2895 – ecdsa key invalid format after upgrade

Bug 2895 - ecdsa key invalid format after upgrade

Summary: ecdsa key invalid format after upgrade

Status:	CLOSED INVALID

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-add (show other bugs)
Version:	7.7p1
Hardware:	All Linux

Importance:	P5 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-08-14 20:02 AEST by Rej
Modified:	2021-03-04 09:53 AEDT (History)
CC List:	2 users (show)

See Also:

Attachments
ECDSA private key reproducing a problem (975 bytes, application/octet-stream) 2018-08-15 16:52 AEST, Jakub Jelen	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rej 2018-08-14 20:02:41 AEST

after upgrade RHED6.8 to Fedora28 (ssh v6 to v7) I'm not able to load ECDSA key, ssh is telling it has invalid format

RedHat support was able to reproduce this bug too:
https://bugzilla.redhat.com/show_bug.cgi?id=1610222

Why I think problem is in SSH ? 

Because openssl has new option check - and it is telling, that private key is OK.

Thanks for your time.

Comment 1 Damien Miller 2018-08-15 11:56:08 AEST

Which exact version of OpenSSH generated they key? What is the output of "ssh-keygen -vvvlf /path/key"?

Comment 2 Rej 2018-08-15 16:00:24 AEST

Hi, 

I used CentOS v6.9 to reproduce this problem - there is openssh in version openssh-5.3p1-123.el6_9.x86_64 and it can load and use my key without problem.

On Fedora28 there is openssh-7.7p1-5.fc28.x86_64
and it tells me:
$ ssh-add id_ecdsa
Error loading key "id_ecdsa": invalid format

here is output you requested:
$ ssh-keygen -vvvlf id_ecdsa
521 SHA256:fMK7A1KpalIDhzir46fTHj9GNIWVXsdsmTL9sCrUvkw Rej (ECDSA)
+---[ECDSA 521]---+
|      o.. + o    |
|     . o + X     |
|..    o.o = +    |
|= .  oo= . . .   |
| =  .oo S o      |
|. o o... E       |
|...+.. .= .      |
|+.oooo  .+       |
|.*=.... ..       |
+----[SHA256]-----+

Comment 3 Damien Miller 2018-08-15 16:48:40 AEST

OpenSSH added ECDSA support in release 5.7 (https://www.openssh.com/txt/release-5.7), so I don't understand how you generated an ECDSA key using OpenSSH 5.3.

Comment 4 Jakub Jelen 2018-08-15 16:52:51 AEST

Created attachment 3169 [details]
ECDSA private key reproducing a problem

Please, see the analysis in the redhat bugzilla. It already answers most of the questions and points what is different in the old key and a new key (format: named curve x raw group parameters) and why is it failing (ec group comparison). I can reproduce the same behavior so I attached the testing private key.

I suspect this is some change in OpenSSL, how they handle EC group comparison, but I did not have time to investigate it further. It might even work for you with LibreSSL.

Comment 5 Damien Miller 2019-01-23 11:43:11 AEDT

OpenSSH tries to support keys that encode explicit group parameters rather than the group ID. See sshkey.c:sshkey_ecdsa_key_to_nid()

This definitely used to work with OpenSSL, but it doesn't seem to now. It does work with libressl.

Comment 6 Damien Miller 2020-01-26 00:33:04 AEDT

This seems to be a bug in OpenSSL. OpenSSH does everything I know of to ascertain and use the correct EC group. Please tell me if this is not the case and I'll try to fix it.

Comment 7 Damien Miller 2021-03-04 09:53:23 AEDT

close bugs that were resolved in OpenSSH 8.5 release cycle