[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auth_fn segfaults when reading encrypted private key in new openssh format


On Mon, Mar 25, 2019 at 3:25 PM Jakub Jelen <jjelen@xxxxxxxxxx> wrote:
>
> On Mon, 2019-03-25 at 14:16 +0100, Jeroen Ooms wrote:
> > I'm running into a crash with libssh 0.8.6 / 0.8.90 that appears when
> > reading an encrypted (passphrased) id_rsa in the new openssh private
> > key format. My code looks like this:
> >
> >   ssh_key privkey = NULL;
> >   ssh_pki_import_privkey_file("path/to/id_rsa, NULL,
> > my_auth_callback,
> > passfun, &privkey)
> >
> > Here my_auth_callback prompts the user for a passphrase, copies that
> > into *buf and then returns SSH_OK. This works as expected when the
> > private key is encypted using the classic pkcs1 format, i.e. the one
> > that starts with:
> >
> >   -----BEGIN RSA PRIVATE KEY-----
> >   Proc-Type: 4,ENCRYPTED
> >   DEK-Info: DES-EDE3-CBC,E5E17B572446A169
> >
> > However, keys generated with recent versions of ssh-keygen are using
> > the new bcrypt encrypted format, which starts with:
> >
> >   -----BEGIN OPENSSH PRIVATE KEY-----
> >
> > For these keys,  ssh_pki_import_privkey_file() segfaults immediately
> > after the my_auth_callback has returned the password.
>
> Can you share the backtrace or coredump from the crash? How was this
> new id file generated? By OpenSSH?

It is generated by ssh-keygen from openssh indeed. I have confirmed
this issue with keys generated with the default ssh-keygen settings on
at least MacOS mojave, Debian Buster and openssh from the latest "Git
for Windows", so it is quite prevalent now.

Do we need to build libssh with special flags to support the bcrypt
encrypted private keys? Here is an example backtrace.

* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x00007fff6250823e libsystem_kernel.dylib`__pthread_kill + 10
    frame #1: 0x00007fff625bec1c libsystem_pthread.dylib`pthread_kill + 285
    frame #2: 0x00007fff62471268 libsystem_c.dylib`__abort + 144
    frame #3: 0x00007fff62471af6 libsystem_c.dylib`__stack_chk_fail + 205
    frame #4: 0x0000000108394cad
ssh.so`pki_private_key_decrypt(blob=0x0000000100917b80, passphrase="",
ciphername="aes256-ctr", kdfname="bcrypt",
kdfoptions=0x0000000100964bb0, auth_fn=(ssh.so`my_auth_callback at
session.c:58), auth_data=0x0000000000000000) at
pki_container_openssh.c:0

Archive administrator: postmaster@lists.cynapses.org