fermat primes and dnssec-keygen bug?

Bill Owens owens at nysernet.org
Wed Mar 7 15:01:59 UTC 2012


On Wed, Mar 07, 2012 at 02:43:01PM +0000, Chris Thompson wrote:
> Oh, damn. I have to retract. Or indeed, grovel. It all depends on which
> version of OpenSSL it is linked with, not on the code in dnssec-keygen
> itself. Older versions do indeed generate 2^30+3, but newer ones 2^32+1.
> 
> You can see the BEAAAA (2^30+3) ones in the DNSKEYs for dlv.isc.org as
> well as in a number of our own zones (which says either that the keys
> are oldish or that the versions of OpenSSL used are not as up to date
> as they probably ought to be).

Caveat - I am no kind of a programmer; I frequently get into trouble trying to read other peoples' code. However, I made an extremely naive patch to opensslrsa_link.c:

[littledebian:bind-9.9.0/lib/dns] owens% diff -c opensslrsa_link.c.orig opensslrsa_link.c
*** opensslrsa_link.c.orig	2012-03-07 09:48:48.000000000 -0500
--- opensslrsa_link.c	2012-03-07 09:50:46.000000000 -0500
***************
*** 752,760 ****
  		BN_set_bit(e, 0);
  		BN_set_bit(e, 16);
  	} else {
! 		/* F5 0x100000001 */
  		BN_set_bit(e, 0);
! 		BN_set_bit(e, 32);
  	}
  
  	if (callback == NULL) {
--- 752,761 ----
  		BN_set_bit(e, 0);
  		BN_set_bit(e, 16);
  	} else {
! 		/* 2^30+3 0x40000003 */
  		BN_set_bit(e, 0);
! 		BN_set_bit(e, 1);
! 		BN_set_bit(e, 30);
  	}
  
  	if (callback == NULL) {

. . . recompiled, and tried the new dnssec-keygen:

[littledebian:~] owens% /home/owens/src/bind-9.9.0/bin/dnssec/dnssec-keygen -e example.net
Generating key pair...++++++ .++++++ 
Kexample.net.+005+19281
[littledebian:~] owens% cat Kexample.net.+005+19281.key
; This is a zone-signing key, keyid 19281, for example.net.
; Created: 20120307145213 (Wed Mar  7 09:52:13 2012)
; Publish: 20120307145213 (Wed Mar  7 09:52:13 2012)
; Activate: 20120307145213 (Wed Mar  7 09:52:13 2012)
example.net. IN DNSKEY 256 3 5 BEAAAAO+k2eTlU4PS0U16bt6AVTZLqoaYKJKHXZYG+0yWZiiADqTd61W yuBHqrVgPJMLMKEGJRQpNJJRuVrOw3VZTC255gt+L5XLVzrmQwR2jG+0 QFPx+Dqriq9lqmhvxtUXDMTwrCMyhv5fdDjPJ1KxknimH0htOivrHBEE EIV/6gwPkQ==

As you pointed out, BEAAAAO is 2^30+3

[littledebian:~] owens% echo 'BEAAAAO+' | base64 -d | xxd -l 12 -b
0000000: 00000100 01000000 00000000 00000000 00000011 10111110  . at ....

This certainly looks (to my inexpert eyes) like an explicit choice on the part of the BIND authors. 

Bill.



More information about the bind-users mailing list