[erlang-bugs] [BUG] ssh_file:read_pem64/3 crashes on password protected private keys

Ingela Anderton Andin <>
Tue Sep 25 13:51:50 CEST 2007


Hi!

Yes we fully agree with you. It has been on the todo list for some time 
but for priority reasons
it has not yet been fixed. Alas we will probably not have time to  fix 
it for R12 but it will be fixed as
soon as we can fit it in our work schedule.

Regards Ingela - OTP team


Balint Reczey (IJ/ETH) wrote:
> Hi,
>
> I tried to connect to a machine using ssh_cm and discovered that it
> crashed badly:
>
> 5> crypto:start().
> ok
> 6> ssh:start().   
> ok
> 7> ssh_cm:connect("localhost").
>
> =ERROR REPORT==== 17-Sep-2007::14:54:56 ===
> ** Generic server <0.52.0> terminating 
> ** Last message in was {connect,<0.50.0>,"localhost",22}
> ** When Server state ==
> {state,client,undefined,16,[],[],0,[],[],undefined}
> ** Reason for termination == 
> ** {function_clause,[{ssh_bits,b64d,"-"},
>                      {ssh_bits,b64_dec,1},
>                      {ssh_bits,b64_dec,1},
>                      {ssh_bits,b64_decode,1},
>                      {ssh_file,read_pem64,3},
>                      {ssh_file,read_private_key_v2,2},
>                      {ssh_userauth,public_key,5},
>                      {ssh_userauth,auth,3}]}
> ** exited: {function_clause,[{ssh_bits,b64d,"-"},
>                              {ssh_bits,b64_dec,1},
>                              {ssh_bits,b64_dec,1},
>                              {ssh_bits,b64_decode,1},
>                              {ssh_file,read_pem64,3},
>                              {ssh_file,read_private_key_v2,2},
>                              {ssh_userauth,public_key,5},
>                              {ssh_userauth,auth,3}]} **
>
> The private keys generated with ssh-keygen has the following format when
> the password is set:
>
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,BAB972D7825B1E6D
>
> BEoV8pr0r0sR1GfPabGyKJKx3u6+IFIicba1Hy37foyJ3EicFuDWiTymLyiXMuCU
> Qm0UZv5uaSfrI7u+RjCNp7H2PCubdzy18SsqTLa6j1GBbqlx9HZtg942G3soly2i
> k2534TEBkoEJl5a/UpPFLEwALa3nb0lnCUNjqjH7jVR98Tsok1TjYHY7Tm3j8kah
>
> ...
>
> ssh_file:read_pem/2 and ssh_file:read_pem64/3 assumes that the base64
> encoded part starts right after the "-----BEGIN RSA PRIVATE KEY-----"
> line, like in a not password protected keyfile:
>
> otp_src_R11B-5/lib/ssh/src/ssh_file.erl:
>         
>         read_pem(Cs, Type) ->
>             case read_line(Cs) of
>                 {"-----BEGIN "++Rest,Cs1} ->
>                     case string:tokens(Rest, " ") of
>                         [Type, "PRIVATE", "KEY-----"] ->
>                             read_pem64(Cs1, [], Type);
>                         _ ->
>                             {error, bad_format}
>                     end;
>                 {"",Cs1} when Cs1 =/= "" ->
>                     read_pem(Cs1,Type);
>                 {_,""} ->
>                     {error, bad_format}
>             end.
>         
>         read_pem64(Cs, Acc, Type) ->
>             case read_line(Cs) of
>                 {"-----END "++Rest,_Cs1} ->
>                     case string:tokens(Rest, " ") of
>                         [Type, "PRIVATE", "KEY-----"] ->
>         
>         {ok,ssh_bits:b64_decode(append(reverse(Acc)))};
>                         Toks ->
>                             error_logger:format("ssh: TOKENS=~p\n",
>         [Toks]),
>                             {error, bad_format}
>                     end;
>                 {B64, Cs1} when Cs1 =/= "" ->
>                     read_pem64(Cs1, [B64|Acc], Type);
>                 _What ->
>                     {error, bad_format}
>             end.
>         
>
> I think it would be great to support password protected private keys, or
> just not crashing on them.
>
> Regards,
> Balint
>
>
>
>
> _______________________________________________
> erlang-bugs mailing list
> 
> http://www.erlang.org/mailman/listinfo/erlang-bugs
>
>   




More information about the erlang-bugs mailing list