[gnutls-devel] GnuTLS | tls-sig: reverse bytes in TLS signatures for GOST signatures (!1114)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Oct 31 14:34:25 CET 2019

Dmitry Eremin-Solenikov created a merge request: https://gitlab.com/gnutls/gnutls/merge_requests/1114

Project:Branches: GostCrypt/gnutls:crt-vrfy-final to gnutls/gnutls:master
Author:    Dmitry Eremin-Solenikov

GOST TLS suites have one peculiarity: CertificateVerify message uses
byte order opposite to the rest of GOST signature usage (BE instead of
LE). So, reverse byte order in signatures in TLS code. For now this
applies only to TLS 1.2 code. GOST TLS 1.3 ciphersuites will also follow
this approach. Legacy TLS 1.0 ciphersuites also had this peculiarity.

## Checklist
 * [x] Commits have `Signed-off-by:` with name/author being identical to the commit author
 * [x] Code modified for feature
 * [ ] Test suite updated with functionality tests
 * [ ] Test suite updated with negative tests
 * [x] CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1114
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191031/379783d8/attachment.html>

More information about the Gnutls-devel mailing list