Re: auth_fn segfaults when reading encrypted private key in new openssh format

[Jeroen Ooms <jeroen@xxxxxxxxxxxx>]

On Mon, Mar 25, 2019 at 5:32 PM Jeroen Ooms <jeroen@xxxxxxxxxxxx> wrote:
>
> On Mon, Mar 25, 2019 at 3:25 PM Jakub Jelen <jjelen@xxxxxxxxxx> wrote:
> >
> > On Mon, 2019-03-25 at 14:16 +0100, Jeroen Ooms wrote:
> > > I'm running into a crash with libssh 0.8.6 / 0.8.90 that appears when
> > > reading an encrypted (passphrased) id_rsa in the new openssh private
> > > key format. My code looks like this:
> > >
> > >   ssh_key privkey = NULL;
> > >   ssh_pki_import_privkey_file("path/to/id_rsa, NULL,
> > > my_auth_callback,
> > > passfun, &privkey)
> > >
> > > Here my_auth_callback prompts the user for a passphrase, copies that
> > > into *buf and then returns SSH_OK. This works as expected when the
> > > private key is encypted using the classic pkcs1 format, i.e. the one
> > > that starts with:
> > >
> > >   -----BEGIN RSA PRIVATE KEY-----
> > >   Proc-Type: 4,ENCRYPTED
> > >   DEK-Info: DES-EDE3-CBC,E5E17B572446A169
> > >
> > > However, keys generated with recent versions of ssh-keygen are using
> > > the new bcrypt encrypted format, which starts with:
> > >
> > >   -----BEGIN OPENSSH PRIVATE KEY-----
> > >
> > > For these keys,  ssh_pki_import_privkey_file() segfaults immediately
> > > after the my_auth_callback has returned the password.
> >
> > Can you share the backtrace or coredump from the crash? How was this
> > new id file generated? By OpenSSH?
>
> It is generated by ssh-keygen from openssh indeed. I have confirmed
> this issue with keys generated with the default ssh-keygen settings on
> at least MacOS mojave, Debian Buster and openssh from the latest "Git
> for Windows", so it is quite prevalent now.

Btw I noticed that the documentation for libssh
"pki_private_key_decrypt" says "decrypts an encrypted ed25519 private
key blob". However openssh now uses this format as the default format
also for RSA/ECDSA keys.