Hi there,
I am trying to do a DH key exchange between BSAFE and OpenSSL. The server
side uses BSAFE to generate DH parameters and server's public/private key,
and my client uses received DH parameters to generate its keys. Now my
problem is that I cant parse out the DH parameters properly at client
side.
I tried to use d2i_DHparams() on the BER-encoded DH parameters, but the
function returned several errors.
I used "openssl asn1parse" command line tool to read the binary data, the
tool returns the structure like this:
0:d=0 hl=3 l= 151 cons: SEQUENCE
3:d=1 hl=2 l= 9 prim: OBJECT :dhKeyAgreement
14:d=1 hl=3 l= 137 cons: SEQUENCE
17:d=2 hl=2 l= 65 prim: INTEGER :DataSequenceA
84:d=2 hl=2 l= 64 prim: INTEGER :DataSequenceB
150:d=2 hl=2 l= 2 prim: INTEGER :01F8
Based on this structure, I tried to use BN_bin2bn() on A and B to get dh->p
and dh->g. Then when I tested BN_is_prime() on dh->g, it returned false.
I compared the generated shared secret on two sides, they don't match :(.
Can someone give me some input?
Thank you very much!
Qingyu (Helen)
