1 (edited by cxdinter 2016-09-05 18:58:24)

Topic: [SOLVED] meet 'Segmentation fault' when using wc_SignatureVerify()

Hi,
   I am learning how to use wolfSSL APIs.
   When I use APIs to verify RSA signature, I meet troubles. The API wc_SignatureVerify() always crashed. Log mentioned 'Segmentation fault'. I debug into wc_SignatureVerify() function, and found the problem is caused by API wc_RsaSSL_Verify() when excute the last line ' XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA).
   I paste my source code below, please help me to review it. Maybe I made mistake when I calling APIs??
   Notice : the RSA key's raw data N and E is exactly correct, and the signature is exactly correct which is generated by the private key based on  buffer[] array. I already verify this signature successfully by openSSL library.

   

   #ifndef    RSA_TEST_C
#define    RSA_TEST_C

#include <wolfssl/wolfcrypt/integer.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/signature.h>


/*===============================================
* Array Name : rsa_public_N[]
* Description :  N modules of RSA 2048 bits key
*Encode Formate : raw data
* ================================================*/
static unsigned char rsa_public_N[256] = {
    0x8c, 0xeb, 0xeb, 0xd2, 0xf9, 0x25, 0xad, 0x08,
    0xef, 0x27, 0x75, 0xb8, 0xdb, 0xff, 0x37, 0xd3, 
    0xa5, 0x35, 0x8e, 0x01, 0xc1, 0x93, 0x1f, 0xcf, 
    0x25, 0x5f, 0xec, 0x64, 0x0f, 0x58, 0xf8, 0x27, 
    0x90, 0xd0, 0xa0, 0x0e, 0xdb, 0x84, 0xc3, 0x56, 
    0x27, 0x5f, 0xab, 0xb4, 0x8d, 0x0e, 0x32, 0xda, 
    0x66, 0x04, 0xf3, 0xc4, 0xa5, 0x94, 0xf1, 0xeb, 
    0x1a, 0x8e, 0x22, 0x98, 0xf7, 0x31, 0x2a, 0x51, 
    0x3a, 0xd5, 0xe5, 0x3d, 0xe5, 0x7a, 0x61, 0x62, 
    0x64, 0x67, 0x4b, 0x38, 0x66, 0x06, 0x5c, 0xfd, 
    0xa3, 0xca, 0xd2, 0xd6, 0x63, 0x3f, 0xc8, 0x5a, 
    0x66, 0x48, 0x34, 0xda, 0xb7, 0x9c, 0xfc, 0x8e, 
    0xfd, 0xed, 0xc1, 0xeb, 0xe6, 0xc5, 0xd3, 0x82, 
    0xfd, 0xd9, 0xf1, 0x87, 0x0a, 0x48, 0x0e, 0x96, 
    0x18, 0xfe, 0x49, 0x5b, 0xee, 0xb3, 0xc0, 0xbd, 
    0x55, 0x52, 0x26, 0x09, 0x67, 0xb3, 0xd6, 0xfe, 
    0xd7, 0x50, 0xbe, 0xf5, 0x0c, 0xe3, 0xad, 0x80, 
    0xc7, 0x81, 0x57, 0x49, 0x2e, 0x09, 0xa3, 0x1e, 
    0x6b, 0x21, 0x6f, 0x90, 0x44, 0xb2, 0x30, 0xbc, 
    0xc2, 0xe3, 0x85, 0x87, 0x0a, 0xdb, 0x31, 0x1d, 
    0x4f, 0x4b, 0xb2, 0x3a, 0xc5, 0x9f, 0x6f, 0xdb, 
    0xaa, 0x06, 0x52, 0x22, 0x29, 0xe8, 0xab, 0xa4, 
    0x96, 0x54, 0x04, 0x62, 0xf7, 0xaa, 0xba, 0x1b, 
    0x95, 0x83, 0xf4, 0x32, 0x6f, 0x04, 0xeb, 0x1c, 
    0xe4, 0x3d, 0x1c, 0xbc, 0x89, 0x60, 0x69, 0x6d, 
    0xda, 0x06, 0x84, 0xfd, 0x56, 0x4c, 0x93, 0xbb, 
    0xf8, 0xe2, 0xee, 0x2b, 0xe6, 0x0f, 0x04, 0x8c, 
    0x66, 0xb2, 0xa4, 0xb3, 0xd8, 0xba, 0xba, 0x65, 
    0xa0, 0x9d, 0xb6, 0xc8, 0xce, 0x6f, 0x8b, 0xd1, 
    0x48, 0x5a, 0x51, 0x60, 0x6b, 0x42, 0xff, 0xe6, 
    0x26, 0x40, 0xce, 0x59, 0x95, 0x1b, 0xbf, 0xa9, 
    0xaf, 0xfe, 0x56, 0x42, 0x87, 0x4a, 0x2c, 0xef,
};

