All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2] [CVE-2009-1416]

Simon Josefsson simon at josefsson.org
Thu Apr 30 12:36:50 CEST 2009


When investigating the DSA problems reported by Miroslav Kratochvil
(e.g., [1]), Simon Josefsson discovered that all DSA keys generated by
GnuTLS 2.6.x are corrupt.  Rather than generating a DSA key, GnuTLS
will generate a RSA key and store it in a DSA structure.  The patch to
correct this is trivial, see [PATCH] below.  GnuTLS 2.4.x and earlier
did not contain the buggy code.

Example output from generating a broken DSA key is shown below under
[BAD OUTPUT].  Example output from generating a good DSA key is shown
below under [GOOD OUTPUT].  In the bad output, notice in particular
that the debug log during generation prints names of RSA fields.  Also
note that e = 010001 (e.g., 65537).  All bad keys can easily be
identified by having the group generator q = 65537.

Unfortunately, GnuTLS/libgcrypt will not refuse to sign data using
these bad keys, so it will be possible to sign certificates using the
bad keys.  See output from generating a self-signed certificate for
the bad DSA key below under [SIGNING].  These certificates are also
easy to identify through q=65537.

Fortunately, verifying the signature generated by these invalid DSA
keys appears to fail.  We invite people to study the mathematical
properties here.  There are at least two interesting questions to
answer: 1) Does verifying signatures with these DSA keys always fail?
2) If not, are these keys weak?  Possibly, given the size of the DSA
generator and the signatures, signatures can be faked, but if
verification always fails there shouldn't be any concern.

Because verification of signatures generated by these DSA keys fail,
the impact of this problem appears limited.

This problem can be identified with GNUTLS-SA-2009-2 and
CVE-2009-1416.

We have developed a small tool that will test your gnutls library, see
below under [CODE].

/Simon

[1] http://lists.gnu.org/archive/html/help-gnutls/2009-04/msg00021.html

PATCH:

diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 1015c3a..a08349b 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -529,7 +529,7 @@ _generate_params (int algo, bigint_t * resarr, unsigned int *resarr_len,
   int ret;
   unsigned int i;
 
-  ret = _gnutls_pk_ops.generate (GNUTLS_PK_RSA, bits, &params);
+  ret = _gnutls_pk_ops.generate (algo, bits, &params);
 
   if (ret < 0)
     {

BAD OUTPUT:

