Run the following command: openssl genrsa -des3 -out CA.key 1024
Getting the following crash info:
Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.
Application exception occurred:
App: ...\openssl.exe (pid=964)
When: 20/09/2007 @ 10:11:59.171
Exception number: 80000003 (hardcoded breakpoint)
*----> System Information <----*
Terminal Session Id: 0
Number of Processors: 2
Processor Type: x86 Family 6 Model 14 Stepping 8
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Multiprocessor Free
*----> Task List <----*
0 System Process
4 System
...
*----> Module List <----*
(0000000000400000 - 000000000044f000: ...\openssl.exe
(0000000000450000 - 000000000055a000: ...\PSLIBEAY32.dll
(000000000ffd0000 - 000000000fff8000: C:\WINDOWS\system32\rsaenh.dll
(0000000010000000 - 0000000010034000: ...\PSSSLEAY32.dll
(0000000010200000 - 0000000010321000:
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_5490cd9f\MSVCR80D.dll
(000000005ad70000 - 000000005ada8000: C:\WINDOWS\system32\uxtheme.dll
(0000000071aa0000 - 0000000071aa8000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: C:\WINDOWS\system32\WS2_32.dll
(0000000071ad0000 - 0000000071ad9000: C:\WINDOWS\system32\WSOCK32.dll
(0000000077b40000 - 0000000077b62000: C:\WINDOWS\system32\Apphelp.dll
(0000000077c00000 - 0000000077c08000: C:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d40000 - 0000000077dd0000: C:\WINDOWS\system32\USER32.dll
(0000000077dd0000 - 0000000077e6b000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f01000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f56000: C:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll
(000000007c800000 - 000000007c8f4000: C:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b0000: C:\WINDOWS\system32\ntdll.dll
*----> State Dump for Thread Id 0xe98 <----*
eax=00000001 ebx=7ffdb000 ecx=688544a5 edx=00000000 esi=00000000 edi=00000016
eip=1021e7bb esp=0012f220 ebp=0012f26c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_5490cd9f\MSVCR80D.dll
-
function: MSVCR80D!signal
1021e79e 2d106a0068 sub eax,0x68006a10
1021e7a3 a301000068 mov [68000001],eax
1021e7a8 d42d aam ???
1021e7aa 2d106a02e8 sub eax,0xe8026a10
1021e7af ed in eax,dx
1021e7b0 a6 cmpsb
1021e7b1 ffff ???
1021e7b3 83c414 add esp,0x14
1021e7b6 83f801 cmp eax,0x1
1021e7b9 7501 jnz MSVCR80D!signal+0x31c (1021e7bc)
FAULT ->1021e7bb cc int 3
1021e7bc 837dd000 cmp dword ptr [ebp-0x30],0x0
1021e7c0 752e jnz MSVCR80D!signal+0x350 (1021e7f0)
1021e7c2 e88991feff call MSVCR80D!errno (10207950)
1021e7c7 c70016000000 mov dword ptr [eax],0x16
1021e7cd 6a00 push 0x0
1021e7cf 68a3010000 push 0x1a3
1021e7d4 68d42d2d10 push 0x102d2dd4
1021e7d9 68c42d2d10 push 0x102d2dc4
1021e7de 68e82d2d10 push 0x102d2de8
1021e7e3 e8c8bcffff call MSVCR80D!invalid_parameter (1021a4b0)
*----> Stack Back Trace <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0012f26c 004feddb 00000005 004fee30 00000005 MSVCR80D!signal+0x31b
0012f280 004feaba 7ffdb000 0054c70c 40000000 PSLIBEAY32!pushsig+0x2b
0012f498 004fe9b6 00a527f8 00a52988 00000000 PSLIBEAY32!read_string_inner+0x3a
0012f4b8 00424148 00a527f8 00a52988 00000100 PSLIBEAY32!read_string+0xf6
0012f4d0 004fe04b 00a527f8 00a52988 00a527f8 openssl!ui_read+0x98
0012f4f0 004243ae 00a527f8 00a534b0 00000002 PSLIBEAY32!UI_process+0x15b
0012f520 004cae2a 0012f558 00000400 00000001 openssl!password_callback+0x17e
0012fa18 004cc59e 00492080 0053c3c8 00a51cf0 PSLIBEAY32!PEM_ASN1_write_bio+0x15a
0012fa44 00418e59 00a51cf0 00a52388 0050a79c
PSLIBEAY32!PEM_write_bio_RSAPrivateKey+0x2e
0012faa8 00432cc8 00000001 003d2aac 00a514fc openssl!genrsa_main+0x679
0012fae4 004328e1 00a50690 00000005 003d2a9c openssl!do_cmd+0x58
0012ff68 00434536 00000005 003d2a9c 003d4080 openssl!main+0x271
0012ffb8 0043438d 0012fff0 7c816d4f 00000016 openssl!__tmainCRTStartup+0x1a6
0012ffc0 7c816d4f 00000016 00000000 7ffdb000 openssl!mainCRTStartup+0xd
0012fff0 00000000 00434380 00000000 78746341
kernel32!RegisterWaitForInputIdle+0x49
*----> Raw Stack Dump <----*
000000000012f220 c9 b6 97 68 16 00 00 00 - 00 00 00 00 00 b0 fd 7f
...h............
