Hi Tomas,
Using DH_compute_key_padded() seems fixed the problem.
I have one more question regarding a similar issue but this time is about AES key generation.
I think the problem is related to
RAND_seed or
RAND_bytes (someone also mentioned on another thread).
RAND_seed(seed, ::strlen(seed));
RAND_bytes(buf, keySize / 8);
RAND_bytes(buf, keySize / 8);
What other method do you suggest to use ?
Thanks
Jason
On Tue, Nov 12, 2019 at 10:50 AM Jason Qian <jqian@xxxxxxxxx> wrote:
Thanks Tomas,I will try that.On Tue, Nov 12, 2019 at 3:14 AM Tomas Mraz <tmraz@xxxxxxxxxx> wrote:On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote:
> Hi
>
> We have an application that does the Diffie Hellman key exchange
> (OpenSSL/1.1.0f).
> It works fine, but under heavy loaded conditions, sometimes an
> invalide secret been generated and other side couldn't decrypt the
> data (the secret seems offset by one).
>
> The client side is c++ and the server side is java.
>
> DH_compute_key(secretKey, bnY, m_DH);
>
> Someone in the openssl group also talks about a similar issue, but
> not sure if have a solution.
Could it be a padding issue? I.E. use DH_compute_key_padded() instead.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
