[openssl-dev] [openssl.org #4190] Missing Check for duplicate Prime-Value of p and q in openssl 0.9.8o
Richard Levitte via RT
rt at openssl.org
Mon Dec 21 22:42:34 UTC 2015
You're not showing us how you output rsa->p and rsa->q. It doesn't make sense
at all that you get "Doppelt!" if they were equal, so there's something wrong
with your output. Also, it's been demonstrated (see mail by Viktor on
openssl-dev) that the resulting key does have different p and q, with p > q.
For all intents and purposes, this seems not to be a bug. Closing this ticket.
Cheers,
Richard
Vid Mon, 21 Dec 2015 kl. 21.36.10, skrev felix.wiedenroth at gmx.de:
> Hello,
>
> I found the reason for the problem, it´s definately a program error:
>
> The reason for it is in sub-program rsa_gen.c
>
> if (BN_cmp(rsa->p, rsa->q) < 0) {
> printf("Doppelt!") ;
> tmp = rsa->p;
> rsa->p = rsa->q;
> rsa->q = tmp;
> }
>
> Here p and q should be switched if p > q. But this does not work,
> probably due to type-incompatible Variable "tmp".
>
> So rsa->p gets the value of rsa->q but not vice versa:
>
> root at debian6:/home/felix/Downloads/openssl-0.9.8zh/apps# ./openssl
> genrsa 128
> Generating RSA private key, 128 bit long modulus
> ..+++++++++++++++++++++++++++
> ...+++++++++++++++++++++++++++
> e is 65537 (0x10001)
> p:C2F7ECB8D2F59273 Doppelt!q:C2F7ECB8D2F59273-----BEGIN RSA PRIVATE
> KEY-----
> MGECAQACEQCxt/Mo0epqolFmAH7AinLnAgMBAAECECOQd0W09F9QNJjnYUzTA2kC
> CQDpWa3+afRcvQIJAML37LjS9ZJzAggdBqK1+sgCoQIICN5IGTwXSXsCCEaUjQ+2
> 1lSi
> -----END RSA PRIVATE KEY-----
> root at debian6:/home/felix/Downloads/openssl-0.9.8zh/apps# ./openssl
> genrsa 128
> Generating RSA private key, 128 bit long modulus
> ...+++++++++++++++++++++++++++
> ..+++++++++++++++++++++++++++
> e is 65537 (0x10001)
> p:EA361C8BFA9BA779 q:D5E2C6BB9B8BA893-----BEGIN RSA PRIVATE KEY-----
> MGQCAQACEQDDrn9XKQBmujmYfSQ++5J7AgMBAAECEQCKoOvL9ts26ogA0yMVZFKx
> AgkA6jYci/qbp3kCCQDV4sa7m4uokwIJAI6c+HD73n/xAggx7tN+kP21yQIJANCs
> iuyMFDkp
> -----END RSA PRIVATE KEY-----
> root at debian6:/home/felix/Downloads/openssl-0.9.8zh/apps# ./openssl
> genrsa 128
> Generating RSA private key, 128 bit long modulus
> .+++++++++++++++++++++++++++
> .+++++++++++++++++++++++++++
> e is 65537 (0x10001)
> p:C3412FF6A7505B29 Doppelt!q:C3412FF6A7505B29-----BEGIN RSA PRIVATE
> KEY-----
> MGMCAQACEQCyfg3MCsahBogjE8RM+6yPAgMBAAECEEO3HMbfA7IMpHc7MT6WJZEC
> CQDqBdvZfYT49wIJAMNBL/anUFspAgkAo33OVsZLFIcCCHPy1A6/EOLxAgkAj5Jg
> TT5Qxxw=
> -----END RSA PRIVATE KEY-----
> root at debian6:/home/felix/Downloads/openssl-0.9.8zh/apps# ./openssl
> genrsa 128
> Generating RSA private key, 128 bit long modulus
> .+++++++++++++++++++++++++++
> .+++++++++++++++++++++++++++
> e is 65537 (0x10001)
> p:C90F0AF5C806456F Doppelt!q:C90F0AF5C806456F-----BEGIN RSA PRIVATE
> KEY-----
> MGMCAQACEQC5Blnuh/rwj672TEtpnqBbAgMBAAECEHWgVAwQ5reHi1vT7Mv8AgEC
> CQDrlal9i7dV1QIJAMkPCvXIBkVvAgkAlW1jiUdyrVUCCF/WSswjP1IDAgkA6DRY
> CoYAsOE=
> -----END RSA PRIVATE KEY-----
> root at debian6:/home/felix/Downloads/openssl-0.9.8zh/apps# ./openssl
> genrsa 128
> Generating RSA private key, 128 bit long modulus
> ...+++++++++++++++++++++++++++
> ..+++++++++++++++++++++++++++
> e is 65537 (0x10001)
> p:DFE0EAAEF64A9ED3 q:DA49968E614FC9E9-----BEGIN RSA PRIVATE KEY-----
> MGECAQACEQC+5eKmNv53y2Hn+t22uzkLAgMBAAECEHmAtlbW7/ZsapBlxpZlu1EC
> CQDf4Oqu9kqe0wIJANpJlo5hT8npAggWUvAz6B1CvwIIYCU9fST7gdECCGudR6xt
> O4sU
> -----END RSA PRIVATE KEY----
>
> The code is still the same, even in Pre-Version 1.1.0
>
> Regards,
>
> Felix
>
>
> Am 21.12.2015 21:38, schrieb Kurt Roeckx via RT:
> > On Mon, Dec 21, 2015 at 01:51:45PM +0000, Felix via RT wrote:
> >> That does not matter from a technical point of view.
> >>
> >> The Problem ist the same with 2048-Bit RSA.
> > If you're worried that p and q might be the same random number, I
> > think you should have other concerns.
> >
> >
> > Kurt
> >
> >
> >
>
--
Richard Levitte
levitte at openssl.org
More information about the openssl-dev
mailing list