Folks, When gnutls_dh_params_generate2() is used to generate DH parameters of a particular size, it has a tendency to overshoot.
Asking for 2236 bits, a 2237 bit prime seems to be fairly common. I can find no GnuTLS API to ask for the size of the prime inside the parameters structure, nor to deal with it once PKCS#3 exported. I can see the debug callback invoked with the generated size, and I can see one static function which has the data, and a dispatch table which can use one of two backend math/crypto libraries for functions which might get the data, but no actual API which can sanely be used. There is an API call to find out the DH size used in a TLS session. Could GnuTLS 3 *please* get an API call to find out the size in bits of the DH prime in a gnutls_dh_params_t ? Perhaps even add a query mode to certtool? Thanks, -Phil _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
