Bug#1082952: libcryptx-perl: t/sshkey.t fails on some architectures
Niko Tyni
ntyni at debian.org
Tue Oct 1 20:14:48 BST 2024
Control: tag -1 patch
On Sun, Sep 29, 2024 at 12:28:56AM +0200, gregor herrmann wrote:
> Source: libcryptx-perl
> Version: 0.081-1
> Severity: serious
> Tags: upstream ftbfs
> Justification: fails to build from source (but built successfully in the past)
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> 0.081-1 has test failures on some architectures (s390x, ppc64,
> sparc64, x32):
> https://buildd.debian.org/status/package.php?p=libcryptx-perl
>
> At least for the first three the failure is the same:
>
> FATAL: pem_decode_openssh failed: Invalid argument provided. at t/sshkey.t line 129.
The first three are indeed the same bug: a 64-bit big endian issue in
the bundled libtomcrypt that was updated in 0.081. The x32 failure is
something different and I haven't looked into it.
When decrypting a bcrypt encrypted SSH key, s_decode_header() passes an
'ulong32' pointer for salt length to ssh_decode_sequence_multi() which
expects an 'unsigned long'. On big endian 64-bit hosts, the half that
gets used is zero and bcrypt_pbkdf_openbsd() later barfs out because it
gets zero as salt length.
The code was originally introduced in libtomcrypt commit
https://github.com/libtom/libtomcrypt/commit/fec3d45adc00332c811a84f1a8d9b1fdaa303a3d
and it is not present in the 1.18.2 release that Debian uses.
I'm attaching a proposed patch. This makes the test suite pass
for me on s390x, amd64 and i386. Eyeballs would be welcome,
please don't assume that I know what I'm doing.
Hope this helps,
--
Niko Tyni ntyni at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-SSH-RSA-key-decryption-on-64-bit-big-endian-host.patch
Type: text/x-diff
Size: 1522 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-perl-maintainers/attachments/20241001/3650b3da/attachment.patch>
More information about the pkg-perl-maintainers
mailing list