On 02/12/2021 11:07, Matt Caswell wrote:
EVP_PKEY_get_bits() should be equivalent to DH_bits() (for a DH file). I would definitely double-check that you are not mis-loading something.
OK; this was indeed my fault. One minor docs item: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set0_tmp_dh_pkey.html says "Ownership of the dhpkey value is passed to the SSL_CTX or SSL object as a result of this call, and so the caller should not free it if the function call is succesful." It's not quite clear what the onwership for a failing call is. Experiment shows that an EVP_free() after a fail causes a crash, at least for a "dh key too small" error. -- Cheers, Jeremy
