Ubuntu
libgcrypt11 package

On my PC, gcry_cipher_encrypt() doesn't release all x87 FPU data registers .

Bug #1105758 reported by Mitsutoshi NAKANO
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libgcrypt11 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

1)
Description: Xubuntu 12.10 desktop i386
Release: 12.10
PC: Sony PCG-SRX7S/P Memory 512 M byte http://www.sony.jp/products/biz/vaio/PCG-SRX7S_P/spec.html
Chipset: Intel 815EM
$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 11
model name : Mobile Intel(R) Pentium(R) III CPU - M 900MHz
stepping : 4
microcode : 0x2
cpu MHz : 500.000
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pse36 mmx fxsr sse up
bogomips : 993.64
clflush size : 32
cache_alignment : 32
address sizes : 36 bits physical, 32 bits virtual
power management:
$ uname -a
Linux loghost 3.5.0-22-generic #34-Ubuntu SMP Tue Jan 8 21:41:11 UTC 2013 i686 i686 i686 GNU/Linux

2)
libgcrypt11 1.5.0-3ubuntu1
gnome-keyring 3.6.1-0ubuntu1

3) What you expected to happen
$apt-get -b source gnome-keyring
$cd gnome-keyring-3.6.1/
$make -k check | tee make-k-check2.txt
 →all check OK

4) What happened instead
 → but /gnome2-store/import/pkcs12: was FAIL on the PC .
See also https://dl.dropbox.com/u/86335040/make-k-check2.txt .

5) I analyzed the gnome-keyring program.
So I found that gcry_cipher_encrypt() doesn't release all x87 FPU data registers .
Then -nan goes into a variable subsequent processing.

This problem found on the test of /gnome2-store/import/pkcs12 on
gnome-keyring-3.6.1,
function is encrypt_buffer() in gnome-keyring-3.6.1/pkcs11/gnome2-store/gkm-gnome2-file.c .

I wrote a reappearance program .
https://dl.dropbox.com/u/86335040/bug.tar.gz .
Please check it, and please fix this problem

See also https://forums.ubuntulinux.jp/viewtopic.php?id=14643
and http://d.hatena.ne.jp/Itisango/searchdiary?word=%2A%5Bgnome-keyring%5D .

Thanks .

CVE References

Revision history for this message
Mitsutoshi NAKANO (bkbin005) wrote :

Hi .
I found the position of the problem, then I wrote a patch .
When adapted in this patch, the test of gnome-keyring was OK .
However, I cannot judge whether this correction is right .
And I cannot judge whether there is the same problem as other parts .
I want you to check these .

And although "libgcrypt11:i386" is the i386 architecture, I cannot judge whether it is allowed to call MMX instructions by the i386 architecture.
Then, I wish for the view from intellectuals .

Thanks .

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "rijndael.c.diff" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Revision history for this message
Mitsutoshi NAKANO (bkbin005) wrote :

The patch was released to Gcrypt-devel ML ( http://lists.gnupg.org/mailman/listinfo/gcrypt-devel ) .
For the people troubled by this problem, I wrote that how to apply the patch

*** How to apply the patch . ***

1. Get source .
$apt-get -b source libgcrypt11
$ cd libgcrypt11-1.5.0

NOTE: Additional packages may be required at this time and you may become an error.
      Follow directions then .
   ex) $ sudo apt-get install dpkg-dev
       $ sudo apt-get install debhelper texlive-latex-base texlive-generic-recommended texinfo cdbs libgpg-error-dev autotools-dev

2. Get the patch .
2.1. Access by your Web browser to http://marc.info/?l=gcrypt-devel&m=135944673925649&w=2
2.2. Start your editor.
$vi mail.patch
2.3. Copy&paste the mail message whole sentence .
2.4. Save it
NOTE: Don't use wget .

3. Apply the patch .
$ patch -p1 -b <mail.patch

4. Check updating .
$ diff cipher/rijndael.c.orig cipher/rijndael.c | less

5. Build it .
$ make

6. Test it .
$ make check
$ echo $?
0

7. Install it .
$ sudo make install
$ sudo ldconfig

8. Test the application with which the problem had occurred .
ex) $ chromium-browser --password-store=gnome

Thanks all .

Koichi Akabe (vbkaisetsu)
Changed in libgcrypt11 (Ubuntu):
status: New → In Progress
Revision history for this message
Andreas Metzler (k-launchpad-downhill-at-eu-org) wrote :

This included in Debian's 1.5.0-5.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libgcrypt11 - 1.5.3-2ubuntu1

---------------
libgcrypt11 (1.5.3-2ubuntu1) trusty; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - no-global-init-thread-callbacks.diff: Do not call global_init when
      setting thread callbacks

libgcrypt11 (1.5.3-2) unstable; urgency=low

  * Convert to dh and move building of ps and html docs to
    override_dh_auto_build-indep. Enable parallel building.

libgcrypt11 (1.5.3-1) unstable; urgency=high

  * New upstream bugfix release. (CVE-2013-4242)

libgcrypt11 (1.5.2-3) unstable; urgency=low

  * Install libgcrypt.a and libgcrypt.so to /usr.
  * [15_multiarchpath_in_-L.diff] Do not print -L/lib/i386-linux-gnu on
    "libgcrypt-config --libs".
  * Use debhelper v9 mode. This allows us to mark libgcrypt11-dbg Multi-Arch:
    same.

libgcrypt11 (1.5.2-2) unstable; urgency=low

  * Upload to unstable.
  * Fix vcs-field-not-canonical lintian error by refering to anonscm instead
    of svn.debian.org.
  * Update info in debian/copyright from upstream's README, fixing typo 'teh'.
  * Delete some outdated and unused code in debian/rules.

libgcrypt11 (1.5.2-1) experimental; urgency=low

  * New upstream version.
    + IDEA support added.
  * Move list of supported algorithms to a separate paragraph in description
    to decrease work-load of translators. Closes: #640261
  * Move TeX-packages from b-d to Build-Depends-Indep. (Thanks, P. J.
    McDermott) Closes: #682597

libgcrypt11 (1.5.1-1) experimental; urgency=low

  * Point watchfile to stable release.
  * New upstream version.
  * Drop superfluous patches:
    29_Fix-a-problem-with-select-and-high-fds.patch
    30_Avoid-dereferencing-pointer-right-after-the-end.patch
    31_Fix-segv-with-AES-NI-on-some-platforms.patch
    32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
  * Bump version gcry_control@GCRYPT_1.2 in debian/libgcrypt11.symbols from
    1.4.5 to 1.5.1 since its argument enum has a new member.

libgcrypt11 (1.5.0-5) unstable; urgency=low

  * While we are at it also pick
    29_Fix-a-problem-with-select-and-high-fds.patch
    LP: #1084279

libgcrypt11 (1.5.0-4) unstable; urgency=low

  * Pull patches from upstream LIBGCRYPT-1-5-BRANCH:
      30_Avoid-dereferencing-pointer-right-after-the-end.patch
      31_Fix-segv-with-AES-NI-on-some-platforms.patch
         <https://bugs.g10code.com/gnupg/issue1452> LP: #1105758
      32_libgcrypt-1.5-rinjdael-Fix-use-of-SSE2-outside-USE_A.patch
    Closes: #699034
 -- Seth Arnold <email address hidden> Wed, 27 Nov 2013 10:36:27 -0800

Changed in libgcrypt11 (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.