On 12/04/2021 09:57, Danis Ozdemir wrote:
When I define a watchpoint for that address to verify that it has been
accessed when a new client connects to the server and make the server
continue, I can't see a hit which means this address hasn't been
accessed. *I'm attaching the s_client output as a file, since it's
longer compared to the outputs above.*
You don't say which version of OpenSSL you are using (1.1.1 or 3.0?).
That can make a big difference to the codepaths that you go through to
get to actual RSA operations.
I'm assuming you are interested in the RSA signature from a TLSv1.3
CertVerify message.
If so I would expect you to end up in the rsa_ossl_mod_exp function in
crypto/rsa/rsa_ossl.c. It's there that I would expect to see accesses to
"p". I suggest you set a breakpoint in that function and see what is
happening.
Matt
*
*
I then dumped the whole non-executable pages that were allocated for
this process using ptrace to see whether another copy of the key was
present and I couldn't find any copies. So, either I'm doing something
wrong (which is the case, most probably) or there's another area which
contains another representation of the key for security reasons (given
the fact that the raw key content is accessible in the RAM, this one
seems less likely). Therefore, assuming I'm doing something wrong, if
you could tell me what it is, I'd be grateful.
Best regards,
Danis Ozdemir
**
