[gnutls-devel] GnuTLS | GOST key exchange support (!1097)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Nov 6 15:51:59 CET 2019
Dmitry Eremin-Solenikov commented on a discussion on lib/auth/vko_gost.c: https://gitlab.com/gnutls/gnutls/merge_requests/1097#note_240910016
> + goto cleanup;
> + }
> +
> + if (info != NULL && info->ncerts != 0) {
> + ret = _gnutls_get_auth_info_pcert(&peer_cert,
> + session->security_parameters.
> + server_ctype, info);
> +
> + if (ret < 0) {
> + gnutls_assert();
> + goto cleanup;
> + }
> +
> + has_pcert = 1;
> + }
> +
>From my point of view decryption part does not contain any significant parts of code that can serve as an oracle. The only "problematic" item might be an `memcmp()` at the end of `lib/nettle/gost/gost-wrap.c`.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1097#note_240910016
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191106/812a5169/attachment-0001.html>
More information about the Gnutls-devel
mailing list