Fwd: Question about RSA key access mechanism

Matt Caswell matt at openssl.org
Fri Apr 16 12:11:54 UTC 2021

On 12/04/2021 09:57, Danis Ozdemir wrote:
> When I define a watchpoint for that address to verify that it has been 
> accessed when a new client connects to the server and make the server 
> continue, I can't see a hit which means this address hasn't been 
> accessed. *I'm attaching the s_client output as a file, since it's 
> longer compared to the outputs above.*

You don't say which version of OpenSSL you are using (1.1.1 or 3.0?). 
That can make a big difference to the codepaths that you go through to 
get to actual RSA operations.

I'm assuming you are interested in the RSA signature from a TLSv1.3 
CertVerify message.

If so I would expect you to end up in the rsa_ossl_mod_exp function in 
crypto/rsa/rsa_ossl.c. It's there that I would expect to see accesses to 
"p". I suggest you set a breakpoint in that function and see what is 


> *
> *
> I then dumped the whole non-executable pages that were allocated for 
> this process using ptrace to see whether another copy of the key was 
> present and I couldn't find any copies. So, either I'm doing something 
> wrong (which is the case, most probably) or there's another area which 
> contains another representation of the key for security reasons (given 
> the fact that the raw key content is accessible in the RAM, this one 
> seems less likely). Therefore, assuming I'm doing something wrong, if 
> you could tell me what it is, I'd be grateful.
> Best regards,
> Danis Ozdemir
> **

More information about the openssl-users mailing list