2754 – ssh-keygen.exe returns invalid format when passphrase is not empty when WITH_OPENSSL is not defined.

Bug 2754 - ssh-keygen.exe returns invalid format when passphrase is not empty when WITH_OPENSSL is not defined.

Summary: ssh-keygen.exe returns invalid format when passphrase is not empty when WITH_...

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-keygen (show other bugs)
Version:	7.5p1
Hardware:	amd64 All

Importance:	P5 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_7_6
	Show dependency tree / graph

Reported:	2017-08-05 07:51 AEST by bingbing8
Modified:	2018-04-06 12:26 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description bingbing8 2017-08-05 07:51:10 AEST

on a build without OpenSSL,

ssh-keygen.exe -t ed25519 -P Bull -f C:\mspctl\openssh\id_ED25519
Generating public/private ed25519 key pair.
Saving key "C:\\mspctl\\openssh\\id_ED25519" failed: invalid argument

This occurs when we compile on windows, but we believe it also repros on other os.

The cause is that when passphrase is not empty, ciphername is assigned to DEFAULT_CIPHERNAME("aes256-cbc") at the following line in function sshkey_private_to_blob2, but "aes256-cbc" is not valid in ciphers array when WITH_OPENSSL is 0

	if (passphrase == NULL || !strlen(passphrase)) {
		ciphername = "none";
		kdfname = "none";
	} else if (ciphername == NULL)
		ciphername = DEFAULT_CIPHERNAME;

Comment 1 Damien Miller 2017-08-15 17:14:11 AEST

This was fixed in commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2 and will be in OpenSSH 7.6. Thanks!

Comment 2 Damien Miller 2018-04-06 12:26:34 AEST

Close all resolved bugs after release of OpenSSH 7.7.