000000000012f230 00 00 00 00 04 00 00 00 - 00 00 00 00 00 00 00 00
................
000000000012f240 00 00 00 00 b0 1e 3d 00 - 00 00 00 00 84 30 a5 00
......=......0..
000000000012f250 00 00 00 00 00 b0 fd 7f - 20 ee 12 00 a8 ff 12 00 ........
.......
000000000012f260 d0 e1 21 10 1d 7c b5 78 - fe ff ff ff 80 f2 12 00
..!..|.x........
000000000012f270 db ed 4f 00 05 00 00 00 - 30 ee 4f 00 05 00 00 00
..O.....0.O.....
000000000012f280 98 f4 12 00 ba ea 4f 00 - 00 b0 fd 7f 0c c7 54 00
......O.......T.
000000000012f290 00 00 00 40 05 00 00 00 - 64 f3 12 00 a8 36 a5 00
[email protected] <mailto:[email protected]> ..
000000000012f2a0 05 00 00 00 06 02 00 00 - 88 01 3d 00 10 00 00 00
..........=.....
000000000012f2b0 40 00 00 00 d8 01 3d 00 - 88 1d a5 00 00 00 00 00
@.....=.........
000000000012f2c0 a0 36 a5 00 02 00 00 00 - 00 00 00 00 00 00 00 00
.6..............
000000000012f2d0 a0 36 a5 00 30 10 00 00 - a8 36 a5 00 01 00 00 00
.6..0....6......
000000000012f2e0 78 01 3d 00 30 10 00 00 - f0 30 00 00 00 00 3d 00
x.=.0....0....=.
000000000012f2f0 e8 f0 12 00 01 00 00 00 - 5c f3 12 00 18 ee 90 7c
........\......|
000000000012f300 f0 06 91 7c ff ff ff ff - eb 06 91 7c 4c 2f 21 10
...|.......|L/!.
000000000012f310 00 00 3d 00 00 00 00 00 - b4 3d 20 10 10 3c 31 10 ..=......=
..<1.
000000000012f320 6c f3 12 00 9e af 21 10 - 04 00 00 00 95 af 21 10
l.....!.......!.
000000000012f330 c9 b7 97 68 16 00 00 00 - 00 00 00 00 00 b0 fd 7f
...h............
000000000012f340 24 10 00 00 5b 15 00 00 - a8 36 a5 00 c8 36 a5 00
$...[....6...6..
000000000012f350 00 00 00 00 00 00 00 00 - 02 00 00 00 90 f4 12 00
................
I think this crash is due to added error detection implemented by the upgraded
MS compiler. Basically, the OpenSSL code is calling 'signal()' with a signal
value that is not supported by the MS C runtime. The evidence for this can be
seen in the 'drwtsn32.log' above. The 'int 3' instruction is a breakpoint
instruction and its execution is intended to cause an attached debugger to halt
the process so that the error can be examined. If a debugger was not attached,
the code would continue on and would call 'invalid_parameter' - which would
then terminate the process.
The stack trace shows that 'pushsig' from OpenSSL called 'signal' passing it
the value '5'. If you look at the 'signal.h' distributed with the new VS 2005
compiler, you'll see that none of the 'SIG*' macros map to this value:
#define SIGINT 2 /* interrupt */
#define SIGILL 4 /* illegal instruction - invalid
function image */
#define SIGFPE 8 /* floating point exception */
#define SIGSEGV 11 /* segment violation */
#define SIGTERM 15 /* Software termination signal from
kill */
#define SIGBREAK 21 /* Ctrl-Break sequence */
#define SIGABRT 22 /* abnormal termination triggered by
abort call */
#define SIGABRT_COMPAT 6 /* SIGABRT compatible with other
platforms, same as SIGABRT */
Now look at 'winsig.c' from the 'VC\CRT\SRC' directory of your Visual Studio
2005 install - you can see the source code for 'signal' here. Pasting the
relevant parts:
50 #define _SIGHUP_IGNORE 1
51 #define _SIGQUIT_IGNORE 3
52 #define _SIGPIPE_IGNORE 13
53 #define _SIGIOINT_IGNORE 16
54 #define _SIGSTOP_IGNORE 17
...
