Dear OpenSSL Team, While migrating to OpenSSL 3.0 we are facing issue with use of DH_generate_key(). Getting dh->pub_key NULL. Logic used is as given below, I have omitted the error handling code.
* p and g buffer is of type unsigned char * * p_len is 128 and g_len is 1. DH *dh; dh = DH_new(); dh->params.p = BN_bin2bn(p, p_len, NULL); dh->params.g = BN_bin2bn(g, g_len, NULL); DH_generate_key(dh); I have checked openssl man pages (https://www.openssl.org/docs/manmaster/man3/DH_generate_key.html). According to which DH_generate_key() expects dh to contain the shared parameters p and g only, still not able to generate pub_key. Tried solutions given on following links: Approach 1: https://github.com/openssl/openssl/issues/11108 Used DH_new_by_nid() instead of DH_new() . Approach 2: We were skeptical about the values of p and g so tried setting valid values for p q and g using DH_set0_pqg(). BIGNUM *a = BN_bin2bn(p, p_len, NULL); BIGNUM *b = BN_bin2bn(g, g_len, NULL); DH_set0_pqg(dh, a, NULL, b); But this did not help, as this set function does not change q value if NULL is passed. We don't have idea about what can be a valid value for q which we can set. Approach 3: Currently working on the solution given on this link, using EVP wrappers for DH key generation. https://www.mail-archive.com/openssl-users@openssl.org/msg88906.html Please help to look into this and guide with possible solutions. Thanks, Priyanka