[Bug 1463147] [NEW] gnutls_dh_params_generate2 generates short primes

LaMont Jones lamont.jones at canonical.com
Mon Jun 8 19:23:42 UTC 2015 

Public bug reported:

I have several hosts (running inspircd) that call
gnutls_dh_params_generate2 to generate their dh params.

The key lengths that openssl s_client reports are not always the correct
length.

It seems that gnutls is not following the crypto-community standard of
forcing the high bit on before throwing the random number into primality
testing.

Looking at gen_group() in lib/nettle/mpi.c in the gnutls sources may be
useful.

dh_bits == 2048
Server Temp Key: DH, 2046 bits
Server Temp Key: DH, 2048 bits
Server Temp Key: DH, 2047 bits
Server Temp Key: DH, 2046 bits
Server Temp Key: DH, 2049 bits

dh_bits == 3072
Server Temp Key: DH, 3072 bits
Server Temp Key: DH, 3069 bits

Seen in trusty's libgnutls28=3.2.11-2ubuntu1

** Affects: gnutls28 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1463147

Title:
  gnutls_dh_params_generate2 generates short primes

Status in gnutls28 package in Ubuntu:
  New

Bug description:
  I have several hosts (running inspircd) that call
  gnutls_dh_params_generate2 to generate their dh params.

  The key lengths that openssl s_client reports are not always the
  correct length.

  It seems that gnutls is not following the crypto-community standard of
  forcing the high bit on before throwing the random number into
  primality testing.

  Looking at gen_group() in lib/nettle/mpi.c in the gnutls sources may
  be useful.

  dh_bits == 2048
  Server Temp Key: DH, 2046 bits
  Server Temp Key: DH, 2048 bits
  Server Temp Key: DH, 2047 bits
  Server Temp Key: DH, 2046 bits
  Server Temp Key: DH, 2049 bits

  dh_bits == 3072
  Server Temp Key: DH, 3072 bits
  Server Temp Key: DH, 3069 bits

  Seen in trusty's libgnutls28=3.2.11-2ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1463147/+subscriptions

More information about the foundations-bugs mailing list