[gnutls-devel] GnuTLS | DH and ECDH keys tests (!990)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri May 17 16:48:22 CEST 2019

Nikos Mavrogiannopoulos commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/990#note_171561688

>  			goto dh_cleanup;
>  		}
> +		/* if we have Q check that y ^ q mod p == 1 */
> +		if (q != NULL) {

The functions with underscore (e.g., _gnutls_dh_compute) are not part of API, and are only exported for the cavs testing, so I guess we can freely update. The challenge would be including Q in the known group information (algorithms/groups), and passing it down to nettle. That could work well for TLS1.3. However, the question is if FIPS mandates this test, what do we do under TLS1.3 when a non-known group is negotiated. Any suggestions? Dropping the connection may be too drastic, so it may even make sense to disable DHE under TLS1.2.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/990#note_171561688
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190517/762e025d/attachment.html>

More information about the Gnutls-devel mailing list