Help on Diffie Hellman key exchange

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Help on Diffie Hellman key exchange

OpenSSL - User mailing list
Hi
  
   We have an application that does the Diffie Hellman key exchange (OpenSSL/1.1.0f).
   It works fine, but under heavy loaded conditions, sometimes an invalide secret been generated and other side couldn't decrypt the data (the secret seems offset by one).      

   The client side is c++ and the server side is java.

    DH_compute_key(secretKey, bnY, m_DH); 

   Someone in the openssl group also talks about a similar issue, but not sure if have a solution. 

Thanks for your help,
Jason
Reply | Threaded
Open this post in threaded view
|

Re: Help on Diffie Hellman key exchange

Tomas Mraz-2
On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote:

> Hi
>  
>    We have an application that does the Diffie Hellman key exchange
> (OpenSSL/1.1.0f).
>    It works fine, but under heavy loaded conditions, sometimes an
> invalide secret been generated and other side couldn't decrypt the
> data (the secret seems offset by one).      
>
>    The client side is c++ and the server side is java.
>
>     DH_compute_key(secretKey, bnY, m_DH);
>
>    Someone in the openssl group also talks about a similar issue, but
> not sure if have a solution.

Could it be a padding issue? I.E. use DH_compute_key_padded() instead.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]


Reply | Threaded
Open this post in threaded view
|

Re: Help on Diffie Hellman key exchange

OpenSSL - User mailing list
Thanks Tomas, 

I will try that.

On Tue, Nov 12, 2019 at 3:14 AM Tomas Mraz <[hidden email]> wrote:
On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote:
> Hi
>   
>    We have an application that does the Diffie Hellman key exchange
> (OpenSSL/1.1.0f).
>    It works fine, but under heavy loaded conditions, sometimes an
> invalide secret been generated and other side couldn't decrypt the
> data (the secret seems offset by one).     
>
>    The client side is c++ and the server side is java.
>
>     DH_compute_key(secretKey, bnY, m_DH);
>
>    Someone in the openssl group also talks about a similar issue, but
> not sure if have a solution.

Could it be a padding issue? I.E. use DH_compute_key_padded() instead.

--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]