On Tue Aug 26 21:00:02 2014, rsalz wrote: > It would be fairly easy to address just the exponent issue. Add > #define DH_FLG_NIST_EXP_LENGTH 0x01 > int DH_generate_key_ex(DH* dh, unsigned long flags) > { > if (flags & DH_FLG_NIST_EXP_LENGTH) > dh->length = calc_nist_length(dh); > return DH_generate_key(dh); > } > Where calc_nist_length() is like the NSS code quoted in the original post. > > I can do this if you think it worthwhile. >
It could be added via a ctrl to EVP_PKEY_METHOD so the length parameter is included when parameters are generated. OpenSSL 1.0.2 supports X9.42 DH parameter format as well which includes the 'q' parameter. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org