Hi,
 
I'm tring to use DH params from http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-modp-groups-04.txt, but none get imported in openssl, and openssl returns DH_NOT_SUITABLE_GENERATOR... Can any one give me a reason why ??
 
 
int XXX::SetDhPrimeAndGeneratorBytes(unsigned char* pPrime, unsigned int nPrimeLen, unsigned char* pGenerator, unsigned int nGeneratorLen)
{
 int  nRet = XXX_OK;
 DH*  pDh = 0; 
 int  nDhCheckCodes = 0; 
 
 pDh = DH_new();
 pDh->p = BN_bin2bn(pPrime, nPrimeLen, 0);
 pDh->g = BN_bin2bn(pGenerator, nGeneratorLen, 0);
 
 if(! DH_check(pDh, &nDhCheckCodes))
 {
  nRet = XXX_ERR_DH_CREATING_DH_PARAMS;
 }
    else
    {
     if(nDhCheckCodes != 0)
     {
      if(nDhCheckCodes & DH_CHECK_P_NOT_PRIME)
       nRet = XXX_ERR_DH_P_NOT_PRIME;
      else if(nDhCheckCodes & DH_CHECK_P_NOT_SAFE_PRIME)
       nRet = XXX_ERR_DH_P_NOT_SAFE_PRIME;
   else if(nDhCheckCodes & DH_UNABLE_TO_CHECK_GENERATOR)
    nRet = XXX_ERR_DH_NO_SUITABLE_GENERATOR;
      else if(nDhCheckCodes & DH_NOT_SUITABLE_GENERATOR)
       nRet = XXX_ERR_DH_NO_SUITABLE_GENERATOR;
      else
       nRet = XXX_ERR_DH_CREATING_DH_PARAMS;
     }
        else
        {
         if(m_pDh)
          DH_free(m_pDh);
         m_pDh = DHparams_dup(pDh);
        }
    }
 
 if(pDh)
  DH_free(pDh);
 return nRet;
}
 
Thanks
Aslam

Reply via email to