I've tracked down the problem. It is in the RSA blinding code, because
RSA_blinding_off(rsa) after the RSA *rsa = RSA_new() solves the problem.
I cc't rt to create a ticket for this bug.
Paul
Original message:
--------------------------------------------------------------------------
I have some code that works well with openssl 0.9.7a, but gives a segfault
in 0.9.7c . See also the two stacktraces below.
It seems like it goes wrong when RSA_blinding_on() passes the rsa->e
parameter to BN_mod_exp_mont:
if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
Which goes wrong here (I'm not sure how the call expands to the _mont
version):
int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
<cut>
bn_check_top(p);
The macro uses p as a pointer while it is NULL, which gives a segfault.
rsa->e is never set in the code (it's loaded from disk or set directly),
only rsa->d and rsa->n which seems valid for an RSA private key...
When certificates are signed when RSA keys are just created using openssl
then it goes fine, but that is logical since the RSA structure is then
filled with rsa->e too for the public key part.
[Switching to Thread 1024 (LWP 23480)]
0x08095c33 in BN_mod_exp_mont (rr=0x80cd664, a=0x80cd664, p=0x0,
m=0x80cc100, ctx=0x80cd660, in_mont=0x0) at bn_exp.c:365
365 bn_check_top(p);
Current language: auto; currently c
(gdb) bt
#0 0x08095c33 in BN_mod_exp_mont (rr=0x80cd664, a=0x80cd664, p=0x0,
m=0x80cc100, ctx=0x80cd660, in_mont=0x0) at bn_exp.c:365
#1 0x0805884f in RSA_blinding_on (rsa=0x80cc058, p_ctx=0x80cd660) at
rsa_lib.c:355
#2 0x0807380a in rsa_eay_blinding (rsa=0x80cc058, ctx=0x80cd660) at
rsa_eay.c:201
#3 0x08073b74 in RSA_eay_private_encrypt (flen=35, from=0x80cd5d8
"0!0\t\006\005+\016\003\002\032\005", to=0x80cd178 "",
rsa=0x80cc058, padding=1) at rsa_eay.c:294
#4 0x08058613 in RSA_private_encrypt (flen=35, from=0x80cd5d8
"0!0\t\006\005+\016\003\002\032\005", to=0x80cd178 "",
rsa=0x80cc058, padding=1) at rsa_lib.c:286
#5 0x08074d7d in RSA_sign (type=64, m=0xbffff1e0
"_\020J���q�4\222L�fz\030nY\023\177`", m_len=20, sigret=0x80cd178 "",
siglen=0xbffff238, rsa=0x80cc058) at rsa_sign.c:132
#6 0x0807dad7 in EVP_SignFinal (ctx=0xbffff250, sigret=0x80cd178 "",
siglen=0xbffff238, pkey=0x80cd158) at p_sign.c:112
#7 0x08060f44 in ASN1_sign (i2d=0x8054858 <i2d_X509AC_INFO>,
algor1=0x80cc4a8, algor2=0x80cc438, signature=0x80cc448,
data=0x80cc460 "\020�\f\b8�\f\b\230�\f\bs�\f\b8�\f\bp�\f\b��\f\b",
pkey=0x80cd158, type=0x80ada60) at a_sign.c:188
Valgrinds output of the above trace:
==23436== Invalid read of size 4
==23436== at 0x8095C33: BN_mod_exp_mont (bn_exp.c:365)
==23436== by 0x805884E: RSA_blinding_on (rsa_lib.c:355)
==23436== by 0x8073809: rsa_eay_blinding (rsa_eay.c:201)
==23436== by 0x8073B73: RSA_eay_private_encrypt (rsa_eay.c:294)
==23436== by 0x8058612: RSA_private_encrypt (rsa_lib.c:286)
==23436== by 0x8074D7C: RSA_sign (rsa_sign.c:132)
==23436== by 0x807DAD6: EVP_SignFinal (p_sign.c:112)
==23436== by 0x8060F43: ASN1_sign (a_sign.c:188)
==23436== Address 0x4 is not stack'd, malloc'd or free'd
[Switching to Thread 1024 (LWP 23867)]
0x08099a73 in BN_mod_exp_mont (rr=0x80cf214, a=0x80cf214, p=0x0,
m=0x80cd928, ctx=0x80cf210, in_mont=0x0) at bn_exp.c:365
365 bn_check_top(p);
Current language: auto; currently c
(gdb) bt
#0 0x08099a73 in BN_mod_exp_mont (rr=0x80cf214, a=0x80cf214, p=0x0,
m=0x80cd928, ctx=0x80cf210, in_mont=0x0) at bn_exp.c:365
#1 0x08058f2f in RSA_blinding_on (rsa=0x80cd8d0, p_ctx=0x80cf210) at
rsa_lib.c:355
#2 0x080770ba in rsa_eay_blinding (rsa=0x80cd8d0, ctx=0x80cf210) at
rsa_eay.c:201
#3 0x08077424 in RSA_eay_private_encrypt (flen=35, from=0x80ce110
"0!0\t\006\005+\016\003\002\032\005",
to=0x80cdf30 "��\022B\b�\f\b", rsa=0x80cd8d0, padding=1) at
rsa_eay.c:294
#4 0x08058cf3 in RSA_private_encrypt (flen=35, from=0x80ce110
"0!0\t\006\005+\016\003\002\032\005", to=0x80cdf30 "��\022B\b�\f\b",
rsa=0x80cd8d0, padding=1) at rsa_lib.c:286
#5 0x0807862d in RSA_sign (type=64, m=0xbffff290 "\236)Lo\206<��
[EMAIL PROTECTED]", m_len=20,
sigret=0x80cdf30 "��\022B\b�\f\b", siglen=0xbffff2ec, rsa=0x80cd8d0) at
rsa_sign.c:132
#6 0x0809d917 in EVP_SignFinal (ctx=0xbffff300, sigret=0x80cdf30
"��\022B\b�\f\b", siglen=0xbffff2ec, pkey=0x80cdf10)
at p_sign.c:112
#7 0x080848a0 in ASN1_item_sign (it=0x80af6e8, algor1=0x80cd408,
algor2=0x80cc558, signature=0x80cc568, asn=0x80cd3c0,
pkey=0x80cdf10, type=0x80af240) at a_sign.c:271
#8 0x080690b2 in X509_sign (x=0x80cd9e0, pkey=0x80cdf10, md=0x80af240) at
x_all.c:95
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
