Hello, guys! I'm new to OpenSSL so sorry in advance if I get something wrong.
I'm using OpenSSL Diffie-Hellman key exchange in my project. In 'normal' mode it works just perfect, but during stress-testing I have discovered "strange" behavior: I sequentially start X00 DH calculations and it randomly fails to generate public key correctly. This is my test-case: START_TEST(openssl_dh_stress) { BIGNUM *g_p3072 = NULL; unsigned i; g_p3072 = BN_bin2bn(g_p3072data, sizeof(g_p3072data), NULL); for (i=0; i<400; i++) { int ssl_res; unsigned char random_bytes[64]; DH *tmp_ctx = NULL; tmp_ctx = DH_new(); ck_assert(NULL != tmp_ctx); tmp_ctx->p = BN_dup(g_p3072); tmp_ctx->g = BN_new(); BN_set_word(tmp_ctx->g, DH_GENERATOR_2); RAND_bytes(random_bytes, 256/8); tmp_ctx->priv_key = BN_bin2bn(random_bytes, 256/8, NULL); ssl_res = DH_generate_key(tmp_ctx); ck_assert_int_eq(1, ssl_res); unsigned pub_key_size = BN_num_bytes(tmp_ctx->pub_key); if (pub_key_size != 3072/8) { printf("FAILURE. DH 3K, %i-s iteration failed to compute correct PV length.\n", i); } ck_assert_int_eq(pub_key_size, 3072/8); DH_free(tmp_ctx); } } END_TEST Openssl randomly produces pub_key_size == 383 bytes, (it affect the rest the calculations later in the sources). It's not reproducible with 1, 10 or 50 iterations, but when i >= 200 it's 100% reproducible. I have briefly reviewed openssl dh key generation sources and couldn't find anything what looks strange. Empirically I discovered that the problem disappears when I comment out "RAND_bytes(random_bytes, 256/8);", but still assign private key manually to prevent OpenSSL from generating it automatically. I'm using single-thread environment. I tried different versions of OpenSSL on OSX, Linux and OpenBSD - the same behavior. Have you ever experienced with similar problem in your projects? Am I doing something wrong? Thanks in advance for for your help! -- Kind Regards, Viktor ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org