[openssl-users] help on des_cblock

Jason Qian jqian at tibco.com
Fri Mar 18 21:34:01 UTC 2016


Thanks,
Jason

On Fri, Mar 18, 2016 at 4:23 PM, Scott Neugroschl <scott_n at xypro.com> wrote:

> I suspect the use of std::string and c_str().  Use a std::vector<char>
> instead.
>
>
>
> *From:* openssl-users [mailto:openssl-users-bounces at openssl.org] *On
> Behalf Of *Jason Qian
> *Sent:* Friday, March 18, 2016 1:19 PM
> *To:* openssl-users at openssl.org
> *Subject:* [openssl-users] help on des_cblock
>
>
>
> I am new on openSSl and run  into a issue need some help.
>
>
> In our application, the client and server perform a Diffie Hellman Key
> exchange and then encrypt the data  The client is written in C++(using
> openSSL), and server is in java.
>
>  Most of time, it is running correctly, but occasionally the server(java)
> throw a  "Given final block not properly padded" exception.
>
> I added more log on the both side. When the exception happen,  the keys
> are offset by one(for the working case, they are the same)
>
>
> Server -- java  get from getEncoded()
>
> DES Key  size (8)    (1,-83,-113,-74,-77,109,84,88)
>
> Client -- openSSL  get from des_cblock struct
>
> DES Key  size (8)   (-83,-113,-74,-77,109,84,88,8)
>
> Thanks
>
> Jason
>
>
> Here is the C++ code
>
> void DiffieHellmanCipher::init(const std::string &Y){
>     if (Y.length() == 0) {
>         return;
>     }
>     if (m_DH == NULL) {
>         return;
>     }
>
>     // convert the Y to BIGNUM
>     BIGNUM *bnY = NULL;
>     // Memory for bnY is allocated in BN_dec2bn call.
>     if (!BN_dec2bn(&bnY, Y.c_str())) {
>         if (bnY)
>             BN_free(bnY);
>         printf("Could not convert Diffie-Hellman Y value to BIGNUM");
>     }
>
>     // compute the secret key
>     int dhSize = DH_size(m_DH);
>     unsigned char *secretKey = (unsigned char*) new char[dhSize + 1];
>     int secretKeyLen = DH_compute_key(secretKey, bnY, m_DH);
>     BN_free(bnY);
>
>     if (secretKeyLen < 8) {
>         delete [] secretKey;
>         printf("Error computing secret key: key length is too short");
>     }
>
>     // convert from raw form to odd parity DES key
>     des_cblock desKey;
>     memcpy(desKey, secretKey, 8);
>     delete [] secretKey;
>     DES_set_odd_parity(&desKey);
>
>       //just print out des_cblock
>     secretKeyString="(";
>     char ch[10]="\0";
>     for(int i=0;i<8;i++){
>         sprintf(ch,"%d",(char)desKey[i]);
>       secretKeyString+=ch;
>       if(i != 7){
>         secretKeyString+=",";
>       }
>     }
>     secretKeyString+=")";
>
>
>     int skRet;
>     if ((skRet = DES_set_key(&desKey, &m_DESKey)) != 0) {
>         delete [] secretKey;
>         printf("Error computing secret key: generated key is weak");
>     }
>
>     m_bInited = true;
> }
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160318/1c9ed490/attachment-0001.html>


More information about the openssl-users mailing list