bin/59823: netpgpverify broken for PGP since switch to gcc 14.3

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/59823: netpgpverify broken for PGP since switch to gcc 14.3
From: martin%NetBSD.org@localhost
Date: Mon, 8 Dec 2025 09:35:00 +0000 (UTC)

>Number:         59823
>Category:       bin
>Synopsis:       netpgpverify broken for PGP since switch to gcc 14.3
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Dec 08 09:35:00 +0000 2025
>Originator:     Martin Husemann
>Release:        NetBSD 11.99.4
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD thirdstage.duskware.de 11.99.4 NetBSD 11.99.4 (MODULAR) #851: Fri Dec 5 05:45:37 CET 2025 martin%thirdstage.duskware.de@localhost:/home/martin/current/src/sys/arch/sparc64/compile/MODULAR sparc64
Architecture: sparc64
Machine: sparc64
>Description:

On sparc64 and sparc the netpgpverify tests fail since we switched sparc*
to gcc 14.3.

The tests invokes (besides others):

 netpgpverify -k dsa-pubring.gpg in2.asc

and it prints:
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
hash_any: bad algorithm
Signature did not match contents -- Signature on data did not match

This happens because here the "hashed" data is all zeroes, causing
the algorithm (taken from byte hashed[3]) to become 0.

#0  pgpv_digest_memory (
    data=0xffffffffffffd068 "Ã\034\215øÛXsG\0067\034\030rÍÄ\017)ûr\v\211W·ü\027.\036J¯@\0261", size=64, mem=0x402f8031, cc=121, hashed=0xffffffffffffaaca "", 
    hashsize=12, doarmor=119)
    at /home/martin/current/src/crypto/external/bsd/netpgp/bin/netpgpverify/../../dist/src/netpgpverify/pgpsum.c:245
#1  0x00000000001226ac in match_sig (cursor=0x402d6000, signature=0x41c16ce8, 
    pubkey=0x402c2000, 
    data=0x402f8031 "#\t.NetBSD: Makefile,v 1.5.10.1 2012/05/06 18:14:16 agc Exp . \n\nSUBDIR+=\tlib .WAIT\nSUBDIR+=\tbin\n\n.include <bsd.subdir.mk>\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (NetBSD)\n\niF4EAREIAAYFAlCF"..., 
    size=121)
    at /home/martin/current/src/crypto/external/bsd/netpgp/bin/netpgpverify/../../dist/src/netpgpverify/libverify.c:2862
#2  0x0000000000122c10 in match_sig_id (cursor=0x402d6000, pgp=0x40296000, 
    signature=0x41c16ce8, litdata=0x41c16be8, primary=0, sub=0)
    at /home/martin/current/src/crypto/external/bsd/netpgp/bin/netpgpverify/../../dist/src/netpgpverify/libverify.c:2961
#3  0x0000000000123c7c in pgpv_verify (cursor=0x402d6000, pgp=0x40296000, 
    p=0xffffffffffffdc21, size=-1)
    at /home/martin/current/src/crypto/external/bsd/netpgp/bin/netpgpverify/../../dist/src/netpgpverify/libverify.c:3235
#4  0x0000000000124ba4 in verify_data (pgp=0x40296000, cmd=0x145838 "verify", 
    inname=0xffffffffffffdc21 "in2.asc", in=0xffffffffffffdc21 "in2.asc", 
    cc=-1)
    at /home/martin/current/src/crypto/external/bsd/netpgp/bin/netpgpverify/../../dist/src/netpgpverify/main.c:117
#5  0x0000000000125018 in main (argc=4, argv=0xffffffffffffd5d8)
    at /home/martin/current/src/crypto/external/bsd/netpgp/bin/netpgpverify/../../dist/src/netpgpverify/main.c:185

at frame #1:

2860            if (!match && signature->type == SIGTYPE_TEXT) {
2861                    /* second try for cleartext data, ignoring trailing whitespace */
2862                    calclen = pgpv_digest_memory(calculated, sizeof(calculated),
2863                            data, size,
2864                            get_ref(&signature->hashstart), signature->hashlen, 'w');

(gdb) p *signature
$36 = {signer = "&?ç\205bâü~", hashstart = {vp = 0x40296000, offset = 2, 
    mem = 3}, hash2 = 0xffffffffffffaae2 "", mpi = 0xffffffffffffaae4 "", 
  birth = 1350912266, keyexpiry = 0, expiry = 0, hashlen = 12, 
  version = 4 '\004', type = 1 '\001', keyalg = 17 '\021', hashalg = 8 '\b', 
  trustlevel = 0 '\000', trustamount = 0 '\000', bn = {{bn = 0x4025e140, 
      bits = 253}, {bn = 0x4025e160, bits = 255}}, regexp = 0x0, 
  pref_key_server = 0x0, policy = 0x0, features = 0x0, why_revoked = 0x0, 
  revoke_fingerprint = 0x0, issuer_fingerprint = 0x0, ifver = 0 '\000', 
  revoke_alg = 0 '\000', revoke_sensitive = 0 '\000', trustsig = 0 '\000', 
  revocable = 0 '\000', pref_symm_alg = 0 '\000', pref_hash_alg = 0 '\000', 
  pref_compress_alg = 0 '\000', key_server_modify = 0 '\000', 
  notation = 0 '\000', type_key = 0 '\000', primary_userid = 0 '\000', 
  revoked = 0 '\000'}

at frame #0

(gdb) p hashsize
$42 = 12
(gdb) x/12c hashed
0xffffffffffffaaca:     0 '\000'        0 '\000'        0 '\000'        0 '\000'1 '\001'        0 '\000'        0 '\000'        0 '\000'
0xffffffffffffaad2:     0 '\000'        0 '\000'        0 '\000'        0 '\000'


>How-To-Repeat:

cd /usr/tests/usr.bin/netpgpverify && atf-run | atf-report

>Fix:
n/a

Prev by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: port-i386/59821: Segfault when trying to utilize Mesa DRI, on older Intel GPUs
Indexes:

Home | Main Index | Thread Index | Old Index