[gnutls-devel] GnuTLS | DH and ECDH keys tests (!990)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri May 17 17:45:00 CEST 2019

Simo Sorce commented on a discussion on lib/nettle/pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/990#note_171582411

>  			goto dh_cleanup;
>  		}
> +		/* if we have Q check that y ^ q mod p == 1 */
> +		if (q != NULL) {

The structure I was mentioning is struct gnutls_dh_params_int which is populated by gnutls_dh_params_init()
It is marked as deprecated but still exported as opaque in gnutls/gnutls.h
If it is ok to change it I can change it to hold 3 params and add Q during init.

If Q testing will become mandatory then we can definitely return an error and disable DHE, otherwise it will just not be present when not available and the test will simply skip checking Q.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/990#note_171582411
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190517/37957051/attachment.html>

More information about the Gnutls-devel mailing list