On Fri, May 31, 2013, Matt Caswell wrote: > > As I understand it there isn't full support for X9.42 in the current > released versions. There are some X9.42 parameters in the DH > structure. >
Yes you're right. Some years ago I looked into getting more complete X9.42 DH support for CMS. At one point X9.42 DH was the mandatory algorithm for CMS, before the RSA patent expired. At the time I looked through and found some fairly obvious flaws in some sample data for the parameter generation algorithm. The X9.42 DH spec itself doesn't help as it doesn't cover the larger prime lengths. Despite repeated queries in a number of mailing lists I got zero responses. If anyone is aware of any other implementations I could test against or accurate test data I'll look into adding support. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org