[gnutls-devel] GnuTLS | WIP: Add support for CNT_IMIT TLS 1.2 GOST cipher suite (!920)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Jul 17 18:53:31 CEST 2019

Dmitry Eremin-Solenikov commented on a discussion on lib/includes/gnutls/abstract.h: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192922259

>   * @GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT: Keys generated or imported as provable require an extended format which cannot be read by previous versions
>   *   of gnutls or other applications. By setting this flag the key will be exported in a backwards compatible way,
>   *   even if the information about the seed used will be lost.
> + * @GNUTLS_PRIVKEY_SIGN_FLAG_GOST_RS_LE: Swap generated GOST 34.10 signature byte order (mainly for TLS CertificateVerify message).

This one is tricky. The problem is that in all other places (certificates, CMS, etc) GOST signature uses other byte order. Only TLS CertificateVerify message uses this byteorder. I can move support for this "feature" back to packet generation and byteswap the signature there. What would you recommend?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/920#note_192922259
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190717/8dbbc6df/attachment.html>

More information about the Gnutls-devel mailing list