DH parameters from http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-modp-groups-04.txt return DH_NOT_SUITABLE_GENERATOR

[Aslam]

Hi,

 

I'm tring to use DH params from http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-modp-groups-04.txt, but none get imported in openssl, and openssl returns DH_NOT_SUITABLE_GENERATOR... Can any one give me a reason why ??

 

 

int XXX::SetDhPrimeAndGeneratorBytes(unsigned char* pPrime, unsigned int nPrimeLen, unsigned char* pGenerator, unsigned int nGeneratorLen)
{
 int  nRet = XXX_OK;
 DH*  pDh = 0; 
 int  nDhCheckCodes = 0; 

 

 pDh = DH_new();
 pDh->p = BN_bin2bn(pPrime, nPrimeLen, 0);
 pDh->g = BN_bin2bn(pGenerator, nGeneratorLen, 0);

 

 if(! DH_check(pDh, &nDhCheckCodes))
 {
  nRet = XXX_ERR_DH_CREATING_DH_PARAMS;
 }
    else
    {
     if(nDhCheckCodes != 0)
     {
      if(nDhCheckCodes & DH_CHECK_P_NOT_PRIME)
       nRet = XXX_ERR_DH_P_NOT_PRIME;
      else if(nDhCheckCodes & DH_CHECK_P_NOT_SAFE_PRIME)
       nRet = XXX_ERR_DH_P_NOT_SAFE_PRIME;
   else if(nDhCheckCodes & DH_UNABLE_TO_CHECK_GENERATOR)
    nRet = XXX_ERR_DH_NO_SUITABLE_GENERATOR;
      else if(nDhCheckCodes & DH_NOT_SUITABLE_GENERATOR)
       nRet = XXX_ERR_DH_NO_SUITABLE_GENERATOR;
      else
       nRet = XXX_ERR_DH_CREATING_DH_PARAMS;
     }
        else
        {
         if(m_pDh)
          DH_free(m_pDh);
         m_pDh = DHparams_dup(pDh);
        }
    }

 

 if(pDh)
  DH_free(pDh);
 return nRet;
}

 

Thanks

Aslam