Re: inconsistent timings for rsa sign/verify with 100K bit rsa keys
On Mon, Aug 30, 2010 at 05:34:49PM +0200, Mounir IDRASSI wrote: So, the modular exponentiation with the public exponent of key2 is 4 times slower that the signing operation of key1 and it should cost 4 x 5 min = 20 min which is very close to the 21 min you actually obtained. Does this answer your question? yes, thanks. i didn't know about the implementation details + openssl being visibly slower than general purpose programs on generic 100K exponentiations added up to the confusion. thanks. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: openssl-1.0.0a and glibc detected sthg ;)
hi, On Mon, Aug 09, 2010 at 10:36:03AM +0200, Mounir IDRASSI wrote: Hi, Signature verification is done through a modular exponentiation (using public exponent and modulus) that always leads to a result even fur a bogus RSA modulus. This result is checked against the PKCS#1 padding format. Since the RSA private key is invalid, the output of this exponentiation is different from DataToBeSigned used during certificate creation and thus the code doesn't find the PKCS#1 padding block header. So, the signature is bad because the decrypted signature has a bad format! I hope this clarifies things to you. ok. i expected a message bad number instead of bad signature format You say at the end of your message that the private key was generated by a python wrapper, certainly a wrapper of OpenSSL, but in a previous message you are saying that you generated the key yourself (pen and paper). Which statement is correct? Maybe your wrapper wraps something else... lol. the pen/paper generation was just humour. this key was generated with pycrypto + some other pure python code for export to your format. (the small prime was included on purpose). i don't know if pycrypto depends on openssl (though it is not a direct wrapper). the cert was generated entirely by openssl. the imports: from Crypto.PublicKey import RSA from Crypto.Util.number import inverse import random import sys from Crypto.PublicKey import pubkey from Crypto.Util import number import crypto # utils import Crypto from fractions import gcd from Crypto.Hash import MD5 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: openssl-1.0.0a and glibc detected sthg ;)
i was pointing out this: ~/local/bin/openssl s_client -connect localhost: depth=0 CN = CA verify return:1 *** glibc detected *** /home/build/local/bin/openssl: double free or corruption (fasttop): 0x00979300 *** the glibc message means that the current heap operation is on invalid pointer. the testcase crashed browser links on arch linux too (when trying to connect to s_server -www). btw, it seems *important* to use |s_server| from *1.0.0a* On Sat, Aug 07, 2010 at 02:21:09PM +0300, Georgi Guninski wrote: openssl-1.0.0a on ubuntu, debian and arch. attached a private key and a cert. ~/local/bin/openssl s_server -www -accept -cert /tmp/CA.cert -key /tmp/CA.key ~/local/bin/openssl s_client -connect localhost: depth=0 CN = CA verify return:1 *** glibc detected *** /home/build/local/bin/openssl: double free or corruption (fasttop): 0x00979300 *** __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: openssl-1.0.0a and glibc detected sthg ;)
is the certificate at http://marc.info/?l=openssl-devm=128118163216952w=2 (with the malformed key) *syntactically* correct modulo the bad self signature? with 1.0.0a ~/local/bin/openssl verify -check_ss_sig -CAfile /tmp/CA-P.cert /tmp/CA-P.cert /tmp/CA-P.cert: CN = CA error 7 at 0 depth lookup:certificate signature failure 139828504536744:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 139828504536744:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:699: 139828504536744:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:184: echo $? 0 i would expect an error about bad self signature, not format stuff. the private key was generated by a python wrapper, the cert was generated with ubuntu's 0.9.8k 25 Mar 2009 On Sun, Aug 08, 2010 at 03:21:34PM +0200, Mounir IDRASSI wrote: __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
