1 (edited by sissiok 2015-07-17 16:41:38)

Topic: memory leaks with Random Number Generator

I am trying to generate a RSA private key and keep it in a array as well as write into a der file. However, I get segmentation fault (core dumped). When I use valgrind to check the memory, it points to wc_InitRng and wc_FreeRng functions. Please help me with this. Thanks.

The leak information is :

==16570== Invalid write of size 8
==16570==    at 0x4E40BE4: wc_InitRsaKey (in /usr/local/lib/libwolfssl.so.0.0.2)
==16570==    by 0x400EF5: RSA_genkey(char const*, unsigned char*, unsigned long) (common.cpp:34)
==16570==    by 0x400E25: main (master.cpp:22)
==16570==  Address 0xfff001458 is not stack'd, malloc'd or (recently) free'd
==16570==
==16570==
==16570== Process terminating with default action of signal 11 (SIGSEGV)
==16570==  Access not within mapped region at address 0xFFF001458
==16570==    at 0x4E40BE4: wc_InitRsaKey (in /usr/local/lib/libwolfssl.so.0.0.2)
==16570==    by 0x400EF5: RSA_genkey(char const*, unsigned char*, unsigned long) (common.cpp:34)
==16570==    by 0x400E25: main (master.cpp:22)
==16570==  If you believe this happened as a result of a stack
==16570==  overflow in your program's main thread (unlikely but
==16570==  possible), you can try to increase the size of the
==16570==  main thread stack using the --main-stacksize= flag.
==16570==  The main thread stack size used in this run was 8388608.
==16570==
==16570== HEAP SUMMARY:
==16570==     in use at exit: 0 bytes in 0 blocks
==16570==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==16570==
==16570== All heap blocks were freed -- no leaks are possible
==16570==
==16570== For counts of detected and suppressed errors, rerun with: -v
==16570== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)


#define RSA_KEY_SIZE 2048
#define EXPONENT 65537

int RSA_genkey( const char * file_der, unsigned char *der, size_t der_len){
    RsaKey priv;
    RNG rng;
    FILE*  keyFile = NULL;
    int ret = 0, der_written = 0;

    if ( ( ret = wc_InitRsaKey( &priv, NULL ) ) != 0 )
    {
        printf(" RSA_genkey failed in wc_InitRsaKey: returned %d\n", ret);
        goto exit;
    }

    if ( ( ret = wc_InitRng( &rng ) ) != 0 )
    {
        printf(" RSA_genkey failed in wc_InitRng: returned %d\n", ret);
        goto exit;
    }

    if ( ( ret = wc_MakeRsaKey( &priv, RSA_KEY_SIZE, EXPONENT, &rng ) ) != 0 )
    {
        printf(" RSA_genkey failed in wc_MakeRsaKey: returned %d\n", ret);
        goto exit;
    }

    if ( ( der_written = wc_RsaKeyToDer( &priv, (byte*)der, der_len) ) <= 0 )
    {
        printf(" RSA_genkey failed in wc_RsaKeyToDer: returned %d\n", der_written);
        wc_FreeRsaKey( &priv );
        wc_FreeRng( &rng );
        return der_written;
    }


    if ( (keyFile = fopen( file_der, "wb" ) ) == NULL )
    {
        printf(" RSA_genkey failed when opening file.\n");
        ret = -1;
        goto exit;
    }

    if ( fwrite( der, 1, der_written, keyFile) != (size_t)der_written )
    {
        printf(" RSA_genkey failed when writing into file.\n");
        fclose( keyFile );
        ret = -1;
        goto exit;
    }
    fclose( keyFile );

exit:
    wc_FreeRng( &rng );
    wc_FreeRsaKey( &priv );
    return ret;
}


int main(int , char const **)
{
    //int ret;
    unsigned char der[4096];
    memset (der, 0, sizeof(der) );
    RSA_genkey("./rsa_priv.der", der, sizeof(der) );

    return 0;
}

Share

Re: memory leaks with Random Number Generator

Hi sissiok,

Have you tried printing out "sizeof(der)" as it's being passed into the function?

When you call sizeof on a function parameter it most likely is the size of the pointer that points to the variable and not the size of the actual variable. The pointer is likely 8 bytes and you've attempted to write something larger than 8. This would explain "==16570== Invalid write of size 8".

Make sure you are passing the actual size of the variable der and not what "sizeof" returns when you call it on a function parameter.

