Page MenuHome GnuPG
Create Task
Maniphest T2223

libgcrypt-1.6.4: benchmark and keygen test failed due to segfault
Closed, ResolvedPublic
Actions

Description

Both segfault happened when function gcry_pk_genkey() is called. Used dbx to trace all
the way down to src/sexp.c in which this line: memcpy (c.pos, mp, nm); caused the
segfault. System information: Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC.

Details

Version
1.6.4

Event Timeline

testadizzy set Version to 1.6.4.Jan 20 2016, 6:02 PM
testadizzy added projects: libgcrypt, Bug Report.
testadizzy added a subscriber: testadizzy.

755_segfaultscreen.zip102 KBDownload

testadizzy lowered the priority of this task from High to Normal.Jan 20 2016, 6:04 PM
testadizzy added a comment.Jan 22 2016, 12:31 AM

Can't seem to edit my first post, so create this second post to provide extra info.

Ran all tests in libgcrypt/libgcrypt-1.6.4/tests directory, benchmark and keygen
failed. Here's the output:

./benchmark --verbose

.
.
.

Algorithm generate 100*sign 100*verify

RSA 1024 bit 310ms 1040ms 50ms
RSA 2048 bit 2370ms 7070ms 150ms
RSA 3072 bit 15950ms 21660ms 340ms
RSA 4096 bit 139410ms 47920ms 620ms
DSA 1024/160 - 600ms 820ms
DSA 2048/224 - 2920ms 3940ms
DSA 3072/256 - 6730ms 9520ms
ECDSA 192 bit
Segmentation Fault (core dumped)

./keygen --verbose
keygen: creating 1024 bit RSA key
keygen: creating 512 bit RSA key with e=257
keygen: creating 512 bit RSA key with default e
keygen: public exponent: 29
keygen: creating 1024 bit Elgamal key
keygen: creating 5 1024 bit DSA keys
keygen: creating 1536 bit DSA key
keygen: creating ECC key using curve NIST P-521
Segmentation Fault (core dumped)

werner added a subscriber: werner.Jan 22 2016, 11:15 AM

And that other bug report was?
You have full user permissions and thus you may comment on all bug reports.

testadizzy added a comment.Jan 22 2016, 4:16 PM

I'm sorry, do you mean the zip file that i uploaded earlier? That was just
screenshots of the output message which i listed in my second post. It's just
benchmark and keygen, and i am pretty sure both errors are related to ECC key
generation.

It's my first time using this site, please let me know if i need to provide more
information. And thanks!

testadizzy added a comment.Jan 22 2016, 9:10 PM

Here's something i got from running dbx with benchmark (with "check -access" option
to detect illegal memory access):

dbx benchmark

Reading benchmark
Reading ld.so.1
Reading libgcrypt.so.20.0.4
Reading libgpg-error.so.0.17.0
Reading librt.so.1
Reading libsocket.so.1
Reading libc.so.1
Reading libgcc_s.so.1
Reading libaio.so.1
Reading libmd.so.1
Reading libnsl.so.1
(dbx) check -access
access checking - ON
(dbx) run --verbose
Running: benchmark --verbose
(process id 20779)
Reading rtcapihook.so
Reading libdl.so.1
Reading rtcaudit.so
Reading libmapmalloc.so.1
Reading libgen.so.1
Reading libm.so.2
Reading libm_hwcap1.so.2
Reading libc_psr.so.1
Reading rtcboot.so
Reading librtc.so
RTC: Enabling Error Checking...
RTC: Running program...

...

Algorithm generate 100*sign 100*verify

RSA 1024 bit Read from uninitialized (rui):
Attempting to read 1 byte at address 0xffbfeba8

which is 312 bytes above the current stack pointer

stopped in add_randomness at line 1085 in file "random-csprng.c"
1085 rndpool[pool_writepos++] ^= *p++;
(dbx)

Hope this helps solve the issue.

werner added a comment.Mar 29 2016, 2:03 PM

Can you please enter the command "where" in dbx after the fault?

werner added a comment.Dec 9 2016, 11:22 AM

No info recevied and thus closing. You should switch to 1.7 (and soon 1.8)
anyway. A lot of things have been fixed since 1.6.

werner closed this task as Resolved.Dec 9 2016, 11:22 AM
werner claimed this task.
werner added a project: Info Needed.