The torture_algorithms testcase of libssh.org segfaults with libgcrypt-1.8.1-3.fc27 and ecdsa keys.
The ecdsa 256bit ecdh test works, 384 segfaults and 521 hangs.
Reproducer:
Get libssh.org
Build with gcrypt and client tests
Run: ctest -V -R torture_algorithms
Here is the backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6633d5c in jent_memaccess (ec=ec@entry=0x7ffff7fed058,
loop_cnt=loop_cnt@entry=0) at ./jitterentropy-base.c:274
274 *tmpval = (*tmpval + 1) & 0xff;
(gdb) bt
#0 0x00007ffff6633d5c in jent_memaccess (ec=ec@entry=0x7ffff7fed058,
loop_cnt=loop_cnt@entry=0) at ./jitterentropy-base.c:274
#1 0x00007ffff6633e8d in jent_measure_jitter (ec=ec@entry=0x7ffff7fed058) at
/jitterentropy-base.c:341
#2 0x00007ffff663404e in jent_gen_entropy (ec=ec@entry=0x7ffff7fed058) at ./
jitterentropy-base.c:453
#3 0x00007ffff66341bc in jent_read_entropy (ec=0x7ffff7fed058,
data=data@entry=0x7fffffffacc0 "", len=len@entry=18) at ./jitterentropy-
base.c:541
#4 0x00007ffff66347d1 in _gcry_rndjent_poll (add=add@entry=0x7ffff662fca0
<add_randomness>, origin=origin@entry=RANDOM_ORIGIN_EXTRAPOLL,
length=length@entry=18)
at ./rndjent.c:294
#5 0x00007ffff66351da in _gcry_rndlinux_gather_random (add=0x7ffff662fca0
<add_randomness>, origin=RANDOM_ORIGIN_EXTRAPOLL, length=36, level=2) at
rndlinux.c:180
#6 0x00007ffff662f8b0 in read_random_source
(origin=origin@entry=RANDOM_ORIGIN_EXTRAPOLL, length=length@entry=48,
level=level@entry=2) at random-csprng.c:1299
#7 0x00007ffff663091a in read_pool (level=2, length=<optimized out>,
buffer=0x7ffff7fed050 "") at random-csprng.c:996
#8 _gcry_rngcsprng_randomize (buffer=<optimized out>, length=<optimized out>,
level=GCRY_VERY_STRONG_RANDOM) at random-csprng.c:542
#9 0x00007ffff662f520 in _gcry_random_bytes_secure (nbytes=nbytes@entry=48,
level=level@entry=GCRY_VERY_STRONG_RANDOM) at random.c:405
#10 0x00007ffff65934e3 in _gcry_dsa_gen_k (q=0x6a1ff0,
security_level=security_level@entry=2) at dsa-common.c:57
#11 0x00007ffff66061bc in nist_generate_key (sk=sk@entry=0x7fffffffb3c0,
E=E@entry=0x7fffffffb370, ctx=ctx@entry=0x6946c0, flags=0, nbits=384,
r_x=0x7fffffffb348,
r_y=0x7fffffffb350) at ecc.c:177
#12 0x00007ffff6606a5a in ecc_generate (genparms=<optimized out>,
r_skey=0x7fffffffb4f8) at ecc.c:602
#13 0x00007ffff6588f1f in _gcry_pk_genkey (r_key=r_key@entry=0x7fffffffb4f8,
s_parms=s_parms@entry=0x6a5440) at pubkey.c:578
#14 0x00007ffff6574c50 in gcry_pk_genkey (r_key=0x7fffffffb4f8,
s_parms=0x6a5440) at visibility.c:1029
#15 0x000000000043ee8c in ssh_client_ecdh_init (session=0x695410) at /home/
asn/workspace/projects/libssh/src/ecdh_gcrypt.c:83
#16 0x00000000004161aa in dh_handshake (session=0x695410) at /home/asn/
workspace/projects/libssh/src/client.c:265
#17 0x000000000041679b in ssh_client_connection_callback (session=0x695410) at
/home/asn/workspace/projects/libssh/src/client.c:474
#18 0x000000000041abf1 in ssh_packet_kexinit (session=0x695410, type=20
'\024', packet=0x69af90, user=0x695410) at /home/asn/workspace/projects/
libssh/src/kex.c:523
#19 0x00000000004263e3 in ssh_packet_process (session=0x695410, type=20
'\024') at /home/asn/workspace/projects/libssh/src/packet.c:451
#20 0x0000000000425f06 in ssh_packet_socket_callback (data=0x6a6350,
receivedlen=1192, user=0x695410) at /home/asn/workspace/projects/libssh/src/
packet.c:332
#21 0x000000000042f187 in ssh_socket_pollcallback (p=0x6a0200, fd=4,
revents=1, v_s=0x69f1b0) at /home/asn/workspace/projects/libssh/src/socket.c:
298
#22 0x00000000004586aa in ssh_poll_ctx_dopoll (ctx=0x69c110, timeout=9998) at
/home/asn/workspace/projects/libssh/src/poll.c:632
#23 0x000000000042e4ee in ssh_handle_packets (session=0x695410, timeout=9998)
at /home/asn/workspace/projects/libssh/src/session.c:641
#24 0x000000000042e5c1 in ssh_handle_packets_termination (session=0x695410,
timeout=10000, fct=0x4168cf <ssh_connect_termination>, user=0x695410)
at /home/asn/workspace/projects/libssh/src/session.c:703
#25 0x0000000000416cf6 in ssh_connect (session=0x695410) at /home/asn/
workspace/projects/libssh/src/client.c:611
#26 0x000000000040e0cf in test_algorithm (session=0x695410, kex=0x45bab1
"ecdh-sha2-nistp384", cipher=0x0, hmac=0x0)
at /home/asn/workspace/projects/libssh/tests/client/torture_algorithms.c:
110
#27 0x000000000040e975 in torture_algorithms_ecdh_sha2_nistp384
(state=0x692150) at /home/asn/workspace/projects/libssh/tests/client/
torture_algorithms.c:355
#28 0x00007ffff71a4ae9 in cmocka_run_one_test_or_fixture () from /lib64/
libcmocka.so.0
#29 0x00007ffff71a53d1 in _cmocka_run_group_tests () from /lib64/libcmocka.so.
0
#30 0x000000000040ea52 in torture_run_tests () at /home/asn/workspace/
projects/libssh/tests/client/torture_algorithms.c:471
---Type <return> to continue, or q <return> to quit---
#31 0x0000000000410558 in main (argc=1, argv=0x7fffffffd028) at /home/asn/
workspace/projects/libssh/tests/torture.c:812