[erlang-bugs] [BUG] ssh_file:read_pem64/3 crashes on password protected private keys
Ingela Anderton Andin
ingela@REDACTED
Tue Sep 25 13:51:50 CEST 2007
Hi!
Yes we fully agree with you. It has been on the todo list for some time
but for priority reasons
it has not yet been fixed. Alas we will probably not have time to fix
it for R12 but it will be fixed as
soon as we can fit it in our work schedule.
Regards Ingela - OTP team
Balint Reczey (IJ/ETH) wrote:
> Hi,
>
> I tried to connect to a machine using ssh_cm and discovered that it
> crashed badly:
>
> 5> crypto:start().
> ok
> 6> ssh:start().
> ok
> 7> ssh_cm:connect("localhost").
>
> =ERROR REPORT==== 17-Sep-2007::14:54:56 ===
> ** Generic server <0.52.0> terminating
> ** Last message in was {connect,<0.50.0>,"localhost",22}
> ** When Server state ==
> {state,client,undefined,16,[],[],0,[],[],undefined}
> ** Reason for termination ==
> ** {function_clause,[{ssh_bits,b64d,"-"},
> {ssh_bits,b64_dec,1},
> {ssh_bits,b64_dec,1},
> {ssh_bits,b64_decode,1},
> {ssh_file,read_pem64,3},
> {ssh_file,read_private_key_v2,2},
> {ssh_userauth,public_key,5},
> {ssh_userauth,auth,3}]}
> ** exited: {function_clause,[{ssh_bits,b64d,"-"},
> {ssh_bits,b64_dec,1},
> {ssh_bits,b64_dec,1},
> {ssh_bits,b64_decode,1},
> {ssh_file,read_pem64,3},
> {ssh_file,read_private_key_v2,2},
> {ssh_userauth,public_key,5},
> {ssh_userauth,auth,3}]} **
>
> The private keys generated with ssh-keygen has the following format when
> the password is set:
>
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,BAB972D7825B1E6D
>
> BEoV8pr0r0sR1GfPabGyKJKx3u6+IFIicba1Hy37foyJ3EicFuDWiTymLyiXMuCU
> Qm0UZv5uaSfrI7u+RjCNp7H2PCubdzy18SsqTLa6j1GBbqlx9HZtg942G3soly2i
> k2534TEBkoEJl5a/UpPFLEwALa3nb0lnCUNjqjH7jVR98Tsok1TjYHY7Tm3j8kah
>
> ...
>
> ssh_file:read_pem/2 and ssh_file:read_pem64/3 assumes that the base64
> encoded part starts right after the "-----BEGIN RSA PRIVATE KEY-----"
> line, like in a not password protected keyfile:
>
> otp_src_R11B-5/lib/ssh/src/ssh_file.erl:
>
> read_pem(Cs, Type) ->
> case read_line(Cs) of
> {"-----BEGIN "++Rest,Cs1} ->
> case string:tokens(Rest, " ") of
> [Type, "PRIVATE", "KEY-----"] ->
> read_pem64(Cs1, [], Type);
> _ ->
> {error, bad_format}
> end;
> {"",Cs1} when Cs1 =/= "" ->
> read_pem(Cs1,Type);
> {_,""} ->
> {error, bad_format}
> end.
>
> read_pem64(Cs, Acc, Type) ->
> case read_line(Cs) of
> {"-----END "++Rest,_Cs1} ->
> case string:tokens(Rest, " ") of
> [Type, "PRIVATE", "KEY-----"] ->
>
> {ok,ssh_bits:b64_decode(append(reverse(Acc)))};
> Toks ->
> error_logger:format("ssh: TOKENS=~p\n",
> [Toks]),
> {error, bad_format}
> end;
> {B64, Cs1} when Cs1 =/= "" ->
> read_pem64(Cs1, [B64|Acc], Type);
> _What ->
> {error, bad_format}
> end.
>
>
> I think it would be great to support password protected private keys, or
> just not crashing on them.
>
> Regards,
> Balint
>
>
>
>
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://www.erlang.org/mailman/listinfo/erlang-bugs
>
>
More information about the erlang-bugs
mailing list