[Bug 32461] New: Evolve client (.NET 4.0 app) crashes on startup due to broken libgcrypt AES-NI support (misaligned stack for SSE operations, upstream)

wine-bugs at winehq.org wine-bugs at winehq.org
Sun Dec 16 11:45:45 CST 2012


http://bugs.winehq.org/show_bug.cgi?id=32461

             Bug #: 32461
           Summary: Evolve client (.NET 4.0 app) crashes on startup due to
                    broken libgcrypt AES-NI support (misaligned stack for
                    SSE operations, upstream)
           Product: Wine
           Version: 1.5.19
          Platform: x86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: -unknown
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: focht at gmx.net
    Classification: Unclassified


Hello folks,

continuation of bug 32408
Adding this bug for documentation purposes.

Prerequisite: 'winetricks -q dotnet40' (32-bit WINEPREFIX)
Optional (the client will download/install on its own): 'winetricks -q msxml6'

The app crashes in libgcrypt.
With proper debug symbols for i686 libgcrypt we get:

--- snip ---
$ winedbg --gdb ./Updater.exe

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 62]
0x7e29453d in do_aesni_enc_aligned (
    a=0x7e2cb398
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275]\036\362\r\316ּ\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004",
<incomplete sequence \343>, b=0x577d3a4 "\360R'~o\004", ctx=0x577d1a8) at
rijndael.c:710
710      asm volatile ("movdqu %[src], %%xmm0\n\t"     /* xmm0 := *a     */

Wine-gdb> bt

#0  0x7e29453d in do_aesni_enc_aligned (
    a=0x7e2cb398
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275]\036\362\r\316ּ\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004",
<incomplete sequence \343>, b=0x577d3a4 "\360R'~o\004", ctx=0x577d1a8) at
rijndael.c:710

#1  do_aesni (ctx=0x577d1a8, decrypt_flag=0, bx=0x577d3a4 "\360R'~o\004", 
    ax=0x7e2cb398
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275]\036\362\r\316ּ\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004",
<incomplete sequence \343>) at rijndael.c:1132

#2  0x7e294946 in rijndael_encrypt (context=0x577d1a8, b=0x577d3a4
"\360R'~o\004", 
    a=0x7e2cb398
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275]\036\362\r\316ּ\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004",
<incomplete sequence \343>) at rijndael.c:1155

#3  0x7e294f58 in selftest_basic_128 () at rijndael.c:1660

#4  0x7e294aff in selftest () at rijndael.c:1749

#5  do_setkey (keylen=16, key=0x7c906678
"!\312{\226\200j\356\030\247\256S\241\344\202", <incomplete sequence \304>,
ctx=0x7c908670) at rijndael.c:209

#6  rijndael_setkey (context=0x7c908670, key=0x7c906678
"!\312{\226\200j\356\030\247\256S\241\344\202", <incomplete sequence \304>,
keylen=16) at rijndael.c:444

#7  0x7e278df8 in cipher_setkey (c=0x7c9085f0, key=<optimized out>, keylen=16)
at cipher.c:896

#8  0x7e26e5b4 in gcry_cipher_setkey (hd=0x7c9085f0, key=0x7c906678, keylen=16)
at visibility.c:521

#9  0x7e39743c in wrap_gcry_cipher_setkey (ctx=0x7c9085f0, key=0x7c906678,
keysize=16) at cipher.c:115

#10 0x7e31e462 in _gnutls_cipher_init (handle=0x7c901c64,
cipher=GNUTLS_CIPHER_AES_128_CBC, key=0x7c901c5c, iv=0x7c901c54) at
gnutls_cipher_int.c:71

#11 0x7e3294f7 in _gnutls_init_record_state (params=0x7c901c38, read=1,
state=0x7c901c4c) at gnutls_constate.c:299

#12 0x7e329ac8 in _gnutls_epoch_set_keys (session=0x7c901290, epoch=1) at
gnutls_constate.c:431

#13 0x7e32a198 in _gnutls_write_connection_state_init (session=0x7c901290) at
gnutls_constate.c:602

#14 0x7e31280d in _gnutls_send_handshake_final (session=0x7c901290, init=1) at
gnutls_handshake.c:2888

