[openssl-dev] Question about valgrind error in DH in 1.0.2

Henrik Grindal Bakken hgb at ifi.uio.no
Wed May 13 11:25:59 UTC 2015 

Hi.  I have an application that generates Diffie-Hellman key pairs based
on some precomputed primes.

In 1.0.1 (and earlier) this works just fine, while in 1.0.2 it gives
valgrind errors (while still working).

The error only occurs on x86_64, and it does not occur on 1024 bit DH.

I've attached the source code of the small application.  All it does is
generate a DH key pair using fixed primes.  I'm not really sure where
the primes come from, but this is used for H.235 (video conferencing
call setup), and I think the primes are standardized.

Output here:

Using the native openssl on the box (1.0.1e):
$ gcc -o dh-1.0.1 dh.c -lcrypto
$ valgrind ./dh-1.0.1
==4730== Memcheck, a memory error detector
==4730== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==4730== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==4730== Command: ./dh-1.0.1
==4730== 
==4730== 
==4730== HEAP SUMMARY:
==4730==     in use at exit: 416 bytes in 6 blocks
==4730==   total heap usage: 115 allocs, 109 frees, 31,224 bytes allocated
==4730== 
==4730== LEAK SUMMARY:
==4730==    definitely lost: 0 bytes in 0 blocks
==4730==    indirectly lost: 0 bytes in 0 blocks
==4730==      possibly lost: 0 bytes in 0 blocks
==4730==    still reachable: 416 bytes in 6 blocks
==4730==         suppressed: 0 bytes in 0 blocks
==4730== Rerun with --leak-check=full to see details of leaked memory
==4730== 
==4730== For counts of detected and suppressed errors, rerun with: -v
==4730== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)

I've also built myself a 1.0.2 build, using './config -DPURIFY shared'
(purify to remove other valgrind warnings that would come when reading
uninitialized data).

$ gcc -o dh-1.0.2 -L~/src/thirdparty/openssl -isystem
~/src/thirdparty/openssl/include dh.c -lcrypto
$ LD_LIBRARY_PATH=~/src/thirdparty/openssl valgrind ./dh-1.0.2 
==14854== Memcheck, a memory error detector
==14854== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==14854== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==14854== Command: ./dh-1.0.2
==14854== 
==14854== Invalid read of size 2
==14854== at 0x4F09198: bn_get_bits5 (in
/home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
==14854== by 0x4F32B47: generate_key (in
/home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
==14854==    by 0x400A30: main (in /home/henribak/tmp/dh-1.0.2)
==14854==  Address 0x581d77f is 255 bytes inside a block of size 256 alloc'd
==14854==    at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14854== by 0x4E9DF62: CRYPTO_malloc (in
/home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
==14854== by 0x4EFCAA7: bn_expand_internal (in
/home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
==14854== by 0x4EFCFA4: bn_expand2 (in
/home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
==14854==    by 0x4EFD39F: BN_bin2bn (in /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
==14854==    by 0x4F010FA: BN_rand (in /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
==14854== by 0x4F32B0E: generate_key (in
/home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
==14854==    by 0x400A30: main (in /home/henribak/tmp/dh-1.0.2)
==14854== 
==14854== 
==14854== HEAP SUMMARY:
==14854==     in use at exit: 416 bytes in 6 blocks
==14854==   total heap usage: 112 allocs, 106 frees, 21,000 bytes allocated
==14854== 
==14854== LEAK SUMMARY:
==14854==    definitely lost: 0 bytes in 0 blocks
==14854==    indirectly lost: 0 bytes in 0 blocks
==14854==      possibly lost: 0 bytes in 0 blocks
==14854==    still reachable: 416 bytes in 6 blocks
==14854==         suppressed: 0 bytes in 0 blocks
==14854== Rerun with --leak-check=full to see details of leaked memory
==14854== 
==14854== For counts of detected and suppressed errors, rerun with: -v
==14854== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)

Then, same openssl version but with 1024 bit DH:
$ LD_LIBRARY_PATH=~/src/thirdparty/openssl valgrind ./dh-1.0.2 1024
==14730== Memcheck, a memory error detector
==14730== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==14730== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==14730== Command: ./dh-1.0.2 1024
==14730== 
==14730== 
==14730== HEAP SUMMARY:
==14730==     in use at exit: 416 bytes in 6 blocks
==14730==   total heap usage: 112 allocs, 106 frees, 14,472 bytes allocated
==14730== 
==14730== LEAK SUMMARY:
==14730==    definitely lost: 0 bytes in 0 blocks
==14730==    indirectly lost: 0 bytes in 0 blocks
==14730==      possibly lost: 0 bytes in 0 blocks
==14730==    still reachable: 416 bytes in 6 blocks
==14730==         suppressed: 0 bytes in 0 blocks
==14730== Rerun with --leak-check=full to see details of leaked memory
==14730== 
==14730== For counts of detected and suppressed errors, rerun with: -v
==14730== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dh.c
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150513/3fcd5cd5/attachment.c>
-------------- next part --------------

-- 
Henrik Grindal Bakken <hgb at ifi.uio.no>
PGP ID: 8D436E52
Fingerprint: 131D 9590 F0CF 47EF 7963  02AF 9236 D25A 8D43 6E52

More information about the openssl-dev mailing list