jas at mocca:~$ /usr/bin/certtool -p -d 4711 --dsa > foo.pem
Generating a 2048 bit DSA private key...
|<9>| MPI: length: 256
	n: b8dc30e150856de5a89f9be8e1e3076e8a2154334a3f183fd3bd00ba27638191eb011c5e2b7e2947c52ee8f2d6e24d9980eeca2502afc9365f54e79dfeac1022750d6174998477c5295fd380b4adba60fea3675e7f0cd3721ababe27b31be7b3d292aa9409bde8c86be82c813d1512bed2562ad7022e7eaf71b893b903e8ea2ea416578df3a4de193252cbe2dcb9540c3732a9d6da7cde5954ceebbf805853306eaa9735f08730759e195f1b45100c754d6088c77182edee53ee6a8279a01ced8846e848482c6b4a88ce35ceea67255a5bf79237dba7c108afe207afaa0538ac03a1761bad3a218b573f4d534e8030c470a549b19a7e29095c0d9eed25cb7077
|<9>| MPI: length: 3
	e: 010001
|<9>| MPI: length: 256
	d: 486fdbe586686a7a5a1b84fbf9fbbccf47682cf6d62aa82566a28294ef57520fec1ee8cf4bcaa9815a9679a8a2a455d5074d4abfbaf047efbae669c622e3a884e00a28bc88657c8b311dc022886a2504d9f30ccfde081818f7b96246eb2bcd9cccb03510424afcdb00519f92daed1585d9a4f32f8246d6d487c2d47be4b8d17e5eb64f111e5a33abe47393971a39c22239db438fe69fbb382edfcd74f681f9e379a03eca77b4cdf3f2c9770663475ccce35bc4a1b61f8bbf265bdf9fc6cf6b8fdc65c52a638f3bf7a89b3130e48c003753282b36bf7b4dc6ab9c949581b0e6a519c4b75e47504a8337aa3be7dccb46f3e5980fcd5f1d451b2481e31c4aea9401
|<9>| MPI: length: 128
	p: c282535d3ca5875c5da8eb55a346f664b3c96f7434829d9e5ed2b87e521478dbccc7b436d5753ffbad307aed53cb6bd3ec448a5c399972ac5e2d1c657aba95d7db6167077230e4d07b576461baa536cf3c0b9d49b99be0da2fec6381f9fc96033d5f63fc4d83adec04321b718371e8dc1b6e8439ae7eddcd2d1704046a254c77
|<9>| MPI: length: 128
	q: f34cf8d3a5f678b1e4d542a4343835ca344f548fb6fb95d1905992c2fa5952461f73011d5b0bd26eeb16c24c2787aa76436942cdd21fe1b7f01cd3d75c3db8bc58bff2868644574fa7b9bd5a9156368100b703b8335c864793bd656f555d616b5e4fd0f292abf8a9f6d4fef0f419aebcca1121798c2e9f737e4ef9de63e7fc01
|<9>| MPI: length: 128
	u: ebe6319ad263a47152bac721aca1d36c96bcdb8030d8fd71119cdf1d0c44fb6366b80ebe4b4bd66a75532abca065cfe4a8d15a096739788a507a5f4c6684ebc9c064e98c924be9819e958b8acad47ce8814646e3285e648dd9d442d0a7a16124f2d3b1ca6830ead88d45d218749a959f0d16672031de1110679ab57a7eb879e0
jas at mocca:~$ certtool -k < foo.pem
Public Key Info:
	Public Key Algorithm: DSA
private key:
	f3:4c:f8:d3:a5:f6:78:b1:e4:d5:42:a4:34:38:35:
	ca:34:4f:54:8f:b6:fb:95:d1:90:59:92:c2:fa:59:
	52:46:1f:73:01:1d:5b:0b:d2:6e:eb:16:c2:4c:27:
