On 25-09-02 23:12:45, Joel Sing wrote:
> On 25-09-02 14:32:32, Janne Johansson wrote:
> > On a recent new install the rc scripts got stuck on isakmpd generating
> > RSA host keys, so I ctrl-c'd it after a while, then it immediately got
> > stuck at ssh-keygen doing RSA keys also, so I had to kill that one
> > too.
> >
> > After a few attempts, I've noticed that there is something off with
> > the RSA and my manual ssh-keygen -A has been consuming 100% cpu for
> > the last 38 cpu-minutes now.
> > The RSA problem can be seen differ on my openssl tests on both amd64
> > and octeons:
> >
> > First octeon DSA, then RSA:
> > edgepro# openssl speed dsa2048
> > Doing 2048 bit sign dsa for 10s: 246 2048 bit DSA signs in 9.92s
> > Doing 2048 bit verify dsa for 10s: 223 2048 bit DSA verify in 9.96s
> > LibreSSL 4.1.0
> > built on: date not available
> > compiler: information not available
> > sign verify sign/s verify/s
> > dsa 2048 bits 0.040325s 0.044664s 24.8 22.4
> >
> > Everything fine with the above speed test
> >
> > edgepro# openssl speed rsa2048
> > Doing 2048 bit private rsa for 10s: 434 2048 bit private RSA in 9.99s
> > RSA verify failure. No RSA verify will be done.
> > 277892405248:error:04FFF06A:rsa routines:CRYPTO_internal:block type is
> > not 01:/usr/src/lib/libcrypto/rsa/rsa_pk1.c:134:
> > 277892405248:error:04FFF072:rsa routines:CRYPTO_internal:padding check
> > failed:/usr/src/lib/libcrypto/rsa/rsa_eay.c:646:
> > LibreSSL 4.1.0
> > built on: date not available
> > compiler: information not available
>
> It will most likely be related to one of two recent changes to libcrypto
> bignum that touched the mips64 assembly - can you see if you can isolate
> it to one of these git commits?
>
> 4b2601e5b4e074574144a3f701b4e7239fddd42f
> 956d2a6101a032220c44aab6841e4fa6f3c3a1ad
>
> The diff below should be equivalent to reverting the first commit
> (which is the most likely suspect).
Confirmed to be 4b2601e5b4e074574144a3f701b4e7239fddd42f and have commited
the below diff for now.
> Index: bn/bn_local.h
> ===================================================================
> RCS file: /cvs/src/lib/libcrypto/bn/bn_local.h,v
> diff -u -p -r1.58 bn_local.h
> --- bn/bn_local.h 1 Sep 2025 15:33:23 -0000 1.58
> +++ bn/bn_local.h 2 Sep 2025 13:08:23 -0000
> @@ -248,7 +248,7 @@ void bn_mul_words(BN_ULONG *r, const BN_
> void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
> void bn_sqr_comba6(BN_ULONG *r, const BN_ULONG *a);
> void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
> -void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int a_len);
> +void bn_sqr_words_nonasm(BN_ULONG *r, const BN_ULONG *a, int a_len);
>
> int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
> const BN_ULONG *np, const BN_ULONG *n0, int num);
> Index: bn/bn_mod_words.c
> ===================================================================
> RCS file: /cvs/src/lib/libcrypto/bn/bn_mod_words.c,v
> diff -u -p -r1.5 bn_mod_words.c
> --- bn/bn_mod_words.c 1 Sep 2025 15:35:25 -0000 1.5
> +++ bn/bn_mod_words.c 2 Sep 2025 13:08:23 -0000
> @@ -103,7 +103,7 @@ bn_mod_sqr_words(BN_ULONG *r, const BN_U
> } else if (n == 8) {
> bn_sqr_comba8(t, a);
> } else {
> - bn_sqr_words(t, a, n);
> + bn_sqr_words_nonasm(t, a, n);
> }
> bn_montgomery_reduce_words(r, t, m, m0, n);
> }
> Index: bn/bn_sqr.c
> ===================================================================
> RCS file: /cvs/src/lib/libcrypto/bn/bn_sqr.c,v
> diff -u -p -r1.40 bn_sqr.c
> --- bn/bn_sqr.c 30 Aug 2025 07:54:27 -0000 1.40
> +++ bn/bn_sqr.c 2 Sep 2025 13:08:23 -0000
> @@ -203,7 +203,7 @@ bn_sqr_comba8(BN_ULONG *r, const BN_ULON
> }
> #endif
>
> -#ifndef HAVE_BN_SQR_WORDS
> +#ifndef HAVE_BN_SQR_WORDS_NONASM
> /*
> * bn_sqr_add_words() computes (r[i*2+1]:r[i*2]) = (r[i*2+1]:r[i*2]) + a[i]
> * a[i].
> */
> @@ -244,7 +244,7 @@ bn_sqr_add_words(BN_ULONG *r, const BN_U
> * bn_sqr_words() computes r[] = a[] * a[].
> */
> void
> -bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int a_len)
> +bn_sqr_words_nonasm(BN_ULONG *r, const BN_ULONG *a, int a_len)
> {
> const BN_ULONG *ap;
> BN_ULONG *rp;
> @@ -298,7 +298,7 @@ bn_sqr_words(BN_ULONG *r, const BN_ULONG
> static int
> bn_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
> {
> - bn_sqr_words(r->d, a->d, a->top);
> + bn_sqr_words_nonasm(r->d, a->d, a->top);
>
> return 1;
> }
>
