Somehow the mail seems to have been corrupted. My apologies. Here is the
complete mail:
Hi
BN_generate_prime_ex can generate prime numbers larger than the
specified bitsize. The problem can be reproduced using the following
commands:
[do@trinity tmp]$ openssl genrsa -out rsa.key 1
Generating RSA private key, 1 bit long modulus
.+++++++++++++++++++++++++++
.
e is 65537 (0x10001)
[do@trinity tmp]$ openssl rsa -in rsa.key -text -noout -check
Private-Key: (17 bit)
modulus: 71758 (0x1184e)
publicExponent: 65537 (0x10001)
privateExponent: 19563 (0x4c6b)
prime1: 35879 (0x8c27)
prime2: 2 (0x2)
exponent1: 19563 (0x4c6b)
exponent2: 0
coefficient: 17940 (0x4614)
RSA key ok
(The resulting key cannot be used for encryption and openssl genpkey
refuses to even try to generate keys of bitsize 1.)
The underlying problem is that the probable_prime function in
crypto/bn/bn_prime.c doesn't make sure the generated prime is smaller
than bits.
A possible solution might be:
--- openssl-1.0.1-beta2_original/crypto/bn/bn_prime.c 2012-02-01
12:31:45.984372013 +0100
+++ openssl-1.0.1-beta2/crypto/bn/bn_prime.c 2012-02-01
12:35:32.246479578 +0100
@@ -400,6 +400,7 @@
}
if (!BN_add_word(rnd,delta)) return(0);
bn_check_top(rnd);
+ if (BN_num_bits(rnd) > bits) return(0);
return(1);
}
Applying this patch results in the following behaviour:
[do@trinity apps]$ ./openssl genrsa -out rsa.key 1
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Generating RSA private key, 1 bit long modulus
140065249646248:error:04081003:rsa routines:RSA_BUILTIN_KEYGEN:BN
lib:rsa_gen.c:223:
Note that similar corner cases might be present in the
probable_prime_dh and probable_prime_dh_safe functions. I didn't check
those.
Cheers,
Dominik
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
