[botan-devel] SEGV in RNG after updating to 1.10.7

William K. Foster wkf at alum.mit.edu
Thu Feb 6 18:07:32 EST 2014


I also see that errno == 32 == EPIPE in the debugger at the time of SEGV.


On Thu, Feb 6, 2014 at 3:05 PM, William K. Foster <wkf at alum.mit.edu> wrote:

> I found in the debugger that got == -1 in the patched code when it crashed
> most recently.  This is cast to unsigned 18446744073709551615 in add().
>
>
> On Thu, Feb 6, 2014 at 2:51 PM, William K. Foster <wkf at alum.mit.edu>wrote:
>
>> I do not have a simple test case, I find this when running my
>> applications test suite and it occurs in about one in 10,000 runs.
>>
>> Here is another stack trace:
>>
>> #1  0x00000000005c7cfe in GlobalSignalTermHandler (sig=11) at
>> Param.cpp:1422
>> #2  <signal handler called>
>> #3  0x00000000006e324c in reverse_bytes (val=<optimized out>) at
>> build/include/botan/bswap.h:89
>>  #4  load_be<unsigned long long> (off=<optimized out>, in=<optimized
>> out>) at build/include/botan/loadstor.h:203
>> #5  Botan::(anonymous namespace)::SHA2_64::compress (digest=...,
>> input=0x2a916000 <Address 0x2a916000 out of bounds>,
>> blocks=144115188075855871) at src/hash/sha2_64/sha2_64.cpp:61
>> #6  0x00000000006e75cb in Botan::SHA_512::compress_n (this=<optimized
>> out>, input=0xff25457799f258bf <Address 0xff25457799f258bf out of bounds>,
>> blocks=3642481287135357789) at src/hash/sha2_64/sha2_64.cpp:214
>> #7  0x00000000006de46c in Botan::MDx_HashFunction::add_data
>> (this=0x1d266070, input=0x1d253200 "h \345  [\231\177\204",
>> length=<optimized out>) at src/hash/mdx_hash/mdx_hash.cpp:62
>> #8  0x000000000078023e in update (length=<optimized out>, in=<optimized
>> out>, this=0x7ef0b70dc689e162) at build/include/botan/buf_comp.h:33
>> #9  Botan::HMAC::add_data (this=<optimized out>, input=0xff25457799f258bf
>> <Address 0xff25457799f258bf out of bounds>, length=3642481287135357789) at
>> src/mac/hmac/hmac.cpp:19
>> #10 0x00000000007d742e in update (length=<optimized out>, in=<optimized
>> out>, this=0x7ef0b70dc689e162) at build/include/botan/buf_comp.h:33
>> #11 Botan::Entropy_Accumulator_BufferedComputation::add_bytes
>> (this=<optimized out>, bytes=0xff25457799f258bf <Address 0xff25457799f258bf
>> out of bounds>, length=3642481287135357789) at
>> build/include/botan/entropy_src.h:113
>>  #12 0x000000000080a53d in add (entropy_bits_per_byte=<optimized out>,
>> length=18446744073709551615, bytes=<optimized out>, this=<optimized out>)
>> at build/include/botan/entropy_src.h:72
>> #13 Botan::Device_EntropySource::poll (this=<optimized out>, accum=...)
>> at src/entropy/dev_random/dev_random.cpp:96
>> #14 0x00000000007d611f in Botan::HMAC_RNG::reseed (this=0x1d1ea5a0,
>> poll_bits=128) at src/rng/hmac_rng/hmac_rng.cpp:86
>> #15 0x00000000007d704c in Botan::HMAC_RNG::randomize (this=0x1d1ea5a0,
>> out=0x1d2531c0 "\371DA\266\223\066[`\"i\026a\177\360", <incomplete sequence
>> \360>, length=0) at src/rng/hmac_rng/hmac_rng.cpp:59
>> #16 0x00000000007d7c77 in random_vec (bytes=<optimized out>,
>> this=0x1d1ea5a0) at build/include/botan/rng.h:43
>> #17 Botan::ANSI_X931_RNG::update_buffer (this=0x1d1fa780) at
>> src/rng/x931_rng/x931_rng.cpp:43
>> #18 0x00000000007d8c71 in Botan::ANSI_X931_RNG::randomize
>> (this=0x1d1fa780, out=0x2b8386d28997 "", length=1) at
>> src/rng/x931_rng/x931_rng.cpp:25
>> #19 0x000000000077c512 in Botan::(anonymous
>> namespace)::Serialized_PRNG::randomize (this=0x1d1bcde0, out=0x2b8386d28997
>> "", len=1) at src/libstate/global_rng.cpp:119
>> #20 0x00000000005c9d22 in Botan::AutoSeeded_RNG::randomize
>> (this=0x1d1c21a0, out=0x2b8386d28997 "", len=1) at
>> ../../src/Botan/build/include/botan/auto_rng.h:24
>> #21 0x000000000071a5fb in Botan::RandomNumberGenerator::next_byte
>> (this=0x7ef0b70dc689e162) at src/rng/rng.cpp:22
>> #22 0x00000000005c5ffe in random::generate () at Param.cpp:1864
>>
>> I will try the patch and see if the crash goes away.  I am able to get
