> From: [email protected] On Behalf Of Edgar Malagon via RT > Sent: Monday, 22 August, 2011 03:49
> I'm using OpenSSL's Diffie-Hellman implementation, I'm using > a 1024 bits P prime, sometimes when i try to obtain the size of > a public key with the following code I obtain 127 bytes of lenght > instead, when exchanging the public key between the service and > the client the shared secret key is not the same, > Is this a known bug or is it my mistake?. BN_num_bytes returns (and BN_bn2bin encodes) only the bytes needed to represent the value. DH y (and x) values are nearly uniform random over Z_p. Somewhere between 1/128 to 1/256 of such random values need 1 less byte to represent than the size of p; between 1/32768 to 1/65536 need 2 less bytes; etc. Whatever method you use to transfer server y to client, and similarly client y to server, must deal with this. Either use a variable-length encoding such as ASN.1 DER (which also adds a byte half the time for signed) or pad (on left with zeros) to fixed maximum length. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
