[Bug 1746921] [NEW] gpg-agent crashes when servicing concurrent connections

[Amul Shah]

Public bug reported:

A defect in the gpg-agent causes it to crash while servicing multiple
concurrent private decryption requests. This bug has been fixed in the
upstream (see https://dev.gnupg.org/T3530) in GnuPG 2.2.4 and libgcrypt
1.8.2.

Users with larger keys will see this problem more often and
persistently.

I made the following bug report to Debian https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882985
-------
As reported in the gnupg mailing list (thread links below), the
gpg-agent failed to decrypt secret keys for client applications when a
large number of concurrent requests were made.

libgcrypt takes care to manage secure memory. It allocates pools of
memory in SECMEM_BUFFER_SIZE size chunks. The first of these pools is
mlock()ed to prevent swapping. Certain secure memory allocation only
use memory from this first pool. If this first pool is full, libgcrypt
reported an ENOMEM error up to the caller.

In the case of the gpg-agent, it failed to decrypt private keys when it
received a large number of concurrent key decryption requests. These
decryption failures resulted in intermittment to short periods of
persistent failures in calling applications.

libgcrypt 1.8.1 contains the needed fixes and is compatile with GnuPG
2.1. Specific changes also need to be back ported to GnuPG 2.1 to take
advantage of these options. These changes are trivial to backport.

Mailing list threads:
https://lists.gnupg.org/pipermail/gnupg-devel/2017-June/032937.html
https://lists.gnupg.org/pipermail/gnupg-devel/2017-November/033280.html
-------

Related issues:
https://dev.gnupg.org/T3606 - failed to build S-Exp (off=0): Cannot allocate memory
https://dev.gnupg.org/T3473 - gnupg agent configurable backlog for sockets

** Affects: gnupg2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1746921

Title:
  gpg-agent crashes when servicing concurrent connections

Status in gnupg2 package in Ubuntu:
  New

Bug description:
  A defect in the gpg-agent causes it to crash while servicing multiple
  concurrent private decryption requests. This bug has been fixed in the
  upstream (see https://dev.gnupg.org/T3530) in GnuPG 2.2.4 and
  libgcrypt 1.8.2.

  Users with larger keys will see this problem more often and
  persistently.

  I made the following bug report to Debian https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882985
  -------
  As reported in the gnupg mailing list (thread links below), the
  gpg-agent failed to decrypt secret keys for client applications when a
  large number of concurrent requests were made.

  libgcrypt takes care to manage secure memory. It allocates pools of
  memory in SECMEM_BUFFER_SIZE size chunks. The first of these pools is
  mlock()ed to prevent swapping. Certain secure memory allocation only
  use memory from this first pool. If this first pool is full, libgcrypt
  reported an ENOMEM error up to the caller.

  In the case of the gpg-agent, it failed to decrypt private keys when it
  received a large number of concurrent key decryption requests. These
  decryption failures resulted in intermittment to short periods of
  persistent failures in calling applications.

  libgcrypt 1.8.1 contains the needed fixes and is compatile with GnuPG
  2.1. Specific changes also need to be back ported to GnuPG 2.1 to take
  advantage of these options. These changes are trivial to backport.

  Mailing list threads:
  https://lists.gnupg.org/pipermail/gnupg-devel/2017-June/032937.html
  https://lists.gnupg.org/pipermail/gnupg-devel/2017-November/033280.html
  -------

  Related issues:
  https://dev.gnupg.org/T3606 - failed to build S-Exp (off=0): Cannot allocate memory
  https://dev.gnupg.org/T3473 - gnupg agent configurable backlog for sockets

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1746921/+subscriptions