[openssl-users] OpenSSL RSA engine - RSA verify failure

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Tue Apr 5 17:19:40 UTC 2016


Not sure I understand what you’re doing. But compiling/building eng_rsax.c
(provided by Intel) with the only mod being addition of dynamic bind,
produces the following result:

$ openssl engine rsax -t
(rsax) RSAX engine support
     [ available ]
$ sync
$ openssl speed rsa512 -engine rsax
engine "rsax" set.
Doing 512 bit private rsa's for 10s: 178316 512 bit private RSA's in 9.96s
Doing 512 bit public rsa's for 10s: 1936309 512 bit public RSA's in 9.99s
OpenSSL 1.0.2h-dev  xx XXX xxxx
built on: reproducible build, date unspecified
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int)
blowfish(idx) 
compiler: clang -I. -I.. -I../include  -fPIC -fno-common -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch
x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM
                  sign    verify    sign/s verify/s
rsa  512 bits 0.000056s 0.000005s  17903.2 193824.7
$ 
$ openssl speed rsa512
Doing 512 bit private rsa's for 10s: 175940 512 bit private RSA's in 9.97s
Doing 512 bit public rsa's for 10s: 1884711 512 bit public RSA's in 9.98s
OpenSSL 1.0.2h-dev  xx XXX xxxx
built on: reproducible build, date unspecified
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) idea(int)
blowfish(idx) 
compiler: clang -I. -I.. -I../include  -fPIC -fno-common -DOPENSSL_PIC
-DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch
x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM
-DGHASH_ASM -DECP_NISTZ256_ASM
                  sign    verify    sign/s verify/s
rsa  512 bits 0.000057s 0.000005s  17646.9 188848.8




Perhaps it would make sense to (a) start with that eng_rsax.c code and get
it working by adding DYNAMIC_BIND, then (b) replace its assembly language
calls with BN calls?
-- 
Regards,
Uri Blumenthal





On 4/5/16, 10:41 , "openssl-users on behalf of danigrosu"
<openssl-users-bounces at openssl.org on behalf of dni.grosu at gmail.com> wrote:

>Hi.
>I am trying to build an OpenSSL RSA engine and the first step is to use
>the
>"BN_mod_exp_mont" for the RSA modular exponentiation function, in
>RSA_METHOD 
>structure.
>
>
>***BEGINNING OF eng_rsax_test.c FILE***
>. . . . . . . . . .
>
>***END OF eng_rsax_test.c FILE***
>
>The engine is built successfully after using these commands:
>/cc -fPIC -o eng_rsax.o -c eng_rsax_test.c
>cc -shared -o eng_rsax.so eng_rsax.o -lcrypto/
>
>... but if I want to test the speed of the rsa implementation with:
>/openssl speed rsa512 -engine `pwd`/eng_rsax.so/
>
>it fails:
>/engine "rsax_dani" set.
>Doing 512 bit private rsa's for 10s: 774848 512 bit private RSA's in
>10.01s
>RSA verify failure.  No RSA verify will be done.
>140017307215520:error:0407006A:rsa
>routines:RSA_padding_check_PKCS1_type_1:block type is not
>01:rsa_pk1.c:100:
>140017307215520:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding
>check failed:rsa_eay.c:721:
>OpenSSL 1.0.1f 6 Jan 2014
>built on: Mon Feb 29 18:11:15 UTC 2016
>options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial)
>blowfish(idx)/ 
>
>
>So the signing part is working, but the verify part fails.
>It appears that the PKCS1 paddind is wrong but how can I fix that?
>
>Best wishes,
>Dani Grosu
>
>
>
>
>--
>View this message in context:
>http://openssl.6102.n7.nabble.com/OpenSSL-RSA-engine-RSA-verify-failure-tp
>65447.html
>Sent from the OpenSSL - User mailing list archive at Nabble.com.
>-- 
>openssl-users mailing list
>To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4324 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160405/59caec80/attachment.bin>


More information about the openssl-users mailing list