old key not working with new agent

[xaki23]

(not a new issue, we talked about this on irc a month ago, but it is still open and i would like to track it here, perhaps we find someone with the same issue)

since the change to mirage-crypto, my old main rsa key is no longer working.
ssh-add simply fails:

[user@work-ssh ~]$ ssh-add -l
The agent has no identities.
[user@work-ssh ~]$ ssh-add
Enter passphrase for /home/user/.ssh/id_rsa: 
Could not add identity "/home/user/.ssh/id_rsa": communication with agent failed
[user@work-ssh ~]$ ssh-add -l
The agent has no identities.
[user@work-ssh ~]$ 

there is nothing useful in the console log of the agent vm.
strace-ing ssh-add says the agent is simply closing the connection.
there doesnt seem to be anything wrong with the setup as such, the same key works fine with the same setup but a pre-mirage-crypto build of the agent.
a freshly generated rsa key of the same size loads, generating some thousand new keys and loading them didnt find any other key that didnt work.

@hannesm suggested it might be mirage-crypto doing some "checks" on the key material while loading it.

sadly this is the one key i can not simply replace, so no way to hand it over for testing.
so i would need a way to do a "debug build" with either a lot less catch-and-ignore or a standalone test client.

[hannesm]

I'm not sure about this issue, the ways forward:

• are errors from Mirage_crypto_pk.Rsa reported to the user? try with an obvious bad key (I suspect the answer is not really since combinator parsers are used which attempt backtracking) i.e. one where p and q are not prime, or n <> p * q @reynir about error messages (even if the below fixes the issue, the errors should be reported to the user)
• does RSA: accept keys where d is not valid (but dp and dq are fine): they occur in the wild mirage/mirage-crypto#63 fix your issue (this is due to an unrelated report of Mirage_crypto rejecting a "good" RSA key), @xaki23 would you mind to try it out (this requires at least ocaml 4.08, and pins of mirage-crypto, mirage-crypto-rng, mirage-crypto-pk, and mirage-crypto-entropy to the https://github.com/hannesm/mirage-crypto.git#fix-62 branch)

[xaki23]

this does not seem to fix the issue.
afaict no change compared to a month ago, and nothing on the vm console.

i am very much in favor of the "show error messages" plan.