[Bug 1463147] Re: gnutls_dh_params_generate2 generates short primes

Andreas Metzler 1463147 at bugs.launchpad.net
Sat Jun 13 17:00:21 UTC 2015 

This was discussed upstream in
<http://article.gmane.org/gmane.network.gnutls.general/3667> and
according to
<http://article.gmane.org/gmane.network.gnutls.general/3669> should not
be an issue in 3.3.x:

Quoting Nikos Mavrogiannopoulos:
|| On Mon, 2014-11-10 at 11:48 -1000, Daniel Kahn Gillmor wrote:
| >> After some debugging it turns out that the failing criteria is that
| >> multiple of 64 bits requirement[1]. For some reason I've gotten a 1023
| >> bit prime, even though I called gnutls_dh_params_generate2() with 1024
| >> as the argument.
| > ugh.  Java is at fault here -- there's no sense in this particular
| > severe limitation.  if they're willing to use 512-bit DHE parameters and
| > 1024-bit DHE parameters, they should be willing to use 1023-bit DHE
| > parameters.
| 
| That's indeed quite some arbitrary limitation.
| 
| > That said, i suppose it's possible that gnutls could always ensure that
| > the high bit is set when generating a prime of a given size.
| 
| That should be the case in gnutls 3.3.x. That version delegates to
| nettle the DH parameter generation and nettle seems to be more precise.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1463147

Title:
  gnutls_dh_params_generate2 generates short primes

Status in gnutls28 package in Ubuntu:
  New

Bug description:
  I have several hosts (running inspircd) that call
  gnutls_dh_params_generate2 to generate their dh params.

  The key lengths that openssl s_client reports are not always the
  correct length.

  It seems that gnutls is not following the crypto-community standard of
  forcing the high bit on before throwing the random number into
  primality testing.

  Looking at gen_group() in lib/nettle/mpi.c in the gnutls sources may
  be useful.

  dh_bits == 2048
  Server Temp Key: DH, 2046 bits
  Server Temp Key: DH, 2048 bits
  Server Temp Key: DH, 2047 bits
  Server Temp Key: DH, 2046 bits
  Server Temp Key: DH, 2049 bits

  dh_bits == 3072
  Server Temp Key: DH, 3072 bits
  Server Temp Key: DH, 3069 bits

  Seen in trusty's libgnutls28=3.2.11-2ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1463147/+subscriptions

More information about the foundations-bugs mailing list