[gnutls-devel] GnuTLS | pk: implement deterministic ECDSA/DSA for provable signing (!1051)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Aug 2 22:57:52 CEST 2019
Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1051 was reviewed by Nikos Mavrogiannopoulos
Nikos Mavrogiannopoulos started a new discussion on lib/pk.h: https://gitlab.com/gnutls/gnutls/merge_requests/1051#note_199713714
> #define _gnutls_pk_decrypt( algo, ciphertext, plaintext, params) _gnutls_pk_ops.decrypt( algo, ciphertext, plaintext, params)
> #define _gnutls_pk_decrypt2( algo, ciphertext, plaintext, size, params) _gnutls_pk_ops.decrypt2( algo, ciphertext, plaintext, size, params)
> -#define _gnutls_pk_sign( algo, sig, data, params, sign_params) _gnutls_pk_ops.sign( algo, sig, data, params, sign_params)
If we cannot avoid the flags parameter, what about adding a brief comment documenting which flags are expected here?
Nikos Mavrogiannopoulos started a new discussion on lib/crypto-backend.h: https://gitlab.com/gnutls/gnutls/merge_requests/1051#note_199713715
> - const gnutls_x509_spki_st *sign);
> + const gnutls_x509_spki_st *sign,
> + unsigned int flags);
Have you considered the use of the `gnutls_pk_params_st` `pkflags` field instead of a new flags?
Nikos Mavrogiannopoulos started a new discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/1051#note_199713718
> + if (ret < 0)
> + goto dsa_fail;
> + /* dsa_sign adds 1 for some reason */
Interesting. Most likely to ensure a non-zero value.
What about changing the comment to: `/* cancel-out dsa_sign's addition of 1 to random data */`? That would guide a curious reader without having to refer to nettle to understand why is that.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1051
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel