Patch gmplib to not use reserved x18 registers on darwin (Apple Silicon)
Which of our tools is giving you problems?
GPG Suite, but more specifically, the gmplib.
Attach a screenshot of the version info for all installed components (how to: https://gpgtools.tenderapp.com/kb/faq/where-can-i-find-version-info...):
Attached below
Describe your problem. Add as much detail as possible.
We are seeing the gpg client crash when trying to send keys and search keys on Apple Silicon machines running macOS Ventura (snippet of crash below):
Thread 1 Crashed:
0 libgmp.10.dylib 0x10140baf0 __gmpn_sub_n + 136
1 libhogweed.6.1.dylib 0x101146e0c _nettle_ecc_mod_random + 296
2 libhogweed.6.1.dylib 0x101147aac nettle_ecdsa_generate_keypair + 144
3 ??? 0x650167415a24 ???
After some investigation, per https://developer.apple.com/documentation/xcode/writing-arm64-code-..., Apple is reserving register x18 and explicitly says "don’t use this register".
We've also seen this (and similar) issues in other repos:
It appears the ECC crypto operations are using a reserved register that wasn’t previously in use, but now that Apple is using it, it's showing up as a segfault.
It looks like gmplib fixed this upstream in https://gmplib.org/repo/gmp/rev/5f32dbc41afc but GPG Suite 2022.2 doesn't have this?
gmplib version on my machine:
❯ strings /usr/local/MacGPG2/lib/libgmp.10.dylib | grep 6.2
6.2.1
6.2.1
What did you expect instead
I expect gpg --send-key and gpg --search-keys to not crash
Describe steps leading to the problem.
Commands that trigger the crash:
❯ gpg --send-keys FCBF72EF81BD9F1D0D86C1C50E5BB12345678910
gpg: sending key 0E5BB68982375825 to hkps://keymaster.company.com
gpg: keyserver send failed: End of file
gpg: keyserver send failed: End of file
❯ gpg --search-keys 7884711ADFA0E21D473C15F5EDD012345678910
gpg: error searching keyserver: End of file
gpg: keyserver search failed: End of file
Are you using any other Mail.app plugins?
No, we aren't using Mail.app plugins.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 23 Nov, 2022 05:51 PM
Hi Brandon,
thanks for getting in touch and taking the time to report this crash. Your analysis is spot on.
The crash is caused by an error in the bignum library libgmp used by gnutls, which is used for tls connections in dirmngr. The error only happens on M1/M2 and only when a certain register is written to which is reserved by M1/M2.
Currently you can workaround this by retrying to show the email or to import the key when a key lookup caused the crash (depending on what triggered the error in the first place).
We are looking into a solution to this problem and will inform you as soon as we have a fix available.
Best,
Steve
2 Posted by brandonfriess on 23 Nov, 2022 06:39 PM
Hi Steve,
Thanks for the response and confirmation. Unfortunately, retrying the raw gpg cli commands hasn't been successful for us. If you know of any other work arounds or additional steps, do let us know!
Thanks,
Brandon
Support Staff 3 Posted by Luke Le on 23 Nov, 2022 06:43 PM
Hi Brandon,
what else might help is killing the dirmngr process.
Lukas
4 Posted by brandonfriess on 23 Nov, 2022 07:43 PM
Hi Lukas,
Thanks for help!
I've tried killing the drmngr process via
kill -9
andgpgconf --kill dirmngr
but each time I try to rungpg --search-keys
it ends up spawning dirmngr and subsequently crashes.Cheers,
Brandon
Support Staff 5 Posted by Steve on 29 Nov, 2022 12:03 PM
Hi Brandon,
could you please download and install our latest hotfix GPG Suite and see if that solves your problem.
All the best,
Steve
Disclaimer: Hotfixes are GPG Suite builds containing our latest source code, so bugs and crashes may occur.
6 Posted by brandonfriess on 29 Nov, 2022 03:52 PM
Hi Steve,
Good news, the latest hotfix is working for me!
Both the
gpg --send-keys
andgpg --search-keys
commands that were previously failing are working for me.Support Staff 7 Posted by Steve on 01 Dec, 2022 11:11 PM
Glad this is solved for you. I'm closing this discussion. Should you need further assistance or have questions you can re-open this discussion here or open a new one any time.
Best,
Steve
Steve closed this discussion on 01 Dec, 2022 11:11 PM.
brandonfriess re-opened this discussion on 02 Dec, 2022 02:37 PM
8 Posted by brandonfriess on 02 Dec, 2022 02:37 PM
Thanks for all the help!
Out of curiosity, about how long until this fix lands into a stable release?
Cheers,
Brandon
Support Staff 9 Posted by Steve on 04 Dec, 2022 07:39 PM
We don't give ETAs but I don't see a release happening in the next few weeks. We are currently working on some internal changes on our infrastructure and are still investigating some problems with GPG Mail that should be part of the next release.
Are you using GPG Mail more broadly at stripe and did you get many reports about this specific issue?
10 Posted by Mark Gardner on 04 Dec, 2022 11:45 PM
FWIW I’ve been monitoring this issue after having the same problem, so it’s not just Brandon.
11 Posted by brandonfriess on 05 Dec, 2022 07:25 PM
Hey Steve,
We don't use GPG Mail. Rather, we have a number of internal tools that make calls to the gpg binary. As we've rolled out more and more Apple Silicon machines, I've started to get reports of the errors outlined in this thread.
Understandable on not providing ETAs. My motivation for asking was so that I could level set my expectations and plan internally.
Thanks,
Brandon
Steve closed this discussion on 12 Dec, 2022 03:20 PM.