[botan-devel] SEGV in RNG after updating to 1.10.7

William K. Foster wkf at alum.mit.edu
Thu Feb 6 17:51:34 EST 2014


I do not have a simple test case, I find this when running my applications
test suite and it occurs in about one in 10,000 runs.

Here is another stack trace:

#1  0x00000000005c7cfe in GlobalSignalTermHandler (sig=11) at Param.cpp:1422
#2  <signal handler called>
#3  0x00000000006e324c in reverse_bytes (val=<optimized out>) at
build/include/botan/bswap.h:89
#4  load_be<unsigned long long> (off=<optimized out>, in=<optimized out>)
at build/include/botan/loadstor.h:203
#5  Botan::(anonymous namespace)::SHA2_64::compress (digest=...,
input=0x2a916000 <Address 0x2a916000 out of bounds>,
blocks=144115188075855871) at src/hash/sha2_64/sha2_64.cpp:61
#6  0x00000000006e75cb in Botan::SHA_512::compress_n (this=<optimized out>,
input=0xff25457799f258bf <Address 0xff25457799f258bf out of bounds>,
blocks=3642481287135357789) at src/hash/sha2_64/sha2_64.cpp:214
#7  0x00000000006de46c in Botan::MDx_HashFunction::add_data
(this=0x1d266070, input=0x1d253200 "h \345  [\231\177\204",
length=<optimized out>) at src/hash/mdx_hash/mdx_hash.cpp:62
#8  0x000000000078023e in update (length=<optimized out>, in=<optimized
out>, this=0x7ef0b70dc689e162) at build/include/botan/buf_comp.h:33
#9  Botan::HMAC::add_data (this=<optimized out>, input=0xff25457799f258bf
<Address 0xff25457799f258bf out of bounds>, length=3642481287135357789) at
src/mac/hmac/hmac.cpp:19
#10 0x00000000007d742e in update (length=<optimized out>, in=<optimized
out>, this=0x7ef0b70dc689e162) at build/include/botan/buf_comp.h:33
#11 Botan::Entropy_Accumulator_BufferedComputation::add_bytes
(this=<optimized out>, bytes=0xff25457799f258bf <Address 0xff25457799f258bf
out of bounds>, length=3642481287135357789) at
build/include/botan/entropy_src.h:113
#12 0x000000000080a53d in add (entropy_bits_per_byte=<optimized out>,
length=18446744073709551615, bytes=<optimized out>, this=<optimized out>)
at build/include/botan/entropy_src.h:72
#13 Botan::Device_EntropySource::poll (this=<optimized out>, accum=...) at
src/entropy/dev_random/dev_random.cpp:96
#14 0x00000000007d611f in Botan::HMAC_RNG::reseed (this=0x1d1ea5a0,
poll_bits=128) at src/rng/hmac_rng/hmac_rng.cpp:86
#15 0x00000000007d704c in Botan::HMAC_RNG::randomize (this=0x1d1ea5a0,
out=0x1d2531c0 "\371DA\266\223\066[`\"i\026a\177\360", <incomplete sequence
\360>, length=0) at src/rng/hmac_rng/hmac_rng.cpp:59
#16 0x00000000007d7c77 in random_vec (bytes=<optimized out>,
this=0x1d1ea5a0) at build/include/botan/rng.h:43
#17 Botan::ANSI_X931_RNG::update_buffer (this=0x1d1fa780) at
src/rng/x931_rng/x931_rng.cpp:43
#18 0x00000000007d8c71 in Botan::ANSI_X931_RNG::randomize (this=0x1d1fa780,
out=0x2b8386d28997 "", length=1) at src/rng/x931_rng/x931_rng.cpp:25
#19 0x000000000077c512 in Botan::(anonymous
namespace)::Serialized_PRNG::randomize (this=0x1d1bcde0, out=0x2b8386d28997
"", len=1) at src/libstate/global_rng.cpp:119
#20 0x00000000005c9d22 in Botan::AutoSeeded_RNG::randomize
(this=0x1d1c21a0, out=0x2b8386d28997 "", len=1) at
../../src/Botan/build/include/botan/auto_rng.h:24
#21 0x000000000071a5fb in Botan::RandomNumberGenerator::next_byte
(this=0x7ef0b70dc689e162) at src/rng/rng.cpp:22
#22 0x00000000005c5ffe in random::generate () at Param.cpp:1864

I will try the patch and see if the crash goes away.  I am able to get this
in the debugger when it happens, but not easily strace since that would
mean using strace thousands of time until it failed.  Is there anything
more I can get from the debugger to help or any change to apply to the code
to provide more info when this case occurs?

