error in libcrypto if loaded key is replaced

[dcousens]

When testing, I used ssh-tpm-keygen to replace an existing test.tpm that had already been loaded by my running ssh-tpm-agent:

$ ssh-tpm-agent -d
time=2024-07-13T00:54:01.989+10:00 level=INFO msg="Warning: ssh-tpm-agent is meant to run as a background daemon."
time=2024-07-13T00:54:01.989+10:00 level=INFO msg="Running multiple instances is likely to lead to conflicts."
time=2024-07-13T00:54:01.989+10:00 level=INFO msg="Consider using a systemd service."
time=2024-07-13T00:54:01.989+10:00 level=INFO msg="Listening on socket" path=/run/user/1000/ssh-tpm-agent.sock
time=2024-07-13T00:54:01.989+10:00 level=DEBUG msg="called loadkeys"
time=2024-07-13T00:54:01.989+10:00 level=DEBUG msg="skipping key: does not have .tpm suffix" name=/home/daniel/.ssh/config
...
time=2024-07-13T00:54:01.990+10:00 level=DEBUG msg="added TPM key" name=/home/daniel/.ssh/test.tpm
...

Then, without restarting ssh-tpm-agent and with ssh-tpm-keygen having replaced test.tpm, by then running ssh ... the following error is shown:

Load key "/home/daniel/.ssh/test.pub": error in libcrypto

The followup output for this interaction from ssh-tpm-agent -d is relatively minimal, with no indicative error:

time=2024-07-13T01:01:51.682+10:00 level=DEBUG msg="called extensions"
time=2024-07-13T01:01:51.682+10:00 level=DEBUG msg="called list"

Restarting ssh-tpm-agent resolves the problem.

[Foxboron]

Yep, this sounds like a bug :) Thanks!

[Foxboron]

I suspect this fixes you issue, but I haven't tested yet.

800e6c9

[dcousens]

Doesn't appear to be resolved

# ssh-tpm-keygen -f test
#   and added test.pub to authorized keys

$ git rev-parse HEAD
54a466a8eec3b48b374e05908dfa11b112392c30

$ ./bin/ssh-tpm-agent -d
time=2024-07-14T10:16:44.485+10:00 level=INFO msg="Warning: ssh-tpm-agent is meant to run as a background daemon."
time=2024-07-14T10:16:44.485+10:00 level=INFO msg="Running multiple instances is likely to lead to conflicts."
time=2024-07-14T10:16:44.485+10:00 level=INFO msg="Consider using a systemd service."
time=2024-07-14T10:16:44.486+10:00 level=INFO msg="Listening on socket" path=/run/user/1000/ssh-tpm-agent.sock
time=2024-07-14T10:16:44.486+10:00 level=DEBUG msg="called loadkeys"
time=2024-07-14T10:16:44.486+10:00 level=DEBUG msg="skipping key: does not have .tpm suffix" name=/home/daniel/.ssh/config
# ...
time=2024-07-14T10:16:44.486+10:00 level=DEBUG msg="added TPM key" name=/home/daniel/.ssh/test.tpm
# ...

# ssh OK
time=2024-07-14T10:16:54.783+10:00 level=DEBUG msg="called extensions"
time=2024-07-14T10:16:54.784+10:00 level=DEBUG msg="called list"
time=2024-07-14T10:16:55.091+10:00 level=DEBUG msg="called signwithflags"

# ssh-tpm-keygen -f test
#   and added test.pub to authorized keys

# ssh ERROR
#   Load key "/home/daniel/.ssh/test.pub": error in libcrypto
time=2024-07-14T10:17:37.177+10:00 level=DEBUG msg="called extensions"
time=2024-07-14T10:17:37.177+10:00 level=DEBUG msg="called list"

Ps. thank you for fixing f8a5360 💛

[Foxboron]

Can't reproduce with the details you have given so far.

[dcousens]

Interesting! I'll try and automate a reproduction when I can