I don't think you need to allocate memory for server_key; BN_new() should do
that for you and the rest of the BN_*() routines will allocate memory as
needed to accomodate the number.
In the code below, it looks like you forgot the DH_generate_key() function
call. Your comment suggests you already generated it, so perhaps that is the
case. In any event, check the return value from DH_compute_key(). If it
is -1, then you have an error.
_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________
----- Original Message -----
From: "Josh Howlett" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, February 22, 2001 7:03 AM
Subject: Re: DH_generate_parameters and primes
> Greg,
>
> Thanks for your help. It no longer crashes at DH_compute_key. However,
> DH_return_key now returns the same shared secret value regardless of
> the server's public key. This is the client's code (the server seems
> to work fine and uses similar code):
>
> BIGNUM *server_key;
> unsigned char *data; /* returned server's pub_key */
> unsigned char *sessionKey;
> DH *keys; /* client's previously generated keys */
>
> server_key=BN_new();
> BN_set_word(server_key, (unsigned long) data);
> sessionKey=malloc(DH_size(keys));
> DH_compute_key(sessionKey, server_key, keys);
>
> sessionKey always returns the same value regardless of server_key.
> server_key and keys are valid.
>
> I read somewhere that I may need to allocate the memory for server_key
> before BN_set_word is called - is that right?
>
> thanks again, josh.
>
>
> On Wed, 21 Feb 2001 11:59:07 -0500 Greg Stark <[EMAIL PROTECTED]>
> wrote:
>
> > Josh,
> >
> > Sorry for assuming you meant to use bigger primes.
> >
> > There are a couple of possibilities for what you are seeing. My guess is
> > that you aren't allocating memory for the answer from DH_compute_key(),
but
> > it could be other things. Here is a short example that I think comes
close
> > to your example. Hope it helps.
> >
> >
> > int do_DH_toy()
> > {
> > DH *dh_struct;
> > int dh_error;
> > unsigned char *dh_secret;
> > BIGNUM *client_key;
> >
> > client_key = BN_new();
> > BN_set_word ( client_key, 0X84F5A8 );
> >
> > dh_struct = DH_generate_parameters ( 64, 5, NULL, NULL );
> > DH_check ( dh_struct, &dh_error );
> > DH_generate_key ( dh_struct );
> > dh_secret = malloc ( DH_size( dh_struct ) );
> > DH_compute_key ( dh_secret, client_key, dh_struct );
> >
> >
> > free ( dh_secret );
> > BN_free ( client_key );
> > DH_free ( dh_struct );
> > return (0);
> > }
> >
> > _____________________________________
> > Greg Stark
> > Ethentica, Inc.
> > [EMAIL PROTECTED]
> > _____________________________________
> >
> >
> >
> > ----- Original Message -----
> > From: "Josh Howlett" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, February 21, 2001 7:54 AM
> > Subject: Re: DH_generate_parameters and primes
> >
> >
> > > > The first param to DH_generate_parameters() is supposed to be the
> > > number of
> > > > *bits* in the prime, not bytes (see
> > > > http://www.openssl.org/docs/crypto/DH_generate_parameters.html#). My
> > guess
> > > > is you really want 64*8 for that parameter.
> > >
> > > I was using a small prime to keep things speedy. Presumably, a small
> > > prime doesn't adversly affect key generation? I've tried it with
> > > larger primes, but the same problem occurs (just more slowly).
> > >
> > > > Also, DH_generate_parameters() creates the DH structure for you.
Your
> > first
> > > > call to DH_new() doesn't do anything except create a memory leak.
> > DH_check()
> > > > returns its answer in the integer *pointed* to by the second
parameter.
> > So,
> > > > if dh_error is an int then you need to pass &dh_error to DH_check().
> > >
> > > Ok, I've fixed these, but DH_compute_key is still failing. DH_check
> > > doesn't report any errors. Should I test that the public key from the
> > > client is valid...could this be tripping it up? If so, how can I go
> > > about testing the validity of the key?
> > >
> > > Here's an example exchange:
> > >
> > > 1) Client:
> > > public_key = 0X84F5A8
> > >
> > > 2) Server:
> > > shared secret = 0XFFFDFA0
> > > p = 0X8053198
> > > public_key = 0X8052168
> > >
> > > 3) Client:
> > > crashes!
> > >
> > > Thanks,
> > >
> > > josh.
> > >
> > > > ----- Original Message -----
> > > > From: "Josh Howlett" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Monday, February 19, 2001 1:17 PM
> > > > Subject: DH_generate_parameters and primes
> > > >
> > > >
> > > > > Hi,
> > > > >
> > > > > When I call DH_compute_key(), I get a core dump. If I run
DH_check
> > > > > over the parameters passed to DH_compute_key() I get bit 1 set,
which
> > > > > according to dh.h means that number generated is not prime;
> > presumably,
> > > > > this is causing DH_compute_key() to croak.
> > > > >
> > > > > This is a short excerpt:
> > > > >
> > > > > unsigned char *client_key;
> > > > > BIGNUM client_key;
> > > > > DH *dh_struct;
> > > > >
> > > > > dh_struct= DH_new();
> > > > > dh_struct= DH_generate_parameters(64, 5, NULL, NULL);
> > > > > DH_check(dh_struct, dh_error);
> > > > > DH_generate_key(dh_struct);
> > > > > DH_compute_key(dh_secret, &client_key, dh_struct);
> > > > >
> > > > > I do this to generate the keys once for the server, and once for
the
> > > > > client; it works fine on the client, but not on the server (the
code
> > is
> > > > > essentially the same for both of them).
> > > > >
> > > > > Am I passing the correct parameters to DH_generate_parameters?
Any
> > > > > ideas?
> > > > >
> > > > > josh.
> > > > >
> > > > > -------------------
> > > > > Josh Howlett, Network Supervisor,
> > > > > Networking and Digital Communications,
> > > > > Information Services.
> > > > > [EMAIL PROTECTED] | 0117 9546895
> > > > >
> > > > >
> >
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
> -------------------
> Josh Howlett, Network Supervisor,
> Networking and Digital Communications,
> Information Services.
> [EMAIL PROTECTED] | 0117 9546895
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
