gpg-agent 'crashes' with libgcrypt 1.9.0

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

gpg-agent 'crashes' with libgcrypt 1.9.0

GnuPG - Libgcrypt - Dev mailing list
Hello,

I'm using Archlinux x86_64 and gnupg 2.2.27 and libgcrypt 1.9.0.

Before I updated my boxes to new libgcrypt 1.9.0 (previous version was 1.8.7)
gpg worked fine, gpg-agent asked password once to sign, encrypt and decrypt
and subsequent signing, encrypting and decrypting went without password
asking (intended behaviour).

After update I noticed that I could decrypt files but cannot sign or encrypt
anything. I opened bug ticket in my distribution:
  https://bugs.archlinux.org/task/69389
where I showed output from systemd and my attempts to debug gpg-agent.

The gpg-agent is started by systemd (socket activation). With libgcrypt
1.9.0 when I want to sign or encrypt a file I successfully enter password but
after that I see (a bit cryptic) message from gpg:

  gpg: signing failed: End of file

The systemctl shows that gpg-agent was terminated (I'm not sure how exactly,
gpg-agent doesn't produce any debug information) with message:

  ...
  Jan 21 10:13:33 smoon4.bkoty.ru gpg-agent[25312]: free(): invalid pointer
  ...

This is my gpg-agent.conf:
----------------------------------- 8< --------------------------------------
pinentry-program /usr/bin/pinentry-curses
pinentry-timeout       60
# no-grab
allow-loopback-pinentry
allow-emacs-pinentry
default-cache-ttl      5400
default-cache-ttl-ssh  5400
max-cache-ttl          10800
max-cache-ttl-ssh      10800
enable-ssh-support
ssh-fingerprint-digest SHA256
----------------------------------- 8< --------------------------------------

I wasn't able to run gpg-agent in strace or gdb to figure out what is wrong,
so I follow advice of Andreas Radke to ask help here.

Would be glad to help to resolve my issue because if libgcrypt 1.9.0 would be
in "stable" area then I can't sign or encrypt files (it is interesting enough
that I could decrypt files).

---
WBR, Vladimir Lomov

--
"Don't worry about people stealing your ideas. If your ideas are any good,
you'll have to ram them down people's throats."
 -- Howard Aiken

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

signature.asc (235 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gpg-agent 'crashes' with libgcrypt 1.9.0

GnuPG - Libgcrypt - Dev mailing list
On Fri, 22 Jan 2021 11:38, Vladimir Lomov said:

>   Jan 21 10:13:33 smoon4.bkoty.ru gpg-agent[25312]: free(): invalid pointer

https://dev.gnupg.org/T5254

has a fix.  I am going to release 1.9.1 next week.


Shalom-Salam,

   Werner

--
* Free Assange and protect free journalism!
* Germany: Sign the Treaty on the Prohibition of Nuclear Weapons!

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

signature.asc (233 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gpg-agent 'crashes' with libgcrypt 1.9.0

GnuPG - Libgcrypt - Dev mailing list
Hello,
** Werner Koch <[hidden email]> [2021-01-22 17:53:17 +0100]:

> On Fri, 22 Jan 2021 11:38, Vladimir Lomov said:

>> Jan 21 10:13:33 smoon4.bkoty.ru gpg-agent[25312]: free(): invalid pointer

> https://dev.gnupg.org/T5254

> has a fix.  I am going to release 1.9.1 next week.

I built libgcrypt 1.9.0 with this patch (took it from git.gnupg.org) and
tried to run

$ gpg -s --clearsign -b PKGBUILD

but it ended with the same error for both distribution package and locally
rebuilt one.

Is there a way to debug this? I experimented with running gpg-agent under gdb
and strace but, obviously due to security reasons, couldn't get it to work.

> Shalom-Salam,

>    Werner

---
WBR, Vladimir Lomov

--
Nuclear powered vacuuum cleaners will probably be a reality within 10 years.
                -- Alex Lewyt (President of the Lewyt Corporation,
                   manufacturers of vacuum cleaners), quoted in The New York
                   Times, June 10, 1955.

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

signature.asc (235 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gpg-agent 'crashes' with libgcrypt 1.9.0

NIIBE Yutaka
Hello,

Sorry for the trouble.  Most likely, it's my fault.

I think that you are using Ed25519 key.  In 1.9, we handle the private
key as fixed-size opaque string consistently, while it was handled
differently in 1.8.  We have a support of non fixed-size key which
was created by GnuPG 2.2, but it had a bug.

Please test following patch.
--

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

libgcrypt-1.9.0-fix-ed25519.patch (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: gpg-agent 'crashes' with libgcrypt 1.9.0

GnuPG - Libgcrypt - Dev mailing list
Hello
** NIIBE Yutaka <[hidden email]> [2021-01-25 14:17:50 +0900]:

> Hello,

> Sorry for the trouble.  Most likely, it's my fault.

> I think that you are using Ed25519 key.

Yes, I didn't thought it is important but yes, in pinentry dialog it is
identified as EDDSA (public part is available by wkd for [hidden email]).

> In 1.9, we handle the private key as fixed-size opaque string consistently,
> while it was handled differently in 1.8.  We have a support of non
> fixed-size key which was created by GnuPG 2.2, but it had a bug.

> Please test following patch.

After I rebuilt libgcrypt and gnupg (in that order) I can sign, encrypt and
decrypt messages as it was before, no more failures or gpg-agent "crashes".
Thank you!

---
WBR, Vladimir Lomov

--
Drop in any mailbox.

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel

signature.asc (235 bytes) Download Attachment