[gnutls-devel] GnuTLS | DH and ECDH keys tests (!990)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Mon May 20 08:16:46 CEST 2019
Nikos Mavrogiannopoulos started a new discussion on lib/dh.c: https://gitlab.com/gnutls/gnutls/merge_requests/990#note_172073925
> +#ifdef ENABLE_FIPS140
> + if (!q) {
> + gnutls_assert();
> + return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
> + } else {
> +#else
> + if (q) {
> +#endif
> + if (_gnutls_mpi_init_scan_nz(&tmp_q, q->data, q->size)) {
> + _gnutls_mpi_release(&tmp_p);
> + _gnutls_mpi_release(&tmp_g);
> + gnutls_assert();
> + return GNUTLS_E_MPI_SCAN_FAILED;
> + }
> + }
> +
Should we add a sanity check to ensure that `g^q=1` to avoid any mistakes by entering the parameters in a different order? (the other function accepts p,g and this one p,q,g, and it may be easy to do something like p,g,q when converting to the new).
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/990#note_172073925
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190520/4dc6fe51/attachment.html>
More information about the Gnutls-devel
mailing list