>> this in the debugger when it happens, but not easily strace since that
>> would mean using strace thousands of time until it failed.  Is there
>> anything more I can get from the debugger to help or any change to apply to
>> the code to provide more info when this case occurs?
>>
>> Thanks.
>>
>> -William
>>
>>
>>
>> On Thu, Feb 6, 2014 at 6:54 AM, Jack Lloyd <lloyd at randombit.net> wrote:
>>
>>>
>>> The /dev/random reader did change in 1.10.7. I've been unable to
>>> replicate
>>> this crash but from the backtrace I do see a flow that would cause a
>>> crash
>>> if read() on the device returns an error.
>>>
>>> If you have any ability to repliacate this issue it would be great if
>>> you could strace the process and find the exact error that is being
>>> returned. Likely it is EAGAIN or similiar as we are using non-blocking
>>> reads, so if select returns readable and then in the intervening time
>>> some other process drains the /dev/random pool that would trigger this
>>> bug.
>>>
>>> This patch should fix the crash:
>>>
>>> #
>>> # old_revision [7f0a8fd7748331d87d6ec9ae013459e4c02c75e8]
>>> #
>>> # patch "src/entropy/dev_random/dev_random.cpp"
>>> #  from [cb24a224755a8464707182e5c3fbd5a92f4c3c6b]
>>> #    to [bf6aae02a86ec7a5f2ac82ca6493078e1d7fdb19]
>>> #
>>> ============================================================
>>> --- src/entropy/dev_random/dev_random.cpp
>>> cb24a224755a8464707182e5c3fbd5a92f4c3c6b
>>> +++ src/entropy/dev_random/dev_random.cpp
>>> bf6aae02a86ec7a5f2ac82ca6493078e1d7fdb19
>>> @@ -93,7 +93,9 @@ void Device_EntropySource::poll(Entropy_
>>>        if(FD_ISSET(devices[i], &read_set))
>>>           {
>>>           const ssize_t got = ::read(devices[i], &io_buffer[0],
>>> io_buffer.size());
>>> -         accum.add(&io_buffer[0], got, ENTROPY_BITS_PER_BYTE);
>>> +
>>> +         if(got > 0)
>>> +            accum.add(&io_buffer[0], got, ENTROPY_BITS_PER_BYTE);
>>>           }
>>>        }
>>>     }
>>>
>>> On Mon, Feb 03, 2014 at 03:57:29PM -0800, William K. Foster wrote:
>>> > Hello,
>>> >
>>> > I recently updated from Botan v1.10.5 to v1.10.7 and I've seen a SEGV
>>> that
>>> > is not easily reproducible in the RNG constructor:
>>> >
>>> > #1  0x00000000005c794e in GlobalSignalTermHandler (sig=11) at
>>> Param.cpp:1422
>>> > #2  <signal handler called>
>>> > #3  0x00000000006e4bdc in Botan::(anonymous
>>> > namespace)::SHA2_64::compress(Botan::MemoryRegion<unsigned long long>&,
>>> > unsigned char const*, unsigned long) ()
>>> > #4  0x00000000006dfd3f in Botan::MDx_HashFunction::add_data(unsigned
>>> char
>>> > const*, unsigned long) ()
>>> > #5  0x000000000080da34 in
>>> > Botan::Device_EntropySource::poll(Botan::Entropy_Accumulator&) ()
>>> > #6  0x00000000007d168e in Botan::HMAC_RNG::reseed(unsigned long) ()
>>> > #7  0x00000000007d4c9e in Botan::ANSI_X931_RNG::reseed(unsigned long)
>>> ()
>>> > #8  0x000000000077ade4 in
>>> > Botan::Library_State::make_global_rng(Botan::Algorithm_Factory&,
>>> > Botan::Mutex*) ()
>>> > #9  0x00000000006eac6b in Botan::Library_State::global_rng() ()
>>> > #10 0x00000000005cd2fb in Botan::AutoSeeded_RNG::AutoSeeded_RNG
>>> > (this=0x7fff204511d0) at
>>> ../../src/Botan/build/include/botan/auto_rng.h:40
>>> >
>>> > The calling code is doing a default constructor of an RNG:
>>> >
>>> >     Botan::AutoSeeded_RNG rng;
>>> >
>>> > This usually works, but on occasion I get a SEGV.
>>> >
>>> > Could this be related to changes between v1.10.5 and v1.10.7?
>>> >
>>> > Thanks.
>>> >
>>> > -William
>>>
>>> > _______________________________________________
>>> > botan-devel mailing list
>>> > botan-devel at randombit.net
>>> > http://lists.randombit.net/mailman/listinfo/botan-devel
>>>
>>> _______________________________________________
>>> botan-devel mailing list
>>> botan-devel at randombit.net
>>> http://lists.randombit.net/mailman/listinfo/botan-devel
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20140206/01072623/attachment-0001.html>


More information about the botan-devel mailing list