gpgsm --gen-key segfault with ECC key on smartcard
Bertrand Jacquin
bertrand at jacquin.bzh
Wed Aug 19 23:27:50 CEST 2015
Hi,
I'm getting a SEGV running gpgsm --gen-key with GnuPG 2.1.6. The issue
comes from libksba. Here is a backtrace:
$ gpg --version
gpg (GnuPG) 2.1.6
libgcrypt 1.6.3
$ gdb gpgsm
GNU gdb (Gentoo 7.7.1 p1) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
(gdb) r --gen-key
Starting program: /usr/bin/gpgsm --gen-key
gpgsm (GnuPG) 2.1.6; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA
(2) Existing key
(3) Existing key from card
Your selection? 3
Serial number of the card: D276000124010200FFFE50FF6A060000
Available keys:
(1) 1EE6350B308927412446FE9E39191C9A2107D817 OPENPGP.1
(2) 41AC7E51641A4053606B139F18FDD044D49C0CF1 OPENPGP.3
Your selection? 2
Possible actions for a RSA key:
(1) sign, encrypt
(2) sign
(3) encrypt
Your selection? 2
Enter the X.509 subject name: o=test
Enter email addresses (end with an empty line):
> test at test
>
Enter DNS names (optional; end with an empty line):
>
Enter URIs (optional; end with an empty line):
>
Create self-signed certificate? (y/N)
These parameters are used:
Key-Type: card:OPENPGP.3
Key-Length: 1024
Key-Usage: sign
Name-DN: o=test
Name-Email: test at test
Proceed with creation? (y/N) y
Now creating certificate request. This may take a while ...
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff76ba49c in get_ecc_curve_oid (buf=0x0, buflen=7, r_oidlen=r_oidlen at entry=0x7fffffffd070) at /usr/src/debug/dev-libs/libksba-1.3.3/libksba-1.3.3/src/keyinfo.c:328
328 buflen = strlen (curve_names[i].name);
(gdb) bt
#0 0x00007ffff76ba49c in get_ecc_curve_oid (buf=0x0, buflen=7, r_oidlen=r_oidlen at entry=0x7fffffffd070) at /usr/src/debug/dev-libs/libksba-1.3.3/libksba-1.3.3/src/keyinfo.c:328
#1 0x00007ffff76d5683 in _ksba_keyinfo_from_sexp (sexp=sexp at entry=0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))", r_der=0x69b908, r_derlen=0x69b910)
at /usr/src/debug/dev-libs/libksba-1.3.3/libksba-1.3.3/src/keyinfo.c:1055
#2 0x00007ffff76cff54 in _ksba_certreq_set_public_key (cr=<optimized out>, key=key at entry=0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))")
at /usr/src/debug/dev-libs/libksba-1.3.3/libksba-1.3.3/src/certreq.c:355
#3 0x00007ffff76bac85 in ksba_certreq_set_public_key (cr=<optimized out>, key=key at entry=0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))")
at /usr/src/debug/dev-libs/libksba-1.3.3/libksba-1.3.3/src/visibility.c:888
#4 0x0000000000425b3a in create_request (writer=<optimized out>, sigkey=0x0, public=0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))", carddirect=0x696980 "OPENPGP.3", para=0x673ac0,
ctrl=0x7fffffffdb40) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/certreqgen.c:909
#5 proc_parameters (ctrl=ctrl at entry=0x7fffffffdb40, para=para at entry=0x673ac0, out_fp=out_fp at entry=0x671940, outctrl=outctrl at entry=0x7fffffffd460) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/certreqgen.c:752
#6 0x0000000000426fa8 in read_parameters (ctrl=ctrl at entry=0x7fffffffdb40, fp=fp at entry=0x696ec0, out_fp=out_fp at entry=0x671940) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/certreqgen.c:390
