-
-
I am aware of the
dnstap
issue and I have an idea for a fix.As for
verify
, it looks weird, I do not think I have seen that failure mode yet. Does it fail reliably or intermittently? -
It fails fairly reliably. I let it run in infinite loop and in ~15th iteration (in about 2 minutes) it fails like this:
genzones.sh: line 67: 981 Bus error (core dumped) $KEYGEN -a rsasha256 ${zone} > kg1.out$n 2>&1
The core dump notice is not always visible in terminal, but
coredumpctl(1)
gathers them reliably, so I gathered 10 cores frombin/dnssec/dnssec-keygen
and few frombin/dnssec/dnssec-signzone
.dmesg
:traps: dnssec-keygen[981] trap stack segment ip:7fb63473d335 sp:7ffdf49db438 error:0 in libcrypto.so.1.1.1c[7fb6346e7000+1a5000]
Sometimes the test passed even though
dnssec-keygen
dumped core.Upon investigation the culprit seems to be deepen in the stack, likely in
libcrypto.so.1.1
ofopenssl-1.1.1c-2.fc30.x86_64
:(gdb) info threads Id Target Id Frame * 1 Thread 0x7fb63406a840 (LWP 981) bn_sqr8x_internal () at crypto/bn/x86_64-mont5.s:1759 (gdb) bt #0 bn_sqr8x_internal () at crypto/bn/x86_64-mont5.s:1759 #1 0x00007fb63473cce5 in bn_power5 () at crypto/bn/x86_64-mont5.s:1171 #2 0x00007fb63472a871 in BN_mod_exp_mont_consttime (rr=rr@entry=0xff0790, a=<optimized out>, a@entry=0xff0790, p=p@entry=0xff0778, m=m@entry=0xff27c0, ctx=ctx@entry=0xff06e0, in_mont=in_mont@entry=0xfef0c0) at crypto/bn/bn_exp.c:1007 #3 0x00007fb63472aa5b in BN_mod_exp_mont (rr=rr@entry=0xff0790, a=a@entry=0xff0790, p=p@entry=0xff0778, m=m@entry=0xff27c0, ctx=ctx@entry=0xff06e0, in_mont=in_mont@entry=0xfef0c0) at crypto/bn/bn_exp.c:310 #4 0x00007fb634732596 in witness (mont=0xfef0c0, ctx=0xff06e0, k=4, a1_odd=0xff0778, a1=0xff0748, a=0xff27c0, w=0xff0790) at crypto/bn/bn_prime.c:248 #5 BN_is_prime_fasttest_ex (cb=0xfeca70, do_trial_division=<optimized out>, ctx_passed=0xff06e0, checks=<optimized out>, a=0xff27c0) at crypto/bn/bn_prime.c:222 #6 BN_is_prime_fasttest_ex (a=0xff27c0, checks=<optimized out>, ctx_passed=0xff06e0, do_trial_division=<optimized out>, cb=0xfeca70) at crypto/bn/bn_prime.c:150 #7 0x00007fb634732c51 in BN_generate_prime_ex (ret=ret@entry=0xff27c0, bits=bits@entry=1024, safe=safe@entry=0, add=add@entry=0x0, rem=rem@entry=0x0, cb=cb@entry=0xfeca70) at crypto/bn/bn_prime.c:103 #8 0x00007fb634828244 in rsa_builtin_keygen (cb=0xfeca70, e_value=<optimized out>, primes=2, bits=<optimized out>, rsa=<optimized out>) at crypto/rsa/rsa_gen.c:523 #9 RSA_generate_multi_prime_key (rsa=<optimized out>, bits=<optimized out>, primes=2, e_value=<optimized out>, cb=0xfeca70) at crypto/rsa/rsa_gen.c:153 #10 0x00000000004caeb0 in opensslrsa_generate (key=0x7fb63402e010, exp=0, callback=0x423620 <progress>) at opensslrsa_link.c:501 #11 0x00000000004c039d in dst_key_generate (name=name@entry=0x7ffdf49dbcb0, alg=8, bits=bits@entry=2048, param=param@entry=0, flags=flags@entry=256, protocol=protocol@entry=3, rdclass=1, mctx=0xfc93a0, keyp=0x7ffdf49dbb20, callback=0x423620 <progress>) at dst_api.c:871 #12 0x0000000000422734 in main (argc=<optimized out>, argv=<optimized out>) at dnssec-keygen.c:787 (gdb) bt full #0 bn_sqr8x_internal () at crypto/bn/x86_64-mont5.s:1759 No locals. #1 0x00007fb63473cce5 in bn_power5 () at crypto/bn/x86_64-mont5.s:1171 No locals. #2 0x00007fb63472a871 in BN_mod_exp_mont_consttime (rr=rr@entry=0xff0790, a=<optimized out>, a@entry=0xff0790, p=p@entry=0xff0778, m=m@entry=0xff27c0, ctx=ctx@entry=0xff06e0, in_mont=in_mont@entry=0xfef0c0) at crypto/bn/bn_exp.c:1007 n0 = 0xfef110 np = <optimized out> i = <optimized out> bits = 870 ret = 0 window = <optimized out> wvalue = <optimized out> wmask = 15 window0 = 4 top = 16 mont = <optimized