On Tue Aug 26 21:00:02 2014, rsalz wrote:
> It would be fairly easy to address just the exponent issue. Add
> #define DH_FLG_NIST_EXP_LENGTH 0x01
> int DH_generate_key_ex(DH* dh, unsigned long flags)
> {
> if (flags & DH_FLG_NIST_EXP_LENGTH)
> dh->length = calc_nist_length(dh);
> return DH_generate_key(dh);
> }
> Where calc_nist_length() is like the NSS code quoted in the original post.
>
> I can do this if you think it worthwhile.
>It could be added via a ctrl to EVP_PKEY_METHOD so the length parameter is included when parameters are generated. OpenSSL 1.0.2 supports X9.42 DH parameter format as well which includes the 'q' parameter. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