#7 0x00000000004270bb in gpgsm_genkey (ctrl=ctrl at entry=0x7fffffffdb40, in_stream=in_stream at entry=0x696ec0, out_stream=out_stream at entry=0x671940) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/certreqgen.c:1361
#8 0x0000000000427924 in gpgsm_gencertreq_tty (ctrl=ctrl at entry=0x7fffffffdb40, output_stream=output_stream at entry=0x671940) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/certreqgen-ui.c:408
#9 0x000000000040a66a in main (argc=0, argv=0x7fffffffdce8) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/gpgsm.c:1895
(gdb) fr 0
#0 0x00007ffff76ba49c in get_ecc_curve_oid (buf=0x0, buflen=7, r_oidlen=r_oidlen at entry=0x7fffffffd070) at /usr/src/debug/dev-libs/libksba-1.3.3/libksba-1.3.3/src/keyinfo.c:328
328 buflen = strlen (curve_names[i].name);
(gdb) info args
buf = 0x0
buflen = 7
r_oidlen = 0x7fffffffd070
(gdb) print curve_names
$1 = {{
oid = 0x7ffff76dc3c0 "1.2.840.10045.3.1.1",
name = 0x7ffff76dc3d4 "NIST P-192"
}, {
oid = 0x7ffff76dc3c0 "1.2.840.10045.3.1.1",
name = 0x7ffff76dc3df "prime192v1"
}, {
oid = 0x7ffff76dc3c0 "1.2.840.10045.3.1.1",
name = 0x7ffff76dc3ea "secp192r1"
}, {
oid = 0x7ffff76dc3f4 "1.3.132.0.33",
name = 0x7ffff76dc401 "secp224r1"
}, {
oid = 0x7ffff76dc40b "1.2.840.10045.3.1.7",
name = 0x7ffff76dc41f "NIST P-256"
}, {
oid = 0x7ffff76dc40b "1.2.840.10045.3.1.7",
name = 0x7ffff76dc42a "prime256v1"
}, {
oid = 0x7ffff76dc40b "1.2.840.10045.3.1.7",
name = 0x7ffff76dc435 "secp256r1"
}, {
oid = 0x7ffff76dc43f "1.3.132.0.34",
name = 0x7ffff76dc44c "secp384r1"
}, {
oid = 0x7ffff76dc456 "1.3.132.0.35",
name = 0x7ffff76dc463 "secp521r1"
}, {
oid = 0x7ffff76dc46d "1.3.36.3.3.2.8.1.1.1",
name = 0x7ffff76dc482 "brainpoolP160r1"
}, {
oid = 0x7ffff76dc492 "1.3.36.3.3.2.8.1.1.3",
name = 0x7ffff76dc4a7 "brainpoolP192r1"
}, {
oid = 0x7ffff76dc4b7 "1.3.36.3.3.2.8.1.1.5",
name = 0x7ffff76dc4cc "brainpoolP224r1"
}, {
oid = 0x7ffff76dc4dc "1.3.36.3.3.2.8.1.1.7",
name = 0x7ffff76dc4f1 "brainpoolP256r1"
}, {
oid = 0x7ffff76dc501 "1.3.36.3.3.2.8.1.1.9",
name = 0x7ffff76dc516 "brainpoolP320r1"
}, {
oid = 0x7ffff76dc526 "1.3.36.3.3.2.8.1.1.11",
name = 0x7ffff76dc53c "brainpoolP384r1"
}, {
oid = 0x7ffff76dc54c "1.3.36.3.3.2.8.1.1.13",
name = 0x7ffff76dc562 "brainpoolP512r1"
}, {
oid = 0x0,
name = 0x0
}}
(gdb) print i
$2 = <optimized out>
(gdb) print buflen
$3 = 7
(gdb) fr 1
#1 0x00007ffff76d5683 in _ksba_keyinfo_from_sexp (sexp=sexp at entry=0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))", r_der=0x69b908, r_derlen=0x69b910)
at /usr/src/debug/dev-libs/libksba-1.3.3/libksba-1.3.3/src/keyinfo.c:1055
1055 curve_oid = get_ecc_curve_oid (parm[idxtbl[0]].value,
(gdb) info args
sexp = 0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))"
r_der = 0x69b908
r_derlen = 0x69b910
(gdb) fr 2
#2 0x00007ffff76cff54 in _ksba_certreq_set_public_key (cr=<optimized out>, key=key at entry=0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))")
at /usr/src/debug/dev-libs/libksba-1.3.3/libksba-1.3.3/src/certreq.c:355
355 return _ksba_keyinfo_from_sexp (key, &cr->key.der, &cr->key.derlen);
