Approximately ten days ago, I posted about having problems with the RSA Blinding patch that resulted in "seeing an intermittent problem of dropping GIFs" from my SSL server implementation. I continued to see these problems until yesterday when I built with the 402 Snapshot for 0.9.6 (openssl-0.9.6-stable-SNAP-20030402.tar.gz).
In short, I want to post for the record that the fixes in the 402 Snapshot for 0.9.6 are quite acceptable for my implementation. I realize there are some performance concerns being brought up, but I am quite HAPPY to see my stuff work for the first time since the original RSA blinding patch went in. In closing, does the OpenSSL Release Group have any idea as to when OpenSSL 0.9.6j might be officially released? --- Pete Bobco --- -----Original Message----- From: Tom Wu via RT [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 7:43 PM Cc: [EMAIL PROTECTED] Subject: Re: [openssl.org #555] RSA blinding MT patch Bodo Moeller via RT wrote: > [EMAIL PROTECTED] - Mon Mar 31 17:14:12 2003]: > > >>The latest snapshots have not been fixed, some more patience is >>required ... > > > The next round of snapshots (20030402, to appear at > ftp://ftp.openssl.org/snapshot;type=d in about six hours) > should solve the multi-threading problems. Please test them when they > are available. The good news is that the fix in the snapshot fixes the problem, but the bad news is that it seems to kill performance in my benchmarks. On a P3-750 running Linux, I get 106 RSA sign/s (1024-bit) with my patch, regardless of the number of simultaneous threads. With the snapshot fix, I get 102 RSA sign/s with one thread, but if I try with 2 or more threads it drops down to 81 sign/s. It's quite possible that I've misconfigured something on my own end, but I suspect that it is more likely that the local blinding operation is slowing things down. In the case where the blinding struct is owned by a different thread from the one doing an RSA op, the code has to do a modexp and a mod inverse, as opposed to the two squarings that the update normally does. I believe that on most if not all platforms, the cost of putting critical sections around the blinding convert/update will be drastically smaller than the cost of the extra local blinding computation. Tom -- Tom Wu Chief Security Architect Arcot Systems (408) 969-6124 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