/*===============================================
* Array Name : rsa_public_E[]
* Description :  exponent of RSA 2048 bits key
*Encode Formate : raw data
* ================================================*/
static unsigned char rsa_public_E[3] = {
    0x01, 0x00, 0x01,
};

/*===============================================
* Array Name : signature[]
* Description :  one signature which generated  by  RSA private key
*Encode Formate : raw data
* ================================================*/
static unsigned char signature[256] = {
        0x0e, 0xf0, 0x0a, 0x4d, 0xd9, 0xba, 0x43, 0xbc, 0x9f, 0xc7, 0x1f, 0xe0, 0x48, 0xa8, 0x3c, 0xc1,
        0x91, 0x18, 0x2a, 0x6b, 0x29, 0x0e, 0xed, 0x9a, 0xdd, 0x69, 0x59, 0x2d, 0x23, 0xda, 0x70, 0xf0,
        0x41, 0x57, 0x8f, 0x15, 0x05, 0x6f, 0x9b, 0xac, 0xce, 0x35, 0xc7, 0xba, 0x96, 0xf1, 0xb5, 0xf3,
        0xb6, 0x7d, 0xdc, 0xbc, 0x9b, 0xe1, 0xb0, 0xb3, 0x80, 0x28, 0xaa, 0x45, 0x3b, 0x4d, 0x41, 0xdc,
        0x10, 0x64, 0x54, 0x7d, 0x18, 0x35, 0x01, 0xff, 0x16, 0x57, 0xad, 0x56, 0xa1, 0x15, 0xfd, 0xca,
        0xd4, 0xac, 0x6d, 0x1f, 0xe9, 0x9e, 0x0d, 0xf1, 0x2c, 0x5a, 0xfe, 0xd3, 0xc9, 0xb8, 0x66, 0x01,
        0xf5, 0x4f, 0xb0, 0xa3, 0x4f, 0xb8, 0x5a, 0x5a, 0x94, 0xf4, 0xdb, 0xe8, 0xfd, 0x39, 0xbf, 0x3a,
        0xf5, 0x75, 0x8b, 0xfd, 0xaa, 0x43, 0x3c, 0x54, 0xd3, 0xca, 0x3b, 0x0c, 0x68, 0x07, 0x27, 0x13,
        0xf8, 0x50, 0xdd, 0x9e, 0x74, 0x60, 0xd1, 0xbc, 0x47, 0xef, 0x31, 0xbd, 0xa6, 0x42, 0x6c, 0x6a,
        0x72, 0xb7, 0xe1, 0x31, 0x76, 0x0f, 0x67, 0x69, 0x76, 0x95, 0x6d, 0x7d, 0xd8, 0xa7, 0xf5, 0xb8,
        0x4d, 0xf6, 0x2b, 0x5f, 0xfe, 0x57, 0x4a, 0xbe, 0x58, 0x18, 0xa1, 0xfa, 0xce, 0x6e, 0xdc, 0x05,
        0x29, 0x5e, 0xeb, 0xf0, 0x66, 0x5e, 0x94, 0x30, 0xba, 0xde, 0x61, 0x57, 0x8b, 0x19, 0x39, 0x23,
        0x5b, 0xcb, 0x4d, 0x6b, 0xae, 0x75, 0x22, 0xaa, 0x25, 0x4b, 0xb8, 0xdc, 0x37, 0x18, 0x2a, 0x0a,
        0xeb, 0x38, 0xe4, 0xf9, 0xa6, 0x08, 0x03, 0xe5, 0x3c, 0x27, 0xb1, 0x3e, 0x3b, 0xb7, 0xe3, 0xa5,
        0xe5, 0x38, 0x4e, 0x16, 0x54, 0x0b, 0x99, 0xcc, 0xc5, 0xd2, 0x17, 0xca, 0xfa, 0x02, 0x93, 0xfd,
        0xef, 0xae, 0x7d, 0x04, 0xfe, 0x1e, 0x2b, 0x62, 0xe0, 0xc1, 0x96, 0xde, 0x0f, 0x93, 0x1f, 0xfe
};


/*===============================================
* Function  Name : RSA_TEST
* Description :  a demo for SHA256/RSA Signature verify(by RSA raw data public key)
* Parameter :   None
* Return : 
*        0 : Positive response, NO Error.
        others : Error appear. Something is wrong.
* ================================================*/
int RSA_TEST(void)
{
    RsaKey pubkey;
    int stat = -1;
    unsigned char buffer[] = {
        /*T     h        i        s                 i       s                         a                 t       e      s       t                   f        i      l       e        .       \n  */
        0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x0A
    };

