From owner-freebsd-current  Fri May  5 18:52: 3 2000
Delivered-To: freebsd-current@freebsd.org
Received: from mail.hiwaay.net (fly.HiWAAY.net [208.147.154.56])
	by hub.freebsd.org (Postfix) with ESMTP id 6C08537BC87
	for <current@freebsd.org>; Fri,  5 May 2000 18:52:00 -0700 (PDT)
	(envelope-from sprice@hiwaay.net)
Received: from localhost (sprice@localhost)
	by mail.hiwaay.net (8.10.1/8.10.1) with ESMTP id e461pwL14547
	for <current@freebsd.org>; Fri, 5 May 2000 20:51:58 -0500 (CDT)
Date: Fri, 5 May 2000 20:51:58 -0500 (CDT)
From: Steve Price <sprice@hiwaay.net>
To: current@freebsd.org
Subject: RSA decrypt problems
Message-ID: <Pine.OSF.4.21.0005052044380.19519-100000@fly.HiWAAY.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Is anyone else noticing the following problems on their
-current boxen?  I first noticed when my apache webserver
quit allowing secure connections with errors like this.

[Fri May  5 20:46:19 2000] [error] mod_ssl: SSL handshake failed (server new.host.name:443, client 127.0.0.1) (OpenSSL library error follows)
[Fri May  5 20:46:19 2000] [error] OpenSSL: error:1E06D401:RSAref routines:func(109) :reason(1025)
[Fri May  5 20:46:19 2000] [error] OpenSSL: error:1408B076:SSL routines:SSL3_GET_CLIENT_KEY_EXCHANGE:bad rsa decrypt

steve@bonsai(~)$ openssl
OpenSSL> speed rsa
Doing 512 bit private rsa's for 10s: 317 512 bit private RSA's in 9.96s
Doing 512 bit public rsa's for 10s: 3664 512 bit public RSA's in 9.99s
Doing 1024 bit private rsa's for 10s: 51 1024 bit private RSA's in 10.16s
Doing 1024 bit public rsa's for 10s: 1002 1024 bit public RSA's in 9.94s
Doing 2048 bit private rsa's for 10s: RSA private encrypt failure
14674:error:1E065406:RSAref routines:func(101) :reason(1030):/usr/src/secure/lib/librsausa/../../../crypto/openssl/crypto/../rsaref/rsaref.c:125:
14674:error:1E065406:RSAref routines:func(101) :reason(1030):/usr/src/secure/lib/librsausa/../../../crypto/openssl/crypto/../rsaref/rsaref.c:125:
1 2048 bit private RSA's in 0.00s
Doing 2048 bit public rsa's for 10s: RSA verify failure
14674:error:04077077:rsa routines:RSA_verify:wrong signature length:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/rsa/rsa_sign.c:149:
14674:error:04077077:rsa routines:RSA_verify:wrong signature length:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/rsa/rsa_sign.c:149:
1 2048 bit public RSA's in 0.00s
OpenSSL 0.9.5a 1 Apr 2000
built on: Fri Apr 21 16:31:20 CDT 2000
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx) 
compiler: cc
                  sign    verify    sign/s verify/s
rsa  512 bits   0.0314s   0.0027s     31.8    366.7
rsa 1024 bits   0.1991s   0.0099s      5.0    100.8
rsa 2048 bits   0.0010s   0.0010s   1000.0   1000.0
OpenSSL> quit

This is with sources last updated on April 21, 2000.  I
rebuilt and reinstalled rsaref from sources just before
I ran this test just in case that had something to do
with it.

-steve



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message