Dear OpenSSL Team,
While migrating to OpenSSL 3.0 we are facing issue with use of
DH_generate_key(). Getting dh->pub_key NULL.
Logic used is as given below, I have omitted the error handling code.
* p and g buffer is of type unsigned char *
* p_len is 128 and g_len is 1.
DH *dh;
dh = DH_new();
dh->params.p = BN_bin2bn(p, p_len, NULL);
dh->params.g = BN_bin2bn(g, g_len, NULL);
DH_generate_key(dh);
I have checked openssl man pages
(https://www.openssl.org/docs/manmaster/man3/DH_generate_key.html).
According to which DH_generate_key() expects dh to contain the shared
parameters p and g only, still not able to generate pub_key.
Tried solutions given on following links:
Approach 1:
https://github.com/openssl/openssl/issues/11108
Used DH_new_by_nid() instead of DH_new() .
Approach 2:
We were skeptical about the values of p and g so tried setting valid values for
p q and g using DH_set0_pqg().
BIGNUM *a = BN_bin2bn(p, p_len, NULL);
BIGNUM *b = BN_bin2bn(g, g_len, NULL);
DH_set0_pqg(dh, a, NULL, b);
But this did not help, as this set function does not change q value if NULL is
passed.
We don't have idea about what can be a valid value for q which we can set.
Approach 3:
Currently working on the solution given on this link, using EVP wrappers for DH
key generation.
https://www.mail-archive.com/[email protected]/msg88906.html
Please help to look into this and guide with possible solutions.
Thanks,
Priyanka
