Hello! I use 0.9.8-stable-SNAP-20050601 snapshot. Problem occurs on digest signing.
make report: ======== OpenSSL self-test report: OpenSSL version: 0.9.8-beta4-dev Last change: Correct naming of the 'chil' and '4758cca' ENGINEs. Thi... Options: -g enable-shared enable-zlib no-gmp no-krb5 no-mdc2 no-rc5 no-zlib-dynamic OS (uname): Linux manul 2.4.26-1-386 #1 Tue Aug 24 13:31:19 JST 2004 i686 GNU/Linux OS (config): i686-whatever-linux2 Target (default): linux-elf Target: linux-elf Compiler: Configured with: ../src/configure -v --enable-languages=c,c++,java,f77,pascal,objc,ada,treelang --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-gxx-include-dir=/usr/include/c++/3.3 --enable-shared --enable-__cxa_atexit --with-system-zlib --enable-nls --without-included-gettext --enable-clocale=gnu --enable-debug --enable-java-gc=boehm --enable-java-awt=xlib --enable-objc-gc i486-linux Thread model: posix gcc version 3.3.5 (Debian 1:3.3.5-12) Test skipped. ======= Native tests are passed. So I do: LD_LIBRARY_PATH=. ./apps/openssl req -newkey rsa:512 -nodes -batch -keyout keyrsa.pem -out reqrsa.pem -config apps/openssl.cnf LD_LIBRARY_PATH=. ./apps/openssl x509 -req -set_serial 1 -signkey keyrsa.pem -in reqrsa.pem -out certrsa.pem LD_LIBRARY_PATH=. ./apps/openssl dgst -sha1 -sign keyrsa.pem -out dsignrsa.bin CHANGES It causes a segfault with backtrace ====== #0 0x400bdca8 in BN_BLINDING_set_thread_id (b=0x803, n=1076728596) at bn_blind.c:267 267 b->thread_id = n; (gdb) bt #0 0x400bdca8 in BN_BLINDING_set_thread_id (b=0x803, n=1076728596) at bn_blind.c:267 #1 0x400d7f85 in RSA_setup_blinding (rsa=0x80b4068, in_ctx=0x80b3e18) at rsa_lib.c:405 #2 0x400d6fc9 in rsa_get_blinding (rsa=0x80b4068, r=0xbffff198, local=0xbffff19c, ctx=0x80b3e18) at rsa_eay.c:251 #3 0x400d5e3e in RSA_eay_private_encrypt (flen=35, from=0x80b3c30 "0!0\t\006\005+\016\003\002\032\005", to=0x80b1a10 "S. Engelschall]\n\n *) Fix the various library and apps files to free up pkeys obtained from\n X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.\n [Steve Henson]\n\n *) Fix"..., rsa=0x80b4068, padding=1) at rsa_eay.c:361 #4 0x400d7c50 in RSA_private_encrypt (flen=2051, from=0x803 <Address 0x803 out of bounds>, to=0x803 <Address 0x803 out of bounds>, rsa=0x402d9314, padding=2051) at rsa_lib.c:288 #5 0x400d83f7 in RSA_sign (type=64, m=0x1 <Address 0x1 out of bounds>, m_len=64, sigret=0x80b1a10 "S. Engelschall]\n\n *) Fix the various library and apps files to free up pkeys obtained from\n X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.\n [Steve Henson]\n\n *) Fix"..., siglen=0xbffff330, rsa=0x23) at rsa_sign.c:132 #6 0x400fb7e1 in EVP_SignFinal (ctx=0x80b1a10, sigret=0x803 <Address 0x803 out of bounds>, siglen=0xbffff330, pkey=0xbffff2c0) at p_sign.c:111 #7 0x0805c722 in do_fp (out=0x80b3be8, buf=0x80b1a10 "S. Engelschall]\n\n *) Fix the various library and apps files to free up pkeys obtained from\n X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.