Yes I tried 64 bytes hash but I need 56 bytes only as I told. see the below code I am trying with SHA512 but I need only 56 bytes not 64. It looks like ECDH_compute_key trying to copy all 64 bytes into the shared secret buffer?. I want only 56 bytes,is there a way that I can get 56 bytes shared key with sha512 or some other Hash function since sha448 not present in opessl.
static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { char buffer[1024] = {0}; char *outputBuffer = buffer; #ifndef OPENSSL_NO_SHA if (*outlen < SHA512_DIGEST_LENGTH) return NULL; else { *outlen = SHA512_DIGEST_LENGTH; return SHA512(in, inlen, out); } EC_KEY_generate_key(ecdh); EC_KEY_generate_key(ecdh2); alen = KDF1_SHA1_len; abuf = (unsigned char *) OPENSSL_malloc (alen); aout = ECDH_compute_key(abuf, 64, EC_KEY_get0_public_key(ecdh2), ecdh, KDF1_SHA1); On 18 December 2012 13:54, Matt Caswell (fr...@baggins.org) <fr...@baggins.org> wrote: > > > On 18 December 2012 05:30, jeetendra gangele <gangele...@gmail.com> wrote: >> >> Ok, >> >> can you expain me how ec_compute_key work and specially this last >> argument. >> Why its need hash value to calculate the secret key. >> I need to generate the 56 BYtes shred key. > > > A KDF (Key Derivation Function) is typically used to generate a secret key > from some other input which does not exhibit the properties necessary for > direct cryptographic use, e.g. perhaps it would not pass statistical > randomness tests. > > If you need 56 bytes then you could use a hash function that outputs at > least that many bits, e.g. SHA512 > > Matt -- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org