[gnutls-devel] GnuTLS | GOST key exchange support (!1097)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Nov 6 15:51:59 CET 2019




Dmitry Eremin-Solenikov commented on a discussion on lib/auth/vko_gost.c: https://gitlab.com/gnutls/gnutls/merge_requests/1097#note_240910016

> +		goto cleanup;
> +	}
> +
> +	if (info != NULL && info->ncerts != 0) {
> +		ret = _gnutls_get_auth_info_pcert(&peer_cert,
> +				session->security_parameters.
> +				server_ctype, info);
> +
> +		if (ret < 0) {
> +			gnutls_assert();
> +			goto cleanup;
> +		}
> +
> +		has_pcert = 1;
> +	}
> +

>From my point of view decryption part does not contain any significant parts of code that can serve as an oracle. The only "problematic" item might be an `memcmp()` at the end of `lib/nettle/gost/gost-wrap.c`.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1097#note_240910016
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191106/812a5169/attachment-0001.html>


More information about the Gnutls-devel mailing list