Re: BN_mod_mul_montgomery() causing cpu spike

2011-03-04 Thread Steve Marquess 

prakgen wrote:
Thanks Steve. This happened on a system with Intel dual core 2.4ghz 
processor and 2gig ram. Is the observed cpu pattern expected on such 
platforms? You mentioned it will be less painful after upcoming 
validation. Do you mean change in implementation for speedier self-tests?


...


You are seeing the POST (Power Up Self Test) mandated by FIPS 
140-2.  It is a huge performance hit on low powered platforms 
(sometimes taking tens or even hundreds of seconds).  We're going to 
make it significantly less painful for the upcoming new validation 
now in progress, but there will always be a performance hit relative 
to the same software without enabling FIPS mode.


Yes, we will be making the POST as time efficient as we can within the 
boundaries of what is mandated by FIPS 140-2.  Those tests are very 
compute-intensive and so will tax any CPU for some period of time.


-Steve M.


--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Any idea about error:04091068:rsa routines:INT_RSA_VERIFY:bad signature?

2011-03-04 Thread Pingzhong Li 

During a TLS handshake, SSL_get_error call failed and the error string is
retrieved by using
the following call:
  int sslerror = ERR_get_error();
 char buf[120];
  char * szError = ERR_error_string(sslerror, buf);

What does this error mean:
error:04091068:rsa routines:INT_RSA_VERIFY:bad signature

Did some search on internet and didn't any useful info. 

Any suggestion what to look for to debug?

-- 
View this message in context: 
http://old.nabble.com/Any-idea-about-%22error%3A04091068%3Arsa-routines%3AINT_RSA_VERIFY%3Abad-signature%22--tp31071285p31071285.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSL_connect( ) want read

2011-03-04 Thread David Schwartz 

On 3/3/2011 6:50 AM, ikuzar wrote:

Hello,
I have got a SSL_ERROR_WANT_READ after a call to SSL_connect. I 'd like
to know what should I do exactly ?
Thanks


Retry the connect operation later, ideally after confirming that the 
underlying socket is readable.


DS


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: Any idea about error:04091068:rsa routines:INT_RSA_VERIFY:bad signature?

2011-03-04 Thread Dave Thompson 
 From: owner-openssl-us...@openssl.org On Behalf Of Pingzhong Li
 Sent: Friday, 04 March, 2011 16:11

 During a TLS handshake, SSL_get_error call failed and the 
 error string is retrieved by using the following call:
 int sslerror = ERR_get_error();
char buf[120];
 char * szError = ERR_error_string(sslerror, buf);

Openssl can record multiple error 'items' so you should loop: 
  while( (err = ERR_get_error()) != 0 )
ERR_error_string(err, buf), puts (err); // or similar
or just call ERR_print_errors[_fp] which does the loop for you 
as long as you want the output to a BIO or FILE*.

Nits: when you supply a buffer to ERR_error_string, its return value 
always points to that buffer, so you don't need separate szError.
And technically sslerror should be 'long' to ensure 32 bits, 
but in practice very few systems nowadays have 16 bit int, 
and those that do may well not support openssl anyway.

 
 What does this error mean:
 error:04091068:rsa routines:INT_RSA_VERIFY:bad signature
 
It means an RSA signature didn't verify; specifically, 
after 'decrypting' (y^d mod n) the result isn't the 
expected hashes (for SSL protocol signatures) or a 
correct encoding of the expected hash (otherwise).

You say this happened during handshake; the only RSA 
verifications that should be possible during handshake are:
- client: (Svr)KeyExchange params for EDH_RSA or RSA_EXPORT 
- server: (Cli)CertVerify for aRSA client-auth 
(the ERR_get_error loop above would show which)

If the signature (packet) was damaged in transit PKCS1 
padding would catch this with overwhelming probability 
(something like 2^80 to 1, I don't recall exactly),
so either the peer software didn't compute the to-be-signed 
value or signature correctly, or the openssl you are using 
has a serious bug that affects no one else -- unlikely, 
unless you have modified it, or it was built with flaky tools 
or executed on a flaky machine; or for a server (handling 
Cli-CertVerify) perhaps you have code, perhaps in a callback, 
that has corrupted openssl's handshake-check computation.
(One way the peer could compute signatures wrong is if 
it is given privatekey and certificate that don't match.
Openssl checks this, but other software might not.)

Which end of the connection are you, what ciphersuite(s) 
are you selecting, are you using client-auth, what is at 
the other end, and which openssl version are you using?

Can you try commandline openssl s_client to or s_server 
from the same peer(s?), with (at least) -msg, and see whether 
it gets the same error, and exactly where in the sequence?

 Did some search on internet and didn't any useful info. 
 
 Any suggestion what to look for to debug?
 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org