Follow-up to Crashes with gpg-agent 2.1.18

Matthew Summers matthew.summers at syapse.com
Thu Jun 1 17:53:55 CEST 2017


WIth the latest release I still experience errors with parallel
decryption (10 in parallel) using a 4096 bit RSA key.

```
GPG fails with: gpg: decryption failed: No secret key
```

GPG-Agent displays the following error msgs (log level guru) for ~15 -
25% of the decrypt operations.

```
DBG: rsa_decrypt    => Cannot allocate memory
decryption failed: Cannot allocate memory
command 'PKDECRYPT' failed: Cannot allocate memory <gcrypt>
DBG: chan_19 -> ERR 16810070 Cannot allocate memory <gcrypt>
```

If I push the parallelism up to 50, I can basically destroy the agent,
98% of decrypt operations fail, where it crashes in a similar manner
as we see here:
https://lists.gnutls.org/pipermail/gnupg-users/2017-March/057940.html

gpg-agent[2191] command 'PKDECRYPT' failed: Cannot allocate memory <gcrypt>
gpg-agent[2191] DBG: chan_15 -> ERR 16810070 Cannot allocate memory <gcrypt>
gpg-agent[2191] DBG: chan_15 <- [eof]
gpg-agent[2191] DBG: rsa_decrypt  res: [out of core]
gpg-agent[2191] Ohhhh jeeee: ... this is a bug (sexp.c:1433:do_vsexp_sscan)

At the time of the error there is at least 10GB of free RAM available.
I have also increased the ulimits to the following (basically
unlimited for everything).
data seg size unlimited
max locked memory unlimted
max memory size unlimited
stack size unlimited
virtual memory unlimited

gpg (GnuPG) 2.1.21
libgcrypt 1.7.6
npth 1.4

It may be notable that when using a smartcard (yubikey4 or nitrokey),
it appears that all decrypt operations are serialized and we see no
failures. None.

We are testing in the following manner (default-recipient is a local
4096 rsa key)
```
echo test | gpg -aer -o gpg.asc
yes gpg.asc | head -n 50 | xargs -n 1 -P 50 gpg -qd
```
We change the number 50 in both places to alter the level of parallelism.


Any help here would be greatly appreciated.

Kind Regards,
Matt Summers



More information about the Gnupg-devel mailing list