Hello Rich, I would recommend to do that. Otherwise there will be "unsuspecting users" who will (unintentionally) use the long exponent ...for example, this is what happened to me in the first attempts, and I did not understand why it was so slow :)...
It does not really cost anything significant in complexity, and is easy to do. Thanks, Shay -----Original Message----- From: Rich Salz via RT [mailto:[email protected]] Sent: Tuesday, August 26, 2014 12:00 To: Gueron, Shay Cc: [email protected] Subject: [openssl.org #3113] OpenSSL’s DH implementation uses an unnecessarily long exponent, leading to significant performance loss It would be fairly easy to address just the exponent issue. Add #define DH_FLG_NIST_EXP_LENGTH 0x01 int DH_generate_key_ex(DH* dh, unsigned long flags) { if (flags & DH_FLG_NIST_EXP_LENGTH) dh->length = calc_nist_length(dh); return DH_generate_key(dh); } Where calc_nist_length() is like the NSS code quoted in the original post. I can do this if you think it worthwhile. -- Rich Salz, OpenSSL dev team; [email protected] --------------------------------------------------------------------- Intel Israel (74) Limited This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
