On Mon, Sep 18, 2000 at 07:06:50PM +0200, Lutz Jaenicke wrote:
> On Sat, Sep 16, 2000 at 09:48:36PM -0400, Bodo Moeller wrote:
>> Do connections between s_server (using default DH parameters)
>> and s_client work on that platform, using 'openssl s_server'
>> from the previous OpenSSL installation and 'openssl s_client'
>> from the new one (without that patch, of course)?
> I have tried on both Linux (SuSE 6.4/2.2.16, OpenSSL 0.9.6b1, OpenSSH 2.2.0p1)
> and HP-UX 10.20 (todays OpenSSL 0.9.6b2 and todays OpenSSH snapshot).
> The problem is consistently the same. OpenSSH fails.
> OpenSSL s_client and s_server succeed in every possible combination.
Unless you use the following parameters ('openssl s_server -dhparam file.pem'),
provided by Markus:
Diffie-Hellman-Parameters: (1024 bit)
prime:
00:ff:ff:ff:ff:ff:ff:ff:ff:c9:0f:da:a2:21:68:
c2:34:c4:c6:62:8b:80:dc:1c:d1:29:02:4e:08:8a:
67:cc:74:02:0b:be:a6:3b:13:9b:22:51:4a:08:79:
8e:34:04:dd:ef:95:19:b3:cd:3a:43:1b:30:2b:0a:
6d:f2:5f:14:37:4f:e1:35:6d:6d:51:c2:45:e4:85:
b5:76:62:5e:7e:c6:f4:4c:42:e9:a6:37:ed:6b:0b:
ff:5c:b6:f4:06:b7:ed:ee:38:6b:fb:5a:89:9f:a5:
ae:9f:24:11:7c:4b:1f:e6:49:28:66:51:ec:e6:53:
81:ff:ff:ff:ff:ff:ff:ff:ff
generator: 2 (0x2)
-----BEGIN DH PARAMETERS-----
MIGHAoGBAP//////////yQ/aoiFowjTExmKLgNwc0SkCTgiKZ8x0Agu+pjsTmyJR
Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
-----END DH PARAMETERS-----
Seems that those 0xFFs triggered another BN library bug,
the BN_mod_exp_mont_word function itself should not be sensitive
to what the modulus looks like.
(BN_mod_exp_mont_word is a variant of BN_mod_exp_mont that can be used
if the number to be exponentiated fits into a single word [which is
detected by that 'a->top == 1' test]. It's about 15-20 % faster than
BN_mod_exp_mont for such bases, which frequently occur in DH
exchanges. BN_mod_exp_mont_word uses BN functions that
BN_mod_exp_mont does not use [it exploits the fact that, if one factor
is small, then standard modular multiplication is faster than
Montgomery multiplication], so it may run across bugs that don't do
harm to BN_mod_exp_mont.)
--
Bodo M�ller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