out> numPowers = <optimized out> powerbufFree = 0xffabb0 "" powerbufLen = <optimized out> powerbuf = <optimized out> tmp = {d = 0xffbbc0, top = 16, dmax = 16, neg = 0, flags = 2} am = {d = 0xffbc40, top = 16, dmax = 16, neg = 0, flags = 2} #3 0x00007fb63472aa5b in BN_mod_exp_mont (rr=rr@entry=0xff0790, a=a@entry=0xff0790, p=p@entry=0xff0778, m=m@entry=0xff27c0, ctx=ctx@entry=0xff06e0, in_mont=in_mont@entry=0xfef0c0) at crypto/bn/bn_exp.c:310 i = <optimized out> j = <optimized out> bits = <optimized out> wstart = <optimized out> wend = <optimized out> window = <optimized out> wvalue = <optimized out> d = <optimized out> r = <optimized out> aa = <optimized out> val = <optimized out> #4 0x00007fb634732596 in witness (mont=0xfef0c0, ctx=0xff06e0, k=4, a1_odd=0xff0778, a1=0xff0748, a=0xff27c0, w=0xff0790) at crypto/bn/bn_prime.c:248 No locals. #5 BN_is_prime_fasttest_ex (cb=0xfeca70, do_trial_division=<optimized out>, ctx_passed=0xff06e0, checks=<optimized out>, a=0xff27c0) at crypto/bn/bn_prime.c:222 j = <optimized out> ctx = <optimized out> A1_odd = 0xff0778 check = 0xff0790 ret = <optimized out> k = 4 A3 = 0xff0760 mont = 0xfef0c0 i = 0 A1 = 0xff0748 i = <optimized out> j = <optimized out> ret = <optimized out> k = <optimized out> ctx = <optimized out> A1 = <optimized out> A1_odd = <optimized out> A3 = <optimized out> check = <optimized out> mont = <optimized out> mod = <optimized out> #6 BN_is_prime_fasttest_ex (a=0xff27c0, checks=<optimized out>, ctx_passed=0xff06e0, do_trial_division=<optimized out>, cb=0xfeca70) at crypto/bn/bn_prime.c:150 i = <optimized out> j = <optimized out> k = <optimized out> A1 = <optimized out> A1_odd = <optimized out> A3 = <optimized out> check = <optimized out> mod = <optimized out> #7 0x00007fb634732c51 in BN_generate_prime_ex (ret=ret@entry=0xff27c0, bits=bits@entry=1024, safe=safe@entry=0, add=add@entry=0x0, rem=rem@entry=0x0, cb=cb@entry=0xfeca70) at crypto/bn/bn_prime.c:103 t = 0xff0730 found = 0 i = <optimized out> j = <optimized out> c1 = <optimized out> ctx = <optimized out> mods = 0xff6b90 checks = 5 #8 0x00007fb634828244 in rsa_builtin_keygen (cb=0xfeca70, e_value=<optimized out>, primes=2, bits=<optimized out>, rsa=<optimized out>) at crypto/rsa/rsa_gen.c:523 retries = 0 pinfo = 0x0 prime = 0xff27c0 ok = -1 bitse = <optimized out> quo = <optimized out> bitst = <optimized out> r0 = 0xfee710 r1 = 0xfee728 tmp = <optimized out> n = 0 i = <optimized out> rmd = <optimized out> ctx = 0xff0230 error = <optimized out> r2 = 0xfee740 bitsr = {1024, 1024, 0, 0, 0} adj = 0 prime_infos = 0x0 r0 = <optimized out> r1 = <optimized out> r2 = <optimized out> tmp = <optimized out> prime = <optimized out> ok = <optimized out> n = <optimized out> bitsr = <optimized out> bitse = <optimized out> i = <optimized out> quo = <optimized out> rmd = <optimized out> adj = <optimized out> retries = <optimized out> pinfo = <optimized out> prime_infos = <optimized out> ctx = <optimized out> bitst = <optimized out> error = <optimized out> j = <optimized out> prev_prime = <optimized out> pr0 = <optimized out> d = <optimized out> p = <optimized out> #9 RSA_generate_multi_prime_key (rsa=<optimized out>, bits=<optimized out>, primes=2, e_value=<optimized out>, cb=0xfeca70) at crypto/rsa/rsa_gen.c:153 No locals. #10 0x00000000004caeb0 in opensslrsa_generate (key=0x7fb63402e010, exp=0, callback=0x423620 <progress>) at opensslrsa_link.c:501 ret = 131073 u = <optimized out> rsa = 0xfeca90 e = 0xfec700 cb = 0xfeca70 pkey = 0xff0d70 #11 0x00000000004c039d in dst_key_generate (name=name@entry=0x7ffdf49dbcb0, alg=8, bits=bits@entry=2048, param=param@entry=0, flags=flags@entry=256, protocol=protocol@entry=3, rdclass=1, mctx=0xfc93a0, keyp=0x7ffdf49dbb20, callback=0x423620 <progress>) at dst_api.c:871 key = 0x7fb63402e010 ret = <optimized out> #12 0x0000000000422734 in main (argc=<optimized out>, argv=<optimized out>) at dnssec-keygen.c:787 algname = <optimized out> nametype = <optimized out> type = <optimized out> classname = <optimized out> endp = 0x7fb634ad116b <_dl_map_object_deps+1083> "H\203\275x\373\377\377" key = 0x0 fname = {name = {magic = 1145983854, ndata = 0x7ffdf49dbdc0 "\aksk+zsk\006optout", length = 16, labels = 3, attributes = 1, offsets = 0x7ffdf49dbd00 "", buffer = 0x7ffdf49dbd80, link = {prev = 0xffffffffffffffff, next = 0xffffffffffffffff}, list = {head = 0x0, tail = 0x0}}, offsets = "\000\b\017", '\000' <repeats 21 times>, "\\Ь4\266\177\000\000\r\216\036\202\000\000\000\000\360\366\256\064\266\177\000\000\000\000\000\000\000\000\000\000`\277\235\364\375\177\000\000\220\241\236\364\375\177\000\000\235Ԭ4\266\177\000\000\004\000\000\000\000\000\000\000\230\242\236\364\375\177\000\000\360\366\256\064\266\177\000\000\370\275\235\364\375\177\000\000\364\275\235\364\375\177\000\000\000\000\000\000\000\000\000", buffer = {magic = 1114990113, base = 0x7ffdf49dbdc0, length = 255, used = 16, current = 0, active = 0, link = {prev = 0xffffffffffffffff, next = 0xffffffffffffffff}, mctx = 0x0, autore = false}, data = "\aksk+zsk\006optout\000\300\263e4\266\177\000\000h\276\235\364\375\177\000\000d\276\235\364\375\177\000\000\326Ѭ4\266\177", '\000' <repeats 18 times>, "h\275/4\266\177\000\000\020\340.4\266\177\000\000\327\070\254\064\266\177\000\000\207\360\226|\000\000\000\000\302[\362\001\000\000\000\000d\276\235\364\375\177\000\000+\t\000\000\375\177\000\000\060\277\235\364\375\177\000\000H5\254\064\266\177\000\000 \277\235\364\375\177\000\000\240\254\022\064\266\177\000\000\025", '\000' <repeats 23 times>, "X\277\235\364\375\177\000\000\207\360\226|", '\000' <repeats 12 times>, "\327"...} name = 0x7ffdf49dbcb0 flags = <optimized out> kskflag = 0 revflag = 0 alg = 8 '\b' conflict = false null_key = false oldstyle = false mctx = 0xfc93a0 ch = <optimized out> generator = <optimized out> param = 0 protocol = 3 size = <optimized out> signatory = 0 ret = <optimized out> r = {base = 0x7ffdf49dcb90 "rsasha256", length = 9} filename = '\000' <repeats 16 times>, "\200\273\235\364\375\177\000\000\220\274\235\364\375\177\000\000\000\271\235\364\375\177\000\000\002", '\000' <repeats 11 times>, "\025\000\000\000\000\271\235\364\375\177", '\000' <repeats 19 times>, "\271\235\364\375\177\000\000P\361\256\064\266\177\000\000P\274\235\364\375\177\000\000\000\000\000\000\000\000\000\000\360\253\022\064\266\177\000\000\020\376\006\064\266\177", '\000' <repeats 34 times>, "\200\246\022\064\266\177\000\000\000\000\000\000\000\000\000\000\020\376\006\064\266\177\000\000\237\006\a4\266\177\000\000\300\263e4\266\177\000\000\000\000\000\000\000\000\000\000"... directory = 0x5da1f9 "." predecessor = <optimized out> prevkey = 0x0 buf = {magic = 1114990113, base = 0x7ffdf49dbbb0, length = 254, used = 0, current = 0, active = 0, link = {prev = 0xffffffffffffffff, next = 0xffffffffffffffff}, mctx = 0x0, autore = false} log = 0xff2b00 engine = <optimized out> rdclass = 1 options = 100663296 dbits = 0 ttl = 0 use_nsec3 = <optimized out> publish = 0 activate = 0 revokekey = 0 inactive = 0 deltime = 0 now = 1567598963 prepub = 0 setpub = false setact = false setrev = false setinact = false setdel = false setttl = false unsetpub = false unsetact = false unsetrev = false unsetinact = false unsetdel = false genonly = false show_progress = true c = <optimized out> syncadd = 0 syncdel = 0 setsyncadd = false setsyncdel = false __res = <optimized out> __c = <optimized out>
-