	87:aa:76:43:69:42:cd:d2:1f:e1:b7:f0:1c:d3:d7:
	5c:3d:b8:bc:58:bf:f2:86:86:44:57:4f:a7:b9:bd:
	5a:91:56:36:81:00:b7:03:b8:33:5c:86:47:93:bd:
	65:6f:55:5d:61:6b:5e:4f:d0:f2:92:ab:f8:a9:f6:
	d4:fe:f0:f4:19:ae:bc:ca:11:21:79:8c:2e:9f:73:
	7e:4e:f9:de:63:e7:fc:01:
public key:
	c2:82:53:5d:3c:a5:87:5c:5d:a8:eb:55:a3:46:f6:
	64:b3:c9:6f:74:34:82:9d:9e:5e:d2:b8:7e:52:14:
	78:db:cc:c7:b4:36:d5:75:3f:fb:ad:30:7a:ed:53:
	cb:6b:d3:ec:44:8a:5c:39:99:72:ac:5e:2d:1c:65:
	7a:ba:95:d7:db:61:67:07:72:30:e4:d0:7b:57:64:
	61:ba:a5:36:cf:3c:0b:9d:49:b9:9b:e0:da:2f:ec:
	63:81:f9:fc:96:03:3d:5f:63:fc:4d:83:ad:ec:04:
	32:1b:71:83:71:e8:dc:1b:6e:84:39:ae:7e:dd:cd:
	2d:17:04:04:6a:25:4c:77:
p:
	b8:dc:30:e1:50:85:6d:e5:a8:9f:9b:e8:e1:e3:07:
	6e:8a:21:54:33:4a:3f:18:3f:d3:bd:00:ba:27:63:
	81:91:eb:01:1c:5e:2b:7e:29:47:c5:2e:e8:f2:d6:
	e2:4d:99:80:ee:ca:25:02:af:c9:36:5f:54:e7:9d:
	fe:ac:10:22:75:0d:61:74:99:84:77:c5:29:5f:d3:
	80:b4:ad:ba:60:fe:a3:67:5e:7f:0c:d3:72:1a:ba:
	be:27:b3:1b:e7:b3:d2:92:aa:94:09:bd:e8:c8:6b:
	e8:2c:81:3d:15:12:be:d2:56:2a:d7:02:2e:7e:af:
	71:b8:93:b9:03:e8:ea:2e:a4:16:57:8d:f3:a4:de:
	19:32:52:cb:e2:dc:b9:54:0c:37:32:a9:d6:da:7c:
	de:59:54:ce:eb:bf:80:58:53:30:6e:aa:97:35:f0:
	87:30:75:9e:19:5f:1b:45:10:0c:75:4d:60:88:c7:
	71:82:ed:ee:53:ee:6a:82:79:a0:1c:ed:88:46:e8:
	48:48:2c:6b:4a:88:ce:35:ce:ea:67:25:5a:5b:f7:
	92:37:db:a7:c1:08:af:e2:07:af:aa:05:38:ac:03:
	a1:76:1b:ad:3a:21:8b:57:3f:4d:53:4e:80:30:c4:
	70:a5:49:b1:9a:7e:29:09:5c:0d:9e:ed:25:cb:70:
	77:
q:
	01:00:01:
g:
	48:6f:db:e5:86:68:6a:7a:5a:1b:84:fb:f9:fb:bc:
	cf:47:68:2c:f6:d6:2a:a8:25:66:a2:82:94:ef:57:
	52:0f:ec:1e:e8:cf:4b:ca:a9:81:5a:96:79:a8:a2:
	a4:55:d5:07:4d:4a:bf:ba:f0:47:ef:ba:e6:69:c6:
	22:e3:a8:84:e0:0a:28:bc:88:65:7c:8b:31:1d:c0:
	22:88:6a:25:04:d9:f3:0c:cf:de:08:18:18:f7:b9:
	62:46:eb:2b:cd:9c:cc:b0:35:10:42:4a:fc:db:00:
	51:9f:92:da:ed:15:85:d9:a4:f3:2f:82:46:d6:d4:
	87:c2:d4:7b:e4:b8:d1:7e:5e:b6:4f:11:1e:5a:33:
	ab:e4:73:93:97:1a:39:c2:22:39:db:43:8f:e6:9f:
	bb:38:2e:df:cd:74:f6:81:f9:e3:79:a0:3e:ca:77:
	b4:cd:f3:f2:c9:77:06:63:47:5c:cc:e3:5b:c4:a1:
	b6:1f:8b:bf:26:5b:df:9f:c6:cf:6b:8f:dc:65:c5:
	2a:63:8f:3b:f7:a8:9b:31:30:e4:8c:00:37:53:28:
	2b:36:bf:7b:4d:c6:ab:9c:94:95:81:b0:e6:a5:19:
	c4:b7:5e:47:50:4a:83:37:aa:3b:e7:dc:cb:46:f3:
	e5:98:0f:cd:5f:1d:45:1b:24:81:e3:1c:4a:ea:94:
	01:

Public Key ID: 7F:12:C5:C6:C6:94:43:6C:8F:75:75:EA:AF:1A:6B:72:02:9C:65:F8

-----BEGIN DSA PRIVATE KEY-----
MIIDGQIBAAKCAQEAuNww4VCFbeWon5vo4eMHboohVDNKPxg/070AuidjgZHrARxe
K34pR8Uu6PLW4k2ZgO7KJQKvyTZfVOed/qwQInUNYXSZhHfFKV/TgLStumD+o2de
fwzTchq6viezG+ez0pKqlAm96Mhr6CyBPRUSvtJWKtcCLn6vcbiTuQPo6i6kFleN
86TeGTJSy+LcuVQMNzKp1tp83llUzuu/gFhTMG6qlzXwhzB1nhlfG0UQDHVNYIjH
cYLt7lPuaoJ5oBztiEboSEgsa0qIzjXO6mclWlv3kjfbp8EIr+IHr6oFOKwDoXYb
rTohi1c/TVNOgDDEcKVJsZp+KQlcDZ7tJctwdwIDAQABAoIBAEhv2+WGaGp6WhuE
+/n7vM9HaCz21iqoJWaigpTvV1IP7B7oz0vKqYFalnmooqRV1QdNSr+68EfvuuZp
xiLjqITgCii8iGV8izEdwCKIaiUE2fMMz94IGBj3uWJG6yvNnMywNRBCSvzbAFGf
ktrtFYXZpPMvgkbW1IfC1HvkuNF+XrZPER5aM6vkc5OXGjnCIjnbQ4/mn7s4Lt/N
dPaB+eN5oD7Kd7TN8/LJdwZjR1zM41vEobYfi78mW9+fxs9rj9xlxSpjjzv3qJsx
MOSMADdTKCs2v3tNxquclJWBsOalGcS3XkdQSoM3qjvn3MtG8+WYD81fHUUbJIHj
HErqlAECgYEAwoJTXTylh1xdqOtVo0b2ZLPJb3Q0gp2eXtK4flIUeNvMx7Q21XU/
+60weu1Ty2vT7ESKXDmZcqxeLRxlerqV19thZwdyMOTQe1dkYbqlNs88C51JuZvg
2i/sY4H5/JYDPV9j/E2DrewEMhtxg3Ho3BtuhDmuft3NLRcEBGolTHcCgYEA80z4
06X2eLHk1UKkNDg1yjRPVI+2+5XRkFmSwvpZUkYfcwEdWwvSbusWwkwnh6p2Q2lC
zdIf4bfwHNPXXD24vFi/8oaGRFdPp7m9WpFWNoEAtwO4M1yGR5O9ZW9VXWFrXk/Q
8pKr+Kn21P7w9BmuvMoRIXmMLp9zfk753mPn/AE=
-----END DSA PRIVATE KEY-----

jas at mocca:~$ 

GOOD OUTPUT:

jas at mocca:~$ ~/src/gnutls/src/certtool -p -d 4711 --dsa --bits 1024 > bar.pem
Generating a 1024 bit DSA private key...
|<9>| MPI: length: 128
	p: cb5a99fdf8021b1fd9f9c89707e71b0a0057ae0c2e5ed7dd1cbf5cd283e922f6d0225eb4794638b346a9be587ac12aefafd22044657e43025810d4d495a0ba1823199c47ed248c1e9d3c1c7d3d19a952dd14707b7011d9682622434d32f839461ed486e606964a1d0ea6ff8b9bae84a0cc00dd9032edebf85f9b1087a6e8a08b
|<9>| MPI: length: 20
	q: d32f7bbe74f00ba95c08bbba4a0b40fba1c57cb3
|<9>| MPI: length: 128
	g: c622a36959da6acde068752a35173cdcbf14d21e341e2f185e76fdebea7472a3bc44a3c1107e4ad53df68e7e07acaf0b52a7be7e6a2c57c617c8f49c282d7561290c0571c1df46d0fddff30deaec015b1f10a53de7493ecb8f6174720fcc7fe86faebaa406c225dd5f9f2c2de8aac7160909c37b22905b0c934ed6618e406d72
|<9>| MPI: length: 128
	y: 9748c4c583ce43ce825152946d7baa1f86cb7addff6f1236ecef7cf5e57111dae20981b14343d3a677651747756e35f58a63420220f192ea4eee3564a0aa138f595d23c998685b8e1a2c20a311b2429865e212333ae0b1290b37f5bf16846b41fb017b7e3f18fcb74350fc37bc7602c8cdabc5c1a51cbb4787177e40827ddef5
|<9>| MPI: length: 20
	x: 9a4e9b505974dd4a67832aa17e9ea604fc1beb41
jas at mocca:~$ ~/src/gnutls/src/certtool -k < bar.pem 
Public Key Info:
	Public Key Algorithm: DSA
private key:
	9a:4e:9b:50:59:74:dd:4a:67:83:2a:a1:7e:9e:a6:
	04:fc:1b:eb:41:
public key:
	97:48:c4:c5:83:ce:43:ce:82:51:52:94:6d:7b:aa:
	1f:86:cb:7a:dd:ff:6f:12:36:ec:ef:7c:f5:e5:71:
	11:da:e2:09:81:b1:43:43:d3:a6:77:65:17:47:75:
	6e:35:f5:8a:63:42:02:20:f1:92:ea:4e:ee:35:64:
	a0:aa:13:8f:59:5d:23:c9:98:68:5b:8e:1a:2c:20:
	a3:11:b2:42:98:65:e2:12:33:3a:e0:b1:29:0b:37:
	f5:bf:16:84:6b:41:fb:01:7b:7e:3f:18:fc:b7:43:
	50:fc:37:bc:76:02:c8:cd:ab:c5:c1:a5:1c:bb:47:
	87:17:7e:40:82:7d:de:f5:
p:
	cb:5a:99:fd:f8:02:1b:1f:d9:f9:c8:97:07:e7:1b:
	0a:00:57:ae:0c:2e:5e:d7:dd:1c:bf:5c:d2:83:e9:
	22:f6:d0:22:5e:b4:79:46:38:b3:46:a9:be:58:7a:
	c1:2a:ef:af:d2:20:44:65:7e:43:02:58:10:d4:d4:
	95:a0:ba:18:23:19:9c:47:ed:24:8c:1e:9d:3c:1c:
	7d:3d:19:a9:52:dd:14:70:7b:70:11:d9:68:26:22:
	43:4d:32:f8:39:46:1e:d4:86:e6:06:96:4a:1d:0e:
	a6:ff:8b:9b:ae:84:a0:cc:00:dd:90:32:ed:eb:f8:
	5f:9b:10:87:a6:e8:a0:8b:
q:
	d3:2f:7b:be:74:f0:0b:a9:5c:08:bb:ba:4a:0b:40:
	fb:a1:c5:7c:b3:
g:
	c6:22:a3:69:59:da:6a:cd:e0:68:75:2a:35:17:3c:
	dc:bf:14:d2:1e:34:1e:2f:18:5e:76:fd:eb:ea:74:
	72:a3:bc:44:a3:c1:10:7e:4a:d5:3d:f6:8e:7e:07:
	ac:af:0b:52:a7:be:7e:6a:2c:57:c6:17:c8:f4:9c:
	28:2d:75:61:29:0c:05:71:c1:df:46:d0:fd:df:f3:
	0d:ea:ec:01:5b:1f:10:a5:3d:e7:49:3e:cb:8f:61:
	74:72:0f:cc:7f:e8:6f:ae:ba:a4:06:c2:25:dd:5f:
	9f:2c:2d:e8:aa:c7:16:09:09:c3:7b:22:90:5b:0c:
	93:4e:d6:61:8e:40:6d:72:

