Page MenuHome GnuPG

AES encryption at a stable Gentoo Linux broken
Closed, ResolvedPublic

Description

gpg/KGpg segfaults (see Gentoo bug
https://bugs.gentoo.org/show_bug.cgi?id=442568), the current git tree still
suffers from that issue.
3 of 17 tests failed for libgcrypt-1.5.0-48-g5abc061 : basic, aeswrap and benchmark

back trace for benchmark follows :
tfoerste@n22 ~/devel/libgcrypt/tests $ gdb --core=core
/home/tfoerste/devel/libgcrypt/tests/.libs/benchmark
GNU gdb (Gentoo 7.4.1 p2) 7.4.1
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu".
For bug reporting instructions, please see:
http://bugs.gentoo.org/...
Reading symbols from /home/tfoerste/devel/libgcrypt/tests/.libs/benchmark...done.
[New LWP 22587]

warning: Could not load shared library symbols for linux-gate.so.1.
Do you need "set solib-search-path" or "set sysroot"?
Core was generated by `/home/tfoerste/devel/libgcrypt/tests/.libs/benchmark'.
Program terminated with signal 11, Segmentation fault.
#0 0xb77337b2 in do_aesni_enc_aligned (ctx=0xbf9f5ff4,

b=0xbf9f5fe4

"\026\357\344\340\037\250\006\372\030\234\275dO\351\365\006\350\351\352\353\355\356\357\360\362\363\364\365\367\370\371\372\250pǃE\236(s\267m܆@\225%|\200O\327\212\305\321\377\371r\274#\177\062)\006\003!
\254\251\344\361SP\226Mp/\244dv,j\030\335\340\216鎰\030\244\376\237\274\300\210
\263\300ܰ\205N5>5V\221\300\252\352QH\031\061\216d\002\177\273Z7)*\232\235\303{҄P;;,/\200a\033\006\252\373\206\305\321)\002\356\236L\212\301\036-\221Ǵ\326\027\002e\377\025\270\210\025\375y\226\070l\276\"\356{\274G\021n.\n\212\230W\234\262\364\351\276\\\217U\371M\341oʕT\252\356\360v"...,
a=0xb778a63f
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275")

at rijndael.c:724

724 asm volatile ("movdqu %[src], %%xmm0\n\t" /* xmm0 := *a */
(gdb) bt
#0 0xb77337b2 in do_aesni_enc_aligned (ctx=0xbf9f5ff4,

b=0xbf9f5fe4

"\026\357\344\340\037\250\006\372\030\234\275dO\351\365\006\350\351\352\353\355\356\357\360\362\363\364\365\367\370\371\372\250pǃE\236(s\267m܆@\225%|\200O\327\212\305\321\377\371r\274#\177\062)\006\003!
\254\251\344\361SP\226Mp/\244dv,j\030\335\340\216鎰\030\244\376\237\274\300\210
\263\300ܰ\205N5>5V\221\300\252\352QH\031\061\216d\002\177\273Z7)*\232\235\303{҄P;;,/\200a\033\006\252\373\206\305\321)\002\356\236L\212\301\036-\221Ǵ\326\027\002e\377\025\270\210\025\375y\226\070l\276\"\356{\274G\021n.\n\212\230W\234\262\364\351\276\\\217U\371M\341oʕT\252\356\360v"...,
a=0xb778a63f
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275")

at rijndael.c:724

#1 0xb7733e3d in do_aesni (ctx=0xbf9f5ff4, decrypt_flag=0,

bx=0xbf9f5fe4

"\026\357\344\340\037\250\006\372\030\234\275dO\351\365\006\350\351\352\353\355\356\357\360\362\363\364\365\367\370\371\372\250pǃE\236(s\267m܆@\225%|\200O\327\212\305\321\377\371r\274#\177\062)\006\003!
\254\251\344\361SP\226Mp/\244dv,j\030\335\340\216鎰\030\244\376\237\274\300\210
\263\300ܰ\205N5>5V\221\300\252\352QH\031\061\216d\002\177\273Z7)*\232\235\303{҄P;;,/\200a\033\006\252\373\206\305\321)\002\356\236L\212\301\036-\221Ǵ\326\027\002e\377\025\270\210\025\375y\226\070l\276\"\356{\274G\021n.\n\212\230W\234\262\364\351\276\\\217U\371M\341oʕT\252\356\360v"...,
ax=0xb778a63f
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275")

