Hello List,
I am using the DH exchange to secure communication between two
endpoints. My code looks something like below:
DH * dh_keys = get_dh1024();// Returns a new DH structure containing the
shared prime.
//This function was generated
using the dhparam -2 1024 -check -C command
if(DH_generate_key(dh_keys))
{
BYTE nonce_to_transfer[128];
int bytes;
assert_to_log(BN_num_bytes(dh_keys->pub_key) != DH_size(dh_keys));
bytes = BN_bn2bin(DHKeys->pub_key,nonce_to_tansfer);
log("size of nonce %d",bytes);
// Around 7 out of 1000 times , bytes is 127 instead of 128. This leads
to
// DH_compute_key generating incorrect shared secret on both ends.
// transfer the nonce (128 bytes)... and get the peer's nonce(128 bytes).
//Compute the shared secret using the DH_compute_key
}
Test conditions
OS : Windows XP SP2
OpenSSL version: 0.9.8.h
I have a test case where 1000 connections between two endpoints are
attempted. There are
DH failures in 7 to 8 of the connections where the shared secret is not the
same (All DH api's succeed though).
In every of the failing case, BN_bn2bin returns 127 bytes. DH_size returns
128 bytes. This leads to
incorrect shared secret.
Any idea why this is happening? Am I using the DH api's incorrectly? Am I
correct in assuming that for a 1024 bit DH,
the public key will always be 128 bytes?
At this point, I am working around by discarding keys where
BN_num_bytes(dh_keys->pub_key) != DH_size(dh_keys).
Any help in understanding the issue is appreciated.
Regards,
Simon M
