[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: auth_fn segfaults when reading encrypted private key in new openssh format
[Thread Prev] | [Thread Next]
- Subject: Re: auth_fn segfaults when reading encrypted private key in new openssh format
- From: Jakub Jelen <jjelen@xxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Mon, 25 Mar 2019 15:24:49 +0100
- To: libssh@xxxxxxxxxx
On Mon, 2019-03-25 at 14:16 +0100, Jeroen Ooms wrote:
> I'm running into a crash with libssh 0.8.6 / 0.8.90 that appears when
> reading an encrypted (passphrased) id_rsa in the new openssh private
> key format. My code looks like this:
>
> ssh_key privkey = NULL;
> ssh_pki_import_privkey_file("path/to/id_rsa, NULL,
> my_auth_callback,
> passfun, &privkey)
>
> Here my_auth_callback prompts the user for a passphrase, copies that
> into *buf and then returns SSH_OK. This works as expected when the
> private key is encypted using the classic pkcs1 format, i.e. the one
> that starts with:
>
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,E5E17B572446A169
>
> However, keys generated with recent versions of ssh-keygen are using
> the new bcrypt encrypted format, which starts with:
>
> -----BEGIN OPENSSH PRIVATE KEY-----
>
> For these keys, ssh_pki_import_privkey_file() segfaults immediately
> after the my_auth_callback has returned the password.
Can you share the backtrace or coredump from the crash? How was this
new id file generated? By OpenSSH?
Regards,
--
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.
| Re: auth_fn segfaults when reading encrypted private key in new openssh format | Jeroen Ooms <jeroen@xxxxxxxxxxxx> |
| auth_fn segfaults when reading encrypted private key in new openssh format | Jeroen Ooms <jeroen@xxxxxxxxxxxx> |