我一直致力于涉及加密的事情。我必须承认,我在密码学方面的知识非常基础。因此,我决定在RSA库RSA_generate_key生成RSA密钥之后查看openssl结构包含的内容。但是我遇到了分段错误:
const unsigned long e = 3;
const int num = 3072;
...
RSA *rsa_key = RSA_generate_key(num, e, NULL, NULL);
if (!rsa_key)
{
printf("Failed to generate RSA key!\n");
return RSA_ERROR_CODE;
}
printf("rsa->pad=0x%x\n", rsa_key->pad);
printf("rsa->version=0x%lx\n", rsa_key->version);
if (rsa_key->n)
{
printf("rsa->n->top=0x%x\n", rsa_key->n->top); // HERE I got the seg fault
....
对我来说这看起来很奇怪所以我写了一个最小的代码来用valgrind tool来测试它。这是C中的代码:
#include "openssl/rsa.h"
#include <stdio.h>
int main()
{
const unsigned long e = 3; // the exponent, 3 in QVRSA
const int num = 3072;
RSA *rsa_key = RSA_generate_key(num, e, NULL, NULL);
if (rsa_key == NULL)
{
printf("RSA is invalid!\n");
return 1;
}
printf("rsa->pad=0x%x\n", rsa_key->pad);
printf("rsa->version=0x%lx\n", rsa_key->version);
if (rsa_key->n)
{
printf("rsa->n->top=0x%x\n", rsa_key->n->top);
}
RSA_free(rsa_key);
rsa_key = NULL;
return 0;
}
编译行: gcc rsa.c -lcrypto -g -O0 -o rsa
这次没有分段错误,输出是:
rsa->pad=0x0
rsa->version=0x0
rsa->n->top=0x30
但是 valgrind发出了大量错误消息:
==6916== Conditional jump or move depends on uninitialised value(s)
==6916== at 0x4DAEB37: BN_bin2bn (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DB1B62: ??? (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DB4471: BN_generate_prime_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DC8763: RSA_generate_key_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DCB763: RSA_generate_key (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x40072E: main (rsa.c:9)
==6916== Uninitialised value was created by a heap allocation
==6916== at 0x4B23D6D: malloc (vg_replace_malloc.c:270)
==6916== by 0x4D8936A: CRYPTO_malloc (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DB1AD1: ??? (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DB4471: BN_generate_prime_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DC8763: RSA_generate_key_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DCB763: RSA_generate_key (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x40072E: main (rsa.c:9)
==6916== Conditional jump or move depends on uninitialised value(s)
==6916== at 0x4DB44D0: BN_generate_prime_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DC8763: RSA_generate_key_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DCB763: RSA_generate_key (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x40072E: main (rsa.c:9)
==6916== Uninitialised value was created by a heap allocation
==6916== at 0x4B23D6D: malloc (vg_replace_malloc.c:270)
==6916== by 0x4D8936A: CRYPTO_malloc (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DB1AD1: ??? (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DB4471: BN_generate_prime_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DC8763: RSA_generate_key_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x4DCB763: RSA_generate_key (in /usr/lib64/libcrypto.so.0.9.8)
==6916== by 0x40072E: main (rsa.c:9)
条件跳转或移动的许多其他人取决于未初始化的值标题。
为什么呢? openSSL中是否存在已知错误,或者它只是一个误报,我的原始分段错误与我原始代码中的一些隐藏错误有关?
我用过:
gcc v4.5.2
valgrind v3.8.1
OpenSSL 0.9.8a
答案 0 :(得分:4)
OpenSSL正在使用一些未初始化的变量来生成随机数据以生成密钥。然后Valgrind会抱怨,所以这不是误报。
根据openSSL FAQ,要摆脱它,请使用-DPURIFY进行编译。 但是,您可以讨论测试不同编译的二进制文件是否比生产二进制文件更好。