On Tue, Jul 1, 2014 at 12:36 PM, Jakob Bohm <jb-open...@wisemo.com> wrote: > On 7/1/2014 2:42 AM, Jeffrey Walton wrote: >> ... >> I use N + 4. For example: >> >> if(keylength <= 160 + 4) >> return ECSH160(); // Returns EC_KEY* >> else if(keylength <= 192 + 4) >> return ECSH192(); // Returns EC_KEY* >> else if(keylength <= 224 + 4) >> return ECSH224(); // Returns EC_KEY* >> ... >> > This example seems to contradict your reply to #2. Should I compare > the keylength parameter received by the callback to 160+4 etc, or to > 1024+24 etc. > >> But P-256 seems to be most popular for interop. >> > I am actually trying to choose between P-256 and a larger one, using the > keylength as an indication if the larger one can be expected to interop. > Ah, my bad. If keylength is greater than 512, then I translate it from DH/RSA to EC sizes. Then I drop into that code.
512 is an edge case: is it DH/RSA 512; or is it effectively P-521? Right now, I think I have that all defined out with `#define 0` and simply use P-256 to maximize interop. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