Thanks.

-William



On Thu, Feb 6, 2014 at 6:54 AM, Jack Lloyd <lloyd at randombit.net> wrote:

>
> The /dev/random reader did change in 1.10.7. I've been unable to replicate
> this crash but from the backtrace I do see a flow that would cause a crash
> if read() on the device returns an error.
>
> If you have any ability to repliacate this issue it would be great if
> you could strace the process and find the exact error that is being
> returned. Likely it is EAGAIN or similiar as we are using non-blocking
> reads, so if select returns readable and then in the intervening time
> some other process drains the /dev/random pool that would trigger this
> bug.
>
> This patch should fix the crash:
>
> #
> # old_revision [7f0a8fd7748331d87d6ec9ae013459e4c02c75e8]
> #
> # patch "src/entropy/dev_random/dev_random.cpp"
> #  from [cb24a224755a8464707182e5c3fbd5a92f4c3c6b]
> #    to [bf6aae02a86ec7a5f2ac82ca6493078e1d7fdb19]
> #
> ============================================================
> --- src/entropy/dev_random/dev_random.cpp
> cb24a224755a8464707182e5c3fbd5a92f4c3c6b
> +++ src/entropy/dev_random/dev_random.cpp
> bf6aae02a86ec7a5f2ac82ca6493078e1d7fdb19
> @@ -93,7 +93,9 @@ void Device_EntropySource::poll(Entropy_
>        if(FD_ISSET(devices[i], &read_set))
>           {
>           const ssize_t got = ::read(devices[i], &io_buffer[0],
> io_buffer.size());
> -         accum.add(&io_buffer[0], got, ENTROPY_BITS_PER_BYTE);
> +
> +         if(got > 0)
> +            accum.add(&io_buffer[0], got, ENTROPY_BITS_PER_BYTE);
>           }
>        }
>     }
>
> On Mon, Feb 03, 2014 at 03:57:29PM -0800, William K. Foster wrote:
> > Hello,
> >
> > I recently updated from Botan v1.10.5 to v1.10.7 and I've seen a SEGV
> that
> > is not easily reproducible in the RNG constructor:
> >
> > #1  0x00000000005c794e in GlobalSignalTermHandler (sig=11) at
> Param.cpp:1422
> > #2  <signal handler called>
> > #3  0x00000000006e4bdc in Botan::(anonymous
> > namespace)::SHA2_64::compress(Botan::MemoryRegion<unsigned long long>&,
> > unsigned char const*, unsigned long) ()
> > #4  0x00000000006dfd3f in Botan::MDx_HashFunction::add_data(unsigned char
> > const*, unsigned long) ()
> > #5  0x000000000080da34 in
> > Botan::Device_EntropySource::poll(Botan::Entropy_Accumulator&) ()
> > #6  0x00000000007d168e in Botan::HMAC_RNG::reseed(unsigned long) ()
> > #7  0x00000000007d4c9e in Botan::ANSI_X931_RNG::reseed(unsigned long) ()
> > #8  0x000000000077ade4 in
> > Botan::Library_State::make_global_rng(Botan::Algorithm_Factory&,
> > Botan::Mutex*) ()
> > #9  0x00000000006eac6b in Botan::Library_State::global_rng() ()
> > #10 0x00000000005cd2fb in Botan::AutoSeeded_RNG::AutoSeeded_RNG
> > (this=0x7fff204511d0) at
> ../../src/Botan/build/include/botan/auto_rng.h:40
> >
> > The calling code is doing a default constructor of an RNG:
> >
> >     Botan::AutoSeeded_RNG rng;
> >
> > This usually works, but on occasion I get a SEGV.
> >
> > Could this be related to changes between v1.10.5 and v1.10.7?
> >
> > Thanks.
> >
> > -William
>
> > _______________________________________________
> > botan-devel mailing list
> > botan-devel at randombit.net
> > http://lists.randombit.net/mailman/listinfo/botan-devel
>
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20140206/1ae98c36/attachment-0001.html>


More information about the botan-devel mailing list