[openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o

Felix via RT rt at openssl.org
Mon Dec 21 21:36:11 UTC 2015 

Hello,

I found the reason for the problem, it´s definately a program error:

The reason for it is in sub-program rsa_gen.c

if (BN_cmp(rsa->p, rsa->q) < 0)  {
         printf("Doppelt!") ;
         tmp = rsa->p;
         rsa->p = rsa->q;
         rsa->q = tmp;
     }

Here p and q should be switched if p > q. But this does not work, 
probably due to type-incompatible Variable "tmp".

So rsa->p gets the value of rsa->q but not vice versa:

root at debian6:/home/felix/Downloads/openssl-0.9.8zh/apps# ./openssl 
genrsa 128
Generating RSA private key, 128 bit long modulus
..+++++++++++++++++++++++++++
...+++++++++++++++++++++++++++
e is 65537 (0x10001)
  p:C2F7ECB8D2F59273 Doppelt!q:C2F7ECB8D2F59273-----BEGIN RSA PRIVATE 
KEY-----
MGECAQACEQCxt/Mo0epqolFmAH7AinLnAgMBAAECECOQd0W09F9QNJjnYUzTA2kC
CQDpWa3+afRcvQIJAML37LjS9ZJzAggdBqK1+sgCoQIICN5IGTwXSXsCCEaUjQ+2
1lSi
-----END RSA PRIVATE KEY-----
root at debian6:/home/felix/Downloads/openssl-0.9.8zh/apps# ./openssl 
genrsa 128
Generating RSA private key, 128 bit long modulus
...+++++++++++++++++++++++++++
..+++++++++++++++++++++++++++
e is 65537 (0x10001)
  p:EA361C8BFA9BA779 q:D5E2C6BB9B8BA893-----BEGIN RSA PRIVATE KEY-----
MGQCAQACEQDDrn9XKQBmujmYfSQ++5J7AgMBAAECEQCKoOvL9ts26ogA0yMVZFKx
AgkA6jYci/qbp3kCCQDV4sa7m4uokwIJAI6c+HD73n/xAggx7tN+kP21yQIJANCs
iuyMFDkp
-----END RSA PRIVATE KEY-----
root at debian6:/home/felix/Downloads/openssl-0.9.8zh/apps# ./openssl 
genrsa 128
Generating RSA private key, 128 bit long modulus
.+++++++++++++++++++++++++++
.+++++++++++++++++++++++++++
e is 65537 (0x10001)
  p:C3412FF6A7505B29 Doppelt!q:C3412FF6A7505B29-----BEGIN RSA PRIVATE 
KEY-----
MGMCAQACEQCyfg3MCsahBogjE8RM+6yPAgMBAAECEEO3HMbfA7IMpHc7MT6WJZEC
CQDqBdvZfYT49wIJAMNBL/anUFspAgkAo33OVsZLFIcCCHPy1A6/EOLxAgkAj5Jg
TT5Qxxw=
-----END RSA PRIVATE KEY-----
root at debian6:/home/felix/Downloads/openssl-0.9.8zh/apps# ./openssl 
genrsa 128
Generating RSA private key, 128 bit long modulus
.+++++++++++++++++++++++++++
.+++++++++++++++++++++++++++
e is 65537 (0x10001)
  p:C90F0AF5C806456F Doppelt!q:C90F0AF5C806456F-----BEGIN RSA PRIVATE 
KEY-----
MGMCAQACEQC5Blnuh/rwj672TEtpnqBbAgMBAAECEHWgVAwQ5reHi1vT7Mv8AgEC
CQDrlal9i7dV1QIJAMkPCvXIBkVvAgkAlW1jiUdyrVUCCF/WSswjP1IDAgkA6DRY
CoYAsOE=
-----END RSA PRIVATE KEY-----
root at debian6:/home/felix/Downloads/openssl-0.9.8zh/apps# ./openssl 
genrsa 128
Generating RSA private key, 128 bit long modulus
...+++++++++++++++++++++++++++
..+++++++++++++++++++++++++++
e is 65537 (0x10001)
  p:DFE0EAAEF64A9ED3 q:DA49968E614FC9E9-----BEGIN RSA PRIVATE KEY-----
MGECAQACEQC+5eKmNv53y2Hn+t22uzkLAgMBAAECEHmAtlbW7/ZsapBlxpZlu1EC
CQDf4Oqu9kqe0wIJANpJlo5hT8npAggWUvAz6B1CvwIIYCU9fST7gdECCGudR6xt
O4sU
-----END RSA PRIVATE KEY----

The code is still the same, even in Pre-Version 1.1.0

Regards,

Felix


Am 21.12.2015 21:38, schrieb Kurt Roeckx via RT:
> On Mon, Dec 21, 2015 at 01:51:45PM +0000, Felix via RT wrote:
>> That does not matter from a technical point of view.
>>
>> The Problem ist the same with 2048-Bit RSA.
> If you're worried that p and q might be the same random number, I
> think you should have other concerns.
>
>
> Kurt
>
>
>

More information about the openssl-dev mailing list