#15 0x7e315e41 in _gnutls_handshake_common (session=0x7c901290) at
gnutls_handshake.c:3121

#16 0x7e31781e in gnutls_handshake (session=0x7c901290) at
gnutls_handshake.c:2690

#17 0x7e4c1a1a in schan_imp_handshake (session=0x7c901290) at
/home/focht/projects/wine/wine-git/dlls/secur32/schannel_gnutls.c:162

#18 0x7e4bff6c in schan_InitializeSecurityContextW (phCredential=0x188ed0,
phContext=0x54ad0b0, pszTargetName=0xfc01bc, fContextReq=524572, Reserved1=0,
TargetDataRep=16, 
    pInput=0x12da3bc, Reserved2=0, phNewContext=0x577d7f0, pOutput=0x12da3d0,
pfContextAttr=0x11c3138, ptsExpiry=0x577d8e8)
    at /home/focht/projects/wine/wine-git/dlls/secur32/schannel.c:766

#19 0x7e4c9180 in InitializeSecurityContextW (phCredential=0x577d8f0,
phContext=0x577d9f4, pszTargetName=0xfc01bc, fContextReq=524572, Reserved1=0,
TargetDataRep=16, 
    pInput=0x12da3bc, Reserved2=0, phNewContext=0x11c6bfc, pOutput=0x12da3d0,
pfContextAttr=0x11c3138, ptsExpiry=0x577d8e8)
    at /home/focht/projects/wine/wine-git/dlls/secur32/wrapper.c:346
...
--- snip ---

Source:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=cipher/rijndael.c;h=a2aedf01f0efa5e9969c99d7791f5034bf5dd54f;hb=a96974de734beb51a733a89b3283bcf7b433b54c#l1626

--- snip ---
1626 /* Run the self-tests for AES 128.  Returns NULL on success. */
1627 static const char*
1628 selftest_basic_128 (void)
1629 {
1630   RIJNDAEL_context ctx;
1631   unsigned char scratch[16];
1632
...
1672
1673   rijndael_setkey (&ctx, key_128, sizeof (key_128));
1674   rijndael_encrypt (&ctx, scratch, plaintext_128);
1675   if (memcmp (scratch, ciphertext_128, sizeof (ciphertext_128)))
1676      return "AES-128 test encryption failed.";
1677   rijndael_decrypt (&ctx, scratch, scratch);
1678   if (memcmp (scratch, plaintext_128, sizeof (plaintext_128)))
1679     return "AES-128 test decryption failed.";
1680
1681   return NULL;
1682 }
--- snip ---

"RIJNDAEL_context ctx" was not properly 16-byte aligned on stack, hence the
crash in encrypt using SSE instructions.

Using big brother I found some reports about this problem:

---
Gentoo "dev-libs/libgcrypt-1.5.0-r2 - aes-ni segfaults"

buglink: https://bugs.gentoo.org/show_bug.cgi?id=442568

patch:
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/libgcrypt/files/libgcrypt-1.5.0-aesni.patch?view=markup

---
Debian "libgcrypt11: New 1.5.0 version segfaults with NSS/PAM LDAP"

buglink: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643336

---
Upstream libgcrypt

buglink: https://bugs.g10code.com/gnupg/issue1452

patch:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=a96974de734beb51a733a89b3283bcf7b433b54c

---

The "final" patch (using __attribute__ ((aligned (16))) on "RIJNDAEL_context"
structure) did not fix the issue for me.

At least on my Fedora 16, gcc version 4.6.3 20120306 (Red Hat 4.6.3-2) still
misaligned context buffers, causing segfault.

I added "-mpreferred-stack-boundary=2" to CFLAGS to force gcc to realign the
stack in function prolog.

Fixed prolog code:

--- snip ---
.text:08001EE0 selftest_basic_128:
.text:08001EE0   push    ebp
.text:08001EE1   mov     ebp, esp
.text:08001EE3   lea     esp, [esp-0Ch]
.text:08001EE7   and     esp, 0FFFFFFF0h
.text:08001EEA   lea     esp, [esp-22Ch]
...
--- snip ---

I suspect there are various other distros still broken regarding this bug hence
you need to build a fixed libgcrypt version on your own.

Regards

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.


More information about the wine-bugs mailing list