[gnutls-devel] GnuTLS | fips: Improve signatures self-tests (!1073)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Sep 26 14:54:46 CEST 2019
Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1073 was reviewed by Nikos Mavrogiannopoulos
--
Nikos Mavrogiannopoulos started a new discussion on lib/crypto-selftests-pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/1073#note_222543001
> }
>
> + /* Compare with a stored known signature */
What is the difference of this with `PK_KNOWN_TEST(GNUTLS_PK_RSA, ...)`?
--
Nikos Mavrogiannopoulos started a new discussion on lib/crypto-selftests-pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/1073#note_222543004
>
> - /* Test if the signature we generate matches the stored */
> + ret = gnutls_privkey_sign_data(key, dig, 0, &signed_data, &sig);
I see two tests in that file:
- `PK_KNOWN_TEST` which tests the deterministic sigs with comparison
- `PK_TEST` for other cases
It is not clear to me what is the purpose here. This patch seems to be making PK_KNOWN_TEST behave like PK_TEST?
--
Nikos Mavrogiannopoulos started a new discussion on lib/crypto-selftests-pk.c: https://gitlab.com/gnutls/gnutls/merge_requests/1073#note_222543008
> return 0;
>
> + PK_TEST(GNUTLS_PK_DSA, test_sig, 3072, GNUTLS_SIGN_DSA_SHA256);
Why do we do that? Why not keep a consistent behavior in the number of tests we run? Is it to make FIPS mode startup faster? I think this may be hard to follow due to hidden context.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1073
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190926/7fd072fb/attachment-0001.html>
More information about the Gnutls-devel
mailing list