Re: DH_generate_parameters and primes

Mon, 19 Feb 2001 11:45:21 -0800 

The first param to DH_generate_parameters() is supposed to be the number of
*bits* in the prime, not bytes (see
http://www.openssl.org/docs/crypto/DH_generate_parameters.html#). My guess
is you really want 64*8 for that parameter.

Also, DH_generate_parameters()  creates the DH structure for you. Your first
call to DH_new() doesn't do anything except create a memory leak. DH_check()
returns its answer in the integer *pointed* to by the second parameter. So,
if dh_error is an int then you need to pass &dh_error to DH_check().

_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________



----- Original Message -----
From: "Josh Howlett" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 19, 2001 1:17 PM
Subject: DH_generate_parameters and primes


> Hi,
>
> When I call DH_compute_key(), I get a core dump.  If I run DH_check
> over the parameters passed to DH_compute_key() I get bit 1 set, which
> according to dh.h means that number generated is not prime; presumably,
> this is causing DH_compute_key() to croak.
>
> This is a short excerpt:
>
> unsigned char *client_key;
> BIGNUM client_key;
> DH *dh_struct;
>
> dh_struct= DH_new();
> dh_struct= DH_generate_parameters(64, 5, NULL, NULL);
> DH_check(dh_struct, dh_error);
> DH_generate_key(dh_struct);
> DH_compute_key(dh_secret, &client_key, dh_struct);
>
> I do this to generate the keys once for the server, and once for the
> client; it works fine on the client, but not on the server (the code is
> essentially the same for both of them).
>
> Am I passing the correct parameters to DH_generate_parameters?  Any
> ideas?
>
> josh.
>
> -------------------
> Josh Howlett, Network Supervisor,
> Networking and Digital Communications,
> Information Services.
> [EMAIL PROTECTED] | 0117 9546895
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to