DH_generate_key issue

Wed, 02 Mar 2011 03:57:15 -0800 

Hello, guys! I'm new to OpenSSL so sorry in advance if I get something wrong.

I'm using OpenSSL Diffie-Hellman key exchange in my project. In 'normal' mode
it works just perfect, but during stress-testing I have discovered "strange"
behavior: I sequentially start X00 DH calculations and it randomly fails to
generate public key correctly. This is my test-case:

START_TEST(openssl_dh_stress) {   
    BIGNUM    *g_p3072 = NULL;       
    unsigned i;
   
    g_p3072 = BN_bin2bn(g_p3072data, sizeof(g_p3072data), NULL);
   
    for (i=0; i<400; i++) {
        int ssl_res;
        unsigned char random_bytes[64];
        DH *tmp_ctx = NULL;
       
        tmp_ctx = DH_new();
        ck_assert(NULL != tmp_ctx);               
       
        tmp_ctx->p = BN_dup(g_p3072);
        tmp_ctx->g = BN_new();
        BN_set_word(tmp_ctx->g, DH_GENERATOR_2);
       
        RAND_bytes(random_bytes, 256/8);
        tmp_ctx->priv_key = BN_bin2bn(random_bytes, 256/8, NULL);
       
        ssl_res = DH_generate_key(tmp_ctx);
        ck_assert_int_eq(1, ssl_res);
       
        unsigned pub_key_size = BN_num_bytes(tmp_ctx->pub_key);       
        if (pub_key_size != 3072/8) {
            printf("FAILURE. DH 3K, %i-s iteration failed to compute
correct PV length.\n", i);
        }
        ck_assert_int_eq(pub_key_size, 3072/8);

        DH_free(tmp_ctx);
    }
}
END_TEST

Openssl randomly produces pub_key_size == 383 bytes, (it affect the rest
the calculations later in the sources). It's not reproducible with 1, 10
or 50 iterations, but when i >= 200 it's 100% reproducible.

I have briefly reviewed openssl dh key generation sources and couldn't
find anything what looks strange.  Empirically I discovered that the
problem disappears when I comment out "RAND_bytes(random_bytes,
256/8);", but still assign private key manually to prevent OpenSSL from
generating it automatically.

I'm using single-thread environment.
I tried different versions of OpenSSL on OSX, Linux and OpenBSD - the same 
behavior.

Have you ever experienced with similar problem in your projects? Am I
doing something wrong?

Thanks in advance for for your help!

-- 
Kind Regards,
Viktor

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to