Public Key ID: 24:B6:F9:42:2A:6B:A3:CC:AB:D9:B7:16:7E:6C:03:29:97:AE:5A:49

-----BEGIN DSA PRIVATE KEY-----
MIIBvQIBAAKBgQDLWpn9+AIbH9n5yJcH5xsKAFeuDC5e190cv1zSg+ki9tAiXrR5
RjizRqm+WHrBKu+v0iBEZX5DAlgQ1NSVoLoYIxmcR+0kjB6dPBx9PRmpUt0UcHtw
EdloJiJDTTL4OUYe1IbmBpZKHQ6m/4ubroSgzADdkDLt6/hfmxCHpuigiwIVANMv
e7508AupXAi7ukoLQPuhxXyzAoGBAMYio2lZ2mrN4Gh1KjUXPNy/FNIeNB4vGF52
/evqdHKjvESjwRB+StU99o5+B6yvC1Knvn5qLFfGF8j0nCgtdWEpDAVxwd9G0P3f
8w3q7AFbHxClPedJPsuPYXRyD8x/6G+uuqQGwiXdX58sLeiqxxYJCcN7IpBbDJNO
1mGOQG1yAoGBAJdIxMWDzkPOglFSlG17qh+Gy3rd/28SNuzvfPXlcRHa4gmBsUND
06Z3ZRdHdW419YpjQgIg8ZLqTu41ZKCqE49ZXSPJmGhbjhosIKMRskKYZeISMzrg
sSkLN/W/FoRrQfsBe34/GPy3Q1D8N7x2AsjNq8XBpRy7R4cXfkCCfd71AhUAmk6b
UFl03Upngyqhfp6mBPwb60E=
-----END DSA PRIVATE KEY-----

jas at mocca:~$ 

[SIGNING]

