Feature req: DH prime bitsize query

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Feature req: DH prime bitsize query

From:	Phil Pennock
Subject:	Feature req: DH prime bitsize query
Date:	Sun, 27 May 2012 01:24:24 -0400

Folks,

When gnutls_dh_params_generate2() is used to generate DH parameters of a
particular size, it has a tendency to overshoot.

Asking for 2236 bits, a 2237 bit prime seems to be fairly common.

I can find no GnuTLS API to ask for the size of the prime inside the
parameters structure, nor to deal with it once PKCS#3 exported.  I can
see the debug callback invoked with the generated size, and I can see
one static function which has the data, and a dispatch table which can
use one of two backend math/crypto libraries for functions which might
get the data, but no actual API which can sanely be used.

There is an API call to find out the DH size used in a TLS session.

Could GnuTLS 3 *please* get an API call to find out the size in bits of
the DH prime in a gnutls_dh_params_t ?  Perhaps even add a query mode to
certtool?

Thanks,
-Phil

[Prev in Thread]

Current Thread

[Next in Thread]

Feature req: DH prime bitsize query, Phil Pennock <=
- Re: Feature req: DH prime bitsize query, Janne Snabb, 2012/05/27
  - Re: Feature req: DH prime bitsize query, Nikos Mavrogiannopoulos, 2012/05/27
- Re: Feature req: DH prime bitsize query, Nikos Mavrogiannopoulos, 2012/05/27
  - Re: Feature req: DH prime bitsize query, Phil Pennock, 2012/05/27
    - Re: Feature req: DH prime bitsize query, Nikos Mavrogiannopoulos, 2012/05/27

Prev by Date: Re: documentation incomplete?
Next by Date: Re: Feature req: DH prime bitsize query
Previous by thread: documentation incomplete?
Next by thread: Re: Feature req: DH prime bitsize query
Index(es):
- Date
- Thread