On Wed, Nov 01, 2000, Lawrence MacIntyre wrote:
> I use bin2bn to generate the BNs for P and G, and the char lengths are
> correct AND statically defined in the .h file, so they are the same
> every time. Then I generate the key using DH_generate_key() and
> BN_num_bytes() to determine the length of the key. Is that incorrect?
No, it's just that the top byte can be zero, and bin2bn doesn't output
trailing 0s.
> The reason I found the error is that I use the DH struct to provide a
> key to the blowfish encryption function and it would fail sometimes.
That is potentially insecure anyway. You should use a key derivation
function (for example MGF1) to generate a symmetric key from the DH
shared secret.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
