Hi Tomas, Using DH_compute_key_padded() seems fixed the problem.
I have one more question regarding a similar issue but this time is about AES key generation. I think the problem is related to RAND_seed or RAND_bytes (someone also mentioned on another thread). RAND_seed(seed, ::strlen(seed)); RAND_bytes(buf, keySize / 8); What other method do you suggest to use ? Thanks Jason On Tue, Nov 12, 2019 at 10:50 AM Jason Qian <jq...@tibco.com> wrote: > Thanks Tomas, > > I will try that. > > On Tue, Nov 12, 2019 at 3:14 AM Tomas Mraz <tm...@redhat.com> wrote: > >> On Mon, 2019-11-04 at 17:34 -0500, Jason Qian via openssl-users wrote: >> > Hi >> > >> > We have an application that does the Diffie Hellman key exchange >> > (OpenSSL/1.1.0f). >> > It works fine, but under heavy loaded conditions, sometimes an >> > invalide secret been generated and other side couldn't decrypt the >> > data (the secret seems offset by one). >> > >> > The client side is c++ and the server side is java. >> > >> > DH_compute_key(secretKey, bnY, m_DH); >> > >> > Someone in the openssl group also talks about a similar issue, but >> > not sure if have a solution. >> >> Could it be a padding issue? I.E. use DH_compute_key_padded() instead. >> >> -- >> Tomáš Mráz >> No matter how far down the wrong road you've gone, turn back. >> Turkish proverb >> [You'll know whether the road is wrong if you carefully listen to your >> conscience.] >> >> >>