Control: tag -1 patch On Sun, Sep 29, 2024 at 12:28:56AM +0200, gregor herrmann wrote: > Source: libcryptx-perl > Version: 0.081-1 > Severity: serious > Tags: upstream ftbfs > Justification: fails to build from source (but built successfully in the past) > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > 0.081-1 has test failures on some architectures (s390x, ppc64, > sparc64, x32): > https://buildd.debian.org/status/package.php?p=libcryptx-perl > > At least for the first three the failure is the same: > > FATAL: pem_decode_openssh failed: Invalid argument provided. at t/sshkey.t > line 129.
The first three are indeed the same bug: a 64-bit big endian issue in the bundled libtomcrypt that was updated in 0.081. The x32 failure is something different and I haven't looked into it. When decrypting a bcrypt encrypted SSH key, s_decode_header() passes an 'ulong32' pointer for salt length to ssh_decode_sequence_multi() which expects an 'unsigned long'. On big endian 64-bit hosts, the half that gets used is zero and bcrypt_pbkdf_openbsd() later barfs out because it gets zero as salt length. The code was originally introduced in libtomcrypt commit https://github.com/libtom/libtomcrypt/commit/fec3d45adc00332c811a84f1a8d9b1fdaa303a3d and it is not present in the 1.18.2 release that Debian uses. I'm attaching a proposed patch. This makes the test suite pass for me on s390x, amd64 and i386. Eyeballs would be welcome, please don't assume that I know what I'm doing. Hope this helps, -- Niko Tyni nt...@debian.org
>From c912db56833f8357900b1e798f9c0d8d0daa5b46 Mon Sep 17 00:00:00 2001 From: Niko Tyni <nt...@debian.org> Date: Tue, 1 Oct 2024 18:28:14 +0000 Subject: [PATCH] Fix SSH RSA key decryption on 64-bit big endian hosts Bug-Debian: https://bugs.debian.org/1082952 --- src/ltc/misc/pem/pem_ssh.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ltc/misc/pem/pem_ssh.c b/src/ltc/misc/pem/pem_ssh.c index 00ae4480..8114f231 100644 --- a/src/ltc/misc/pem/pem_ssh.c +++ b/src/ltc/misc/pem/pem_ssh.c @@ -675,14 +675,18 @@ static int s_decode_header(unsigned char *in, unsigned long *inlen, struct kdf_o opts->name = "none"; } else if (XSTRCMP((char*)kdfname, "bcrypt") == 0) { opts->name = "bcrypt"; - opts->saltlen = sizeof(opts->salt); + unsigned long saltlen = sizeof(opts->salt); len = kdfoptionslen; if ((err = ssh_decode_sequence_multi(kdfoptions, &len, - LTC_SSHDATA_STRING, opts->salt, &opts->saltlen, + LTC_SSHDATA_STRING, opts->salt, &saltlen, LTC_SSHDATA_UINT32, &opts->num_rounds, LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { return err; } + if (saltlen > 0xffffffff) { + return CRYPT_INPUT_TOO_LONG; + } + opts->saltlen = (ulong32) saltlen; if (len != kdfoptionslen) { return CRYPT_INPUT_TOO_LONG; } -- 2.45.2
