On 2012-05-21 at 15:29 +0700, Janne Snabb wrote:
> At the end there is a newline, nul and another newline. I would
> guestimate that this is not intentional? The code in tls-gnu.c makes an
> extra effort to add a newline after the nul. dhparam files generated
> with OpenSSL end with just a single newline and no nul.
I assumed that the size returned from gnutls_dh_params_export_pkcs3()
would be the same on the two calls. The first asks "how much space do I
need", the second provides that space, and says how much was provided.
Alas, gnutls/lib/gnutls_dh_primes.c gives us:
----------------------------8< cut here >8------------------------------
if ((unsigned) result > *params_data_size)
{
gnutls_assert ();
gnutls_free (out);
*params_data_size = result;
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
*params_data_size = result - 1;
----------------------------8< cut here >8------------------------------
So the first includes space for a trailing NUL, the second does not.
Fixed, pushed, will be in the next release.
The added newline was preservation of something previously done by Exim.
(I originally had two different filenames, -normal and not, with -normal
used if GnuTLS provided the size. I switched to always putting
bit-counts in, which means if normal changes, the file changes and
everything just works. The tls_dh_max_bits fix just proved this was
worth the change. Preserving the format of the file in case the old
filename was used really isn't an issue any more).
-Phil