[openssl-dev] [openssl.org #4286] Debug in OpenSSL

Tue, 02 Feb 2016 08:59:15 -0800 

Hi All,
Good morning.

I reported a OpenSSL function (PEM_read_RSAPrivateKey) crash yesterday.
Honestly, I doubt it's the issue of OpenSSL. After all, it has being used years.

I am suspecting maybe something, happened at the background on our customer's 
server,  which caused OpenSSL crash.
I think I should give you more information about how that function is used in 
our application. My code is:

RSA * createRSAWithFilename(char * filename,char* diag, int public)
{
    FILE * fp = fopen(filename,"rb");

    if(fp == NULL)
    {
        if(diag) SerialWriteTestLine_string_Time("Unable to open file:", 
filename, diag);
        return NULL;
    }

    RSA *rsa= RSA_new() ;
    if(diag) SerialWriteTestLine_string_Time("FILE open on:", filename, diag);

    if(public >0)
    {
        rsa = PEM_read_RSA_PUBKEY(fp, &rsa, NULL, NULL);
    }
    else
    {
        rsa = PEM_read_RSAPrivateKey(fp, &rsa, NULL, NULL);     <- CRASH HERE!
    }

    if(diag) SerialWriteTestLine_Time("after 
PEM_read_RSAPrivateKey/PEM_read_RSA_PUBKEY", diag);

    fclose(fp);

.........................................................
The code above is being used by our customer.  They have 2 or 3 times crash 
every day.
There are only 2 parameters passed to the rsa = PEM_read_RSAPrivateKey(fp, 
&rsa, NULL, NULL),
I found the code does not validate the value of rsa (if RSA_new successfully 
returned or not). But when I assigned NULL to rsa before calling 
PEM_read_RSAPrivateKey, it didn't crash.
But the first parameter, handle fp is not the cause of crash either. Because I 
also wrote another test program which keep opening and closing and overwriting 
the file, again it didn't crash.

So from your OpenSSL developer's perspective, what may cause the crash of 
PEM_read_RSAPrivateKey? For me, I can only control the parameters passed to it.
I know there are only 2 kinds of value returned by RSA_new(). Valid address 
upon success and NULL for failure. I am wondering does it possibly return a not 
NULL value but illegal memory address to rsa, which may cause the crash of 
PEM_read_RSAPrivateKey?

This is way I asked you guys about how can I step into the OpenSSL functions.
Thanks,
Tyler

From: Tiantian (Tyler) Liu
Sent: February-01-16 5:00 PM
To: 'r...@openssl.org'
Subject: Debug in OpenSSL

Hi, ALL,

I am software developer who is struggling with encryption and decryption issues 
in my application.

Our customer complained our application crashed at the point where OpenSSL 
method,  PEM_read_RSAPrivateKey, being called.

While I can't duplicate the crash in my machine. So I want to enable debug in 
OpenSSL and core dumping on their machine, then I can get the core dump file 
upon the crash on customer's side. And I can use GDB to debug the core dump to 
see what happened in side the so-called PEM_read_RSAPrivateKey.

Today, I re-compiled my OpenSSL (version openssl-1.0.1p). However, when I set 
the breakpoint at PEM_read_RSAPrivateKey, my GDB can't step into that function, 
just bypassed directly.
My machine is 32-bit RedHat Enterprise 5. What I did in configure and 
installation:

