[gnutls-devel] GnuTLS | DH and ECDH keys tests (!990)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon May 20 08:15:18 CEST 2019




Nikos Mavrogiannopoulos started a new discussion on lib/dh.c: https://gitlab.com/gnutls/gnutls/merge_requests/990#note_172073652

> +	bigint_t tmp_p, tmp_g, tmp_q = NULL;
> +
> +	if (_gnutls_mpi_init_scan_nz(&tmp_p, prime->data, prime->size)) {
> +		gnutls_assert();
> +		return GNUTLS_E_MPI_SCAN_FAILED;
> +	}
> +
> +	if (_gnutls_mpi_init_scan_nz(&tmp_g, generator->data,
> +                                     generator->size)) {
> +		_gnutls_mpi_release(&tmp_p);
> +		gnutls_assert();
> +		return GNUTLS_E_MPI_SCAN_FAILED;
> +	}
> +
> +	/* Mandatory in FIPS mode */
> +#ifdef ENABLE_FIPS140

I think it is better to use the run-time check here. Otherwise we can enforce the test even when not in fips mode.

`if (_gnutls_fips_mode_enabled() == 0) {`

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/990#note_172073652
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190520/fc62ced9/attachment-0001.html>


More information about the Gnutls-devel mailing list