215 _PHNDLR __cdecl signal(
216 int signum,
217 _PHNDLR sigact
218 )
219 {
...
243 if ( (signum == SIGINT) || (signum == SIGBREAK) || (signum
== SIGABRT)
244 || (signum == SIGABRT_COMPAT) || (signum == SIGTERM) ) {
...
327 if ( (signum != SIGFPE) && (signum != SIGILL) && (signum !=
SIGSEGV) )
328 goto sigreterror;
...
409 sigreterror:
410 switch(signum)
411 {
412 case _SIGHUP_IGNORE:
413 case _SIGQUIT_IGNORE:
414 case _SIGPIPE_IGNORE:
415 case _SIGIOINT_IGNORE:
416 case _SIGSTOP_IGNORE:
417 return SIG_ERR;
418 default:
419 _VALIDATE_RETURN(("Invalid signal or error", 0),
EINVAL, SIG_ERR);
420 /* should never happen, but compiler can't tell */
421 return SIG_ERR;
422 }
Any call to 'signal' that passed a value other than SIGINT(2), SIGBREAK(21),
SIGABRT(22), SIGABRT_COMPAT(6), SIGTERM(15), SIGFPE(8), SIGILL(4), SIGSEGV(11),
_SIGHUP_IGNORE(1), _SIGQUIT_IGNORE(3), _SIGPIPE_IGNORE(13),
_SIGIOINT_IGNORE(16), or _SIGSTOP_IGNORE(17) will result in the execution of
_VALIDATE_RETURN. _VALIDATE_RETURN is defined in 'internal.h' in the
'VC\CRT\SRC' directory of the compiler installation and is responsible for
terminating the process if the passed expression fails (the expression in this
case is simply '0' and will always fail)
'signal' was called by 'pushsig' - of which there are several implementations
in the OpenSSL source code:
1. 'pushsig' in
pt_security/src/OpenSSL/openssl-0.9.7g/crypto/des/read_pwd.c
2. 'popsig' in
pt_security/src/OpenSSL/openssl-0.9.7g/crypto/des/read_pwd.c
3. 'pushsig' in
pt_security/src/OpenSSL/openssl-0.9.7g/crypto/ui/ui_openssl.c
4. 'popsig' in
pt_security/src/OpenSSL/openssl-0.9.7g/crypto/ui/ui_openssl.c
I'm not sure which one was called in this case, but they both have the same
basic implementation. From ui_openssl.c:
259 #ifndef NX509_SIG
260 # define NX509_SIG 32
261 #endif
...
566 static void pushsig(void)
567 {
568 int i;
569 #ifdef SIGACTION
570 struct sigaction sa;
571
572 memset(&sa,0,sizeof sa);
573 sa.sa_handler=recsig;
574 #endif
575
576 for (i=1; i<NX509_SIG; i++)
577 {
578 #ifdef SIGUSR1
579 if (i == SIGUSR1)
580 continue;
581 #endif
582 #ifdef SIGUSR2
583 if (i == SIGUSR2)
584 continue;
585 #endif
586 #ifdef SIGKILL
587 if (i == SIGKILL) /* We can't make any action on that.
*/
588 continue;
589 #endif
590 #ifdef SIGACTION
591 sigaction(i,&sa,&savsig[i]);
592 #else
593 savsig[i]=signal(i,recsig);
594 #endif
595 }
596
597 #ifdef SIGWINCH
598 signal(SIGWINCH,SIG_DFL);
599 #endif
600 }
This code will call 'signal' with all values from 1 to 32 (assuming no other
definition of NX509_SIG). Values 1-4 are valid. 5 is the first invalid value
and is therefore responsible for this crash.
The fix to this issue will be to re-work this code to call 'signal' with valid
values only on Windows. Basically it should only be called for SIGINT,
SIGBREAK, SIGABRT, SIGABRT_COMPAT, SIGTERM, SIGFPE, SIGILL, and SIGSEGV.