at rijndael.c:1146

#2 0xb7733e85 in rijndael_encrypt (context=0xbf9f5ff4,

b=0xbf9f5fe4

"\026\357\344\340\037\250\006\372\030\234\275dO\351\365\006\350\351\352\353\355\356\357\360\362\363\364\365\367\370\371\372\250pǃE\236(s\267m܆@\225%|\200O\327\212\305\321\377\371r\274#\177\062)\006\003!
\254\251\344\361SP\226Mp/\244dv,j\030\335\340\216鎰\030\244\376\237\274\300\210
\263\300ܰ\205N5>5V\221\300\252\352QH\031\061\216d\002\177\273Z7)*\232\235\303{҄P;;,/\200a\033\006\252\373\206\305\321)\002\356\236L\212\301\036-\221Ǵ\326\027\002e\377\025\270\210\025\375y\226\070l\276\"\356{\274G\021n.\n\212\230W\234\262\364\351\276\\\217U\371M\341oʕT\252\356\360v"...,
a=0xb778a63f
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275")

at rijndael.c:1169

#3 0xb7734cd6 in selftest_basic_128 () at rijndael.c:1674
#4 0xb7734f27 in selftest () at rijndael.c:1763
#5 0xb77326b0 in do_setkey (ctx=0x94fede0, key=0xbf9f6368 "
!\"#$%&'()*+,-./\320\321\322\323.\204q\267\230\250p\267p\244z\267h\243p\267.\204q\267\377\377\377\377\364?z\267",
keylen=16) at rijndael.c:211
#6 0xb7732bd4 in rijndael_setkey (context=0x94fede0, key=0xbf9f6368 "
!\"#$%&'()*+,-./\320\321\322\323.\204q\267\230\250p\267p\244z\267h\243p\267.\204q\267\377\377\377\377\364?z\267",
keylen=16) at rijndael.c:446
#7 0xb77194d9 in cipher_setkey (c=0x94fed60, key=0xbf9f6368 "
!\"#$%&'()*+,-./\320\321\322\323.\204q\267\230\250p\267p\244z\267h\243p\267.\204q\267\377\377\377\377\364?z\267",
keylen=16) at cipher.c:789
#8 0xb7719e6f in _gcry_cipher_setkey (hd=0x94fed60, key=0xbf9f6368, keylen=16)
at cipher.c:1093
#9 0xb770e368 in gcry_cipher_setkey (hd=0x94fed60, key=0xbf9f6368, keylen=16)
at visibility.c:521
#10 0x08049fb7 in cipher_bench (algoname=0xb778a515 "AES") at benchmark.c:641
#11 0x08049b76 in cipher_bench (algoname=0x0) at benchmark.c:549
#12 0x0804b8cf in main (argc=0, argv=0xbf9f65f8) at benchmark.c:1255

Details

Version
1.5

Event Timeline

toralf added projects: libgcrypt, Bug Report.
toralf added a subscriber: toralf.

quick bisecting gave :

tfoerste@n22 ~/devel/libgcrypt $ git bisect bad
83f80d39c3feddc7e055525d47dcf3f069801e89 is the first bad commit
commit 83f80d39c3feddc7e055525d47dcf3f069801e89
Author: Werner Koch <wk@gnupg.org>
Date: Tue Feb 15 14:38:02 2011 +0100

    Change more AES-NI code into plain asm

:040000 040000 5f3aef9e672defe8feeec28e4c6aa2b810c7e0e8
01816387886d3d8e832d0a97e1e0f1a984fa9256 M cipher

Please provide more information, in particular: the OS Version, the compiler and
all options used for building.

TIt is a 3.6.6 vanilla kernel of a stable Gentoo with 3.6.6 vanilla kernel and
gcc-4.6.3 (+ Gentoo patch set), all options are here :
https://bugs.gentoo.org/show_bug.cgi?id=442568#c0

and there's the complete build log attached too (gzip'ed - the mime type might
be sometimes not recognized correctly)

Please build it with a stock compiler and standard options (i.e. none). Same
problem? No, then add options until you get the segv again.

Gentoo thinks about patching its package with their own solution till an
official fix :
https://bugs.gentoo.org/show_bug.cgi?id=442568#add_comment

Yep, you should have mentioned the aligned problem in the selftest. I don't
follow the gentoo tracker if we are already discussing here. I will soon look
at the problem. A new 1.5 release is anyway due.

Fixed in master and 1.5 by adding an aligned attribute to RIJNDAEL_context.
However, this is not portable becuase we do this only for gcc. To mitigate the
problem I will replace the ifdef GNUC by a macro figured out by configure.

werner claimed this task.
werner removed a project: Restricted Project.