Change allowing 0 length passwords caused openssh regression

[t8m]

The fix for issue #4716 caused regression in OpenSSH. It unfortunately depends on OpenSSL not attempting decryption of encrypted keys when zero-length password is passed to the callback, but returning a predictable error - that password is not supplied. Unfortunately for some of the keys that are encrypted with the old PEM encryption the decryption succeeds due to the accidentally correct padding in the decrypted garbage and the error returned is different.

In my opinion OpenSSH code is wrong and depending on things that it should not depend on but strictly speaking this is behavioral change on OpenSSL side.

See https://bugzilla.mindrot.org/show_bug.cgi?id=2913 for the discussion with OpenSSH.

[mattcaswell]

In my opinion OpenSSH code is wrong and depending on things that it should not depend on but strictly speaking this is behavioral change on OpenSSL side.

Interesting. Of course all bug fixes are a behavioural change in a way! One person's bug fix is another person's behaviour change if they happen to be relying on that buggy behaviour.

[t8m]

So true! :D

[petrovr]

Tomáš would you close this non OpenSSL issue?

[petrovr]

For protocol . issue is same as #6947. The difference is password length.
And yes 1.0.2p change "When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases." just reveals errorneous "translation of libcrypto errors" into SSH code.

[t8m]

I am not sure the issue is the same as #6947 - however it seems to be related.

[t8m]

Let's close this as it is not really issue in OpenSSL.