On 25-09-02 14:32:32, Janne Johansson wrote:
> On a recent new install the rc scripts got stuck on isakmpd generating
> RSA host keys, so I ctrl-c'd it after a while, then it immediately got
> stuck at ssh-keygen doing RSA keys also, so I had to kill that one
> too.
>
> After a few attempts, I've noticed that there is something off with
> the RSA and my manual ssh-keygen -A has been consuming 100% cpu for
> the last 38 cpu-minutes now.
> The RSA problem can be seen differ on my openssl tests on both amd64
> and octeons:
>
> First octeon DSA, then RSA:
> edgepro# openssl speed dsa2048
> Doing 2048 bit sign dsa for 10s: 246 2048 bit DSA signs in 9.92s
> Doing 2048 bit verify dsa for 10s: 223 2048 bit DSA verify in 9.96s
> LibreSSL 4.1.0
> built on: date not available
> compiler: information not available
> sign verify sign/s verify/s
> dsa 2048 bits 0.040325s 0.044664s 24.8 22.4
>
> Everything fine with the above speed test
>
> edgepro# openssl speed rsa2048
> Doing 2048 bit private rsa for 10s: 434 2048 bit private RSA in 9.99s
> RSA verify failure. No RSA verify will be done.
> 277892405248:error:04FFF06A:rsa routines:CRYPTO_internal:block type is
> not 01:/usr/src/lib/libcrypto/rsa/rsa_pk1.c:134:
> 277892405248:error:04FFF072:rsa routines:CRYPTO_internal:padding check
> failed:/usr/src/lib/libcrypto/rsa/rsa_eay.c:646:
> LibreSSL 4.1.0
> built on: date not available
> compiler: information not available
It will most likely be related to one of two recent changes to libcrypto
bignum that touched the mips64 assembly - can you see if you can isolate
it to one of these git commits?
4b2601e5b4e074574144a3f701b4e7239fddd42f
956d2a6101a032220c44aab6841e4fa6f3c3a1ad
The diff below should be equivalent to reverting the first commit
(which is the most likely suspect).
Index: bn/bn_local.h
===================================================================
RCS file: /cvs/src/lib/libcrypto/bn/bn_local.h,v
diff -u -p -r1.58 bn_local.h
--- bn/bn_local.h 1 Sep 2025 15:33:23 -0000 1.58
+++ bn/bn_local.h 2 Sep 2025 13:08:23 -0000
@@ -248,7 +248,7 @@ void bn_mul_words(BN_ULONG *r, const BN_
void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
void bn_sqr_comba6(BN_ULONG *r, const BN_ULONG *a);
void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int a_len);
+void bn_sqr_words_nonasm(BN_ULONG *r, const BN_ULONG *a, int a_len);
int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
const BN_ULONG *np, const BN_ULONG *n0, int num);
Index: bn/bn_mod_words.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/bn/bn_mod_words.c,v
diff -u -p -r1.5 bn_mod_words.c
--- bn/bn_mod_words.c 1 Sep 2025 15:35:25 -0000 1.5
+++ bn/bn_mod_words.c 2 Sep 2025 13:08:23 -0000
@@ -103,7 +103,7 @@ bn_mod_sqr_words(BN_ULONG *r, const BN_U
} else if (n == 8) {
bn_sqr_comba8(t, a);
} else {
- bn_sqr_words(t, a, n);
+ bn_sqr_words_nonasm(t, a, n);
}
bn_montgomery_reduce_words(r, t, m, m0, n);
}
Index: bn/bn_sqr.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/bn/bn_sqr.c,v
diff -u -p -r1.40 bn_sqr.c
--- bn/bn_sqr.c 30 Aug 2025 07:54:27 -0000 1.40
+++ bn/bn_sqr.c 2 Sep 2025 13:08:23 -0000
@@ -203,7 +203,7 @@ bn_sqr_comba8(BN_ULONG *r, const BN_ULON
}
#endif
-#ifndef HAVE_BN_SQR_WORDS
+#ifndef HAVE_BN_SQR_WORDS_NONASM
/*
* bn_sqr_add_words() computes (r[i*2+1]:r[i*2]) = (r[i*2+1]:r[i*2]) + a[i] *
a[i].
*/
@@ -244,7 +244,7 @@ bn_sqr_add_words(BN_ULONG *r, const BN_U
* bn_sqr_words() computes r[] = a[] * a[].
*/
void
-bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int a_len)
+bn_sqr_words_nonasm(BN_ULONG *r, const BN_ULONG *a, int a_len)
{
const BN_ULONG *ap;
BN_ULONG *rp;
@@ -298,7 +298,7 @@ bn_sqr_words(BN_ULONG *r, const BN_ULONG
static int
bn_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
{
- bn_sqr_words(r->d, a->d, a->top);
+ bn_sqr_words_nonasm(r->d, a->d, a->top);
return 1;
}
