[gnutls-devel] GnuTLS | pk: implement deterministic ECDSA/DSA for provable signing (!1051)

[Development of GNU's TLS library]

Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1051 was reviewed by Daiki Ueno

--
  
Daiki Ueno commented on a discussion on lib/pk.h: https://gitlab.com/gnutls/gnutls/merge_requests/1051#note_200247283

>  #define _gnutls_pk_decrypt( algo, ciphertext, plaintext, params) _gnutls_pk_ops.decrypt( algo, ciphertext, plaintext, params)
>  #define _gnutls_pk_decrypt2( algo, ciphertext, plaintext, size, params) _gnutls_pk_ops.decrypt2( algo, ciphertext, plaintext, size, params)
> -#define _gnutls_pk_sign( algo, sig, data, params, sign_params) _gnutls_pk_ops.sign( algo, sig, data, params, sign_params)

I've added comment in the `gnutls_crypto_pk` structure.

--
  
Daiki Ueno commented on a discussion on lib/crypto-backend.h: https://gitlab.com/gnutls/gnutls/merge_requests/1051#note_200247287

> -		     const gnutls_x509_spki_st *sign);
> +		     const gnutls_x509_spki_st *sign,
> +		     unsigned int flags);

The salt size is still related to SPKI, while deterministic signatures are not. I ended up with the documentation fix.

--
  
Daiki Ueno commented on a discussion on lib/nettle/int/dsa-compute-k.c: https://gitlab.com/gnutls/gnutls/merge_requests/1051#note_200247292

> +	int ret = 0;
> +
> +	xp = gnutls_malloc(nbytes);

OK, I've limited the maximum to 521 bits and mentioned the limit in the `GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE` flag documentation.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1051
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190805/a752de7b/attachment-0001.html>