Date: Fri, 5 May 2000 20:51:58 -0500 (CDT) From: Steve Price <sprice@hiwaay.net> To: current@freebsd.org Subject: RSA decrypt problems Message-ID: <Pine.OSF.4.21.0005052044380.19519-100000@fly.HiWAAY.net>
next in thread | raw e-mail | index | archive | help
Is anyone else noticing the following problems on their
-current boxen? I first noticed when my apache webserver
quit allowing secure connections with errors like this.
[Fri May 5 20:46:19 2000] [error] mod_ssl: SSL handshake failed (server new.host.name:443, client 127.0.0.1) (OpenSSL library error follows)
[Fri May 5 20:46:19 2000] [error] OpenSSL: error:1E06D401:RSAref routines:func(109) :reason(1025)
[Fri May 5 20:46:19 2000] [error] OpenSSL: error:1408B076:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:bad rsa decrypt
steve@bonsai(~)$ openssl
OpenSSL> speed rsa
Doing 512 bit private rsa's for 10s: 317 512 bit private RSA's in 9.96s
Doing 512 bit public rsa's for 10s: 3664 512 bit public RSA's in 9.99s
Doing 1024 bit private rsa's for 10s: 51 1024 bit private RSA's in 10.16s
Doing 1024 bit public rsa's for 10s: 1002 1024 bit public RSA's in 9.94s
Doing 2048 bit private rsa's for 10s: RSA private encrypt failure
14674:error:1E065406:RSAref routines:func(101) :reason(1030):/usr/src/secure/lib/librsausa/../../../crypto/openssl/crypto/../rsaref/rsaref.c:125:
14674:error:1E065406:RSAref routines:func(101) :reason(1030):/usr/src/secure/lib/librsausa/../../../crypto/openssl/crypto/../rsaref/rsaref.c:125:
1 2048 bit private RSA's in 0.00s
Doing 2048 bit public rsa's for 10s: RSA verify failure
14674:error:04077077:rsa routines:RSA_verify:wrong signature length:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/rsa/rsa_sign.c:149:
14674:error:04077077:rsa routines:RSA_verify:wrong signature length:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/rsa/rsa_sign.c:149:
1 2048 bit public RSA's in 0.00s
OpenSSL 0.9.5a 1 Apr 2000
built on: Fri Apr 21 16:31:20 CDT 2000
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: cc
sign verify sign/s verify/s
rsa 512 bits 0.0314s 0.0027s 31.8 366.7
rsa 1024 bits 0.1991s 0.0099s 5.0 100.8
rsa 2048 bits 0.0010s 0.0010s 1000.0 1000.0
OpenSSL> quit
This is with sources last updated on April 21, 2000. I
rebuilt and reinstalled rsaref from sources just before
I ran this test just in case that had something to do
with it.
-steve
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.21.0005052044380.19519-100000>