Hello List,
I am using the DH exchange to secure communication between two
endpoints. My code looks something like below:

DH * dh_keys = get_dh1024();// Returns a new DH structure containing the
shared prime.
//This function was generated
using the dhparam -2 1024 -check -C command

if(DH_generate_key(dh_keys))
{
BYTE nonce_to_transfer[128];
int bytes;

assert_to_log(BN_num_bytes(dh_keys->pub_key) != DH_size(dh_keys));

bytes = BN_bn2bin(DHKeys->pub_key,nonce_to_tansfer);

log("size of nonce %d",bytes);

// Around 7 out of 1000 times , bytes is 127 instead of 128. This leads
to
// DH_compute_key generating incorrect shared secret on both ends.


// transfer the nonce (128 bytes)... and get the peer's nonce(128 bytes).
//Compute the shared secret using the DH_compute_key

}


Test conditions
OS : Windows XP SP2
OpenSSL version: 0.9.8.h

I have a test case where 1000 connections between two endpoints are
attempted. There are
DH failures in 7 to 8 of the connections where the shared secret is not the
same (All DH api's succeed though).
In every of the failing case, BN_bn2bin returns 127 bytes. DH_size returns
128 bytes. This leads to
incorrect shared secret.

Any idea why this is happening? Am I using the DH api's incorrectly? Am I
correct in assuming that for a 1024 bit DH,
the public key will always be 128 bytes?

At this point, I am working around by discarding keys where
BN_num_bytes(dh_keys->pub_key) != DH_size(dh_keys).

Any help in understanding the issue is appreciated.

Regards,
Simon M