Public bug reported: A defect in the gpg-agent causes it to crash while servicing multiple concurrent private decryption requests. This bug has been fixed in the upstream (see https://dev.gnupg.org/T3530) in GnuPG 2.2.4 and libgcrypt 1.8.2.
Users with larger keys will see this problem more often and persistently. I made the following bug report to Debian https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882985 ------- As reported in the gnupg mailing list (thread links below), the gpg-agent failed to decrypt secret keys for client applications when a large number of concurrent requests were made. libgcrypt takes care to manage secure memory. It allocates pools of memory in SECMEM_BUFFER_SIZE size chunks. The first of these pools is mlock()ed to prevent swapping. Certain secure memory allocation only use memory from this first pool. If this first pool is full, libgcrypt reported an ENOMEM error up to the caller. In the case of the gpg-agent, it failed to decrypt private keys when it received a large number of concurrent key decryption requests. These decryption failures resulted in intermittment to short periods of persistent failures in calling applications. libgcrypt 1.8.1 contains the needed fixes and is compatile with GnuPG 2.1. Specific changes also need to be back ported to GnuPG 2.1 to take advantage of these options. These changes are trivial to backport. Mailing list threads: https://lists.gnupg.org/pipermail/gnupg-devel/2017-June/032937.html https://lists.gnupg.org/pipermail/gnupg-devel/2017-November/033280.html ------- Related issues: https://dev.gnupg.org/T3606 - failed to build S-Exp (off=0): Cannot allocate memory https://dev.gnupg.org/T3473 - gnupg agent configurable backlog for sockets ** Affects: gnupg2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1746921 Title: gpg-agent crashes when servicing concurrent connections To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1746921/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
