Something to look into?
On Fri, Sep 15, 2000 at 03:54:40PM +0200, Richard Levitte - VMS Whacker wrote: > From: Markus Friedl <[EMAIL PROTECTED]> > > Markus.Friedl> i tried to trace this and it seems that DSA is not the problem. > Markus.Friedl> > Markus.Friedl> the shared DH secret differs for both machines. this > Markus.Friedl> secret is included in the data that the server has to > Markus.Friedl> sign. this is why ssh prints: dsa_verify failed. > > I'm not sure if that means that OpenSSL still has a bug or not... nor do i. but i can make openssh work again if i undo the this change introduced in 0.9.6-beta1 % diff -u dh_key.c-orig dh_key.c --- dh_key.c-orig Fri Sep 15 16:22:34 2000 +++ dh_key.c Fri Sep 15 16:20:59 2000 @@ -194,12 +194,14 @@ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { +#if 0 if (a->top == 1) { BN_ULONG A = a->d[0]; return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); } else +#endif return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx); } i don't know what the test for a->top means. openssh uses the generator '2' for DH. -markus
