RSA_generate_key_ex is crashing when compiled on RHEL6 PPC and executed on RHEL8 for OpenSSL 3.0.1PPC

Tomas Mraz tomas at openssl.org
Thu Jun 2 10:00:45 UTC 2022


It is not an issue in OpenSSL that the getentropy somehow does not
work. I could imagine adding a define that disables use of getentropy.

Tomas

On Thu, 2022-06-02 at 15:26 +0530, Minal Patil wrote:
> Hello Tomas,
> 
> Thanks Man.
> It started working when compiled with your suggestions.
> 
> Could it be an issue with openssl or with the compile ?
> 
> Thanks,
> Minal
> 
> On Thu, Jun 2, 2022 at 2:32 PM Tomas Mraz <tomas at openssl.org> wrote:
> > This is crashing inside the getentropy call in glibc or the weak
> > symbol
> > binding does not work correctly for some reason.
> > 
> > I'd suggest changing the line 359 of
> > providers/implementations/rands/seeding/rand_unix.c
> > from:
> > #  if !defined(__DragonFly__) && !defined(__NetBSD__)
> > to:
> > #  if 0
> > 
> > That might help.
> > 
> > Regards,
> > Tomas Mraz
> > 
> > On Thu, 2022-06-02 at 12:49 +0530, Minal Patil wrote:
> > > here is the backtrace with debug.
> > > Program received signal SIGILL, Illegal instruction.
> > > 0x0000000010000004 in ?? ()
> > > Missing separate debuginfos, use: dnf debuginfo-install libgcc-
> > 8.3.1-
> > > 4.5.el8.ppc64le libstdc++-8.3.1-4.5.el8.ppc64le
> > > (gdb) bt
> > > #0  0x0000000010000004 in ?? ()
> > > #1  0x000000001006da60 in syscall_random (buf=0x104a3350,
> > buflen=48)
> > >     at providers/implementations/rands/seeding/rand_unix.c:364
> > > #2  0x000000001006e3b4 in ossl_pool_acquire_entropy
> > (pool=0x104a3300)
> > >     at providers/implementations/rands/seeding/rand_unix.c:646
> > > #3  0x0000000010252ca0 in seed_src_generate (vseed=0x10446e90,
> > > out=0x104a32c0 "", outlen=48, strength=0,
> > >     prediction_resistance=0, adin=0x7fffffffe340 "PoD\020",
> > > adin_len=8) at providers/implementations/rands/seed_src.c:114
> > > #4  0x0000000010253124 in seed_get_seed (vseed=0x10446e90,
> > > pout=0x7fffffffe410, entropy=256, min_len=48,
> > >     max_len=4294967294, prediction_resistance=0,
> > adin=0x7fffffffe340
> > > "PoD\020", adin_len=8)
> > >     at providers/implementations/rands/seed_src.c:204
> > > #5  0x000000001032a764 in get_entropy (drbg=0x10446f50,
> > > pout=0x7fffffffe410, entropy=384, min_len=48, max_len=4294967294,
> > >     prediction_resistance=0) at
> > > providers/implementations/rands/drbg.c:241
> > > #6  0x000000001032b140 in ossl_prov_drbg_instantiate
> > > (drbg=0x10446f50, strength=0, prediction_resistance=0,
> > >     pers=0x10397a88 <ossl_pers_string> "OpenSSL NIST SP 800-90A
> > > DRBG", perslen=29)
> > >     at providers/implementations/rands/drbg.c:451
> > > #7  0x000000001024eab8 in drbg_ctr_instantiate_wrapper
> > > (vdrbg=0x10446f50, strength=0, prediction_resistance=0, pstr=0x0,
> > >     pstr_len=0, params=0x7fffffffe620) at
> > > providers/implementations/rands/drbg_ctr.c:337
> > > #8  0x0000000010127aa0 in evp_rand_instantiate_locked
> > > (ctx=0x1042da90, strength=0, prediction_resistance=0, pstr=0x0,
> > >     pstr_len=0, params=0x7fffffffe620) at
> > > crypto/evp/evp_rand.c:505
> > > #9  0x0000000010127b50 in EVP_RAND_instantiate (ctx=0x1042da90,
> > > strength=0, prediction_resistance=0, pstr=0x0,
> > >     pstr_len=0, params=0x7fffffffe620) at
> > > crypto/evp/evp_rand.c:518
> > > #10 0x000000001003a988 in rand_new_drbg (libctx=0x0,
> > > parent=0x1042da60, reseed_interval=256,
> > > reseed_time_interval=3600)
> > >     at crypto/rand/rand_lib.c:595
> > > #11 0x000000001003ab58 in RAND_get0_primary (ctx=0x0) at
> > > crypto/rand/rand_lib.c:642
> > > #12 0x000000001003add4 in RAND_get0_private (ctx=0x0) at
> > > crypto/rand/rand_lib.c:706
> > > #13 0x0000000010039cd4 in RAND_priv_bytes_ex (ctx=0x0,
> > buf=0x10421f40
> > > "", num=64, strength=0)
> > >     at crypto/rand/rand_lib.c:333
> > > #14 0x00000000100a7824 in bnrand (flag=PRIVATE, rnd=0x10420e70,
> > > bits=512, top=1, bottom=1, strength=0, ctx=0x10420b90)
> > >     at crypto/bn/bn_rand.c:51
> > > #15 0x00000000100a7db4 in BN_priv_rand_ex (rnd=0x10420e70,
> > bits=512,
