On Wednesday 25. March 2009 14:59:26 Kazim SARIKAYA wrote:
> It is a kind off bug. I re analyze the source code. You are right; there is
> a problem with BN_BLINDING. When it is initializing it sets its thread id
> same as the thread that first called the methods RSA_eay_private_decrypt
> and RSA_eay_private_encrypt. While rsa_get_blinding method checks the
> thread ids for locking some times there is an error getting lock, hence the
> problem accurs. After I implement your way to solve problem, I didn't have
> any error. However BN_BLINDING is used for speeding up rsa operations.
> Without it, there is a performance problem.
No, it's exactly the other way round: the blinding is used to slow the
operation down by a random amount, making timing based attacks impossible.
Switching the blinding off actually speeds things up by a small amount.
> I do not think there is a way
> for fixing this bug. However the all ssl context can be initialized for
> every thread. Then the problem will not occur. I do not think it is a good
> solution. It also increases handshaking process. It is ugly that a SSL_CTX
> for every connection to the server.
> May be another field may be used for checking for lock in BN_BLINDING.
> Thanks for reply and advice.
I will implement my suggestions (set a flag once locking needs to be done) in
a few days (am too busy with more important stuff right now). This is a real
solution, IMHO.
Bye,
Marc
--
Marc Haisenko
Team Leader and Senior Developer
Comdasys AG
Rüdesheimer Str. 7
80686 München
Germany
Tel.: +49 (0)89 548 433 321
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
