_pki_import_privkey_file("path/to/id_rsa, NULL,
> my_auth_callback,
> passfun, &privkey)
> Here my_auth_callback prompts the user for a passphrase, copies that
> into *buf and then returns SSH_OK. This works as expected when the
> private key is encypted using the classic pkcs1 format, i.e. the one
> that starts with:
>   Proc-Type: 4,ENCRYPTED
>   DEK-Info: DES-EDE3-CBC,E5E17B572446A169
> However, keys generated with recent versions of ssh-keygen are using
> the new bcrypt encrypted format, which starts with:
> For these keys,  ssh_pki_import_privkey_file() segfaults immediately
> after the my_auth_callback has returned the password.

Can you share the backtrace or coredump from the crash? How was this
new id file generated? By OpenSSH?

Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.

Archive administrator: postmaster@lists.cynapses.org