[gnutls-devel] Export/import of DH parameters grows by 4 bytes

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Jul 4 23:30:55 CEST 2013


On 07/04/2013 12:25 AM, Sam Varshavchik wrote:

> * Import the results into DH parameter "B", via
> gnutls_dh_params_import_raw().
> 
> * Call gnutls_dh_params_export_pkcs3() on both "A" and "B", using
> GNUTLS_X509_FMT_DER.
> 
> * The output from gnutls_dh_params_export_pkcs3() from "B" is larger, by
> four bytes than the output from "A".
> 
> Before I start looking for my own bugs, could this perhaps be a
> non-issue from this sequence of steps. Because comparing the binary
> output coming out of gnutls_dh_params_export_pkcs3(), and ignoring the
> excess four bytes from "B", the output is the same except for byte
> offset #3. It looks like a part of a length word, or something, and the
> extra four bytes look like spurious padding of some sort, to me.

Hello Sam,
 It must be the privateValueLength which is set on gnutls 3.0 or later.
It allows for certain optimizations on the server side. For rationale
check:
http://nmav.gnutls.org/2011/12/generating-diffie-hellman-parameters.html

regards,
Nikos




More information about the Gnutls-devel mailing list