jas at mocca:~$ ~/src/gnutls/src/certtool -s --load-privkey foo.pem --template /dev/null 
Generating a self signed certificate...
X.509 Certificate Information:
	Version: 3
	Serial Number (hex): 49f08ab2
	Validity:
		Not Before: Thu Apr 23 15:35:14 UTC 2009
		Not After: Fri Apr 23 15:35:14 UTC 2010
	Subject: 
	Subject Public Key Algorithm: DSA
		Public key (bits 1024):
			c2:82:53:5d:3c:a5:87:5c:5d:a8:eb:55:a3:46:f6:64
			b3:c9:6f:74:34:82:9d:9e:5e:d2:b8:7e:52:14:78:db
			cc:c7:b4:36:d5:75:3f:fb:ad:30:7a:ed:53:cb:6b:d3
			ec:44:8a:5c:39:99:72:ac:5e:2d:1c:65:7a:ba:95:d7
			db:61:67:07:72:30:e4:d0:7b:57:64:61:ba:a5:36:cf
			3c:0b:9d:49:b9:9b:e0:da:2f:ec:63:81:f9:fc:96:03
			3d:5f:63:fc:4d:83:ad:ec:04:32:1b:71:83:71:e8:dc
			1b:6e:84:39:ae:7e:dd:cd:2d:17:04:04:6a:25:4c:77
		P:
			b8:dc:30:e1:50:85:6d:e5:a8:9f:9b:e8:e1:e3:07:6e
			8a:21:54:33:4a:3f:18:3f:d3:bd:00:ba:27:63:81:91
			eb:01:1c:5e:2b:7e:29:47:c5:2e:e8:f2:d6:e2:4d:99
			80:ee:ca:25:02:af:c9:36:5f:54:e7:9d:fe:ac:10:22
			75:0d:61:74:99:84:77:c5:29:5f:d3:80:b4:ad:ba:60
			fe:a3:67:5e:7f:0c:d3:72:1a:ba:be:27:b3:1b:e7:b3
			d2:92:aa:94:09:bd:e8:c8:6b:e8:2c:81:3d:15:12:be
			d2:56:2a:d7:02:2e:7e:af:71:b8:93:b9:03:e8:ea:2e
			a4:16:57:8d:f3:a4:de:19:32:52:cb:e2:dc:b9:54:0c
			37:32:a9:d6:da:7c:de:59:54:ce:eb:bf:80:58:53:30
			6e:aa:97:35:f0:87:30:75:9e:19:5f:1b:45:10:0c:75
			4d:60:88:c7:71:82:ed:ee:53:ee:6a:82:79:a0:1c:ed
			88:46:e8:48:48:2c:6b:4a:88:ce:35:ce:ea:67:25:5a
			5b:f7:92:37:db:a7:c1:08:af:e2:07:af:aa:05:38:ac
			03:a1:76:1b:ad:3a:21:8b:57:3f:4d:53:4e:80:30:c4
			70:a5:49:b1:9a:7e:29:09:5c:0d:9e:ed:25:cb:70:77
		Q:
			01:00:01
		G:
			48:6f:db:e5:86:68:6a:7a:5a:1b:84:fb:f9:fb:bc:cf
			47:68:2c:f6:d6:2a:a8:25:66:a2:82:94:ef:57:52:0f
			ec:1e:e8:cf:4b:ca:a9:81:5a:96:79:a8:a2:a4:55:d5
			07:4d:4a:bf:ba:f0:47:ef:ba:e6:69:c6:22:e3:a8:84
			e0:0a:28:bc:88:65:7c:8b:31:1d:c0:22:88:6a:25:04
			d9:f3:0c:cf:de:08:18:18:f7:b9:62:46:eb:2b:cd:9c
			cc:b0:35:10:42:4a:fc:db:00:51:9f:92:da:ed:15:85
			d9:a4:f3:2f:82:46:d6:d4:87:c2:d4:7b:e4:b8:d1:7e
			5e:b6:4f:11:1e:5a:33:ab:e4:73:93:97:1a:39:c2:22
			39:db:43:8f:e6:9f:bb:38:2e:df:cd:74:f6:81:f9:e3
			79:a0:3e:ca:77:b4:cd:f3:f2:c9:77:06:63:47:5c:cc
			e3:5b:c4:a1:b6:1f:8b:bf:26:5b:df:9f:c6:cf:6b:8f
			dc:65:c5:2a:63:8f:3b:f7:a8:9b:31:30:e4:8c:00:37
			53:28:2b:36:bf:7b:4d:c6:ab:9c:94:95:81:b0:e6:a5
			19:c4:b7:5e:47:50:4a:83:37:aa:3b:e7:dc:cb:46:f3
			e5:98:0f:cd:5f:1d:45:1b:24:81:e3:1c:4a:ea:94:01
	Extensions:
		Basic Constraints (critical):
			Certificate Authority (CA): FALSE
		Key Usage (critical):
			Digital signature.
		Subject Key Identifier (not critical):
			7f12c5c6c694436c8f7575eaaf1a6b72029c65f8
Other Information:
	Public Key Id:
		7f12c5c6c694436c8f7575eaaf1a6b72029c65f8



