Bug#1082952: libcryptx-perl: t/sshkey.t fails on some architectures

Niko Tyni ntyni at debian.org
Tue Oct 1 20:14:48 BST 2024


Control: tag -1 patch

On Sun, Sep 29, 2024 at 12:28:56AM +0200, gregor herrmann wrote:
> Source: libcryptx-perl
> Version: 0.081-1
> Severity: serious
> Tags: upstream ftbfs
> Justification: fails to build from source (but built successfully in the past)
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> 0.081-1 has test failures on some architectures (s390x, ppc64,
> sparc64, x32):
> https://buildd.debian.org/status/package.php?p=libcryptx-perl
> 
> At least for the first three the failure is the same:
> 
> FATAL: pem_decode_openssh failed: Invalid argument provided. at t/sshkey.t line 129.

The first three are indeed the same bug: a 64-bit big endian issue in
the bundled libtomcrypt that was updated in 0.081. The x32 failure is
something different and I haven't looked into it.

When decrypting a bcrypt encrypted SSH key, s_decode_header() passes an
'ulong32' pointer for salt length to ssh_decode_sequence_multi() which
expects an 'unsigned long'.  On big endian 64-bit hosts, the half that
gets used is zero and bcrypt_pbkdf_openbsd() later barfs out because it
gets zero as salt length.

The code was originally introduced in libtomcrypt commit

  https://github.com/libtom/libtomcrypt/commit/fec3d45adc00332c811a84f1a8d9b1fdaa303a3d

and it is not present in the 1.18.2 release that Debian uses.

I'm attaching a proposed patch. This makes the test suite pass
for me on s390x, amd64 and i386. Eyeballs would be welcome,
please don't assume that I know what I'm doing.

Hope this helps,
-- 
Niko Tyni   ntyni at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-SSH-RSA-key-decryption-on-64-bit-big-endian-host.patch
Type: text/x-diff
Size: 1522 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20241001/3650b3da/attachment.patch>


More information about the pkg-perl-maintainers mailing list