On Tue, Sep 19, 2000 at 12:13:54AM -0400, Bodo Moeller wrote:
[...]
> Seems that those 0xFFs triggered another BN library bug,
> the BN_mod_exp_mont_word function itself should not be sensitive
> to what the modulus looks like.
The real bugfix is to change '#if 0' into '#if 1' in
crypto/bn/bn_mont.c, function BN_mod_mul_montgomery.
Without this change, both BN_mod_exp_mont and BN_mod_exp_mont_word
work incorrectly, thus disabling the latter does not solve the problem
(it's just that the OpenSSH DH parameters did not trigger the
bug for BN_mod_exp_mont -- but try using generator 8 with the
same modulus, then BN_mod_exp_mont should fail as well).
--
Bodo M�ller <[EMAIL PROTECTED]>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