> > > top=1, bottom=1, strength=0, ctx=0x10420b90)
> > >     at crypto/bn/bn_rand.c:122
> > > #16 0x00000000100a6ae4 in probable_prime (rnd=0x10420e70,
> > > bits=512,
> > > safe=0, mods=0x10420f30, ctx=0x10420b90)
> > > --Type <RET> for more, q to quit, c to continue without paging--
> > >     at crypto/bn/bn_prime.c:486
> > > #17 0x00000000100a5c3c in BN_generate_prime_ex2 (ret=0x10420e70,
> > > bits=512, safe=0, add=0x0, rem=0x0, cb=0x0,
> > >     ctx=0x10420b90) at crypto/bn/bn_prime.c:160
> > > #18 0x000000001003dce8 in rsa_multiprime_keygen (rsa=0x10411eb0,
> > > bits=1024, primes=2, e_value=0x10411e70, cb=0x0)
> > >     at crypto/rsa/rsa_gen.c:191
> > > #19 0x000000001003e71c in rsa_keygen (libctx=0x0, rsa=0x10411eb0,
> > > bits=1024, primes=2, e_value=0x10411e70, cb=0x0,
> > >     pairwise_test=0) at crypto/rsa/rsa_gen.c:437
> > > #20 0x000000001003d598 in RSA_generate_multi_prime_key
> > > (rsa=0x10411eb0, bits=1024, primes=2, e_value=0x10411e70, cb=0x0)
> > >     at crypto/rsa/rsa_gen.c:71
> > > #21 0x000000001003d434 in RSA_generate_key_ex (rsa=0x10411eb0,
> > > bits=1024, e_value=0x10411e70, cb=0x0)
> > >     at crypto/rsa/rsa_gen.c:46
> > > #22 0x0000000010003ae8 in generate_key (keysize=1024,
> > > pub_key=0x7fffffffef48, pri_key=0x7fffffffef50) at
> > > generatekey.c:25
> > > #23 0x0000000010003da8 in main () at generatekey.c:74
> > > 
> > > On Thu, Jun 2, 2022 at 12:06 PM Tomas Mraz <tomas at openssl.org>
> > wrote:
> > > > Can you please try to build the openssl with debug information
> > > > (-
> > d
> > > > on
> > > > Configure command line)? To see whether the backtrace will
> > contain
> > > > more
> > > > information.
> > > > 
> > > > Tomas Mraz
> > > > 
> > > > On Thu, 2022-06-02 at 11:09 +0530, Minal Patil wrote:
> > > > > Hello All,
> > > > > 
> > > > > I am trying to use RSA_generate_key_ex function to generate
> > > > > the
> > > > > RSA
> > > > > key pairs on RHEL 7.2 PPCle. I am observing crash when i link
> > the
> > > > > source code with Openssl 3.0 whereas same works if i link
> > > > > with
> > > > > Openssl 1.0.2
> > > > > 
> > > > > Below is configure command used for compiling openssl
> > > > > ./Configure no-shared threads --
> > > > > prefix=/home/testuser/OpenSSL/Build
> > > > -
> > > > > -openssldir=/home/testuser/OpenSSL/Build --libdir=lib linux-
> > > > > ppc64le
> > > > -
> > > > > Wa,--noexecstack
> > > > > 
> > > > > I am attaching the source code I am using for reference. 
> > > > > Below is stack trace observed 
> > > > > 
> > > > > Program received signal SIGILL, Illegal instruction.
> > > > > #0  0x0000000010000004 in ?? ()
> > > > > #1  0x000000001005afdc in ossl_pool_acquire_entropy ()
> > > > > #2  0x00000000101fed14 in seed_get_seed ()
> > > > > #3  0x00000000102be844 in get_entropy ()
> > > > > #4  0x00000000102bee8c in ossl_prov_drbg_instantiate ()
> > > > > #5  0x00000000101f9b2c in drbg_ctr_instantiate_wrapper ()
> > > > > #6  0x00000000100ff2e0 in EVP_RAND_instantiate ()
> > > > > #7  0x0000000010031c18 in rand_new_drbg ()
> > > > > #8  0x0000000010032bd0 in RAND_get0_primary ()
> > > > > #9  0x00000000100333f8 in RAND_get0_private ()
> > > > > #10 0x0000000010033558 in RAND_priv_bytes_ex ()
> > > > > #11 0x00000000100926cc in BN_priv_rand_ex ()
> > > > > #12 0x0000000010090b78 in BN_generate_prime_ex2 ()
> > > > > #13 0x0000000010035a90 in RSA_generate_multi_prime_key ()
> > > > > #14 0x00000000100361b4 in RSA_generate_key_ex ()
> > > > > #15 0x00000000100048b8 in generate_key (keysize=1024,
> > > > > pub_key=0x7fffffffef38, pri_key=0x7fffffffef40) at
> > > > > generatekey.c:25
> > > > > #16 0x0000000010004b78 in main () at generatekey.c:74
> > > > > 
> > > > > I am compiling both 1.0.2j and 3.0 with same configure
> > > > > command
> > > > > and
> > > > on
> > > > > the same machine(i.e. RHEL 7).  
> > > > > 
> > > > > Any suggestion or pointer would be highly helpful.
> > > > 
> > > > -- 
> > > > Tomáš Mráz, OpenSSL
> > > > 
> > > > 
> > > 
> > > 
> > 
> > -- 
> > Tomáš Mráz, OpenSSL
> > 
> > 
> 
> 

-- 
Tomáš Mráz, OpenSSL




More information about the openssl-users mailing list