It would be fairly easy to address just the exponent issue. Add
#define DH_FLG_NIST_EXP_LENGTH 0x01
int DH_generate_key_ex(DH* dh, unsigned long flags)
{
if (flags & DH_FLG_NIST_EXP_LENGTH)
dh->length = calc_nist_length(dh);
return DH_generate_key(dh);
}
Where calc_nist_length() is like the NSS code quoted in the original post.I can do this if you think it worthwhile. -- Rich Salz, OpenSSL dev team; [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
