Bug in ssh-keygen

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello,

I just submitted bug 2366 in bugzilla with a proposed patch for a problem I found in sshkey.c having to do with decrypting new format private keys when attempting to use GCM ciphers. Here’s more info from my bug report:

I was trying out the new OpenSSH private key format and I ran into a problem when trying to work with keys encrypted in aes128-gcm and aes256-gcm format. While ssh-keygen encrypted these keys correctly, it was not able to decrypt them. I've identified the problem as an issue with the lengths it passes into cipher_crypt() when dealing with a cipher with integrated MAC support.

Steps to reproduce:

1) Create a new format key with a command like:
      ssh-keygen -t ed25519 -N test -Z aes128-gcm@xxxxxxxxxxx -f new_key

2) Attempt to decrypt this key with a command like:
      ssh-keygen -p -P test -N '' -f new_key

With OpenSSH 6.7p1, this fails with the error "Bad passphrase" for aes128-gcm and aes256-gcm, but works correctly for other ciphers which don't include a built-in MAC. The error happens for all key types when using the new private key format.

The error is in the call inside sshkey_parse_private2() where it passes in the length of the encrypted buffer:

        if ((r = cipher_crypt(&ciphercontext, 0, dp, sshbuf_ptr(decoded),
            sshbuf_len(decoded), 0, cipher_authlen(cipher))) != 0) {

The length here should be encrypted_len, not sshbuf_len(decoded), as that includes the cipher_authlen(cipher) additional MAC bytes.

A few additional changes are needed to use encrypted_len safely here and to later properly consume the auth data. I have attached a patch which I believe fixes this problem.

With the fix, step 2 above succeeds and properly decrypts the key created in step 1.

I hope this is helpful. Thanks for your time!
-- 
Ron Frederick
ronf@xxxxxxxxxxxxx



_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux