Help on Diffie Hellman key exchange
Jason Qian
jqian at tibco.com
Wed Nov 13 16:11:30 UTC 2019
Hi Tomas,
Using DH_compute_key_padded() seems fixed the problem.
I have one more question regarding a similar issue but this time is about
AES key generation.
I think the problem is related to RAND_seed or RAND_bytes (someone also
mentioned on another thread).
RAND_seed(seed, ::strlen(seed));
RAND_bytes(buf, keySize / 8);
What other method do you suggest to use ?
Thanks
Jason
On Tue, Nov 12, 2019 at 10:50 AM Jason Qian <jqian at tibco.com> wrote:
> Thanks Tomas,
>
> I will try that.
>
> On Tue, Nov 12, 2019 at 3:14 AM Tomas Mraz <tmraz at redhat.com> wrote:
>
>> On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote:
>> > Hi
>> >
>> > We have an application that does the Diffie Hellman key exchange
>> > (OpenSSL/1.1.0f).
>> > It works fine, but under heavy loaded conditions, sometimes an
>> > invalide secret been generated and other side couldn't decrypt the
>> > data (the secret seems offset by one).
>> >
>> > The client side is c++ and the server side is java.
>> >
>> > DH_compute_key(secretKey, bnY, m_DH);
>> >
>> > Someone in the openssl group also talks about a similar issue, but
>> > not sure if have a solution.
>>
>> Could it be a padding issue? I.E. use DH_compute_key_padded() instead.
>>
>> --
>> Tomáš Mráz
>> No matter how far down the wrong road you've gone, turn back.
>> Turkish proverb
>> [You'll know whether the road is wrong if you carefully listen to your
>> conscience.]
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191113/b6cccb08/attachment-0001.html>
More information about the openssl-users
mailing list