Hello, MODP groups specified in RFC 3526 work fine once encoded as PKCS#3 DH parameters, e.g.:
openssl genpkey -paramfile dh8192.pem -out private.pem openssl genpkey -paramfile dh8192.pem -out private2.pem openssl pkey -in private.pem -pubout -out public.pem openssl pkey -in private2.pem -pubout -out public2.pem openssl pkeyutl -derive -inkey private.pem -peerkey public2.pem -out secret openssl pkeyutl -derive -inkey private2.pem -peerkey public.pem -out secret2 cmp secret secret2 However, DH_check() claims that these DH parameters have unsuitable generator, apparently due to: /* Check that p is a safe prime and * if g is 2, 3 or 5, check that it is a suitable generator * where * for 2, p mod 24 == 11 * for 3, p mod 12 == 5 * for 5, p mod 10 == 3 or 7 * should hold. */ (in openssl-1.0.0e/crypto/dh/dh_check.c) At least some of the primes in RFC 3526 (I checked 2048, 4096, and 8192) are congruent to 23 modulo 24, not 11. Is this some kind of oversight, or is RFC 3526 not suitable for DH secrets derivation using OpenSSL, or is DH_check() supposed to be only used for checking parameters generated with DH_generate_parameters()? Thanks, Maxim [1] http://tools.ietf.org/html/rfc3526 [2] http://pastebin.com/31MZYw85 - dh8192.pem above ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
