[gnutls-devel] Export/import of DH parameters grows by 4 bytes

Sam Varshavchik mrsam at courier-mta.com
Thu Jul 4 00:25:56 CEST 2013


After upgrading from gnutls 2.12.23 to gnutls 3.1.11 one of my sanity check  
unit tests fails:

* Generate DH parameter "A" via gnutls_dh_params_generate2().

* Export "A" via gnutls_dh_params_export_raw().

* Import the results into DH parameter "B", via  
gnutls_dh_params_import_raw().

* Call gnutls_dh_params_export_pkcs3() on both "A" and "B", using  
GNUTLS_X509_FMT_DER.

* The output from gnutls_dh_params_export_pkcs3() from "B" is larger, by  
four bytes than the output from "A".

Before I start looking for my own bugs, could this perhaps be a non-issue  
from this sequence of steps. Because comparing the binary output coming out  
of gnutls_dh_params_export_pkcs3(), and ignoring the excess four bytes from  
"B", the output is the same except for byte offset #3. It looks like a part  
of a length word, or something, and the extra four bytes look like spurious  
padding of some sort, to me.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: </pipermail/attachments/20130703/d4700e23/attachment.sig>


More information about the Gnutls-devel mailing list