Can anyone tell me what the source (RFC, NIST, FIPS, whatever) of this test in diffie-hellman key generation (dh_key.c) is?
/* Is it an approved safe prime ?*/
if (DH_get_nid(dh) != NID_undef) {
int max_strength =
ossl_ifc_ffc_compute_security_bits(BN_num_bits(dh->params.p));
if (dh->params.q == NULL
|| dh->length > BN_num_bits(dh->params.q))
goto err;
We’re having an issue connecting via SSH to a vendor device, and I’ve tracked it to `dh->length` being 512 when `dh->params.q` is 256. I’d like to have some document to point the vendor if possible.
Thank you much.
--
Stephen Wall
Senior Staff Software Engineer
REDCOM Laboratories, Inc.
Research, Engineering, & Development in Communications
One Redcom Center, Victor, NY 14564-0995