    //import RSA Public Key
    wc_InitRsaKey(&pubkey, NULL);
    stat = wc_RsaPublicKeyDecodeRaw(rsa_public_N, sizeof(rsa_public_N), rsa_public_E, sizeof(rsa_public_E), &pubkey);
    if(stat != 0)
    {
        printf("import public key  error~~~~~~~ \n");
        return stat ;
    }
    //printf("come here???~~~~~~~ \n");
    /* verify signature start */    
    stat = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, buffer, sizeof(buffer), signature, sizeof(signature), &pubkey, sizeof(pubkey));
    printf("\nVerify signature [ %s ]\n", ((stat == 0) ? "Success" : "Fail"));

    /* free RSA Key*/
    wc_FreeRsaKey(&pubkey);

    return stat;
    
}

int  main(void)
{
    RSA_TEST();

    return 0;
}




#endif
Post's attachments

rsa_test.c 5.56 kb, 2 downloads since 2016-09-05 

You don't have the permssions to download the attachments of this post.

Share

2 (edited by cxdinter 2016-09-06 00:48:04)

Re: [SOLVED] meet 'Segmentation fault' when using wc_SignatureVerify()

Hi,
    I found the root cause and fixed it by myself(after modified signature.c and asn.h).
    Please kindly help me to review attached source files, are they correct? (source file attached in 3rd floor, this floor attached one picture which used for analyze root cause).
    By the way, in wc_SignatureVerify() function, currently, I only added patch for SHA1/SHA256/SHA384/SHA512, not include MD hash. Because I am not familiar with MD4/MD5...

http://www.autoimg.cn/album/g8/M14/2F/84/userphotos/2016/09/06/15/wKgHz1fOcCOAX4ioAAKhYKVpPgI430_s.jpg

Post's attachments

ScreenShot165.bmp 1.49 mb, 9 downloads since 2016-09-06 

You don't have the permssions to download the attachments of this post.

Share

Re: [SOLVED] meet 'Segmentation fault' when using wc_SignatureVerify()

cxdinter wrote:

Hi,
    I found the root cause and modified by myself.
    Please review attached source files, are they correct?
    By the way, in wc_SignatureVerify() function, currently, I only added patch for SHA1/SHA256/SHA384/SHA512, not include MD hash. Because I am not familiar with MD4/MD5...

http://www.autoimg.cn/album/g8/M14/2F/84/userphotos/2016/09/06/15/wKgHz1fOcCOAX4ioAAKhYKVpPgI430_s.jpg

Attached two source file : signature.c , asn.h

Post's attachments

sign.zip 10.43 kb, 5 downloads since 2016-09-06 

You don't have the permssions to download the attachments of this post.

Share

Re: [SOLVED] meet 'Segmentation fault' when using wc_SignatureVerify()

Hello cxdinter,

With linking to the wolfSSL library with first header file included should be wolfssl/options.h. Not including this file can lead to segfault issues. If building without the autotools then the file wolfssl/wolfcrypt/settings.h needs to be included first. This allows for the next wolfSSL headers being included to see how wolfSSL has been compiled due to macros defined or not defined in options.h/settings.h.


Example
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/rsa.h>
....rest of wolfssl header files then code


Regards,
Jacob

Share

Re: [SOLVED] meet 'Segmentation fault' when using wc_SignatureVerify()

Hi Jacob,
    Thanks for your support.
    But, even I added options.h and settings.h, the issue still happen. So, I must modify the original source code in wc_signatureVerfiy().
    Could you please review my source code and the root cause analysis?(already attached in 2nd and 3rd floor)

Share

Re: [SOLVED] meet 'Segmentation fault' when using wc_SignatureVerify()

Hi cxdinter,

I still have it on my list to review this in more detail, thanks for trying with using the additional header files. I think there may be a difference here in how the data is set up before being encrypted/decrypted with the RSA key. In wolfSSL signature.c it is just hashing the data with no OID being concatenated, then encrypting the hash. So for SHA256 would be 32 byte digest size and the verify function is expecting the input to be set up this way when trying to verify. That being said, our code should send an error value not a segfault.... I think this may be a bug where unexpected input data (OID + hash) is causing an issue. Will review it farther.

Can you tell me some about your project? Is this dealing with certificate signatures?

Regards,
Jacob

Share

Re: [SOLVED] meet 'Segmentation fault' when using wc_SignatureVerify()

Hi cxdinter,

As an update on the segfault issue we had a code fix to account for longer then expected buffer sizes with this pull request on GitHub https://github.com/wolfSSL/wolfssl/pull/542. It should now return an error code.

Regards,
Jacob

Share