Signing certificate...
-----BEGIN CERTIFICATE-----
MIIHZzCCBTigAwIBAgIESfCKsjCCAhoGByqGSM44BAMwggINAoIBALjcMOFQhW3l
qJ+b6OHjB26KIVQzSj8YP9O9ALonY4GR6wEcXit+KUfFLujy1uJNmYDuyiUCr8k2
X1Tnnf6sECJ1DWF0mYR3xSlf04C0rbpg/qNnXn8M03Iaur4nsxvns9KSqpQJvejI
a+gsgT0VEr7SVirXAi5+r3G4k7kD6OoupBZXjfOk3hkyUsvi3LlUDDcyqdbafN5Z
VM7rv4BYUzBuqpc18IcwdZ4ZXxtFEAx1TWCIx3GC7e5T7mqCeaAc7YhG6EhILGtK
iM41zupnJVpb95I326fBCK/iB6+qBTisA6F2G606IYtXP01TToAwxHClSbGafikJ
XA2e7SXLcHcCAwEAAQKCAQBIb9vlhmhqelobhPv5+7zPR2gs9tYqqCVmooKU71dS
D+we6M9LyqmBWpZ5qKKkVdUHTUq/uvBH77rmacYi46iE4AoovIhlfIsxHcAiiGol
BNnzDM/eCBgY97liRusrzZzMsDUQQkr82wBRn5La7RWF2aTzL4JG1tSHwtR75LjR
fl62TxEeWjOr5HOTlxo5wiI520OP5p+7OC7fzXT2gfnjeaA+yne0zfPyyXcGY0dc
zONbxKG2H4u/Jlvfn8bPa4/cZcUqY48796ibMTDkjAA3UygrNr97TcarnJSVgbDm
pRnEt15HUEqDN6o759zLRvPlmA/NXx1FGySB4xxK6pQBMAAwHhcNMDkwNDIzMTUz
NTE0WhcNMTAwNDIzMTUzNTE0WjAAMIICpTCCAhoGByqGSM44BAEwggINAoIBALjc
MOFQhW3lqJ+b6OHjB26KIVQzSj8YP9O9ALonY4GR6wEcXit+KUfFLujy1uJNmYDu
yiUCr8k2X1Tnnf6sECJ1DWF0mYR3xSlf04C0rbpg/qNnXn8M03Iaur4nsxvns9KS
qpQJvejIa+gsgT0VEr7SVirXAi5+r3G4k7kD6OoupBZXjfOk3hkyUsvi3LlUDDcy
qdbafN5ZVM7rv4BYUzBuqpc18IcwdZ4ZXxtFEAx1TWCIx3GC7e5T7mqCeaAc7YhG
6EhILGtKiM41zupnJVpb95I326fBCK/iB6+qBTisA6F2G606IYtXP01TToAwxHCl
SbGafikJXA2e7SXLcHcCAwEAAQKCAQBIb9vlhmhqelobhPv5+7zPR2gs9tYqqCVm
ooKU71dSD+we6M9LyqmBWpZ5qKKkVdUHTUq/uvBH77rmacYi46iE4AoovIhlfIsx
HcAiiGolBNnzDM/eCBgY97liRusrzZzMsDUQQkr82wBRn5La7RWF2aTzL4JG1tSH
wtR75LjRfl62TxEeWjOr5HOTlxo5wiI520OP5p+7OC7fzXT2gfnjeaA+yne0zfPy
yXcGY0dczONbxKG2H4u/Jlvfn8bPa4/cZcUqY48796ibMTDkjAA3UygrNr97Tcar
nJSVgbDmpRnEt15HUEqDN6o759zLRvPlmA/NXx1FGySB4xxK6pQBA4GEAAKBgMKC
U108pYdcXajrVaNG9mSzyW90NIKdnl7SuH5SFHjbzMe0NtV1P/utMHrtU8tr0+xE
ilw5mXKsXi0cZXq6ldfbYWcHcjDk0HtXZGG6pTbPPAudSbmb4Nov7GOB+fyWAz1f
Y/xNg63sBDIbcYNx6NwbboQ5rn7dzS0XBARqJUx3o0AwPjAMBgNVHRMBAf8EAjAA
MA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFH8SxcbGlENsj3V16q8aa3ICnGX4
MIICGgYHKoZIzjgEAzCCAg0CggEAuNww4VCFbeWon5vo4eMHboohVDNKPxg/070A
uidjgZHrARxeK34pR8Uu6PLW4k2ZgO7KJQKvyTZfVOed/qwQInUNYXSZhHfFKV/T
gLStumD+o2defwzTchq6viezG+ez0pKqlAm96Mhr6CyBPRUSvtJWKtcCLn6vcbiT
uQPo6i6kFleN86TeGTJSy+LcuVQMNzKp1tp83llUzuu/gFhTMG6qlzXwhzB1nhlf
G0UQDHVNYIjHcYLt7lPuaoJ5oBztiEboSEgsa0qIzjXO6mclWlv3kjfbp8EIr+IH
r6oFOKwDoXYbrTohi1c/TVNOgDDEcKVJsZp+KQlcDZ7tJctwdwIDAQABAoIBAEhv
2+WGaGp6WhuE+/n7vM9HaCz21iqoJWaigpTvV1IP7B7oz0vKqYFalnmooqRV1QdN
Sr+68EfvuuZpxiLjqITgCii8iGV8izEdwCKIaiUE2fMMz94IGBj3uWJG6yvNnMyw
NRBCSvzbAFGfktrtFYXZpPMvgkbW1IfC1HvkuNF+XrZPER5aM6vkc5OXGjnCIjnb
Q4/mn7s4Lt/NdPaB+eN5oD7Kd7TN8/LJdwZjR1zM41vEobYfi78mW9+fxs9rj9xl
xSpjjzv3qJsxMOSMADdTKCs2v3tNxquclJWBsOalGcS3XkdQSoM3qjvn3MtG8+WY
D81fHUUbJIHjHErqlAEDCwAwCAICBkgCAhtb
-----END CERTIFICATE-----
jas at mocca:~$ 