Kind Regards,

Kaleb

Re: memory leaks with Random Number Generator

sizeof(der) = 4096 and 4096 is really passed to RSA_genkey function. So I think the parameters passed to RSA_genkey look fine. The problem must be somewhere inside RSA_genkey.

Share

Re: memory leaks with Random Number Generator

Hi sissiok,

Just to double check have you included options.h header in your project and is it in scope of the file you're working with?

We're confident in RSA_genkey and it's been thouroughly vetted with valgrind on every release. My guess would be the definition of RsaKey or RNG is not getting pulled in somehow and it's being treated as a pointer and not a stucture.

Essentially an invalid write of size 8 is usually something that should be larger and is instead the size of a pointer. This line ==16570==  Address 0xfff001458 is not stack'd, malloc'd or (recently) free'd tells us that one of the parameters or one of the local variables is either not on the stack, has not been malloced yet, or has already been malloced previously somewhere, modified, and not freed before being called here.

Kind Regards,

Kaleb

Re: memory leaks with Random Number Generator

Actually I also have similar problem while trying to parse a der file holding rsa private key with wc_RsaPrivateKeyDecode function. I import the private key from a der file into a byte der[4096]. However,  wc_RsaPrivateKeyDecode returns -140 saying there is a error parsing the private key in the buffer. When I use valgrind to check, it also points to the wc_InitRng.  Looks like wc_FreeRng dos not do the work. Any clues? Thanks a lot.

Share

Re: memory leaks with Random Number Generator

Yes, I did include <wolfssl/options.h> .

Share

7 (edited by Kaleb J. Himes 2015-07-20 12:43:25)

Re: memory leaks with Random Number Generator

Hi sissiok,

I just copied your code and did a quick run of it. I can not reproduce the error in discussion. I am attaching my source file. I had to update your main function as it was missing the argc and argv variables. In the source file you'll see the include options I used.

I am using OSX for testing. What environment are you working in. Perhaps it is an OS specific issue in which case we would like to narrow that down.

Here is my valgrind report:

kalebs-MBP:testDir khimes$ valgrind ./run 
==51474== Memcheck, a memory error detector
==51474== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==51474== Using Valgrind-3.11.0.SVN and LibVEX; rerun with -h for copyright info
==51474== Command: ./run
==51474== 
--51474-- ./run:
--51474-- dSYM directory is missing; consider using --dsymutil=yes
==51474== 
==51474== HEAP SUMMARY:
==51474==     in use at exit: 34,907 bytes in 425 blocks
==51474==   total heap usage: 559 allocs, 134 frees, 48,994 bytes allocated
==51474== 
==51474== LEAK SUMMARY:
==51474==    definitely lost: 16 bytes in 1 blocks
==51474==    indirectly lost: 0 bytes in 0 blocks
==51474==      possibly lost: 13,018 bytes in 115 blocks
==51474==    still reachable: 21,873 bytes in 309 blocks
==51474==         suppressed: 0 bytes in 0 blocks
==51474== Rerun with --leak-check=full to see details of leaked memory
==51474== 
==51474== For counts of detected and suppressed errors, rerun with: -v
==51474== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Here at wolfSSL we love hearing what customers are doing with our library is there any way you could provide us with a quick summary of your project and in what way we're helping you to accomplish your end goal?

Kind Regards,

Kaleb

Post's attachments

test.c 1.75 kb, 2 downloads since 2015-07-20 

You don't have the permssions to download the attachments of this post.

Re: memory leaks with Random Number Generator

I am using wolfSSL to do a prototype of a security protocol. The OS I am using is ubuntu 14.04 tls. The weird thing is that if I put everything into a single file as your test.c, there is no problem. However, if I separate the RSA_genkey function into another source file (with corresponding header file) and include the header file in the main file, then I have problem. What I am doing is like this:

myheader.hpp 
int RSA_gen(....);

mysrc.cpp
int RSA_gen(....)
{.......}

mymain.cpp
#include "myheader.hpp"
int main(...) {....}


I believe this is a standard way. So I am quite surprised when I got error with this.

Share

Re: memory leaks with Random Number Generator

Hi sissiok,

That is indeed strange. I don't know if it would solve it but perhaps having a project header:

Project.hpp
         #include files here

then include Project.hpp in both the main.c and in the Rsa_gen file?

Somehow the correct headers must not be getting included in both locations.

On the other topic. Thank you so much for you feedback on your project goals, we appreciate it!


Kind Regards,

Kaleb