Re: ssh2 key passphrase problems in 2.9.9 on Linux

Fri, 28 Sep 2001 08:43:40 -0700 

On Fri, Sep 28, 2001 at 08:04:36PM +1000, Damien Miller wrote:
> On Thu, 27 Sep 2001, Phil Stracchino wrote:
> 
> > I have finally managed to isolate this down to the following:  For SSH2 
> > DSA and RSA keys, the OpenSSL PEM_read_PrivateKey() macro, called from 
> > authfile.c line 448:
> > 
> >     pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
> > 
> > is consistently failing and always returns NULL, whereas it should be
> > returning a EVP_PKEY struct with pk->type containing either EVP_PKEY_RSA
> > or EVP_PKEY_DSA.  As far as I can see from the OpenSSL code, this means
> > that BIO_new(BIO_s_file()) has to be returning NULL, but that's as far as
> > I can figure it out; the internals of OpenSSL are utterly impenetrable to
> > me.
> > 
> > Any suggestions, anyone?  I think I've taken this problem about as far as 
> > I can diagnose it myself.
> 
> Have you ruled out corruption of the keyfile itself? 

I have.  The keyfile works fine on the Solaris machine next to me.

> Did OpenSSL pass its own self-tests?

All of them, I believe.  On the last install I paid particular attention 
to the PEM tests, and they all passed.

> When you compiled OpenSSL or OpenSSH, did you have any old OpenSSL header
> files lying around? These are a frequent cause of weird problems.

Probably the installed headers, yes, though at this point I've installed 
0.9.6b about six times and one would think they'd all been replaced by 
now.

> You could try putting a printf() before the above call to see if the
> correct passphrase is getting passed to OpenSSL.

I've traced the execution in gdb, and as far as I can tell everything is 
correct right up to that PEM_read_PrivateKey call.


-- 
   Linux Now!   .........Because friends don't let friends use Microsoft.
  phil stracchino   ::   [EMAIL PROTECTED]   ::   [EMAIL PROTECTED]
    unix ronin     ::::   renaissance man   ::::   mystic zen biker geek
     2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to