[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auth_fn segfaults when reading encrypted private key in new openssh format

On Mon, 2019-03-25 at 14:16 +0100, Jeroen Ooms wrote:
> I'm running into a crash with libssh 0.8.6 / 0.8.90 that appears when
> reading an encrypted (passphrased) id_rsa in the new openssh private
> key format. My code looks like this:
>   ssh_key privkey = NULL;
>   ssh_pki_import_privkey_file("path/to/id_rsa, NULL,
> my_auth_callback,
> passfun, &privkey)
> Here my_auth_callback prompts the user for a passphrase, copies that
> into *buf and then returns SSH_OK. This works as expected when the
> private key is encypted using the classic pkcs1 format, i.e. the one
> that starts with:
>   Proc-Type: 4,ENCRYPTED
>   DEK-Info: DES-EDE3-CBC,E5E17B572446A169
> However, keys generated with recent versions of ssh-keygen are using
> the new bcrypt encrypted format, which starts with:
> For these keys,  ssh_pki_import_privkey_file() segfaults immediately
> after the my_auth_callback has returned the password.

I just tried to write simple reproducer, but it works for me


The only thing that is missing from your example is passing the
userdata, but that should really not be a problem. Are you sure you are
not handling some memory wrongly?

Can you check if you can reproduce it with this simple source core or
adjust it to reproduce it?

Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.

Archive administrator: postmaster@lists.cynapses.org