[openssl-dev] Question about valgrind error in DH in 1.0.2

John Foley foleyj at cisco.com
Wed May 13 14:04:53 UTC 2015 

Upon further investigation, it looks like the problem is in your sample
code.  You need to invoke CRYPTO_cleanup_all_ex_data() before
terminating your program.


On 05/13/2015 07:25 AM, Henrik Grindal Bakken wrote:
> Hi.  I have an application that generates Diffie-Hellman key pairs based
> on some precomputed primes.
>
> In 1.0.1 (and earlier) this works just fine, while in 1.0.2 it gives
> valgrind errors (while still working).
>
> The error only occurs on x86_64, and it does not occur on 1024 bit DH.
>
> I've attached the source code of the small application.  All it does is
> generate a DH key pair using fixed primes.  I'm not really sure where
> the primes come from, but this is used for H.235 (video conferencing
> call setup), and I think the primes are standardized.
>
> Output here:
>
> Using the native openssl on the box (1.0.1e):
> $ gcc -o dh-1.0.1 dh.c -lcrypto
> $ valgrind ./dh-1.0.1
> ==4730== Memcheck, a memory error detector
> ==4730== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
> ==4730== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
> ==4730== Command: ./dh-1.0.1
> ==4730== 
> ==4730== 
> ==4730== HEAP SUMMARY:
> ==4730==     in use at exit: 416 bytes in 6 blocks
> ==4730==   total heap usage: 115 allocs, 109 frees, 31,224 bytes allocated
> ==4730== 
> ==4730== LEAK SUMMARY:
> ==4730==    definitely lost: 0 bytes in 0 blocks
> ==4730==    indirectly lost: 0 bytes in 0 blocks
> ==4730==      possibly lost: 0 bytes in 0 blocks
> ==4730==    still reachable: 416 bytes in 6 blocks
> ==4730==         suppressed: 0 bytes in 0 blocks
> ==4730== Rerun with --leak-check=full to see details of leaked memory
> ==4730== 
> ==4730== For counts of detected and suppressed errors, rerun with: -v
> ==4730== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)
>
> I've also built myself a 1.0.2 build, using './config -DPURIFY shared'
> (purify to remove other valgrind warnings that would come when reading
> uninitialized data).
>
> $ gcc -o dh-1.0.2 -L~/src/thirdparty/openssl -isystem
> ~/src/thirdparty/openssl/include dh.c -lcrypto
> $ LD_LIBRARY_PATH=~/src/thirdparty/openssl valgrind ./dh-1.0.2 
> ==14854== Memcheck, a memory error detector
> ==14854== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
> ==14854== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
> ==14854== Command: ./dh-1.0.2
> ==14854== 
> ==14854== Invalid read of size 2
> ==14854== at 0x4F09198: bn_get_bits5 (in
> /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
> ==14854== by 0x4F32B47: generate_key (in
> /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
> ==14854==    by 0x400A30: main (in /home/henribak/tmp/dh-1.0.2)
> ==14854==  Address 0x581d77f is 255 bytes inside a block of size 256 alloc'd
> ==14854==    at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==14854== by 0x4E9DF62: CRYPTO_malloc (in
> /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
> ==14854== by 0x4EFCAA7: bn_expand_internal (in
> /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
> ==14854== by 0x4EFCFA4: bn_expand2 (in
> /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
> ==14854==    by 0x4EFD39F: BN_bin2bn (in /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
> ==14854==    by 0x4F010FA: BN_rand (in /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
> ==14854== by 0x4F32B0E: generate_key (in
> /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0)
> ==14854==    by 0x400A30: main (in /home/henribak/tmp/dh-1.0.2)
> ==14854== 
> ==14854== 
> ==14854== HEAP SUMMARY:
> ==14854==     in use at exit: 416 bytes in 6 blocks
> ==14854==   total heap usage: 112 allocs, 106 frees, 21,000 bytes allocated
> ==14854== 
> ==14854== LEAK SUMMARY:
> ==14854==    definitely lost: 0 bytes in 0 blocks
> ==14854==    indirectly lost: 0 bytes in 0 blocks
> ==14854==      possibly lost: 0 bytes in 0 blocks
> ==14854==    still reachable: 416 bytes in 6 blocks
> ==14854==         suppressed: 0 bytes in 0 blocks
> ==14854== Rerun with --leak-check=full to see details of leaked memory
> ==14854== 
> ==14854== For counts of detected and suppressed errors, rerun with: -v
> ==14854== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
>
> Then, same openssl version but with 1024 bit DH:
> $ LD_LIBRARY_PATH=~/src/thirdparty/openssl valgrind ./dh-1.0.2 1024
> ==14730== Memcheck, a memory error detector
> ==14730== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
> ==14730== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
> ==14730== Command: ./dh-1.0.2 1024
> ==14730== 
> ==14730== 
> ==14730== HEAP SUMMARY:
> ==14730==     in use at exit: 416 bytes in 6 blocks
> ==14730==   total heap usage: 112 allocs, 106 frees, 14,472 bytes allocated
> ==14730== 
> ==14730== LEAK SUMMARY:
> ==14730==    definitely lost: 0 bytes in 0 blocks
> ==14730==    indirectly lost: 0 bytes in 0 blocks
> ==14730==      possibly lost: 0 bytes in 0 blocks
> ==14730==    still reachable: 416 bytes in 6 blocks
> ==14730==         suppressed: 0 bytes in 0 blocks
> ==14730== Rerun with --leak-check=full to see details of leaked memory
> ==14730== 
> ==14730== For counts of detected and suppressed errors, rerun with: -v
> ==14730== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2)
>
>
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150513/4365a7f3/attachment.html>

More information about the openssl-dev mailing list