(gdb) info args
cr = <optimized out>
key = 0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))"
(gdb) fr 3
#3 0x00007ffff76bac85 in ksba_certreq_set_public_key (cr=<optimized out>, key=key at entry=0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))")
at /usr/src/debug/dev-libs/libksba-1.3.3/libksba-1.3.3/src/visibility.c:888
888 return _ksba_certreq_set_public_key (cr, key);
(gdb) info args
cr = <optimized out>
key = 0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))"
(gdb) fr 4
#4 0x0000000000425b3a in create_request (writer=<optimized out>, sigkey=0x0, public=0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))", carddirect=0x696980 "OPENPGP.3", para=0x673ac0,
ctrl=0x7fffffffdb40) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/certreqgen.c:909
909 err = ksba_certreq_set_public_key (cr, public);
(gdb) info args
writer = <optimized out>
sigkey = 0x0
public = 0x69b000 "(10:public-key(3:ecc(5:curve7:Ed25519)(5:flags5:eddsa)(1:q32:\371_c\373\331|\237\062\253a\306\376\347\377\356\260\376`f\305r\333C\001\344Ք\346\370\224\034Y)))"
carddirect = 0x696980 "OPENPGP.3"
para = 0x673ac0
ctrl = 0x7fffffffdb40
(gdb) fr 5
#5 proc_parameters (ctrl=ctrl at entry=0x7fffffffdb40, para=para at entry=0x673ac0, out_fp=out_fp at entry=0x671940, outctrl=outctrl at entry=0x7fffffffd460) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/certreqgen.c:752
752 rc = create_request (ctrl, para, cardkeyid, public, sigkey, writer);
(gdb) info args
ctrl = 0x7fffffffdb40
para = 0x673ac0
out_fp = 0x671940
outctrl = 0x7fffffffd460
(gdb) fr 6
#6 0x0000000000426fa8 in read_parameters (ctrl=ctrl at entry=0x7fffffffdb40, fp=fp at entry=0x696ec0, out_fp=out_fp at entry=0x671940) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/certreqgen.c:390
390 rc = proc_parameters (ctrl, para, out_fp, &outctrl);
(gdb) info args
ctrl = 0x7fffffffdb40
fp = 0x696ec0
out_fp = 0x671940
(gdb) fr 7
#7 0x00000000004270bb in gpgsm_genkey (ctrl=ctrl at entry=0x7fffffffdb40, in_stream=in_stream at entry=0x696ec0, out_stream=out_stream at entry=0x671940) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/certreqgen.c:1361
1361 rc = read_parameters (ctrl, in_stream, out_stream);
(gdb) info args
ctrl = 0x7fffffffdb40
in_stream = 0x696ec0
out_stream = 0x671940
(gdb) fr 8
#8 0x0000000000427924 in gpgsm_gencertreq_tty (ctrl=ctrl at entry=0x7fffffffdb40, output_stream=output_stream at entry=0x671940) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/certreqgen-ui.c:408
408 err = gpgsm_genkey (ctrl, fp, output_stream);
(gdb) info args
ctrl = 0x7fffffffdb40
output_stream = 0x671940
(gdb) fr 9
#9 0x000000000040a66a in main (argc=0, argv=0x7fffffffdce8) at /usr/src/debug/app-crypt/gnupg-2.1.6/gnupg-2.1.6/sm/gpgsm.c:1895
1895 gpgsm_gencertreq_tty (&ctrl, fpout);
(gdb) info args
argc = 0
argv = 0x7fffffffdce8
Is there any other information that I can provide ?
Thanks,
--
Bertrand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: Digital signature
URL: </pipermail/attachments/20150819/1b4237d9/attachment.sig>
More information about the Gnupg-devel
mailing list