为什么RSA_generate_key使用未初始化的值(根据valgrind)

时间:2015-09-30 10:25:34

标签: c openssl rsa valgrind

我一直致力于涉及加密的事情。我必须承认,我在密码学方面的知识非常基础。因此,我决定在RSARSA_generate_key生成RSA密钥之后查看openssl结构包含的内容。但是我遇到了分段错误:

const unsigned long e = 3;
const int num = 3072;   
...
RSA *rsa_key = RSA_generate_key(num, e, NULL, NULL);
if (!rsa_key)
{
    printf("Failed to generate RSA key!\n");
    return RSA_ERROR_CODE;
}

printf("rsa->pad=0x%x\n", rsa_key->pad);
printf("rsa->version=0x%lx\n", rsa_key->version);
if (rsa_key->n)
{
    printf("rsa->n->top=0x%x\n", rsa_key->n->top); // HERE I got the seg fault
    ....

对我来说这看起来很奇怪所以我写了一个最小的代码来用valgrind tool来测试它。这是C中的代码:

#include "openssl/rsa.h"
#include <stdio.h>

int main()
{       
    const unsigned long e = 3;   // the exponent, 3 in QVRSA
    const int num = 3072;   

    RSA *rsa_key = RSA_generate_key(num, e, NULL, NULL);

    if (rsa_key == NULL)
    {
        printf("RSA is invalid!\n");
        return 1;
    }

    printf("rsa->pad=0x%x\n", rsa_key->pad);
    printf("rsa->version=0x%lx\n", rsa_key->version);
    if (rsa_key->n)
    {
        printf("rsa->n->top=0x%x\n", rsa_key->n->top);
    }

    RSA_free(rsa_key);
    rsa_key = NULL;
    return 0;
}

编译行: gcc rsa.c -lcrypto -g -O0 -o rsa

这次没有分段错误,输出是:

rsa->pad=0x0 
rsa->version=0x0 
rsa->n->top=0x30

但是 valgrind发出了大量错误消息:

==6916== Conditional jump or move depends on uninitialised value(s)
==6916==    at 0x4DAEB37: BN_bin2bn (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DB1B62: ??? (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DB4471: BN_generate_prime_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DC8763: RSA_generate_key_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DCB763: RSA_generate_key (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x40072E: main (rsa.c:9)
==6916==  Uninitialised value was created by a heap allocation
==6916==    at 0x4B23D6D: malloc (vg_replace_malloc.c:270)
==6916==    by 0x4D8936A: CRYPTO_malloc (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DB1AD1: ??? (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DB4471: BN_generate_prime_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DC8763: RSA_generate_key_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DCB763: RSA_generate_key (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x40072E: main (rsa.c:9)

==6916== Conditional jump or move depends on uninitialised value(s)
==6916==    at 0x4DB44D0: BN_generate_prime_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DC8763: RSA_generate_key_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DCB763: RSA_generate_key (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x40072E: main (rsa.c:9)
==6916==  Uninitialised value was created by a heap allocation
==6916==    at 0x4B23D6D: malloc (vg_replace_malloc.c:270)
==6916==    by 0x4D8936A: CRYPTO_malloc (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DB1AD1: ??? (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DB4471: BN_generate_prime_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DC8763: RSA_generate_key_ex (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x4DCB763: RSA_generate_key (in /usr/lib64/libcrypto.so.0.9.8)
==6916==    by 0x40072E: main (rsa.c:9)

条件跳转或移动的许多其他人取决于未初始化的值标题。

为什么呢? openSSL中是否存在已知错误,或者它只是一个误报,我的原始分段错误与我原始代码中的一些隐藏错误有关?

我用过:

  • gcc v4.5.2

  • valgrind v3.8.1

  • OpenSSL 0.9.8a

1 个答案:

答案 0 :(得分:4)

OpenSSL正在使用一些未初始化的变量来生成随机数据以生成密钥。然后Valgrind会抱怨,所以这不是误报。

根据openSSL FAQ,要摆脱它,请使用-DPURIFY进行编译。 但是,您可以讨论测试不同编译的二进制文件是否比生产二进制文件更好。