[CODE]

/*
 * Small code to reproduce the CVE-2009-1416 bad DSA key problem.
 *
 * Build it using:
 *
 *  gcc -o cve-2009-1416 cve-2009-1416.c -lgnutls
 *
 * If your gnutls library is OK then running it will print 'success!'.
 *
 * If your gnutls library is buggy then running it will print 'buggy'.
 *
 */

#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>

#include <gcrypt.h>
#include <gnutls/gnutls.h>

int
main (void)
{
  gnutls_x509_privkey_t key;
  gnutls_datum_t p, q, g, y, x;
  int ret;

  gnutls_global_init ();
  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);

  ret = gnutls_x509_privkey_init (&key);
  if (ret < 0)
    return 1;

  ret = gnutls_x509_privkey_generate (key, GNUTLS_PK_DSA, 512, 0);
  if (ret < 0)
    return 1;

  ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
  if (ret < 0)
    return 1;

  if (q.size == 3 && memcmp (q.data, "\x01\x00\x01", 3) == 0)
    printf ("buggy\n");
  else
    printf ("success!\n");

  gnutls_free (p.data);
  gnutls_free (q.data);
  gnutls_free (g.data);
  gnutls_free (y.data);
  gnutls_free (x.data);

  gnutls_x509_privkey_deinit (key);
  gnutls_global_deinit ();

  return 0;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 419 bytes
Desc: not available
URL: </pipermail/attachments/20090430/138b043c/attachment.pgp>


More information about the Gnutls-devel mailing list