#./Configure -g debug-linux-elf -prefix=/usr shared
# make
# make install

All the new generated libs were installed under /usr/lib

I use GDB command to check my setup. It looks like my GDB can recognize all the 
OpenSSL source code and loaded OpenSSL shared library symbols. I post the part 
of information from GDB:
(gdb) info sharedlibrary
>From        To          Syms Read   Shared Object Library
0x00561a30  0x005c6364  Yes         /usr/lib/libkrb5.so.3
0x0064f590  0x00666e94  Yes         /usr/lib/libk5crypto.so.3
0x002407c0  0x004446c4  Yes         /usr/lib/libptcoresdk.so.2
0x0070a7f0  0x0070af84  Yes         /lib/libcom_err.so.2
0x008c55d0  0x00940594  Yes         /usr/lib/libstdc++.so.6
0x005e86b0  0x00631eb4  Yes         /usr/lib/libssl.so.1.0.0
0x00a73f00  0x00b81704  Yes         /usr/lib/libcrypto.so.1.0.0
0x004f7a50  0x004f8a64  Yes         /lib/libdl.so.2
0x004ff210  0x00509e34  Yes         /lib/i686/nosegneg/libpthread.so.0
0x00722bd0  0x0081a7d0  Yes         /lib/i686/nosegneg/libc.so.6
0x00513430  0x00517794  Yes         /usr/lib/libkrb5support.so.0
0x0053f0d0  0x0054a064  Yes         /lib/libresolv.so.2
0x0085a670  0x00861ea4  Yes         /lib/libgcc_s.so.1
0x00675410  0x00690654  Yes         /lib/i686/nosegneg/libm.so.6
0x00a1c7f0  0x00a3172f  Yes         /lib/ld-linux.so.2

And I also ran command:
(gdb) info source
.........................................
pem_pkey.c, /home/tyler28/openssl-1.0.1p/crypto/pem/pem_pkey.c, pem_pk8.c, 
/home/tyler28/openssl-1.0.1p/crypto/pem/pem_pk8.c,
pem_oth.c, /home/tyler28/openssl-1.0.1p/crypto/pem/pem_oth.c, pem_xaux.c, 
/home/tyler28/openssl-1.0.1p/crypto/pem/pem_xaux.c,
pem_x509.c, /home/tyler28/openssl-1.0.1p/crypto/pem/pem_x509.c, pem_err.c, 
/home/tyler28/openssl-1.0.1p/crypto/pem/pem_err.c,
pem_all.c, /home/tyler28/openssl-1.0.1p/crypto/pem/pem_all.c, pem_lib.c, 
/home/tyler28/openssl-1.0.1p/crypto/pem/pem_lib.c,
pem_info.c, /home/tyler28/openssl-1.0.1p/crypto/pem/pem_info.c, pem_seal.c, 
/home/tyler28/openssl-1.0.1p/crypto/pem/pem_seal.c,
pem_sign.c, /home/tyler28/openssl-1.0.1p/crypto/pem/pem_sign.c, asn_moid.c, 
/home/tyler28/openssl-1.0.1p/crypto/asn1/asn_moid.c,
...............................................

Then during debug, my GDB showed:
(gdb) break PEM_read_RSAPrivateKey
Breakpoint 2 at 0xb373fd: file pem_all.c, line 184.
(gdb) c
Continuing.
[Switching to Thread 14957456 (LWP 8796)]

Breakpoint 1, createRSAWithFilename (filename=0x82ef65a "out/private.pem", 
diag=0xe3ebdc "/MerchantConnectMulti/log/262.dg",
    public=0) at ../multi_client/source_Host_C_Code/ssl_open.c:1385
1385        FILE * fp = fopen(filename,"rb");
(gdb) n
1387        if(fp == NULL)
(gdb) n
1393        RSA *rsa= RSA_new() ;
(gdb) n
1394        if(diag) SerialWriteTestLine_string_Time("FILE open on:", filename, 
diag);
(gdb) n
1395        if(diag) SerialWriteTestLine_Time("after RSA_new", diag);
(gdb) n
1398        if (rsa == NULL) {
(gdb) n
1408        if(public >0)
(gdb) n
1415            rsa = PEM_read_RSAPrivateKey(fp, &rsa,NULL, NULL);
(gdb) s                               <<<<<<<<---------- GDB bypassed, I can't 
step into the function!
1419        if(diag) SerialWriteTestLine_Time("after 
PEM_read_RSAPrivateKey/PEM_read_RSA_PUBKEY", diag);

Beside that function, I found I can't step into any OpenSSL standard function 
either. For example, I can't step into the RSA_new too.
Based on the message I offered above, could you help me to figure out what 
mistakes I did? Could you help me?
In another word, I just want to step into the OpenSSL standard library 
functions. How can I do that?

I am eagerly waiting for your response and help, thank you in advance.

Thanks,
Tyler




_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to