Hi Viktor,
Is there any way to make this prime number work by doing some modifications in the openssl source code.
Like bypassing the OpenSSL DH prime check?
Regards,
Vishal
General
-----Original Message-----
From: openssl-users +ADw-openssl-users-bounces+AEA-openssl.org+AD4- On Behalf Of Viktor Dukhovni
Sent: Friday, May 31, 2024 03:01 PM
To: openssl-users+AEA-openssl.org
Subject: Re: Issue in DH Algorithm Keys Generation in OpenSSL 3.3.0
+AFs-External email: Use caution with links and attachments+AF0-
+AF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXwBfAF8AXw-
On Fri, May 31, 2024 at 07:47:40AM +-0000, Vishal Kevat via openssl-users wrote:
+AD4- I am using OpenSSL source version 3.3.0 and facing an issue in key
+AD4- generation part of Diffie Hellman (DH) Algorithm. Below are the APIs I
+AD4- am using for generating Public and Private Keys:
+AD4-
+AD4- static unsigned char DH+AF8-PRIME+AF8-128+AFsAXQ- +AD0- +AHs- /+ACo- 128 bit prime +ACo-/
+AD4- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+AD4- 0xc9, 0x0f, 0xda, 0xa2, 0x21, 0x68, 0xc2, 0x34 +AH0AOw-
+AD4-
+AD4- static unsigned char dh+AF8-g+AFsAXQ- +AD0- +AHs-
+AD4- 0x02,
+AD4- +AH0AOw-
That number is clearly not prime, it is, for a start obviously divisible by 4+ACE- And of course +ACI-2+ACI- is then clearly not a generator of the multiplicative group of residues that are coprime to it, indeed the group is not cyclic:
https://en.wikipedia.org/wiki/Multiplicative+AF8-group+AF8-of+AF8-integers+AF8-modulo+AF8-n+ACM-Cyclic+AF8-case
so it has no generator.
FWIW, the factors of your +ACI-prime+ACI- are:
4, 31, 2347, 439409, 1327715723, 2004151850481839419
As can be confirmed via:
+ACQ- echo '4 31 +ACo- 2347 +ACo- 439409 +ACo- 1327715723 +ACo- 2004151850481839419 +ACo- 16o p' +AHw- dc
FFFFFFFFFFFFFFFFC90FDAA22168C234
Bottom line you should not expect this +ACI-prime+ACI- to yield a viable DH group.
--
Viktor.
