[gnutls-devel] GnuTLS | pk: implement deterministic ECDSA/DSA for provable signing (!1051)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Aug 8 13:04:46 CEST 2019




Nikos Mavrogiannopoulos started a new discussion on tests/sign-verify-deterministic.c: https://gitlab.com/gnutls/gnutls/merge_requests/1051#note_201538347

>  			testfail("gnutls_privkey_init\n");
>  
> +		signature.data = NULL;
> +		signature.size = 0;
> +
>  		ret = gnutls_privkey_import_x509_raw(privkey, &tests[i].key, GNUTLS_X509_FMT_PEM, NULL, 0);
>  		if (ret < 0)
>  			testfail("gnutls_privkey_import_x509_raw\n");
>  
>  		ret = gnutls_privkey_sign_data(privkey, tests[i].digest, tests[i].sign_flags,
>  					       &tests[i].msg, &signature);
> -		if (ret < 0)
> -			testfail("gnutls_privkey_sign_data\n");
> +		if (gnutls_fips140_mode_enabled()) {
> +			/* deterministic ECDSA/DSA is prohibited under FIPS */
> +			if (ret == 0)

Wouldn't it make sense to test that the error code is the expected one?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1051#note_201538347
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190808/58eb7290/attachment.html>


More information about the Gnutls-devel mailing list