[gnutls-devel] GnuTLS | Verification of deterministic RSA-PSS signature fails (#953)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sat Mar 14 15:05:54 CET 2020
Daiki Ueno commented:
Since the salt size is always controlled through spki, why not just set it manually, before calling `gnutls_pubkey_verify_data2`:
```c
if (tests[i].pk == GNUTLS_PK_RSA_PSS) {
gnutls_x509_spki_t spki;
gnutls_x509_spki_init(&spki);
gnutls_x509_spki_set_rsa_pss_params(spki, tests[i].digest, 0);
gnutls_pubkey_set_spki(pubkey, spki, 0);
gnutls_x509_spki_deinit(spki);
}
```
A fun fact is that, even if we use the reproducible construction, `getrandom` is always called for RSA blinding; so if the purpose of doing this is to avoid access to the random source, it wouldn't work out I'm afraid.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/953#note_304965161
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200314/ddd6208e/attachment.html>
More information about the Gnutls-devel
mailing list