Page MenuHome GnuPG
Create Task
Maniphest T3491

FIPS-enabled libgcrypt traps gnome-keyring daemon in an infinite loop
Closed, ResolvedPublic
Actions

Description

When a user logs in via gdm on a FIPS-enabled system, gnome keyring daemon gets stuck in an infinite loop, which prevents successful login.
Tested with gkd 3.20.0 and libgcrypt 1.8.1.

Here's what happens:

libgcrypt gets initialized by gkd's egg_libgcrypt_initialize().
_gcry_rndlinux_gather_random opens /dev/random and stores the file descriptor to a static variable fd_random.

To become a daemon, gnome keyring performs a double fork and later does a descriptor cleanup in redirect_fds_after_fork(), which reopens /dev/null over descriptors 0-2.

Descriptor 2 before gkd's redirect_fds_after_fork():

# ls -l  /proc/10049/fd/2
lr-x------ 1 test users 64 19. říj 17.38 /proc/10049/fd/2 -> /dev/random

After:

# ls -l  /proc/10049/fd/2
lr-x------ 1 test users 64 19. říj 17.38 /proc/10049/fd/2 -> /dev/null

libgcrypt however still believes that descriptor 2 points to the random device, so when _gcry_rndlinux_gather_random() is invoked again, it repeatedly read()s 0 byte blocks from the descriptor, creating an infinite loop.

This bug manifests itself only in FIPS mode, because DRBG gets fully seeded on initialization, whereas CSPRNG doesn't do a full initialization, so _gcry_rndlinux_gather_random doesn't get called before the descriptors are cleared.

I reported this also against gnome-keyring, because it looks it should rather be fixed on the gnome-keyring side.

Details

Version
1.8.1

Revisions and Commits

rC libgcrypt
rC60885655756d random: Make sure to re-open /dev/random after a fork
rC319f55e6e579 random: Make sure to re-open /dev/random after a fork

Related Objects

Event Timeline

civ created this task.Nov 8 2017, 10:17 PM
werner added a subscriber: werner.Nov 9 2017, 8:37 AM

Right, we can't do anything in Libgcrypt except for adding a way to return the open fds. This is the usual problem with libraries and the required closing of fds before an exec. Anyway the FIPS mode is questionable because it has not been adjusted for many years and does not take account newer requirements.

werner triaged this task as Low priority.Apr 17 2018, 8:06 PM

FIPS rules changed anyway and thus more rework will be needed anyway. I keep this open at low priorirty.

werner removed a project: Bug Report.Apr 17 2018, 8:07 PM
werner added a commit: rC319f55e6e579: random: Make sure to re-open /dev/random after a fork.Oct 26 2018, 1:23 PM
werner closed this task as Resolved.Oct 26 2018, 1:26 PM
werner claimed this task.

Fixed in master and 1.8 by detecting a fork and re-opening the devices

werner mentioned this in T4234: Libgcrypt 1.8.4 release info.Oct 26 2018, 8:01 PM
werner mentioned this in T4294: Release Libgcrypt 1.9.0.Jan 19 2021, 10:17 AM
werner added a commit: rC60885655756d: random: Make sure to re-open /dev/random after a fork.Jun 3 2021, 7:08 PM