Hi, On June 5, 2003 08:03 am, Joe Orton wrote: > Hi, the changes to enable blinding by default in 0.9.7b appear to break > when an ENGINE is in use (for all the ENGINEs I've tested), with an > assertion failure: > > openssl: bn_lib.c:254: BN_num_bits: Assertion `l != 0' failed. > > and backtrace as follows: > > #4 0x080b97c7 in BN_num_bits (a=0x81e4fd4) at bn_lib.c:254 > #5 0x080ce940 in ubsec_mod_exp (r=0x81e4fd4, a=0x81e4fd4, p=0x81cdde8, > m=0x81cdfb8, ctx=0x81e4fd0) > at hw_ubsec.c:578 > #6 0x080cee37 in ubsec_mod_exp_mont (r=0x81e4fd4, a=0x81e4fd4, > p=0x81cdde8, m=0x81cdfb8, ctx=0x81e4fd0, > m_ctx=0x0) at hw_ubsec.c:722 > #7 0x080bf6e6 in RSA_blinding_on (rsa=0x81cdf28, p_ctx=0x81e4fd0) at > rsa_lib.c:354 > #8 0x080bd1aa in rsa_eay_blinding (rsa=0x81cdf28, ctx=0x81e4fd0) at > rsa_eay.c:202 > #9 0x080bd574 in RSA_eay_private_encrypt (flen=36, > etc
I'm surfing this backtrace looking at the HEAD source, so it's possible that 0.9.7b has something different to HEAD that can explain this. Are you able to look through a couple of those stack frames? According to what I see (again, ignoring the faint possibility that 0.9.7b is different), BN_num_bits() should be getting called on the public modulus of the RSA key, and the assertion that is failing there is a sanity check on the BIGNUM data (checking the (a->top - 1)th BN_ULONG is the most significant word of the array). If this really does fail on every ENGINE but works "in software", then something very quirky is going on and disabling blinding will only hide the bug you've found. I think the right solution to this problem is to identify *why* you're seeing what you are, fix it, and then disable blinding on hardware-support implementations anyway. :-) > As I understand it, blinding is not needed when using a hardware > accelerator. So, is the correct fix to set RSA_FLAG_NO_BLINDING on a > per-engine basis, for example as below, or is there something more > subtle that can be done? [snip] That is the correct way to turn off blinding - but I'd *really* appreciate if you could dig a little on what you were observing. I don't currently have hardware with which to test this out in the obvious fashion, and I'd like to know what is wrong with rsa->n when using the ENGINEs? (Or is BN_num_bits() being passed something other than rsa->n?) Cheers, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.geoffthorpe.net/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
