gnutls_dh_params_generate2 generates short primes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls28 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I have several hosts (running inspircd) that call gnutls_
The key lengths that openssl s_client reports are not always the correct length.
It seems that gnutls is not following the crypto-community standard of forcing the high bit on before throwing the random number into primality testing.
Looking at gen_group() in lib/nettle/mpi.c in the gnutls sources may be useful.
dh_bits == 2048
Server Temp Key: DH, 2046 bits
Server Temp Key: DH, 2048 bits
Server Temp Key: DH, 2047 bits
Server Temp Key: DH, 2046 bits
Server Temp Key: DH, 2049 bits
dh_bits == 3072
Server Temp Key: DH, 3072 bits
Server Temp Key: DH, 3069 bits
Seen in trusty's libgnutls28=
This shows up as weechat failing to connect because the key length is less than 2048 bits (weechat's default behavior). Needless to say, if I ask for 2048 bits of temp key, I should get (at least) 2048 bits of temp key.