Christophe, you're right. I just looked at my coe again, and I was not checking the return value of DH_compute_key() for the size of the computed shared secret; I was assuming it to be the same size as that returned by DH_size(), which is obviously not a valid assumption. All the other libs return the size as an in/out arg where on the way in, the arg is set to the size of the output buffer used to store the secret, and on the way out it is set to the size of the secret. So I had overlooked that the size was actually returned via the return value. Thanks for your help on this!
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christophe Devine Sent: Saturday, April 21, 2007 2:03 AM To: [email protected] Subject: Re: BIGNUM library Edward Chan <[EMAIL PROTECTED]> wrote: > But I think this always returned me 128 bytes. So am I supposed to > bzero the output buffer first? Here's how I fixed the bug (not very elegant, it was a quick hack) int i, ret = DH_compute_key(secret, pkey, m_dh); if( ret > 0 && ret < 128 ) { for(i = ret; i >= 0; i--) secret[i+1] = secret[i]; memset(secret, 0, 128 - ret); } ReverseBytes(secret, size); Christophe ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
