On Wednesday 25. March 2009 11:33:11 Kazim SARIKAYA wrote: > I developed a new technique of handshaking for my thesis. Now I need to > make performance analysis. Hence I create a simple server and client > application. In the application I use multithreading and I opened a huge > count of connection to the server. I am getting error for several > connections (ex: 29 of 1400) connection. However sometimes I can not get > any error. The error is about RSA padding while checking client certificate > verify. I search at mail list for these problems. Although I found some > similar topics about this problem, they are not same as mines. The log of > problem is: > > > > 1636:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type > is not 01:.\crypto\rsa\rsa_pk1.c:100: > > 1636:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check > failed:.\crypto\rsa\rsa_eay.c:697: > > 1636:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa > signature:.\ssl\s3_srvr.c:2394: > > > > I made several works on error. I think the reason is an encoding problem in > network. Because I can not have this problem all time. Hence client and > random numbers changed I get this problem. So my hypothesis can be true. > > PS: I work on win32 platform.
Hi Kazim, do you get this message always or only sporadically ? Because if it only happens sometimes then it might be a bug I've discovered in RSA blinding. Have a look at this posting: http://marc.info/?l=openssl-dev&m=123754568501758&w=2 The workaround is to use a function to disable the RSA blinding like this: -----[snip]----- static int mySSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) { int j,ret=0; BIO *in; EVP_PKEY *pkey=NULL; in=BIO_new(BIO_s_file_internal()); if (in == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in,file) <= 0) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB); goto end; } if (type == SSL_FILETYPE_PEM) { j=ERR_R_PEM_LIB; pkey=PEM_read_bio_PrivateKey(in,NULL, ctx->default_passwd_callback,ctx- >default_passwd_callback_userdata); } else if (type == SSL_FILETYPE_ASN1) { j = ERR_R_ASN1_LIB; pkey = d2i_PrivateKey_bio(in,NULL); } else { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE); goto end; } if (pkey == NULL) { SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j); goto end; } printf("Disabling blinding on RSA private key !\n"); RSA_blinding_off(pkey->pkey.rsa); ret=SSL_CTX_use_PrivateKey(ctx,pkey); EVP_PKEY_free(pkey); end: if (in != NULL) BIO_free(in); return(ret); } -----[/snip]----- This is a copy of SSL_CTX_use_PrivateKey_file, the only modifications are the "printf" and "RSA_blinding_off" calls. It would be very interesting for me if this solves your problem. Regards, Marc -- Marc Haisenko Team Leader and Senior Developer Comdasys AG Rüdesheimer Str. 7 80686 München Germany Tel.: +49 (0)89 548 433 321 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
