Initialization of secure memory ( Problem might be with libgcrypto )

SHREE DUTH AWASTHI shreeduth.awasthi at gmail.com
Thu Apr 11 12:38:11 CEST 2013


 Dear All,

Please find few minutes from your time and guide us with some pointers if
possible.

The issue is similar to
http://lists.gnupg.org/pipermail/gcrypt-devel/2008-December/001420.html (
Please see GDB output )

We are facing a libvirtd crash when we are trying to connect to qemu by
default TLS transport. i.e libvirt crash when trying to inquiry libvirt
version using curl with TLS

# virsh -c qemu+tls://localhost/system version
error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.
error: failed to connect to the hypervisor

I used my own CA and certificates (generated using
http://libvirt.org/remote.html#Remote_libvirtd_configuration on Redhat PC)
on both Kontron PC and our Board (with patched libvirt). Libvirtd.conf was
modified so that libvirt is listening all IPs using default IP (so that it
was possible to use same certificates on all machines)

These directories and files created and used.
/etc/pki/CA/cacert.pem
/etc/pki/libvirt/private/serverkey.pem
/etc/pki/libvirt/servercert.pem
/etc/pki/libvirt/private/clientkey.pem
/etc/pki/libvirt/clientcert.pem

TLS connection worked fine with Kontron PC

# virsh -c qemu+tls://localhost/system version
Compiled against library: libvir 0.9.5
Using library: libvir 0.9.5
Using API: QEMU 0.9.5
Running hypervisor: QEMU 0.12.1

But libvirt crashed on our Board (using libvirt 0.10.2,
gnutls-2.10.5-1_WR4.3.x86_64 and libudev-161-4 rpms,
libgcrypt-1.4.0-3_WR4.3.x86_64 )

# virsh -c qemu+tls://localhost/system version
error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.
error: failed to connect to the hypervisor

GDB:

Breakpoint 3, 0x00007f555bb07410 in gnutls_handshake () from
/usr/lib64/libgnutls.so.26
(gdb) c
Continuing.
Program received signal SIGABRT, Aborted.
0x00007f555a096005 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007f555a096005 in raise () from /lib64/libc.so.6
#1  0x00007f555a098e40 in abort () from /lib64/libc.so.6
#2  0x00007f555b87fdc5 in _gcry_logv (level=50, fmt=0x7f555b8c6170 "*operation
is not possible without initialized secure memory*\n",
    arg_ptr=0x7fff546e1130) at misc.c:136
#3  0x00007f555b8803d5 in _gcry_log_bug (fmt=0x48e0 <Address 0x48e0 out of
bounds>) at misc.c:220
#4  0x00007f555b885697 in _gcry_secmem_malloc_internal (size=<value
optimized out>) at secmem.c:497
#5  0x00007f555b88579c in _gcry_secmem_malloc (size=136) at secmem.c:522
#6  0x00007f555b880a65 in do_malloc (n=18656, flags=<value optimized out>,
mem=0x7fff546e1290) at global.c:553
#7  0x00007f555b880aa9 in _gcry_malloc_secure (n=18656) at global.c:592
#8  0x00007f555b880b19 in _gcry_xmalloc_secure (n=136) at global.c:746
#9  0x00007f555b8c35df in _gcry_mpi_alloc_limb_space (nlimbs=17,
secure=18656) at mpiutil.c:92
#10 0x00007f555b8c365f in _gcry_mpi_alloc_secure (nlimbs=17) at mpiutil.c:75
#11 0x00007f555b8b025a in secret (output=0x17cfa20, input=0x17d0480,
skey=0x6) at rsa.c:365
#12 0x00007f555b8b045a in _gcry_rsa_sign (algo=<value optimized out>,
resarr=0x17d0660, data=0x17d0480, skey=<value optimized out>) at rsa.c:608
#13 0x00007f555b88c1ef in pubkey_sign (r_sig=0x7fff546e1488, s_hash=<value
optimized out>, s_skey=<value optimized out>) at pubkey.c:692
#14 _gcry_pk_sign (r_sig=0x7fff546e1488, s_hash=<value optimized out>,
s_skey=<value optimized out>) at pubkey.c:1807
---Type <return> to continue, or q <return> to quit---
#15 0x00007f555bb29d8c in ?? () from /usr/lib64/libgnutls.so.26
#16 0x00007f555bb15e7a in ?? () from /usr/lib64/libgnutls.so.26
#17 0x00007f555bb1ddd6 in ?? () from /usr/lib64/libgnutls.so.26
#18 0x00007f555bb1e67f in ?? () from /usr/lib64/libgnutls.so.26
#19 0x00007f555bb1edaf in ?? () from /usr/lib64/libgnutls.so.26
#20 0x00007f555bb0af85 in ?? () from /usr/lib64/libgnutls.so.26
#21 0x00007f555bb06c55 in ?? () from /usr/lib64/libgnutls.so.26
#22 0x00007f555bb07437 in gnutls_handshake () from
/usr/lib64/libgnutls.so.26
#23 0x00007f555c8a961b in virNetTLSSessionHandshake () from
/usr/lib64/libvirt.so.0
#24 0x00007f555c89ea2b in virNetServerClientInit () from
/usr/lib64/libvirt.so.0
#25 0x00007f555c89c821 in ?? () from /usr/lib64/libvirt.so.0
#26 0x00007f555c8a012a in ?? () from /usr/lib64/libvirt.so.0
#27 0x00007f555c79fbf5 in virEventPollRunOnce () from
/usr/lib64/libvirt.so.0
#28 0x00007f555c79e825 in virEventRunDefaultImpl () from
/usr/lib64/libvirt.so.0
#29 0x00007f555c89c20d in virNetServerRun () from /usr/lib64/libvirt.so.0
#30 0x000000000040c830 in ?? ()

Please let us know if it is a known problem. If not, I will raise a new bug
for the same.

Thanking you in anticipation.

Thanks and Regards,
Shree Duth Awasthi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130411/65445c83/attachment.html>


More information about the Gcrypt-devel mailing list