I haven't run your code.I doubt why are you sure that the the length of
thepub_key is equal to the length of the p.In my opinion,it is not longer than
p.I found a counter example in WIKI.
Alice and Bob agree to use a prime numberp=23 and baseg=5.
Alice chooses a secret integera=6, then sends BobA =ga modp
A =56 mod23
A =15,625 mod23
A =8 <---this is the pub_key
At 2011-03-02 19:53:07,"Viktor Krikun" <v.kri...@gmail.com> wrote:
>Hello, guys! I'm new to OpenSSL so sorry in advance if I get something wrong.
>
>I'm using OpenSSL Diffie-Hellman key exchange in my project. In 'normal' mode
>it works just perfect, but during stress-testing I have discovered "strange"
>behavior: I sequentially start X00 DH calculations and it randomly fails to
>generate public key correctly. This is my test-case:
>
>START_TEST(openssl_dh_stress) {
> BIGNUM *g_p3072 = NULL;
> unsigned i;
>
> g_p3072 = BN_bin2bn(g_p3072data, sizeof(g_p3072data), NULL);
>
> for (i=0; i<400; i++) {
> int ssl_res;
> unsigned char random_bytes[64];
> DH *tmp_ctx = NULL;
>
> tmp_ctx = DH_new();
> ck_assert(NULL != tmp_ctx);
>
> tmp_ctx->p = BN_dup(g_p3072);
> tmp_ctx->g = BN_new();
> BN_set_word(tmp_ctx->g, DH_GENERATOR_2);
>
> RAND_bytes(random_bytes, 256/8);
> tmp_ctx->priv_key = BN_bin2bn(random_bytes, 256/8, NULL);
>
> ssl_res = DH_generate_key(tmp_ctx);
> ck_assert_int_eq(1, ssl_res);
>
> unsigned pub_key_size = BN_num_bytes(tmp_ctx->pub_key);
> if (pub_key_size != 3072/8) {
> printf("FAILURE. DH 3K, %i-s iteration failed to compute
>correct PV length.\n", i);
> }
> ck_assert_int_eq(pub_key_size, 3072/8);
>
> DH_free(tmp_ctx);
> }
>}
>END_TEST
>
>Openssl randomly produces pub_key_size == 383 bytes, (it affect the rest
>the calculations later in the sources). It's not reproducible with 1, 10
>or 50 iterations, but when i >= 200 it's 100% reproducible.
>
>I have briefly reviewed openssl dh key generation sources and couldn't
>find anything what looks strange. Empirically I discovered that the
>problem disappears when I comment out "RAND_bytes(random_bytes,
>256/8);", but still assign private key manually to prevent OpenSSL from
>generating it automatically.
>
>I'm using single-thread environment.
>I tried different versions of OpenSSL on OSX, Linux and OpenBSD - the same
>behavior.
>
>Have you ever experienced with similar problem in your projects? Am I
>doing something wrong?
>
>Thanks in advance for for your help!
>
>--
>Kind Regards,
>Viktor
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List openssl-users@openssl.org
>Automated List Manager majord...@openssl.org