\n [Steve Henson]\n\n *) Fix"..., bp=0xbffff330, sep=0, binout=1, key=0x80b3de8, sigin=0x0, siglen=2051, title=0x80920cb "", file=0x803 <Address 0x803 out of bounds>) at dgst.c:453 #8 0x0805bea5 in dgst_main (argc=0, argv=0xbffff9d0) at dgst.c:385 #9 0x08055d3a in do_cmd (prog=0x80b1290, argc=7, argv=0xbffff9b8) at openssl.c:382 #10 0x08055b6e in main (Argc=7, Argv=0xbffff9b8) at openssl.c:301 ====== When I specify -rand, segfault doesn't occur LD_LIBRARY_PATH=. ./apps/openssl dgst -sha1 -sign keyrsa.pem -out dsignrsa.bin -rand /dev/random CHANGES finish successfully. The same problem is on smime. I do: ====== LD_LIBRARY_PATH=. ./apps/openssl smime -encrypt -binary -in CHANGES -aes256 -out encryptionrsa.pem -outform pem certrsa.pem LD_LIBRARY_PATH=. ./apps/openssl smime -decrypt -binary -in encryptionrsa.pem -recip certrsa.pem -inkey keyrsa.pem -out smime_decrrsa.dump -inform pem ===== Segfault occurs on decrypt with the same backtrace: ========= #0 0x400bdca8 in BN_BLINDING_set_thread_id (b=0xb51, n=1076728596) at bn_blind.c:267 267 b->thread_id = n; (gdb) bt #0 0x400bdca8 in BN_BLINDING_set_thread_id (b=0xb51, n=1076728596) at bn_blind.c:267 #1 0x400d7f85 in RSA_setup_blinding (rsa=0x80b1e48, in_ctx=0x80b4050) at rsa_lib.c:405 #2 0x400d6fc9 in rsa_get_blinding (rsa=0x80b1e48, r=0xbfffe198, local=0xbfffe19c, ctx=0x80b4050) at rsa_eay.c:251 #3 0x400d649f in RSA_eay_private_decrypt (flen=64, from=0xb51 <Address 0xb51 out of bounds>, to=0x80b4000 "MobvxUlZUTDmtnqei5qEsbdjUzWrlWk/yhAu1MpYYjtAOmUh/0OwN+ske\nKGegsfJuRc1C1alZTc1", rsa=0x80b1e48, padding=1) at rsa_eay.c:482 #4 0x400d7c90 in RSA_private_decrypt (flen=2897, from=0xb51 <Address 0xb51 out of bounds>, to=0xb51 <Address 0xb51 out of bounds>, rsa=0x402d9314, padding=2897) at rsa_lib.c:294 #5 0x400fc61f in EVP_PKEY_decrypt (key=0xb51 <Address 0xb51 out of bounds>, ek=0xb51 <Address 0xb51 out of bounds>, ekl=2897, priv=0xb51) at p_dec.c:83 #6 0x4013edf9 in PKCS7_dataDecode (p7=0x80b1bf8, pkey=0x80b1bd8, in_bio=0x0, pcert=0x80b1eb8) at pk7_doit.c:442 #7 0x40141126 in PKCS7_decrypt (p7=0x80b1bf8, pkey=0x80b1bd8, cert=0x0, data=0x80b1d98, flags=128) at pk7_smime.c:450 #8 0x08089995 in smime_main (argc=13, argv=0xbffff968) at smime.c:687 #9 0x08055d3a in do_cmd (prog=0x80b1290, argc=13, argv=0xbffff968) at openssl.c:382 #10 0x08055b6e in main (Argc=13, Argv=0xbffff968) at openssl.c:301 ========= The problem doesn't exist on 20050523 snapshot. Thank you. PS. We have a extra test suite testing openssl executable. Unfortunately, it's GNU make specific. Are you interested in it? -- SY, Dmitry Belyavsky (ICQ UIN 11116575) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]