Edward Chan <[EMAIL PROTECTED]> wrote: > Openssl to openssl - this works 100% > CAP to CAPI - works 100% > OpenSSL to CAPI - sporadic failures > XySSL to CAPI - sporadic failures > OpenSSL to XySSL - works 100%
I noted earlier that when your testcode failed, OpenSSL's secret always begins with 0xCC; however sometimes the test passed with the first byte of the secret equal to 0xCC. It just realized that, with VS uninitialized memory is filled with 0xCC. So the error was not in OpenSSL or CAPI, but rather in the incorrect use of the function DH_generate_key (the return value was not taken into account properly when setting up the shared secret). A simple fix is to add zero padding when the secret is less than 128 bytes. > Because CAPI doesn't give you access to the computed shared secret, I > can't say for sure that the computed shared secret is different from > openssl/xyssl. But I'm 99% sure this is the reason for the failure. Even though MS says otherwise, it is possible to access the DH shared secret computed by CAPI, with a bit of trickery. When disassembling dssenh.dll using the associated debug symbols, it appears that the secret is internally computed by UseDHKey, which calls DHExpo, which calls BN_mod_exp, which itself is a wrapper for _mod_exp(). Then the function BN_from_modular is called, and the result (stored in the second argument of _BN_from_modular) is the shared secret. .text:68106ED2 push ebx .text:68106ED3 lea eax, [ebp+var_200] ; shared secret .text:68106ED9 push eax .text:68106EDA lea eax, [ebp+var_800] .text:68106EE0 push eax .text:68106EE1 call [EMAIL PROTECTED] .text:68106EE6 test eax, eax Setting up a breakpoint at 0x68106EE6, one can therefore obtain this value directly by looking it up in the stack. > What are the chances that 2 commercial crypto libraries from heavy > weights Microsoft and RSA have similar bugs? Maybe the chances are high > :) But at this point, I'm starting to think, dare I say it, that there > might possibly be a bug in OpenSSL? Anybody else have ideas? In fact I had the same bug wrt/ the DH code in XySSL a couple months ago, not taking into account the fact that OpenSSL does not add zero padding. Christophe ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
