[Pkg-openssl-devel] Bug#459619: Bug#459619: openssl speed segfaults for rsa

[Kurt Roeckx]

The backtrace I get atleast seems to show a little more:
Program terminated with signal 11, Segmentation fault.
#0  RSA_sign (type=114, m=0x101b9b10 "yí¢\023\211\017Oyí¢", m_len=36,
    sigret=0x101bbb18 "c¥[\203\236¥\f\230\020%åüñ\v\225\rª[`",
    siglen=0x7fc98c68, rsa=0xa98a38b5) at rsa_sign.c:79
79              if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
(gdb) bt
#0  RSA_sign (type=114, m=0x101b9b10 "yí¢\023\211\017Oyí¢", m_len=36,
    sigret=0x101bbb18 "c¥[\203\236¥\f\230\020%åüñ\v\225\rª[`",
    siglen=0x7fc98c68, rsa=0xa98a38b5) at rsa_sign.c:79
#1  0x10026424 in speed_main (argc=<value optimized out>, argv=0x1015965c)
    at speed.c:2082
#2  0x10001eac in do_cmd (prog=0x101b93e0, argc=1, argv=0x7fc9bd58)
    at openssl.c:382
#3  0x100025e4 in main (Argc=2, Argv=0x7fc9bd54) at openssl.c:301
(gdb) p rsa
$1 = (RSA *) 0xa98a38b5
(gdb) p *rsa
Cannot access memory at address 0xa98a38b5
(gdb) up
#1  0x10026424 in speed_main (argc=<value optimized out>, argv=0x1015965c)
    at speed.c:2082
2082                    ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
(gdb) p rsa_key[j]
$2 = (RSA *) 0xa98a38b5
(gdb) p rsa_key
$4 = {0xa98a38b5, 0x54b16a05, 0xceb3e600, 0x1372188}

It seems that atleast that variable gets overwritten during
the aes-128-ige test.  Running "openssl speed aes-128-ige rsa"
is enough to make it crash.

Looking at rsa_key, before it's starting the aes-128 ige test it still
looks normal.  During that test it gets overwritten.

I can not reproduce the problem with -O1 but I can with -O2.

I'll dig in a little more tomorrow.


Kurt