[openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Dec 21 22:24:04 UTC 2015
On Mon, Dec 21, 2015 at 09:36:11PM +0000, Felix via RT wrote:
> I found the reason for the problem, it´s definately a program error:
Pilot error.
> The reason for it is in sub-program rsa_gen.c
>
> if (BN_cmp(rsa->p, rsa->q) < 0) {
> tmp = rsa->p;
> rsa->p = rsa->q;
> rsa->q = tmp;
> }
The code is just fine.
> # ./openssl genrsa 128
> ..+++++++++++++++++++++++++++
> ...+++++++++++++++++++++++++++
> e is 65537 (0x10001)
> p:C2F7ECB8D2F59273 Doppelt!q:C2F7ECB8D2F59273
No idea what's printing the output above, but the private key below:
> -----BEGIN RSA PRIVATE KEY-----
> MGECAQACEQCxt/Mo0epqolFmAH7AinLnAgMBAAECECOQd0W09F9QNJjnYUzTA2kC
> CQDpWa3+afRcvQIJAML37LjS9ZJzAggdBqK1+sgCoQIICN5IGTwXSXsCCEaUjQ+2
> 1lSi
> -----END RSA PRIVATE KEY-----
in fact has distinct p/q:
$ openssl rsa -noout -text <<-EOF
-----BEGIN RSA PRIVATE KEY-----
MGECAQACEQCxt/Mo0epqolFmAH7AinLnAgMBAAECECOQd0W09F9QNJjnYUzTA2kC
CQDpWa3+afRcvQIJAML37LjS9ZJzAggdBqK1+sgCoQIICN5IGTwXSXsCCEaUjQ+2
1lSi
-----END RSA PRIVATE KEY-----
EOF
Private-Key: (128 bit)
modulus:
00:b1:b7:f3:28:d1:ea:6a:a2:51:66:00:7e:c0:8a:
72:e7
publicExponent: 65537 (0x10001)
privateExponent:
23:90:77:45:b4:f4:5f:50:34:98:e7:61:4c:d3:03:
69
prime1: 16814661991975378109 (0xe959adfe69f45cbd)
prime2: 14048957841162998387 (0xc2f7ecb8d2f59273)
exponent1: 2091537979440366241 (0x1d06a2b5fac802a1)
exponent2: 639027470352730491 (0x8de48193c17497b)
coefficient: 5085844977839658146 (0x46948d0fb6d654a2)
and prime1 > prime2. This ticket should be closed.
--
Viktor.
More information about the openssl-dev
mailing list