It would be fairly easy to address just the exponent issue. Add
#define DH_FLG_NIST_EXP_LENGTH 0x01
int DH_generate_key_ex(DH* dh, unsigned long flags)
{
if (flags & DH_FLG_NIST_EXP_LENGTH)
dh->length = calc_nist_length(dh);
return DH_generate_key(dh);
}
Where calc_nist_length() is like the NSS code quoted in the original post.I can do this if you think it worthwhile. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