openssl-1.0.0a and glibc detected sthg ;)
openssl-1.0.0a on ubuntu, debian and arch. attached a private key and a cert. ~/local/bin/openssl s_server -www -accept -cert /tmp/CA.cert -key /tmp/CA.key ~/local/bin/openssl s_client -connect localhost: depth=0 CN = CA verify return:1 *** glibc detected *** /home/build/local/bin/openssl: double free or corruption (fasttop): 0x00979300 *** ~/local/bin/openssl rsa -check -in /tmp/CA.key |more writing RSA key RSA key error: q not prime # definitely CA.key Description: application/pgp-keys -BEGIN CERTIFICATE- MIIE9DCCAuegAwIBAgIJAM0Vp3F9zD86MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV BAMTAkNBMB4XDTEwMDgwNzA5MTQxMFoXDTExMDgwNzA5MTQxMFowDTELMAkGA1UE AxMCQ0EwggIWMA0GCSqGSIb3DQEBAQUAA4ICAwAwggH+AoIB9TX4Eo4zvnzt6RIG +EleSA89D6zfHzPx2L9jsZPxZcJ01lYDGiOAuFW09lloJ6iLMSS2GlA8pB5/1E8u 75vubs0w4L1QPrMRxQdUjp/j9yWwCxvYraL2tfyJVxTmMn6vUcZ5nuU7O3f6VBP1 hD4LeKII9H0sp5PzWaoXy/gBQKdAn7dV7dlCS/8V4AjF/HCqY/mwjkjdB37WEqQj j/vYICARw7hdOKOW3D86uN4g209Kwc1wf34TUZCYVdP77o0xXHgaz9L10+j5cBSz viC2Z7nOJ0mneAJSlEC892nvMoIvMhYwYr/twZjudNNc4tIXyfeQqM34AlwHYn3y Jo560YpzX2IF1cs6wFdDqJxpyW1VuYlZAFbufn9A86wsFBr0QxppDjcaxZqBVOdz t7bi8nXJE+JWpIDDrAW4T2ihqZENNbM7gkNL8+bjg3LcG2jbUOr3H5zVK+Q0x9+6 tLdIG5iRQCu8OI4Rd8nl8SqBAqjAXgniqRFqEzTKMEXN/9hzwl+jL2PrUfHOUxh3 J3IgAlqmlwVh+1gJl9VJf1DEn3Yn3ffMSLl/2L2dTVDxvoHnsjPEgtIAg6QzZR71 SQWeAHaZE3bJQAz1X9nWIxhw7bnRRj/EhwHJMQEalRRu2jIq+WN3aovrAMKEJeeL U5i9LzVW8lLX7QIDAQABo24wbDAdBgNVHQ4EFgQUOod0n0f3AaUF0Tf9ttbmA3Fc EjowPQYDVR0jBDYwNIAUOod0n0f3AaUF0Tf9ttbmA3FcEjqhEaQPMA0xCzAJBgNV BAMTAkNBggkAzRWncX3MPzowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC AfYAHKLWDAa/aR62Xi2jAOGOBtcoYYdttizIkMtEnxd2QivssVBn156sIbMIsXgi emUWhm35E4LKYfoK9aEorsfno8aMrzeYCuL0Zbbn67C2dUT61B2T5XN8eru8HYAa nVxvHNj92auUjeAy7yWc7Kyx+RWXtkLG9BJ6fJVHzOwifEgfhS1ngjBe3MuviXOy 2h7BfaNQ3IOvAhSnjlWNoPcBFoOoRIVjfRSViD5X8jj47ab2JTKVFAH4bXf2eXUp shcG77QeANoGFvmTpiPuUhmuZSXG4dyKmSqeq9SgouKZkq7aT24fNAqdwJp+ZJWH 2wP8LLvfSoyFZICMZU3AFfa5r3BOom8YCSwmeGhk9QVfLMD3TDvnV0aGEwz5BGjA obLckVV2/VzbwublODRPtdr92ZAygRwDaUlqlDdfTcwajcUhlEpl8GtU+qmTgLe7 mT9Diich73DTsowN83p8v0s2waNVgpW3cxmCEonwD+1f1qiFM2uaTNYNMFVdBLyP Kl9IFqC3v7Wt8VYuMbPnjNezhr7enpfa4eB1CeF+pdCdq3FK03UsFzBMZ63Vt8ia NVlc3+esFSiea9hL+ROA4tfGjhQZcbHn/yZ8gL3dyyzoz2JV5pKWHV4+7nkq2h6A QdRYHN8MDeQlxKw9nGSmpyzoQrqDyepn -END CERTIFICATE-
Re: openssl-1.0.0a and glibc detected sthg ;)
On Sun, Aug 08, 2010 at 02:46:33AM +0200, Mounir IDRASSI wrote: Hi, hi, 10x for your reply. i have no complaints about the openssl key generation process for rsa keys of this size. and don't expect vanilla openssl to do correct math with this key. I checked the parameters of your 4008 bits key and it is indeed invalid (q is not prime). agreed. (though the *public* key seems fine, even with the weak factor) How did you generate it? It would be surprising if it was done through OpenSSL. pen and paper ;-) first trial factoring, then (optionally) a few elliptic curves, then fermat's little theorem. i know a deterministic primality test would be more scientific, but it is a bit slower on paper ;-) Anyway, you must generate a new RSA key. yeah, i am generating a new key. sorry for the composite miztake. -- Mounir IDRASSI IDRIX http://www.idrix.fr On 8/7/2010 1:21 PM, Georgi Guninski wrote: openssl-1.0.0a on ubuntu, debian and arch. attached a private key and a cert. ~/local/bin/openssl s_server -www -accept -cert /tmp/CA.cert -key /tmp/CA.key ~/local/bin/openssl s_client -connect localhost: depth=0 CN = CA verify return:1 *** glibc detected *** /home/build/local/bin/openssl: double free or corruption (fasttop): 0x00979300 *** ~/local/bin/openssl rsa -check -in /tmp/CA.key |more writing RSA key RSA key error: q not prime # definitely __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org