Hi,
I'm tring to use DH
params from http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ike-modp-groups-04.txt,
but none get imported in openssl, and openssl returns
DH_NOT_SUITABLE_GENERATOR... Can any one give me a reason why
??
int
XXX::SetDhPrimeAndGeneratorBytes(unsigned char* pPrime, unsigned int nPrimeLen,
unsigned char* pGenerator, unsigned int
nGeneratorLen)
{
int nRet = XXX_OK;
DH* pDh = 0;
int nDhCheckCodes = 0;
{
int nRet = XXX_OK;
DH* pDh = 0;
int nDhCheckCodes = 0;
pDh =
DH_new();
pDh->p = BN_bin2bn(pPrime, nPrimeLen, 0);
pDh->g = BN_bin2bn(pGenerator, nGeneratorLen, 0);
pDh->p = BN_bin2bn(pPrime, nPrimeLen, 0);
pDh->g = BN_bin2bn(pGenerator, nGeneratorLen, 0);
if(!
DH_check(pDh, &nDhCheckCodes))
{
nRet = XXX_ERR_DH_CREATING_DH_PARAMS;
}
else
{
if(nDhCheckCodes != 0)
{
if(nDhCheckCodes & DH_CHECK_P_NOT_PRIME)
nRet = XXX_ERR_DH_P_NOT_PRIME;
else if(nDhCheckCodes & DH_CHECK_P_NOT_SAFE_PRIME)
nRet = XXX_ERR_DH_P_NOT_SAFE_PRIME;
else if(nDhCheckCodes & DH_UNABLE_TO_CHECK_GENERATOR)
nRet = XXX_ERR_DH_NO_SUITABLE_GENERATOR;
else if(nDhCheckCodes & DH_NOT_SUITABLE_GENERATOR)
nRet = XXX_ERR_DH_NO_SUITABLE_GENERATOR;
else
nRet = XXX_ERR_DH_CREATING_DH_PARAMS;
}
else
{
if(m_pDh)
DH_free(m_pDh);
m_pDh = DHparams_dup(pDh);
}
}
{
nRet = XXX_ERR_DH_CREATING_DH_PARAMS;
}
else
{
if(nDhCheckCodes != 0)
{
if(nDhCheckCodes & DH_CHECK_P_NOT_PRIME)
nRet = XXX_ERR_DH_P_NOT_PRIME;
else if(nDhCheckCodes & DH_CHECK_P_NOT_SAFE_PRIME)
nRet = XXX_ERR_DH_P_NOT_SAFE_PRIME;
else if(nDhCheckCodes & DH_UNABLE_TO_CHECK_GENERATOR)
nRet = XXX_ERR_DH_NO_SUITABLE_GENERATOR;
else if(nDhCheckCodes & DH_NOT_SUITABLE_GENERATOR)
nRet = XXX_ERR_DH_NO_SUITABLE_GENERATOR;
else
nRet = XXX_ERR_DH_CREATING_DH_PARAMS;
}
else
{
if(m_pDh)
DH_free(m_pDh);
m_pDh = DHparams_dup(pDh);
}
}
if(pDh)
DH_free(pDh);
return nRet;
}
DH_free(pDh);
return nRet;
}
Thanks
Aslam