missing dsa factor

Bob Mathews bobmathews at mindspring.com
Thu Feb 28 08:20:01 CET 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've been looking at the factor entries that are stored in the secret ring 
file, and it seems that there is one missing from DSA keys. When I start with 
(p-1)/2 and divide off q and the other given factors, I'm still left with a 
large composite number.

In gen_elg_prime(), prime is calculated as:
  2 * q * q_factor * factor[0]..factor[n-1] + 1
But when the ret_factors array is populated, it gets:
  q_factor, factor[1]..factor[n]
(It appears that factor[n] will always be NULL.) That leaves q and factor[0] 
both unknown. This behavior is in 1.0.6c, and doesn't appear to have been 
fixed in CVS.

Should be a trivial fix.
         if( mode == 1 ) {
             (*ret_factors)[i++] = mpi_copy( q_factor );
             for(; i <= n; i++ )
 -               (*ret_factors)[i] = mpi_copy( factors[i] );
 +               (*ret_factors)[i] = mpi_copy( factors[i-1] );
         }

Since the factors aren't currently used for anything, the missing one 
shouldn't hurt anything. It'll be disappointing if someone ever wants them 
for something, though.

 -bob mathews

-----BEGIN PGP SIGNATURE-----
Comment: What's this? http://bobmathews.home.mindspring.com/bob/

iD8DBQE8fdiwPgDecCrBEpcRAjYkAJ4lyFOvVCjUXiZO5LZs7tMzaQMe5gCdGfxT
orJ8kPU1VcAkKxxtiQ71Dqg=
=5Ddq
-----END PGP SIGNATURE-----




More information about the Gnupg-devel mailing list